diff --git a/changelog.txt b/changelog.txt
index 476dabe3b5aeda43b3870122154395944c7f4905..803777782dddfaaed36a5d04a9fed23c2e85f6e6 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,5 +1,9 @@
# Changelog
+## [2.4.8] - 2021-09-27
+### Fixed
+- Add escaping functions to all templates
+
## [2.4.7] - 2021-09-20
### Fixed
- Add missing escaping functions in templates
diff --git a/composer.json b/composer.json
index 6a79cb8b9cb4beafebefa156376aceb5fd0e654b..42726f4820d31bc8a6f7f26fe7670998b92f8600 100644
--- a/composer.json
+++ b/composer.json
@@ -24,10 +24,9 @@
},
"require-dev": {
"phpunit/phpunit": "<7",
- "wp-coding-standards/wpcs": "^0.14.1",
- "squizlabs/php_codesniffer": "^3.0.2",
"mockery/mockery": "*",
- "10up/wp_mock": "*"
+ "10up/wp_mock": "*",
+ "wpdesk/wp-code-sniffer": "^1.2.3"
},
"autoload": {
"psr-4": {
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
new file mode 100644
index 0000000000000000000000000000000000000000..1b9bf7a255dfcde94aa06a7065b18b067017d29b
--- /dev/null
+++ b/phpcs.xml.dist
@@ -0,0 +1,48 @@
+<?xml version="1.0"?>
+<ruleset name="WordPress Coding Standards for WP Desk Plugin">
+
+ <!--
+ #############################################################################
+ COMMAND LINE ARGUMENTS
+ https://github.com/squizlabs/PHP_CodeSniffer/wiki/Annotated-ruleset.xml
+ #############################################################################
+ -->
+
+ <!-- Scan all files. -->
+ <file>./src</file>
+ <file>./templates</file>
+
+ <!-- Only check PHP files. -->
+ <arg name="extensions" value="php"/>
+
+ <!-- Show progress, show the error codes for each message (source). -->
+ <arg value="sp"/>
+
+ <!-- Check up to 8 files simultaneously. -->
+ <arg name="parallel" value="8"/>
+
+ <!-- Cache outcomes for better performance. Remember to add the file to .gitignore. -->
+ <arg name="cache" value="./.phpcs-cache"/>
+
+ <!--
+ #############################################################################
+ USE THE WPDeskCS RULESET
+ #############################################################################
+ -->
+
+ <!-- Define plugin text domain for i18n. -->
+ <config name="text_domain" value="wp-forms"/>
+
+ <!-- This value should be aligned with WordPress support version declared in plugin header -->
+ <config name="minimum_supported_wp_version" value="5.0"/>
+
+ <!-- Set value aligned with supported PHP Version for PHPCompatibilityWP check. -->
+ <config name="testVersion" value="7.0-"/>
+
+ <rule ref="WPDeskPlugin"/>
+
+ <rule ref="Squiz.Commenting.ClassComment.Missing">
+ <exclude name="Squiz.Commenting.ClassComment.Missing"/>
+ </rule>
+
+</ruleset>
diff --git a/templates/button.php b/templates/button.php
index 43c21190ad4326181dd29fd4a45f930642a7cc26..fd95750148a4356e87383c2aaaef789f4cc9a6fe 100644
--- a/templates/button.php
+++ b/templates/button.php
@@ -4,28 +4,32 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
+
?>
<button
-<?php if ($field->has_classes()): ?>
- class="<?php echo \esc_attr($field->get_classes()); ?>"
+<?php if ( $field->has_classes() ) : ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"
<?php endif; ?>
-<?php foreach ($field->get_attributes([]) as $key => $val): ?>
- <?php echo $key.'="'.\esc_attr($val).'"'; ?>
+<?php foreach ( $field->get_attributes( [] ) as $key => $val ) : ?>
+ <?php echo \esc_attr( $key ) . '="' . \esc_attr( $val ) . '"'; ?>
<?php endforeach; ?>
- type="<?php echo \esc_attr($field->get_type()); ?>"
- name="<?php echo \esc_attr($name_prefix).'['.\esc_attr($field->get_name()).']'?>"
- id="<?php echo \esc_attr($field->get_id()); ?>"
- value="<?php echo \esc_html($value); ?>"
+ type="<?php echo \esc_attr( $field->get_type() ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
+ value="<?php echo \esc_html( $value ); ?>"
- <?php if ($field->is_required()): ?>required="required"<?php endif; ?>
- <?php if ($field->is_disabled()): ?>disabled="disabled"<?php endif; ?>
- <?php if ($field->is_readonly()): ?>readonly="readonly"<?php endif; ?>
+ <?php
+ if ( $field->is_disabled() ) :
+ ?>
+ disabled="disabled"<?php endif; ?>
+ <?php
+ if ( $field->is_readonly() ) :
+ ?>
+ readonly="readonly"<?php endif; ?>
-><?php echo \esc_html($field->get_label()); ?></button>
+><?php echo \esc_html( $field->get_label() ); ?></button>
diff --git a/templates/form-end.php b/templates/form-end.php
index 7484d6e1db1aba308d78afa7cd384d5f27d4a845..f2a22fe4a673355530b136e880b65c2fc8349a7b 100644
--- a/templates/form-end.php
+++ b/templates/form-end.php
@@ -1,3 +1,9 @@
+<?php
+/**
+ * Form ending with hoverable tip snippet in js.
