Changeset 3042775
- Timestamp:
- 02/28/2024 07:53:27 PM (2 years ago)
- Location:
- soundcloud-shortcode
- Files:
-
- 5 added
- 2 edited
-
tags/4.0.2 (added)
-
tags/4.0.2/assets (added)
-
tags/4.0.2/assets/soundcloud-admin.css (added)
-
tags/4.0.2/readme.txt (added)
-
tags/4.0.2/soundcloud-shortcode.php (added)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/soundcloud-shortcode.php (modified) (38 diffs)
Legend:
- Unmodified
- Added
- Removed
-
soundcloud-shortcode/trunk/readme.txt
r3027304 r3042775 3 3 Tags: soundcloud, shortcode 4 4 Requires at least: 3.1.0 5 Tested up to: 6.4. 26 Stable tag: 4.0. 15 Tested up to: 6.4.3 6 Stable tag: 4.0.2 7 7 Requires PHP: 5.6 8 8 License: GPLv2 or later … … 35 35 == Installation == 36 36 37 1. Upload `soundcloud-shortcode` to your plug -indirectory or install it from the WordPress Plugin Repository37 1. Upload `soundcloud-shortcode` to your plugins directory or install it from the WordPress Plugin Repository 38 38 2. Activate the plugin through the 'Plugins' menu in WordPress 39 39 40 40 == Changelog == 41 42 = 4.0.2 = 43 * Updated sanitization of potential inputs from both admin and directly within shortcode 44 * Minor coding-standards tweaks and normalization 45 * Updated `Supports` version 41 46 42 47 = 4.0.1 = -
soundcloud-shortcode/trunk/soundcloud-shortcode.php
r3027304 r3042775 1 1 <?php 2 /* 2 /** 3 3 * Plugin Name: SoundCloud Shortcode 4 4 * Plugin URI: http://wordpress.org/extend/plugins/soundcloud-shortcode/ 5 5 * Description: Converts SoundCloud WordPress shortcodes to a SoundCloud widget. 6 * Version: 4.0. 16 * Version: 4.0.2 7 7 * Author: SoundCloud Inc., Lawrie Malen 8 8 * Author URI: http://soundcloud.com … … 14 14 * Requires at least: 3.1.0 15 15 * Domain Path: /languages 16 17 Original version: Johannes Wagener <johannes@soundcloud.com> 18 Options support: Tiffany Conroy <tiffany@soundcloud.com> 19 HTML5 & oEmbed support: Tim Bormans <tim@soundcloud.com> 20 PHP8 compatibility, refactoring & modernisation: Lawrie Malen <soundcloud@indextwo.net> 21 22 SoundCloud Shortcode is free software: you can redistribute it and/or modify 23 it under the terms of the GNU General Public License as published by 24 the Free Software Foundation, either version 2 of the License, or 25 any later version. 26 27 SoundCloud Shortcode is distributed in the hope that it will be useful, 28 but WITHOUT ANY WARRANTY; without even the implied warranty of 29 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 30 GNU General Public License for more details. 31 32 You should have received a copy of the GNU General Public License 33 along with SoundCloud Shortcode. If not, see https://www.gnu.org/licenses/gpl-2.0.html 34 */ 16 * 17 * @package soundcloud-shortcode 18 * 19 * Original version: Johannes Wagener <johannes@soundcloud.com> 20 * Options support: Tiffany Conroy <tiffany@soundcloud.com> 21 * HTML5 & oEmbed support: Tim Bormans <tim@soundcloud.com> 22 * PHP8 compatibility, refactoring, sanitization & modernisation: Lawrie Malen <soundcloud@indextwo.net> 23 * 24 * SoundCloud Shortcode is free software: you can redistribute it and/or modify 25 * it under the terms of the GNU General Public License as published by 26 * the Free Software Foundation, either version 2 of the License, or 27 * any later version. 