From b5dc136ffe2906d0d86bb30b8499631070e9e4b0 Mon Sep 17 00:00:00 2001 From: Rumperuu Date: Tue, 23 Feb 2021 18:13:52 +0000 Subject: [PATCH] Replace escape output functions --- class/layout/abstract-engine.php | 4 ++-- class/layout/diagnostics.php | 8 +++++--- class/layout/init.php | 4 +++- class/task.php | 6 ++++-- class/widgets/reference-container.php | 4 +++- class/wysiwyg.php | 4 +++- 6 files changed, 20 insertions(+), 10 deletions(-) diff --git a/class/layout/abstract-engine.php b/class/layout/abstract-engine.php index fae5af2..e624aaf 100644 --- a/class/layout/abstract-engine.php +++ b/class/layout/abstract-engine.php @@ -310,12 +310,12 @@ abstract class MCI_Footnotes_Layout_Engine { // Get current section. reset( $this->a_arr_sections ); - $l_str_active_section_id = isset( $_GET['t'] ) ? sanitize_option( wp_unslash( $_GET['t'] ) ) : key( $this->a_arr_sections ); + $l_str_active_section_id = isset( $_GET['t'] ) ? sanitize_text_field( wp_unslash( $_GET['t'] ) ) : key( $this->a_arr_sections ); $l_arr_active_section = $this->a_arr_sections[ $l_str_active_section_id ]; foreach ( MCI_Footnotes_Settings::instance()->get_defaults( $l_arr_active_section['container'] ) as $l_str_key => $l_mixed_value ) { if ( array_key_exists( $l_str_key, $_POST ) ) { - $l_arr_new_settings[ $l_str_key ] = sanitize_option( wp_unslash( $_POST[ $l_str_key ] ) ); + $l_arr_new_settings[ $l_str_key ] = sanitize_text_field( wp_unslash( $_POST[ $l_str_key ] ) ); } else { // Setting is not defined in the POST array, define it to avoid the Default value. $l_arr_new_settings[ $l_str_key ] = ''; diff --git a/class/layout/diagnostics.php b/class/layout/diagnostics.php index 55b37b6..552c4e7 100644 --- a/class/layout/diagnostics.php +++ b/class/layout/diagnostics.php @@ -102,12 +102,12 @@ class MCI_Footnotes_Layout_Diagnostics extends MCI_Footnotes_Layout_Engine { if ( ! isset( $_SERVER['SERVER_NAME'] ) ) { die; } else { - $l_str_server_name = wp_kses_post( wp_unslash( $_SERVER['SERVER_NAME'] ) ); + $l_str_server_name = sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) ); } if ( ! isset( $_SERVER['HTTP_USER_AGENT'] ) ) { die; } else { - $l_str_http_user_agent = wp_kses_post( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ); + $l_str_http_user_agent = sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ); } // Replace all placeholders. @@ -140,7 +140,9 @@ class MCI_Footnotes_Layout_Diagnostics extends MCI_Footnotes_Layout_Engine { 'plugins' => $l_str_wordpress_plugins, ) ); + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped // Display template with replaced placeholders. - echo wp_kses_post( $l_obj_template->get_content() ); + echo $l_obj_template->get_content(); + // phpcs:enable } } diff --git a/class/layout/init.php b/class/layout/init.php index c4198df..975fb5e 100644 --- a/class/layout/init.php +++ b/class/layout/init.php @@ -130,7 +130,9 @@ class MCI_Footnotes_Layout_Init { printf( '

' ); // load template file. $l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'manfisher' ); - echo wp_kses_post( $l_obj_template->get_content() ); + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped + echo $l_obj_template->get_content(); + // phpcs:enable printf( 'visit Mark Cheret' ); printf( '

' ); diff --git a/class/task.php b/class/task.php index d24c403..e2602cc 100644 --- a/class/task.php +++ b/class/task.php @@ -1032,7 +1032,9 @@ class MCI_Footnotes_Task { */ public function wp_footer() { if ( 'footer' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) { - echo wp_kses_post( $this->reference_container() ); + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped + echo $this->reference_container(); + // phpcs:enable } // Get setting for love and share this plugin. $l_str_love_me_index = MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_FOOTNOTES_LOVE ); @@ -1078,7 +1080,7 @@ class MCI_Footnotes_Task { $l_str_love_me_text = sprintf( '%s', $l_str_linked_name ); break; } - echo sprintf( '
%s
', wp_kses_post( $l_str_love_me_text ) ); + echo sprintf( '
%s
', esc_html( $l_str_love_me_text ) ); } /** diff --git a/class/widgets/reference-container.php b/class/widgets/reference-container.php index e1fc4be..16c0af2 100644 --- a/class/widgets/reference-container.php +++ b/class/widgets/reference-container.php @@ -72,7 +72,9 @@ class MCI_Footnotes_Widget_Reference_Container extends MCI_Footnotes_Widget_Base global $g_obj_mci_footnotes; // Reference container positioning is set to "widget area". if ( 'widget' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) { - echo wp_kses_post( $g_obj_mci_footnotes->a_obj_task->Reference_Container() ); + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped + echo $g_obj_mci_footnotes->a_obj_task->Reference_Container(); + // phpcs:enable } } } diff --git a/class/wysiwyg.php b/class/wysiwyg.php index 90fb108..671a2d3 100644 --- a/class/wysiwyg.php +++ b/class/wysiwyg.php @@ -49,7 +49,9 @@ class MCI_Footnotes_WYSIWYG { */ public static function new_plain_text_editor_button() { $l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'editor-button' ); - echo wp_kses_post( $l_obj_template->get_content() ); + // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped + echo $l_obj_template->get_content(); + // phpcs:enable } /**