+ */
+
+?>
</tbody>
</table>
</form>
diff --git a/templates/form-field.php b/templates/form-field.php
index 971e53ba0447e37f1f3fcee0255f793797a29478..0fd07d5ef880bdee34de0d879e5c05299c846860 100644
--- a/templates/form-field.php
+++ b/templates/form-field.php
@@ -4,26 +4,32 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
+
?>
<tr valign="top">
- <?php if ( $field->has_label() ): ?>
- <?php echo $renderer->render( 'form-label', [ 'field' => $field ] ); ?>
+ <?php if ( $field->has_label() ) : ?>
+ <?php echo wp_kses_post( $renderer->render( 'form-label', [ 'field' => $field ] ) ); ?>
<?php endif; ?>
<td class="forminp">
- <?php echo $renderer->render( $template_name, [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
- ] ); ?>
+ <?php
+ echo wp_kses_post(
+ $renderer->render(
+ $template_name,
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
+ );
+ ?>
- <?php if ( $field->has_description() ): ?>
+ <?php if ( $field->has_description() ) : ?>
<p class="description"><?php echo wp_kses_post( $field->get_description() ); ?></p>
<?php endif; ?>
</td>
diff --git a/templates/form-label.php b/templates/form-label.php
index 703ed78e6909b409488e2697cb997c5dcb7ebe37..8eeaf286cfcf1622a9e3a73d2b93841e9c495944 100644
--- a/templates/form-label.php
+++ b/templates/form-label.php
@@ -4,11 +4,12 @@
* @var string $name_prefix
* @var string $value
*/
+
?>
<th class="titledesc" scope="row">
- <label for="<?php echo esc_attr( $field->get_id() ); ?>"><?php echo esc_html( $field->get_label() ); ?>
- <?php if ( $field->has_description_tip() ): ?>
- <?php echo wc_help_tip($field->get_description_tip()); ?>
+ <label for="<?php echo \esc_attr( $field->get_id() ); ?>"><?php echo \esc_html( $field->get_label() ); ?>
+ <?php if ( $field->has_description_tip() ) : ?>
+ <?php echo esc_html( wc_help_tip( $field->get_description_tip() ) ); ?>
<?php endif ?>
</label>
</th>
diff --git a/templates/form-start.php b/templates/form-start.php
index 10d7686b33c36da7e75ad8976b1363a368904eac..d311794d7f225049be5f3b1af565e76439b8a193 100644
--- a/templates/form-start.php
+++ b/templates/form-start.php
@@ -2,9 +2,10 @@
/**
* @var \WPDesk\Forms\Form\FormWithFields $form
*/
+
?>
-<form class="wrap woocommerce" method="<?php echo esc_attr($form->get_method()); ?>" action="<?php echo esc_attr($form->get_action()); ?>">
- <h2 style="display:none;"></h2><?php // All admin notices will be moved here by WP js ?>
+<form class="wrap woocommerce" method="<?php echo \esc_attr( $form->get_method() ); ?>" action="<?php echo \esc_attr( $form->get_action() ); ?>">
+ <h2 style="display:none;"></h2><?php // All admin notices will be moved here by WP js. ?>
<table class="form-table">
<tbody>
diff --git a/templates/header.php b/templates/header.php
index db07896cde8c2c90da788afbc6fc7d63bc302ffb..ec06536ea742126c9ee419c5a8a96fb8b03906fc 100644
--- a/templates/header.php
+++ b/templates/header.php
@@ -9,10 +9,10 @@ $header_size = (int) $field->get_meta_value( 'header_size' ) ?: 2;
$classes = $field->has_classes() ? 'class="' . esc_attr( $field->get_classes() ) . '"' : '';
?>
-<?php if ( $field->has_label() ): ?>
- <h<?php echo $header_size; ?> <?php echo $classes; ?>><?php echo esc_html( $field->get_label() ); ?></h<?php echo $header_size; ?>>
+<?php if ( $field->has_label() ) : ?>
+ <h<?php echo \esc_attr( $header_size ); ?> <?php echo \esc_attr( $classes ); ?>><?php echo \esc_html( $field->get_label() ); ?></h<?php echo \esc_attr( $header_size ); ?>>
<?php endif; ?>
-<?php if ( $field->has_description() ): ?>
- <p <?php echo $classes; ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
+<?php if ( $field->has_description() ) : ?>
+ <p <?php echo \esc_attr( $classes ); ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
<?php endif; ?>
diff --git a/templates/input-checkbox.php b/templates/input-checkbox.php
index 61dc39f5a6c06fa680a3969e7a53084c3e1bf0b1..8474091fbb6d8db0e476178312bb6f471f409e00 100644
--- a/templates/input-checkbox.php
+++ b/templates/input-checkbox.php
@@ -4,15 +4,20 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
+
?>
-<?php echo $renderer->render('input', [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
-]); ?>
+<?php
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
+);
diff --git a/templates/input-date-picker.php b/templates/input-date-picker.php
index 7dea70268a228dd4633706c03d931b613e93a9f1..3caa4c6b576606555c250c489df9f4b9bdd44a76 100644
--- a/templates/input-date-picker.php
+++ b/templates/input-date-picker.php
@@ -1,12 +1,20 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
-echo $renderer->render('input', ['field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value]);
+
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
+);
diff --git a/templates/input-hidden.php b/templates/input-hidden.php
index 3effbd29c61a8eb271e5b199110318710978c54e..638855251f89759e07211a11a1d4d797fc026a58 100644
--- a/templates/input-hidden.php
+++ b/templates/input-hidden.php
@@ -4,14 +4,19 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
+
?>
-<?php echo $renderer->render('input', [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
-]); ?>
+<?php
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
+);
diff --git a/templates/input-image.php b/templates/input-image.php
index 34d13882e2fc34d6c461dd95be4d8b8cce6379b3..5111c4c2c5af3cc159eb7e44597f4b46a5a5bf22 100644
--- a/templates/input-image.php
+++ b/templates/input-image.php
@@ -7,28 +7,28 @@
$media_container_id = 'media_' . sanitize_key( $field->get_id() );
?>
-<div class="media-input-wrapper" id="<?php echo $media_container_id; ?>">
- <input type="hidden" class="image-field-value" value="<?php echo \esc_html( $value ); ?>"
- name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>"
- id="<?php echo \esc_attr( $field->get_id() ); ?>"/>
- <div class="custom-img-container">
+<div class="media-input-wrapper" id="<?php echo \esc_attr( $media_container_id ); ?>">
+ <input type="hidden" class="image-field-value" value="<?php echo \esc_html( $value ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"/>
+ <div class="custom-img-container">
<?php if ( $value ) : ?>
- <img src="<?php echo \esc_html( $value ) ?>" alt="" width="100"/>
+ <img src="<?php echo \esc_url( $value ) ?>" alt="" width="100"/>
<?php endif; ?>
</div>
<p class="hide-if-no-js">
- <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo \esc_html( $value ) ?>">
- <?php _e( 'Set image', 'wp-forms' ) ?>
+ <a class="upload-custom-img <?php if ( $value ): ?>hidden<?php endif ?>" href="<?php echo \esc_url( $value ) ?>">
+ <?php \esc_html_e( 'Set image', 'wp-forms' ) ?>
</a>
<a class="delete-custom-img <?php if ( ! $value ): ?>hidden<?php endif ?>" href="#">
- <?php _e( 'Remove image', 'wp-forms' ) ?>
+ <?php \esc_html_e( 'Remove image', 'wp-forms' ) ?>
</a>
</p>
</div>
<script>
jQuery( function ( $ ) {
var frame,
- metaBox = $( '#<?php echo esc_attr( $media_container_id ); ?>' ),
+ metaBox = $( '#<?php echo \esc_attr( $media_container_id ); ?>' ),
addImgLink = metaBox.find( '.upload-custom-img' ),
delImgLink = metaBox.find( '.delete-custom-img' ),
imgContainer = metaBox.find( '.custom-img-container' ),
@@ -42,9 +42,9 @@ $media_container_id = 'media_' . sanitize_key( $field->get_id() );
}
frame = wp.media( {
- title: <?php _e( 'Select or Upload Media', 'wp-forms' ); ?>,
+ title: <?php esc_html_e( 'Select or Upload Media', 'wp-forms' ); ?>,
button: {
- text: <?php _e( 'Use this media', 'wp-forms' ); ?>
+ text: <?php esc_html_e( 'Use this media', 'wp-forms' ); ?>
},
library: {
type: ['image']
diff --git a/templates/input-number.php b/templates/input-number.php
index 7dea70268a228dd4633706c03d931b613e93a9f1..3caa4c6b576606555c250c489df9f4b9bdd44a76 100644
--- a/templates/input-number.php
+++ b/templates/input-number.php
@@ -1,12 +1,20 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
-echo $renderer->render('input', ['field' => $field, 'renderer' => $renderer, 'name_prefix' => $name_prefix, 'value' => $value]);
+
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
+);
diff --git a/templates/input-radio.php b/templates/input-radio.php
index 3effbd29c61a8eb271e5b199110318710978c54e..638855251f89759e07211a11a1d4d797fc026a58 100644
--- a/templates/input-radio.php
+++ b/templates/input-radio.php
@@ -4,14 +4,19 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
+
?>
-<?php echo $renderer->render('input', [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
-]); ?>
+<?php
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
+);
diff --git a/templates/input-submit.php b/templates/input-submit.php
index 5f676450462383025628b7c61a65355585efcb1f..bae3ce3c40857e82c287fc75e70827a468e288af 100644
--- a/templates/input-submit.php
+++ b/templates/input-submit.php
@@ -4,27 +4,38 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
+
?>
<tr>
<td style="padding-left:0;">
<p class="submit">
<input
- <?php if ( $field->has_classes() ): ?>class="<?php echo esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
- <?php foreach ( $field->get_attributes( [] ) as $key => $value ): ?>
- <?php echo $key ?>="<?php echo esc_attr( $value ); ?>"
+ <?php
+ if ( $field->has_classes() ) :
+ ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
+ <?php foreach ( $field->get_attributes( [] ) as $key => $value ) : ?>
+ <?php echo \esc_attr( $key ); ?>="<?php echo \esc_attr( $value ); ?>"
<?php endforeach; ?>
- type="<?php echo esc_attr( $field->get_type() ); ?>"
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>]"
- id="<?php echo esc_attr( $field->get_id() ); ?>"
- value="<?php echo esc_html( $field->get_label() ); ?>"
- <?php if ( $field->is_required() ): ?>required="required"<?php endif; ?>
- <?php if ( $field->is_disabled() ): ?>disabled="disabled"<?php endif; ?>
- <?php if ( $field->is_readonly() ): ?>readonly="readonly"<?php endif; ?>
+ type="<?php echo \esc_attr( $field->get_type() ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>]"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
+ value="<?php echo \esc_html( $field->get_label() ); ?>"
+ <?php
+ if ( $field->is_required() ) :
+ ?>
+ required="required"<?php endif; ?>
+ <?php
+ if ( $field->is_disabled() ) :
+ ?>
+ disabled="disabled"<?php endif; ?>
+ <?php
+ if ( $field->is_readonly() ) :
+ ?>
+ readonly="readonly"<?php endif; ?>
/>
</p>
</td>
diff --git a/templates/input-text-multiple.php b/templates/input-text-multiple.php
index 7d3fff829b5f52988afb67e097dac6aaed342495..371013d460c08017247573947a6c2f54e7a9a86a 100644
--- a/templates/input-text-multiple.php
+++ b/templates/input-text-multiple.php
@@ -4,51 +4,62 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
-?>
-<?php
-if( empty( $value ) || is_string( $value ) ) {
+
+if ( empty( $value ) || is_string( $value ) ) {
$input_values[] = '';
} else {
$input_values = $value;
}
?>
<div class="clone-element-container">
-<?php foreach( $input_values as $text_value ): ?>
-<?php if (!\in_array($field->get_type(), ['number', 'text', 'hidden'])): ?>
- <input type="hidden" name="<?php echo $name_prefix.'['.$field->get_name().']'; ?>" value="no"/>
+<?php foreach ( $input_values as $text_value ) : ?>
+ <?php if ( ! \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
+ <input type="hidden" name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>" value="no"/>
<?php endif; ?>
-<?php if ($field->get_type() === 'checkbox' && $field->has_sublabel()): ?><label><?php endif; ?>
