feat: add escaping functions in templates

47c8e032 · Bartek Jaskulski · 7596dd72 · 47c8e032 · 47c8e032
Unverified Commit 47c8e032 authored 3 years ago by Bartek Jaskulski
--- a/templates/textarea.php
+++ b/templates/textarea.php
@@ -4,17 +4,18 @@
 * @var string $name_prefix
 * @var string $value
 */
+
 ?>

 <textarea
-	id="<?php echo esc_attr( $field->get_id() ); ?>"
+	id="<?php echo \esc_attr( $field->get_id() ); ?>"
 		<?php
 		if ( $field->has_classes() ) :
 			?>
-			class="<?php echo esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
-	name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>]"
+			class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
+	name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>]"
 	<?php foreach ( $field->get_attributes() as $key => $attr_val ) : ?>
-		<?php echo esc_attr( $key ); ?>="<?php echo esc_attr( $attr_val ); ?>"
+		<?php echo \esc_attr( $key ); ?>="<?php echo \esc_attr( $attr_val ); ?>"
 	<?php endforeach; ?>

 	<?php
@@ -37,5 +38,5 @@
 	<?php
 	if ( $field->has_placeholder() ) :
 		?>
-		placeholder="<?php echo esc_html( $field->get_placeholder() ); ?>"<?php endif; ?>
-><?php echo esc_html( $value ); ?></textarea>
+		placeholder="<?php echo \esc_html( $field->get_placeholder() ); ?>"<?php endif; ?>
+><?php echo \esc_html( $value ); ?></textarea>
--- a/templates/wyswig.php
+++ b/templates/wyswig.php
@@ -4,23 +4,24 @@
 * @var string $name_prefix
 * @var string $value
 */
-?>
-<?php wp_print_styles( 'media-views' ); ?>
+
+wp_print_styles( 'media-views' ); ?>
+
 <script>
 	window.SM_EditorInitialized = true;
 </script>


 <?php
-$id              = uniqid( 'wyswig_' );
+$editor_id       = uniqid( 'wyswig_' );
 $editor_settings = [
-	'textarea_name' => esc_attr( $name_prefix ) . '[' . esc_attr( $field->get_name() ) . ']',
+	'textarea_name' => \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']',
 ];

-wp_editor( wp_kses_post( $value ), $id, $editor_settings );
+wp_editor( wp_kses_post( $value ), $editor_id, $editor_settings );
 ?>
 <script type="text/javascript">
 	(function () {
-		ShopMagic.wyswig.init('<?php echo esc_attr( $id ); ?>');
+		ShopMagic.wyswig.init('<?php echo \esc_attr( $editor_id ); ?>');
 	}());
 </script>