Changeset 3368635
- Timestamp:
- 09/26/2025 06:04:46 PM (4 months ago)
- Location:
- team-members
- Files:
-
- 6 edited
-
tags/5.3.6/inc/tmm-metaboxes-members.php (modified) (1 diff)
-
tags/5.3.6/inc/tmm-metaboxes-settings.php (modified) (5 diffs)
-
tags/5.3.6/inc/tmm-shortcode.php (modified) (5 diffs)
-
trunk/inc/tmm-metaboxes-members.php (modified) (1 diff)
-
trunk/inc/tmm-metaboxes-settings.php (modified) (5 diffs)
-
trunk/inc/tmm-shortcode.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
team-members/tags/5.3.6/inc/tmm-metaboxes-members.php
r3364663 r3368635 110 110 switch ($field) { 111 111 default: 112 $member[$field] = (isset($team_member[$field])) ? esc_attr($team_member[$field]): '';112 $member[$field] = (isset($team_member[$field])) ? $team_member[$field] : ''; 113 113 break; 114 114 } -
team-members/tags/5.3.6/inc/tmm-metaboxes-settings.php
r3364663 r3368635 139 139 <select class="dmb_side_select" name="team_columns"> 140 140 <?php foreach ($team_columns as $label => $value) { ?> 141 <option value="<?php echo wp_kses_post($value); ?>"141 <option value="<?php echo esc_attr($value); ?>" 142 142 <?php selected((isset($settings['_tmm_columns'])) ? $settings['_tmm_columns'] : '3', $value); ?>> 143 143 <?php echo esc_attr($label); ?> … … 154 154 <select class="dmb_side_select" name="team_piclink_beh"> 155 155 <?php foreach ($team_piclink_beh as $label => $value) { ?> 156 <option value="<?php echo wp_kses_post($value); ?>"156 <option value="<?php echo esc_attr($value); ?>" 157 157 <?php selected((isset($settings['_tmm_piclink_beh'])) ? $settings['_tmm_piclink_beh'] : 'new', $value); ?>> 158 158 <?php echo esc_attr($label); ?> … … 173 173 <select class="dmb_side_select" name="team_display_order"> 174 174 <?php foreach ($team_display_order as $label => $value) { ?> 175 <option value="<?php echo wp_kses_post($value); ?>"175 <option value="<?php echo esc_attr($value); ?>" 176 176 <?php selected((isset($settings['_tmm_display_order'])) ? $settings['_tmm_display_order'] : 'default', $value); ?>> 177 <?php e sc_attr($label); ?>177 <?php echo esc_attr($label); ?> 178 178 </option> 179 179 <?php } ?> … … 188 188 <select class="dmb_side_select" name="team_force_font"> 189 189 <?php foreach ($team_force_font as $label => $value) { ?> 190 <option value="<?php echo wp_kses_post($value); ?>"190 <option value="<?php echo esc_attr($value); ?>" 191 191 <?php selected((isset($settings['_tmm_original_font'])) ? $settings['_tmm_original_font'] : 'yes', $value); ?>> 192 192 <?php echo esc_attr($label); ?> … … 202 202 </div> 203 203 <input class="dmb_color_picker dmb_field dmb_color_of_team" name="team_color" type="text" 204 value="<?php echo (isset($settings['_tmm_color'])) ? wp_kses_post(esc_attr($settings['_tmm_color'])) : '#333333'; ?>" />204 value="<?php echo (isset($settings['_tmm_color'])) ? esc_attr($settings['_tmm_color']) : '#333333'; ?>" /> 205 205 </div> 206 206 -
team-members/tags/5.3.6/inc/tmm-shortcode.php
r3364663 r3368635 32 32 /* Checks if member links open in new window. */ 33 33 $tmm_piclink_beh = get_post_meta($post->ID, '_tmm_piclink_beh', true); 34 'new' == $tmm_piclink_beh ? $tmm_plb = 'target="_blank" ' : $tmm_plb = '';34 'new' == $tmm_piclink_beh ? $tmm_plb = 'target="_blank" rel="noopener noreferrer"' : $tmm_plb = ''; 35 35 36 36 /* Checks if forcing original fonts. */ … … 47 47 48 48 $team_view .= '<div class="tmm tmm_'.esc_attr($name).'">'; 49 $team_view .= '<div class="tmm_'.esc_attr($tmm_columns).'_columns tmm_wrap '.$ori_f.'">'; 49 $allowed_columns = array('1','2','3','4','5'); 50 $safe_columns = in_array((string) $tmm_columns, $allowed_columns, true) ? (string) $tmm_columns : '3'; 51 $team_view .= '<div class="tmm_'.esc_attr($safe_columns).'_columns tmm_wrap '.$ori_f.'">'; 50 52 51 53 if (is_array($members) || is_object($members)) { … … 56 58 $team_view .= '<span class="tmm_two_containers_tablet"></span>'; 57 59 } 58 if (0 == $key % $tmm_columns) {60 if (0 == $key % (int) $safe_columns) { 59 61 /* Checks if first div of group and closes. */ 60 62 if ($key > 0) { … … 73 75 74 76 if (!empty($member['_tmm_photo'])) { 75 $team_view .