Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Properly sanitization for wc_make_phone_clickable() and fixed coding standards 

Closes #14659
This commit is contained in:
Claudio Sanches 2017-06-05 16:15:04 -03:00
parent f65005be41
commit 6c42f3c16a
2 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
includes/admin/meta-boxes/class-wc-meta-box-order-data.php
View File

@ -299,16 +299,13 @@ class WC_Meta_Box_Order_Data {
$field_value = $order->get_meta( '_' . $field_name ); $field_value = $order->get_meta( '_' . $field_name );
} }
switch ( $field_name ) { if ( 'billing_phone' === $field_name ) {
case 'billing_phone' : $field_value = wc_make_phone_clickable( $field_value );
$field_value = wc_make_phone_clickable( esc_html( $field_value ) ); } else {
break; $field_value = make_clickable( esc_html( $field_value ) );
default : }
$field_value = make_clickable( esc_html( $field_value ) );
break;
}
echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . $field_value . '</p>'; echo '<p><strong>' . esc_html( $field['label'] ) . ':</strong> ' . wp_kses_post( $field_value ) . '</p>';
} }
echo '</div>'; echo '</div>';

14
includes/wc-core-functions.php
View File

@ -1633,12 +1633,16 @@ function wc_get_permalink_structure() {
/** /**
* Convert plaintext phone number to clickable phone number. * Convert plaintext phone number to clickable phone number.
* *
* @since 3.0.0 * Remove formatting and allow "+".
* Example and specs: https://developer.mozilla.org/en/docs/Web/HTML/Element/a#Creating_a_phone_link
* *
* @param string $text Content to convert phone number. * @since 3.1.0
*
* @param string $phone Content to convert phone number.
* @return string Content with converted phone number. * @return string Content with converted phone number.
*/ */
function wc_make_phone_clickable( $text ) { function wc_make_phone_clickable( $phone ) {
$phone = trim ( preg_replace( '/[\s\-\+\(\)]/', '', $text ) ); $number = trim( preg_replace( '/[^\d|\+]/', '', $phone ) );
return "<a href=\"tel:$phone\">$text</a>";
return '<a href="tel:' . esc_attr( $number ) . '">' . esc_html( $phone ) . '</a>';
} }