Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make product name escaping consistent in the front-end

This commit is contained in:
Nestor Soriano 2021-03-30 11:04:44 +02:00
parent 6b6cf0b90a
commit 0045df2cb0
7 changed files with 35 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
includes/class-wc-structured-data.php
View File

@ -198,7 +198,7 @@ class WC_Structured_Data {
$markup = array( $markup = array(
'@type' => 'Product', '@type' => 'Product',
'@id' => $permalink . '#product', // Append '#product' to differentiate between this @id and the @id generated for the Breadcrumblist. '@id' => $permalink . '#product', // Append '#product' to differentiate between this @id and the @id generated for the Breadcrumblist.
'name' => $product->get_name(), 'name' => wp_kses_post( $product->get_name() ),
'url' => $permalink, 'url' => $permalink,
'description' => wp_strip_all_tags( do_shortcode( $product->get_short_description() ? $product->get_short_description() : $product->get_description() ) ), 'description' => wp_strip_all_tags( do_shortcode( $product->get_short_description() ? $product->get_short_description() : $product->get_description() ) ),
); );
@ -477,7 +477,7 @@ class WC_Structured_Data {
), ),
'itemOffered' => array( 'itemOffered' => array(
'@type' => 'Product', '@type' => 'Product',
'name' => apply_filters( 'woocommerce_order_item_name', $item->get_name(), $item, $is_visible ), 'name' => wp_kses_post( apply_filters( 'woocommerce_order_item_name', $item->get_name(), $item, $is_visible ) ),
'sku' => $product_exists ? $product->get_sku() : '', 'sku' => $product_exists ? $product->get_sku() : '',
'image' => $product_exists ? wp_get_attachment_image_url( $product->get_image_id() ) : '', 'image' => $product_exists ? wp_get_attachment_image_url( $product->get_image_id() ) : '',
'url' => $is_visible ? get_permalink( $product->get_id() ) : get_home_url(), 'url' => $is_visible ? get_permalink( $product->get_id() ) : get_home_url(),

6
templates/cart/mini-cart.php
View File

@ -14,7 +14,7 @@
* *
* @see https://docs.woocommerce.com/document/template-structure/ * @see https://docs.woocommerce.com/document/template-structure/
* @package WooCommerce\Templates * @package WooCommerce\Templates
* @version 3.7.0 * @version 5.2.0
*/ */
defined( 'ABSPATH' ) || exit; defined( 'ABSPATH' ) || exit;
@ -53,10 +53,10 @@ do_action( 'woocommerce_before_mini_cart' ); ?>
); );
?> ?>
<?php if ( empty( $product_permalink ) ) : ?> <?php if ( empty( $product_permalink ) ) : ?>
<?php echo $thumbnail . $product_name; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> <?php echo $thumbnail . wp_kses_post( $product_name ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
<?php else : ?> <?php else : ?>
<a href="<?php echo esc_url( $product_permalink ); ?>"> <a href="<?php echo esc_url( $product_permalink ); ?>">
<?php echo $thumbnail . $product_name; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> <?php echo $thumbnail . wp_kses_post( $product_name ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
</a> </a>
<?php endif; ?> <?php endif; ?>
<?php echo wc_get_formatted_cart_item_data( $cart_item ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> <?php echo wc_get_formatted_cart_item_data( $cart_item ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>

4
templates/checkout/form-pay.php
View File

@ -12,7 +12,7 @@
* *
* @see https://docs.woocommerce.com/document/template-structure/ * @see https://docs.woocommerce.com/document/template-structure/
* @package WooCommerce\Templates * @package WooCommerce\Templates
* @version 3.4.0 * @version 5.2.0
*/ */
defined( 'ABSPATH' ) || exit; defined( 'ABSPATH' ) || exit;
@ -40,7 +40,7 @@ $totals = $order->get_order_item_totals(); // phpcs:ignore WordPress.WP.GlobalVa
<tr class="<?php echo esc_attr( apply_filters( 'woocommerce_order_item_class', 'order_item', $item, $order ) ); ?>"> <tr class="<?php echo esc_attr( apply_filters( 'woocommerce_order_item_class', 'order_item', $item, $order ) ); ?>">
<td class="product-name"> <td class="product-name">
<?php <?php
echo apply_filters( 'woocommerce_order_item_name', esc_html( $item->get_name() ), $item, false ); // @codingStandardsIgnoreLine echo wp_kses_post( apply_filters( 'woocommerce_order_item_name', $item->get_name(), $item, false ) );
do_action( 'woocommerce_order_item_meta_start', $item_id, $item, $order, false ); do_action( 'woocommerce_order_item_meta_start', $item_id, $item, $order, false );

