Replace meta box outputs with suitable escape functions
This commit is contained in:
Brian Miyaji
@@ -63,7 +63,7 @@ class SP_Meta_Box_Calendar_Columns {
|
||||
<li>
|
||||
<label>
|
||||
<input type="checkbox" name="sp_columns[]" value="<?php echo esc_attr( $key ); ?>" id="sp_columns_<?php echo esc_attr( $key ); ?>" <?php checked( ! is_array( $selected ) || in_array( $key, $selected ) ); ?>>
|
||||
<?php echo esc_attr( $label ); ?>
|
||||
<?php echo esc_html( $label ); ?>
|
||||
</label>
|
||||
</li>
|
||||
<?php
|
||||
|
||||
@@ -141,7 +141,7 @@ class SP_Meta_Box_Calendar_Data {
|
||||
<td><?php echo get_post_time( get_option( 'date_format' ), false, $event, true ); ?></td>
|
||||
<?php if ( is_array( $usecolumns ) && in_array( 'event', $usecolumns ) ) { ?>
|
||||
<td>
|
||||
<div class="sp-title-format sp-title-format-title<?php if ( $title_format && $title_format != 'title' ): ?> hidden<?php endif; ?>"><?php echo esc_attr( $event->post_title ); ?></div>
|
||||
<div class="sp-title-format sp-title-format-title<?php if ( $title_format && $title_format != 'title' ): ?> hidden<?php endif; ?>"><?php echo esc_html( $event->post_title ); ?></div>
|
||||
<div class="sp-title-format sp-title-format-teams sp-title-format-homeaway<?php if ( ! in_array( $title_format, array( 'teams', 'homeaway' ) ) ): ?> hidden<?php endif; ?>">
|
||||
<?php
|
||||
if ( $teams ): foreach ( $teams as $team ):
|
||||
@@ -168,7 +168,7 @@ class SP_Meta_Box_Calendar_Data {
|
||||
echo '<a class="result sp-tip" title="' . $team_results . '" href="' . get_edit_post_link( $event->ID ) . '">' . $team_result . '</a> ';
|
||||
endif;
|
||||
|
||||
echo esc_attr( $name ) . '<br>';
|
||||
echo esc_html( $name ) . '<br>';
|
||||
endif;
|
||||
endforeach; else:
|
||||
echo '—';
|
||||
@@ -241,7 +241,7 @@ class SP_Meta_Box_Calendar_Data {
|
||||
if ( '' == $day ) {
|
||||
echo '—';
|
||||
} else {
|
||||
echo esc_attr( $day );
|
||||
echo esc_html( $day );
|
||||
}
|
||||
?>
|
||||
</td>
|
||||
|
||||
@@ -56,7 +56,7 @@ class SP_Meta_Box_Calendar_Details {
|
||||
<select name="sp_event_format" class="postform">
|
||||
<option value="all">All</option>
|
||||
<?php foreach ( SP()->formats->event as $key => $format ): ?>
|
||||
<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $event_format, $key ); ?>><?php echo esc_attr( $format ); ?></option>
|
||||
<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $event_format, $key ); ?>><?php echo esc_html( $format ); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
</p>
|
||||
|
||||
@@ -83,7 +83,7 @@ class SP_Meta_Box_Equation {
|
||||
<th><?php _e( $label, 'sportspress' ); ?></th>
|
||||
<td>
|
||||
<?php foreach ( $option as $key => $value ): $parts[ $key ] = $value;
|
||||
?><span class="button" data-variable="<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $value ); ?></span><?php
|
||||
?><span class="button" data-variable="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $value ); ?></span><?php
|
||||
endforeach; ?>
|
||||
</td>
|
||||
</tr>
|
||||
@@ -91,7 +91,7 @@ class SP_Meta_Box_Equation {
|
||||
</table>
|
||||
</div>
|
||||
<div class="sp-equation">
|
||||
<span class="sp-equation-variable"><?php echo esc_attr( $title ); ?> = </span>
|
||||
<span class="sp-equation-variable"><?php echo esc_html( $title ); ?> = </span>
|
||||
<span class="sp-equation-formula"><?php
|
||||
