Skip to content

Sanitizing and Escaping data #203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Sanitizing and Escaping data #203

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion class-jobs.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -835,7 +835,7 @@ public function metabox_post_translations( WP_Post $post, array $metabox ) {
'bbl_job_post' => "{$post->post_type}|{$post->ID}",
);
?>
<p><a href="<?php echo add_query_arg( $args, admin_url( 'edit.php' ) ); ?>"><?php _e( 'View pending translation jobs &raquo;', 'babble' ); ?></a></p>
<p><a href="<?php echo esc_url( add_query_arg( $args, admin_url( 'edit.php' ) ) ); ?>"><?php _e( 'View pending translation jobs &raquo;', 'babble' ); ?></a></p>
<?php

} else if ( $capable ) {
Expand Down
7 changes: 3 additions & 4 deletions class-post-public.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,8 +303,7 @@ public function registered_post_type( $post_type, $args ) {
// @FIXME: We are in danger of a post_type name being longer than 20 chars
// I would prefer to keep the post_type human readable, as human devs and sysadmins always
// end up needing to read this kind of thing.
// @FIXME: Should I be sanitising these values?
$new_post_type = strtolower( "{$post_type}_{$lang->code}" );
$new_post_type = sanitize_key( strtolower( "{$post_type}_{$lang->code}" ) );

if ( strlen( $new_post_type ) > 20 ) {
trigger_error( sprintf( __( 'Warning: The translated name for the post type %s is longer than %d characters. This *will* cause problems.', 'babble' ),
Expand Down Expand Up @@ -996,9 +995,9 @@ public function manage_posts_custom_column( $column_name, $post_id ) {
return;
}
$edit_link = get_edit_post_link( $default_post->ID );
$edit_link = add_query_arg( array( 'lang' => bbl_get_default_lang_code() ), $edit_link );
$edit_link = esc_url( add_query_arg( array( 'lang' => bbl_get_default_lang_code() ), $edit_link ) );
bbl_switch_to_lang( bbl_get_default_lang_code() );
$view_link = get_permalink( $default_post->ID );
$view_link = esc_url( get_permalink( $default_post->ID ) );
bbl_restore_lang();
$edit_title = esc_attr( sprintf( __( 'Edit the originating post: “%s”', 'babble' ), get_the_title( $default_post->ID ) ) );
$view_title = esc_attr( sprintf( __( 'View the originating post: “%s”', 'babble' ), get_the_title( $default_post->ID ) ) );
Expand Down
6 changes: 3 additions & 3 deletions templates-admin/translation-editor-terms.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

<h4><?php _e( 'Name', 'babble' ); ?></h4>
<div class="bbl-translation-property bbl-translation-property-term_name">
<input type="text" class="regular-text" name="bbl_translation[terms][<?php echo $original->term_id; ?>][name]" value="<?php echo esc_attr( $translation->name ); ?>">
<input type="text" class="regular-text" name="bbl_translation[terms][<?php echo esc_attr( $original->term_id ); ?>][name]" value="<?php echo esc_attr( $translation->name ); ?>">
</div>
<div class="bbl-translation-original bbl-translation-original-term_name">
<?php echo esc_html( $original->name ); ?>
Expand All @@ -24,7 +24,7 @@

<h4><?php _e( 'Slug (optional)', 'babble' ); ?></h4>
<div class="bbl-translation-property bbl-translation-property-term_slug">
<input type="text" class="regular-text" name="bbl_translation[terms][<?php echo $original->term_id; ?>][slug]" value="<?php echo esc_attr( $translation->slug ); ?>">
<input type="text" class="regular-text" name="bbl_translation[terms][<?php echo esc_attr( $original->term_id ); ?>][slug]" value="<?php echo esc_attr( $translation->slug ); ?>">
</div>
<div class="bbl-translation-original bbl-translation-original-term_slug">
<?php echo esc_html( $original->slug ); ?>
Expand All @@ -38,7 +38,7 @@

<h4><?php _e( 'Description', 'babble' ); ?></h4>
<div class="bbl-translation-property bbl-translation-property-term_description">
<textarea class="regular-text" name="bbl_translation[terms][<?php echo $original->term_id; ?>][description]"><?php echo esc_textarea( $translation->description ); ?></textarea>
<textarea class="regular-text" name="bbl_translation[terms][<?php echo esc_attr( $original->term_id ); ?>][description]"><?php echo esc_textarea( $translation->description ); ?></textarea>
</div>
<div class="bbl-translation-original bbl-translation-original-term_description">
<textarea class="regular-text" readonly><?php echo esc_textarea( $original->description ); ?></textarea>
Expand Down