escape variables from potential unsecure input

2016-11-19 19:43:22 +02:00 · 2016-11-19 19:43:22 +02:00 · a8e1e8007e
parent a45ba5bddc
commit a8e1e8007e
15 changed files with 24 additions and 21 deletions
--- a/archive.php
+++ b/archive.php
@ -20,7 +20,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
 <div class="wrapper" id="archive-wrapper">
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
    <div class="row">
--- a/author.php
+++ b/author.php
@ -14,7 +14,7 @@
 <div class="wrapper" id="author-wrapper">
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
    <div class="row">
@ -29,7 +29,7 @@
              $curauth = (isset($_GET['author_name'])) ? get_user_by('slug', $author_name) : get_userdata(intval($author));
            ?>
-            <h1><?php esc_html_e( 'About:', 'understrap' ); ?> <?php echo $curauth->nickname; ?></h1>
+            <h1><?php esc_html_e( 'About:', 'understrap' ); ?> <?php echo esc_html( $curauth->nickname ); ?></h1>
            <?php if ( ! empty( $curauth->ID ) ) : ?>
              <?php echo get_avatar($curauth->ID); ?>
@ -38,16 +38,16 @@
            <dl>
              <?php if ( ! empty( $curauth->user_url ) ) : ?>
                <dt><?php esc_html_e( 'Website', 'understrap' ); ?></dt>
-                <dd><a href="<?php echo $curauth->user_url; ?>"><?php echo $curauth->user_url; ?></a></dd>
+                <dd><a href="<?php echo esc_html( $curauth->user_url ); ?>"><?php echo esc_html( $curauth->user_url ); ?></a></dd>
              <?php endif; ?>
              <?php if ( ! empty( $curauth->user_description ) ) : ?>
                <dt><?php esc_html_e( 'Profile', 'understrap' ); ?></dt>
-                <dd><?php echo $curauth->user_description; ?></dd>
+                <dd><?php echo esc_html( $curauth->user_description ); ?></dd>
              <?php endif; ?>
            </dl>
-            <h2><?php esc_html_e( 'Posts by', 'understrap' ); ?> <?php echo $curauth->nickname; ?>:</h2>
+            <h2><?php esc_html_e( 'Posts by', 'understrap' ); ?> <?php echo esc_html( $curauth->nickname ); ?>:</h2>
          </header><!-- .page-header -->
--- a/footer.php
+++ b/footer.php
@ -15,7 +15,7 @@ $container = get_theme_mod('understrap_container_type');
    <div class="wrapper" id="wrapper-footer">
-      <div class="<?php echo $container; ?>" id="content">
+      <div class="<?php echo esc_html( $container ); ?>" id="content">
        <div class="row">
--- a/home.php
+++ b/home.php
@ -21,7 +21,7 @@ $posts_style = get_theme_mod( 'understrap_posts_index_style' );
 <div class="wrapper" id="page-wrapper">
-	<div class="<?php echo $container ?>" id="content" tabindex="-1">
+	<div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 		<div class="row">
--- a/index.php
+++ b/index.php
@ -28,7 +28,7 @@
 <div class="wrapper" id="wrapper-index">
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
    <div class="row">
--- a/loop-templates/content-card.php
+++ b/loop-templates/content-card.php
@ -1,7 +1,10 @@
 <?php
 /**
 * Card patrial template responsible to show individual posts in home.php page.
 *
 * @package understrap
 */
 ?>
 <div class="card">
 	<article <?php post_class(); ?> id="post-<?php the_ID(); ?>">
--- a/page-templates/both-sidebarspage.php
+++ b/page-templates/both-sidebarspage.php
@ -16,7 +16,7 @@ $container = get_theme_mod('understrap_container_type');
  <div class="wrapper" id="page-wrapper">
-    <div class="<?php echo $container; ?>" id="content">
+    <div class="<?php echo esc_html( $container ); ?>" id="content">
      <div class="row">
--- a/page-templates/fullwidthpage.php
+++ b/page-templates/fullwidthpage.php
@ -13,7 +13,7 @@
 <div class="wrapper" id="full-width-page-wrapper">
-  <div class="container" id="content">
+  <div class="<?php echo esc_html( $container ); ?>" id="content">
    <div class="col-md-12 content-area" id="primary">
--- a/page-templates/left-sidebarpage.php
+++ b/page-templates/left-sidebarpage.php
@ -13,7 +13,7 @@ $container = get_theme_mod('understrap_container_type');
 <div class="wrapper" id="page-wrapper">
-    <div class="<?php echo $container; ?>" id="content">
+    <div class="<?php echo esc_html( $container ); ?>" id="content">
      <div class="row">
--- a/page-templates/vertical-one-page.php
+++ b/page-templates/vertical-one-page.php
@ -41,7 +41,7 @@ $qry = new WP_Query( $args );
 <div class="wrapper" id="full-width-page-wrapper">
-	<div class="<?php echo $container ?>" id="content">
+	<div class="<?php echo esc_html( $container ); ?>" id="content">
 		<div class="col-md-12 content-area" id="primary">
--- a/page.php
+++ b/page.php
@ -37,7 +37,7 @@ if ( class_exists( 'WooCommerce' ) ) {
 <div class="wrapper" id="page-wrapper">
-	<div class="<?php echo esc_html( $container ) ?>" id="content" tabindex="-1">
+	<div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
 		<div class="row">
--- a/search.php
+++ b/search.php
@ -14,7 +14,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
 <div class="wrapper search-wrapper">
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
    <div class="row">
--- a/single.php
+++ b/single.php
@ -15,7 +15,7 @@ $sidebar_pos = get_theme_mod('understrap_sidebar_position');
 <div class="wrapper" id="single-wrapper">
-  <div class="<?php echo $container?>" id="content" tabindex="-1">
+  <div class="<?php echo esc_html( $container ); ?>" id="content" tabindex="-1">
    <div class="row">