diff --git a/templates/header.php b/templates/header.php index 48b0f1160fb41cc8f5e66205a47e9fc2babb5e57..db07896cde8c2c90da788afbc6fc7d63bc302ffb 100644 --- a/templates/header.php +++ b/templates/header.php @@ -5,9 +5,8 @@ * @var string $value */ -$header_size = $field->get_meta_value( 'header_size' ) ?: '2'; -$classes = $field->has_classes() ? 'class="' . $field->get_classes() . '"' : ''; - +$header_size = (int) $field->get_meta_value( 'header_size' ) ?: 2; +$classes = $field->has_classes() ? 'class="' . esc_attr( $field->get_classes() ) . '"' : ''; ?> <?php if ( $field->has_label() ): ?> diff --git a/templates/input-image.php b/templates/input-image.php index 18fba1b21f82e8488fe9b73b995fb002ef98d5f6..34d13882e2fc34d6c461dd95be4d8b8cce6379b3 100644 --- a/templates/input-image.php +++ b/templates/input-image.php @@ -13,11 +13,11 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() ); id="<?php echo \esc_attr( $field->get_id() ); ?>"/> <div class="custom-img-container"> <?php if ( $value ) : ?> - <img src="<?php echo $value ?>" alt="" width="100"/> + <img src="<?php echo \esc_html( $value ) ?>" alt="" width="100"/> <?php endif; ?> </div> <p class="hide-if-no-js"> - <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo $value ?>"> + <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo \esc_html( $value ) ?>"> <?php _e( 'Set image', 'wp-forms' ) ?> </a> <a class="delete-custom-img <?php if ( ! $value ): ?>hidden<?php endif ?>" href="#"> @@ -28,7 +28,7 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() ); <script> jQuery( function ( $ ) { var frame, - metaBox = $( '#<?php echo $media_container_id; ?>' ), + metaBox = $( '#<?php echo esc_attr( $media_container_id ); ?>' ), addImgLink = metaBox.find( '.upload-custom-img' ), delImgLink = metaBox.find( '.delete-custom-img' ), imgContainer = metaBox.find( '.custom-img-container' ),