+ <?php
+ if ( $field->get_type() === 'checkbox' && $field->has_sublabel() ) :
+ ?>
+ <label><?php endif; ?>
<div class="clone-wrapper">
<input
- type="<?php echo \esc_attr($field->get_type()); ?>"
- name="<?php echo \esc_attr($name_prefix).'['.\esc_attr($field->get_name()).'][]'; ?>"
- id="<?php echo \esc_attr($field->get_id()); ?>"
+ type="<?php echo \esc_attr( $field->get_type() ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . '][]'; ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
- <?php if ($field->has_classes()): ?>
- class="<?php echo \esc_attr($field->get_classes()); ?>"
+ <?php if ( $field->has_classes() ) : ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"
<?php endif; ?>
- <?php if ($field->get_type() === 'text' && $field->has_placeholder()):?>
- placeholder="<?php echo \esc_html($field->get_placeholder());?>"
+ <?php if ( $field->get_type() === 'text' && $field->has_placeholder() ) : ?>
+ placeholder="<?php echo \esc_html( $field->get_placeholder() ); ?>"
<?php endif; ?>
- <?php foreach ($field->get_attributes() as $key => $atr_val):
- echo $key.'="'.\esc_attr($atr_val).'"'; ?>
+ <?php
+ foreach ( $field->get_attributes() as $key => $atr_val ) :
+ echo \esc_attr( $key ) . '="' . \esc_attr( $atr_val ) . '"';
+ ?>
<?php endforeach; ?>
- <?php if ($field->is_required()): ?>required="required"<?php endif; ?>
- <?php if ($field->is_disabled()): ?>disabled="disabled"<?php endif; ?>
- <?php if ($field->is_readonly()): ?>readonly="readonly"<?php endif; ?>
- <?php if (\in_array($field->get_type(), ['number', 'text', 'hidden'])): ?>
- value="<?php echo \esc_html($text_value); ?>"
- <?php else: ?>
+ <?php
+ if ( $field->is_required() ) :
+ ?>
+ required="required"<?php endif; ?>
+ <?php
+ if ( $field->is_disabled() ) :
+ ?>
+ disabled="disabled"<?php endif; ?>
+ <?php
+ if ( $field->is_readonly() ) :
+ ?>
+ readonly="readonly"<?php endif; ?>
+ <?php if ( \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
+ value="<?php echo \esc_html( $text_value ); ?>"
+ <?php else : ?>
value="yes"
- <?php if ($value === 'yes'): ?>
+ <?php if ( $value === 'yes' ) : ?>
checked="checked"
<?php endif; ?>
<?php endif; ?>
@@ -57,25 +68,25 @@ if( empty( $value ) || is_string( $value ) ) {
<span class="remove-field hidden"><span class="dashicons dashicons-remove"></span></span>
</div>
- <?php if ($field->get_type() === 'checkbox' && $field->has_sublabel()): ?>
- <?php echo \esc_html($field->get_sublabel()); ?></label>
+ <?php if ( $field->get_type() === 'checkbox' && $field->has_sublabel() ) : ?>
+ <?php echo \esc_html( $field->get_sublabel() ); ?></label>
<?php endif; ?>
<?php endforeach; ?>
</div>
<style>
- .clone-element-container .clone-wrapper .add-field {
- display: none;
- }
- .clone-element-container .clone-wrapper:first-child .add-field {
- display: inline-block;
- }
+ .clone-element-container .clone-wrapper .add-field {
+ display: none;
+ }
+ .clone-element-container .clone-wrapper:first-child .add-field {
+ display: inline-block;
+ }
- .clone-element-container .clone-wrapper .remove-field {
- display: inline-block;
- }
- .clone-element-container .clone-wrapper:first-child .remove-field {
- display: none;
- }
+ .clone-element-container .clone-wrapper .remove-field {
+ display: inline-block;
+ }
+ .clone-element-container .clone-wrapper:first-child .remove-field {
+ display: none;
+ }
</style>
<script>
jQuery( function ( $ ) {
diff --git a/templates/input-text.php b/templates/input-text.php
index 3effbd29c61a8eb271e5b199110318710978c54e..3caa4c6b576606555c250c489df9f4b9bdd44a76 100644
--- a/templates/input-text.php
+++ b/templates/input-text.php
@@ -4,14 +4,17 @@
* @var \WPDesk\View\Renderer\Renderer $renderer
* @var string $name_prefix
* @var string $value
- *
* @var string $template_name Real field template.
