diff --git a/phpcs.xml.dist b/phpcs.xml.dist
index 6ef3f27172956c049b0c95b9905528c3b5216dc1..1b9bf7a255dfcde94aa06a7065b18b067017d29b 100644
--- a/phpcs.xml.dist
+++ b/phpcs.xml.dist
@@ -31,7 +31,7 @@
-->
<!-- Define plugin text domain for i18n. -->
- <config name="text_domain" value="shopmagic-for-woocommerce"/>
+ <config name="text_domain" value="wp-forms"/>
<!-- This value should be aligned with WordPress support version declared in plugin header -->
<config name="minimum_supported_wp_version" value="5.0"/>
diff --git a/templates/button.php b/templates/button.php
index c558c6e50982f56cf4e1f62f011f442778abcef2..fd95750148a4356e87383c2aaaef789f4cc9a6fe 100644
--- a/templates/button.php
+++ b/templates/button.php
@@ -4,7 +4,6 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
@@ -16,7 +15,7 @@
<?php endif; ?>
<?php foreach ( $field->get_attributes( [] ) as $key => $val ) : ?>
- <?php echo $key . '="' . \esc_attr( $val ) . '"'; ?>
+ <?php echo \esc_attr( $key ) . '="' . \esc_attr( $val ) . '"'; ?>
<?php endforeach; ?>
type="<?php echo \esc_attr( $field->get_type() ); ?>"
diff --git a/templates/form-end.php b/templates/form-end.php
index 7484d6e1db1aba308d78afa7cd384d5f27d4a845..f2a22fe4a673355530b136e880b65c2fc8349a7b 100644
--- a/templates/form-end.php
+++ b/templates/form-end.php
@@ -1,3 +1,9 @@
+<?php
+/**
+ * Form ending with hoverable tip snippet in js.
+ */
+
+?>
</tbody>
</table>
</form>
diff --git a/templates/form-field.php b/templates/form-field.php
index 50f56784d782cc266542aa55d2824d2aee94aed5..0fd07d5ef880bdee34de0d879e5c05299c846860 100644
--- a/templates/form-field.php
+++ b/templates/form-field.php
@@ -4,26 +4,28 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
+
?>
<tr valign="top">
<?php if ( $field->has_label() ) : ?>
- <?php echo $renderer->render( 'form-label', [ 'field' => $field ] ); ?>
+ <?php echo wp_kses_post( $renderer->render( 'form-label', [ 'field' => $field ] ) ); ?>
<?php endif; ?>
<td class="forminp">
<?php
- echo $renderer->render(
- $template_name,
- [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ]
+ echo wp_kses_post(
+ $renderer->render(
+ $template_name,
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
);
?>
diff --git a/templates/form-label.php b/templates/form-label.php
index f6268a5da0b84a8fc2f4b5f879809d6b60bba295..8eeaf286cfcf1622a9e3a73d2b93841e9c495944 100644
--- a/templates/form-label.php
+++ b/templates/form-label.php
@@ -4,11 +4,12 @@
* @var string $name_prefix
* @var string $value
*/
+
?>
<th class="titledesc" scope="row">
- <label for="<?php echo esc_attr( $field->get_id() ); ?>"><?php echo esc_html( $field->get_label() ); ?>
+ <label for="<?php echo \esc_attr( $field->get_id() ); ?>"><?php echo \esc_html( $field->get_label() ); ?>
<?php if ( $field->has_description_tip() ) : ?>
- <?php echo wc_help_tip( $field->get_description_tip() ); ?>
+ <?php echo esc_html( wc_help_tip( $field->get_description_tip() ) ); ?>
<?php endif ?>
</label>
</th>
diff --git a/templates/form-start.php b/templates/form-start.php
index e3d4bbeb7578b818643f6f14214f950ef37f07c0..d311794d7f225049be5f3b1af565e76439b8a193 100644
--- a/templates/form-start.php
+++ b/templates/form-start.php
@@ -2,9 +2,10 @@
/**
* @var \WPDesk\Forms\Form\FormWithFields $form
*/
+
?>
-<form class="wrap woocommerce" method="<?php echo esc_attr( $form->get_method() ); ?>" action="<?php echo esc_attr( $form->get_action() ); ?>">
- <h2 style="display:none;"></h2><?php // All admin notices will be moved here by WP js ?>
+<form class="wrap woocommerce" method="<?php echo \esc_attr( $form->get_method() ); ?>" action="<?php echo \esc_attr( $form->get_action() ); ?>">
+ <h2 style="display:none;"></h2><?php // All admin notices will be moved here by WP js. ?>
<table class="form-table">
<tbody>
diff --git a/templates/header.php b/templates/header.php
index 5ff3be6e33d4ea7178125ad4c1a88c07df5085c5..e2384eae321d4ce9a89df6d87fa65527b2f61611 100644