$equation = trim( $equation );
|
||||
if ( $equation !== '' ):
|
||||
@@ -101,7 +101,7 @@ class SP_Meta_Box_Equation {
|
||||
$name = $parts[ $part ];
|
||||
} else {
|
||||
$name = $part;
|
||||
} ?><span class="button"><?php echo esc_attr( $name ); ?><span class="remove">×</span><input type="hidden" name="sp_equation[]" value="<?php echo esc_attr( $part ); ?>"></span><?php
|
||||
} ?><span class="button"><?php echo esc_html( $name ); ?><span class="remove">×</span><input type="hidden" name="sp_equation[]" value="<?php echo esc_attr( $part ); ?>"></span><?php
|
||||
endforeach;
|
||||
endif;
|
||||
?></span>
|
||||
|
||||
@@ -24,7 +24,7 @@ class SP_Meta_Box_Event_Format {
|
||||
?>
|
||||
<div id="post-formats-select">
|
||||
<?php foreach ( SP()->formats->event as $key => $format ): ?>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'league' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></label><br>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'league' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></label><br>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@@ -23,7 +23,7 @@ class SP_Meta_Box_Event_Mode {
|
||||
?>
|
||||
<div id="post-formats-select">
|
||||
<?php foreach ( array( 'team' => __( 'Team vs team', 'sportspress' ), 'player' => __( 'Player vs player', 'sportspress' ) ) as $key => $mode ): ?>
|
||||
<input type="radio" name="sp_mode" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( $the_mode, $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $mode ); ?></label><br>
|
||||
<input type="radio" name="sp_mode" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( $the_mode, $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $mode ); ?></label><br>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@@ -42,7 +42,7 @@ class SP_Meta_Box_Event_Officials {
|
||||
if ( is_array( $duties ) && sizeof( $duties ) ) {
|
||||
foreach ( $duties as $duty ) {
|
||||
?>
|
||||
<p><strong><?php echo esc_attr( $duty->name ); ?></strong></p>
|
||||
<p><strong><?php echo esc_html( $duty->name ); ?></strong></p>
|
||||
<p><?php
|
||||
$args = array(
|
||||
'post_type' => 'sp_official',
|
||||
|
||||
@@ -233,7 +233,7 @@ class SP_Meta_Box_Event_Performance {
|
||||
?>
|
||||
<div>
|
||||
<p>
|
||||
<strong><?php echo get_the_title( $team_id ); ?> — <?php echo esc_attr( $section_label ); ?></strong>
|
||||
<strong><?php echo get_the_title( $team_id ); ?> — <?php echo esc_html( $section_label ); ?></strong>
|
||||
<a class="add-new-h2 sp-add-new-h2" href="<?php echo esc_url( admin_url( add_query_arg( array( 'import' => 'sp_event_performance_csv', 'event' => $post_id, 'team' => $team_id ), 'admin.php' ) ) ); ?>"><?php _e( 'Import', 'sportspress' ); ?></a>
|
||||
</p>
|
||||
<?php self::table( $labels[ $section_id ], $columns, $data[ $section_id ], $team_id, ( $has_checkboxes && 0 === $i ), $positions, $status, $section_id, $formats, $order, $numbers, $team_timeline, $timed, $stars ); ?>
|
||||
@@ -324,10 +324,10 @@ class SP_Meta_Box_Event_Performance {
|
||||
<?php endif; ?>
|
||||
<label for="sp_columns_<?php echo esc_attr( $key ); ?>">
|
||||
<input type="checkbox" name="sp_columns[]" value="<?php echo esc_attr( $key ); ?>" id="sp_columns_<?php echo esc_attr( $key ); ?>" <?php checked( ! is_array( $columns ) || in_array( $key, $columns ) ); ?>>
|
||||
<?php echo esc_attr( $label ); ?>
|
||||
