Escaping for scruitinizer
This commit is contained in:
Mike Jolley
parent
54352de9b4
commit
76f8c3dddd
|
|
@ -51,7 +51,7 @@ class WC_Admin_Attributes {
|
|||
}
|
||||
|
||||
if ( is_wp_error( $result ) ) {
|
||||
echo '<div id="woocommerce_errors" class="error"><p>' . $result->get_error_message() . '</p></div>';
|
||||
echo '<div id="woocommerce_errors" class="error"><p>' . wp_kses_post( $result->get_error_message() ) . '</p></div>';
|
||||
}
|
||||
|
||||
// Show admin interface
|
||||
|
|
|
|||
|
|
@ -342,32 +342,32 @@ class WC_Admin_Post_Types {
|
|||
|
||||
/* Custom inline data for woocommerce. */
|
||||
echo '
|
||||
<div class="hidden" id="woocommerce_inline_' . $post->ID . '">
|
||||
<div class="menu_order">' . $the_product->get_menu_order() . '</div>
|
||||
<div class="sku">' . $the_product->get_sku() . '</div>
|
||||
<div class="regular_price">' . $the_product->get_regular_price() . '</div>
|
||||
<div class="sale_price">' . $the_product->get_sale_price() . '</div>
|
||||
<div class="weight">' . $the_product->get_weight() . '</div>
|
||||
<div class="length">' . $the_product->get_length() . '</div>
|
||||
<div class="width">' . $the_product->get_width() . '</div>
|
||||
<div class="height">' . $the_product->get_height() . '</div>
|
||||
<div class="shipping_class">' . $the_product->get_shipping_class() . '</div>
|
||||
<div class="visibility">' . $the_product->get_catalog_visibility() . '</div>
|
||||
<div class="stock_status">' . $the_product->get_stock_status() . '</div>
|
||||
<div class="stock">' . $the_product->get_stock_quantity() . '</div>
|
||||
<div class="manage_stock">' . $the_product->get_manage_stock() . '</div>
|
||||
<div class="featured">' . $the_product->get_featured() . '</div>
|
||||
<div class="product_type">' . $the_product->get_type() . '</div>
|
||||
<div class="product_is_virtual">' . $the_product->get_virtual() . '</div>
|
||||
<div class="tax_status">' . $the_product->get_tax_status() . '</div>
|
||||
<div class="tax_class">' . $the_product->get_tax_class() . '</div>
|
||||
<div class="backorders">' . $the_product->get_backorders() . '</div>
|
||||
<div class="hidden" id="woocommerce_inline_' . absint( $post->ID ) . '">
|
||||
<div class="menu_order">' . absint( $the_product->get_menu_order() ) . '</div>
|
||||
<div class="sku">' . esc_html( $the_product->get_sku() ) . '</div>
|
||||
<div class="regular_price">' . esc_html( $the_product->get_regular_price() ) . '</div>
|
||||
<div class="sale_price">' . esc_html( $the_product->get_sale_price() ) . '</div>
|
||||
<div class="weight">' . esc_html( $the_product->get_weight() ) . '</div>
|
||||
<div class="length">' . esc_html( $the_product->get_length() ) . '</div>
|
||||
<div class="width">' . esc_html( $the_product->get_width() ) . '</div>
|
||||
<div class="height">' . esc_html( $the_product->get_height() ) . '</div>
|
||||
<div class="shipping_class">' . esc_html( $the_product->get_shipping_class() ) . '</div>
|
||||
<div class="visibility">' . esc_html( $the_product->get_catalog_visibility() ) . '</div>
|
||||
<div class="stock_status">' . esc_html( $the_product->get_stock_status() ) . '</div>
|
||||
<div class="stock">' . esc_html( $the_product->get_stock_quantity() ) . '</div>
|
||||
<div class="manage_stock">' . esc_html( $the_product->get_manage_stock() ) . '</div>
|
||||
<div class="featured">' . esc_html( $the_product->get_featured() ) . '</div>
|
||||
<div class="product_type">' . esc_html( $the_product->get_type() ) . '</div>
|
||||
<div class="product_is_virtual">' . esc_html( $the_product->get_virtual() ) . '</div>
|
||||
<div class="tax_status">' . esc_html( $the_product->get_tax_status() ) . '</div>
|
||||
<div class="tax_class">' . esc_html( $the_product->get_tax_class() ) . '</div>
|
||||
<div class="backorders">' . esc_html( $the_product->get_backorders() ) . '</div>
|
||||
</div>
|
||||
';
|
||||
|
||||
break;
|
||||
case 'sku' :
|
||||
echo $the_product->get_sku() ? $the_product->get_sku() : '<span class="na">–</span>';
|
||||
echo $the_product->get_sku() ? esc_html( $the_product->get_sku() ) : '<span class="na">–</span>';
|
||||
break;
|
||||
case 'product_type' :
|
||||
if ( $the_product->is_type( 'grouped' ) ) {
|
||||
|
|
|
|||
|
|
@ -8,9 +8,16 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|||
<h3 class="fixed">
|
||||
<button type="button" data-permission_id="<?php echo esc_attr( $download->get_id() ); ?>" rel="<?php echo esc_attr( $download->get_product_id() ) . ',' . esc_attr( $download->get_download_id() ); ?>" class="revoke_access button"><?php _e( 'Revoke access', 'woocommerce' ); ?></button>
|
||||
<div class="handlediv" aria-label="<?php esc_attr_e( 'Click to toggle', 'woocommerce' ); ?>"></div>
|
||||
<strong>
|
||||
<?php echo '#' . esc_html( $product->get_id() ) . ' — ' . apply_filters( 'woocommerce_admin_download_permissions_title', $product->get_name(), $download->get_product_id(), $download->get_order_id(), $download->get_order_key(), $download->get_download_id() ) . ' — ' . esc_html( $file_count ) . ': ' . wc_get_filename_from_url( $product->get_file_download_path( $download->get_download_id() ) ) . ' — ' . sprintf( _n( 'Downloaded %s time', 'Downloaded %s times', $download->get_download_count(), 'woocommerce' ), $download->get_download_count() ); ?>
|
||||
</strong>
|
||||
<strong><?php
|
||||
printf(
|
||||
'#%s — %s — %s: %s — ',
|
||||
esc_html( $product->get_id() ),
|
||||
esc_html( apply_filters( 'woocommerce_admin_download_permissions_title', $product->get_name(), $download->get_product_id(), $download->get_order_id(), $download->get_order_key(), $download->get_download_id() ) ),
|
||||
esc_html( $file_count ),
|
||||
esc_html( wc_get_filename_from_url( $product->get_file_download_path( $download->get_download_id() ) ) )
|
||||
);
|
||||
printf( _n( 'Downloaded %s time', 'Downloaded %s times', $download->get_download_count(), 'woocommerce' ), $download->get_download_count() )
|
||||
?></strong>
|
||||
</h3>
|
||||
<table cellpadding="0" cellspacing="0" class="wc-metabox-content">
|
||||
<tbody>
|
||||
|
|
|
|||
|
|
@ -188,7 +188,7 @@ class WC_Report_Sales_By_Product extends WC_Admin_Report {
|
|||
}
|
||||
}
|
||||
|
||||
echo '<p>' . ' <strong>' . implode( ', ', $this->product_ids_titles ) . '</strong></p>';
|
||||
echo '<p>' . ' <strong>' . esc_html( implode( ', ', $this->product_ids_titles ) ) . '</strong></p>';
|
||||
echo '<p><a class="button" href="' . esc_url( remove_query_arg( 'product_ids' ) ) . '">' . __( 'Reset', 'woocommerce' ) . '</a></p>';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -84,10 +84,10 @@ class WC_Report_Stock extends WP_List_Table {
|
|||
|
||||
case 'product' :
|
||||
if ( $sku = $product->get_sku() ) {
|
||||
echo $sku . ' - ';
|
||||
echo esc_html( $sku ) . ' - ';
|
||||
}
|
||||
|
||||
echo $product->get_name();
|
||||
echo esc_html( $product->get_name() );
|
||||
|
||||
// Get variation data
|
||||
if ( $product->is_type( 'variation' ) ) {
|
||||
|
|
@ -120,7 +120,7 @@ class WC_Report_Stock extends WP_List_Table {
|
|||
break;
|
||||
|
||||
case 'stock_level' :
|
||||
echo $product->get_stock_quantity();
|
||||
echo esc_html( $product->get_stock_quantity() );
|
||||
break;
|
||||
|
||||
case 'wc_actions' :
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|||
/* translators: 1: start date 2: end date */
|
||||
printf(
|
||||
esc_html__( 'From %1$s to %2$s', 'woocommerce' ),
|
||||
wc_clean( $_GET['start_date'] ),
|
||||
wc_clean( $_GET['end_date'] )
|
||||
esc_html( wc_clean( $_GET['start_date'] ) ),
|
||||
esc_html( wc_clean( $_GET['end_date'] ) )
|
||||
);
|
||||
?></h3>
|
||||
<?php else : ?>
|
||||
|
|
|
|||
|
|
@ -128,7 +128,7 @@ class WC_Embed {
|
|||
/* translators: %s: average rating */
|
||||
printf(
|
||||
esc_html_( 'Rated %s out of 5', 'woocommerce' ),
|
||||
$_product->get_average_rating()
|
||||
esc_html( $_product->get_average_rating() )
|
||||
);
|
||||
?>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -143,15 +143,16 @@ class WC_Logger {
|
|||
*/
|
||||
public function remove( $handle ) {
|
||||
$removed = false;
|
||||
$handle = wc_clean( $handle );
|
||||
$file = wc_get_log_file_path( $handle );
|
||||
|
||||
if ( is_file( $file ) && is_writable( $file ) ) {
|
||||
// Close first to be certain no processes keep it alive after it is unlinked.
