Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

escape when output, not when saved. #2587

This commit is contained in:
Mike Jolley 2013-03-05 21:20:00 +00:00
parent 8936ad0c9b
commit 089178e0e8
5 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/post-types/writepanels/writepanel-product_data.php
View File

@ -767,7 +767,7 @@ function woocommerce_process_product_meta( $post_id, $post ) {
} elseif ( isset( $attribute_values[ $i ] ) ) {
// Text based, separate by pipe
$values = implode( '|', array_map( 'esc_html', array_map( 'trim', explode( '|', stripslashes( $attribute_values[ $i ] ) ) ) ) );
$values = implode( '|', array_map( 'trim', explode( '|', stripslashes( $attribute_values[ $i ] ) ) ) );
// Custom attribute - Add attribute to array and set the values
$attributes[ sanitize_title( $attribute_names[ $i ] ) ] = array(

7
assets/js/frontend/add-to-cart-variation.js
View File

@ -114,12 +114,7 @@
} else {
// Encode entities
value = $(this).val()
.replace(/&/g, '&')
.replace(/"/g, '"')
.replace(/'/g, ''')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
value = $(this).val();
// Add to settings array
current_settings[ $(this).attr('name') ] = value;

2
assets/js/frontend/add-to-cart-variation.min.js vendored
View File

File diff suppressed because one or more lines are too long

4
templates/single-product/add-to-cart/variable.php
View File

@ -51,11 +51,11 @@ global $woocommerce, $product, $post;
foreach ( $terms as $term ) {
if ( ! in_array( $term->slug, $options ) ) continue;
echo '<option value="' . $term->slug . '" ' . selected( $selected_value, $term->slug, false ) . '>' . apply_filters( 'woocommerce_variation_option_name', $term->name ) . '</option>';
echo '<option value="' . esc_attr( $term->slug ) . '" ' . selected( $selected_value, $term->slug, false ) . '>' . apply_filters( 'woocommerce_variation_option_name', $term->name ) . '</option>';
}
} else {
foreach ( $options as $option )
echo '<option value="' . $option . '" ' . selected( $selected_value, $option, false ) . '>' . apply_filters( 'woocommerce_variation_option_name', $option ) . '</option>';
echo '<option value="' . esc_attr( $option ) . '" ' . selected( $selected_value, $option, false ) . '>' . apply_filters( 'woocommerce_variation_option_name', $option ) . '</option>';
}
}
?>

2
woocommerce-ajax.php
View File

@ -553,7 +553,7 @@ function woocommerce_save_attributes() {
} elseif ( isset( $attribute_values[ $i ] ) ) {
// Text based, separate by pipe
$values = implode( '|', array_map( 'esc_html', array_map( 'trim', explode( '|', stripslashes( $attribute_values[ $i ] ) ) ) ) );
$values = implode( '|', array_map( 'trim', explode( '|', stripslashes( $attribute_values[ $i ] ) ) ) );
// Custom attribute - Add attribute to array and set the values
$attributes[ sanitize_title( $attribute_names[ $i ] ) ] = array(