28 * 29 * SoundCloud Shortcode is distributed in the hope that it will be useful, 30 * but WITHOUT ANY WARRANTY; without even the implied warranty of 31 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 32 * GNU General Public License for more details. 33 * 34 * You should have received a copy of the GNU General Public License 35 * along with SoundCloud Shortcode. If not, see https://www.gnu.org/licenses/gpl-2.0.html 36 */ 35 37 36 38 if (!defined('ABSPATH')) { 37 exit; // Exit if accessed directly 38 } 39 40 /* 41 Register oEmbed provider 39 exit; // Exit if accessed directly. 40 } 41 42 /** 43 * Register oEmbed provider 42 44 */ 43 45 44 46 wp_oembed_add_provider('#https?://(?:api\.)?soundcloud\.com/.*#i', 'http://soundcloud.com/oembed', true); 45 47 46 47 /* 48 Register SoundCloud shortcode 48 /** 49 * Register SoundCloud shortcode 49 50 */ 50 51 … … 52 53 53 54 /** 55 * 54 56 * SoundCloud shortcode handler 55 57 * @param {string|array} $atts The attributes passed to the shortcode like [soundcloud attr1="value" /]. 56 58 * Is an empty string when no arguments are given. 57 59 * @param {string} $content The content between non-self closing [soundcloud]…[/soundcloud] tags. 58 * @return {string} Widget embed code HTML 60 * @return {string} Widget embed code HTML. 59 61 */ 60 62 … … 77 79 78 80 $player_type = soundcloud_get_option('player_type'); 79 $is Visual = ($player_type === 'visual');81 $is_visual = ($player_type === 'visual'); 80 82 81 83 // User preference options … … 88 90 } 89 91 90 $params_array['visual'] = ($isVisual ? 'true' : 'false'); 91 92 $plugin_options = array_filter(array( 93 'width' => soundcloud_get_option('player_width'), 94 'height' => soundcloud_url_has_tracklist($shortcode_options['url']) ? soundcloud_get_option('player_height_multi') : soundcloud_get_option('player_height'), 95 'params' => $params_array, 96 )); 92 $params_array['visual'] = ($is_visual ? 'true' : 'false'); 93 94 $plugin_options = array_filter( 95 array( 96 'width' => soundcloud_get_option('player_width'), 97 'height' => soundcloud_url_has_tracklist($shortcode_options['url']) ? soundcloud_get_option('player_height_multi') : soundcloud_get_option('player_height'), 98 'params' => $params_array, 99 ) 100 ); 97 101 98 102 // Needs to be an array … … 134 138 // Merge in "url" value 135 139 136 $options['params'] = array_merge(array( 137 'url' => $options['url'] 138 ), $options['params']); 140 $options['params'] = array_merge( 141 array( 142 'url' => $options['url'], 143 ), 144 $options['params'] 145 ); 139 146 140 147 // Apply a filter to the options 141 148 142 149 $options = apply_filters('soundcloud_shortcode_options', $options); 150 151 // Now let's clean EVERYTHING 152 153 $param_sanitization_array = soundcloud_safe_shortcode_params(); 154 155 // This *modifies* the passed array rather than returning it 156 157 soundcloud_sanitize_array($options, $param_sanitization_array); 158 159 // Now let's sanitize them all AGAIN 160 161 foreach ($param_sanitization_array as $key=>$type) { 162 $value = $options[$key]; 163 164 if (is_array($type)) { 165 $child_array = $type; 166 167 foreach ($child_array as $param_key=>$param_type) { 168 $param_value = $options[$key][$param_key]; 169 170 $sanitize_function = 'soundcloud_sanitize_' . $param_type; 171 $param_value = call_user_func($sanitize_function, $param_value); 172 173 $options[$key][$param_key] = esc_attr($param_value); 174 } 175 } else { 176 $sanitize_function = 'soundcloud_sanitize_' . $type; 177 $value = call_user_func($sanitize_function, $value); 178 179 $options[$key] = esc_attr($value); 180 } 181 } 143 182 144 183 // Return iframe embed code … … 171 210 } 172 211 173 /* 174 Sanitization functions 212 /** 213 * Sanitize a number 214 * @param {mixed} $data Original value (either from plugin options or shortcode) 215 * @return {mixed} Sanitized value 175 216 */ 176 217 … … 191 232 } 192 233 234 /** 235 * Sanitize a 'type' 236 * @param {mixed} $data Original value (either from plugin options or shortcode) 237 * @return {mixed} Sanitized value 238 */ 239 193 240 function soundcloud_sanitize_type($data) { 194 241 // `html5` isn't a real option, but we're keeping it for backward compatibility … … 200 247 return $data; 201 248 } 249 250 /** 251 * Sanitize a boolean 252 * @param {mixed} $data Original value (either from plugin options or shortcode) 253 * @return {mixed} Sanitized value 254 */ 202 255 203 256 function soundcloud_sanitize_bool($data) { … … 209 262 } 210 263 264 /** 265 * Sanitize a hex value 266 * @param {mixed} $data Original value (either from plugin options or shortcode) 267 * @return {mixed} Sanitized value 268 */ 269 211 270 function soundcloud_sanitize_hex($data) { 212 271 // Force hex sanitization on the submitted string & removes the hash. It *is* valid in SoundCloud's options, but not necessary … … 219 278 } 220 279 221 /* 222 Return an array of fields and field types for sanitization 280 /** 281 * Sanitize a URL to ensure it only allows soundcloud.com 282 * @param {mixed} $data Original value (either from plugin options or shortcode) 283 * @return {mixed} Sanitized value 284 */ 285 286 function soundcloud_sanitize_url($data) { 287 $is_soundcloud = soundcloud_check_domain($data); 288 289 if ($is_soundcloud) { 290 return $data; 291 } 292 293 return ''; 294 } 295 296 /** 297 * Return an array of fields and field types for sanitization 223 298 */ 224 299 … … 244 319 } 245 320 246 /* 247 Fetch the saved parameters 321 /** 322 * Return an array of 'safe' parameters used by the shortcode: we can discard any keys that don't match, and use the value to sanitize the attribute 323 */ 324 325 function soundcloud_safe_shortcode_params() { 326 return array( 327 'width' => 'number', 328 'height' => 'number', 329 'url' => 'url', 330 'params' => array( 331 'url' => 'url', 332 'player_height' => 'number', 333 'player_height_multi' => 'number', 334 'player_width' => 'number', 335 'player_type' => 'type', 336 'color' => 'hex', 337 'auto_play' => 'bool', 338 'show_comments' => 'bool', 339 'show_user' => 'bool', 340 'buying' => 'bool', 341 'sharing' => 'bool', 342 'download' => 'bool', 343 'show_artwork' => 'bool', 344 'show_playcount' => 'bool', 345 'hide_related' => 'bool', 346 ), 347 ); 348 } 349 350 /** 351 * Sanitize the passed shortcode params to make sure they only match what's in the 'safe params' list 352 * @param {array} $options The array of shortcode options to modify 353 * @param {array} $check_array The array of allowed shortcode keys to check against 354 */ 355 356 function soundcloud_sanitize_array(&$options, $check_array) { 357 foreach ($options as $key => &$value) { 358 if (is_array($value)) { 359 if (isset($check_array[$key])) { 360 soundcloud_sanitize_array($value, $check_array[$key]); 361 } else { 362 unset($options[$key]); 363 } 364 } elseif (!isset($key, $check_array[$key])) { 365 unset($options[$key]); 366 } 367 } 368 } 369 370 /** 371 * Fetch the saved parameters 248 372 */ 249 373 … … 265 389 } 266 390 267 /* 268 Make sure any passed URL is actually from soundcloud 391 /** 392 * Make sure any passed URL is actually from soundcloud 393 * @param {mixed} $url URL passed to the shortcode 394 * @return {bool} Whether it's a valid soundcloud.com URL 269 395 */ 270 396 … … 286 412 } 287 413 288 /* 289 Enqueue plugin CSS 414 /** 415 * Enqueue plugin CSS 416 * @param {string} $hook The name of the page this function is called on 290 417 */ 291 418 … … 293 420 global $post; 294 421 295 $scriptPath = plugin_dir_path(__FILE__) . '/assets/'; 296 $scriptURI = plugins_url('/assets/', __FILE__); 297 298 /// 299 // CSS for admin settings page 300 /// 422 $script_path = plugin_dir_path(__FILE__) . '/assets/'; 423 $script_uri = plugins_url('/assets/', __FILE__); 301 424 302 425 if ($hook == 'settings_page_soundcloud-shortcode') { 303 wp_enqueue_style('soundcloud-admin', $script URI . '/soundcloud-admin.css', array(), filemtime($scriptPath . '/soundcloud-admin.css'));426 wp_enqueue_style('soundcloud-admin', $script_uri . '/soundcloud-admin.css', array(), filemtime($script_path . '/soundcloud-admin.css')); 304 427 } 305 428 } … … 309 432 /** 310 433 * Booleanize a value 311 * @param {boolean|string} $value 312 * @return {boolean} 434 * @param {boolean|string} $value The intended value for a string boolean ('true'|'false') 435 * @return {boolean} Actual boolean 313 436 */ 314 437 … … 318 441 319 442 /** 320 * Decide if a urlhas a tracklist321 * @param {string} $url 322 * @return {boolean} 443 * Decide if a URL has a tracklist 444 * @param {string} $url SoundCloud URL 445 * @return {boolean} Whether the passed URL is for a playlist 323 446 */ 324 447 … … 328 451 329 452 /** 330 * Parameterize url453 * Parameterize URL 331 454 * @param {array} $match Matched regex 332 * @return {string} Parameterized url455 * @return {string} Parameterized URL 333 456 */ 334 457 … … 352 475 353 476 /** 354 * iframe widgetembed code477 * Widget iframe embed code 355 478 * @param {array} $options Parameters 356 * @return {string} iframe embed code479 * @return {string} The iframe embed code 357 480 */ 358 481 … … 379 502 } 380 503 381 /* 382 ################### 383 Settings 384 ################### 385 */ 386 387 /* 388 Add settings link on Plugins menu 504 /** 505 * Add settings link on Plugins menu 506 * @param {array} $links Array of current WP settings links 507 * @return {array} Array of WP settings links 389 508 */ 390 509 … … 397 516 add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'soundcloud_settings_link'); 398 517 399 /* 400 518 /** 519 * Add admin menu 401 520 */ 402 521 … … 408 527 add_action('admin_menu', 'soundcloud_shortcode_options_menu'); 409 528 410 /* 411 529 /** 530 * Register settings 412 531 */ 413 532 … … 418 537 } 419 538 420 /* 421 539 /** 540 * Settings Page 422 541 */ 423 542 424 543 function