Changeset 3294206

Timestamp:

05/15/2025 01:54:09 PM (7 months ago)

Author:

seedprod

Message:

Staging 1.0.3

Location:

404-page/trunk

Files:

• 404-page.php (modified) (3 diffs)
• changelog.txt (modified) (1 diff)
• framework/field-types/checkbox.php (modified) (1 diff)
• framework/field-types/color.php (modified) (1 diff)
• framework/field-types/customsocialfollow.php (modified) (1 diff)
• framework/field-types/date.php (modified) (1 diff)
• framework/field-types/daterange.php (modified) (1 diff)
• framework/field-types/export.php (modified) (1 diff)
• framework/field-types/import.php (modified) (1 diff)
• framework/field-types/multiselect.php (modified) (1 diff)
• framework/field-types/password.php (modified) (1 diff)
• framework/field-types/radio.php (modified) (1 diff)
• framework/field-types/select.php (modified) (1 diff)
• framework/field-types/text.php (modified) (1 diff)
• framework/field-types/textarea.php (modified) (1 diff)
• framework/field-types/textbox.php (modified) (1 diff)
• framework/field-types/upload.php (modified) (1 diff)
• framework/framework.php (modified) (12 diffs)
• framework/validations/color.php (modified) (1 diff)
• framework/validations/email.php (modified) (1 diff)
• framework/validations/escurlraw.php (modified) (1 diff)
• framework/validations/number.php (modified) (1 diff)
• framework/validations/required.php (modified) (1 diff)
• includes/class-s404f.php (modified) (2 diffs)
• includes/config-settings.php (modified) (30 diffs)
• includes/template-tags.php (modified) (20 diffs)
• lib/seed_s404f_lessc.inc.php (modified) (5 diffs)
• readme.txt (modified) (1 diff)

404-page/trunk/404-page.php

@@ -4 +4 @@
 Plugin URI: http://www.seedprod.com/wordpress-404-page-plugin/
 Description: The Ultimate 404 Page Plugin
-Version:  1.0.1
+Version:  1.0.2
 Author: SeedProd
 Author URI: http://www.seedprod.com
-TextDomain: seedprod
+TextDomain: 404-page
 License: GPLv2
 */
@@ -19 +19 @@
 define( 'SEED_S404F_SHORTNAME', 'seed_s404f' ); // Used to reference namespace functions.
 define( 'SEED_S404F_SLUG', '404-page-seedprod/404-page-seedprod.php' ); // Used for settings link.
-define( 'SEED_S404F_TEXTDOMAIN', 'seedprod' ); // i18 for reference only
-define( 'SEED_S404F_PLUGIN_NAME', __( '404 Page by SeedProd', 'seedprod' ) ); // Plugin Name shows up on the admin settings screen.
-define( 'SEED_S404F_VERSION', '1.0.1' ); // Plugin Version Number. Recommend you use Semantic Versioning http://semver.org/
+define( 'SEED_S404F_TEXTDOMAIN', '404-page' ); // i18 for reference only
+define( 'SEED_S404F_PLUGIN_NAME', __( '404 Page by SeedProd', '404-page' ) ); // Plugin Name shows up on the admin settings screen.
+define( 'SEED_S404F_VERSION', '1.0.2' ); // Plugin Version Number. Recommend you use Semantic Versioning http://semver.org/
 define( 'SEED_S404F_PLUGIN_PATH', plugin_dir_path( __FILE__ ) ); // Example output: /Applications/MAMP/htdocs/wordpress/wp-content/plugins/seed_csp3/
 define( 'SEED_S404F_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); // Example output: http://localhost:8888/wordpress/wp-content/plugins/seed_csp3/
@@ -30 +30 @@
  */
 function seed_s404f_load_textdomain() {
-    load_plugin_textdomain( 'seedprod', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' );
+    load_plugin_textdomain( '404-page', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' );
 }
 add_action('plugins_loaded', 'seed_s404f_load_textdomain');

404-page/trunk/changelog.txt

@@ -1 @@
-1.0.1
+1.0.3
+* Fixed security bugs
+
+1.0.2
 * Fixed php warning notification errors
 

404-page/trunk/framework/field-types/checkbox.php

@@ -10 +10 @@
 }
 foreach ( $option_values as $k => $v ) {
-    echo "<input class='$id' type='checkbox' name='{$setting_id}[$id][]' value='$k' " . ( in_array( $k, ( empty( $options[ $id ] ) ? array( ) : $options[ $id ] ) ) ? 'checked' : '' ) . "  /> $v<br/>";
+    echo "<input class='" . esc_attr($id) . "' type='checkbox' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][]' value='" . esc_attr($k) . "' " . ( in_array( $k, ( empty( $options[ $id ] ) ? array( ) : $options[ $id ] ) ) ? 'checked' : '' ) . "  /> " . esc_html($v) . "<br/>";
     $c++;
 }

404-page/trunk/framework/field-types/color.php

@@ -8 +8 @@
 }
 
-echo "<input id='$id' class='pickcolor-field' type='text' name='{$setting_id}[$id]' value='" . esc_attr( $options[ $id ] ) . "' style='background-color:" . ( empty( $options[ $id ] ) ? $default_value : $options[ $id ] ) . ";' />";
+$style_value = empty( $options[ $id ] ) ? $default_value : $options[ $id ];
+echo "<input id='" . esc_attr($id) . "' class='pickcolor-field' type='text' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "]' value='" . esc_attr( $options[ $id ] ) . "' style='background-color:" . esc_attr( $style_value ) . ";' />";
 
 wp_enqueue_script( 'seed_s404f-color-js', SEED_S404F_PLUGIN_URL . 'framework/field-types/js/color.js', array(

404-page/trunk/framework/field-types/customsocialfollow.php

@@ -21 +21 @@
 
 ?>
-<small class='description'><?php _e("Enter your social profile url's. Drag &amp; Drop the icons to reorder. Remember to save your changes. <a href='https://seedprod.zendesk.com/entries/21778652-adding-custom-icons' target='_blank'>Learn how to add your own custom icons</a>.",'seedprod'); ?></small>
+<small class='description'><?php esc_html_e("Enter your social profile url's. Drag &amp; Drop the icons to reorder. Remember to save your changes. <a href='https://seedprod.zendesk.com/entries/21778652-adding-custom-icons' target='_blank'>Learn how to add your own custom icons</a>.",'404-page'); ?></small>
 <ul id="seed-csp4-social-profiles">
-    <?php foreach($profiles as $k=>$v){ ?>
-    <li class="ui-state-default"><img style="width:24px;vertical-align:middle;cursor:move" src="<?php echo SEED_S404F_PLUGIN_URL.'themes/default/images/icons1/'.strtolower($v).'.png'; ?>"> <?php echo "<input autocomplete='off' placeholder='$v'  class='regular-text' name='{$setting_id}[$id][$v]' type='text' value='" . esc_attr( $options[ $id ][$v] ) . "' />"; ?></li>
+    <?php foreach($profiles as $k=>$v){
+    $icon_url = SEED_S404F_PLUGIN_URL . 'themes/default/images/icons1/' . strtolower($v) . '.png';
+    $input_name = $setting_id . "[" . esc_attr($id) . "][" . esc_attr($v) . "]";
+    $input_value = isset($options[$id][$v]) ? $options[$id][$v] : '';
+    ?>
+    <li class="ui-state-default"><img style="width:24px;vertical-align:middle;cursor:move" src="<?php echo esc_url($icon_url); ?>"> <?php echo "<input autocomplete='off' placeholder='" . esc_attr($v) . "'  class='regular-text' name='" . esc_attr($input_name) . "' type='text' value='" . esc_attr($input_value) . "' />"; ?></li>
     <?php } ?>
 </ul>

