Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2646936

Timestamp:

12/20/2021 06:43:21 PM (4 years ago)

Author:

IT-RAYS

Message:

Fixed security issues

Location:

rays-grid/tags/1.3.0/includes

Files:

: 3 edited

admin/views/header.php (modified) (1 diff)
class-base.php (modified) (2 diffs)
display-field.php (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

rays-grid/tags/1.3.0/includes/admin/views/header.php

r2646656	r2646936
25	25	echo '<div class="'.esc_attr(RSGD_SLUG).'-form">';
26	26
27		echo '<form action="'.esc_url(admin_url().'admin.php?page='.esc_attr(RSGD_PFX).$strs).'"'.~~$sync~~.' method="post" class="'.esc_attr($cl).'" novalidate>';
	27	echo '<form action="'.esc_url(admin_url().'admin.php?page='.esc_attr(RSGD_PFX).$strs).'"'.wp_kses($sync, true).' method="post" class="'.esc_attr($cl).'" novalidate>';
28	28
29	29	echo '<div class="rsgd_logo">';

rays-grid/tags/1.3.0/includes/class-base.php

-                      r2646656
+                      r2646936
         echo '<ul class="rsgd_tabs">';
             foreach ($this->rsgd_sections as $section_slug => $section) {
                 echo '<li><a href="#' . esc_attr($section_slug) . '">' . $section . '</a></li>';
+                echo '<li><a href="#' . esc_attr($section_slug) . '">' . wp_kses($section, true) . '</a></li>';
+            }
         echo '</ul>';
 …
         if( $type != 'hidden' ){
             echo '<div class="item form-group"'.$dep_element.$dep_value.'>';
+            echo '<div class="item form-group"'.wp_kses($dep_element, true).wp_kses($dep_value, true).'>';
                 echo '<div class="lbl"><label class="opt-lbl">' . esc_html($config_data['title']) . '</label><small class="description">' . esc_html($config_data['description']) . '</small></div>';
                 echo '<div class="control-input">';

rays-grid/tags/1.3.0/includes/display-field.php

r2643762	r2646936
53	53	$tgno = ' (' . $tg->count . ' Items)';
54	54	}
55		echo "<option value='" . esc_attr($tg->slug) . "'>" . ~~$tg->name . $tgno~~ . "</option>";
	55	echo "<option value='" . esc_attr($tg->slug) . "'>" . wp_kses($tg->name . $tgno, true) . "</option>";
56	56	}
57	57	$output.= "</select>";
…	…
136	136	echo '<select multiple="multiple" data-nam="' . esc_attr($name) . '" class="dep-inp form-control">';
137	137	foreach ($choices as $key => $value) {
138		echo '<option value="' . esc_attr($key) . '">' . ~~$value~~ . '</option>';
	138	echo '<option value="' . esc_attr($key) . '">' . wp_kses($value, true) . '</option>';
139	139	}
140	140	echo '</select>';
…	…
154	154	$terms = get_terms( $tax, array( 'hide_empty' => false ));
155	155	if ( ! empty( $terms ) && ! is_wp_error( $terms ) ){
156		echo '<option class="'.esc_attr($tax).' dis_opt" data-type="'.esc_attr($post_typ).'" disabled> -- '.~~$tax~~.' -- </option>';
	156	echo '<option class="'.esc_attr($tax).' dis_opt" data-type="'.esc_attr($post_typ).'" disabled> -- '.wp_kses($tax, true).' -- </option>';
157	157	foreach ( $terms as $term ) {
158		echo '<option class="'.esc_attr($tax).'" data-type="'.esc_attr($post_typ).'" value="'.esc_attr($tax).'\|\|'.esc_attr($term->slug).'\|\|'.esc_attr($term->name).'\|\|'.esc_attr($term->count).'">'.~~$term->name.' ('.$term->count.' Items)'. ' [ Slug: '.$term->slug~~.']</option>';
	158	echo '<option class="'.esc_attr($tax).'" data-type="'.esc_attr($post_typ).'" value="'.esc_attr($tax).'\|\|'.esc_attr($term->slug).'\|\|'.esc_attr($term->name).'\|\|'.esc_attr($term->count).'">'.wp_kses($term->name, true).' ('.wp_kses($term->count, true).' Items)'. ' [ Slug: '.wp_kses($term->slug, true).']</option>';
159	159	}
160	160	}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 2646936

Legend:

rays-grid/tags/1.3.0/includes/admin/views/header.php

rays-grid/tags/1.3.0/includes/class-base.php

rays-grid/tags/1.3.0/includes/display-field.php

Download in other formats: