Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Escape short description

This commit is contained in:
Nestor Soriano 2021-04-05 11:58:37 +02:00
parent b4354d01fd
commit 8729733da4
No known key found for this signature in database
GPG Key ID: 08110F3518C12CAD
2 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/class-wc-template-loader.php
View File

@ -139,7 +139,7 @@ class WC_Template_Loader {
if ( 0 === $validated_file ) { if ( 0 === $validated_file ) {
$templates[] = $page_template; $templates[] = $page_template;
} else { } else {
error_log( "WooCommerce: Unable to validate template path: \"$page_template\". Error Code: $validated_file." ); error_log( "WooCommerce: Unable to validate template path: \"$page_template\". Error Code: $validated_file." ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_error_log
} }
} }
} }
@ -294,8 +294,8 @@ class WC_Template_Loader {
} }
// Description handling. // Description handling.
if ( ! empty( $queried_object->description ) && ( empty( $_GET['product-page'] ) || 1 === absint( $_GET['product-page'] ) ) ) { // WPCS: input var ok, CSRF ok. if ( ! empty( $queried_object->description ) && ( empty( $_GET['product-page'] ) || 1 === absint( $_GET['product-page'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$prefix = '<div class="term-description">' . wc_format_content( $queried_object->description ) . '</div>'; // WPCS: XSS ok. $prefix = '<div class="term-description">' . wc_format_content( wp_kses_post( $queried_object->description ) ) . '</div>';
} else { } else {
$prefix = ''; $prefix = '';
} }

10
includes/wc-template-functions.php
View File

@ -887,7 +887,7 @@ function wc_terms_and_conditions_page_content() {
$page = get_post( $terms_page_id ); $page = get_post( $terms_page_id );
if ( $page && 'publish' === $page->post_status && $page->post_content && ! has_shortcode( $page->post_content, 'woocommerce_checkout' ) ) { if ( $page && 'publish' === $page->post_status && $page->post_content && ! has_shortcode( $page->post_content, 'woocommerce_checkout' ) ) {
echo '<div class="woocommerce-terms-and-conditions" style="display: none; max-height: 200px; overflow: auto;">' . wp_kses_post( wc_format_content( $page->post_content ) ) . '</div>'; echo '<div class="woocommerce-terms-and-conditions" style="display: none; max-height: 200px; overflow: auto;">' . wc_format_content( wp_kses_post( $page->post_content ) ) . '</div>'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
} }
} }
@ -1240,8 +1240,7 @@ if ( ! function_exists( 'woocommerce_taxonomy_archive_description' ) ) {
$term = get_queried_object(); $term = get_queried_object();
if ( $term && ! empty( $term->description ) ) { if ( $term && ! empty( $term->description ) ) {
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped echo '<div class="term-description">' . wc_format_content( wp_kses_post( $term->description ) ) . '</div>'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
echo '<div class="term-description">' . wc_format_content( $term->description ) . '</div>';
} }
} }
} }
@ -1260,10 +1259,9 @@ if ( ! function_exists( 'woocommerce_product_archive_description' ) ) {
if ( is_post_type_archive( 'product' ) && in_array( absint( get_query_var( 'paged' ) ), array( 0, 1 ), true ) ) { if ( is_post_type_archive( 'product' ) && in_array( absint( get_query_var( 'paged' ) ), array( 0, 1 ), true ) ) {
$shop_page = get_post( wc_get_page_id( 'shop' ) ); $shop_page = get_post( wc_get_page_id( 'shop' ) );
if ( $shop_page ) { if ( $shop_page ) {
$description = wc_format_content( $shop_page->post_content ); $description = wc_format_content( wp_kses_post( $shop_page->post_content ) );
if ( $description ) { if ( $description ) {
// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped echo '<div class="page-description">' . $description . '</div>'; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
echo '<div class="page-description">' . $description . '</div>';
} }
} }
} }