Merge pull request #8067 from javorszky/grouped-xss-filter

[2.3] Grouped xss filter
2015-04-28 23:31:51 -03:00 · 2015-04-28 23:31:51 -03:00 · c9c6e86e70
parent 0a3fc7673e 72bb8fb553
commit c9c6e86e70
4 changed files with 4 additions and 4 deletions
--- a/templates/single-product/add-to-cart/external.php
+++ b/templates/single-product/add-to-cart/external.php
@ -16,7 +16,7 @@ if ( ! defined( 'ABSPATH' ) ) {
 <?php do_action( 'woocommerce_before_add_to_cart_button' ); ?>

 <p class="cart">
-	<a href="<?php echo esc_url( $product_url ); ?>" rel="nofollow" class="single_add_to_cart_button button alt"><?php echo $button_text; ?></a>
+	<a href="<?php echo esc_url( $product_url ); ?>" rel="nofollow" class="single_add_to_cart_button button alt"><?php echo esc_html( $button_text ); ?></a>
 </p>

 <?php do_action( 'woocommerce_after_add_to_cart_button' ); ?>
--- a/templates/single-product/add-to-cart/grouped.php
+++ b/templates/single-product/add-to-cart/grouped.php
@ -45,7 +45,7 @@ do_action( 'woocommerce_before_add_to_cart_form' ); ?>

 						<td class="label">
 							<label for="product-<?php echo $product_id; ?>">
-								<?php echo $product->is_visible() ? '<a href="' . get_permalink() . '">' . get_the_title() . '</a>' : get_the_title(); ?>
+								<?php echo $product->is_visible() ? '<a href="' . esc_url( apply_filters( 'woocommerce_grouped_product_list_link', get_permalink(), $product_id ) ) . '">' . esc_html( get_the_title() ) . '</a>' : esc_html( get_the_title() ); ?>
 							</label>
 						</td>

--- a/templates/single-product/add-to-cart/simple.php
+++ b/templates/single-product/add-to-cart/simple.php
@ -44,7 +44,7 @@ if ( ! $product->is_purchasable() ) {

 	 	<input type="hidden" name="add-to-cart" value="<?php echo esc_attr( $product->id ); ?>" />

-	 	<button type="submit" class="single_add_to_cart_button button alt"><?php echo $product->single_add_to_cart_text(); ?></button>
+	 	<button type="submit" class="single_add_to_cart_button button alt"><?php echo esc_html( $product->single_add_to_cart_text() ); ?></button>

 		<?php do_action( 'woocommerce_after_add_to_cart_button' ); ?>
 	</form>
--- a/templates/single-product/add-to-cart/variable.php
+++ b/templates/single-product/add-to-cart/variable.php
@ -79,7 +79,7 @@ global $product, $post;

 			<div class="variations_button">
 				<?php woocommerce_quantity_input(); ?>
-				<button type="submit" class="single_add_to_cart_button button alt"><?php echo $product->single_add_to_cart_text(); ?></button>
+				<button type="submit" class="single_add_to_cart_button button alt"><?php echo esc_html( $product->single_add_to_cart_text() ); ?></button>
 			</div>

 			<input type="hidden" name="add-to-cart" value="<?php echo $product->id; ?>" />