Escapes several echoed elements for better security.

This commit is contained in:
mateuswetah 2022-05-23 11:24:07 -03:00
parent 0aa9f41dfb
commit 10e37a8bc0
14 changed files with 44 additions and 44 deletions

View File

@ -1,6 +1,6 @@
<?php get_header(); ?> <?php get_header(); ?>
<?php $view_mode = get_query_var( 'tainacan_collections_viewmode' ); ?> <?php $view_mode = esc_attr(get_query_var( 'tainacan_collections_viewmode' )); ?>
<!-- Get the banner to display --> <!-- Get the banner to display -->
<?php get_template_part( 'template-parts/bannerheader' ); ?> <?php get_template_part( 'template-parts/bannerheader' ); ?>
@ -63,8 +63,8 @@
</div> </div>
<form role="search" class="ml-auto" method="get" id="tainacan-collection-search"> <form role="search" class="ml-auto" method="get" id="tainacan-collection-search">
<input type="hidden" name="orderby" value="<?php echo get_query_var( 'orderby' ); ?>" /> <input type="hidden" name="orderby" value="<?php echo esc_attr(get_query_var( 'orderby' )); ?>" />
<input type="hidden" name="order" value="<?php echo get_query_var( 'order' ); ?>" /> <input type="hidden" name="order" value="<?php echo esc_attr(get_query_var( 'order' )); ?>" />
<input type="hidden" name="tainacan_collections_viewmode" value="<?php echo $view_mode; ?>" /> <input type="hidden" name="tainacan_collections_viewmode" value="<?php echo $view_mode; ?>" />
<div class="input-group"> <div class="input-group">
<input class="form-control rounded-0" type="search" name="s" value="<?php echo get_query_var( 's' ); ?>" placeholder="<?php esc_attr_e( 'Search collections', 'tainacan-interface' ); ?>" /> <input class="form-control rounded-0" type="search" name="s" value="<?php echo get_query_var( 's' ); ?>" placeholder="<?php esc_attr_e( 'Search collections', 'tainacan-interface' ); ?>" />

View File

@ -231,7 +231,11 @@
/* Links */ /* Links */
a { text-decoration: none; } a { text-decoration: none; }
.has-text-color>a, .has-text-color>a,
.has-text-color>a:hover { .has-text-color>a:hover,
.has-text-color>a>strong,
.has-text-color>a:hover>strong,
.has-text-color>a>em,
.has-text-color>a:hover>em {
color: inherit; color: inherit;
} }

View File

@ -30,7 +30,7 @@ if ( post_password_required() ) {
<?php if ( is_user_logged_in() ) { ?> <?php if ( is_user_logged_in() ) { ?>
<span class="text-oslo-gray authenticated ml-sm-3 d-none d-sm-block align-self-center"> <span class="text-oslo-gray authenticated ml-sm-3 d-none d-sm-block align-self-center">
<?php _e( 'Authenticated as:', 'tainacan-interface' ); <?php _e( 'Authenticated as:', 'tainacan-interface' );
echo ' <a href="' . get_author_posts_url( $current_user->ID ) . '">' . $current_user->display_name . '</a>'; ?> echo ' <a href="' . esc_url(get_author_posts_url( $current_user->ID )) . '">' . $current_user->display_name . '</a>'; ?>
<?php } ?> <?php } ?>
</span> </span>
</div> </div>

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -1,5 +1,5 @@
<?php if ( ! is_404() ) : ?> <?php if ( ! is_404() ) : ?>
<footer class="container-fluid p-4 p-sm-5 mt-5 tainacan-footer <?php echo ('tainacan-footer-' . get_theme_mod( 'tainacan_footer_color', 'dark' )) ?>" style="padding-bottom: 0 !important;"> <footer class="container-fluid p-4 p-sm-5 mt-5 tainacan-footer <?php echo esc_attr( ('tainacan-footer-' . get_theme_mod( 'tainacan_footer_color', 'dark' )) ) ?>" style="padding-bottom: 0 !important;">
<?php if ( is_active_sidebar( 'tainacan-sidebar-footer' ) ) { ?> <?php if ( is_active_sidebar( 'tainacan-sidebar-footer' ) ) { ?>
<div class="row tainacan-footer-widgets-area"> <div class="row tainacan-footer-widgets-area">
<ul class="col-12 col-lg pt-3 pb-3 pl-0 pr-0 d-lg-flex flex-wrap justify-content-xs-center mb-md-0"> <ul class="col-12 col-lg pt-3 pb-3 pl-0 pr-0 d-lg-flex flex-wrap justify-content-xs-center mb-md-0">

View File

@ -98,7 +98,7 @@ function tainacan_interface_the_breadcrumb() {
echo $before . $str . $after; echo $before . $str . $after;
} else { } else {
if ( is_archive() ) { if ( is_archive() ) {
$str = __( 'Collections', 'tainacan-interface' ); $str = __( 'Collections', 'tainacan-interface' ) . '&nbsp;';
} else { } else {
$str = $post_type->labels->singular_name; $str = $post_type->labels->singular_name;
} }

View File

@ -71,7 +71,7 @@ class TainacanInterfaceCollectionSettings {
<input <input
type="radio" type="radio"
value="default" value="default"
name="<?php echo $this->tainacan_sections_layout; ?>" name="<?php echo esc_attr($this->tainacan_sections_layout); ?>"
id="default" checked> id="default" checked>
<img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_default.png" alt="<?php _e( 'Default', 'tainacan-interface' ); ?>" /> <img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_default.png" alt="<?php _e( 'Default', 'tainacan-interface' ); ?>" />
<?php _e( 'Default', 'tainacan-interface' ); ?> <?php _e( 'Default', 'tainacan-interface' ); ?>
@ -81,7 +81,7 @@ class TainacanInterfaceCollectionSettings {
<input <input
type="radio" type="radio"
value="tabs" value="tabs"
name="<?php echo $this->tainacan_sections_layout; ?>" name="<?php echo esc_attr($this->tainacan_sections_layout); ?>"
id="tabs"> id="tabs">
<img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_tabs.png" alt="<?php _e( 'Tabs', 'tainacan-interface' ); ?>" /> <img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_tabs.png" alt="<?php _e( 'Tabs', 'tainacan-interface' ); ?>" />
<?php _e( 'Tabs', 'tainacan-interface' ); ?> <?php _e( 'Tabs', 'tainacan-interface' ); ?>
@ -91,7 +91,7 @@ class TainacanInterfaceCollectionSettings {
<input <input
type="radio" type="radio"
value="collapses" value="collapses"
name="<?php echo $this->tainacan_sections_layout; ?>" name="<?php echo esc_attr($this->tainacan_sections_layout); ?>"
id="collapses"> id="collapses">
<img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_collapse.png" alt="<?php _e( 'Collapses', 'tainacan-interface' ); ?>" /> <img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_collapse.png" alt="<?php _e( 'Collapses', 'tainacan-interface' ); ?>" />
<?php _e( 'Collapses', 'tainacan-interface' ); ?> <?php _e( 'Collapses', 'tainacan-interface' ); ?>
@ -101,7 +101,7 @@ class TainacanInterfaceCollectionSettings {
<input <input
type="radio" type="radio"
value="accordion" value="accordion"
name="<?php echo $this->tainacan_sections_layout; ?>" name="<?php echo esc_attr($this->tainacan_sections_layout); ?>"
id="accordion"> id="accordion">
<img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_accordion.png" alt="<?php _e( 'Accordion', 'tainacan-interface' ); ?>" /> <img src="<?php echo esc_url( get_template_directory_uri()); ?>/assets/images/section_accordion.png" alt="<?php _e( 'Accordion', 'tainacan-interface' ); ?>" />
<?php _e( 'Accordion', 'tainacan-interface' ); ?> <?php _e( 'Accordion', 'tainacan-interface' ); ?>
@ -131,7 +131,7 @@ class TainacanInterfaceCollectionSettings {
<div class="column is-one-third-desktop is-full-tablet is-one-third-mobile field tainacan-collection--change-color-picker"> <div class="column is-one-third-desktop is-full-tablet is-one-third-mobile field tainacan-collection--change-color-picker">
<label class="label"><?php _e( 'Background', 'tainacan-interface' ); ?></label> <label class="label"><?php _e( 'Background', 'tainacan-interface' ); ?></label>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input type="text" value="" id="colorpicker" name="<?php echo $this->tainacan_background_color; ?>"> <input type="text" value="" id="colorpicker" name="<?php echo esc_attr($this->tainacan_background_color); ?>">
</div> </div>
</div> </div>
@ -142,7 +142,7 @@ class TainacanInterfaceCollectionSettings {
<input <input
type="radio" type="radio"
value="#fff" value="#fff"
name="<?php echo $this->tainacan_text_color; ?>" name="<?php echo esc_attr($this->tainacan_text_color); ?>"
id="white" checked> id="white" checked>
<?php _e( 'White', 'tainacan-interface' ); ?> <?php _e( 'White', 'tainacan-interface' ); ?>
</label> </label>
@ -151,7 +151,7 @@ class TainacanInterfaceCollectionSettings {
<input <input
type="radio" type="radio"
value="#000" value="#000"
name="<?php echo $this->tainacan_text_color; ?>" name="<?php echo esc_attr($this->tainacan_text_color); ?>"
id="black"> id="black">
<?php _e( 'Black', 'tainacan-interface' ); ?> <?php _e( 'Black', 'tainacan-interface' ); ?>
</label> </label>

