From d5cbe43b9697eb062dac9f7af0eb40ee87c5b500 Mon Sep 17 00:00:00 2001
From: Leo Germani <leogermani@gmail.com>
Date: Mon, 1 Oct 2018 13:52:21 -0300
Subject: [PATCH] escaping get_theme_mod

---
 src/footer.php               |  2 +-
 src/functions/customizer.php | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/footer.php b/src/footer.php
index e2d3fc5..c24ead7 100644
--- a/src/footer.php
+++ b/src/footer.php
@@ -40,7 +40,7 @@ if ( get_option( 'blogphone' ) ) {
 				</p>
 			</div>
 			<div class="col-auto pr-0 pr-md-3 d-none d-md-block align-self-md-top">
-					<img src="<?php if ( get_theme_mod( 'footer_logo' ) ) { echo get_theme_mod( 'footer_logo' ); } ?>" class="tainacan-footer-info--logo" alt="">
+					<img src="<?php if ( get_theme_mod( 'footer_logo' ) ) { echo esc_attr(get_theme_mod( 'footer_logo' )); } ?>" class="tainacan-footer-info--logo" alt="">
 			</div>
 			<div class="col-12 tainacan-powered">
 				<span>
diff --git a/src/functions/customizer.php b/src/functions/customizer.php
index b73c630..4e09681 100644
--- a/src/functions/customizer.php
+++ b/src/functions/customizer.php
@@ -351,9 +351,9 @@ if ( ! function_exists( 'tainacan_get_color_scheme' ) ) :
 	 * @return array An associative array of either the current or default color scheme HEX values.
 	 */
 	function tainacan_get_color_scheme() {
-		$color_scheme_option = get_theme_mod( 'color_scheme', 'default' );
-		$link_color = get_theme_mod( 'link_color', 'default' );
-		$tooltip_color = get_theme_mod( 'tooltip_color', 'default' );
+		$color_scheme_option = esc_attr(get_theme_mod( 'color_scheme', 'default' ));
+		$link_color = esc_attr(get_theme_mod( 'link_color', 'default' ));
+		$tooltip_color = esc_attr(get_theme_mod( 'tooltip_color', 'default' ));
 		$color_schemes       = tainacan_get_color_schemes();
 
 		if ( array_key_exists( $color_scheme_option, $color_schemes ) ) {
@@ -423,7 +423,7 @@ endif; // tainacan_sanitize_color_scheme
  * @see wp_add_inline_style()
  */
 function tainacan_color_scheme_css() {
-	$color_scheme_option = get_theme_mod( 'color_scheme', 'default' );
+	$color_scheme_option = esc_attr(get_theme_mod( 'color_scheme', 'default' ));
 
 	// Don't do anything if the default color scheme is selected.
 	//if ( 'default' == $color_scheme_option ) {
@@ -693,7 +693,7 @@ add_action( 'customize_controls_print_footer_scripts', 'tainacan_color_scheme_cs
 function tainacan_link_color_css() {
 	$color_scheme    = tainacan_get_color_scheme();
 	$default_color   = $color_scheme[2];
-	$link_color = get_theme_mod( 'link_color', $default_color );
+	$link_color = esc_attr(get_theme_mod( 'link_color', $default_color ));
 
 	// Don't do anything if the current color is the default.
 	if ( $link_color === $default_color ) {
@@ -764,7 +764,7 @@ add_action( 'wp_enqueue_scripts', 'tainacan_tooltip_color_css', 11 );
 function tainacan_secondary_text_color_css() {
 	$color_scheme    = tainacan_get_color_scheme();
 	$default_color   = $color_scheme[2];
-	$secondary_text_color = get_theme_mod( 'secondary_text_color', $default_color );
+	$secondary_text_color = esc_attr(get_theme_mod( 'secondary_text_color', $default_color ));
 
 	// Don't do anything if the current color is the default.
 	if ( $secondary_text_color === $default_color ) {