From 7062802babff0e7afe689bde49fd8064ef0b7305 Mon Sep 17 00:00:00 2001 From: Marcin Kolanko <marcin@inspirelabs.pl> Date: Tue, 28 Sep 2021 15:35:28 +0200 Subject: [PATCH] fix(templates): remove wp_kses_post for parent templates --- templates/button.php | 1 + templates/form-field.php | 14 ++------------ templates/form-label.php | 2 +- templates/input-checkbox.php | 12 +----------- templates/input-date-picker.php | 13 ++----------- templates/input-hidden.php | 12 +----------- templates/input-image.php | 28 ++++++++++++++++++---------- templates/input-number.php | 12 +----------- templates/input-radio.php | 12 +----------- templates/input-text.php | 12 +----------- 10 files changed, 29 insertions(+), 89 deletions(-) diff --git a/templates/button.php b/templates/button.php index fd95750..214417d 100644 --- a/templates/button.php +++ b/templates/button.php @@ -33,3 +33,4 @@ readonly="readonly"<?php endif; ?> ><?php echo \esc_html( $field->get_label() ); ?></button> + diff --git a/templates/form-field.php b/templates/form-field.php index 0fd07d5..375e823 100644 --- a/templates/form-field.php +++ b/templates/form-field.php @@ -11,22 +11,12 @@ <tr valign="top"> <?php if ( $field->has_label() ) : ?> - <?php echo wp_kses_post( $renderer->render( 'form-label', [ 'field' => $field ] ) ); ?> + <?php echo $renderer->render( 'form-label', [ 'field' => $field ] ); // phpcs:ignore ?> <?php endif; ?> <td class="forminp"> <?php - echo wp_kses_post( - $renderer->render( - $template_name, - [ - 'field' => $field, - 'renderer' => $renderer, - 'name_prefix' => $name_prefix, - 'value' => $value, - ] - ) - ); + echo $renderer->render( $template_name, [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ]); // phpcs:ignore ?> <?php if ( $field->has_description() ) : ?> diff --git a/templates/form-label.php b/templates/form-label.php index 8eeaf28..9d960fe 100644 --- a/templates/form-label.php +++ b/templates/form-label.php @@ -9,7 +9,7 @@ <th class="titledesc" scope="row"> <label for="<?php echo \esc_attr( $field->get_id() ); ?>"><?php echo \esc_html( $field->get_label() ); ?> <?php if ( $field->has_description_tip() ) : ?> - <?php echo esc_html( wc_help_tip( $field->get_description_tip() ) ); ?> + <?php echo wp_kses_post( wc_help_tip( $field->get_description_tip() ) ); ?> <?php endif ?> </label> </th> diff --git a/templates/input-checkbox.php b/templates/input-checkbox.php index 8474091..d843e9d 100644 --- a/templates/input-checkbox.php +++ b/templates/input-checkbox.php @@ -10,14 +10,4 @@ ?> <?php -echo wp_kses_post( - $renderer->render( - 'input', - [ - 'field' => $field, - 'renderer' => $renderer, - 'name_prefix' => $name_prefix, - 'value' => $value, - ] - ) -); +echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] ); // phpcs:ignore; diff --git a/templates/input-date-picker.php b/templates/input-date-picker.php index 3caa4c6..4257825 100644 --- a/templates/input-date-picker.php +++ b/templates/input-date-picker.php @@ -7,14 +7,5 @@ * @var string $template_name Real field template. */ -echo wp_kses_post( - $renderer->render( - 'input', - [ - 'field' => $field, - 'renderer' => $renderer, - 'name_prefix' => $name_prefix, - 'value' => $value, - ] - ) -); +echo $renderer->render( 'input',[ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ]); // phpcs:ignore + diff --git a/templates/input-hidden.php b/templates/input-hidden.php index 6388552..41957f0 100644 --- a/templates/input-hidden.php +++ b/templates/input-hidden.php @@ -9,14 +9,4 @@ ?> <?php -echo wp_kses_post( - $renderer->render( - 'input', - [ - 'field' => $field, - 'renderer' => $renderer, - 'name_prefix' => $name_prefix, - 'value' => $value, - ] - ) -); +echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] ); // phpcs:ignore diff --git a/templates/input-image.php b/templates/input-image.php index 5111c4c..ce099e4 100644 --- a/templates/input-image.php +++ b/templates/input-image.php @@ -13,17 +13,25 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() ); id="<?php echo \esc_attr( $field->get_id() ); ?>"/> <div class="custom-img-container"> <?php if ( $value ) : ?> - <img src="<?php echo \esc_url( $value ) ?>" alt="" width="100"/> + <img src="<?php echo \esc_url( $value ); ?>" alt="" width="100"/> <?php endif; ?> - </div> - <p class="hide-if-no-js"> - <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo \esc_url( $value ) ?>"> - <?php \esc_html_e( 'Set image', 'wp-forms' ) ?> - </a> - <a class="delete-custom-img <?php if ( ! $value ): ?>hidden<?php endif ?>" href="#"> - <?php \esc_html_e( 'Remove image', 'wp-forms' ) ?> - </a> - </p> + </div> + <p class="hide-if-no-js"> + <a class="upload-custom-img + <?php + if ( $value ) : + ?> + hidden<?php endif ?>" href="<?php echo \esc_url( $value ); ?>"> + <?php \esc_html_e( 'Set image', 'wp-forms' ); ?> + </a> + <a class="delete-custom-img + <?php + if ( ! $value ) : + ?> + hidden<?php endif ?>" href="#"> + <?php \esc_html_e( 'Remove image', 'wp-forms' ); ?> + </a> + </p> </div> <script> jQuery( function ( $ ) { diff --git a/templates/input-number.php b/templates/input-number.php index 3caa4c6..5597109 100644 --- a/templates/input-number.php +++ b/templates/input-number.php @@ -7,14 +7,4 @@ * @var string $template_name Real field template. */ -echo wp_kses_post( - $renderer->render( - 'input', - [ - 'field' => $field, - 'renderer' => $renderer, - 'name_prefix' => $name_prefix, - 'value' => $value, - ] - ) -); +echo $renderer->render( 'input', ['field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix,'value' => $value ] ); // phpcs:ignore diff --git a/templates/input-radio.php b/templates/input-radio.php index 6388552..5ba991f 100644 --- a/templates/input-radio.php +++ b/templates/input-radio.php @@ -9,14 +9,4 @@ ?> <?php -echo wp_kses_post( - $renderer->render( - 'input', - [ - 'field' => $field, - 'renderer' => $renderer, - 'name_prefix' => $name_prefix, - 'value' => $value, - ] - ) -); +echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] ); // phpcs:ignore diff --git a/templates/input-text.php b/templates/input-text.php index 3caa4c6..a45c64c 100644 --- a/templates/input-text.php +++ b/templates/input-text.php @@ -7,14 +7,4 @@ * @var string $template_name Real field template. */ -echo wp_kses_post( - $renderer->render( - 'input', - [ - 'field' => $field, - 'renderer' => $renderer, - 'name_prefix' => $name_prefix, - 'value' => $value, - ] - ) -); +echo $renderer->render( 'input', [ 'field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value ] ); // phpcs:ignore -- GitLab