global/quantity-input.php

- escape and strip tags in the quantity template

Reference:
7acb475c59c0666f21ffe24eb3558df857237dc1
ffcfbd2108387e4e7034e52a4a9ae1fc0551dac3
This commit is contained in:
Unknown 2018-06-05 20:11:55 -06:00
parent fb89febaba
commit fe6394870e
1 changed files with 21 additions and 9 deletions

View File

@ -11,14 +11,11 @@
* the readme will list any important changes. * the readme will list any important changes.
* *
* @see https://docs.woocommerce.com/document/template-structure/ * @see https://docs.woocommerce.com/document/template-structure/
* @author WooThemes
* @package WooCommerce/Templates * @package WooCommerce/Templates
* @version 3.3.0 * @version 3.4.0
*/ */
if ( ! defined( 'ABSPATH' ) ) { defined( 'ABSPATH' ) || exit;
exit;
}
if ( $max_value && $min_value === $max_value ) { if ( $max_value && $min_value === $max_value ) {
?> ?>
@ -27,10 +24,25 @@ if ( $max_value && $min_value === $max_value ) {
</div> </div>
<?php <?php
} else { } else {
/* translators: %s: Quantity. */
$labelledby = ! empty( $args['product_name'] ) ? sprintf( __( '%s quantity', 'woocommerce' ), strip_tags( $args['product_name'] ) ) : '';
?> ?>
<div class="quantity"> <div class="quantity">
<label class="screen-reader-text" for="<?php echo esc_attr( $input_id ); ?>"><?php esc_html_e( 'Quantity', 'understrap' ); ?></label> <label class="sr-only" for="<?php echo esc_attr( $input_id ); ?>"><?php esc_html_e( 'Quantity', 'understrap' ); ?></label>
<input type="number" id="<?php echo esc_attr( $input_id ); ?>" class="input-text qty text" step="<?php echo esc_attr( $step ); ?>" min="<?php echo esc_attr( $min_value ); ?>" max="<?php echo esc_attr( 0 < $max_value ? $max_value : '' ); ?>" name="<?php echo esc_attr( $input_name ); ?>" value="<?php echo esc_attr( $input_value ); ?>" title="<?php echo esc_attr_x( 'Qty', 'Product quantity input tooltip', 'understrap' ) ?>" size="4" pattern="<?php echo esc_attr( $pattern ); ?>" inputmode="<?php echo esc_attr( $inputmode ); ?>" aria-labelledby="<?php echo ! empty( $args['product_name'] ) ? sprintf( esc_attr__( '%s quantity', 'understrap' ), $args['product_name'] ) : ''; ?>" /> <input
type="number"
id="<?php echo esc_attr( $input_id ); ?>"
class="input-text qty text"
step="<?php echo esc_attr( $step ); ?>"
min="<?php echo esc_attr( $min_value ); ?>"
max="<?php echo esc_attr( 0 < $max_value ? $max_value : '' ); ?>"
name="<?php echo esc_attr( $input_name ); ?>"
value="<?php echo esc_attr( $input_value ); ?>"
title="<?php echo esc_attr_x( 'Qty', 'Product quantity input tooltip', 'understrap' ); ?>"
size="4"
pattern="<?php echo esc_attr( $pattern ); ?>"
inputmode="<?php echo esc_attr( $inputmode ); ?>"
aria-labelledby="<?php echo esc_attr( $labelledby ); ?>" />
</div> </div>
<?php <?php
} }