Skip to content
Snippets Groups Projects
Commit 85ebe6b4 authored by potreb's avatar potreb
Browse files

fix: escaping

parent ad2e49a5
No related branches found
No related tags found
3 merge requests!28release: 3.0.0,!23Feature/strong typing pp,!19Add strong typing for 3.0 version
Pipeline #6076 passed
...@@ -5,8 +5,8 @@ ...@@ -5,8 +5,8 @@
* @var string $value * @var string $value
*/ */
$header_size = $field->get_meta_value( 'header_size' ) ?: '2'; $header_size = (int) $field->get_meta_value( 'header_size' ) ?: 2;
$classes = $field->has_classes() ? 'class="' . $field->get_classes() . '"' : ''; $classes = $field->has_classes() ? 'class="' . esc_attr( $field->get_classes() ) . '"' : '';
?> ?>
......
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
$media_container_id = 'media_' . sanitize_key( $field->get_id() ); $media_container_id = 'media_' . sanitize_key( $field->get_id() );
?> ?>
<div class="media-input-wrapper" id="<?php echo $media_container_id; ?>"> <div class="media-input-wrapper" id="<?php echo esc_attr( $media_container_id ); ?>">
<input type="hidden" class="image-field-value" value="<?php echo \esc_html( $value ); ?>" <input type="hidden" class="image-field-value" value="<?php echo \esc_html( $value ); ?>"
name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>" name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>"
id="<?php echo \esc_attr( $field->get_id() ); ?>"/> id="<?php echo \esc_attr( $field->get_id() ); ?>"/>
...@@ -36,7 +36,7 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() ); ...@@ -36,7 +36,7 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() );
<script> <script>
jQuery( function ( $ ) { jQuery( function ( $ ) {
var frame, var frame,
metaBox = $( '#<?php echo $media_container_id; ?>' ), metaBox = $( '#<?php echo esc_attr( $media_container_id ); ?>' ),
addImgLink = metaBox.find( '.upload-custom-img' ), addImgLink = metaBox.find( '.upload-custom-img' ),
delImgLink = metaBox.find( '.delete-custom-img' ), delImgLink = metaBox.find( '.delete-custom-img' ),
imgContainer = metaBox.find( '.custom-img-container' ), imgContainer = metaBox.find( '.custom-img-container' ),
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment