From a8e1e8007e9322e0866927a176b5f06674bf90aa Mon Sep 17 00:00:00 2001
From: Stef Kariotidis <stef.kariotidis@gmail.com>
Date: Sat, 19 Nov 2016 19:43:22 +0200
Subject: [PATCH] escape variables from potential unsecure input

---
 archive.php                          |  2 +-
 author.php                           | 10 +++++-----
 footer.php                           |  2 +-
 home.php                             |  2 +-
 index.php                            |  2 +-
 loop-templates/content-card.php      |  5 ++++-
 page-templates/both-sidebarspage.php |  2 +-
 page-templates/fullwidthpage.php     |  2 +-
 page-templates/left-sidebarpage.php  |  2 +-
 page-templates/vertical-one-page.php |  2 +-
 page.php                             |  2 +-
 search.php                           |  2 +-
 sidebar-left.php                     |  4 ++--
 sidebar-right.php                    |  4 ++--
 single.php                           |  2 +-
 15 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/archive.php b/archive.php
index 4627b7b..f0fa2ab 100644
--- a/archive.php
+++ b/archive.php
@@ -20,7 +20,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
 
 <div class="wrapper" id="archive-wrapper">
 
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 
     <div class="row">
 
diff --git a/author.php b/author.php
index 670f24b..c943300 100644
--- a/author.php
+++ b/author.php
@@ -14,7 +14,7 @@
 
 <div class="wrapper" id="author-wrapper">
 
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 
     <div class="row">
 
@@ -29,7 +29,7 @@
               $curauth = (isset($_GET['author_name'])) ? get_user_by('slug', $author_name) : get_userdata(intval($author));
             ?>
 
-            <h1><?php esc_html_e( 'About:', 'understrap' ); ?> <?php echo $curauth->nickname; ?></h1>
+            <h1><?php esc_html_e( 'About:', 'understrap' ); ?> <?php echo esc_html( $curauth->nickname ); ?></h1>
 
             <?php if ( ! empty( $curauth->ID ) ) : ?>
               <?php echo get_avatar($curauth->ID); ?>
@@ -38,16 +38,16 @@
             <dl>
               <?php if ( ! empty( $curauth->user_url ) ) : ?>
                 <dt><?php esc_html_e( 'Website', 'understrap' ); ?></dt>
-                <dd><a href="<?php echo $curauth->user_url; ?>"><?php echo $curauth->user_url; ?></a></dd>
+                <dd><a href="<?php echo esc_html( $curauth->user_url ); ?>"><?php echo esc_html( $curauth->user_url ); ?></a></dd>
               <?php endif; ?>
 
               <?php if ( ! empty( $curauth->user_description ) ) : ?>
                 <dt><?php esc_html_e( 'Profile', 'understrap' ); ?></dt>
-                <dd><?php echo $curauth->user_description; ?></dd>
+                <dd><?php echo esc_html( $curauth->user_description ); ?></dd>
               <?php endif; ?>
             </dl>
 
-            <h2><?php esc_html_e( 'Posts by', 'understrap' ); ?> <?php echo $curauth->nickname; ?>:</h2>
+            <h2><?php esc_html_e( 'Posts by', 'understrap' ); ?> <?php echo esc_html( $curauth->nickname ); ?>:</h2>
 
           </header><!-- .page-header -->
 
diff --git a/footer.php b/footer.php
index f35533b..bf2b7d5 100644
--- a/footer.php
+++ b/footer.php
@@ -15,7 +15,7 @@ $container = get_theme_mod('understrap_container_type');
 
     <div class="wrapper" id="wrapper-footer">
 
-      <div class="<?php echo $container; ?>" id="content">
+      <div class="<?php echo esc_html( $container ); ?>" id="content">
 
         <div class="row">
 
diff --git a/home.php b/home.php
index aebd111..9f08b55 100644
--- a/home.php
+++ b/home.php
@@ -21,7 +21,7 @@ $posts_style = get_theme_mod( 'understrap_posts_index_style' );
 
 <div class="wrapper" id="page-wrapper">
 
-	<div class="<?php echo $container ?>" id="content" tabindex="-1">
+	<div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 
 		<div class="row">
 
diff --git a/index.php b/index.php
index 7142966..9b4c77c 100644
--- a/index.php
+++ b/index.php
@@ -28,7 +28,7 @@
 
 <div class="wrapper" id="wrapper-index">
 
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 
     <div class="row">
 
diff --git a/loop-templates/content-card.php b/loop-templates/content-card.php
index 1973e6b..87ff452 100644
--- a/loop-templates/content-card.php
+++ b/loop-templates/content-card.php
@@ -1,13 +1,16 @@
 <?php
 /**
+ * Card patrial template responsible to show individual posts in home.php page.
+ *
  * @package understrap
  */
+
 ?>
 <div class="card">
 	<article <?php post_class(); ?> id="post-<?php the_ID(); ?>">
 
