From a97c485ea31dc17487d5b96d657d5d1246e8f6b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Holger=20Ko=CC=88nemann?= Date: Wed, 6 Dec 2017 10:20:33 +0100 Subject: [PATCH] =?UTF-8?q?Fixing=20sanitizing,=20escaping=20and=20prefix?= =?UTF-8?q?=C2=B4s=20issues?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 3 ++- author.php | 2 +- inc/customizer.php | 19 +++++++++++++++++-- inc/enqueue.php | 2 -- inc/woocommerce.php | 6 +++--- readme.txt | 3 ++- sidebar-hero.php | 4 ++-- 7 files changed, 27 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 1509991..4b52188 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,8 @@ That’s what UnderStrap is. You can use it as starter theme and build your own theme on top of it. Or you use it as parent theme and create your own child theme for UnderStrap. ## License -UnderStrap is released under the terms of the GPL version 2 or (at your option) any later version. +UnderStrap WordPress Theme, Copyright 2013-2017 Holger Koenemann +UnderStrap is distributed under the terms of the GNU GPL version 2 http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html diff --git a/author.php b/author.php index 15c7253..cd558ab 100644 --- a/author.php +++ b/author.php @@ -63,7 +63,7 @@ $sidebar_pos = get_theme_mod( 'understrap_sidebar_position' );
  • + title=" "> , diff --git a/inc/customizer.php b/inc/customizer.php index 7176b6d..f2e5ee8 100644 --- a/inc/customizer.php +++ b/inc/customizer.php @@ -40,10 +40,24 @@ if ( ! function_exists( 'understrap_theme_customize_register' ) ) { 'priority' => 160, ) ); + //select sanitization function + function understrap_theme_slug_sanitize_select( $input, $setting ){ + + //input must be a slug: lowercase alphanumeric characters, dashes and underscores are allowed only + $input = sanitize_key($input); + + //get the list of possible select options + $choices = $setting->manager->get_control( $setting->id )->choices; + + //return input if valid or return default option + return ( array_key_exists( $input, $choices ) ? $input : $setting->default ); + + } + $wp_customize->add_setting( 'understrap_container_type', array( 'default' => 'container', 'type' => 'theme_mod', - 'sanitize_callback' => 'esc_textarea', + 'sanitize_callback' => 'understrap_theme_slug_sanitize_select', 'capability' => 'edit_theme_options', ) ); @@ -67,7 +81,7 @@ if ( ! function_exists( 'understrap_theme_customize_register' ) ) { $wp_customize->add_setting( 'understrap_sidebar_position', array( 'default' => 'right', 'type' => 'theme_mod', - 'sanitize_callback' => 'esc_textarea', + 'sanitize_callback' => 'sanitize_text_field', 'capability' => 'edit_theme_options', ) ); @@ -81,6 +95,7 @@ if ( ! function_exists( 'understrap_theme_customize_register' ) ) { 'section' => 'understrap_theme_layout_options', 'settings' => 'understrap_sidebar_position', 'type' => 'select', + 'sanitize_callback' => 'understrap_theme_slug_sanitize_select', 'choices' => array( 'right' => __( 'Right sidebar', 'understrap' ), 'left' => __( 'Left sidebar', 'understrap' ), diff --git a/inc/enqueue.php b/inc/enqueue.php index aada03a..921ec48 100644 --- a/inc/enqueue.php +++ b/inc/enqueue.php @@ -13,8 +13,6 @@ if ( ! function_exists( 'understrap_scripts' ) ) { // Get the theme data. $the_theme = wp_get_theme(); wp_enqueue_style( 'understrap-styles', get_stylesheet_directory_uri() . '/css/theme.min.css', array(), $the_theme->get( 'Version' ), false ); - //wp_register_script('jquery-slim', (get_template_directory_uri() . '/js/jquery.slim.min.js'), true, '3.2.1'); - //wp_enqueue_script( 'jquery-slim' ); wp_enqueue_script( 'popper-scripts', get_template_directory_uri() . '/js/popper.min.js', array(), true); wp_enqueue_script( 'understrap-scripts', get_template_directory_uri() . '/js/theme.min.js', array(), $the_theme->get( 'Version' ), true ); if ( is_singular() && comments_open() && get_option( 'thread_comments' ) ) { diff --git a/inc/woocommerce.php b/inc/woocommerce.php index 666662b..662a280 100644 --- a/inc/woocommerce.php +++ b/inc/woocommerce.php @@ -4,12 +4,12 @@ * * @package understrap */ -add_action( 'after_setup_theme', 'woocommerce_support' ); -if ( ! function_exists( 'woocommerce_support' ) ) { +add_action( 'after_setup_theme', 'understrap_woocommerce_support' ); +if ( ! function_exists( 'understrap_woocommerce_support' ) ) { /** * Declares WooCommerce theme support. */ - function woocommerce_support() { + function understrap_woocommerce_support() { add_theme_support( 'woocommerce' ); // Add New Woocommerce 3.0.0 Product Gallery support diff --git a/readme.txt b/readme.txt index 00971d8..eedb00e 100644 --- a/readme.txt +++ b/readme.txt @@ -16,7 +16,8 @@ Website: [http://understrap.com](http://understrap.com) Child Theme Project: [https://github.com/holger1411/understrap-child](https://github.com/holger1411/understrap-child) ## License -UnderStrap is released under the terms of the GPL version 2 or (at your option) any later version. +UnderStrap WordPress Theme, Copyright 2013-2017 Holger Koenemann +UnderStrap is distributed under the terms of the GNU GPL version 2 http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html diff --git a/sidebar-hero.php b/sidebar-hero.php index c5c7464..358a04e 100644 --- a/sidebar-hero.php +++ b/sidebar-hero.php @@ -23,7 +23,7 @@ - Previous + @@ -31,7 +31,7 @@ - Next +