WordPress.org
Get WordPress

Plugin Directory

Changeset 3412359


Ignore:
Timestamp:
12/05/2025 03:30:42 PM (8 days ago)
Author:
bastho
Message:

Escape outputs in widget search

File:
1 edited

Legend:

Unmodified
Added
Removed

  • event-post/trunk/inc/deprecated/widget.search.php

    r3080998 r3412359  
    3131   function widget($args, $local_instance) {
    3232        if(!defined('ALLOW_DEPRECATED') || !ALLOW_DEPRECATED) {
    33             _deprecated_function(__FUNCTION__, '5.9.0', __('Legacy widgets have been deprecated. Consider using blocks instead.', 'event-post'));
     33            _deprecated_function(__FUNCTION__, '5.9.0', esc_html__('Legacy widgets have been deprecated. Consider using blocks instead.', 'event-post'));
    3434        }
    3535        extract( $args );
     
    5959        }
    6060
    61         echo $args['before_widget'];
     61        echo wp_kses($args['before_widget'], EventPost()->kses_tags);
    6262        if(!empty($instance['widgettitle'])){
    63             echo $args['before_title'];
     63            echo wp_kses($args['before_title'], EventPost()->kses_tags);
    6464            echo esc_html($instance['widgettitle']);
    6565            if(!empty($instance['cat']) && $instance['feed']){
    6666                $rss_link = admin_url('admin-ajax.php') . '?action=EventPostFeed&cat=' . $instance['cat'];
    67                 echo' <a href="' . esc_url($rss_link) . '" title="'.sprintf(__('feed of %s', 'event-post'), esc_attr($instance['cat'])).'"><span class="dashicons dashicons-rss"></span></a>';
     67                echo' <a href="' . esc_url($rss_link) . '" title="'.esc_attr(sprintf(__('feed of %s', 'event-post'), $instance['cat'])).'"><span class="dashicons dashicons-rss"></span></a>';
    6868            }
    69             echo $args['after_title'];
     69            echo wp_kses($args['after_title'], EventPost()->kses_tags);
    7070        }
    7171        $atts=array(
     
    7777            'order' => $order
    7878        );
    79         echo $EventPost->list_events($atts, 'event_list', 'widget');
    80         echo $args['after_widget'];
     79        echo wp_kses($EventPost->list_events($atts, 'event_list', 'widget'), EventPost()->kses_tags);
     80        echo wp_kses($args['after_widget'], EventPost()->kses_tags);
    8181   }
    8282
     