|
||||
$this->close( $handle );
|
||||
$removed = unlink( $file );
|
||||
} elseif ( is_file( trailingslashit( WC_LOG_DIR ) . $handle . '.log' ) && is_writable( trailingslashit( WC_LOG_DIR ) . $handle . '.log' ) ) {
|
||||
} elseif ( is_file( trailingslashit( WC_LOG_DIR ) . sanitize_file_name( $handle . '.log' ) ) && is_writable( trailingslashit( WC_LOG_DIR ) . sanitize_file_name( $handle . '.log' ) ) ) {
|
||||
$this->close( $handle );
|
||||
$removed = unlink( trailingslashit( WC_LOG_DIR ) . $handle . '.log' );
|
||||
$removed = unlink( trailingslashit( WC_LOG_DIR ) . sanitize_file_name( $handle . '.log' ) );
|
||||
}
|
||||
|
||||
do_action( 'woocommerce_log_remove', $handle, $removed );
|
||||
|
|
|
|||
|
|
@ -720,7 +720,7 @@ class WC_Shortcodes {
|
|||
var $variations_form = $( '[data-product-page-preselected-id="<?php echo esc_attr( $preselected_id ); ?>"]' ).find( 'form.variations_form' );
|
||||
|
||||
<?php foreach ( $attributes as $attr => $value ) { ?>
|
||||
$variations_form.find( 'select[name="<?php echo esc_attr( $attr ); ?>"]' ).val( '<?php echo $value; ?>' );
|
||||
$variations_form.find( 'select[name="<?php echo esc_attr( $attr ); ?>"]' ).val( '<?php echo esc_js( $value ); ?>' );
|
||||
<?php } ?>
|
||||
});
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -580,7 +580,7 @@ class WC_Email extends WC_Settings_API {
|
|||
if ( current_user_can( 'edit_themes' ) && ! empty( $template_code ) && ! empty( $template_path ) ) {
|
||||
$saved = false;
|
||||
$file = get_stylesheet_directory() . '/woocommerce/' . $template_path;
|
||||
$code = stripslashes( $template_code );
|
||||
$code = wp_unslash( $template_code );
|
||||
|
||||
if ( is_writeable( $file ) ) {
|
||||
$f = fopen( $file, 'w+' );
|
||||
|
|
|
|||
|
|
@ -761,7 +761,7 @@ function get_woocommerce_api_url( $path ) {
|
|||
* @return string the log file path.
|
||||
*/
|
||||
function wc_get_log_file_path( $handle ) {
|
||||
return trailingslashit( WC_LOG_DIR ) . $handle . '-' . sanitize_file_name( wp_hash( $handle ) ) . '.log';
|
||||
return trailingslashit( WC_LOG_DIR ) . sanitize_file_name( $handle ) . '-' . sanitize_file_name( wp_hash( $handle ) ) . '.log';
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ class WC_Widget_Layered_Nav_Filters extends WC_Widget {
|
|||
foreach ( $rating_filter as $rating ) {
|
||||
$link_ratings = implode( ',', array_diff( $rating_filter, array( $rating ) ) );
|
||||
$link = $link_ratings ? add_query_arg( 'rating_filter', $link_ratings ) : remove_query_arg( 'rating_filter', $base_link );
|
||||
echo '<li class="chosen"><a aria-label="' . esc_attr__( 'Remove filter', 'woocommerce' ) . '" href="' . esc_url( $link ) . '">' . sprintf( __( 'Rated %s out of 5', 'woocommerce' ), $rating ) . '</a></li>';
|
||||
echo '<li class="chosen"><a aria-label="' . esc_attr__( 'Remove filter', 'woocommerce' ) . '" href="' . esc_url( $link ) . '">' . sprintf( __( 'Rated %s out of 5', 'woocommerce' ), esc_html( $rating ) ) . '</a></li>';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|||
|
||||
<li class="woocommerce-order-overview__payment-method method">
|
||||
<?php _e( 'Payment method:', 'woocommerce' ); ?>
|
||||
<strong><?php echo $order->get_payment_method_title(); ?></strong>
|
||||
<strong><?php echo wp_kses_post( $order->get_payment_method_title() ); ?></strong>
|
||||
</li>
|
||||
|
||||
<?php endif; ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue