Escape product names on reports
This commit is contained in:
Claudio Sanches
parent
0fec9dbfe7
commit
9e8aa83d47
|
|
@ -245,7 +245,7 @@ class WC_Report_Sales_By_Product extends WC_Admin_Report {
|
||||||
foreach ( $top_sellers as $product ) {
|
foreach ( $top_sellers as $product ) {
|
||||||
echo '<tr class="' . ( in_array( $product->product_id, $this->product_ids ) ? 'active' : '' ) . '">
|
echo '<tr class="' . ( in_array( $product->product_id, $this->product_ids ) ? 'active' : '' ) . '">
|
||||||
<td class="count">' . $product->order_item_qty . '</td>
|
<td class="count">' . $product->order_item_qty . '</td>
|
||||||
<td class="name"><a href="' . esc_url( add_query_arg( 'product_ids', $product->product_id ) ) . '">' . get_the_title( $product->product_id ) . '</a></td>
|
<td class="name"><a href="' . esc_url( add_query_arg( 'product_ids', $product->product_id ) ) . '">' . esc_html( get_the_title( $product->product_id ) ) . '</a></td>
|
||||||
<td class="sparkline">' . $this->sales_sparkline( $product->product_id, 7, 'count' ) . '</td>
|
<td class="sparkline">' . $this->sales_sparkline( $product->product_id, 7, 'count' ) . '</td>
|
||||||
</tr>';
|
</tr>';
|
||||||
}
|
}
|
||||||
|
|
@ -293,7 +293,7 @@ class WC_Report_Sales_By_Product extends WC_Admin_Report {
|
||||||
foreach ( $top_freebies as $product ) {
|
foreach ( $top_freebies as $product ) {
|
||||||
echo '<tr class="' . ( in_array( $product->product_id, $this->product_ids ) ? 'active' : '' ) . '">
|
echo '<tr class="' . ( in_array( $product->product_id, $this->product_ids ) ? 'active' : '' ) . '">
|
||||||
<td class="count">' . $product->order_item_qty . '</td>
|
<td class="count">' . $product->order_item_qty . '</td>
|
||||||
<td class="name"><a href="' . esc_url( add_query_arg( 'product_ids', $product->product_id ) ) . '">' . get_the_title( $product->product_id ) . '</a></td>
|
<td class="name"><a href="' . esc_url( add_query_arg( 'product_ids', $product->product_id ) ) . '">' . esc_html( get_the_title( $product->product_id ) ) . '</a></td>
|
||||||
<td class="sparkline">' . $this->sales_sparkline( $product->product_id, 7, 'count' ) . '</td>
|
<td class="sparkline">' . $this->sales_sparkline( $product->product_id, 7, 'count' ) . '</td>
|
||||||
</tr>';
|
</tr>';
|
||||||
}
|
}
|
||||||
|
|
@ -333,7 +333,7 @@ class WC_Report_Sales_By_Product extends WC_Admin_Report {
|
||||||
foreach ( $top_earners as $product ) {
|
foreach ( $top_earners as $product ) {
|
||||||
echo '<tr class="' . ( in_array( $product->product_id, $this->product_ids ) ? 'active' : '' ) . '">
|
echo '<tr class="' . ( in_array( $product->product_id, $this->product_ids ) ? 'active' : '' ) . '">
|
||||||
<td class="count">' . wc_price( $product->order_item_total ) . '</td>
|
<td class="count">' . wc_price( $product->order_item_total ) . '</td>
|
||||||
<td class="name"><a href="' . esc_url( add_query_arg( 'product_ids', $product->product_id ) ) . '">' . get_the_title( $product->product_id ) . '</a></td>
|
<td class="name"><a href="' . esc_url( add_query_arg( 'product_ids', $product->product_id ) ) . '">' . esc_html( get_the_title( $product->product_id ) ) . '</a></td>
|
||||||
<td class="sparkline">' . $this->sales_sparkline( $product->product_id, 7, 'sales' ) . '</td>
|
<td class="sparkline">' . $this->sales_sparkline( $product->product_id, 7, 'sales' ) . '</td>
|
||||||
</tr>';
|
</tr>';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -101,7 +101,7 @@ class WC_Report_Stock extends WP_List_Table {
|
||||||
|
|
||||||
case 'parent' :
|
case 'parent' :
|
||||||
if ( $item->parent ) {
|
if ( $item->parent ) {
|
||||||
echo get_the_title( $item->parent );
|
echo esc_html( get_the_title( $item->parent ) );
|
||||||
} else {
|
} else {
|
||||||
echo '-';
|
echo '-';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue