Style & escaping fixes, based on review feedback

2017-05-16 14:01:14 -04:00 · 2017-05-16 14:01:14 -04:00 · 3cb3a1b085
parent 684ae9c86c
commit 3cb3a1b085
1 changed files with 8 additions and 6 deletions
--- a/includes/admin/class-wc-admin-profile.php
+++ b/includes/admin/class-wc-admin-profile.php
@ -169,7 +169,7 @@ class WC_Admin_Profile {
 						<th><label for="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $field['label'] ); ?></label></th>
 						<td>
 							<?php if ( ! empty( $field['type'] ) && 'select' === $field['type'] ) : ?>
-								<select name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" class="<?php echo ( ! empty( $field['class'] ) ? $field['class'] : '' ); ?>" style="width: 25em;">
+								<select name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" class="<?php echo esc_attr( $field['class'] ); ?>" style="width: 25em;">
 									<?php
 										$selected = esc_attr( get_user_meta( $user->ID, $key, true ) );
 										foreach ( $field['options'] as $option_key => $option_value ) : ?>
@ -177,11 +177,11 @@ class WC_Admin_Profile {
 									<?php endforeach; ?>
 								</select>
 							<?php elseif ( ! empty( $field['type'] ) && 'checkbox' === $field['type'] ) : ?>
-								<input type="checkbox" name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" value="1" class="<?php echo ( ! empty( $field['class'] ) ? $field['class'] : '' ); ?>" <?php checked( (int) get_user_meta( $user->ID, $key, true ), 1, true ); ?> />
+								<input type="checkbox" name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" value="1" class="<?php echo esc_attr( $field['class'] ); ?>" <?php checked( (int) get_user_meta( $user->ID, $key, true ), 1, true ); ?> />
 							<?php elseif ( ! empty( $field['type'] ) && 'button' === $field['type'] ) : ?>
-								<button id="<?php echo esc_attr( $key ); ?>" class="button <?php echo ( ! empty( $field['class'] ) ? $field['class'] : '' ); ?>"><?php echo esc_attr( $field['text'] ); ?></button>
+								<button id="<?php echo esc_attr( $key ); ?>" class="button <?php echo esc_attr( $field['class'] ); ?>"><?php echo esc_html( $field['text'] ); ?></button>
 							<?php else : ?>
-								<input type="text" name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $this->get_user_meta( $user->ID, $key ) ); ?>" class="<?php echo ( ! empty( $field['class'] ) ? $field['class'] : 'regular-text' ); ?>" />
+								<input type="text" name="<?php echo esc_attr( $key ); ?>" id="<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $this->get_user_meta( $user->ID, $key ) ); ?>" class="<?php echo ( ! empty( $field['class'] ) ? esc_attr( $field['class'] ) : 'regular-text' ); ?>" />
 							<?php endif; ?>
 							<br/>
 							<span class="description"><?php echo wp_kses_post( $field['description'] ); ?></span>
@ -219,15 +219,17 @@ class WC_Admin_Profile {
 	/**
 	 * Get user meta for a given key, with fallbacks to core user info for pre-existing fields.
 	 *
 	 * @since 3.1.0
 	 * @param int    $user_id User ID of the user being edited
 	 * @param string $key     Key for user meta field
 	 * @return string
 	 */
-	public function get_user_meta( $user_id, $key ) {
+	protected function get_user_meta( $user_id, $key ) {
 		$value = get_user_meta( $user_id, $key, true );
 		$existing_fields = array( 'billing_first_name', 'billing_last_name' );
 		if ( ! $value && in_array( $key, $existing_fields ) ) {
 			$value = get_user_meta( $user_id, str_replace( 'billing_', '', $key ), true );
-		} else if ( ! $value && $key === 'billing_email' ) {
+		} elseif ( ! $value && ( 'billing_email' === $key ) ) {
 			$user = get_userdata( $user_id );
 			$value = $user->user_email;
 		}