soundcloud_shortcode_options() { 425 544 if (!current_user_can('manage_options')) { 426 wp_die( __('You do not have sufficient permissions to access this page.'));427 } 428 429 $number Helper = 'Enter either a number in pixels, e.g. <code>166</code>, or a percentage; e.g. <code>50%</code>. Leave blank to use the default SoundCloud option.';545 wp_die(esc_html(__('You do not have sufficient permissions to access this page.'))); 546 } 547 548 $number_helper = 'Enter either a number in pixels, e.g. <code>166</code>, or a percentage; e.g. <code>50%</code>. Leave blank to use the default SoundCloud option.'; 430 549 431 550 ?> … … 434 553 <h2 class="soundcloud-title"> 435 554 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="50" height="50" viewBox="0 0 50 50" preserveAspectRatio="xMinYMin meet"> 436 555 <path fill="#FF5500" d="M24.6 14.55 Q24.35 14.55 24.2 14.8 L24 15.35 23.6 24.75 24 30.8 24.2 31.35 Q24.35 31.55 24.6 31.55 L25.05 31.35 25.25 30.9 25.6 24.75 25.25 15.25 25.1 14.85 25.05 14.8 Q24.85 14.55 24.6 14.55 M50 25 Q50 35.35 42.65 42.65 35.35 50 25 50 14.6 50 7.3 42.65 0 35.35 0 25 0 14.6 7.3 7.3 14.6 0 25 0 35.35 0 42.65 7.3 50 14.6 50 25 M45.35 22.6 Q43.8 21.05 41.6 21.05 L39.55 21.45 Q39.4 19.7 38.6 18.15 37.85 16.6 36.6 15.45 L34.85 14.15 33.75 13.65 Q32.1 13 30.3 13 28.55 13 26.95 13.6 L26.55 13.85 Q26.4 14 26.4 14.25 L26.4 30.95 26.6 31.4 Q26.75 31.55 27 31.55 L41.6 31.55 Q43.8 31.55 45.35 30.05 46.85 28.5 46.85 26.3 46.85 24.15 45.35 22.6 M13.9 18.3 L13.85 18.25 13.4 18.05 Q13.15 18.05 13 18.25 L12.8 18.7 12.4 26.15 12.8 31 13 31.4 13.4 31.55 13.85 31.4 14.05 31.05 14.05 31 14.4 26.15 14.05 18.6 13.9 18.3 M18.6 16.75 L18.4 17.25 18 25.55 18.4 30.9 18.6 31.35 Q18.75 31.55 19 31.55 L19.45 31.35 19.65 30.95 19.65 30.9 20 25.55 19.65 17.15 19.5 16.8 19.45 16.75 19 16.55 Q18.75 16.55 18.6 16.75 M16.65 16.5 L16.2 16.35 Q15.95 16.35 15.75 16.5 L15.75 16.55 Q15.55 16.7 15.55 17 L15.2 26.45 15.55 30.95 15.75 31.4 16.2 31.55 16.65 31.4 16.9 30.95 16.9 30.9 17.2 26.45 16.9 17 16.7 16.55 16.65 16.5 M7.35 20.75 L7.25 20.95 7.2 21.05 6.8 26.1 6.8 26.15 7.2 31.05 7.25 31.1 7.35 31.3 7.4 31.45 7.75 31.55 8.1 31.5 8.25 31.3 8.3 31.05 8.3 31 8.8 26.15 8.8 26.1 8.3 21.05 8.2 20.75 7.75 20.55 7.35 20.75 M10.05 21.7 L10 21.8 9.6 26.5 9.6 26.55 10 31.1 10.05 31.15 10.15 31.35 10.2 31.45 10.55 31.55 10.9 31.5 11.05 31.35 11.1 31.1 11.1 31.05 11.6 26.55 11.6 26.5 11.1 21.8 11 21.5 10.55 21.3 10.15 21.5 10.05 21.7 M4.95 22.1 Q4.75 22.1 4.65 22.25 L4.45 22.45 4 25.65 4 25.7 4.45 28.85 4.65 29.05 4.95 29.1 5.3 29.05 5.45 28.85 5.45 28.8 6 25.7 6 25.65 5.45 22.45 5.3 22.25 Q5.15 22.1 4.95 22.1 M22.4 18.1 L22.3 17.8 22.25 17.75 21.75 17.55 Q21.55 17.55 21.4 17.75 21.15 17.9 21.15 18.2 L20.8 25.95 21.15 30.95 Q21.15 31.25 21.4 31.35 21.55 31.55 21.75 31.55 L22.25 31.35 22.4 31 22.4 30.95 22.8 25.95 22.4 18.1"/> 437 556 </svg> 438 557 … … 466 585 <td> 467 586 <?php 468 ///469 587 // Confusing, but: for the sake of legacy support, the 'non-visual' option is staying as 'html5' 470 /// 588 589 $visual_checked = ''; 590 $html5_checked = ''; 591 592 if (!soundcloud_get_option('player_type') || strtolower(soundcloud_get_option('player_type')) === 'visual') { 593 $visual_checked = 'checked'; 594 } 595 596 if (strtolower(soundcloud_get_option('player_type')) === 'html5') { 597 $html5_checked = 'checked'; 598 } 471 599 ?> 472 600 <div> 473 <input type="radio" id="player_type_visual" name="soundcloud_player_type" value="visual" <?php if (!soundcloud_get_option('player_type') || strtolower(soundcloud_get_option('player_type')) === 'visual') echo 'checked'; ?> />601 <input type="radio" id="player_type_visual" name="soundcloud_player_type" value="visual" <?php echo esc_attr($visual_checked); ?> /> 474 602 <label for="player_type_visual" class="radio-label"> 475 603 Visual (show artwork) … … 478 606 479 607 <div> 480 <input type="radio" id="player_type_html5" name="soundcloud_player_type" value="html5" <?php if (strtolower(soundcloud_get_option('player_type')) === 'html5') echo 'checked'; ?> />608 <input type="radio" id="player_type_html5" name="soundcloud_player_type" value="html5" <?php echo esc_attr($html5_checked); ?> /> 481 609 <label for="player_type_html5" class="radio-label"> 482 610 Standard (no artwork) … … 492 620 493 621 <td> 494 <input type="text" name="soundcloud_player_height" value="<?php echo soundcloud_get_option('player_height'); ?>" />622 <input type="text" name="soundcloud_player_height" value="<?php echo esc_attr(soundcloud_get_option('player_height')); ?>" /> 495 623 <p class="description"> 496 <?php echo $numberHelper; ?>624 <?php echo esc_html($number_helper); ?> 497 625 </p> 498 626 </td> … … 505 633 506 634 <td> 507 <input type="text" name="soundcloud_player_height_multi" value="<?php echo soundcloud_get_option('player_height_multi'); ?>" />635 <input type="text" name="soundcloud_player_height_multi" value="<?php echo esc_attr(soundcloud_get_option('player_height_multi')); ?>" /> 508 636 <p class="description"> 509 <?php echo $numberHelper; ?>637 <?php echo esc_html($number_helper); ?> 510 638 </p> 511 639 </td> … … 518 646 519 647 <td> 520 <input type="text" name="soundcloud_player_width" value="<?php echo soundcloud_get_option('player_width'); ?>" />648 <input type="text" name="soundcloud_player_width" value="<?php echo esc_attr(soundcloud_get_option('player_width')); ?>" /> 521 649 <p class="description"> 522 <?php echo $numberHelper; ?>650 <?php echo esc_html($number_helper); ?> 523 651 </p> 524 652 </td> … … 537 665 # 538 666 </span> 539 <input type="text" name="soundcloud_color" value="<?php echo $color; ?>" />667 <input type="text" name="soundcloud_color" value="<?php echo esc_attr($color); ?>" /> 540 668 541 669 <span class="desc"> … … 550 678 <div class="sc-preview"> 551 679 <svg width="200" height="43" viewBox="0 0 200 43" xmlns="http://www.w3.org/2000/svg"> 552 <circle fill="#<?php echo $color; ?>" cx="21.5" cy="21.5" r="21"></circle>680 <circle fill="#<?php echo esc_attr($color); ?>" cx="21.5" cy="21.5" r="21"></circle> 553 681 <circle fill="#000" fill-opacity="0.08" cx="21.5" cy="21.5" r="21"></circle> 554 682 … … 557 685 </g> 558 686 559 <g class="waveform" fill="#<?php echo $color; ?>">687 <g class="waveform" fill="#<?php echo esc_attr($color); ?>"> 560 688 <?php 561 689 for ($i = 0; $i < 30; $i++) { … … 565 693 $_d = $i * 0.05; 566 694 567 echo '<rect x="' . $_x . '" y="' . $_y . '" width="3" height="' . $_h . '" style="--delay: ' . $_d. 's;" />';695 echo '<rect x="' . esc_attr($_x) . '" y="' . esc_attr($_y) . '" width="3" height="' . esc_attr($_h) . '" style="--delay: ' . esc_attr($_d) . 