Replace escape output functions
This commit is contained in:
parent
526b5d096f
commit
b5dc136ffe
6 changed files with 20 additions and 10 deletions
|
|
@ -310,12 +310,12 @@ abstract class MCI_Footnotes_Layout_Engine {
|
|||
|
||||
// Get current section.
|
||||
reset( $this->a_arr_sections );
|
||||
$l_str_active_section_id = isset( $_GET['t'] ) ? sanitize_option( wp_unslash( $_GET['t'] ) ) : key( $this->a_arr_sections );
|
||||
$l_str_active_section_id = isset( $_GET['t'] ) ? sanitize_text_field( wp_unslash( $_GET['t'] ) ) : key( $this->a_arr_sections );
|
||||
$l_arr_active_section = $this->a_arr_sections[ $l_str_active_section_id ];
|
||||
|
||||
foreach ( MCI_Footnotes_Settings::instance()->get_defaults( $l_arr_active_section['container'] ) as $l_str_key => $l_mixed_value ) {
|
||||
if ( array_key_exists( $l_str_key, $_POST ) ) {
|
||||
$l_arr_new_settings[ $l_str_key ] = sanitize_option( wp_unslash( $_POST[ $l_str_key ] ) );
|
||||
$l_arr_new_settings[ $l_str_key ] = sanitize_text_field( wp_unslash( $_POST[ $l_str_key ] ) );
|
||||
} else {
|
||||
// Setting is not defined in the POST array, define it to avoid the Default value.
|
||||
$l_arr_new_settings[ $l_str_key ] = '';
|
||||
|
|
|
|||
|
|
@ -102,12 +102,12 @@ class MCI_Footnotes_Layout_Diagnostics extends MCI_Footnotes_Layout_Engine {
|
|||
if ( ! isset( $_SERVER['SERVER_NAME'] ) ) {
|
||||
die;
|
||||
} else {
|
||||
$l_str_server_name = wp_kses_post( wp_unslash( $_SERVER['SERVER_NAME'] ) );
|
||||
$l_str_server_name = sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) );
|
||||
}
|
||||
if ( ! isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
|
||||
die;
|
||||
} else {
|
||||
$l_str_http_user_agent = wp_kses_post( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) );
|
||||
$l_str_http_user_agent = sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) );
|
||||
}
|
||||
|
||||
// Replace all placeholders.
|
||||
|
|
@ -140,7 +140,9 @@ class MCI_Footnotes_Layout_Diagnostics extends MCI_Footnotes_Layout_Engine {
|
|||
'plugins' => $l_str_wordpress_plugins,
|
||||
)
|
||||
);
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
// Display template with replaced placeholders.
|
||||
echo wp_kses_post( $l_obj_template->get_content() );
|
||||
echo $l_obj_template->get_content();
|
||||
// phpcs:enable
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -130,7 +130,9 @@ class MCI_Footnotes_Layout_Init {
|
|||
printf( '<br/><br/>' );
|
||||
// load template file.
|
||||
$l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'manfisher' );
|
||||
echo wp_kses_post( $l_obj_template->get_content() );
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
echo $l_obj_template->get_content();
|
||||
// phpcs:enable
|
||||
|
||||
printf( '<em>visit <a href="https://cheret.de/plugins/footnotes-2/" target="_blank">Mark Cheret</a></em>' );
|
||||
printf( '<br/><br/>' );
|
||||
|
|
|
|||
|
|
@ -1032,7 +1032,9 @@ class MCI_Footnotes_Task {
|
|||
*/
|
||||
public function wp_footer() {
|
||||
if ( 'footer' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) {
|
||||
echo wp_kses_post( $this->reference_container() );
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
echo $this->reference_container();
|
||||
// phpcs:enable
|
||||
}
|
||||
// Get setting for love and share this plugin.
|
||||
$l_str_love_me_index = MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_FOOTNOTES_LOVE );
|
||||
|
|
@ -1078,7 +1080,7 @@ class MCI_Footnotes_Task {
|
|||
$l_str_love_me_text = sprintf( '%s', $l_str_linked_name );
|
||||
break;
|
||||
}
|
||||
echo sprintf( '<div style="text-align:center; color:#acacac;">%s</div>', wp_kses_post( $l_str_love_me_text ) );
|
||||
echo sprintf( '<div style="text-align:center; color:#acacac;">%s</div>', esc_html( $l_str_love_me_text ) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -72,7 +72,9 @@ class MCI_Footnotes_Widget_Reference_Container extends MCI_Footnotes_Widget_Base
|
|||
global $g_obj_mci_footnotes;
|
||||
// Reference container positioning is set to "widget area".
|
||||
if ( 'widget' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) {
|
||||
echo wp_kses_post( $g_obj_mci_footnotes->a_obj_task->Reference_Container() );
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
echo $g_obj_mci_footnotes->a_obj_task->Reference_Container();
|
||||
// phpcs:enable
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,7 +49,9 @@ class MCI_Footnotes_WYSIWYG {
|
|||
*/
|
||||
public static function new_plain_text_editor_button() {
|
||||
$l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'editor-button' );
|
||||
echo wp_kses_post( $l_obj_template->get_content() );
|
||||
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
|
||||
echo $l_obj_template->get_content();
|
||||
// phpcs:enable
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Reference in a new issue