404-page/trunk/framework/field-types/date.php

@@ -5 +5 @@
 // $options[$id] value from the db
 
+$value = $options[$id];
+
 $option_values = array(
-    '01'=>__('01-Jan','seedprod'),
-    '02'=>__('02-Feb','seedprod'),
-    '03'=>__('03-Mar','seedprod'),
-    '04'=>__('04-Apr','seedprod'),
-    '05'=>__('05-May','seedprod'),
-    '06'=>__('06-Jun','seedprod'),
-    '07'=>__('07-Jul','seedprod'),
-    '08'=>__('08-Aug','seedprod'),
-    '09'=>__('09-Sep','seedprod'),
-    '10'=>__('10-Oct','seedprod'),
-    '11'=>__('11-Nov','seedprod'),
-    '12'=>__('12-Dec','seedprod'),
+    '01'=>__('01-Jan','404-page'),
+    '02'=>__('02-Feb','404-page'),
+    '03'=>__('03-Mar','404-page'),
+    '04'=>__('04-Apr','404-page'),
+    '05'=>__('05-May','404-page'),
+    '06'=>__('06-Jun','404-page'),
+    '07'=>__('07-Jul','404-page'),
+    '08'=>__('08-Aug','404-page'),
+    '09'=>__('09-Sep','404-page'),
+    '10'=>__('10-Oct','404-page'),
+    '11'=>__('11-Nov','404-page'),
+    '12'=>__('12-Dec','404-page'),
     );
 
+$mm = substr($value,0,2);
 
-echo "<select id='mm' name='{$setting_id}[$id][month]'>";
+echo "<select id='mm' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][month]'>";
 foreach ( $option_values as $k => $v ) {
-    echo "<option value='$k' " . selected( $options[ $id ]['month'], $k, false ) . ">$v</option>";
+    echo "<option value='" . esc_attr($k) . "' " . selected( $options[ $id ]['month'], $k, false ) . ">" . esc_html($v) . "</option>";
 }
 echo "</select>";
 
-echo "<input id='jj' class='small-text' name='{$setting_id}[$id][day]' placeholder='".__('day','seedprod')."' type='text' value='" . esc_attr( $options[ $id ]['day'] ) . "' />";
+echo "<input id='jj' class='small-text' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][day]' placeholder='".esc_attr__('day','404-page')."' type='text' value='" . esc_attr( $options[ $id ]['day'] ) . "' />";
 
 echo ',';
-echo "<input id='aa' class='small-text' name='{$setting_id}[$id][year]' placeholder='".__('year','seedprod')."'  type='text' value='" . esc_attr( $options[ $id ]['year'] ) . "' /><br>";
+echo "<input id='aa' class='small-text' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][year]' placeholder='".esc_attr__('year','404-page')."'  type='text' value='" . esc_attr( $options[ $id ]['year'] ) . "' /><br>";

404-page/trunk/framework/field-types/daterange.php

@@ -6 +6 @@
 
 $option_values = array(
-    '01'=>__('01-Jan','seedprod'),
-    '02'=>__('02-Feb','seedprod'),
-    '03'=>__('03-Mar','seedprod'),
-    '04'=>__('04-Apr','seedprod'),
-    '05'=>__('05-May','seedprod'),
-    '06'=>__('06-Jun','seedprod'),
-    '07'=>__('07-Jul','seedprod'),
-    '08'=>__('08-Aug','seedprod'),
-    '09'=>__('09-Sep','seedprod'),
-    '10'=>__('10-Oct','seedprod'),
-    '11'=>__('11-Nov','seedprod'),
-    '12'=>__('12-Dec','seedprod'),
+    '01'=>__('01-Jan','404-page'),
+    '02'=>__('02-Feb','404-page'),
+    '03'=>__('03-Mar','404-page'),
+    '04'=>__('04-Apr','404-page'),
+    '05'=>__('05-May','404-page'),
+    '06'=>__('06-Jun','404-page'),
+    '07'=>__('07-Jul','404-page'),
+    '08'=>__('08-Aug','404-page'),
+    '09'=>__('09-Sep','404-page'),
+    '10'=>__('10-Oct','404-page'),
+    '11'=>__('11-Nov','404-page'),
+    '12'=>__('12-Dec','404-page'),
     );
 
-_e('Start Date', 'seedprod');
-echo "<select id='mm' name='{$setting_id}[$id][start_month]'>";
+esc_html_e('Start Date', '404-page');
+echo "<select id='mm' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][start_month]'>";
 foreach ( $option_values as $k => $v ) {
-    echo "<option value='$k' " . selected( $options[ $id ]['start_month'], $k, false ) . ">$v</option>";
+    echo "<option value='" . esc_attr($k) . "' " . selected( $options[ $id ]['start_month'], $k, false ) . ">" . esc_html($v) . "</option>";
 }
 echo "</select>";
 
-echo "<input id='jj' class='small-text' placeholder='".__('day','seedprod')."' name='{$setting_id}[$id][start_day]' type='text' value='" . esc_attr( $options[ $id ]['start_day'] ) . "' />";
+echo "<input id='jj' class='small-text' placeholder='".esc_attr__('day','404-page')."' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][start_day]' type='text' value='" . esc_attr( $options[ $id ]['start_day'] ) . "' />";
 
 echo ',';
-echo "<input id='aa' class='small-text' placeholder='".__('year','seedprod')."' name='{$setting_id}[$id][start_year]' type='text' value='" . esc_attr( $options[ $id ]['start_year'] ) . "' />";
+echo "<input id='aa' class='small-text' placeholder='".esc_attr__('year','404-page')."' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][start_year]' type='text' value='" . esc_attr( $options[ $id ]['start_year'] ) . "' />";
 
 echo '&nbsp;&nbsp;&nbsp;&nbsp;';
-_e('End Date', 'seedprod');
-echo "<select id='mm' name='{$setting_id}[$id][end_month]'>";
+esc_html_e('End Date', '404-page');
+echo "<select id='mm' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][end_month]'>";
 foreach ( $option_values as $k => $v ) {
-    echo "<option value='$k' " . selected( $options[ $id ]['end_month'], $k, false ) . ">$v</option>";
+    echo "<option value='" . esc_attr($k) . "' " . selected( $options[ $id ]['end_month'], $k, false ) . ">" . esc_html($v) . "</option>";
 }
 echo "</select>";
 
