tmdinosaurcenter
/
tainacan
mirror of https://github.com/tainacan/tainacan
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Correct usage of wp_kses in dynamic items and carousel blocks.

This commit is contained in:
mateuswetah 2024-05-20 16:42:33 -03:00
parent 41d6808609
commit af1e988430
1 changed files with 71 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
src/classes/theme-helper/class-tainacan-theme-helper.php
View File

@ -499,9 +499,14 @@ class Theme_Helper {
// Passes arguments to custom props // Passes arguments to custom props
if ($args) { if ($args) {
foreach ($args as $key => $value) { foreach ($args as $key => $value) {
if ($value == true || $value == 'true') { if (is_bool($value))
$props .= str_replace('_', '-', $key) . '="' . $value . '" '; $value = $value ? 'true' : 'false';
} // Changes from PHP '_' notation to HTML '-' notation
$key_attr = str_replace('_', '-', $key);
if ( $key !== 'class' && $key !== 'style' && $key !== 'id' && strpos($key, 'data-') === false )
$key_attr = 'data-' . $key_attr;
$props .= sprintf("%s='%s' ", $key_attr, esc_attr($value));
} }
} }
@ -1096,36 +1101,39 @@ class Theme_Helper {
$value = $value ? 'true' : 'false'; $value = $value ? 'true' : 'false';
// Changes from PHP '_' notation to HTML '-' notation // Changes from PHP '_' notation to HTML '-' notation
$key_attr = str_replace('_', '-', $key); $key_attr = str_replace('_', '-', $key);
if ( $key !== 'class' && $key !== 'style' && $key !== 'id' && strpos($key, 'data-') === false )
$key_attr = 'data-' . $key_attr;
$props .= sprintf("%s='%s' ", $key_attr, esc_attr($value)); $props .= sprintf("%s='%s' ", $key_attr, esc_attr($value));
} }
$allowed_html = [ $allowed_html = [
'div' => [ 'div' => [
'id', 'id' => true,
'class', 'class' => true,
'style', 'style' => true,
'data-module', 'data-module' => true,
'data-search-url', 'data-search-url' => true,
'data-selected-items', 'data-selected-items' => true,
'data-arrows-position', 'data-arrows-position' => true,
'data-load-strategy', 'data-load-strategy' => true,
'data-collection-id', 'data-collection-id' => true,
'data-auto-play', 'data-auto-play' => true,
'data-auto-play-speed', 'data-auto-play-speed' => true,
'data-loop-slides', 'data-loop-slides' => true,
'data-hide-title', 'data-hide-title' => true,
'data-large-arrows', 'data-large-arrows' => true,
'data-arrows-style', 'data-arrows-style' => true,
'data-image-size', 'data-image-size' => true,
'data-show-collection-header', 'data-show-collection-header' => true,
'data-show-collection-label', 'data-show-collection-label' => true,
'data-collection-background-color', 'data-collection-background-color' => true,
'data-collection-text-color', 'data-collection-text-color' => true,
'data-max-items-number', 'data-max-items-number' => true,
'data-max-items-per-screen', 'data-max-items-per-screen' => true,
'data-space-between-items', 'data-space-between-items' => true,
'data-space-around-carousel', 'data-space-around-carousel' => true,
'data-tainacan-api-root' 'data-tainacan-api-root' => true
] ]
]; ];
@ -1204,46 +1212,49 @@ class Theme_Helper {
$value = $value ? 'true' : 'false'; $value = $value ? 'true' : 'false';
// Changes from PHP '_' notation to HTML '-' notation // Changes from PHP '_' notation to HTML '-' notation
$key_attr = str_replace('_', '-', $key); $key_attr = str_replace('_', '-', $key);
if ( $key !== 'class' && $key !== 'style' && $key !== 'id' && strpos($key, 'data-') === false )
$key_attr = 'data-' . $key_attr;
$props .= sprintf("%s='%s' ", $key_attr, esc_attr($value)); $props .= sprintf("%s='%s' ", $key_attr, esc_attr($value));
} }
$allowed_html = [ $allowed_html = [
'div' => [ 'div' => [
'data-module', 'data-module' => true,
'data-search-url', 'data-search-url' => true,
'data-selected-items', 'data-selected-items' => true,
'data-collection-id', 'data-collection-id' => true,
'data-show-image', 'data-show-image' => true,
'data-show-name', 'data-show-name' => true,
'data-show-search-bar', 'data-show-search-bar' => true,
'data-show-collection-header', 'data-show-collection-header' => true,
'data-show-collection-label', 'data-show-collection-label' => true,
'data-image-size', 'data-image-size' => true,
'data-layout', 'data-layout' => true,
'data-load-strategy', 'data-load-strategy' => true,
'data-mosaic-height', 'data-mosaic-height' => true,
'data-mosaic-density', 'data-mosaic-density' => true,
'data-mosaic-grid-rows', 'data-mosaic-grid-rows' => true,
'data-mosaic-grid-columns', 'data-mosaic-grid-columns' => true,
'data-mosaic-item-focal-point-x', 'data-mosaic-item-focal-point-x' => true,
'data-mosaic-item-focal-point-y', 'data-mosaic-item-focal-point-y' => true,
'data-max-columns-count', 'data-max-columns-count' => true,
'data-collection-background-color', 'data-collection-background-color' => true,
'data-collection-text-color', 'data-collection-text-color' => true,
'data-grid-margin', 'data-grid-margin' => true,
'data-max-items-number', 'data-max-items-number' => true,
'data-order', 'data-order' => true,
'data-order-by', 'data-order-by' => true,
'data-order-by-meta-key', 'data-order-by-meta-key' => true,
'data-tainacan-view-mode', 'data-tainacan-view-mode' => true,
'data-tainacan-api-root', 'data-tainacan-api-root' => true,
'id', 'id' => true,
'class', 'class' => true,
'style' 'style' => true
] ]
]; ];
return wp_kses( "<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>", $allowed_html ); return wp_kses("<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>", $allowed_html );
} }
/** /**