<?php echo esc_html( $label ); ?>
|
||||
</label>
|
||||
<?php else: ?>
|
||||
<?php echo esc_attr( $label ); ?>
|
||||
<?php echo esc_html( $label ); ?>
|
||||
<?php endif; ?>
|
||||
</th>
|
||||
<?php $i++; endforeach; ?>
|
||||
|
||||
@@ -247,10 +247,10 @@ class SP_Meta_Box_Event_Results {
|
||||
<?php if ( $has_checkboxes ): ?>
|
||||
<label for="sp_result_columns_<?php echo esc_attr( $key ); ?>">
|
||||
<input type="checkbox" name="sp_result_columns[]" value="<?php echo esc_attr( $key ); ?>" id="sp_result_columns_<?php echo esc_attr( $key ); ?>" <?php checked( ! is_array( $usecolumns ) || in_array( $key, $usecolumns ) ); ?>>
|
||||
<?php echo esc_attr( $label ); ?>
|
||||
<?php echo esc_html( $label ); ?>
|
||||
</label>
|
||||
<?php else: ?>
|
||||
<?php echo esc_attr( $label ); ?>
|
||||
<?php echo esc_html( $label ); ?>
|
||||
<?php endif; ?>
|
||||
</th>
|
||||
<?php endforeach; ?>
|
||||
|
||||
@@ -35,7 +35,7 @@ class SP_Meta_Box_Event_Shortcode {
|
||||
</p>
|
||||
<?php foreach ( $shortcodes as $id => $label ) { ?>
|
||||
<p>
|
||||
<strong><?php echo esc_attr( $label ); ?></strong>
|
||||
<strong><?php echo esc_html( $label ); ?></strong>
|
||||
</p>
|
||||
<p><input type="text" value="<?php sp_shortcode_template( $id, $post->ID ); ?>" readonly="readonly" class="code widefat"></p>
|
||||
<?php } ?>
|
||||
|
||||
@@ -35,7 +35,7 @@ class SP_Meta_Box_Event_Specs {
|
||||
if ( $vars ):
|
||||
foreach ( $vars as $var ):
|
||||
?>
|
||||
<p><strong><?php echo esc_attr( $var->post_title ); ?></strong></p>
|
||||
<p><strong><?php echo esc_html( $var->post_title ); ?></strong></p>
|
||||
<p><input type="text" name="sp_specs[<?php echo esc_attr( $var->post_name ); ?>]" value="<?php echo esc_attr( sp_array_value( $metrics, $var->post_name, '' ) ); ?>" /></p>
|
||||
<?php
|
||||
endforeach;
|
||||
|
||||
@@ -101,7 +101,7 @@ class SP_Meta_Box_Event_Teams {
|
||||
$j = 0;
|
||||
foreach ( $tabs as $slug => $tab ) {
|
||||
?>
|
||||
<li class="<?php if ( 0 == $j ) { ?>tabs<?php } ?>"><a href="#<?php echo esc_attr( $slug ); ?>-all"><?php echo esc_attr( $tab['label'] ); ?></a></li>
|
||||
<li class="<?php if ( 0 == $j ) { ?>tabs<?php } ?>"><a href="#<?php echo esc_attr( $slug ); ?>-all"><?php echo esc_html( $tab['label'] ); ?></a></li>
|
||||
<?php
|
||||
$j++;
|
||||
}
|
||||
|
||||
@@ -65,7 +65,7 @@ class SP_Meta_Box_List_Data {
|
||||
<?php foreach ( $columns as $key => $label ): ?>
|
||||
<?php if ( in_array( $key, array( 'number', 'team', 'position' ) ) ) continue; ?>
|
||||
<th><label for="sp_columns_<?php echo esc_attr( $key ); ?>">
|
||||
<?php echo esc_attr( $label ); ?>
|
||||
<?php echo esc_html( $label ); ?>
|
||||
</label></th>
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
@@ -89,7 +89,7 @@ class SP_Meta_Box_List_Data {
|
||||
<td>
|
||||
<?php
|
||||
if ( 'number' == $orderby ) {
|
||||
echo ( $number ? esc_attr( $number ) : ' ' );
|
||||
echo ( $number ? esc_html( $number ) : ' ' );
|
||||
} else {
|
||||
echo $i + 1;
|
||||
}
|
||||
@@ -99,7 +99,7 @@ class SP_Meta_Box_List_Data {
|
||||
<td>
|
||||
<?php if ( $show_player_photo ) echo get_the_post_thumbnail( $player_id, 'sportspress-fit-mini' ); ?>
|
||||
<span class="sp-default-value">
|
||||
<span class="sp-default-value-input"><?php echo esc_attr( $default_name ); ?></span>
|
||||
<span class="sp-default-value-input"><?php echo esc_html( $default_name ); ?></span>