 		<header class="entry-header">
-			<?php if ( has_post_thumbnail() ): ?>
+			<?php if ( has_post_thumbnail() ) : ?>
 				<?php
 				$alt = get_post_meta( get_post_thumbnail_id( $post->ID ), '_wp_attachment_image_alt', true );
 				?>
diff --git a/page-templates/both-sidebarspage.php b/page-templates/both-sidebarspage.php
index 02cca41..b1f79ce 100644
--- a/page-templates/both-sidebarspage.php
+++ b/page-templates/both-sidebarspage.php
@@ -16,7 +16,7 @@ $container = get_theme_mod('understrap_container_type');
 
   <div class="wrapper" id="page-wrapper">
 
-    <div class="<?php echo $container; ?>" id="content">
+    <div class="<?php echo esc_html( $container ); ?>" id="content">
 
       <div class="row">
 
diff --git a/page-templates/fullwidthpage.php b/page-templates/fullwidthpage.php
index 6c97a8d..f6c31bd 100644
--- a/page-templates/fullwidthpage.php
+++ b/page-templates/fullwidthpage.php
@@ -13,7 +13,7 @@
 
 <div class="wrapper" id="full-width-page-wrapper">
 
-  <div class="container" id="content">
+  <div class="<?php echo esc_html( $container ); ?>" id="content">
 
     <div class="col-md-12 content-area" id="primary">
 
diff --git a/page-templates/left-sidebarpage.php b/page-templates/left-sidebarpage.php
index cc03a82..c5383df 100644
--- a/page-templates/left-sidebarpage.php
+++ b/page-templates/left-sidebarpage.php
@@ -13,7 +13,7 @@ $container = get_theme_mod('understrap_container_type');
 
 <div class="wrapper" id="page-wrapper">
 
-    <div class="<?php echo $container; ?>" id="content">
+    <div class="<?php echo esc_html( $container ); ?>" id="content">
 
       <div class="row">
 
diff --git a/page-templates/vertical-one-page.php b/page-templates/vertical-one-page.php
index 605fd4f..42dad78 100755
--- a/page-templates/vertical-one-page.php
+++ b/page-templates/vertical-one-page.php
@@ -41,7 +41,7 @@ $qry = new WP_Query( $args );
 
 <div class="wrapper" id="full-width-page-wrapper">
 
-	<div class="<?php echo $container ?>" id="content">
+	<div class="<?php echo esc_html( $container ); ?>" id="content">
 
 		<div class="col-md-12 content-area" id="primary">
 
diff --git a/page.php b/page.php
index 1c87c3a..0cf5bb8 100644
--- a/page.php
+++ b/page.php
@@ -37,7 +37,7 @@ if ( class_exists( 'WooCommerce' ) ) {
 
 <div class="wrapper" id="page-wrapper">
 
-	<div class="<?php echo esc_html( $container ) ?>" id="content" tabindex="-1">
+	<div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 
 		<div class="row">
 
diff --git a/search.php b/search.php
index 3131a00..a3a830b 100644
--- a/search.php
+++ b/search.php
@@ -14,7 +14,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
 
 <div class="wrapper search-wrapper">
 
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 
     <div class="row">
 
diff --git a/sidebar-left.php b/sidebar-left.php
index fd23dd3..2ec7101 100644
--- a/sidebar-left.php
+++ b/sidebar-left.php
@@ -13,9 +13,9 @@ if ( ! is_active_sidebar( 'left-sidebar' ) ) {
 $sidebar_pos = get_theme_mod( 'understrap_sidebar_position' );
 ?>
 
-<?php if ( 'both' === $sidebar_pos ): ?>
+<?php if ( 'both' === $sidebar_pos ) : ?>
 <div class="col-md-3 widget-area" id="left-sidebar" role="complementary">
-	<?php else: ?>
+	<?php else : ?>
 <div class="col-md-4 widget-area" id="left-sidebar" role="complementary">
 	<?php endif; ?>
 <?php dynamic_sidebar( 'left-sidebar' ); ?>
diff --git a/sidebar-right.php b/sidebar-right.php
index 883bbc4..42cacfa 100644
--- a/sidebar-right.php
+++ b/sidebar-right.php
@@ -13,9 +13,9 @@ if ( ! is_active_sidebar( 'right-sidebar' ) ) {
 $sidebar_pos = get_theme_mod( 'understrap_sidebar_position' );
 ?>
 
-<?php if ( 'both' === $sidebar_pos ): ?>
+<?php if ( 'both' === $sidebar_pos ) : ?>
 <div class="col-md-3 widget-area" id="right-sidebar" role="complementary">
-	<?php else: ?>
+	<?php else : ?>
 <div class="col-md-4 widget-area" id="right-sidebar" role="complementary">
 	<?php endif; ?>
 <?php dynamic_sidebar( 'right-sidebar' ); ?>
diff --git a/single.php b/single.php
index cebdcd6..a2a205a 100644
--- a/single.php
+++ b/single.php
@@ -15,7 +15,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
 
 <div class="wrapper" id="single-wrapper">
 
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 
     <div class="row">