    9393        $thumbnail_sizes = $EventPost->get_thumbnail_sizes();
    9494       ?>
    95        <input type="hidden" id="<?php echo $this->get_field_id('widgettitle'); ?>-title" value="<?php echo $instance['widgettitle']; ?>">
     95       <input type="hidden" id="<?php echo esc_attr($this->get_field_id('widgettitle')); ?>-title" value="<?php echo esc_attr($instance['widgettitle']); ?>">
    9696       <p>
    97        <label for="<?php echo $this->get_field_id('widgettitle'); ?>"><?php _e('Title','event-post'); ?>
    98        <input class="widefat" id="<?php echo $this->get_field_id('widgettitle'); ?>" name="<?php echo $this->get_field_name('widgettitle'); ?>" type="text" value="<?php echo $instance['widgettitle']; ?>" />
     97            <label for="<?php echo esc_attr($this->get_field_id('widgettitle')); ?>"><?php esc_html_e('Title','event-post'); ?>
     98                <input class="widefat" id="<?php echo esc_attr($this->get_field_id('widgettitle')); ?>" name="<?php echo esc_attr($this->get_field_name('widgettitle')); ?>" type="text" value="<?php echo esc_attr($instance['widgettitle']); ?>" />
     99            </label>
     100       </p>
     101
     102       <p style="margin-top:10px;">
     103            <label for="<?php echo esc_attr($this->get_field_id('numberposts')); ?>"><?php esc_html_e('Number of posts','event-post'); ?>
     104                <input id="<?php echo esc_attr($this->get_field_id('numberposts')); ?>" name="<?php echo esc_attr($this->get_field_name('numberposts')); ?>" type="number" value="<?php echo esc_attr($instance['numberposts']); ?>" />
     105            </label> <?php esc_html_e('(-1 is no limit)','event-post'); ?>
     106       </p>
     107
     108
     109       <p style="margin-top:10px;">
     110            <label for="<?php echo esc_attr($this->get_field_id('future')); ?>">
     111                    <input id="<?php echo esc_attr($this->get_field_id('future')); ?>" name="<?php echo esc_attr($this->get_field_name('future')); ?>" type="checkbox" value="1" <?php checked($instance['future'], true, true); ?> />
     112                    <?php esc_html_e('Display future events','event-post'); ?>
     113            </label>
     114       </p>
     115       <p style="margin-top:10px;">
     116            <label for="<?php echo esc_attr($this->get_field_id('past')); ?>">
     117                    <input id="<?php echo esc_attr($this->get_field_id('past')); ?>" name="<?php echo esc_attr($this->get_field_name('past')); ?>" type="checkbox" value="1" <?php checked($instance['past'], true, true); ?> />
     118                    <?php esc_html_e('Display past events','event-post'); ?>
     119            </label>
     120       </p>
     121
     122       <p>
     123        <label for="<?php echo esc_attr($this->get_field_id('cat')); ?>">
     124            <span class="dashicons dashicons-category"></span>
     125                <?php esc_html_e('Only in:','event-post'); ?>
     126            <select  class="widefat" id="<?php echo esc_attr($this->get_field_id('cat')); ?>" name="<?php echo esc_attr($this->get_field_name('cat')); ?>">
     127                <option value=''><?php esc_html_e('All categories','event-post') ?></option>
     128        <?php foreach($cats as $_cat){ ?>
     129                <option value="<?php echo esc_attr($_cat->slug); ?>" <?php selected($_cat->slug, $instance['cat'], true); ?>><?php echo esc_html($_cat->cat_name); ?></option>
     130        <?php  }  ?>
     131        </select>
    99132       </label>
    100133       </p>
    101134
    102135       <p style="margin-top:10px;">
    103        <label for="<?php echo $this->get_field_id('numberposts'); ?>"><?php _e('Number of posts','event-post'); ?>
    104        <input id="<?php echo $this->get_field_id('numberposts'); ?>" name="<?php echo $this->get_field_name('numberposts'); ?>" type="number" value="<?php echo $instance['numberposts']; ?>" />
    105        </label> <?php _e('(-1 is no limit)','event-post'); ?>
    106        </p>
    107 
    108 
    109        <p style="margin-top:10px;">
    110        <label for="<?php echo $this->get_field_id('future'); ?>">
    111        <input id="<?php echo $this->get_field_id('future'); ?>" name="<?php echo $this->get_field_name('future'); ?>" type="checkbox" value="1" <?php checked($instance['future'], true, true); ?> />
    112        <?php _e('Display future events','event-post'); ?>
    113        </label>
    114        </p>
    115        <p style="margin-top:10px;">
    116        <label for="<?php echo $this->get_field_id('past'); ?>">
    117        <input id="<?php echo $this->get_field_id('past'); ?>" name="<?php echo $this->get_field_name('past'); ?>" type="checkbox" value="1" <?php checked($instance['past'], true, true); ?> />
    118        <?php _e('Display past events','event-post'); ?>
    119        </label>
    120        </p>
    121 
    122        <p>
    123         <label for="<?php echo $this->get_field_id('cat'); ?>">
    124             <span class="dashicons dashicons-category"></span>
    125                 <?php _e('Only in:','event-post'); ?>
    126         <select  class="widefat" id="<?php echo $this->get_field_id('cat'); ?>" name="<?php echo $this->get_field_name('cat'); ?>">
    127             <option value=''><?php _e('All categories','event-post') ?></option>
    128        <?php foreach($cats as $_cat){ ?>
    129         <option value="<?php echo $_cat->slug; ?>" <?php selected($_cat->slug, $instance['cat'], true); ?>><?php echo $_cat->cat_name; ?></option>
    130        <?php  }  ?>
    131        </select>
    132        </label>
    133        </p>
    134 
    135        <p style="margin-top:10px;">
    136        <label for="<?php echo $this->get_field_id('feed'); ?>">
    137        <input id="<?php echo $this->get_field_id('feed'); ?>" name="<?php echo $this->get_field_name('feed'); ?>" type="checkbox" value="1" <?php checked($instance['feed'], true, true); ?> />
    138        <?php _e('Show category ICS link','event-post'); ?>
     136       <label for="<?php echo esc_attr($this->get_field_id('feed')); ?>">
     137            <input id="<?php echo esc_attr($this->get_field_id('feed')); ?>" name="<?php echo esc_attr($this->get_field_name('feed')); ?>" type="checkbox" value="1" <?php checked($instance['feed'], true, true); ?> />
     138            <?php esc_html_e('Show category ICS link','event-post'); ?>
    139139       </label>
    140140       </p>
     
    142142
    143143       <p>
    144         <label for="<?php echo $this->get_field_id('tag'); ?>">
     144        <label for="<?php echo esc_attr($this->get_field_id('tag')); ?>">
    145145            <span class="dashicons dashicons-tag"></span>
    146             <?php _e('Only in:','event-post'); ?>
    147         <select  class="widefat" id="<?php echo $this->get_field_id('tag'); ?>" name="<?php echo $this->get_field_name('tag'); ?>">
    148             <option value=''><?php _e('All tags','event-post') ?></option>
    149        <?php foreach($tags as $_tag){?>
    150         <option value="<?php echo $_tag->slug; ?>" <?php selected($_tag->slug, $instance['tag'], true); ?>><?php echo $_tag->name; ?></option>
    151        <?php  }  ?>
    152        </select>
     146            <?php esc_html_e('Only in:','event-post'); ?>
     147            <select  class="widefat" id="<?php echo esc_attr($this->get_field_id('tag')); ?>" name="<?php echo esc_attr($this->get_field_name('tag')); ?>">
     148                <option value=''><?php esc_html_e('All tags','event-post') ?></option>
     149        <?php foreach($tags as $_tag){?>
     150                <option value="<?php echo esc_attr($_tag->slug); ?>" <?php selected($_tag->slug, $instance['tag'], true); ?>><?php echo esc_html($_tag->name); ?></option>
     151        <?php  }  ?>
     152        </select>
    153153       </label>
    154154       </p>
     
