Skip to content

Commit

Permalink
More escaping, fixing wrong escaping context, fixed localization doma…
Browse files Browse the repository at this point in the history 
…in, added the_content filters
  • Loading branch information
@david-binda
david-binda committed Dec 27, 2015
1 parent 123f07e commit e000bfa
Show file tree
Hide file tree
Showing 7 changed files with 22 additions and 23 deletions.
8 changes: 4 additions & 4 deletions beverage-display.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,10 @@ public function display( $atts ) {
global $post;
$output .= "\n\t\t\t" . '<td class="col1 menu-number">' . intval( $post->menu_order ) . '</td>';
$output .= "\n\t\t\t" . '<td class="col2 title">';
$output .= '<a href="#" class="pizza-title">' . wp_kses_post( get_the_title() ) . '</a>';
$output .= '<a href="#" class="pizza-title">' . esc_html( get_the_title() ) . '</a>';
$output .= get_the_post_thumbnail( get_the_ID(), 'wp_pizzeria_thumbnail' );
$output .= '</td>';
$output .= "\n\t\t\t" . '<td class="col3 description"><div class="content">' . wp_kses_post( get_the_content() ) . '</div></td>';
$output .= "\n\t\t\t" . '<td class="col3 description"><div class="content">' . wp_kses_post( apply_filters( 'the_content', get_the_content() ) ) . '</div></td>';
if ( false !== get_post_meta( $post->ID, '_wp_pizzeria_price', true ) ) {
$output .= "\n\t\t\t" . '<td class="col5 price">';
if ( true === array_key_exists( 'currency', $pizzeria_settings )
Expand Down Expand Up @@ -122,7 +122,7 @@ public function loop(){
<tr>
<th class="col1 menu-number">#</th>
<th class="col2 title"><?php esc_html_e( 'Title', 'wp_pizzeria' ); ?></th>
<th class="col3 description hidden"><?php _e( 'Description', 'wp_pizzeria' ); ?></th>
<th class="col3 description hidden"><?php esc_html_e( 'Description', 'wp_pizzeria' ); ?></th>
<th class="col5 price"><?php esc_html_e( 'Price', 'wp_pizzeria' ); ?></th>
</tr>
</thead>
Expand Down Expand Up @@ -163,7 +163,7 @@ public function loop(){
) {
echo esc_html( $pizzeria_settings['currency'] );
}
echo get_post_meta( get_the_ID(), '_wp_pizzeria_price', true );
echo esc_html( get_post_meta( get_the_ID(), '_wp_pizzeria_price', true ) );
if ( true === array_key_exists( 'currency', $pizzeria_settings )
&& ( false === array_key_exists( 'currency_pos', $pizzeria_settings )
|| 'after' === $pizzeria_settings['currency_pos']
Expand Down
2 changes: 1 addition & 1 deletion cpt_factory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ public function manage_columns( $column, $post_id ) {
{
echo esc_html( $pizzeria_settings['currency'] );
}
echo get_post_meta( $post_id, '_wp_pizzeria_price', true );
echo esc_html( get_post_meta( $post_id, '_wp_pizzeria_price', true ) );