-echo "<input id='jj' class='small-text' placeholder='".__('day','seedprod')."' name='{$setting_id}[$id][end_day]' type='text' value='" . esc_attr( $options[ $id ]['end_day'] ) . "' />";
+echo "<input id='jj' class='small-text' placeholder='".esc_attr__('day','404-page')."' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][end_day]' type='text' value='" . esc_attr( $options[ $id ]['end_day'] ) . "' />";
 
 echo ',';
-echo "<input id='aa' class='small-text' placeholder='".__('year','seedprod')."' name='{$setting_id}[$id][end_year]' type='text' value='" . esc_attr( $options[ $id ]['end_year'] ) . "' /><br>";
+echo "<input id='aa' class='small-text' placeholder='".esc_attr__('year','404-page')."' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][end_year]' type='text' value='" . esc_attr( $options[ $id ]['end_year'] ) . "' /><br>";
 

404-page/trunk/framework/field-types/export.php

@@ -22 +22 @@
 $export = json_encode($settings);
 
-echo "<textarea id='$id' class='large-text'>" . $export . "</textarea><br>";
+echo "<textarea id='" . esc_attr($id) . "' class='large-text'>" . esc_textarea($export) . "</textarea><br>";
 
 echo '

404-page/trunk/framework/field-types/import.php

@@ -14 +14 @@
             if(confirm(seed_s404f_msgs.import_confirm)){
                 var settings = $('#import_settings').val();
-                $.post('{$ajax_url}',{settings: settings}, function(data) {
+                $.post('" . esc_url($ajax_url) . "',{settings: settings}, function(data) {
                     if(data == '1'){
                         $('#import-settings-btn').html('Import Successful').attr('disabled','disabled');

404-page/trunk/framework/field-types/multiselect.php

@@ -9 +9 @@
 }
 
-echo "<select multiple='multiple' id='$id' class='" . ( empty( $class ) ? 'all-options' : $class ) . "' name='{$setting_id}[$id][]'>";
+echo "<select multiple='multiple' id='" . esc_attr($id) . "' class='" . esc_attr(empty( $class ) ? 'all-options' : $class) . "' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "][]'>";
 
 foreach ( $option_values as $k => $v ) {
 
 
-    echo "<option value='$k' " .  (in_array($k,$options[$id],true)?'selected':'')  . ">$v</option>";
+    echo "<option value='" . esc_attr($k) . "' " .  (in_array($k,$options[$id],true)?'selected':'')  . ">" . esc_html($v) . "</option>";
 }
 echo "</select><br>";

404-page/trunk/framework/field-types/password.php

@@ -7 +7 @@
     $options[ $id ] = '';
 }
-echo "<input id='$id' class='" . ( empty( $class ) ? 'regular-text' : $class ) . "' name='{$setting_id}[$id]' type='password' value='" . esc_attr( $options[ $id ] ) . "' /><br>";
+echo "<input id='" . esc_attr($id) . "' class='" . esc_attr(empty( $class ) ? 'regular-text' : $class) . "' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "]' type='password' value='" . esc_attr( $options[ $id ] ) . "' /><br>";

404-page/trunk/framework/field-types/radio.php

@@ -6 +6 @@
 
 foreach ( $option_values as $k => $v ) {
-    echo "<input class='$id' type='radio' name='{$setting_id}[$id]' value='$k' " . checked( $options[ $id ], $k, false ) . "  /> $v<br/>";
+    echo "<input class='" . esc_attr($id) . "' type='radio' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "]' value='" . esc_attr($k) . "' " . checked( $options[ $id ], $k, false ) . "  /> " . esc_html($v) . "<br/>";
 }

404-page/trunk/framework/field-types/select.php

@@ -5 +5 @@
 // $options[$id] value from the db
 
-echo "<select id='$id' class='" . ( empty( $class ) ? '' : $class ) . "' name='{$setting_id}[$id]'>";
+echo "<select id='" . esc_attr($id) . "' class='" . esc_attr(empty( $class ) ? '' : $class) . "' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "]'>";
 foreach ( $option_values as $k => $v ) {
     if(is_array($v)){
-        echo '<optgroup label="'.ucwords($k).'">';
+        echo '<optgroup label="'.esc_attr(ucwords($k)).'">';
         foreach ( $v as $k1=>$v1 ) {
-            echo "<option value='$k1' " . selected( $options[ $id ], $k1, false ) . ">$v1</option>";
+            echo "<option value='" . esc_attr($k1) . "' " . selected( $options[ $id ], $k1, false ) . ">" . esc_html($v1) . "</option>";
         }
         echo '</optgroup>';
     }else{
-            if(!isset($options[ $id ])){
-                $options[ $id ] = '';
-            }
-            echo "<option value='$k' " . selected( $options[ $id ], $k, false ) . ">$v</option>";
+        if(!isset($options[ $id ])){
+            $options[ $id ] = '';
+        }
+            echo "<option value='" . esc_attr($k) . "' " . selected( $options[ $id ], $k, false ) . ">" . esc_html($v) . "</option>";
     }
 }

404-page/trunk/framework/field-types/text.php

@@ -5 +5 @@
 // $options[$id] value from the db
 if(!empty($options[ $id ]))
-    echo "<p id='$id' class='" . ( empty( $class ) ? '' : $class ) . "' >".$options[ $id ] ."</p>";
+    echo "<p id='" . esc_attr($id) . "' class='" . esc_attr(empty( $class ) ? '' : $class) . "' >".esc_html($options[ $id ]) ."</p>";

404-page/trunk/framework/field-types/textarea.php

@@ -7 +7 @@
     $options[ $id ] = '';
 }
-echo "<textarea id='$id' class='" . ( empty( $class ) ? '' : $class ) . "' name='{$setting_id}[$id]'>" . $options[ $id ] . "</textarea><br>";
+echo "<textarea id='" . esc_attr($id) . "' class='" . esc_attr(empty( $class ) ? '' : $class) . "' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "]'>" . esc_textarea( $options[ $id ] ) . "</textarea><br>";

404-page/trunk/framework/field-types/textbox.php

@@ -7 +7 @@
     $options[ $id ] = '';
 }
-echo "<input id='$id' class='" . ( empty( $class ) ? 'regular-text' : $class ) . "' name='{$setting_id}[$id]' type='text' value='" . esc_attr( $options[ $id ] ) . "' /><br>";
+echo "<input id='" . esc_attr($id) . "' class='" . esc_attr(empty( $class ) ? 'regular-text' : $class) . "' name='".esc_attr($setting_id) . "[" . esc_attr($id) . "]' type='text' value='" . esc_attr( $options[ $id ] ) . "' /><br>";

404-page/trunk/framework/field-types/upload.php

@@ -9 +9 @@
 
 
-echo "<input id='$id' class='" . ( empty( $class ) ? 'regular-text' : $class ) . "' name='{$setting_id}[$id]' type='text' value='" . esc_attr( $options[ $id ] ) . "' />";
-echo "<input id='{$id}_upload_image_button' class='button-secondary upload-button' type='button' value='" . __( 'Media Image Library', 'seedprod' ) . "' /><br>";
+echo "<input id='" . esc_attr($id) . "' class='" . esc_attr(empty( $class ) ? 'regular-text' : $class) . "' name='" . esc_attr($setting_id) . "[" . esc_attr($id) . "]' type='text' value='" . esc_attr( $options[ $id ] ) . "' />";
+echo "<input id='" . esc_attr($id) . "_upload_image_button' class='button-secondary upload-button' type='button' value='" . esc_attr__( 'Media Image Library', '404-page' ) . "' /><br>";
 
 wp_enqueue_script( 'seed_s404f-upload-js', SEED_S404F_PLUGIN_URL . 'framework/field-types/js/upload.js', array() );