    156156       <hr>
    157157       <p style="margin-top:10px;">
    158        <label for="<?php echo $this->get_field_id('thumbnail'); ?>">
    159        <input id="<?php echo $this->get_field_id('thumbnail'); ?>" name="<?php echo $this->get_field_name('thumbnail'); ?>" type="checkbox" value="1" <?php checked($instance['thumbnail'], true, true); ?> />
    160        <?php _e('Show thumbnails','event-post'); ?>
     158       <label for="<?php echo esc_attr($this->get_field_id('thumbnail')); ?>">
     159            <input id="<?php echo esc_attr($this->get_field_id('thumbnail')); ?>" name="<?php echo esc_attr($this->get_field_name('thumbnail')); ?>" type="checkbox" value="1" <?php checked($instance['thumbnail'], true, true); ?> />
     160            <?php esc_html_e('Show thumbnails','event-post'); ?>
    161161       </label>
    162162       </p>
    163163       <p>
    164         <label for="<?php echo $this->get_field_id('thumbnail_size'); ?>">
    165             <?php _e('Thumbnail size:','event-post'); ?>
    166         <select  class="widefat" id="<?php echo $this->get_field_id('thumbnail_size'); ?>" name="<?php echo $this->get_field_name('thumbnail_size'); ?>">
     164        <label for="<?php echo esc_attr($this->get_field_id('thumbnail_size')); ?>">
     165            <?php esc_html_e('Thumbnail size:','event-post'); ?>
     166        <select  class="widefat" id="<?php echo esc_attr($this->get_field_id('thumbnail_size')); ?>" name="<?php echo esc_attr($this->get_field_name('thumbnail_size')); ?>">
    167167            <option value=''></option>
    168168       <?php foreach($thumbnail_sizes as $size){?>
    169         <option value="<?php echo $size; ?>" <?php selected($size, $instance['thumbnail_size'], true); ?>><?php echo $size; ?></option>
     169            <option value="<?php echo esc_attr($size); ?>" <?php selected($size, $instance['thumbnail_size'], true); ?>><?php echo esc_html($size); ?></option>
    170170       <?php  }  ?>
    171171       </select>
     
    175175
    176176       <p style="margin-top:10px;">
    177        <label for="<?php echo $this->get_field_id('excerpt'); ?>">
    178        <input id="<?php echo $this->get_field_id('excerpt'); ?>" name="<?php echo $this->get_field_name('excerpt'); ?>" type="checkbox" value="1" <?php checked($instance['excerpt'], true, true); ?> />
    179        <?php _e('Show excerpt','event-post'); ?>
     177       <label for="<?php echo esc_attr($this->get_field_id('excerpt')); ?>">
     178       <input id="<?php echo esc_attr($this->get_field_id('excerpt')); ?>" name="<?php echo esc_attr($this->get_field_name('excerpt')); ?>" type="checkbox" value="1" <?php checked($instance['excerpt'], true, true); ?> />
     179       <?php esc_html_e('Show excerpt','event-post'); ?>
    180180       </label>
    181181       </p>
    182182
    183183       <p>
    184         <label for="<?php echo $this->get_field_id('order'); ?>">
    185             <?php _e('Order:','event-post'); ?>
    186         <select  class="widefat" id="<?php echo $this->get_field_id('order'); ?>" name="<?php echo $this->get_field_name('order'); ?>">
    187             <option value='DESC' <?php selected('DESC', $instance['order'], true); ?>><?php _e('Reverse chronological','event-post') ?></option>
    188                 <option value='ASC' <?php selected('ASC', $instance['order'], true); ?>><?php _e('Chronological','event-post') ?></option>
    189        </select>
     184        <label for="<?php echo esc_attr($this->get_field_id('order')); ?>">
     185            <?php esc_html_e('Order:','event-post'); ?>
     186            <select  class="widefat" id="<?php echo esc_attr($this->get_field_id('order')); ?>" name="<?php echo esc_attr($this->get_field_name('order')); ?>">
     187                <option value='DESC' <?php selected('DESC', $instance['order'], true); ?>><?php esc_html_e('Reverse chronological','event-post') ?></option>
     188                <option value='ASC' <?php selected('ASC', $instance['order'], true); ?>><?php esc_html_e('Chronological','event-post') ?></option>
     189            </select>
    190190       </label>
    191191       </p>
Note: See TracChangeset for help on using the changeset viewer.