- *
*/
-?>
-<?php echo $renderer->render('input', [
- 'field' => $field,
- 'renderer' => $renderer,
- 'name_prefix' => $name_prefix,
- 'value' => $value,
-]); ?>
+
+echo wp_kses_post(
+ $renderer->render(
+ 'input',
+ [
+ 'field' => $field,
+ 'renderer' => $renderer,
+ 'name_prefix' => $name_prefix,
+ 'value' => $value,
+ ]
+ )
+);
diff --git a/templates/input.php b/templates/input.php
index b02e5eaccb625c0a3b0d0c1302e97e3eb8064da4..a4844b1c1e8ec1be5ea9b32532c5c0873f0f91ca 100644
--- a/templates/input.php
+++ b/templates/input.php
@@ -1,48 +1,60 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var string $name_prefix
* @var string $value
*/
-?>
-<?php if (!\in_array($field->get_type(), ['number', 'text', 'hidden'])): ?>
- <input type="hidden" name="<?php echo $name_prefix.'['.$field->get_name().']'; ?>" value="no"/>
+if ( ! \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
+ <input type="hidden" name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>" value="no"/>
<?php endif; ?>
-<?php if ($field->get_type() === 'checkbox' && $field->has_sublabel()): ?><label><?php endif; ?>
+<?php
+if ( $field->get_type() === 'checkbox' && $field->has_sublabel() ) :
+ ?>
+ <label><?php endif; ?>
<input
- type="<?php echo \esc_attr($field->get_type()); ?>"
- name="<?php echo \esc_attr($name_prefix).'['.\esc_attr($field->get_name()).']'; ?>"
- id="<?php echo \esc_attr($field->get_id()); ?>"
+ type="<?php echo \esc_attr( $field->get_type() ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']'; ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
- <?php if ($field->has_classes()): ?>
- class="<?php echo \esc_attr($field->get_classes()); ?>"
+ <?php if ( $field->has_classes() ) : ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"
<?php endif; ?>
- <?php if ($field->get_type() === 'text' && $field->has_placeholder()):?>
- placeholder="<?php echo \esc_html($field->get_placeholder());?>"
+ <?php if ( $field->get_type() === 'text' && $field->has_placeholder() ) : ?>
+ placeholder="<?php echo \esc_html( $field->get_placeholder() ); ?>"
<?php endif; ?>
- <?php foreach ($field->get_attributes() as $key => $atr_val):
- echo $key.'="'.\esc_attr($atr_val).'"'; ?>
+ <?php
+ foreach ( $field->get_attributes() as $key => $atr_val ) :
+ echo \esc_attr( $key ) . '="' . \esc_attr( $atr_val ) . '"';
+ ?>
<?php endforeach; ?>
- <?php if ($field->is_required()): ?>required="required"<?php endif; ?>
- <?php if ($field->is_disabled()): ?>disabled="disabled"<?php endif; ?>
- <?php if ($field->is_readonly()): ?>readonly="readonly"<?php endif; ?>
- <?php if (\in_array($field->get_type(), ['number', 'text', 'hidden'])): ?>
- value="<?php echo \esc_html($value); ?>"
- <?php else: ?>
+ <?php
+ if ( $field->is_required() ) :
+ ?>
+ required="required"<?php endif; ?>
+ <?php
+ if ( $field->is_disabled() ) :
+ ?>
+ disabled="disabled"<?php endif; ?>
+ <?php
+ if ( $field->is_readonly() ) :
+ ?>
+ readonly="readonly"<?php endif; ?>
+ <?php if ( \in_array( $field->get_type(), [ 'number', 'text', 'hidden' ], true ) ) : ?>
+ value="<?php echo \esc_html( $value ); ?>"
+ <?php else : ?>
value="yes"
- <?php if ($value === 'yes'): ?>
+ <?php if ( $value === 'yes' ) : ?>
checked="checked"
<?php endif; ?>
<?php endif; ?>
/>
-<?php if ($field->get_type() === 'checkbox' && $field->has_sublabel()): ?>
- <?php echo \esc_html($field->get_sublabel()); ?></label>
+<?php if ( $field->get_type() === 'checkbox' && $field->has_sublabel() ) : ?>
+ <?php echo \esc_html( $field->get_sublabel() ); ?></label>
<?php endif; ?>
diff --git a/templates/noonce.php b/templates/noonce.php
index 0cd58a561d5024e462e5c04cd9c471d7bc4794b7..edc9522d19a9f5d42e8b2b252d898fddecb93f3b 100644
--- a/templates/noonce.php
+++ b/templates/noonce.php
@@ -1,8 +1,8 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var string $name_prefix
* @var string $value
*/
-\wp_nonce_field($field->get_meta_value('action'), $name_prefix .'['. $field->get_name().']');
+
+\wp_nonce_field( $field->get_meta_value( 'action' ), $name_prefix . '[' . $field->get_name() . ']' );
