escape variables from potential unsecure input

This commit is contained in:
Stef Kariotidis 2016-11-19 19:43:22 +02:00
parent a45ba5bddc
commit a8e1e8007e
15 changed files with 24 additions and 21 deletions

View File

@ -20,7 +20,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
<div class="wrapper" id="archive-wrapper"> <div class="wrapper" id="archive-wrapper">
<div class="<?php echo $container?>" id="content" tabindex="-1"> <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
<div class="row"> <div class="row">

View File

@ -14,7 +14,7 @@
<div class="wrapper" id="author-wrapper"> <div class="wrapper" id="author-wrapper">
<div class="<?php echo $container?>" id="content" tabindex="-1"> <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
<div class="row"> <div class="row">
@ -29,7 +29,7 @@
$curauth = (isset($_GET['author_name'])) ? get_user_by('slug', $author_name) : get_userdata(intval($author)); $curauth = (isset($_GET['author_name'])) ? get_user_by('slug', $author_name) : get_userdata(intval($author));
?> ?>
<h1><?php esc_html_e( 'About:', 'understrap' ); ?> <?php echo $curauth->nickname; ?></h1> <h1><?php esc_html_e( 'About:', 'understrap' ); ?> <?php echo esc_html( $curauth->nickname ); ?></h1>
<?php if ( ! empty( $curauth->ID ) ) : ?> <?php if ( ! empty( $curauth->ID ) ) : ?>
<?php echo get_avatar($curauth->ID); ?> <?php echo get_avatar($curauth->ID); ?>
@ -38,16 +38,16 @@
<dl> <dl>
<?php if ( ! empty( $curauth->user_url ) ) : ?> <?php if ( ! empty( $curauth->user_url ) ) : ?>
<dt><?php esc_html_e( 'Website', 'understrap' ); ?></dt> <dt><?php esc_html_e( 'Website', 'understrap' ); ?></dt>
<dd><a href="<?php echo $curauth->user_url; ?>"><?php echo $curauth->user_url; ?></a></dd> <dd><a href="<?php echo esc_html( $curauth->user_url ); ?>"><?php echo esc_html( $curauth->user_url ); ?></a></dd>
<?php endif; ?> <?php endif; ?>
<?php if ( ! empty( $curauth->user_description ) ) : ?> <?php if ( ! empty( $curauth->user_description ) ) : ?>
<dt><?php esc_html_e( 'Profile', 'understrap' ); ?></dt> <dt><?php esc_html_e( 'Profile', 'understrap' ); ?></dt>
<dd><?php echo $curauth->user_description; ?></dd> <dd><?php echo esc_html( $curauth->user_description ); ?></dd>
<?php endif; ?> <?php endif; ?>
</dl> </dl>
<h2><?php esc_html_e( 'Posts by', 'understrap' ); ?> <?php echo $curauth->nickname; ?>:</h2> <h2><?php esc_html_e( 'Posts by', 'understrap' ); ?> <?php echo esc_html( $curauth->nickname ); ?>:</h2>
</header><!-- .page-header --> </header><!-- .page-header -->

View File

@ -15,7 +15,7 @@ $container = get_theme_mod('understrap_container_type');
<div class="wrapper" id="wrapper-footer"> <div class="wrapper" id="wrapper-footer">
<div class="<?php echo $container; ?>" id="content"> <div class="<?php echo esc_html( $container ); ?>" id="content">
<div class="row"> <div class="row">

View File

@ -21,7 +21,7 @@ $posts_style = get_theme_mod( 'understrap_posts_index_style' );
<div class="wrapper" id="page-wrapper"> <div class="wrapper" id="page-wrapper">
<div class="<?php echo $container ?>" id="content" tabindex="-1"> <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
<div class="row"> <div class="row">

View File

@ -28,7 +28,7 @@
<div class="wrapper" id="wrapper-index"> <div class="wrapper" id="wrapper-index">
<div class="<?php echo $container?>" id="content" tabindex="-1"> <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
<div class="row"> <div class="row">

View File

@ -1,7 +1,10 @@
<?php <?php
/** /**
* Card patrial template responsible to show individual posts in home.php page.
*
* @package understrap * @package understrap
*/ */
?> ?>
<div class="card"> <div class="card">
<article <?php post_class(); ?> id="post-<?php the_ID(); ?>"> <article <?php post_class(); ?> id="post-<?php the_ID(); ?>">

View File

@ -16,7 +16,7 @@ $container = get_theme_mod('understrap_container_type');
<div class="wrapper" id="page-wrapper"> <div class="wrapper" id="page-wrapper">
<div class="<?php echo $container; ?>" id="content"> <div class="<?php echo esc_html( $container ); ?>" id="content">
<div class="row"> <div class="row">

View File

@ -13,7 +13,7 @@
<div class="wrapper" id="full-width-page-wrapper"> <div class="wrapper" id="full-width-page-wrapper">
<div class="container" id="content"> <div class="<?php echo esc_html( $container ); ?>" id="content">
<div class="col-md-12 content-area" id="primary"> <div class="col-md-12 content-area" id="primary">

View File

@ -13,7 +13,7 @@ $container = get_theme_mod('understrap_container_type');
<div class="wrapper" id="page-wrapper"> <div class="wrapper" id="page-wrapper">
<div class="<?php echo $container; ?>" id="content"> <div class="<?php echo esc_html( $container ); ?>" id="content">
<div class="row"> <div class="row">

View File

@ -41,7 +41,7 @@ $qry = new WP_Query( $args );
<div class="wrapper" id="full-width-page-wrapper"> <div class="wrapper" id="full-width-page-wrapper">
<div class="<?php echo $container ?>" id="content"> <div class="<?php echo esc_html( $container ); ?>" id="content">
<div class="col-md-12 content-area" id="primary"> <div class="col-md-12 content-area" id="primary">

View File

@ -37,7 +37,7 @@ if ( class_exists( 'WooCommerce' ) ) {
<div class="wrapper" id="page-wrapper"> <div class="wrapper" id="page-wrapper">
<div class="<?php echo esc_html( $container ) ?>" id="content" tabindex="-1"> <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
<div class="row"> <div class="row">

View File

@ -14,7 +14,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
<div class="wrapper search-wrapper"> <div class="wrapper search-wrapper">
<div class="<?php echo $container?>" id="content" tabindex="-1"> <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
<div class="row"> <div class="row">

View File

@ -15,7 +15,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
<div class="wrapper" id="single-wrapper"> <div class="wrapper" id="single-wrapper">
<div class="<?php echo $container?>" id="content" tabindex="-1"> <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
<div class="row"> <div class="row">