Fixing sanitizing, escaping and prefix´s issues

This commit is contained in:
Holger Könemann 2017-12-06 10:20:33 +01:00
parent 44c38d710a
commit a97c485ea3
7 changed files with 27 additions and 12 deletions

View File

@ -15,7 +15,8 @@ Thats what UnderStrap is.
You can use it as starter theme and build your own theme on top of it. Or you use it as parent theme and create your own child theme for UnderStrap.
## License
UnderStrap is released under the terms of the GPL version 2 or (at your option) any later version.
UnderStrap WordPress Theme, Copyright 2013-2017 Holger Koenemann
UnderStrap is distributed under the terms of the GNU GPL version 2
http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html

View File

@ -63,7 +63,7 @@ $sidebar_pos = get_theme_mod( 'understrap_sidebar_position' );
<?php while ( have_posts() ) : the_post(); ?>
<li>
<a rel="bookmark" href="<?php the_permalink() ?>"
title="Permanent Link: <?php the_title(); ?>">
title="<?php esc_html_e( 'Permanent Link:', 'understrap' ); ?> <?php the_title(); ?>">
<?php the_title(); ?></a>,
<?php understrap_posted_on(); ?> <?php esc_html_e( 'in',
'understrap' ); ?> <?php the_category( '&' ); ?>

View File

@ -40,10 +40,24 @@ if ( ! function_exists( 'understrap_theme_customize_register' ) ) {
'priority' => 160,
) );
//select sanitization function
function understrap_theme_slug_sanitize_select( $input, $setting ){
//input must be a slug: lowercase alphanumeric characters, dashes and underscores are allowed only
$input = sanitize_key($input);
//get the list of possible select options
$choices = $setting->manager->get_control( $setting->id )->choices;
//return input if valid or return default option
return ( array_key_exists( $input, $choices ) ? $input : $setting->default );
}
$wp_customize->add_setting( 'understrap_container_type', array(
'default' => 'container',
'type' => 'theme_mod',
'sanitize_callback' => 'esc_textarea',
'sanitize_callback' => 'understrap_theme_slug_sanitize_select',
'capability' => 'edit_theme_options',
) );
@ -67,7 +81,7 @@ if ( ! function_exists( 'understrap_theme_customize_register' ) ) {
$wp_customize->add_setting( 'understrap_sidebar_position', array(
'default' => 'right',
'type' => 'theme_mod',
'sanitize_callback' => 'esc_textarea',
'sanitize_callback' => 'sanitize_text_field',
'capability' => 'edit_theme_options',
) );
@ -81,6 +95,7 @@ if ( ! function_exists( 'understrap_theme_customize_register' ) ) {
'section' => 'understrap_theme_layout_options',
'settings' => 'understrap_sidebar_position',
'type' => 'select',
'sanitize_callback' => 'understrap_theme_slug_sanitize_select',
'choices' => array(
'right' => __( 'Right sidebar', 'understrap' ),
'left' => __( 'Left sidebar', 'understrap' ),

View File

@ -13,8 +13,6 @@ if ( ! function_exists( 'understrap_scripts' ) ) {
// Get the theme data.
$the_theme = wp_get_theme();
wp_enqueue_style( 'understrap-styles', get_stylesheet_directory_uri() . '/css/theme.min.css', array(), $the_theme->get( 'Version' ), false );
//wp_register_script('jquery-slim', (get_template_directory_uri() . '/js/jquery.slim.min.js'), true, '3.2.1');
//wp_enqueue_script( 'jquery-slim' );
wp_enqueue_script( 'popper-scripts', get_template_directory_uri() . '/js/popper.min.js', array(), true);
wp_enqueue_script( 'understrap-scripts', get_template_directory_uri() . '/js/theme.min.js', array(), $the_theme->get( 'Version' ), true );
if ( is_singular() && comments_open() && get_option( 'thread_comments' ) ) {

View File

@ -4,12 +4,12 @@
*
* @package understrap
*/
add_action( 'after_setup_theme', 'woocommerce_support' );
if ( ! function_exists( 'woocommerce_support' ) ) {
add_action( 'after_setup_theme', 'understrap_woocommerce_support' );
if ( ! function_exists( 'understrap_woocommerce_support' ) ) {
/**
* Declares WooCommerce theme support.
*/
function woocommerce_support() {
function understrap_woocommerce_support() {
add_theme_support( 'woocommerce' );
// Add New Woocommerce 3.0.0 Product Gallery support

View File

@ -16,7 +16,8 @@ Website: [http://understrap.com](http://understrap.com)
Child Theme Project: [https://github.com/holger1411/understrap-child](https://github.com/holger1411/understrap-child)
## License
UnderStrap is released under the terms of the GPL version 2 or (at your option) any later version.
UnderStrap WordPress Theme, Copyright 2013-2017 Holger Koenemann
UnderStrap is distributed under the terms of the GNU GPL version 2
http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html

View File

@ -23,7 +23,7 @@
<span class="carousel-control-prev-icon" aria-hidden="true"></span>
<span class="sr-only">Previous</span>
<span class="sr-only"><?php esc_html_e( 'Previous', 'understrap' ); ?></span>
</a>
@ -31,7 +31,7 @@
<span class="carousel-control-next-icon" aria-hidden="true"></span>
<span class="sr-only">Next</span>
<span class="sr-only"><?php esc_html_e( 'Next', 'understrap' ); ?></span></span>
</a>