--- a/templates/header.php
+++ b/templates/header.php
@@ -11,9 +11,9 @@ $classes = $field->has_classes() ? 'class="' . esc_attr( $field->get_classes
?>
<?php if ( $field->has_label() ) : ?>
- <h<?php echo $header_size; ?> <?php echo $classes; ?>><?php echo esc_html( $field->get_label() ); ?></h<?php echo $header_size; ?>>
+ <h<?php echo \esc_attr( $header_size ); ?> <?php echo \esc_attr( $classes ); ?>><?php echo \esc_html( $field->get_label() ); ?></h<?php echo \esc_attr( $header_size ); ?>>
<?php endif; ?>
<?php if ( $field->has_description() ) : ?>
- <p <?php echo $classes; ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
+ <p <?php echo \esc_attr( $classes ); ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
<?php endif; ?>
diff --git a/templates/input-checkbox.php b/templates/input-checkbox.php
index d69ececf5a0696240b6cc46c0c269f547720a73c..8474091fbb6d8db0e476178312bb6f471f409e00 100644
--- a/templates/input-checkbox.php
+++ b/templates/input-checkbox.php
@@ -4,19 +4,20 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
?>
<?php
-echo $renderer->render(
- 'input',
- [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ]
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
);
diff --git a/templates/input-date-picker.php b/templates/input-date-picker.php
index 0c5b70c46fc2351ff598382349866fc8936eca50..3caa4c6b576606555c250c489df9f4b9bdd44a76 100644
--- a/templates/input-date-picker.php
+++ b/templates/input-date-picker.php
@@ -1,19 +1,20 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
-echo $renderer->render(
- 'input',
- [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ]
+
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
);
diff --git a/templates/input-hidden.php b/templates/input-hidden.php
index 300944e64354f2a9e0193fa7906b71208c5a46a4..638855251f89759e07211a11a1d4d797fc026a58 100644
--- a/templates/input-hidden.php
+++ b/templates/input-hidden.php
@@ -4,17 +4,19 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
+
?>
<?php
-echo $renderer->render(
- 'input',
- [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ]
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
);
diff --git a/templates/input-image.php b/templates/input-image.php
index ebeffdb331af2f1129194f8ed36a59ba58926dcb..9b5d63522fe8182d7bb4c1a40e62c91510f5cadd 100644
--- a/templates/input-image.php
+++ b/templates/input-image.php
@@ -7,13 +7,13 @@
$media_container_id = 'media_' . sanitize_key( $field->get_id() );
?>
-<div class="media-input-wrapper" id="<?php echo esc_attr( $media_container_id ); ?>">
+<div class="media-input-wrapper" id="<?php echo \esc_attr( $media_container_id ); ?>">
<input type="hidden" class="image-field-value" value="<?php echo \esc_html( $value ); ?>"
- name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>"
- id="<?php echo \esc_attr( $field->get_id() ); ?>"/>
+ name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"/>
<div class="custom-img-container">
<?php if ( $value ) : ?>
- <img src="<?php echo $value; ?>" alt="" width="100"/>
+ <img src="<?php echo \esc_attr( $value ); ?>" alt="" width="100"/>
<?php endif; ?>
</div>
<p class="hide-if-no-js">
@@ -21,22 +21,22 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() );
<?php
if ( $value ) :
?>
- hidden<?php endif ?>" href="<?php echo $value; ?>">
- <?php _e( 'Set image', 'wp-forms' ); ?>
+ hidden<?php endif ?>" href="<?php echo \esc_attr( $value ); ?>">
+ <?php esc_html_e( 'Set image', 'wp-forms' ); ?>
</a>
<a class="delete-custom-img
<?php
if ( ! $value ) :
?>
hidden<?php endif ?>" href="#">
- <?php _e( 'Remove image', 'wp-forms' ); ?>
+ <?php esc_html_e( 'Remove image', 'wp-forms' ); ?>
</a>
</p>
</div>
<script>
jQuery( function ( $ ) {
var frame,
- metaBox = $( '#<?php echo esc_attr( $media_container_id ); ?>' ),
+ metaBox = $( '#<?php echo \esc_attr( $media_container_id ); ?>' ),
addImgLink = metaBox.find( '.upload-custom-img' ),
delImgLink = metaBox.find( '.delete-custom-img' ),
imgContainer = metaBox.find( '.custom-img-container' ),
@@ -50,9 +50,9 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() );
}
frame = wp.media( {
- title: <?php _e( 'Select or Upload Media', 'wp-forms' ); ?>,
+ title: <?php esc_html_e( 'Select or Upload Media', 'wp-forms' ); ?>,
button: {
- text: <?php _e( 'Use this media', 'wp-forms' ); ?>
+ text: <?php esc_html_e( 'Use this media', 'wp-forms' ); ?>
},
library: {
type: ['image']
diff --git a/templates/input-number.php b/templates/input-number.php
index 0c5b70c46fc2351ff598382349866fc8936eca50..3caa4c6b576606555c250c489df9f4b9bdd44a76 100644
--- a/templates/input-number.php
+++ b/templates/input-number.php
@@ -1,19 +1,20 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
-echo $renderer->render(
- 'input',
- [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ]
+
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
);
diff --git a/templates/input-radio.php b/templates/input-radio.php
index 300944e64354f2a9e0193fa7906b71208c5a46a4..638855251f89759e07211a11a1d4d797fc026a58 100644
--- a/templates/input-radio.php
+++ b/templates/input-radio.php
@@ -4,17 +4,19 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
+
?>
<?php
-echo $renderer->render(
- 'input',
- [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ]
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
);
diff --git a/templates/input-submit.php b/templates/input-submit.php
index 5c11fc86dcd3096fc22a075383e741340fc518a1..bae3ce3c40857e82c287fc75e70827a468e288af 100644
--- a/templates/input-submit.php
+++ b/templates/input-submit.php
@@ -4,9 +4,9 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
+
?>
<tr>
@@ -16,14 +16,14 @@
<?php
if ( $field->has_classes() ) :
?>
- class="<?php echo esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
<?php foreach ( $field->get_attributes( [] ) as $key => $value ) : ?>
- <?php echo $key; ?>="<?php echo esc_attr( $value ); ?>"
+ <?php echo \esc_attr( $key ); ?>="<?php echo \esc_attr( $value ); ?>"
<?php endforeach; ?>
- type="<?php echo esc_attr( $field->get_type() ); ?>"
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>]"
- id="<?php echo esc_attr( $field->get_id() ); ?>"
- value="<?php echo esc_html( $field->get_label() ); ?>"
+ type="<?php echo \esc_attr( $field->get_type() ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>]"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
+ value="<?php echo \esc_html( $field->get_label() ); ?>"
<?php
if ( $field->is_required() ) :
?>
diff --git a/templates/input-text-multiple.php b/templates/input-text-multiple.php
index f2787298f3f9fd5a2347ebf046978e95a3a24a2f..371013d460c08017247573947a6c2f54e7a9a86a 100644
--- a/templates/input-text-multiple.php
+++ b/templates/input-text-multiple.php
@@ -4,11 +4,9 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
-?>
-<?php
+
if ( empty( $value ) || is_string( $value ) ) {
$input_values[] = '';
} else {
@@ -17,8 +15,8 @@ if ( empty( $value ) || is_string( $value ) ) {
?>
<div class="clone-element-container">
<?php foreach ( $input_values as $text_value ) : ?>
- <?php if ( ! \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ] ) ) : ?>
- <input type="hidden" name="<?php echo $name_prefix . '[' . $field->get_name() . ']'; ?>" value="no"/>
+ <?php if ( ! \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
+ <input type="hidden" name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>" value="no"/>
<?php endif; ?>
<?php
@@ -41,7 +39,7 @@ if ( empty( $value ) || is_string( $value ) ) {
<?php
foreach ( $field->get_attributes() as $key => $atr_val ) :
- echo $key . '="' . \esc_attr( $atr_val ) . '"';
+ echo \esc_attr( $key ) . '="' . \esc_attr( $atr_val ) . '"';
?>
<?php endforeach; ?>
@@ -57,7 +55,7 @@ if ( empty( $value ) || is_string( $value ) ) {
if ( $field->is_readonly() ) :
?>
readonly="readonly"<?php endif; ?>
- <?php if ( \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ] ) ) : ?>
+ <?php if ( \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
value="<?php echo \esc_html( $text_value ); ?>"
<?php else : ?>
value="yes"
diff --git a/templates/input-text.php b/templates/input-text.php
index 300944e64354f2a9e0193fa7906b71208c5a46a4..3caa4c6b576606555c250c489df9f4b9bdd44a76 100644
--- a/templates/input-text.php
+++ b/templates/input-text.php
@@ -4,17 +4,17 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
*/
-?>
-<?php
-echo $renderer->render(
- 'input',
- [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ]
+
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
);
diff --git a/templates/input.php b/templates/input.php
index 83448ead5472bd38b2051d6573268026ed057af4..a4844b1c1e8ec1be5ea9b32532c5c0873f0f91ca 100644
--- a/templates/input.php
+++ b/templates/input.php
@@ -1,14 +1,12 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var string $name_prefix
* @var string $value
*/
-?>
-<?php if ( ! \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ] ) ) : ?>
- <input type="hidden" name="<?php echo $name_prefix . '[' . $field->get_name() . ']'; ?>" value="no"/>
+if ( ! \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
+ <input type="hidden" name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>" value="no"/>
<?php endif; ?>
<?php
@@ -31,7 +29,7 @@ if ( $field->get_type() === 'checkbox' && $field->has_sublabel() ) :
<?php
foreach ( $field->get_attributes() as $key => $atr_val ) :
- echo $key . '="' . \esc_attr( $atr_val ) . '"';
+ echo \esc_attr( $key ) . '="' . \esc_attr( $atr_val ) . '"';
?>
<?php endforeach; ?>
@@ -47,7 +45,7 @@ if ( $field->get_type() === 'checkbox' && $field->has_sublabel() ) :
if ( $field->is_readonly() ) :
?>
readonly="readonly"<?php endif; ?>
- <?php if ( \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ] ) ) : ?>
+ <?php if ( \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
value="<?php echo \esc_html( $value ); ?>"
<?php else : ?>
value="yes"
diff --git a/templates/paragraph.php b/templates/paragraph.php
index 9d2901582ab230015779c4e700d3a10d085fc724..85fb04c7acfb36f454fa48c32c6bffc8e955c5f0 100644
--- a/templates/paragraph.php
+++ b/templates/paragraph.php
@@ -4,16 +4,15 @@
* @var string $name_prefix
* @var string $value
*/
-?>
-<?php if ( $field->has_description() ) : ?>
+if ( $field->has_description() ) : ?>
<tr>
<td style="padding-left:0;" colspan="2">
- <p
+ <p
<?php
if ( $field->has_classes() ) :
?>
- class="<?php echo $field->get_classes(); ?>"<?php endif; ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
</td>
</tr>
<?php endif; ?>
diff --git a/templates/product-select.php b/templates/product-select.php
index bf545ba7098728eecc8f75952dd5d1d9014de463..57dd47e8619e3df98ec71831647c2afb0bcd9d17 100644
--- a/templates/product-select.php
+++ b/templates/product-select.php
@@ -8,15 +8,15 @@
?>
<select class="wc-product-search" multiple="multiple" style="width: 50%;"
- id="<?php echo esc_attr( $field->get_id() ); ?>"
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>][]"
- data-placeholder="<?php esc_attr_e( 'Search for a product…', 'woocommerce' ); ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>][]"
+ data-placeholder="<?php \esc_attr_e( 'Search for a product…', 'wp-forms' ); ?>"
data-action="woocommerce_json_search_products_and_variations">
<?php
foreach ( (array) $value as $product_id ) {
$product = wc_get_product( $product_id );
if ( is_object( $product ) ) {
- echo '<option value="' . esc_attr( $product_id ) . '"' . selected(
+ echo '<option value="' . \esc_attr( $product_id ) . '"' . selected(
true,
true,
false
diff --git a/templates/select.php b/templates/select.php
index e437efca35dcba5daf5ebf702a15f32b2b029337..625c316bef04162c50b397f3759d4a623190b36f 100644
--- a/templates/select.php
+++ b/templates/select.php