View File

@ -328,8 +328,7 @@ function tainacan_color_scheme_css() {
$color_scheme_css = tainacan_get_color_scheme_css( $colors ); $color_scheme_css = tainacan_get_color_scheme_css( $colors );
echo '<style type="text/css" id="custom-theme-css">' . echo '<style type="text/css" id="custom-theme-css">' . $color_scheme_css . '</style>';
$color_scheme_css . '</style>';
} }
add_action( 'wp_head', 'tainacan_color_scheme_css' ); add_action( 'wp_head', 'tainacan_color_scheme_css' );

View File

@ -14,12 +14,12 @@ function tainacan_comments_callback( $comment, $args, $depth ) {
$arg = array( $arg = array(
'class' => 'img-fluid rounded-circle mr-sm-3', 'class' => 'img-fluid rounded-circle mr-sm-3',
); );
echo get_avatar( $comment, 60, '', '', $arg ); echo wp_kses_post( get_avatar( $comment, 60, '', '', $arg ) );
?> ?>
<div class="media-body"> <div class="media-body">
<h5 class="media-heading comment-author vcard ml-2"> <h5 class="media-heading comment-author vcard ml-2">
<a href="<?php echo get_author_posts_url( $comment->user_id ); ?>" class="text-black font-weight-bold bypostauthor"> <a href="<?php echo esc_url(get_author_posts_url( $comment->user_id )); ?>" class="text-black font-weight-bold bypostauthor">
<?php comment_author( $comment->comment_ID ); ?> <?php wp_kses_post( comment_author( $comment->comment_ID ) ); ?>
</a> </a>
<p class="comment-time text-oslo-gray my-sm-1"> <p class="comment-time text-oslo-gray my-sm-1">
<?php <?php
@ -37,21 +37,18 @@ function tainacan_comments_callback( $comment, $args, $depth ) {
<?php _e( 'Your comment is awaiting moderation.','tainacan-interface' ); ?> <?php _e( 'Your comment is awaiting moderation.','tainacan-interface' ); ?>
</p> </p>
<?php endif; ?> <?php endif; ?>
<?php comment_text(); ?> <?php wp_kses_post( comment_text() ); ?>
<?php comment_reply_link( array( <?php wp_kses_post(
comment_reply_link( array(
'reply_text' => __( 'Reply', 'tainacan-interface' ), 'reply_text' => __( 'Reply', 'tainacan-interface' ),
'depth' => $depth, 'depth' => $depth,
'max_depth' => $args['max_depth'], 'max_depth' => $args['max_depth'],
'before' => '<li class="ml-2 reply-link list-inline-item mr-3 mt-2">', 'before' => '<li class="ml-2 reply-link list-inline-item mr-3 mt-2">',
'after' => '</li>', 'after' => '</li>',
)); ))
edit_comment_link( __( 'Edit', 'tainacan-interface' ), '<li class="edit-link list-inline-item mr-3 mt-2">', '</li>' ); );
wp_kses_post( edit_comment_link( __( 'Edit', 'tainacan-interface' ), '<li class="edit-link list-inline-item mr-3 mt-2">', '</li>' ) );
?> ?>
<?php if ( $args['has_children'] ) : ?>
<p>
<!-- <a href="#comments" class="hideChild-comments"><i class="tainacan-icons align-top text-jelly-bean">arrow_drop_up</i><?php _e( 'Hide reply', 'tainacan-interface' ); ?></a> -->
</p>
<?php endif; ?>
</div> </div>
</div> </div>
<?php } <?php }
@ -112,7 +109,7 @@ if ( ! function_exists('tainacan_meta_date_author') ) {
$string = apply_filters( 'tainacan-meta-date-author', $string ); $string = apply_filters( 'tainacan-meta-date-author', $string );
if ( $echo ) { if ( $echo ) {
echo $string; echo wp_kses_post($string);
} else { } else {
return $string; return $string;
} }

