Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add escaping to unescaped style attribute variable

This commit is contained in:
Daniel W. Robert 2023-09-19 12:34:10 -04:00 committed by Luigi
parent 68064c115b
commit 8fdd1726a6
7 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/woocommerce-blocks/src/BlockTypes/FeaturedItem.php
View File

@ -152,7 +152,7 @@ abstract class FeaturedItem extends AbstractDynamicBlock {
$classes[] = ' has-parallax';
}
return sprintf( '<div class="%1$s" style="%2$s" /></div>', implode( ' ', $classes ), $styles );
return sprintf( '<div class="%1$s" style="%2$s" /></div>', esc_attr( implode( ' ', $classes ) ), esc_attr( $styles ) );
}
/**
@ -201,7 +201,7 @@ abstract class FeaturedItem extends AbstractDynamicBlock {
* @return string
*/
private function render_image( $attributes, $item, string $image_url ) {
$style = sprintf( 'object-fit: %s;', $attributes['imageFit'] );
$style = sprintf( 'object-fit: %s;', esc_attr( $attributes['imageFit'] ) );
if ( $this->hasFocalPoint( $attributes ) ) {
$style .= sprintf(
@ -216,8 +216,8 @@ abstract class FeaturedItem extends AbstractDynamicBlock {
'<img alt="%1$s" class="wc-block-%2$s__background-image" src="%3$s" style="%4$s" />',
wp_kses_post( $attributes['alt'] ?: $this->get_item_title( $item ) ),
$this->block_name,
$image_url,
$style
esc_url( $image_url ),
esc_attr( $style )
);
}

10
plugins/woocommerce-blocks/src/BlockTypes/MiniCart.php
View File

@ -354,7 +354,7 @@ class MiniCart extends AbstractBlock {
}
$price_color = array_key_exists( 'priceColor', $attributes ) ? $attributes['priceColor']['color'] : '';
return '<span class="wc-block-mini-cart__amount" style="color:' . $price_color . ' "></span>' . $this->get_include_tax_label_markup( $attributes );
return '<span class="wc-block-mini-cart__amount" style="color:' . esc_attr( $price_color ) . ' "></span>' . $this->get_include_tax_label_markup( $attributes );
}
/**
@ -370,7 +370,7 @@ class MiniCart extends AbstractBlock {
}
$price_color = array_key_exists( 'priceColor', $attributes ) ? $attributes['priceColor']['color'] : '';
return '<small class="wc-block-mini-cart__tax-label" style="color:' . $price_color . ' " hidden>' . esc_html( $this->tax_label ) . '</small>';
return '<small class="wc-block-mini-cart__tax-label" style="color:' . esc_attr( $price_color ) . ' " hidden>' . esc_html( $this->tax_label ) . '</small>';
}
/**
@ -406,8 +406,8 @@ class MiniCart extends AbstractBlock {
}
$wrapper_styles = $classes_styles['styles'];
$icon_color = array_key_exists( 'iconColor', $attributes ) ? $attributes['iconColor']['color'] : 'currentColor';
$product_count_color = array_key_exists( 'productCountColor', $attributes ) ? $attributes['productCountColor']['color'] : '';
$icon_color = array_key_exists( 'iconColor', $attributes ) ? esc_attr( $attributes['iconColor']['color'] ) : 'currentColor';
$product_count_color = array_key_exists( 'productCountColor', $attributes ) ? esc_attr( $attributes['productCountColor']['color'] ) : '';
// Default "Cart" icon.
$icon = '<svg class="wc-block-mini-cart__icon" width="32" height="32" viewBox="0 0 32 32" fill="' . $icon_color . '" xmlns="http://www.w3.org/2000/svg">
@ -444,7 +444,7 @@ class MiniCart extends AbstractBlock {
}
// It is not necessary to load the Mini-Cart Block on Cart and Checkout page.
return '<div class="' . $wrapper_classes . '" style="visibility:hidden" aria-hidden="true">
return '<div class="' . esc_attr( $wrapper_classes ) . '" style="visibility:hidden" aria-hidden="true">
<button class="wc-block-mini-cart__button" disabled>' . $button_html . '</button>
</div>';
}

