Replace escape output functions

This commit is contained in:
Ben Goldsworthy 2021-02-23 18:13:52 +00:00
parent 526b5d096f
commit b5dc136ffe
6 changed files with 20 additions and 10 deletions

View file

@ -310,12 +310,12 @@ abstract class MCI_Footnotes_Layout_Engine {
// Get current section. // Get current section.
reset( $this->a_arr_sections ); reset( $this->a_arr_sections );
$l_str_active_section_id = isset( $_GET['t'] ) ? sanitize_option( wp_unslash( $_GET['t'] ) ) : key( $this->a_arr_sections ); $l_str_active_section_id = isset( $_GET['t'] ) ? sanitize_text_field( wp_unslash( $_GET['t'] ) ) : key( $this->a_arr_sections );
$l_arr_active_section = $this->a_arr_sections[ $l_str_active_section_id ]; $l_arr_active_section = $this->a_arr_sections[ $l_str_active_section_id ];
foreach ( MCI_Footnotes_Settings::instance()->get_defaults( $l_arr_active_section['container'] ) as $l_str_key => $l_mixed_value ) { foreach ( MCI_Footnotes_Settings::instance()->get_defaults( $l_arr_active_section['container'] ) as $l_str_key => $l_mixed_value ) {
if ( array_key_exists( $l_str_key, $_POST ) ) { if ( array_key_exists( $l_str_key, $_POST ) ) {
$l_arr_new_settings[ $l_str_key ] = sanitize_option( wp_unslash( $_POST[ $l_str_key ] ) ); $l_arr_new_settings[ $l_str_key ] = sanitize_text_field( wp_unslash( $_POST[ $l_str_key ] ) );
} else { } else {
// Setting is not defined in the POST array, define it to avoid the Default value. // Setting is not defined in the POST array, define it to avoid the Default value.
$l_arr_new_settings[ $l_str_key ] = ''; $l_arr_new_settings[ $l_str_key ] = '';

View file

@ -102,12 +102,12 @@ class MCI_Footnotes_Layout_Diagnostics extends MCI_Footnotes_Layout_Engine {
if ( ! isset( $_SERVER['SERVER_NAME'] ) ) { if ( ! isset( $_SERVER['SERVER_NAME'] ) ) {
die; die;
} else { } else {
$l_str_server_name = wp_kses_post( wp_unslash( $_SERVER['SERVER_NAME'] ) ); $l_str_server_name = sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) );
} }
if ( ! isset( $_SERVER['HTTP_USER_AGENT'] ) ) { if ( ! isset( $_SERVER['HTTP_USER_AGENT'] ) ) {
die; die;
} else { } else {
$l_str_http_user_agent = wp_kses_post( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ); $l_str_http_user_agent = sanitize_text_field( wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) );
} }
// Replace all placeholders. // Replace all placeholders.
@ -140,7 +140,9 @@ class MCI_Footnotes_Layout_Diagnostics extends MCI_Footnotes_Layout_Engine {
'plugins' => $l_str_wordpress_plugins, 'plugins' => $l_str_wordpress_plugins,
) )
); );
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
// Display template with replaced placeholders. // Display template with replaced placeholders.
echo wp_kses_post( $l_obj_template->get_content() ); echo $l_obj_template->get_content();
// phpcs:enable
} }
} }

View file

@ -130,7 +130,9 @@ class MCI_Footnotes_Layout_Init {
printf( '<br/><br/>' ); printf( '<br/><br/>' );
// load template file. // load template file.
$l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'manfisher' ); $l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'manfisher' );
echo wp_kses_post( $l_obj_template->get_content() ); // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
echo $l_obj_template->get_content();
// phpcs:enable
printf( '<em>visit <a href="https://cheret.de/plugins/footnotes-2/" target="_blank">Mark Cheret</a></em>' ); printf( '<em>visit <a href="https://cheret.de/plugins/footnotes-2/" target="_blank">Mark Cheret</a></em>' );
printf( '<br/><br/>' ); printf( '<br/><br/>' );

View file

@ -1032,7 +1032,9 @@ class MCI_Footnotes_Task {
*/ */
public function wp_footer() { public function wp_footer() {
if ( 'footer' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) { if ( 'footer' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) {
echo wp_kses_post( $this->reference_container() ); // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
echo $this->reference_container();
// phpcs:enable
} }
// Get setting for love and share this plugin. // Get setting for love and share this plugin.
$l_str_love_me_index = MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_FOOTNOTES_LOVE ); $l_str_love_me_index = MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_FOOTNOTES_LOVE );
@ -1078,7 +1080,7 @@ class MCI_Footnotes_Task {
$l_str_love_me_text = sprintf( '%s', $l_str_linked_name ); $l_str_love_me_text = sprintf( '%s', $l_str_linked_name );
break; break;
} }
echo sprintf( '<div style="text-align:center; color:#acacac;">%s</div>', wp_kses_post( $l_str_love_me_text ) ); echo sprintf( '<div style="text-align:center; color:#acacac;">%s</div>', esc_html( $l_str_love_me_text ) );
} }
/** /**

View file

@ -72,7 +72,9 @@ class MCI_Footnotes_Widget_Reference_Container extends MCI_Footnotes_Widget_Base
global $g_obj_mci_footnotes; global $g_obj_mci_footnotes;
// Reference container positioning is set to "widget area". // Reference container positioning is set to "widget area".
if ( 'widget' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) { if ( 'widget' === MCI_Footnotes_Settings::instance()->get( MCI_Footnotes_Settings::C_STR_REFERENCE_CONTAINER_POSITION ) ) {
echo wp_kses_post( $g_obj_mci_footnotes->a_obj_task->Reference_Container() ); // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
echo $g_obj_mci_footnotes->a_obj_task->Reference_Container();
// phpcs:enable
} }
} }
} }

View file

@ -49,7 +49,9 @@ class MCI_Footnotes_WYSIWYG {
*/ */
public static function new_plain_text_editor_button() { public static function new_plain_text_editor_button() {
$l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'editor-button' ); $l_obj_template = new MCI_Footnotes_Template( MCI_Footnotes_Template::C_STR_DASHBOARD, 'editor-button' );
echo wp_kses_post( $l_obj_template->get_content() ); // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
echo $l_obj_template->get_content();
// phpcs:enable
} }
/** /**