@@ -4,16 +4,18 @@
* @var string $name_prefix
* @var mixed $value
*/
+
?>
+
<select
- id="<?php echo esc_attr( $field->get_id() ); ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
<?php
if ( $field->has_classes() ) :
?>
- class="<?php echo esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>]<?php echo $field->is_multiple() ? '[]' : ''; ?>"
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>]<?php echo \esc_attr( $field->is_multiple() ) ? '[]' : ''; ?>"
<?php foreach ( $field->get_attributes() as $key => $attr_val ) : ?>
- <?php echo esc_attr( $key ); ?>="<?php echo esc_attr( $attr_val ); ?>"
+ <?php echo \esc_attr( $key ); ?>="<?php echo \esc_attr( $attr_val ); ?>"
<?php endforeach; ?>
<?php
@@ -36,15 +38,15 @@
<?php
if ( $field->has_placeholder() ) :
?>
- <option value=""><?php echo esc_html( $field->get_placeholder() ); ?></option><?php endif; ?>
+ <option value=""><?php echo \esc_html( $field->get_placeholder() ); ?></option><?php endif; ?>
<?php foreach ( $field->get_possible_values() as $possible_value => $label ) : ?>
<option
<?php
- if ( $possible_value === $value || ( is_array( $value ) && in_array( $possible_value, $value ) ) || ( is_numeric( $possible_value ) && is_numeric( $value ) && (int) $possible_value === (int) $value ) ) :
+ if ( $possible_value === $value || ( is_array( $value ) && in_array( $possible_value, $value, true ) ) || ( is_numeric( $possible_value ) && is_numeric( $value ) && (int) $possible_value === (int) $value ) ) :
?>
selected="selected"<?php endif; ?>
- value="<?php echo esc_attr( $possible_value ); ?>"
- ><?php echo esc_html( $label ); ?></option>
+ value="<?php echo \esc_attr( $possible_value ); ?>"
+ ><?php echo \esc_html( $label ); ?></option>
<?php endforeach; ?>
</select>
diff --git a/templates/textarea.php b/templates/textarea.php
index 4d140fa98473029bb9dc2c263c955aba2568df1e..8cf3846d8c3fd9e15175f04951845d4a6f071687 100644
--- a/templates/textarea.php
+++ b/templates/textarea.php
@@ -4,17 +4,18 @@
* @var string $name_prefix
* @var string $value
*/
+
?>
<textarea
- id="<?php echo esc_attr( $field->get_id() ); ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
<?php
if ( $field->has_classes() ) :
?>
- class="<?php echo esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>]"
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>]"
<?php foreach ( $field->get_attributes() as $key => $attr_val ) : ?>
- <?php echo esc_attr( $key ); ?>="<?php echo esc_attr( $attr_val ); ?>"
+ <?php echo \esc_attr( $key ); ?>="<?php echo \esc_attr( $attr_val ); ?>"
<?php endforeach; ?>
<?php
@@ -37,5 +38,5 @@
<?php
if ( $field->has_placeholder() ) :
?>
- placeholder="<?php echo esc_html( $field->get_placeholder() ); ?>"<?php endif; ?>
-><?php echo esc_html( $value ); ?></textarea>
+ placeholder="<?php echo \esc_html( $field->get_placeholder() ); ?>"<?php endif; ?>
+><?php echo \esc_html( $value ); ?></textarea>
diff --git a/templates/wyswig.php b/templates/wyswig.php
index 6bf06d3ac70791372ca16ec6c942a8bc32a18498..893aec944e15299fbef7002c2bce4d933ddcb102 100644
--- a/templates/wyswig.php
+++ b/templates/wyswig.php
@@ -4,23 +4,24 @@
* @var string $name_prefix
* @var string $value
*/
-?>
-<?php wp_print_styles( 'media-views' ); ?>
+
+wp_print_styles( 'media-views' ); ?>
+
<script>
window.SM_EditorInitialized = true;
</script>
<?php
-$id = uniqid( 'wyswig_' );
+$editor_id = uniqid( 'wyswig_' );
$editor_settings = [
- 'textarea_name' => esc_attr( $name_prefix ) . '[' . esc_attr( $field->get_name() ) . ']',
+ 'textarea_name' => \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']',
];
-wp_editor( wp_kses_post( $value ), $id, $editor_settings );
+wp_editor( wp_kses_post( $value ), $editor_id, $editor_settings );
?>
<script type="text/javascript">
(function () {
- ShopMagic.wyswig.init('<?php echo esc_attr( $id ); ?>');
+ ShopMagic.wyswig.init('<?php echo \esc_attr( $editor_id ); ?>');
}());
</script>