4
templates/checkout/review-order.php
View File

@ -12,7 +12,7 @@
* *
* @see https://docs.woocommerce.com/document/template-structure/ * @see https://docs.woocommerce.com/document/template-structure/
* @package WooCommerce\Templates * @package WooCommerce\Templates
* @version 3.8.0 * @version 5.2.0
*/ */
defined( 'ABSPATH' ) || exit; defined( 'ABSPATH' ) || exit;
@ -35,7 +35,7 @@ defined( 'ABSPATH' ) || exit;
?> ?>
<tr class="<?php echo esc_attr( apply_filters( 'woocommerce_cart_item_class', 'cart_item', $cart_item, $cart_item_key ) ); ?>"> <tr class="<?php echo esc_attr( apply_filters( 'woocommerce_cart_item_class', 'cart_item', $cart_item, $cart_item_key ) ); ?>">
<td class="product-name"> <td class="product-name">
<?php echo apply_filters( 'woocommerce_cart_item_name', $_product->get_name(), $cart_item, $cart_item_key ) . '&nbsp;'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> <?php echo wp_kses_post( apply_filters( 'woocommerce_cart_item_name', $_product->get_name(), $cart_item, $cart_item_key ) ) . '&nbsp;'; ?>
<?php echo apply_filters( 'woocommerce_checkout_cart_item_quantity', ' <strong class="product-quantity">' . sprintf( '&times;&nbsp;%s', $cart_item['quantity'] ) . '</strong>', $cart_item, $cart_item_key ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> <?php echo apply_filters( 'woocommerce_checkout_cart_item_quantity', ' <strong class="product-quantity">' . sprintf( '&times;&nbsp;%s', $cart_item['quantity'] ) . '</strong>', $cart_item, $cart_item_key ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
<?php echo wc_get_formatted_cart_item_data( $cart_item ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> <?php echo wc_get_formatted_cart_item_data( $cart_item ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
</td> </td>

17
templates/content-widget-reviews.php
View File

@ -21,14 +21,27 @@ defined( 'ABSPATH' ) || exit;
<li> <li>
<?php do_action( 'woocommerce_widget_product_review_item_start', $args ); ?> <?php do_action( 'woocommerce_widget_product_review_item_start', $args ); ?>
<?php
// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
?>
<a href="<?php echo esc_url( get_comment_link( $comment->comment_ID ) ); ?>"> <a href="<?php echo esc_url( get_comment_link( $comment->comment_ID ) ); ?>">
<?php echo $product->get_image(); ?> <?php echo $product->get_image(); ?>
<span class="product-title"><?php echo $product->get_name(); ?></span> <span class="product-title"><?php echo wp_kses_post( $product->get_name() ); ?></span>
</a> </a>
<?php echo wc_get_rating_html( intval( get_comment_meta( $comment->comment_ID, 'rating', true ) ) ); ?> <?php echo wc_get_rating_html( intval( get_comment_meta( $comment->comment_ID, 'rating', true ) ) ); ?>
<span class="reviewer"><?php echo sprintf( esc_html__( 'by %s', 'woocommerce' ), get_comment_author( $comment->comment_ID ) ); ?></span> <span class="reviewer">
<?php
/* translators: %s: Comment author. */
echo sprintf( esc_html__( 'by %s', 'woocommerce' ), get_comment_author( $comment->comment_ID ) );
?>
</span>
<?php
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
?>
<?php do_action( 'woocommerce_widget_product_review_item_end', $args ); ?> <?php do_action( 'woocommerce_widget_product_review_item_end', $args ); ?>
</li> </li>