View File

@ -20,9 +20,9 @@
?> ?>
<nav <nav
style="min-height: <?php echo esc_attr(get_theme_mod('tainacan_header_min_height', 50)) ?>px;" style="min-height: <?php echo esc_attr(get_theme_mod('tainacan_header_min_height', 50)) ?>px;"
class="navbar navbar-expand-md navbar-light bg-white menu-shadow px-0 navbar--border-bottom <?php echo 'tainacan-header-layout--' . get_theme_mod('tainacan_header_alignment_options', 'default'); ?>"> class="navbar navbar-expand-md navbar-light bg-white menu-shadow px-0 navbar--border-bottom <?php echo 'tainacan-header-layout--' . esc_attr(get_theme_mod('tainacan_header_alignment_options', 'default')); ?>">
<div class="container-fluid max-large px-0 margin-one-column" id="topNavbar"> <div class="container-fluid max-large px-0 margin-one-column" id="topNavbar">
<?php echo tainacan_get_logo(); ?> <?php echo wp_kses_post(tainacan_get_logo()); ?>
<div class="navbar-box"> <div class="navbar-box">
<?php if ( has_nav_menu( 'navMenubelowHeader' ) ) : ?> <?php if ( has_nav_menu( 'navMenubelowHeader' ) ) : ?>
@ -56,7 +56,7 @@
<i class="tainacan-icon tainacan-icon-close"></i> <i class="tainacan-icon tainacan-icon-close"></i>
</button> </button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuLink"> <div class="dropdown-menu" aria-labelledby="dropdownMenuLink">
<?php get_search_form(); ?> <?php wp_kses_post(get_search_form()); ?>
</div> </div>
</div> </div>
<?php endif; ?> <?php endif; ?>
@ -69,5 +69,5 @@
<a href="javascript:" id="return-to-top" style="<?php echo (get_theme_mod( 'tainacan_footer_color', 'dark' ) == 'colored' ? 'background-color: #2c2d2d;' : '') ?>"><i class="tainacan-icon tainacan-icon-arrowup"></i></a> <a href="javascript:" id="return-to-top" style="<?php echo (get_theme_mod( 'tainacan_footer_color', 'dark' ) == 'colored' ? 'background-color: #2c2d2d;' : '') ?>"><i class="tainacan-icon tainacan-icon-arrowup"></i></a>
<?php if ( !is_page_template( 'page-templates/landing.php' ) ) : ?> <?php if ( !is_page_template( 'page-templates/landing.php' ) ) : ?>
<?php tainacan_interface_the_breadcrumb(); ?> <?php wp_kses_post( tainacan_interface_the_breadcrumb() ); ?>
<?php endif; ?> <?php endif; ?>

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.0 MiB

After

Width:  |  Height:  |  Size: 310 KiB

View File

@ -13,7 +13,7 @@
<div class="metadata-title"> <div class="metadata-title">
<p><a href="<?php the_permalink(); ?>"><?php the_title(); ?></a></p> <p><a href="<?php the_permalink(); ?>"><?php the_title(); ?></a></p>
<?php if ( $is_slideshow_available ) : ?> <?php if ( $is_slideshow_available ) : ?>
<a href="?<?php echo $_SERVER['QUERY_STRING'] ?>&slideshow-from=<?php echo $item_index ?>" class="icon slideshow-icon"> <a href="<?php echo esc_url('?' . $_SERVER['QUERY_STRING'] . '&slideshow-from=' . $item_index ); ?>" class="icon slideshow-icon">
<i class="tainacan-icon tainacan-icon-viewgallery tainacan-icon-1-125em"></i> <i class="tainacan-icon tainacan-icon-viewgallery tainacan-icon-1-125em"></i>
</a> </a>
<?php endif; ?> <?php endif; ?>

View File

@ -38,15 +38,15 @@
<div id="item-single-navigation" class="d-flex align-items-center justify-center"> <div id="item-single-navigation" class="d-flex align-items-center justify-center">
<div class="pagination"> <div class="pagination">
<?php echo $previous; ?> <?php echo wp_kses_post($previous); ?>
</div> </div>
<div class="pagination"> <div class="pagination">
<?php echo $next; ?> <?php echo wp_kses_post($next); ?>
</div> </div>
</div> </div>
<div style="margin: 0 4.1666667%" class="pagination"> <div style="margin: 0 4.1666667%" class="pagination">
<a class="d-inline-flex align-items-center" href="<?php echo tainacan_get_source_item_list_url(); ?>"> <a class="d-inline-flex align-items-center" href="<?php echo esc_url(tainacan_get_source_item_list_url()); ?>">
<i class="tainacan-icon tainacan-icon-viewtable tainacan-icon-1-25em"></i>&nbsp;&nbsp;<span><?php echo __('Back to items list', 'tainacan-interface') ?></span> <i class="tainacan-icon tainacan-icon-viewtable tainacan-icon-1-25em"></i>&nbsp;&nbsp;<span><?php echo __('Back to items list', 'tainacan-interface') ?></span>
</a> </a>
</div> </div>