if ( true === array_key_exists( 'currency', $pizzeria_settings )
&& ( false === array_key_exists( 'currency_pos', $pizzeria_settings )
Expand Down
2 changes: 1 addition & 1 deletion custom-post-type-dessert.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public function inner_custom_box( $post ) {
<p>
<label for="dessert_price"><?php _e( 'Price', 'wp_pizzeria' ); ?></label>
<?php if ( true === array_key_exists( 'currency', $pizzeria_settings )
&& array_key_exists( 'currency_pos', $pizzeria_settings )
&& true === array_key_exists( 'currency_pos', $pizzeria_settings )
&& 'before' === $pizzeria_settings['currency_pos']
) {
echo esc_html( $pizzeria_settings['currency'] );
Expand Down
13 changes: 6 additions & 7 deletions custom-post-type-pizza.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ public function tags_inner_custom_box( $post ) {
<input type="checkbox" id="<?php echo esc_attr( $tag->name ); ?>" name="wp_pizzeria_ingredients[]" value="<?php echo esc_attr( $tag->term_id ); ?>"<?php echo $checked; ?>/>
<?php echo $tag->name; ?>
</label>
<a class="edit-ingredient hide-if-js" href="./edit-tags.php?action=edit&taxonomy=wp_pizzeria_ingredient&tag_ID=<?php echo esc_attr( $tag->term_id ); ?>&post_type=wp_pizzeria_pizza"><?php esc_html_e( 'Edit', 'wp_pizzeria' ); ?></a>
<a class="edit-ingredient hide-if-js" href="./edit-tags.php?action=edit&taxonomy=wp_pizzeria_ingredient&tag_ID=<?php echo urlencode( $tag->term_id ); ?>&post_type=wp_pizzeria_pizza"><?php esc_html_e( 'Edit', 'wp_pizzeria' ); ?></a>
<a class="add-ingredient-image hide-if-js" href="#"><?php esc_html_e( 'Add image', 'wp_pizzeria' ); ?></a>
</li>
<?php
Expand All @@ -139,7 +139,7 @@ public function tags_inner_custom_box( $post ) {
<div class="taghint" style=""><?php esc_html_e( 'Add new pizza ingredient', 'wp_pizzeria' ); ?></div>
<p>
<input type="text" id="new-tag-wp_pizzeria_ingredient" name="newtag[wp_pizzeria_ingredient]" class="newtag form-input-tip" size="16" autocomplete="off" value="">
<input type="button" class="button tagadd" value="<?php esc_html_e( 'Add', 'wp_pizzeria' ); ?>" tabindex="3">
<input type="button" class="button tagadd" value="<?php esc_attr_e( 'Add', 'wp_pizzeria' ); ?>" tabindex="3">
</p>
</div>
<p class="howto"><?php esc_html_e( 'Separate ingredients with commas', 'wp_pizzeria' ); ?></p>
Expand Down Expand Up @@ -168,17 +168,17 @@ public function price_inner_custom_box( $post ) {
<?php if ( $pizzeria_settings['sizes']['primary'] === $key ) {
echo '<strong>';
} ?>
<label for="<?php echo $key; ?>_price"><?php esc_html_e( 'Price for', 'wp_pizzeria' ); ?> <?php echo esc_html( $size ); ?>:</label>
<label for="<?php echo esc_attr( $key ); ?>_price"><?php esc_html_e( 'Price for', 'wp_pizzeria' ); ?> <?php echo esc_html( $size ); ?>:</label>
<?php if ( $pizzeria_settings['sizes']['primary'] === $key ) {
echo '</strong>';
} ?>
</p>
<p>
<?php
if ( true === array_key_exists( 'currency', $pizzeria_settings )
&& array_key_exists( 'currency_pos', $pizzeria_settings )
&& true === array_key_exists( 'currency_pos', $pizzeria_settings )
&& 'before' === $pizzeria_settings['currency_pos'] ) {
echo $pizzeria_settings['currency'];
echo esc_html( $pizzeria_settings['currency'] );
}
?>
<input type="text" name="<?php echo esc_attr( $key ); ?>_price" value="<?php if ( true === array_key_exists( $key, $prices ) ) {
Expand Down Expand Up @@ -268,8 +268,7 @@ function add_ingredient_callback() {
}
$tags = explode( ',', $_POST['tag'] );
$tags = array_map( "trim", $tags );
$tags = array_map( 'sanitize_text_field', $tags );
wp_set_object_terms( absint( $_POST['postID'] ), $tags, 'wp_pizzeria_ingredient', true );
wp_set_object_terms( absint( $_POST['postID'] ), array_map( 'sanitize_text_field', $tags ), 'wp_pizzeria_ingredient', true );
die();
}

Expand Down
4 changes: 2 additions & 2 deletions dessert-display.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public function display( $atts ) {
if ( false !== get_post_meta( $post->ID, '_wp_pizzeria_price', true ) ) {
$output .= "\n\t\t\t" . '<td class="col5 price">';
if ( true === array_key_exists( 'currency', $pizzeria_settings )
&& array_key_exists( 'currency_pos', $pizzeria_settings )
&& true === array_key_exists( 'currency_pos', $pizzeria_settings )
&& 'before' === $pizzeria_settings['currency_pos'] ) {
$output .= esc_html( $pizzeria_settings['currency'] );
}
Expand Down Expand Up @@ -166,7 +166,7 @@ public function loop() {
) {
echo esc_html( $pizzeria_settings['currency'] );
}
echo get_post_meta( get_the_ID(), '_wp_pizzeria_price', true );
echo esc_html( get_post_meta( get_the_ID(), '_wp_pizzeria_price', true ) );
if ( true === array_key_exists( 'currency', $pizzeria_settings )
&& ( false === array_key_exists( 'currency_pos', $pizzeria_settings )
|| 'after' === $pizzeria_settings['currency_pos'] )
Expand Down
12 changes: 6 additions & 6 deletions nav-menu-modifications.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,9 +120,9 @@ function wp_pizzeria_nav_menu_item_post_type_meta_box( $object, $post_type ) {
?>
<div id="posttype-<?php echo esc_attr( $post_type_name ); ?>" class="posttypediv">
<ul id="posttype-<?php echo esc_attr( $post_type_name ); ?>-tabs" class="posttype-tabs add-menu-item-tabs">
<li <?php echo ( 'most-recent' == $current_tab ? ' class="tabs"' : '' ); ?>><a class="nav-tab-link" href="<?php if ( $nav_menu_selected_id ) echo esc_url( add_query_arg($post_type_name . '-tab', 'most-recent', remove_query_arg($removed_args) ) ); ?>#tabs-panel-posttype-<?php echo esc_attr( $post_type_name ); ?>-most-recent"><?php esc_html_e( 'Most Recent', 'wp-pizzeria' ); ?></a></li>
<li <?php echo ( 'all' == $current_tab ? ' class="tabs"' : '' ); ?>><a class="nav-tab-link" href="<?php if ( $nav_menu_selected_id ) echo esc_url( add_query_arg($post_type_name . '-tab', 'all', remove_query_arg($removed_args) ) ); ?>#<?php echo urlencode($post_type_name ); ?>-all"><?php esc_html_e( 'View All', 'wp-pizzeria' ); ?></a></li>
<li <?php echo ( 'search' == $current_tab ? ' class="tabs"' : '' ); ?>><a class="nav-tab-link" href="<?php if ( $nav_menu_selected_id ) echo esc_url( add_query_arg($post_type_name . '-tab', 'search', remove_query_arg($removed_args) ) ); ?>#tabs-panel-posttype-<?php echo esc_attr( $post_type_name ); ?>-search"><?php esc_html_e( 'Search', 'wp-pizzeria' ); ?></a></li>
<li <?php echo ( 'most-recent' == $current_tab ? ' class="tabs"' : '' ); ?>><a class="nav-tab-link" href="<?php if ( $nav_menu_selected_id ) echo esc_url( add_query_arg($post_type_name . '-tab', 'most-recent', remove_query_arg($removed_args) ) ); ?>#tabs-panel-posttype-<?php echo esc_attr( $post_type_name ); ?>-most-recent"><?php esc_html_e( 'Most Recent', 'wp_pizzeria' ); ?></a></li>
<li <?php echo ( 'all' == $current_tab ? ' class="tabs"' : '' ); ?>><a class="nav-tab-link" href="<?php if ( $nav_menu_selected_id ) echo esc_url( add_query_arg($post_type_name . '-tab', 'all', remove_query_arg($removed_args) ) ); ?>#<?php echo urlencode($post_type_name ); ?>-all"><?php esc_html_e( 'View All', 'wp_pizzeria' ); ?></a></li>
<li <?php echo ( 'search' == $current_tab ? ' class="tabs"' : '' ); ?>><a class="nav-tab-link" href="<?php if ( $nav_menu_selected_id ) echo esc_url( add_query_arg($post_type_name . '-tab', 'search', remove_query_arg($removed_args) ) ); ?>#tabs-panel-posttype-<?php echo esc_attr( $post_type_name ); ?>-search"><?php esc_html_e( 'Search', 'wp_pizzeria' ); ?></a></li>
</ul>