404-page/trunk/framework/framework.php

@@ -75 +75 @@
 
             $_POST[ $_POST[ 'option_page' ] ] = $seed_s404f_settings_deafults[$_POST[ 'option_page' ]];
-            add_settings_error( 'general', 'seed_s404f-settings-reset', __( "Settings reset." ), 'updated' );
+            add_settings_error( 'general', 'seed_s404f-settings-reset', __( "Settings reset.", '404-page' ), 'updated' );
         }
     }
@@ -114 +114 @@
     {
       $this->plugin_screen_hook_suffix = add_options_page(
-            __( "404 Page by SeedProd", 'seedprod' ),
-            __( "404 Page by SeedProd", 'seedprod' ),
+            __( "404 Page by SeedProd", '404-page' ),
+            __( "404 Page by SeedProd", '404-page' ),
             'manage_options',
             'seed_s404f',
@@ -171 +171 @@
                             $active = 'nav-tab-active';
                         }
-                        echo '<a class="nav-tab ' . $active . '" href="?page=' . $menu_slug . '&tab=' . $v[ 'id' ] . '">' . $v[ 'label' ] . '</a>';
+                        echo '<a class="nav-tab ' . esc_attr($active) . '" href="?page=' . esc_attr($menu_slug) . '&tab=' . esc_attr($v[ 'id' ]) . '">' . esc_html($v[ 'label' ]) . '</a>';
                         $c++;
                     }
             }
-            echo '<a class="nav-tab seed_s404f-preview thickbox-preview" href="'.home_url().'?seed_s404f_preview=true" title="'.__('&larr; Close Window','seedprod').'">'.__('Live Preview','seedprod').'</a>';
+            echo '<a class="nav-tab seed_s404f-preview thickbox-preview" href="'.esc_url(home_url('/?seed_s404f_preview=true')).'" title="'.esc_attr__('&larr; Close Window','404-page').'">'.esc_html__('Live Preview','404-page').'</a>';
             if(defined('SEED_CSP_API_KEY') === false){
-                echo '<a class="nav-tab seed_s404f-support" style="background-color: #fcf8e3;" href="http://www.seedprod.com/wordpress-404-page-pro/?utm_source=404-page-plugin&utm_medium=banner&utm_campaign=404-page-in-plugin" target="_blank"><i class="fa fa-star"></i> '.__('Upgrade to Pro for more Professional Features','seedprod').'</a>';
+                echo '<a class="nav-tab seed_s404f-support" style="background-color: #fcf8e3;" href="http://www.seedprod.com/wordpress-404-page-pro/?utm_source=404-page-plugin&utm_medium=banner&utm_campaign=404-page-in-plugin" target="_blank"><i class="fa fa-star"></i> '.esc_html__('Upgrade to Pro for more Professional Features','404-page').'</a>';
             }
             echo '</h2>';
@@ -219 +219 @@
         <div class="wrap columns-2 seed-csp4">
         
-            <h2><?php echo $this->plugin_name; ?> <span class="seed_s404f-version"> <?php echo SEED_S404F_VERSION; ?></span></h2>
+            <h2><?php echo esc_html($this->plugin_name); ?> <span class="seed_s404f-version"> <?php echo esc_html(SEED_S404F_VERSION); ?></span></h2>
             <?php //settings_errors() ?>
             <?php $this->plugin_options_tabs(); ?>
@@ -232 +232 @@
                     <form action="options.php" method="post">
 
-                    <!-- <input name="submit" type="submit" value="<?php _e( 'Save All Changes', 'seedprod' ); ?>" class="button-primary"/> -->
+                    <!-- <input name="submit" type="submit" value="<?php esc_html_e( 'Save All Changes', '404-page' ); ?>" class="button-primary"/> -->
                     <?php if(!empty($_GET['tab']) && $_GET['tab'] != 'seed_s404f_tab_3') { ?>
-                    <!-- <input id="reset" name="reset" type="submit" value="<?php _e( 'Reset Settings', 'seedprod' ); ?>" class="button-secondary"/>     -->
+                    <!-- <input id="reset" name="reset" type="submit" value="<?php esc_html_e( 'Reset Settings', '404-page' ); ?>" class="button-secondary"/>     -->
                     <?php } ?>
 
@@ -264 +264 @@
                                                 if ( $current_tab == $tab[ 'id' ] or $current_tab === false ) {
                                                     if ( $layout == '2-col' ) {
-                                                        echo '<div id="'.$v[ 'id' ].'" class="postbox seedprod-postbox">';
-                                                        $this->do_settings_sections( $v[ 'id' ],$show_submit );
+                                                        echo '<div id="'.esc_attr($v['id']).'" class="postbox seedprod-postbox">';
+                                                        $this->do_settings_sections( $v['id'],$show_submit );
                                                         echo '</div>';
                                                     } else {
-                                                        do_settings_sections( $v[ 'id' ] );
+                                                        do_settings_sections( $v['id'] );
                                                     }
 
@@ -281 +281 @@
                     <?php if($show_submit): ?>
                     <p>
-                    <!-- <input name="submit" type="submit" value="<?php _e( 'Save All Changes', 'seedprod' ); ?>" class="button-primary"/> -->
-                    <!-- <input id="reset" name="reset" type="submit" value="<?php _e( 'Reset Settings', 'seedprod' ); ?>" class="button-secondary"/> -->
+                    <!-- <input name="submit" type="submit" value="<?php esc_html_e( 'Save All Changes', '404-page' ); ?>" class="button-primary"/> -->
+                    <!-- <input id="reset" name="reset" type="submit" value="<?php esc_html_e( 'Reset Settings', '404-page' ); ?>" class="button-secondary"/> -->
                     </p>
                     <?php endif; ?>
@@ -294 +294 @@
             jQuery(document).ready(function($) {
                 $('#reset').click(function(e){
-                    if(!confirm('<?php _e( 'This tabs settings be deleted and reset to the defaults. Are you sure you want to reset?', 'seedprod' ); ?>')){
+                    if(!confirm( '<?php echo esc_js( __( 'This tabs settings be deleted and reset to the defaults. Are you sure you want to reset?', '404-page' ) ); ?>' )){
                         e.preventDefault();
                     }
@@ -398 +398 @@
             // Show description
             if ( !empty( $desc ) ) {
-                echo "<small class='description'>{$desc}</small>";
+                echo "<small class='description'>".wp_kses_post($desc)."</small>";
             }
         }
@@ -480 +480 @@
 
         foreach ( (array) $wp_settings_sections[ $page ] as $section ) {
-            echo "<h3 class='hndle'>{$section['title']}</h3>\n";
+            echo "<h3 class='hndle'>".esc_html($section['title'])."</h3>\n";
             echo '<div class="inside">';
             call_user_func( $section[ 'callback' ], $section );
@@ -490 +490 @@
             if($show_submit): ?>
                 <p>
-                <input name="submit" type="submit" value="<?php _e( 'Save All Changes', 'seedprod' ); ?>" class="button-primary"/>
+                <input name="submit" type="submit" value="<?php esc_attr_e( 'Save All Changes', '404-page' ); ?>" class="button-primary"/>
                 </p>
             <?php endif;
@@ -506 +506 @@
               echo '<tr valign="top">';
               if ( !empty($field['args']['label_for']) )
-                  echo '<th scope="row"><label for="' . $field['args']['label_for'] . '">' . $field['title'] . '</label></th>';
+                  echo '<th scope="row"><label for="' . esc_attr($field['args']['label_for']) . '">' . esc_html($field['title']) . '</label></th>';
               else
-                  echo '<th scope="row"><strong>' . $field['title'] . '</strong><!--<br>'.$field['args']['desc'].'--></th>';
+                  echo '<th scope="row"><strong>' . esc_html($field['title']) . '</strong><!--<br>'.esc_html($field['args']['desc']).'--></th>';
               echo '<td>';
               call_user_func($field['callback'], $field['args']);