's;" />'; 568 696 } 569 697 ?> … … 575 703 576 704 <?php 577 /// 578 // Loop through all the `bool` options 579 /// 705 // Loop through all the `bool` options. 580 706 581 707 $params_array = soundcloud_return_fields(); … … 586 712 <tr valign="top"> 587 713 <th scope="row"> 588 <span><?php echo $arr['title']; ?></span>714 <span><?php echo esc_html($arr['title']); ?></span> 589 715 </th> 716 717 <?php 718 $checked_blank = ''; 719 $checked_true = ''; 720 $checked_false = ''; 721 722 if (soundcloud_get_option($key) == '') { 723 $checked_blank = 'checked'; 724 } 725 726 if (soundcloud_get_option($key) == 'true') { 727 $checked_true = 'checked'; 728 } 729 730 if (soundcloud_get_option($key) == 'false') { 731 $checked_false = 'checked'; 732 } 733 ?> 590 734 591 735 <td> 592 736 <div> 593 <input type="radio" id="<?php echo $key; ?>_none" name="soundcloud_<?php echo $key; ?>" value=""<?php if (soundcloud_get_option($key) == '') echo 'checked'; ?> />594 <label for="<?php echo $key; ?>_none" class="radio-label">Default</label>737 <input type="radio" id="<?php echo esc_attr($key); ?>_none" name="soundcloud_<?php echo esc_attr($key); ?>" value="" <?php echo esc_attr($checked_blank); ?> /> 738 <label for="<?php echo esc_attr($key); ?>_none" class="radio-label">Default</label> 595 739 </div> 596 740 597 741 <div> 598 <input type="radio" id="<?php echo $key; ?>_true" name="soundcloud_<?php echo $key; ?>" value="true"<?php if (soundcloud_get_option($key) == 'true') echo 'checked'; ?> />599 <label for="<?php echo $key; ?>_true" class="radio-label">Yes</label>742 <input type="radio" id="<?php echo esc_attr($key); ?>_true" name="soundcloud_<?php echo esc_attr($key); ?>" value="true" <?php echo esc_attr($checked_true); ?> /> 743 <label for="<?php echo esc_attr($key); ?>_true" class="radio-label">Yes</label> 600 744 </div> 601 745 602 746 <div> 603 <input type="radio" id="<?php echo $key; ?>_false" name="soundcloud_<?php echo $key; ?>" value="false" <?php if (soundcloud_get_option($key) == 'false') echo 'checked'; ?> />604 <label for="<?php echo $key; ?>_false" class="radio-label">No</label>747 <input type="radio" id="<?php echo esc_attr($key); ?>_false" name="soundcloud_<?php echo esc_attr($key); ?>" value="false" <?php echo esc_attr($checked_false); ?> /> 748 <label for="<?php echo esc_attr($key); ?>_false" class="radio-label">No</label> 605 749 </div> 606 750 607 751 <?php if (isset($arr['desc']) && $arr['desc'] != '') : ?> 608 752 <p class="description"> 609 <?php echo $arr['desc']; ?>753 <?php echo esc_html($arr['desc']); ?> 610 754 </p> 611 755 <?php endif; ?> … … 616 760 617 761 <?php 618 ///619 762 // Params preview 620 ///621 763 ?> 622 764 … … 633 775 $params = soundcloud_return_saved_parameters(); 634 776 635 echo '[soundcloud url="https://api.soundcloud.com/tracks/30013625" params="' . $params . '"]';777 echo esc_html('[soundcloud url="https://api.soundcloud.com/tracks/30013625" params="' . $params . '"]'); 636 778 ?> 637 779 </code> … … 642 784 <p class="submit"> 643 785 <button type="submit" class="button-primary"> 644 <?php _e('Save Changes')?>786 <?php esc_html_e('Save Changes'); ?> 645 787 </button> 646 788 </p>
Note: See TracChangeset
for help on using the changeset viewer.