Meishin/MinimalistFlex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Use esc_url instead of esc_attr for URLs. Improves security.

Browse Source
This commit is contained in:
Frank419 2024-08-27 13:02:56 +08:00
parent dcc18b8452
commit 57d25f9098
6 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
includes/class-color-palette-control.php
View File

@ -33,10 +33,10 @@ class MinimalistFlex_Color_Palette_Custom_Control extends WP_Customize_Control
<div> <div>
<ul class='palettes'> <ul class='palettes'>
<li class="palette palette-clear"><button id="minimalistflex-palette-minimal"><?php echo esc_html_x( 'Minimal', 'color palette', 'minimalistflex' ) ?></li> <li class="palette palette-clear"><button id="minimalistflex-palette-minimal"><?php echo esc_html_x( 'Minimal', 'color palette', 'minimalistflex' ) ?></li>
<li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette.png' ) ?>')"><button id="minimalistflex-palette-light"><?php echo esc_html_x( 'Light', 'color palette', 'minimalistflex' ) ?></li> <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette.png' ) ?>')"><button id="minimalistflex-palette-light"><?php echo esc_html_x( 'Light', 'color palette', 'minimalistflex' ) ?></li>
<li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette2.png' ) ?>')"><button id="minimalistflex-palette-dark"><?php echo esc_html_x( 'Dark', 'color palette', 'minimalistflex' ) ?></li> <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette2.png' ) ?>')"><button id="minimalistflex-palette-dark"><?php echo esc_html_x( 'Dark', 'color palette', 'minimalistflex' ) ?></li>
<li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette3.png' ) ?>')"><button id="minimalistflex-palette-galatic"><?php echo esc_html_x( 'Galatic', 'color palette', 'minimalistflex' ) ?></li> <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette3.png' ) ?>')"><button id="minimalistflex-palette-galatic"><?php echo esc_html_x( 'Galatic', 'color palette', 'minimalistflex' ) ?></li>
<li class="palette" style="background-image: url('<?php echo esc_attr( $theme_uri . '/defaults/palette4.png' ) ?>')"><button id="minimalistflex-palette-spring"><?php echo esc_html_x( 'Spring', 'color palette', 'minimalistflex' ) ?></li> <li class="palette" style="background-image: url('<?php echo esc_url( $theme_uri . '/defaults/palette4.png' ) ?>')"><button id="minimalistflex-palette-spring"><?php echo esc_html_x( 'Spring', 'color palette', 'minimalistflex' ) ?></li>
</ul> </ul>
</div> </div>
<?php <?php

2
includes/class-multi-image-control.php
View File

@ -51,7 +51,7 @@ class MinimalistFlex_Multi_Image_Custom_Control extends WP_Customize_Control
<div> <div>
<ul class='suggested-images'> <ul class='suggested-images'>
<?php foreach ( $this->suggest_images as $suggest_image ): ?> <?php foreach ( $this->suggest_images as $suggest_image ): ?>
<li class="suggested-image-item"><img src="<?php echo esc_attr( get_template_directory_uri() . $suggest_image ) ?>"></li> <li class="suggested-image-item"><img src="<?php echo esc_url( get_template_directory_uri() . $suggest_image ) ?>"></li>
<?php endforeach; ?> <?php endforeach; ?>
</ul> </ul>
</div> </div>

2
singular.php
View File

@ -30,7 +30,7 @@ $default_image_location = get_theme_mod( 'minimalistflex_default_featured_images
?> ?>
<?php endif; ?> <?php endif; ?>
<div class="singular-image"> <div class="singular-image">
<img src="<?php echo esc_attr( $imgsrc ) ?>" aria-label="<?php esc_attr_e( 'The thumbnail image. This is a default image so that it\'s purely decorative.', 'minimalistflex' ) ?>"> <img src="<?php echo esc_url( $imgsrc ) ?>" aria-label="<?php esc_attr_e( 'The thumbnail image. This is a default image so that it\'s purely decorative.', 'minimalistflex' ) ?>">
</div> </div>
<?php endif; ?> <?php endif; ?>
<div class="singular-main"> <div class="singular-main">

2
templates/loop.php
View File

@ -68,7 +68,7 @@ $default_image_location = get_theme_mod( 'minimalistflex_default_featured_images
</div> </div>
<div class="panel-meta"> <div class="panel-meta">
<?php if ( get_theme_mod( 'minimalistflex_interface_publisher', 'yes' ) == 'yes' ): ?> <?php if ( get_theme_mod( 'minimalistflex_interface_publisher', 'yes' ) == 'yes' ): ?>
<a class="panel-author" href="<?php echo esc_attr( get_author_posts_url($id) ) ?>"> <a class="panel-author" href="<?php echo esc_url( get_author_posts_url($id) ) ?>">
<span aria-hidden="true"><?php echo get_avatar( $id, 80 ) ?></span> <span aria-hidden="true"><?php echo get_avatar( $id, 80 ) ?></span>
<?php the_author() ?> <?php the_author() ?>
</a> </a>

4
templates/metadata.php
View File

@ -13,7 +13,7 @@ if ( !defined( 'WPINC' ) ) {
</div> </div>
<?php foreach( $tags as $tag ) { ?> <?php foreach( $tags as $tag ) { ?>
<div class="singular-category"> <div class="singular-category">
<a href="<?php echo esc_attr( get_category_link( $tag ) ) ?>"> <a href="<?php echo esc_url( get_category_link( $tag ) ) ?>">
<?php echo $tag->name; ?> <?php echo $tag->name; ?>
</a> </a>
</div> </div>
@ -28,7 +28,7 @@ if ( !defined( 'WPINC' ) ) {
</div> </div>
<?php foreach( $tags as $tag ) { ?> <?php foreach( $tags as $tag ) { ?>
<div class="singular-category singular-tag"> <div class="singular-category singular-tag">
<a href="<?php echo esc_attr( get_tag_link( $tag ) ) ?>"> <a href="<?php echo esc_url( get_tag_link( $tag ) ) ?>">
<?php echo $tag->name; ?> <?php echo $tag->name; ?>
</a> </a>
</div> </div>

2
templates/publisher.php
View File

@ -6,7 +6,7 @@ if ( !defined( 'WPINC' ) ) {
<div class="publisher"> <div class="publisher">
<a class="publisher-link" href="<?php echo esc_attr( get_author_posts_url($id) ) ?>"> <a class="publisher-link" href="<?php echo esc_url( get_author_posts_url($id) ) ?>">
<?php echo get_avatar( $id, 32 ) ?> <?php echo get_avatar( $id, 32 ) ?>
<span><?php the_author() ?></span> <span><?php the_author() ?></span>
</a> </a>