|
||||
<a class="dashicons dashicons-edit sp-edit" title="<?php _e( 'Edit', 'sportspress' ); ?>"></a>
|
||||
</span>
|
||||
<span class="hidden sp-custom-value">
|
||||
@@ -184,7 +184,7 @@ class SP_Meta_Box_List_Data {
|
||||
<th>#</th>
|
||||
<th><?php _e( 'Player', 'sportspress' ); ?></th>
|
||||
<?php foreach ( $columns as $key => $label ): if ( in_array( $key, array( 'number', 'team', 'position' ) ) ) continue; ?>
|
||||
<th><?php echo esc_attr( $label ); ?></th>
|
||||
<th><?php echo esc_html( $label ); ?></th>
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
@@ -108,7 +108,7 @@ class SP_Meta_Box_List_Details {
|
||||
<?php foreach ( $continents as $continent => $countries ): ?>
|
||||
<optgroup label="<?php echo esc_attr( $continent ); ?>">
|
||||
<?php foreach ( $countries as $code => $country ): ?>
|
||||
<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_attr( $country ); ?></option>
|
||||
<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_html( $country ); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</optgroup>
|
||||
<?php endforeach; ?>
|
||||
@@ -185,7 +185,7 @@ class SP_Meta_Box_List_Details {
|
||||
* Save meta box data
|
||||
*/
|
||||
public static function save( $post_id, $post ) {
|
||||
update_post_meta( $post_id, 'sp_caption', esc_attr( sp_array_value( $_POST, 'sp_caption', 0, 'text' ) ) );
|
||||
update_post_meta( $post_id, 'sp_caption', sp_array_value( $_POST, 'sp_caption', 0, 'text' ) );
|
||||
update_post_meta( $post_id, 'sp_date', sp_array_value( $_POST, 'sp_date', 0, 'text' ) );
|
||||
update_post_meta( $post_id, 'sp_date_from', sp_array_value( $_POST, 'sp_date_from', null, 'text' ) );
|
||||
update_post_meta( $post_id, 'sp_date_to', sp_array_value( $_POST, 'sp_date_to', null, 'text' ) );
|
||||
|
||||
@@ -24,7 +24,7 @@ class SP_Meta_Box_List_Format {
|
||||
?>
|
||||
<div id="post-formats-select">
|
||||
<?php foreach ( SP()->formats->list as $key => $format ): ?>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'list' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></label><br>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'list' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></label><br>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@@ -26,7 +26,7 @@ class SP_Meta_Box_Player_Columns {
|
||||
<?php if ( $tabs ) { ?>
|
||||
<ul id="sp_column-tabs" class="sp-tab-bar category-tabs">
|
||||
<?php foreach ( $tabs as $index => $post_type ) { $object = get_post_type_object( $post_type ); ?>
|
||||
<li class="<?php if ( 0 == $index ) { ?>tabs<?php } ?>"><a href="#<?php echo esc_attr( $post_type ); ?>-all"><?php echo esc_attr( $object->labels->menu_name ); ?></a></li>
|
||||
<li class="<?php if ( 0 == $index ) { ?>tabs<?php } ?>"><a href="#<?php echo esc_attr( $post_type ); ?>-all"><?php echo esc_html( $object->labels->menu_name ); ?></a></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
<?php
|
||||
|
||||
@@ -178,7 +178,7 @@ class SP_Meta_Box_Player_Details {
|
||||
* Save meta box data
|
||||
*/
|
||||
public static function save( $post_id, $post ) {
|
||||
update_post_meta( $post_id, 'sp_number', esc_attr( sp_array_value( $_POST, 'sp_number', '', 'text' ) ) );
|
||||
update_post_meta( $post_id, 'sp_number', sp_array_value( $_POST, 'sp_number', '', 'text' ) );
|
||||
sp_update_post_meta_recursive( $post_id, 'sp_nationality', sp_array_value( $_POST, 'sp_nationality', array(), 'text' ) );
