From 7062802babff0e7afe689bde49fd8064ef0b7305 Mon Sep 17 00:00:00 2001
From: Marcin Kolanko <marcin@inspirelabs.pl>
Date: Tue, 28 Sep 2021 15:35:28 +0200
Subject: [PATCH] fix(templates): remove wp_kses_post for parent templates

---
 templates/button.php            |  1 +
 templates/form-field.php        | 14 ++------------
 templates/form-label.php        |  2 +-
 templates/input-checkbox.php    | 12 +-----------
 templates/input-date-picker.php | 13 ++-----------
 templates/input-hidden.php      | 12 +-----------
 templates/input-image.php       | 28 ++++++++++++++++++----------
 templates/input-number.php      | 12 +-----------
 templates/input-radio.php       | 12 +-----------
 templates/input-text.php        | 12 +-----------
 10 files changed, 29 insertions(+), 89 deletions(-)

diff --git a/templates/button.php b/templates/button.php
index fd95750..214417d 100644
--- a/templates/button.php
+++ b/templates/button.php
@@ -33,3 +33,4 @@
 		readonly="readonly"<?php endif; ?>
 
 ><?php echo \esc_html( $field->get_label() ); ?></button>
+
diff --git a/templates/form-field.php b/templates/form-field.php
index 0fd07d5..375e823 100644
--- a/templates/form-field.php
+++ b/templates/form-field.php
@@ -11,22 +11,12 @@
 
 <tr valign="top">
 	<?php if ( $field->has_label() ) : ?>
-		<?php echo wp_kses_post( $renderer->render( 'form-label', [ 'field' => $field ] ) ); ?>
+		<?php echo $renderer->render( 'form-label', [ 'field' => $field ] );  // phpcs:ignore ?>
 	<?php endif; ?>
 
 	<td class="forminp">
 		<?php
-		echo wp_kses_post(
-			$renderer->render(
-				$template_name,
-				[
-					'field'       => $field,
-					'renderer'    => $renderer,
-					'name_prefix' => $name_prefix,
-					'value'       => $value,
-				]
-			)
-		);
+		echo $renderer->render( $template_name, [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ]); // phpcs:ignore
 		?>
 
 		<?php if ( $field->has_description() ) : ?>
diff --git a/templates/form-label.php b/templates/form-label.php
index 8eeaf28..9d960fe 100644
--- a/templates/form-label.php
+++ b/templates/form-label.php
@@ -9,7 +9,7 @@
 <th class="titledesc" scope="row">
 	<label for="<?php echo \esc_attr( $field->get_id() ); ?>"><?php echo \esc_html( $field->get_label() ); ?>
 		<?php if ( $field->has_description_tip() ) : ?>
-			<?php echo esc_html( wc_help_tip( $field->get_description_tip() ) ); ?>
+			<?php echo wp_kses_post( wc_help_tip( $field->get_description_tip() ) ); ?>
 		<?php endif ?>
 	</label>
 </th>
diff --git a/templates/input-checkbox.php b/templates/input-checkbox.php
index 8474091..d843e9d 100644
--- a/templates/input-checkbox.php
+++ b/templates/input-checkbox.php
@@ -10,14 +10,4 @@
 ?>
 
 <?php
-echo wp_kses_post(
-	$renderer->render(
-		'input',
-		[
-			'field'       => $field,
-			'renderer'    => $renderer,
-			'name_prefix' => $name_prefix,
-			'value'       => $value,
-		]
-	)
-);
+echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] );  // phpcs:ignore;
diff --git a/templates/input-date-picker.php b/templates/input-date-picker.php
index 3caa4c6..4257825 100644
--- a/templates/input-date-picker.php
+++ b/templates/input-date-picker.php
@@ -7,14 +7,5 @@
  * @var string $template_name Real field template.
  */
 
