Escaping vars from class-sp-ajax, class-sp-settings-status, class-sp-template-loader, class-sp-admin-dashboard and class-sp-widget-birthdays
This commit is contained in:
Savvas Hadjigeorgiou
@@ -54,7 +54,7 @@ class SP_Admin_Dashboard {
|
||||
else:
|
||||
$output = '<span>' . $text . '</span>';
|
||||
endif;
|
||||
echo '<li class="post-count ' . $post_type->name . '-count">' . $output . '</li>';
|
||||
echo '<li class="post-count ' . eac_attr( $post_type->name ) . '-count">' . esc_html( $output ) . '</li>';
|
||||
endif;
|
||||
endforeach;
|
||||
return $items;
|
||||
|
||||
@@ -245,7 +245,7 @@ class SP_Settings_Status extends SP_Settings_Page {
|
||||
if ( sizeof( $sp_plugins ) == 0 )
|
||||
echo '-';
|
||||
else
|
||||
echo implode( ', <br/>', $sp_plugins );
|
||||
echo implode( ', <br/>', array_map( 'wp_kses_post', $sp_plugins ) );
|
||||
|
||||
?></td>
|
||||
</tr>
|
||||
@@ -510,8 +510,8 @@ class SP_Settings_Status extends SP_Settings_Page {
|
||||
if ( $found_files ) {
|
||||
foreach ( $found_files as $plugin_name => $found_plugin_files ) {
|
||||
?>
|
||||
<td><?php _e( 'Template Overrides', 'sportspress' ); ?> (<?php echo $plugin_name; ?>):</td>
|
||||
<td><?php echo implode( ', <br/>', $found_plugin_files ); ?></td>
|
||||
<td><?php _e( 'Template Overrides', 'sportspress' ); ?> (<?php echo wp_kses_post( $plugin_name ); ?>):</td>
|
||||
<td><?php echo implode( ', <br/>', array_map( 'wp_kses_post', $found_plugin_files ) ); ?></td>
|
||||
<?php
|
||||
}
|
||||
} else {
|
||||
|
||||
@@ -634,7 +634,7 @@ class SP_AJAX {
|
||||
$field_id = 'columns';
|
||||
?>
|
||||
<?php foreach ( $the_columns as $key => $label ): ?>
|
||||
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . $key; ?>" value="<?php echo $key; ?>" checked="checked"><?php echo esc_html( $label ); ?></label>
|
||||
<label class="button"><input name="<?php echo esc_attr( $field_name ); ?>" type="checkbox" id="<?php echo esc_attr( $field_id ) . '-' . esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" checked="checked"><?php echo esc_html( $label ); ?></label>
|
||||
<?php endforeach; ?>
|
||||
</p>
|
||||
<p>
|
||||
@@ -898,7 +898,7 @@ class SP_AJAX {
|
||||
$field_id = 'columns';
|
||||
?>
|
||||
<?php foreach ( $the_columns as $column ): ?>
|
||||
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
|
||||
<label class="button"><input name="<?php echo esc_attr( $field_name ); ?>" type="checkbox" id="<?php echo esc_attr( $field_id ) . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
|
||||
<?php endforeach; ?>
|
||||
</p>
|
||||
<p>
|
||||
@@ -1152,7 +1152,7 @@ class SP_AJAX {
|
||||
<label class="button"><input name="columns[]" type="checkbox" id="columns-team" value="team" checked="checked"><?php _e( 'Team', 'sportspress' ); ?></label>
|
||||
<label class="button"><input name="columns[]" type="checkbox" id="columns-position" value="position" checked="checked"><?php _e( 'Position', 'sportspress' ); ?></label>
|
||||
<?php foreach ( $the_columns as $column ): ?>
|
||||
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
|
||||
<label class="button"><input name="<?php echo esc_attr( $field_name ); ?>" type="checkbox" id="<?php echo esc_attr( $field_id ) . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
|
||||
<?php endforeach; ?>
|
||||
</p>
|
||||
<p>
|
||||
|
||||
@@ -78,7 +78,7 @@ class SP_Template_Loader {
|
||||
if ( 'yes' !== get_option( $template['option'], sp_array_value( $template, 'default', 'yes' ) ) ) continue;
|
||||
|
||||
// Render the template
|
||||
echo '<div class="sp-section-content sp-section-content-' . $key . '">';
|
||||
echo '<div class="sp-section-content sp-section-content-' . esc_attr( $key ) . '">';
|
||||
if ( 'content' === $key ) {
|
||||
echo wp_kses_post( $content );
|
||||
// Template content hook
|
||||
|
||||
@@ -77,7 +77,7 @@ class SP_Widget_Birthdays extends WP_Widget {
|
||||
<label for="<?php echo $this->get_field_id('birthday_format'); ?>"><?php _e( 'Format:', 'sportspress' ); ?></label>
|
||||
<select name="<?php echo $this->get_field_name('birthday_format'); ?>" id="<?php echo $this->get_field_id('birthday_format'); ?>" class="postform widefat">
|
||||
<?php foreach ( $birthday_options as $value => $label ) { ?>
|
||||
<option value="<?php echo $value; ?>" <?php selected( $value, $birthday_format ); ?>><?php echo $label; ?></option>
|
||||
<option value="<?php echo $value; ?>" <?php selected( $value, $birthday_format ); ?>><?php echo esc_html( $label ); ?></option>
|
||||
<?php } ?>
|
||||
</select>
|
||||
</p>
|
||||
|
||||
Reference in New Issue
Block a user