|
||||
sp_update_post_meta_recursive( $post_id, 'sp_current_team', sp_array_value( $_POST, 'sp_current_team', array(), 'int' ) );
|
||||
sp_update_post_meta_recursive( $post_id, 'sp_past_team', sp_array_value( $_POST, 'sp_past_team', array(), 'int' ) );
|
||||
|
||||
@@ -35,7 +35,7 @@ class SP_Meta_Box_Player_Metrics {
|
||||
if ( $vars ):
|
||||
foreach ( $vars as $var ):
|
||||
?>
|
||||
<p><strong><?php echo esc_attr( $var->post_title ); ?></strong></p>
|
||||
<p><strong><?php echo esc_html( $var->post_title ); ?></strong></p>
|
||||
<p><input type="text" name="sp_metrics[<?php echo esc_attr( $var->post_name ); ?>]" value="<?php echo esc_attr( sp_array_value( $metrics, $var->post_name, '' ) ); ?>" /></p>
|
||||
<?php
|
||||
endforeach;
|
||||
|
||||
@@ -35,7 +35,7 @@ class SP_Meta_Box_Player_Statistics {
|
||||
$i = 0;
|
||||
foreach ( $leagues as $league ):
|
||||
?>
|
||||
<p><strong><?php echo esc_attr( $league->name ); ?></strong></p>
|
||||
<p><strong><?php echo esc_html( $league->name ); ?></strong></p>
|
||||
<?php
|
||||
list( $columns, $data, $placeholders, $merged, $seasons_teams, $has_checkboxes, $formats, $total_types ) = $player->data( $league->term_id, true );
|
||||
self::table( $post->ID, $league->term_id, $columns, $data, $placeholders, $merged, $seasons_teams, $has_checkboxes && $i == 0, true, $formats, $total_types );
|
||||
@@ -62,7 +62,7 @@ class SP_Meta_Box_Player_Statistics {
|
||||
$i = 0;
|
||||
foreach ( $leagues as $league ):
|
||||
?>
|
||||
<p><strong><?php echo esc_attr( $league->name ); ?> — <?php echo esc_attr( $section_label ); ?></strong></p>
|
||||
<p><strong><?php echo esc_html( $league->name ); ?> — <?php echo esc_html( $section_label ); ?></strong></p>
|
||||
<?php
|
||||
list( $columns, $data, $placeholders, $merged, $seasons_teams, $has_checkboxes, $formats, $total_types ) = $player->data( $league->term_id, true, $section_id );
|
||||
self::table( $post->ID, $league->term_id, $columns, $data, $placeholders, $merged, $seasons_teams, $has_checkboxes && $i == 0 && $s == 0, $s == 0, $formats, $total_types );
|
||||
@@ -70,7 +70,7 @@ class SP_Meta_Box_Player_Statistics {
|
||||
endforeach;
|
||||
if ( $show_career_totals ) {
|
||||
?>
|
||||
<p><strong><?php _e( 'Career Total', 'sportspress' ); ?> — <?php echo esc_attr( $section_label ); ?></strong></p>
|
||||
<p><strong><?php _e( 'Career Total', 'sportspress' ); ?> — <?php echo esc_html( $section_label ); ?></strong></p>
|
||||
<?php
|
||||
list( $columns, $data, $placeholders, $merged, $seasons_teams, $has_checkboxes, $formats, $total_types ) = $player->data( 0, true, $section_id );
|
||||
self::table( $post->ID, 0, $columns, $data, $placeholders, $merged, $seasons_teams, $has_checkboxes && $i == 0 && $s == 0, $s == 0, $formats, $total_types );
|
||||
@@ -108,7 +108,7 @@ class SP_Meta_Box_Player_Statistics {
|
||||
</th>
|
||||
<?php endif; ?>
|
||||
<?php foreach ( $columns as $key => $label ): if ( $key == 'team' ) continue; ?>
|
||||
<th><?php echo esc_attr( $label ); ?></th>
|
||||
<th><?php echo esc_html( $label ); ?></th>
|
||||
<?php endforeach; ?>
|
||||
<?php do_action( 'sportspress_meta_box_player_statistics_table_header_row', $id, $league_id ); ?>
|
||||
</tr>
|
||||
@@ -135,7 +135,7 @@ class SP_Meta_Box_Player_Statistics {
|
||||
}
|
||||
|
||||
if ( $readonly ) {