diff --git a/templates/paragraph.php b/templates/paragraph.php
index 184e3943c5975b7f9d37ae199df61c3778c34a5f..85fb04c7acfb36f454fa48c32c6bffc8e955c5f0 100644
--- a/templates/paragraph.php
+++ b/templates/paragraph.php
@@ -4,12 +4,15 @@
* @var string $name_prefix
* @var string $value
*/
-?>
-<?php if ( $field->has_description() ): ?>
+if ( $field->has_description() ) : ?>
<tr>
<td style="padding-left:0;" colspan="2">
- <p <?php if ( $field->has_classes() ): ?>class="<?php echo $field->get_classes(); ?>"<?php endif; ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
+ <p
+ <?php
+ if ( $field->has_classes() ) :
+ ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>><?php echo wp_kses_post( $field->get_description() ); ?></p>
</td>
</tr>
<?php endif; ?>
diff --git a/templates/product-select.php b/templates/product-select.php
index 3efbbafe5f2a675bbd37171d63a1bdc2576e38ad..57dd47e8619e3df98ec71831647c2afb0bcd9d17 100644
--- a/templates/product-select.php
+++ b/templates/product-select.php
@@ -1,23 +1,26 @@
<?php
-
/**
* @var \WPDesk\Forms\Field $field
* @var string $name_prefix
* @var string[] $value
*/
+
?>
<select class="wc-product-search" multiple="multiple" style="width: 50%;"
- id="<?php echo esc_attr( $field->get_id() ); ?>"
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>][]"
- data-placeholder="<?php esc_attr_e( 'Search for a product…', 'woocommerce' ); ?>"
- data-action="woocommerce_json_search_products_and_variations">
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>][]"
+ data-placeholder="<?php \esc_attr_e( 'Search for a product…', 'wp-forms' ); ?>"
+ data-action="woocommerce_json_search_products_and_variations">
<?php
foreach ( (array) $value as $product_id ) {
$product = wc_get_product( $product_id );
if ( is_object( $product ) ) {
- echo '<option value="' . esc_attr( $product_id ) . '"' . selected( true, true,
- false ) . '>' . wp_kses_post( $product->get_formatted_name() ) . '</option>';
+ echo '<option value="' . \esc_attr( $product_id ) . '"' . selected(
+ true,
+ true,
+ false
+ ) . '>' . wp_kses_post( $product->get_formatted_name() ) . '</option>';
}
}
?>
diff --git a/templates/select.php b/templates/select.php
index 0c533967388ea7e2dd27e3ccc7bf44bd748a8856..625c316bef04162c50b397f3759d4a623190b36f 100644
--- a/templates/select.php
+++ b/templates/select.php
@@ -4,26 +4,49 @@
* @var string $name_prefix
* @var mixed $value
*/
+
?>
+
<select
- id="<?php echo esc_attr( $field->get_id() ); ?>"
- <?php if ($field->has_classes()): ?>class="<?php echo esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>]<?php echo $field->is_multiple()? '[]' : ''; ?>"
- <?php foreach ($field->get_attributes() as $key => $attr_val): ?>
- <?php echo esc_attr($key); ?>="<?php echo esc_attr($attr_val); ?>"
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
+ <?php
+ if ( $field->has_classes() ) :
+ ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>]<?php echo \esc_attr( $field->is_multiple() ) ? '[]' : ''; ?>"
+ <?php foreach ( $field->get_attributes() as $key => $attr_val ) : ?>
+ <?php echo \esc_attr( $key ); ?>="<?php echo \esc_attr( $attr_val ); ?>"
<?php endforeach; ?>
- <?php if ($field->is_required()): ?>required="required"<?php endif; ?>
- <?php if ($field->is_disabled()): ?>disabled="disabled"<?php endif; ?>
- <?php if ($field->is_readonly()): ?>readonly="readonly"<?php endif; ?>
- <?php if ($field->is_multiple()): ?>multiple="multiple"<?php endif; ?>
+ <?php
+ if ( $field->is_required() ) :
+ ?>
+ required="required"<?php endif; ?>
+ <?php
+ if ( $field->is_disabled() ) :
+ ?>
+ disabled="disabled"<?php endif; ?>
+ <?php
+ if ( $field->is_readonly() ) :
+ ?>
+ readonly="readonly"<?php endif; ?>
+ <?php
+ if ( $field->is_multiple() ) :
+ ?>
+ multiple="multiple"<?php endif; ?>
>
- <?php if ( $field->has_placeholder() ): ?><option value=""><?php echo esc_html( $field->get_placeholder() ); ?></option><?php endif; ?>
+ <?php
+ if ( $field->has_placeholder() ) :
+ ?>
+ <option value=""><?php echo \esc_html( $field->get_placeholder() ); ?></option><?php endif; ?>