404-page/trunk/framework/validations/color.php

@@ -11 +11 @@
     if ( !preg_match( '/^#[a-f0-9]{6}$/i', $input[ $k[ 'id' ] ] ) ) {
         $is_valid  = false;
-        $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid color value.', 'seedprod' );
+        $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid color value.', '404-page' );
     }
 }

404-page/trunk/framework/validations/email.php

@@ -8 +8 @@
 if ( !empty( $input[ $k[ 'id' ] ] ) ) {
     $is_valid  = is_email( $input[ $k[ 'id' ] ] );
-    $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid email.', 'seedprod' );
+    $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid email.', '404-page' );
 }

404-page/trunk/framework/validations/escurlraw.php

@@ -9 +9 @@
     $input[ $k[ 'id' ] ]= esc_url_raw($input[ $k[ 'id' ] ]);
     $is_valid  = true;
-    $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid email.', 'seedprod' );
+    $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid email.', '404-page' );
 }

404-page/trunk/framework/validations/number.php

@@ -9 +9 @@
     if ( !is_numeric( $input[ $k[ 'id' ] ] ) ) {
         $is_valid  = false;
-        $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid number.', 'seedprod' );
+        $error_msg = $k[ 'label' ] . ': ' . __( 'Please enter a valid number.', '404-page' );
     }
 }

404-page/trunk/framework/validations/required.php

@@ -8 +8 @@
 if ( empty( $input[ $k[ 'id' ] ] ) ) {
     $is_valid  = false;
-    $error_msg = $k[ 'label' ] . ' ' . __( 'is required.', 'seedprod' );
+    $error_msg = $k[ 'label' ] . ' ' . __( 'is required.', '404-page' );
 }

404-page/trunk/includes/class-s404f.php

@@ -75 +75 @@
        }
 
-       echo $font_family;
+       echo esc_attr($font_family);
    }
 
@@ -156 +156 @@
                 }
         } else {
-            echo do_shortcode($template);
+            echo wp_kses_post(do_shortcode($template));
             exit();
         }

404-page/trunk/includes/config-settings.php

@@ -20 +20 @@
         "type" => "menu",
         "menu_type" => "add_options_page",
-        "page_name" => __( "404 Page by SeedProd", 'seedprod' ),
+        "page_name" => __( "404 Page by SeedProd", '404-page' ),
         "menu_slug" => "seed_s404f",
         "layout" => "2-col"
@@ -31 +31 @@
         "type" => "tab",
         "id" => "seed_s404f_setting",
-        "label" => __( "Page Settings", 'seedprod' ),
+        "label" => __( "Page Settings", '404-page' ),
     );
 
@@ -42 +42 @@
         "type" => "section",
         "id" => "seed_s404f_section_general",
-        "label" => __( "General", 'seedprod' ),
+        "label" => __( "General", '404-page' ),
     );
 
@@ -48 +48 @@
         "type" => "radio",
         "id" => "status",
-        "label" => __( "Status", 'seedprod' ),
-        "option_values" => array(
-            '0' => __( 'Disabled', 'seedprod' ),
-            '1' => __( 'Enable 404 Page', 'seedprod' ),
-        ),
-        "desc" => __( "This will replace your theme's 404 page with a custom 404 page.", 'seedprod' ),
+        "label" => __( "Status", '404-page' ),
+        "option_values" => array(
+            '0' => __( 'Disabled', '404-page' ),
+            '1' => __( 'Enable 404 Page', '404-page' ),
+        ),
+        "desc" => __( "This will replace your theme's 404 page with a custom 404 page.", '404-page' ),
         "default_value" => "0"
     );
@@ -61 +61 @@
         "type" => "section",
         "id" => "seed_s404f_section_page_settings",
-        "label" => __( "Page Settings", 'seedprod' )
+        "label" => __( "Page Settings", '404-page' )
     );
 
@@ -67 +67 @@
         "type" => "upload",
         "id" => "logo",
-        "label" => __( "Logo", 'seedprod' ),
-        "desc" => __('Upload a logo or other image.', 'seedprod'),
+        "label" => __( "Logo", '404-page' ),
+        "desc" => __('Upload a logo or other image.', '404-page'),
     );
 
@@ -75 +75 @@
         "id" => "headline",
         "class" => "large-text",
-        "label" => __( "Headline", 'seedprod' ),
-        "desc" => __( "Enter a headline for your page.", 'seedprod' ),
-        'default'   => __( "404 Page by SeedProd", 'seedprod' ),
+        "label" => __( "Headline", '404-page' ),
+        "desc" => __( "Enter a headline for your page.", '404-page' ),
+        'default'   => __( "404 Page by SeedProd", '404-page' ),
     );
 
@@ -83 +83 @@
         "type" => "wpeditor",
         "id" => "description",
-        "label" => __( "Message", 'seedprod' ),
-        "desc" => __( "Enter your 404 page message.", 'seedprod' ),
+        "label" => __( "Message", '404-page' ),
+        "desc" => __( "Enter your 404 page message.", '404-page' ),
         "class" => "large-text"
     );
@@ -91 +91 @@
         "type" => "checkbox",
         "id" => "search_form",
-        "label" => __( "Enable WordPress Search Form", 'seedprod' ),
-        "desc" => __("This will enable the WordPress Search Form", 'seedprod'),
-        "option_values" => array(
-             '1' => __( 'Yes', 'seedprod' ),
+        "label" => __( "Enable WordPress Search Form", '404-page' ),
+        "desc" => __("This will enable the WordPress Search Form", '404-page'),
+        "option_values" => array(
+             '1' => __( 'Yes', '404-page' ),
         ),
         "default" => "1",
@@ -103 +103 @@
         "id" => "twitter_url",
         "class" => "large-text",
-        "label" => __( "Twitter Social Profile", 'seedprod' ),
-        "desc" => __( "Enter your Twitter url to display a social icon.", 'seedprod' ),
+        "label" => __( "Twitter Social Profile", '404-page' ),
+        "desc" => __( "Enter your Twitter url to display a social icon.", '404-page' ),
     );
 
@@ -111 +111 @@
         "id" => "facebook_url",
         "class" => "large-text",
-        "label" => __( "Facebook Social Profile", 'seedprod' ),
-        "desc" => __( "Enter your Facebook url to display a social icon.", 'seedprod' ),
+        "label" => __( "Facebook Social Profile", '404-page' ),
+        "desc" => __( "Enter your Facebook url to display a social icon.", '404-page' ),
     );
 