|
||||
echo $value ? esc_attr( $value ) : esc_attr( $placeholder );
|
||||
echo $value ? esc_html( $value ) : esc_html( $placeholder );
|
||||
} else {
|
||||
if ( 'time' === sp_array_value( $formats, $column, 'number' ) ) {
|
||||
echo '<input class="sp-convert-time-input" type="text" name="sp_times[' . $league_id . '][0][' . $column . ']" value="' . ( '' === $value ? '' : esc_attr( $timeval ) ) . '" placeholder="' . esc_attr( $placeholder ) . '"' . ( $readonly ? ' disabled="disabled"' : '' ) . ' />';
|
||||
@@ -225,7 +225,7 @@ class SP_Meta_Box_Player_Statistics {
|
||||
}
|
||||
|
||||
if ( $readonly ) {
|
||||
echo $timeval ? esc_attr( $timeval ) : esc_attr( $placeholder );
|
||||
echo $timeval ? esc_html( $timeval ) : esc_html( $placeholder );
|
||||
} else {
|
||||
if ( 'time' === sp_array_value( $formats, $column, 'number' ) ) {
|
||||
echo '<input class="sp-convert-time-input" type="text" name="sp_times[' . $league_id . '][' . $div_id . '][' . $column . ']" value="' . ( '' === $value ? '' : esc_attr( $timeval ) ) . '" placeholder="' . esc_attr( $placeholder ) . '"' . ( $readonly ? ' disabled="disabled"' : '' ) . ' data-column="' . $column . '" />';
|
||||
|
||||
@@ -78,7 +78,7 @@ class SP_Meta_Box_Staff_Details {
|
||||
<?php foreach ( $continents as $continent => $countries ): ?>
|
||||
<optgroup label="<?php echo esc_attr( $continent ); ?>">
|
||||
<?php foreach ( $countries as $code => $country ): ?>
|
||||
<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_attr( $country ); ?></option>
|
||||
<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_html( $country ); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</optgroup>
|
||||
<?php endforeach; ?>
|
||||
|
||||
@@ -85,7 +85,7 @@ class SP_Meta_Box_Table_Data {
|
||||
<?php if ( ! $readonly ) { ?>
|
||||
<input type="checkbox" name="sp_columns[]" value="<?php echo esc_attr( $key ); ?>" id="sp_columns_<?php echo esc_attr( $key ); ?>" <?php checked( ! is_array( $usecolumns ) || in_array( $key, $usecolumns ) ); ?>>
|
||||
<?php } ?>
|
||||
<?php echo esc_attr( $label ); ?>
|
||||
<?php echo esc_html( $label ); ?>
|
||||
</label></th>
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
@@ -109,10 +109,10 @@ class SP_Meta_Box_Table_Data {
|
||||
<td>
|
||||
<?php if ( $show_team_logo ) echo get_the_post_thumbnail( $team_id, 'sportspress-fit-mini' ); ?>
|
||||
<?php if ( $readonly ) { ?>
|
||||
<?php echo esc_attr( $default_name ); ?>
|
||||
<?php echo esc_html( $default_name ); ?>
|
||||
<?php } else { ?>
|
||||
<span class="sp-default-value">
|
||||
<span class="sp-default-value-input"><?php echo esc_attr( $default_name ); ?></span>
|
||||
<span class="sp-default-value-input"><?php echo esc_html( $default_name ); ?></span>
|
||||
<a class="dashicons dashicons-edit sp-edit" title="<?php _e( 'Edit', 'sportspress' ); ?>"></a>
|
||||
</span>
|
||||
<span class="hidden sp-custom-value">
|
||||
@@ -152,7 +152,7 @@ class SP_Meta_Box_Table_Data {
|
||||
<tr>
|
||||
<th><?php _e( 'Team', 'sportspress' ); ?></th>
|
||||
<?php foreach ( $columns as $key => $label ): ?>
|
||||
<th><?php echo esc_attr( $label ); ?></th>
|
||||
<th><?php echo esc_html( $label ); ?></th>
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
</thead>
|
||||
|
||||
@@ -133,7 +133,7 @@ class SP_Meta_Box_Table_Details {
|
||||
* Save meta box data
|
||||
*/
|
||||