- <?php foreach ( $field->get_possible_values() as $possible_value => $label ): ?>
+ <?php foreach ( $field->get_possible_values() as $possible_value => $label ) : ?>
<option
- <?php if ( $possible_value === $value || (is_array($value) && in_array($possible_value, $value)) || (is_numeric($possible_value) && is_numeric($value) && (int) $possible_value === (int) $value )): ?>selected="selected"<?php endif; ?>
- value="<?php echo esc_attr( $possible_value ); ?>"
- ><?php echo esc_html( $label ); ?></option>
+ <?php
+ if ( $possible_value === $value || ( is_array( $value ) && in_array( $possible_value, $value, true ) ) || ( is_numeric( $possible_value ) && is_numeric( $value ) && (int) $possible_value === (int) $value ) ) :
+ ?>
+ selected="selected"<?php endif; ?>
+ value="<?php echo \esc_attr( $possible_value ); ?>"
+ ><?php echo \esc_html( $label ); ?></option>
<?php endforeach; ?>
</select>
diff --git a/templates/textarea.php b/templates/textarea.php
index cf2f2a7006edeb1d2aa59d8b7c59a547b1a320e6..8cf3846d8c3fd9e15175f04951845d4a6f071687 100644
--- a/templates/textarea.php
+++ b/templates/textarea.php
@@ -4,20 +4,39 @@
* @var string $name_prefix
* @var string $value
*/
+
?>
<textarea
- id="<?php echo esc_attr( $field->get_id() ); ?>"
- <?php if ( $field->has_classes() ): ?>class="<?php echo esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
- name="<?php echo esc_attr( $name_prefix ); ?>[<?php echo esc_attr( $field->get_name() ); ?>]"
- <?php foreach ( $field->get_attributes() as $key => $attr_val ): ?>
- <?php echo esc_attr( $key ); ?>="<?php echo esc_attr( $attr_val ); ?>"
- <?php endforeach; ?>
+ id="<?php echo \esc_attr( $field->get_id() ); ?>"
+ <?php
+ if ( $field->has_classes() ) :
+ ?>
+ class="<?php echo \esc_attr( $field->get_classes() ); ?>"<?php endif; ?>
+ name="<?php echo \esc_attr( $name_prefix ); ?>[<?php echo \esc_attr( $field->get_name() ); ?>]"
+ <?php foreach ( $field->get_attributes() as $key => $attr_val ) : ?>
+ <?php echo \esc_attr( $key ); ?>="<?php echo \esc_attr( $attr_val ); ?>"
+ <?php endforeach; ?>
- <?php if ( $field->is_required() ): ?>required="required"<?php endif; ?>
- <?php if ( $field->is_disabled() ): ?>disabled="disabled"<?php endif; ?>
- <?php if ( $field->is_readonly() ): ?>readonly="readonly"<?php endif; ?>
- <?php if ( $field->is_multiple() ): ?>multiple="multiple"<?php endif; ?>
+ <?php
+ if ( $field->is_required() ) :
+ ?>
+ required="required"<?php endif; ?>
+ <?php
+ if ( $field->is_disabled() ) :
+ ?>
+ disabled="disabled"<?php endif; ?>
+ <?php
+ if ( $field->is_readonly() ) :
+ ?>
+ readonly="readonly"<?php endif; ?>
+ <?php
+ if ( $field->is_multiple() ) :
+ ?>
+ multiple="multiple"<?php endif; ?>
- <?php if ( $field->has_placeholder() ): ?>placeholder="<?php echo esc_html( $field->get_placeholder() ); ?>"<?php endif; ?>
-><?php echo esc_html( $value ); ?></textarea>
+ <?php
+ if ( $field->has_placeholder() ) :
+ ?>
+ placeholder="<?php echo \esc_html( $field->get_placeholder() ); ?>"<?php endif; ?>
+><?php echo \esc_html( $value ); ?></textarea>
diff --git a/templates/wyswig.php b/templates/wyswig.php
index fd1ea9daa103a72921b0fee100309329b59c21d8..893aec944e15299fbef7002c2bce4d933ddcb102 100644
--- a/templates/wyswig.php
+++ b/templates/wyswig.php
@@ -4,23 +4,24 @@
* @var string $name_prefix
* @var string $value
*/
-?>
-<?php wp_print_styles( 'media-views' ); ?>
+
+wp_print_styles( 'media-views' ); ?>
+
<script>
window.SM_EditorInitialized = true;
</script>
<?php
-$id = uniqid( 'wyswig_' );
-$editor_settings = array(
- 'textarea_name' => esc_attr( $name_prefix ) . '[' . esc_attr( $field->get_name() ) . ']'
-);
+$editor_id = uniqid( 'wyswig_' );
+$editor_settings = [
+ 'textarea_name' => \esc_attr( $name_prefix ) . '[' . \esc_attr( $field->get_name() ) . ']',
+];
-wp_editor( wp_kses_post( $value ), $id, $editor_settings );
+wp_editor( wp_kses_post( $value ), $editor_id, $editor_settings );
?>
<script type="text/javascript">
(function () {
- ShopMagic.wyswig.init('<?php echo $id; ?>');
+ ShopMagic.wyswig.init('<?php echo \esc_attr( $editor_id ); ?>');
}());
</script>