15
templates/emails/plain/email-order-items.php
View File

@ -12,11 +12,11 @@
* *
* @see https://docs.woocommerce.com/document/template-structure/ * @see https://docs.woocommerce.com/document/template-structure/
* @package WooCommerce\Templates\Emails\Plain * @package WooCommerce\Templates\Emails\Plain
* @version 3.7.0 * @version 5.2.0
*/ */
if ( ! defined( 'ABSPATH' ) ) { if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly exit; // Exit if accessed directly.
} }
foreach ( $items as $item_id => $item ) : foreach ( $items as $item_id => $item ) :
@ -30,15 +30,18 @@ foreach ( $items as $item_id => $item ) :
$purchase_note = $product->get_purchase_note(); $purchase_note = $product->get_purchase_note();
} }
echo apply_filters( 'woocommerce_order_item_name', $item->get_name(), $item, false ); // phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
echo wp_kses_post( apply_filters( 'woocommerce_order_item_name', $item->get_name(), $item, false ) );
if ( $show_sku && $sku ) { if ( $show_sku && $sku ) {
echo ' (#' . $sku . ')'; echo ' (#' . $sku . ')';
} }
echo ' X ' . apply_filters( 'woocommerce_email_order_item_quantity', $item->get_quantity(), $item ); echo ' X ' . apply_filters( 'woocommerce_email_order_item_quantity', $item->get_quantity(), $item );
echo ' = ' . $order->get_formatted_line_subtotal( $item ) . "\n"; echo ' = ' . $order->get_formatted_line_subtotal( $item ) . "\n";
// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
// allow other plugins to add additional product information here // allow other plugins to add additional product information here.
do_action( 'woocommerce_order_item_meta_start', $item_id, $item, $order, $plain_text ); do_action( 'woocommerce_order_item_meta_start', $item_id, $item, $order, $plain_text );
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
echo strip_tags( echo strip_tags(
wc_display_item_meta( wc_display_item_meta(
$item, $item,
@ -52,10 +55,10 @@ foreach ( $items as $item_id => $item ) :
) )
); );
// allow other plugins to add additional product information here // allow other plugins to add additional product information here.
do_action( 'woocommerce_order_item_meta_end', $item_id, $item, $order, $plain_text ); do_action( 'woocommerce_order_item_meta_end', $item_id, $item, $order, $plain_text );
} }
// Note // Note.
if ( $show_purchase_note && $purchase_note ) { if ( $show_purchase_note && $purchase_note ) {
echo "\n" . do_shortcode( wp_kses_post( $purchase_note ) ); echo "\n" . do_shortcode( wp_kses_post( $purchase_note ) );
} }

4
templates/order/order-details-item.php
View File

@ -12,7 +12,7 @@
* *
* @see https://docs.woocommerce.com/document/template-structure/ * @see https://docs.woocommerce.com/document/template-structure/
* @package WooCommerce\Templates * @package WooCommerce\Templates
* @version 3.7.0 * @version 5.2.0
*/ */
if ( ! defined( 'ABSPATH' ) ) { if ( ! defined( 'ABSPATH' ) ) {
@ -30,7 +30,7 @@ if ( ! apply_filters( 'woocommerce_order_item_visible', true, $item ) ) {
$is_visible = $product && $product->is_visible(); $is_visible = $product && $product->is_visible();
$product_permalink = apply_filters( 'woocommerce_order_item_permalink', $is_visible ? $product->get_permalink( $item ) : '', $item, $order ); $product_permalink = apply_filters( 'woocommerce_order_item_permalink', $is_visible ? $product->get_permalink( $item ) : '', $item, $order );
echo apply_filters( 'woocommerce_order_item_name', $product_permalink ? sprintf( '<a href="%s">%s</a>', $product_permalink, $item->get_name() ) : $item->get_name(), $item, $is_visible ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped echo wp_kses_post( apply_filters( 'woocommerce_order_item_name', $product_permalink ? sprintf( '<a href="%s">%s</a>', $product_permalink, $item->get_name() ) : $item->get_name(), $item, $is_visible ) );
$qty = $item->get_quantity(); $qty = $item->get_quantity();
$refunded_qty = $order->get_qty_refunded_for_item( $item_id ); $refunded_qty = $order->get_qty_refunded_for_item( $item_id );