      $seed_s404f_options[ ] = array( "type" => "radio",
         "id" => "footer_credit",
-        "label" => __("Powered By SeedProd", 'seedprod'),
-        "option_values" => array('0'=>__('Nope - Got No Love', 'seedprod'),'1'=>__('Yep - I Love You Man', 'seedprod')),
-        "desc" => __("Can we show a <strong>cool stylish</strong> footer credit at the bottom the page.", 'seedprod'),
+        "label" => __("Powered By SeedProd", '404-page'),
+        "option_values" => array('0'=>__('Nope - Got No Love', '404-page'),'1'=>__('Yep - I Love You Man', '404-page')),
+        "desc" => __("Can we show a <strong>cool stylish</strong> footer credit at the bottom the page.", '404-page'),
         "default_value" => "0",
     );
@@ -131 +131 @@
         "type" => "tab",
         "id" => "seed_s404f_design",
-        "label" => __( "Design Settings", 'seedprod' )
+        "label" => __( "Design Settings", '404-page' )
     );
 
@@ -144 +144 @@
         "type" => "section",
         "id" => "seed_s404f_section_background",
-        "label" => __( "Background", 'seedprod' )
+        "label" => __( "Background", '404-page' )
     );
 
@@ -152 +152 @@
         "type" => "checkbox",
         "id" => "bg_screenshot",
-        "label" => __( "Background Screenshot", 'seedprod' ),
-        "desc" => __("This will capture a screenshot of your home page and use it as the background. Note: It may take a few minutes for the initial screenshot to be generated.", 'seedprod'),
-        "option_values" => array(
-             '1' => __( 'Yes', 'seedprod' ),
+        "label" => __( "Background Screenshot", '404-page' ),
+        "desc" => __("This will capture a screenshot of your home page and use it as the background. Note: It may take a few minutes for the initial screenshot to be generated.", '404-page'),
+        "option_values" => array(
+             '1' => __( 'Yes', '404-page' ),
         ),
     );
@@ -163 +163 @@
         "type" => "upload",
         "id" => "bg_image",
-        "desc" => __('This will override the screenshot image if set.', 'seedprod'),
-        "label" => __( "Background Image", 'seedprod' ),
+        "desc" => __('This will override the screenshot image if set.', '404-page'),
+        "label" => __( "Background Image", '404-page' ),
     );
 
@@ -171 +171 @@
         "type" => "color",
         "id" => "bg_color",
-        "label" => __( "Background Color", 'seedprod' ),
+        "label" => __( "Background Color", '404-page' ),
         "default_value" => "#fafafa",
         "validate" => 'color',
@@ -180 +180 @@
         "type" => "checkbox",
         "id" => "bg_cover",
-        "label" => __( "Responsive Background", 'seedprod' ),
-        "desc" => __("Scale the background image to be as large as possible so that the background area is completely covered by the background image. Some parts of the background image may not be in view within the background positioning area.", 'seedprod'),
-        "option_values" => array(
-             '1' => __( 'Yes', 'seedprod' ),
+        "label" => __( "Responsive Background", '404-page' ),
+        "desc" => __("Scale the background image to be as large as possible so that the background area is completely covered by the background image. Some parts of the background image may not be in view within the background positioning area.", '404-page'),
+        "option_values" => array(
+             '1' => __( 'Yes', '404-page' ),
         ),
         "default" => "1",
@@ -191 +191 @@
         "type" => "select",
         "id" => "bg_repeat",
-        "desc" => __('This setting is not applied if Responsive Background is checked', 'seedprod' ),
-        "label" => __( "Background Repeat", 'seedprod' ),
-        "option_values" => array(
-            'no-repeat' => __( 'No-Repeat', 'seedprod' ),
-            'repeat' => __( 'Tile', 'seedprod' ),
-            'repeat-x' => __( 'Tile Horizontally', 'seedprod' ),
-            'repeat-y' => __( 'Tile Vertically', 'seedprod' ),
+        "desc" => __('This setting is not applied if Responsive Background is checked', '404-page' ),
+        "label" => __( "Background Repeat", '404-page' ),
+        "option_values" => array(
+            'no-repeat' => __( 'No-Repeat', '404-page' ),
+            'repeat' => __( 'Tile', '404-page' ),
+            'repeat-x' => __( 'Tile Horizontally', '404-page' ),
+            'repeat-y' => __( 'Tile Vertically', '404-page' ),
         )
     );
@@ -205 +205 @@
         "type" => "select",
         "id" => "bg_position",
-        "desc" => __('This setting is not applied if Responsive Background is checked', 'seedprod' ),
-        "label" => __( "Background Position", 'seedprod' ),
-        "option_values" => array(
-            'left top' => __( 'Left Top', 'seedprod' ),
-            'left center' => __( 'Left Center', 'seedprod' ),
-            'left bottom' => __( 'Left Bottom', 'seedprod' ),
-            'right top' => __( 'Right Top', 'seedprod' ),
-            'right center' => __( 'Right Center', 'seedprod' ),
-            'right bottom' => __( 'Right Bottom', 'seedprod' ),
-            'center top' => __( 'Center Top', 'seedprod' ),
-            'center center' => __( 'Center Center', 'seedprod' ),
-            'center bottom' => __( 'Center Bottom', 'seedprod' ),
+        "desc" => __('This setting is not applied if Responsive Background is checked', '404-page' ),
+        "label" => __( "Background Position", '404-page' ),
+        "option_values" => array(
+            'left top' => __( 'Left Top', '404-page' ),
+            'left center' => __( 'Left Center', '404-page' ),
+            'left bottom' => __( 'Left Bottom', '404-page' ),
+            'right top' => __( 'Right Top', '404-page' ),
+            'right center' => __( 'Right Center', '404-page' ),
+            'right bottom' => __( 'Right Bottom', '404-page' ),
+            'center top' => __( 'Center Top', '404-page' ),
+            'center center' => __( 'Center Center', '404-page' ),
+            'center bottom' => __( 'Center Bottom', '404-page' ),
         )
     );
@@ -223 +223 @@
         "type" => "select",
         "id" => "bg_attahcment",
-        "desc" => __('This setting is not applied if Responsive Background is checked', 'seedprod' ),
-        "label" => __( "Background Attachment", 'seedprod' ),
-        "option_values" => array(
-            'fixed' => __( 'Fixed', 'seedprod' ),
-            'scroll' => __( 'Scroll', 'seedprod' ),
+        "desc" => __('This setting is not applied if Responsive Background is checked', '404-page' ),
+        "label" => __( "Background Attachment", '404-page' ),
+        "option_values" => array(
+            'fixed' => __( 'Fixed', '404-page' ),
+            'scroll' => __( 'Scroll', '404-page' ),
         )
     );
@@ -236 +236 @@
         "type" => "section",
         "id" => "seed_s404f_section_text",
-        "label" => __( "Text", 'seedprod' )
+        "label" => __( "Text", '404-page' )
     );
 