<div id="tabs-panel-posttype-<?php echo $post_type_name; ?>-most-recent" class="tabs-panel <?php
Expand Down Expand Up @@ -181,7 +181,7 @@ function wp_pizzeria_nav_menu_item_post_type_meta_box( $object, $post_type ) {
<?php } elseif ( true === is_wp_error( $search_results ) ) { ?>
<li><?php echo esc_html( $search_results->get_error_message() ); ?></li>
<?php } elseif ( false === empty( $searched ) ) { ?>
<li><?php esc_html_e('No results found.'); ?></li>
<li><?php esc_html_e( 'No results found.', 'wp_pizzeria' ); ?></li>
<?php } ?>
</ul>
</div><!-- /.tabs-panel -->
Expand Down Expand Up @@ -249,8 +249,8 @@ function wp_pizzeria_nav_menu_item_post_type_meta_box( $object, $post_type ) {
'selectall' => 1,
),
remove_query_arg($removed_args)
));
?>#posttype-<?php echo esc_attr( $post_type_name ); ?>" class="select-all"><?php esc_html_e( 'Select All', 'wp_pizzeria' ); ?></a>
) . '#posttype-' . $post_type_name );
?>" class="select-all"><?php esc_html_e( 'Select All', 'wp_pizzeria' ); ?></a>
</span>

<span class="add-to-menu">
Expand Down
4 changes: 2 additions & 2 deletions pasta-display.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ public function display( $atts ) {
$output .= '<a href="#" class="pizza-title">' . esc_html( get_the_title() ) . '</a>';
$output .= get_the_post_thumbnail( get_the_ID(), 'wp_pizzeria_thumbnail' );
$output .= '</td>';
$output .= "\n\t\t\t" . '<td class="col3 description"><div class="content">' . wp_kses_post( get_the_content() ) . '</div></td>';
$output .= "\n\t\t\t" . '<td class="col3 description"><div class="content">' . wp_kses_post( apply_filters( 'the_content', get_the_content() ) ) . '</div></td>';
if ( false !== get_post_meta( $post->ID, '_wp_pizzeria_price', true ) ) {
$output .= "\n\t\t\t" . '<td class="col5 price">';
if ( true === array_key_exists( 'currency', $pizzeria_settings )
Expand Down Expand Up @@ -167,7 +167,7 @@ public function loop() {
) {
echo esc_html( $pizzeria_settings['currency'] );
}
echo get_post_meta( get_the_ID(), '_wp_pizzeria_price', true );
echo esc_html( get_post_meta( get_the_ID(), '_wp_pizzeria_price', true ) );
if ( true === array_key_exists( 'currency', $pizzeria_settings )
&& ( false === array_key_exists( 'currency_pos', $pizzeria_settings )
|| 'after' === $pizzeria_settings['currency_pos'] )
Expand Down

0 comments on commit e000bfa

Please sign in to comment.