-echo wp_kses_post(
-	$renderer->render(
-		'input',
-		[
-			'field'       => $field,
-			'renderer'    => $renderer,
-			'name_prefix' => $name_prefix,
-			'value'       => $value,
-		]
-	)
-);
+echo $renderer->render( 'input',[ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ]); // phpcs:ignore
+
diff --git a/templates/input-hidden.php b/templates/input-hidden.php
index 6388552..41957f0 100644
--- a/templates/input-hidden.php
+++ b/templates/input-hidden.php
@@ -9,14 +9,4 @@
 
 ?>
 <?php
-echo wp_kses_post(
-	$renderer->render(
-		'input',
-		[
-			'field'       => $field,
-			'renderer'    => $renderer,
-			'name_prefix' => $name_prefix,
-			'value'       => $value,
-		]
-	)
-);
+echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] ); // phpcs:ignore
diff --git a/templates/input-image.php b/templates/input-image.php
index 5111c4c..ce099e4 100644
--- a/templates/input-image.php
+++ b/templates/input-image.php
@@ -13,17 +13,25 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() );
 			id="<?php echo \esc_attr( $field->get_id() ); ?>"/>
 	<div class="custom-img-container">
 		<?php if ( $value ) : ?>
-            <img src="<?php echo \esc_url( $value ) ?>" alt="" width="100"/>
+			<img src="<?php echo \esc_url( $value ); ?>" alt="" width="100"/>
 		<?php endif; ?>
-    </div>
-    <p class="hide-if-no-js">
-        <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo \esc_url( $value ) ?>">
-			<?php \esc_html_e( 'Set image', 'wp-forms' ) ?>
-        </a>
-        <a class="delete-custom-img <?php if ( ! $value ): ?>hidden<?php endif ?>" href="#">
-			<?php \esc_html_e( 'Remove image', 'wp-forms' ) ?>
-        </a>
-    </p>
+	</div>
+	<p class="hide-if-no-js">
+		<a class="upload-custom-img 
+		<?php
+		if ( $value ) :
+			?>
+			hidden<?php endif ?>" href="<?php echo \esc_url( $value ); ?>">
+			<?php \esc_html_e( 'Set image', 'wp-forms' ); ?>
+		</a>
+		<a class="delete-custom-img 
+		<?php
+		if ( ! $value ) :
+			?>
+			hidden<?php endif ?>" href="#">
+			<?php \esc_html_e( 'Remove image', 'wp-forms' ); ?>
+		</a>
+	</p>
 </div>
 <script>
 	jQuery( function ( $ ) {
diff --git a/templates/input-number.php b/templates/input-number.php
index 3caa4c6..5597109 100644
--- a/templates/input-number.php
+++ b/templates/input-number.php
@@ -7,14 +7,4 @@
  * @var string $template_name Real field template.
  */
 
-echo wp_kses_post(
-	$renderer->render(
-		'input',
-		[
-			'field'       => $field,
-			'renderer'    => $renderer,
-			'name_prefix' => $name_prefix,
-			'value'       => $value,
-		]
-	)
-);
+echo $renderer->render( 'input', ['field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix,'value' => $value ] ); // phpcs:ignore
diff --git a/templates/input-radio.php b/templates/input-radio.php
index 6388552..5ba991f 100644
--- a/templates/input-radio.php
+++ b/templates/input-radio.php
@@ -9,14 +9,4 @@
 
 ?>
 <?php
-echo wp_kses_post(
-	$renderer->render(
-		'input',
-		[
-			'field'       => $field,
-			'renderer'    => $renderer,
-			'name_prefix' => $name_prefix,
-			'value'       => $value,
-		]
-	)
-);
+echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] );  // phpcs:ignore
diff --git a/templates/input-text.php b/templates/input-text.php
index 3caa4c6..a45c64c 100644
--- a/templates/input-text.php
+++ b/templates/input-text.php
@@ -7,14 +7,4 @@
  * @var string $template_name Real field template.
  */
 
-echo wp_kses_post(
-	$renderer->render(
-		'input',
-		[
-			'field'       => $field,
-			'renderer'    => $renderer,
-			'name_prefix' => $name_prefix,
-			'value'       => $value,
-		]
-	)
-);
+echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] ); // phpcs:ignore
-- 
GitLab