@@ -243 +243 @@
         "type" => "color",
         "id" => "link_color",
-        "label" => __( "Link Color", 'seedprod' ),
+        "label" => __( "Link Color", '404-page' ),
         "default_value" => "#27AE60",
         "validate" => 'required,color',
@@ -254 +254 @@
         "type" => "select",
         "id" => "text_font",
-        "label" => __( "Text Font", 'seedprod' ),
+        "label" => __( "Text Font", '404-page' ),
         "option_values" => apply_filters('seed_s404f_fonts',array(
             '_arial'     => 'Arial',
@@ -278 +278 @@
         "type" => "section",
         "id" => "seed_s404f_section_template",
-        "label" => __( "Template", 'seedprod' )
+        "label" => __( "Template", '404-page' )
     );
 
@@ -286 +286 @@
         "id" => "custom_css",
         "class" => "large-text",
-        "label" => __( "Custom CSS", 'seedprod' ),
-        "desc" => __('Need to tweaks the styles? Add your custom CSS here.','seedprod'),
+        "label" => __( "Custom CSS", '404-page' ),
+        "desc" => __('Need to tweaks the styles? Add your custom CSS here.','404-page'),
     );
 
@@ -297 +297 @@
         "type" => "tab",
         "id" => "seed_s404f_advanced",
-        "label" => __( "Advanced", 'seedprod' )
+        "label" => __( "Advanced", '404-page' )
     );
 
@@ -310 +310 @@
         "type" => "section",
         "id" => "seed_s404f_section_scripts",
-        "label" => __( "Scripts", 'seedprod' )
+        "label" => __( "Scripts", '404-page' )
     );
 
@@ -316 +316 @@
         "type" => "checkbox",
         "id" => "enable_wp_head_footer",
-        "label" => __( "Enable 3rd Party Plugins", 'seedprod' ),
-        "desc" => __("Turn off 3rd party plugins if you are having diplay issues on the 404 page. No other plugins will run on the 404 page when unchecked.", 'seedprod'),
-        "option_values" => array(
-             '1' => __( 'Disable', 'seedprod' ),
+        "label" => __( "Enable 3rd Party Plugins", '404-page' ),
+        "desc" => __("Turn off 3rd party plugins if you are having diplay issues on the 404 page. No other plugins will run on the 404 page when unchecked.", '404-page'),
+        "option_values" => array(
+             '1' => __( 'Disable', '404-page' ),
         ),
         "default" => "1",
@@ -327 +327 @@
         "type" => "textarea",
         "id" => "header_scripts",
-        "label" => __( "Header Scripts", 'seedprod' ),
-        "desc" => __('Enter any custom scripts. You can enter Javascript or CSS. This will be rendered before the closing head tag.', 'seedprod'),
+        "label" => __( "Header Scripts", '404-page' ),
+        "desc" => __('Enter any custom scripts. You can enter Javascript or CSS. This will be rendered before the closing head tag.', '404-page'),
         "class" => "large-text"
     );
@@ -335 +335 @@
         "type" => "textarea",
         "id" => "footer_scripts",
-        "label" => __( "Footer Scripts", 'seedprod' ),
-        "desc" => __('Enter any custom scripts. This will be rendered before the closing body tag.', 'seedprod'),
+        "label" => __( "Footer Scripts", '404-page' ),
+        "desc" => __('Enter any custom scripts. This will be rendered before the closing body tag.', '404-page'),
         "class" => "large-text"
     );

404-page/trunk/includes/template-tags.php

@@ -53 +53 @@
     $output = '';
     if(!empty($custom_css)){
-        $output = '<style type="text/css">'.$custom_css.'</style>';
+        $output = '<style type="text/css">'.wp_strip_all_tags($custom_css).'</style>';
     }
 
@@ -124 +124 @@
         <?php if ( !empty( $bg_image ) ): ;?>
             <?php if ( isset( $bg_cover ) && in_array( '1', $bg_cover ) ) : ?>
-                background: <?php echo $bg_color;?> url('<?php echo $bg_image; ?>') no-repeat top center fixed;
+                background: <?php echo esc_attr($bg_color);?> url('<?php echo esc_url($bg_image); ?>') no-repeat top center fixed;
                 -webkit-background-size: cover;
                 -moz-background-size: cover;
@@ -130 +130 @@
                 background-size: cover;
             <?php else: ?>
-                background: <?php echo $bg_color;?> url('<?php echo $bg_image; ?>') <?php echo $bg_repeat;?> <?php echo $bg_position;?> <?php echo $bg_attahcment;?>;
+                background: <?php echo esc_attr($bg_color);?> url('<?php echo esc_url($bg_image); ?>') <?php echo esc_attr($bg_repeat);?> <?php echo esc_attr($bg_position);?> <?php echo esc_attr($bg_attahcment);?>;
             <?php endif ?>
         <?php else:
             if(!empty($bg_color)):
         ?>
-            background: <?php echo $bg_color;?>;
+            background: <?php echo esc_attr($bg_color);?>;
         <?php endif;endif; ?>
 
@@ -141 +141 @@
         <?php if(empty($bg_image) && !empty($bg_screenshot)): ;?>
             <?php $mshot = 'http://s.wordpress.com/mshots/v1/'. urlencode(home_url()) .'?w=1600'; ?>
-            background: <?php echo $bg_color; ?> url('<?php echo $mshot ?>') <?php echo $bg_repeat ?> <?php echo $bg_position ?> <?php echo $bg_attahcment ?> ;
+            background: <?php echo esc_attr($bg_color); ?> url('<?php echo esc_url($mshot); ?>') <?php echo esc_attr($bg_repeat); ?> <?php echo esc_attr($bg_position); ?> <?php echo esc_attr($bg_attahcment); ?> ;
             -webkit-background-size: cover;
             -moz-background-size: cover;
@@ -156 +156 @@
     <?php if ( !empty( $text_font ) ):?>
         .seed-csp4 body{
-            font-family: <?php echo SEED_S404F::get_font_family($text_font); ?>
+            font-family: <?php SEED_S404F::get_font_family($text_font); ?>
         }
 
         .seed-csp4 h1, .seed-csp4 h2, .seed-csp4 h3, .seed-csp4 h4, .seed-csp4 h5, .seed-csp4 h6{
-            font-family: <?php echo SEED_S404F::get_font_family($text_font); ?>
+            font-family: <?php SEED_S404F::get_font_family($text_font); ?>
         }
     <?php endif;?>
@@ -166 +166 @@
     <?php if ( !empty( $text_color ) ) { ?>
         .seed-csp4 body{
-            color:<?php echo $text_color;?>;
+            color:<?php echo esc_attr($text_color);?>;
         }
     <?php } ?>
@@ -177 +177 @@
     <?php if ( !empty( $headline_color ) ) { ?>
         .seed-csp4 h1, .seed-csp4 h2, .seed-csp4 h3, .seed-csp4 h4, .seed-csp4 h5, .seed-csp4 h6{
-            color:<?php echo $headline_color;?>;
+            color:<?php echo esc_attr($headline_color);?>;
         }
     <?php }?>
@@ -184 +184 @@
     <?php if ( !empty( $link_color ) ) { ?>
         .seed-csp4 a, .seed-csp4 a:visited, .seed-csp4 a:hover, .seed-csp4 a:active{
-            color:<?php echo $link_color;?>;
+            color:<?php echo esc_attr($link_color);?>;
         }
 