= '<div class="tmm_photo tmm_pic_'. $name.'_'.$key.'" style="background: url('.esc_url($member['_tmm_photo']).'); margin-left: auto; margin-right:auto; background-size:cover !important;"></div>';77 $team_view .= '<div class="tmm_photo tmm_pic_'.sanitize_html_class($name).'_'.absint($key).'" style="background: url('.esc_url($member['_tmm_photo']).'); margin-left: auto; margin-right:auto; background-size:cover !important;"></div>'; 76 78 } 77 79 … … 110 112 if ('nada' != $member['_tmm_sc_type'.$i]) { 111 113 if ('email' == $member['_tmm_sc_type'.$i]) { 112 $team_view .= '<a class="tmm_sociallink" href=" mailto:'.(!empty($member['_tmm_sc_url'.$i]) ? esc_attr($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.plugins_url('img/links/', __FILE__).esc_attr($member['_tmm_sc_type'.$i]).'.png"/></a>';114 $team_view .= '<a class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url('mailto:'.antispambot($member['_tmm_sc_url'.$i])) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.esc_url(plugins_url('img/links/'.sanitize_key($member['_tmm_sc_type'.$i]).'.png', __FILE__)).'"/></a>'; 113 115 } elseif ('phone' == $member['_tmm_sc_type'.$i]) { 114 $team_view .= '<a class="tmm_sociallink" href=" tel:'.(!empty($member['_tmm_sc_url'.$i]) ? esc_attr($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.plugins_url('img/links/', __FILE__).esc_attr($member['_tmm_sc_type'.$i]).'.png"/></a>';116 $team_view .= '<a class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url('tel:'.preg_replace('/[^0-9+]/', '', $member['_tmm_sc_url'.$i])) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.esc_url(plugins_url('img/links/'.sanitize_key($member['_tmm_sc_type'.$i]).'.png', __FILE__)).'"/></a>'; 115 117 } else { 116 $team_view .= '<a target="_blank" class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'. plugins_url('img/links/', __FILE__).esc_attr($member['_tmm_sc_type'.$i]).'.png"/></a>';118 $team_view .= '<a target="_blank" class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.esc_url(plugins_url('img/links/'.sanitize_key($member['_tmm_sc_type'.$i]).'.png', __FILE__)).'"/></a>'; 117 119 } 118 120 } -
team-members/trunk/inc/tmm-metaboxes-members.php
r3364663 r3368635 110 110 switch ($field) { 111 111 default: 112 $member[$field] = (isset($team_member[$field])) ? esc_attr($team_member[$field]): '';112 $member[$field] = (isset($team_member[$field])) ? $team_member[$field] : ''; 113 113 break; 114 114 } -
team-members/trunk/inc/tmm-metaboxes-settings.php
r3364663 r3368635 139 139 <select class="dmb_side_select" name="team_columns"> 140 140 <?php foreach ($team_columns as $label => $value) { ?> 141 <option value="<?php echo wp_kses_post($value); ?>"141 <option value="<?php echo esc_attr($value); ?>" 142 142 <?php selected((isset($settings['_tmm_columns'])) ? $settings['_tmm_columns'] : '3', $value); ?>> 143 143 <?php echo esc_attr($label); ?> … … 154 154 <select class="dmb_side_select" name="team_piclink_beh"> 155 155 <?php foreach ($team_piclink_beh as $label => $value) { ?> 156 <option value="<?php echo wp_kses_post($value); ?>"156 <option value="<?php echo esc_attr($value); ?>" 157 157 <?php selected((isset($settings['_tmm_piclink_beh'])) ? $settings['_tmm_piclink_beh'] : 'new', $value); ?>> 158 158 <?php echo esc_attr($label); ?> … … 173 173 <select class="dmb_side_select" name="team_display_order"> 174 174 <?php foreach ($team_display_order as $label => $value) { ?> 175 <option value="<?php echo wp_kses_post($value); ?>"175 <option value="<?php echo esc_attr($value); ?>" 176 176 <?php selected((isset($settings['_tmm_display_order'])) ? $settings['_tmm_display_order'] : 'default', $value); ?>> 177 <?php e sc_attr($label); ?>177 <?php echo esc_attr($label); ?> 178 178 </option> 179 179 <?php } ?> … … 188 188 <select class="dmb_side_select" name="team_force_font"> 189 189 <?php foreach ($team_force_font as $label => $value) { ?> 190 <option value="<?php echo wp_kses_post($value); ?>"190 <option value="<?php echo esc_attr($value); ?>" 191 191 <?php selected((isset($settings['_tmm_original_font'])) ? $settings['_tmm_original_font'] : 'yes', $value); ?>> 192 192 <?php echo esc_attr($label); ?> … … 202 202 </div> 203 203 <input class="dmb_color_picker dmb_field dmb_color_of_team" name="team_color" type="text" 204 value="<?php echo (isset($settings['_tmm_color'])) ? wp_kses_post(esc_attr($settings['_tmm_color'])) : '#333333'; ?>" />204 value="<?php echo (isset($settings['_tmm_color'])) ? esc_attr($settings['_tmm_color']) : '#333333'; ?>" /> 205 205 </div> 206 206 -