2
plugins/woocommerce-blocks/src/BlockTypes/ProductButton.php
View File

@ -103,7 +103,7 @@ class ProductButton extends AbstractBlock {
$product->is_purchasable() && $product->is_in_stock() ? 'add_to_cart_button' : '',
$is_ajax_button ? 'ajax_add_to_cart' : '',
'product_type_' . $product->get_type(),
$styles_and_classes['classes'],
esc_attr( $styles_and_classes['classes'] ),
)
)
);

2
plugins/woocommerce-blocks/src/BlockTypes/ProductGalleryLargeImageNextPrevious.php
View File

@ -110,7 +110,7 @@ class ProductGalleryLargeImageNextPrevious extends AbstractBlock {
$this->get_class_suffix( $context )
);
$alignment_class = isset( $attributes['layout']['verticalAlignment'] ) ? 'is-vertically-aligned-' . $attributes['layout']['verticalAlignment'] : '';
$alignment_class = isset( $attributes['layout']['verticalAlignment'] ) ? 'is-vertically-aligned-' . esc_attr( $attributes['layout']['verticalAlignment'] ) : '';
$position_class = 'wc-block-product-gallery-large-image-next-previous--' . $this->get_class_suffix( $context );
return strtr(

2
plugins/woocommerce-blocks/src/BlockTypes/ProductImage.php
View File

@ -105,7 +105,7 @@ class ProductImage extends AbstractBlock {
<span class="screen-reader-text">Product on sale</span>
</div>
',
$attributes['saleBadgeAlign'],
esc_attr( $attributes['saleBadgeAlign'] ),
isset( $font_size['class'] ) ? esc_attr( $font_size['class'] ) : '',
isset( $font_size['style'] ) ? esc_attr( $font_size['style'] ) : '',
esc_html__( 'Sale', 'woo-gutenberg-products-block' )

2
plugins/woocommerce-blocks/src/BlockTypes/ProductResultsCount.php
View File

@ -45,7 +45,7 @@ class ProductResultsCount extends AbstractBlock {
return sprintf(
'<div class="woocommerce wc-block-product-results-count wp-block-woocommerce-product-results-count %1$s %2$s" style="%3$s">%4$s</div>',
esc_attr( $classes_and_styles['classes'] ),
$classname,
esc_attr( $classname ),
esc_attr( $classes_and_styles['styles'] ),
$product_results_count
);

2
plugins/woocommerce-blocks/src/BlockTypes/ProductSaleBadge.php
View File

@ -111,7 +111,7 @@ class ProductSaleBadge extends AbstractBlock {
$align = isset( $attributes['align'] ) ? $attributes['align'] : '';
$output = '<div class="wp-block-woocommerce-product-sale-badge ' . esc_attr( $classname ) . '">';
$output .= sprintf( '<div class="wc-block-components-product-sale-badge %1$s wc-block-components-product-sale-badge--align-%2$s" style="%3$s">', esc_attr( $classes_and_styles['classes'] ), $align, esc_attr( $classes_and_styles['styles'] ) );
$output .= sprintf( '<div class="wc-block-components-product-sale-badge %1$s wc-block-components-product-sale-badge--align-%2$s" style="%3$s">', esc_attr( $classes_and_styles['classes'] ), esc_attr( $align ), esc_attr( $classes_and_styles['styles'] ) );
$output .= '<span class="wc-block-components-product-sale-badge__text" aria-hidden="true">' . __( 'Sale', 'woo-gutenberg-products-block' ) . '</span>';
$output .= '<span class="screen-reader-text">'
. __( 'Product on sale', 'woo-gutenberg-products-block' )