@@ -194 +194 @@
     <?php if(!empty($button_font['color'])){ ?>
         .seed-csp4 a, .seed-csp4 a:visited, .seed-csp4 a:hover, .seed-csp4 a:active{
-            color:<?php echo $button_font['color'];?>;
+            color:<?php echo esc_attr($button_font['color']);?>;
         }
 
         #goog-wm-sb, #wp-search-btn{
-            background: <?php echo $button_font['color'];?>;
+            background: <?php echo esc_attr($button_font['color']);?>;
         }
 
         <?php
 
+        $css_button_color_val = esc_attr($button_font['color']);
+
         $css = "
 
            #s404f-socialprofiles a{
-            color: {$button_font['color']};
+            color: {$css_button_color_val};
           }
 
@@ -259 +261 @@
             text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.3);
         }
-        @btnColor: {$button_font['color']};
+        @btnColor: {$css_button_color_val};
         @btnDarkColor: darken(@btnColor, 15%);
         #wp-search-btn, #goog-wm-sb, .seed-csp4 .btn-primary, .seed-csp4 .btn-primary:focus, .gform_button, #mc-embedded-subscribe, .mymail-wrapper .submit-button {
@@ -296 +298 @@
 
     } catch (Exception $e) {
-        _e('An error has occured. Please make sure you have entered the Text Color correctly.','seedprod');
+        esc_html_e('An error has occured. Please make sure you have entered the Text Color correctly.','404-page');
         die();
     }
@@ -313 +315 @@
     if(!empty($theme) && $theme != 'default' ){
 
-        $output .= '<link rel="stylesheet" href="'.apply_filters('seed_s404f_themes_url',SEED_S404F_PLUGIN_URL).'style.css">'."\n";
+        $output .= '<link rel="stylesheet" href="'.esc_url(apply_filters('seed_s404f_themes_url',SEED_S404F_PLUGIN_URL)).'style.css">'."\\n";
     }
 
@@ -325 +327 @@
         $output .= '<script src="'.$include_url.'js/jquery/jquery.js"></script>'."\n";
     }
-    $output .= '<script src="'.SEED_S404F_PLUGIN_URL.'themes/default/bootstrap/js/bootstrap.js"></script>'."\n";
+    $output .= '<script src="'.esc_url(SEED_S404F_PLUGIN_URL.'themes/default/bootstrap/js/bootstrap.js').'"></script>'."\\n";
 
     // Scripts
-    $output .= "<!-- Scripts -->\n";
-    $output .= '<script src="'.SEED_S404F_PLUGIN_URL.'themes/default/js/script.js"></script>'."\n";
+    $output .= "<!-- Scripts -->\\n";
+    $output .= '<script src="'.esc_url(SEED_S404F_PLUGIN_URL.'themes/default/js/script.js').'"></script>'."\\n";
 
     // Header Scripts
@@ -337 +339 @@
     }
 
-    $output .= "<!-- Modernizr -->\n";
-    $output .= '<script src="'.SEED_S404F_PLUGIN_URL.'themes/default/js/modernizr.min.js"></script>'."\n";
+    $output .= "<!-- Modernizr -->\\n";
+    $output .= '<script src="'.esc_url(SEED_S404F_PLUGIN_URL.'themes/default/js/modernizr.min.js').'"></script>'."\\n";
 
     $output = apply_filters('seed_s404f_head', $output);
@@ -422 +424 @@
     $output = '';
 
-    if(!empty($logo['url'])){
-        $output .= "<img id='s404f-logo' src='".esc_attr($logo)."'>";
+    if(!empty($logo)){
+        $output .= "<img id='s404f-logo' src='".esc_url($logo)."'>";
     }
 
@@ -444 +446 @@
 
     if(!empty($headline)){
-        $output .= '<h1 id="s404f-headline">'.$headline.'</h1>';
+        $output .= '<h1 id="s404f-headline">'.esc_html($headline).'</h1>';
     }
 
@@ -470 +472 @@
 
     if(!empty($description) && $is_post === false){
-        $content = $description;
+        $content = wp_kses_post($description);
         if(!empty($enable_wp_head_footer)){
             $content = apply_filters('the_content', $content);
@@ -510 +512 @@
         <form role='search' method='get' id='searchform' class='searchform' action='$home_url'>
         <div>
-        <input type='text' value='".get_search_query() ."' name='s' id='s' />
+        <input type='text' value='".esc_attr(get_search_query()) ."' name='s' id='s' />
         <input type='submit' id='wp-search-btn' value='Search' />
         </div>
@@ -522 +524 @@
 
     if ( $echo )
-    echo $output;
+        echo $output;
     else {
         return $output;
@@ -540 +542 @@
     $output .= '<div id="s404f-socialprofiles">';
     if(!empty($twitter_url)){
-        $output .= '<a href="'.$twitter_url.'" target="_blank"><i class="fa fa-twitter fa-2x"></i></a>';
+        $output .= '<a href="'.esc_url($twitter_url).'" target="_blank"><i class="fa fa-twitter fa-2x"></i></a>';
     }
     if(!empty($facebook_url)){
-        $output .= '<a href="'.$facebook_url.'" target="_blank"><i class="fa fa-facebook fa-2x"></i></a>';
+        $output .= '<a href="'.esc_url($facebook_url).'" target="_blank"><i class="fa fa-facebook fa-2x"></i></a>';
     }
 

404-page/trunk/lib/seed_s404f_lessc.inc.php

@@ -652 +652 @@
                         $subProp[0] == "assign" &&
                         is_string($subProp[1]) &&
-                        $subProp[1]{0} != $this->vPrefix)
+                        $subProp[1][0] != $this->vPrefix)
                     {
                         $subProp[2] = array(
@@ -1546 +1546 @@
         $parser = new seed_s404f_lessc_parser($this, __METHOD__);
         foreach ($args as $name => $strValue) {
-            if ($name{0} != '@') $name = '@'.$name;
+            if ($name[0] != '@') $name = '@'.$name;
             $parser->count = 0;
             $parser->buffer = (string)$strValue;
@@ -2202 +2202 @@
                 if (!isset($block->args)) {
                     foreach ($block->tags as $tag) {
-                        if (!is_string($tag) || $tag{0} != $this->seed_s404f_lessc->mPrefix) {
+                        if (!is_string($tag) || $tag[0] != $this->seed_s404f_lessc->mPrefix) {
                             $hidden = false;
                             break;
@@ -2256 +2256 @@
         // move @ tags out of variable namespace
         foreach ($tags as &$tag) {
-            if ($tag{0} == $this->seed_s404f_lessc->vPrefix)
+            if ($tag[0] == $this->seed_s404f_lessc->vPrefix)
                 $tag[0] = $this->seed_s404f_lessc->mPrefix;
         }
@@ -2949 +2949 @@
         if ($this->literal(';')) {
             return true;
-        } elseif ($this->count == strlen($this->buffer) || $this->buffer{$this->count} == '}') {
+        } elseif ($this->count == strlen($this->buffer) || $this->buffer[$this->count] == '}') {
             // if there is end of file or a closing block next then we don't need a ;
             return true;

404-page/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 3
 Tested up to: 4.8.0
-Stable tag: 1.0.1
+Stable tag: 1.0.3
 
 Creates a Custom 404 Page for your WordPress Site.