From 18ab00d10d7c5d7736ee47e713ed42b271329882 Mon Sep 17 00:00:00 2001
From: Mike Jolley <mike.jolley@me.com>
Date: Thu, 14 Feb 2013 16:50:45 +0000
Subject: [PATCH] escape for #2441

---
 .../google-analytics/class-wc-google-analytics.php            | 4 ++--
 templates/loop/add-to-cart.php                                | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/classes/integrations/google-analytics/class-wc-google-analytics.php b/classes/integrations/google-analytics/class-wc-google-analytics.php
index 06f1f5b1748..7de9465b901 100644
--- a/classes/integrations/google-analytics/class-wc-google-analytics.php
+++ b/classes/integrations/google-analytics/class-wc-google-analytics.php
@@ -255,7 +255,7 @@ class WC_Google_Analytics extends WC_Integration {
 		// Add single quotes to allow jQuery to be substituted into _trackEvent parameters
 		$parameters['category'] = "'" . __( 'Products', 'woocommerce' ) . "'";
 		$parameters['action'] = "'" . __( 'Add to cart', 'woocommerce' ) . "'";
-		$parameters['label'] = "'" . ( $product->get_sku() ? __('SKU:', 'woocommerce') . ' ' . $product->get_sku() : "#" . $product->id ) . "'";
+		$parameters['label'] = "'" . esc_js( $product->get_sku() ? __('SKU:', 'woocommerce') . ' ' . $product->get_sku() : "#" . $product->id ) . "'";
 
 		$this->event_tracking_code( $parameters, '.single_add_to_cart_button' );
 	}
@@ -275,7 +275,7 @@ class WC_Google_Analytics extends WC_Integration {
 		// Add single quotes to allow jQuery to be substituted into _trackEvent parameters
 		$parameters['category'] = "'" . __( 'Products', 'woocommerce' ) . "'";
 		$parameters['action'] 	= "'" . __( 'Add to Cart', 'woocommerce' ) . "'";
-		$parameters['label'] 	= "($(this).hasAttr('data-product_sku')) ? ('SKU: ' + $(this).attr('data-product_sku')) : ('#' + $(this).attr('data-product_id))"; // Product SKU or ID
+		$parameters['label'] 	= "($(this).data('product_sku')) ? ('SKU: ' + $(this).data('product_sku')) : ('#' + $(this).data('product_id'))"; // Product SKU or ID
 
 		$this->event_tracking_code( $parameters, '.add_to_cart_button:not(.product_type_variable, .product_type_grouped)' );
 	}
diff --git a/templates/loop/add-to-cart.php b/templates/loop/add-to-cart.php
index 342ee1fa5db..e018bff6f38 100644
--- a/templates/loop/add-to-cart.php
+++ b/templates/loop/add-to-cart.php
@@ -50,7 +50,7 @@ global $product;
 			break;
 		}
 
-		echo apply_filters( 'woocommerce_loop_add_to_cart_link', sprintf('<a href="%s" rel="nofollow" data-product_id="%s" class="%s button product_type_%s"%s>%s</a>', $link['url'], $product->id, $link['class'], $product->product_type, $product->get_sku() ? ' data-product_sku="' . $product->get_sku() . '"' : '', $link['label'] ), $product, $link );
+		echo apply_filters( 'woocommerce_loop_add_to_cart_link', sprintf('<a href="%s" rel="nofollow" data-product_id="%s" data-product_sku="%s" class="%s button product_type_%s">%s</a>', esc_url( $link['url'] ), esc_attr( $product->id ), esc_attr( $product->get_sku() ), esc_attr( $link['class'] ), esc_attr( $product->product_type ), esc_html( $link['label'] ) ), $product, $link );
 
 	?>