public static function save( $post_id, $post ) {
|
||||
update_post_meta( $post_id, 'sp_caption', esc_attr( sp_array_value( $_POST, 'sp_caption', 0, 'text' ) ) );
|
||||
update_post_meta( $post_id, 'sp_caption', sp_array_value( $_POST, 'sp_caption', 0, 'text' ) );
|
||||
update_post_meta( $post_id, 'sp_date', sp_array_value( $_POST, 'sp_date', 0, 'text' ) );
|
||||
update_post_meta( $post_id, 'sp_date_from', sp_array_value( $_POST, 'sp_date_from', null, 'text' ) );
|
||||
update_post_meta( $post_id, 'sp_date_to', sp_array_value( $_POST, 'sp_date_to', null, 'text' ) );
|
||||
|
||||
@@ -23,7 +23,7 @@ class SP_Meta_Box_Table_Mode {
|
||||
?>
|
||||
<div id="post-formats-select">
|
||||
<?php foreach ( array( 'team' => __( 'Team vs team', 'sportspress' ), 'player' => __( 'Player vs player', 'sportspress' ) ) as $key => $mode ): ?>
|
||||
<input type="radio" name="sp_mode" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( $the_mode, $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $mode ); ?></label><br>
|
||||
<input type="radio" name="sp_mode" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( $the_mode, $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $mode ); ?></label><br>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@@ -28,7 +28,7 @@ class SP_Meta_Box_Team_Columns {
|
||||
|
||||
$league_id = $league->term_id;
|
||||
?>
|
||||
<p><strong><?php echo esc_attr( $league->name ); ?></strong></p>
|
||||
<p><strong><?php echo esc_html( $league->name ); ?></strong></p>
|
||||
<?php
|
||||
list( $columns, $data, $placeholders ) = $team->columns( $league_id );
|
||||
self::table( $league_id, $columns, $data, $placeholders );
|
||||
@@ -59,7 +59,7 @@ class SP_Meta_Box_Team_Columns {
|
||||
<tr>
|
||||
<th><?php _e( 'Season', 'sportspress' ); ?></th>
|
||||
<?php foreach ( $columns as $label ): ?>
|
||||
<th><?php echo esc_attr( $label ); ?></th>
|
||||
<th><?php echo esc_html( $label ); ?></th>
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
</thead>
|
||||
@@ -76,7 +76,7 @@ class SP_Meta_Box_Team_Columns {
|
||||
if ( 'WP_Error' == get_class( $div ) ) :
|
||||
_e( 'Total', 'sportspress' );
|
||||
else :
|
||||
echo esc_attr( $div->name );
|
||||
echo esc_html( $div->name );
|
||||
endif;
|
||||
?>
|
||||
</label>
|
||||
|
||||
@@ -83,7 +83,7 @@ class SP_Meta_Box_Team_Lists {
|
||||
</td>
|
||||
<td>
|
||||
<a href="<?php echo get_edit_post_link( $list->ID ); ?>">
|
||||
<?php echo esc_attr( $list->post_title ); ?>
|
||||
<?php echo esc_html( $list->post_title ); ?>
|
||||
</a>
|
||||
</td>
|
||||
<td><?php echo sizeof( $players ); ?></td>
|
||||
|
||||
@@ -79,7 +79,7 @@ class SP_Meta_Box_Team_Staff {
|
||||
</td>
|
||||
<td>
|
||||
<a href="<?php echo get_edit_post_link( $staff->ID ); ?>">
|
||||
<?php echo esc_attr( $staff->post_title ); ?>
|
||||
<?php echo esc_html( $staff->post_title ); ?>
|
||||
</a>
|
||||
</td>
|
||||
<td><?php echo get_the_terms ( $staff->ID, 'sp_role' ) ? the_terms( $staff->ID, 'sp_role' ) : '—'; ?></td>
|
||||
|
||||
@@ -80,7 +80,7 @@ class SP_Meta_Box_Team_Tables {
|
||||
</td>
|
||||
<td>
|
||||
<a href="<?php echo get_edit_post_link( $table->ID ); ?>">
|
||||
<?php echo esc_attr( $table->post_title ); ?>
|
||||
<?php echo esc_html( $table->post_title ); ?>
|
||||
</a>
|
||||
</td>
|
||||
<td><?php echo sizeof( $teams ); ?></td>
|
||||
|
||||
Reference in New Issue
Block a user