team-members/trunk/inc/tmm-shortcode.php
r3364663 r3368635 32 32 /* Checks if member links open in new window. */ 33 33 $tmm_piclink_beh = get_post_meta($post->ID, '_tmm_piclink_beh', true); 34 'new' == $tmm_piclink_beh ? $tmm_plb = 'target="_blank" ' : $tmm_plb = '';34 'new' == $tmm_piclink_beh ? $tmm_plb = 'target="_blank" rel="noopener noreferrer"' : $tmm_plb = ''; 35 35 36 36 /* Checks if forcing original fonts. */ … … 47 47 48 48 $team_view .= '<div class="tmm tmm_'.esc_attr($name).'">'; 49 $team_view .= '<div class="tmm_'.esc_attr($tmm_columns).'_columns tmm_wrap '.$ori_f.'">'; 49 $allowed_columns = array('1','2','3','4','5'); 50 $safe_columns = in_array((string) $tmm_columns, $allowed_columns, true) ? (string) $tmm_columns : '3'; 51 $team_view .= '<div class="tmm_'.esc_attr($safe_columns).'_columns tmm_wrap '.$ori_f.'">'; 50 52 51 53 if (is_array($members) || is_object($members)) { … … 56 58 $team_view .= '<span class="tmm_two_containers_tablet"></span>'; 57 59 } 58 if (0 == $key % $tmm_columns) {60 if (0 == $key % (int) $safe_columns) { 59 61 /* Checks if first div of group and closes. */ 60 62 if ($key > 0) { … … 73 75 74 76 if (!empty($member['_tmm_photo'])) { 75 $team_view .= '<div class="tmm_photo tmm_pic_'. $name.'_'.$key.'" style="background: url('.esc_url($member['_tmm_photo']).'); margin-left: auto; margin-right:auto; background-size:cover !important;"></div>';77 $team_view .= '<div class="tmm_photo tmm_pic_'.sanitize_html_class($name).'_'.absint($key).'" style="background: url('.esc_url($member['_tmm_photo']).'); margin-left: auto; margin-right:auto; background-size:cover !important;"></div>'; 76 78 } 77 79 … … 110 112 if ('nada' != $member['_tmm_sc_type'.$i]) { 111 113 if ('email' == $member['_tmm_sc_type'.$i]) { 112 $team_view .= '<a class="tmm_sociallink" href=" mailto:'.(!empty($member['_tmm_sc_url'.$i]) ? esc_attr($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.plugins_url('img/links/', __FILE__).esc_attr($member['_tmm_sc_type'.$i]).'.png"/></a>';114 $team_view .= '<a class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url('mailto:'.antispambot($member['_tmm_sc_url'.$i])) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.esc_url(plugins_url('img/links/'.sanitize_key($member['_tmm_sc_type'.$i]).'.png', __FILE__)).'"/></a>'; 113 115 } elseif ('phone' == $member['_tmm_sc_type'.$i]) { 114 $team_view .= '<a class="tmm_sociallink" href=" tel:'.(!empty($member['_tmm_sc_url'.$i]) ? esc_attr($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.plugins_url('img/links/', __FILE__).esc_attr($member['_tmm_sc_type'.$i]).'.png"/></a>';116 $team_view .= '<a class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url('tel:'.preg_replace('/[^0-9+]/', '', $member['_tmm_sc_url'.$i])) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.esc_url(plugins_url('img/links/'.sanitize_key($member['_tmm_sc_type'.$i]).'.png', __FILE__)).'"/></a>'; 115 117 } else { 116 $team_view .= '<a target="_blank" class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'. plugins_url('img/links/', __FILE__).esc_attr($member['_tmm_sc_type'.$i]).'.png"/></a>';118 $team_view .= '<a target="_blank" class="tmm_sociallink" href="'.(!empty($member['_tmm_sc_url'.$i]) ? esc_url($member['_tmm_sc_url'.$i]) : '').'" title="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'"><img alt="'.(!empty($member['_tmm_sc_title'.$i]) ? esc_attr($member['_tmm_sc_title'.$i]) : '').'" src="'.esc_url(plugins_url('img/links/'.sanitize_key($member['_tmm_sc_type'.$i]).'.png', __FILE__)).'"/></a>'; 117 119 } 118 120 }
Note: See TracChangeset
for help on using the changeset viewer.