WordPress.org
Get WordPress

Plugin Directory

Changeset 3412365


Ignore:
Timestamp:
12/05/2025 03:38:22 PM (8 days ago)
Author:
bastho
Message:

Escape outputs in taxonomy page

Location:
event-post/trunk/inc
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • event-post/trunk/inc/class-taxonomies.php

    r3368287 r3412365  
    4242    foreach($fields as $field => $components){
    4343      ?>
    44       <div class="form-field event-color-section <?php echo $field ?>-wrap">
    45         <?php echo $components['label']?>
    46         <?php echo $components['field']?>
    47         <p><?php echo $components['desc'] ?></p>
     44      <div class="form-field event-color-section <?php echo esc_attr($field) ?>-wrap">
     45        <?php echo wp_kses($components['label'], EventPost()->kses_tags)?>
     46        <?php echo wp_kses($components['field'], EventPost()->kses_tags)?>
     47        <p><?php echo esc_html($components['desc']) ?></p>
    4848      </div>
    4949      <?php
     
    8383    foreach($fields as $field => $components){
    8484      ?>
    85       <tr class='form-field <?php echo $field ?>-wrap'>
     85      <tr class='form-field <?php echo esc_attr($field) ?>-wrap'>
    8686        <th scope='row' valign='top'>
    87           <?php echo $components['label']?>
     87          <?php echo wp_kses($components['label'], EventPost()->kses_tags)?>
    8888        </th>
    8989        <td>
    90           <?php echo $components['field']?>
    91           <p class='description'><?php echo $components['desc'] ?></p>
     90          <?php echo wp_kses($components['field'], EventPost()->kses_tags); ?>
     91          <p class='description'><?php echo esc_html($components['desc']) ?></p>
    9292        </td>
    9393      </tr>
     
    114114      $icon = $this->get_taxonomy_icon($term_id, "location");
    115115      $color = $this->get_taxonomy_color($term_id, "#000000");
    116         echo '<span class="dashicons dashicons-'.$icon.'" style="color : #'.$color.'"></span>';
     116        echo '<span class="dashicons dashicons-'.esc_attr($icon).'" style="color : #'.esc_attr($color).'"></span>';
    117117    }
    118118    return $content;

  • event-post/trunk/inc/export/ics.php

    r3368287 r3412365  
    7171        $props[] =  'END:VCALENDAR';
    7272
    73     echo implode($separator, $props);
     73    echo wp_kses_post(implode($separator, $props));
    7474}
Note: See TracChangeset for help on using the changeset viewer.