fix security echo issues, making this theme wp 2.8 only
This commit is contained in:
parent
58d45f89e6
commit
39c0bce9f5
@ -3,7 +3,7 @@
|
|||||||
<?php
|
<?php
|
||||||
printf(
|
printf(
|
||||||
__('To upload new images, use the %s.', 'comicpress'),
|
__('To upload new images, use the %s.', 'comicpress'),
|
||||||
'<a href="' . $image_upload_iframe_src . '" class="thickbox" onclick="return false;">' . __('Image Uploader', 'comicpress') . '</a>'
|
'<a href="' . esc_attr($image_upload_iframe_src) . '" class="thickbox" onclick="return false;">' . __('Image Uploader', 'comicpress') . '</a>'
|
||||||
)
|
)
|
||||||
?>
|
?>
|
||||||
<?php _e('Click the Refesh button underneath the zoom slider if you\'ve changed the images attached to this post.', 'comicpress') ?>
|
<?php _e('Click the Refesh button underneath the zoom slider if you\'ve changed the images attached to this post.', 'comicpress') ?>
|
||||||
@ -15,22 +15,22 @@
|
|||||||
$result = ComicPressBackend::generate_from_id($id);
|
$result = ComicPressBackend::generate_from_id($id);
|
||||||
if (!empty($result)) {
|
if (!empty($result)) {
|
||||||
$info = $result->get_info(); ?>
|
$info = $result->get_info(); ?>
|
||||||
<div class="cp-comic-attachment" id="attachment_<?php echo $id ?>">
|
<div class="cp-comic-attachment" id="attachment_<?php echo esc_attr($id) ?>">
|
||||||
<div style="overflow: hidden">
|
<div style="overflow: hidden">
|
||||||
<img src="<?php echo $result->url() ?>" border="0" height="<?php echo $zoom_level ?>" />
|
<img src="<?php echo esc_attr($result->url()) ?>" border="0" height="<?php echo esc_attr($zoom_level) ?>" />
|
||||||
<div class="cp-comic-info">
|
<div class="cp-comic-info">
|
||||||
<p>
|
<p>
|
||||||
<label>
|
<label>
|
||||||
<input type="checkbox" name="cp[attachments][<?php echo $id ?>][visible]" value="yes" <?php echo ($attachment_info['enabled']) ? 'checked="checked"' : '' ?>/> <?php _e('Allow this image to be shown', 'comicpress') ?>
|
<input type="checkbox" name="cp[attachments][<?php echo esc_attr($id) ?>][visible]" value="yes" <?php echo ($attachment_info['enabled']) ? 'checked="checked"' : '' ?>/> <?php _e('Allow this image to be shown', 'comicpress') ?>
|
||||||
</label>
|
</label>
|
||||||
</p>
|
</p>
|
||||||
<?php if (isset($info['file'])) { ?>
|
<?php if (isset($info['file'])) { ?>
|
||||||
<p><strong><?php echo $result->source_name ?>:</strong> <?php echo basename($info['file']) ?></p>
|
<p><strong><?php echo esc_html($result->source_name) ?>:</strong> <?php echo esc_html(basename($info['file'])) ?></p>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php if (isset($info['width']) && isset($info['height'])) { ?>
|
<?php if (isset($info['width']) && isset($info['height'])) { ?>
|
||||||
<p>
|
<p>
|
||||||
<strong><?php _e('Size:', 'comicpress') ?></strong>
|
<strong><?php _e('Size:', 'comicpress') ?></strong>
|
||||||
<?php printf('%dx%d', $info['width'], $info['height'] ) ?>
|
<?php echo esc_html(sprintf('%dx%d', $info['width'], $info['height'])) ?>
|
||||||
</p>
|
</p>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php if (count($comicpress->comicpress_options['image_types']) > 1) { ?>
|
<?php if (count($comicpress->comicpress_options['image_types']) > 1) { ?>
|
||||||
@ -40,8 +40,8 @@
|
|||||||
<?php foreach ($comicpress->comicpress_options['image_types'] as $type => $info) { ?>
|
<?php foreach ($comicpress->comicpress_options['image_types'] as $type => $info) { ?>
|
||||||
<?php if (!$info['default']) { ?>
|
<?php if (!$info['default']) { ?>
|
||||||
<li>
|
<li>
|
||||||
<strong><?php echo $info['name'] ?>:</strong>
|
<strong><?php echo esc_html($info['name']) ?>:</strong>
|
||||||
<select name="cp[attachments][<?php echo $id ?>][<?php echo $type ?>]"></select>
|
<select name="cp[attachments][<?php echo esc_attr($id) ?>][<?php echo esc_attr($type) ?>]"></select>
|
||||||
</li>
|
</li>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
@ -58,8 +58,8 @@
|
|||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
ComicImageOrdering.slider_value = <?php echo 190 - $zoom_level ?>;
|
ComicImageOrdering.slider_value = <?php echo esc_js(190 - $zoom_level) ?>;
|
||||||
ComicImageOrdering.available_attachments = <?php echo $this->_json_encode($available_attachments) ?>;
|
ComicImageOrdering.available_attachments = <?php echo esc_js($this->_json_encode($available_attachments)) ?>;
|
||||||
|
|
||||||
ComicImageOrdering.setup();
|
ComicImageOrdering.setup();
|
||||||
</script>
|
</script>
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
<div style="overflow: hidden">
|
<div style="overflow: hidden">
|
||||||
<input type="hidden" name="cp[_nonce]" value="<?php echo $nonce ?>" />
|
<input type="hidden" name="cp[_nonce]" value="<?php echo esc_attr($nonce) ?>" />
|
||||||
<input type="hidden" name="cp[action]" value="comic-ordering" />
|
<input type="hidden" name="cp[action]" value="comic-ordering" />
|
||||||
<div id="ordering-zoom-slider-holder">
|
<div id="ordering-zoom-slider-holder">
|
||||||
<div id="ordering-zoom-slider">
|
<div id="ordering-zoom-slider">
|
||||||
|
@ -3,11 +3,11 @@
|
|||||||
<table cellspacing="0">
|
<table cellspacing="0">
|
||||||
<tr class="image-type-editor-name">
|
<tr class="image-type-editor-name">
|
||||||
<th scope="row" width="30%">Name:</th>
|
<th scope="row" width="30%">Name:</th>
|
||||||
<td width="70%"><input type="text" name="cp[image_types][<?php echo $type ?>][name]" value="<?php echo $info['name'] ?>" /></td>
|
<td width="70%"><input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][name]" value="<?php echo esc_attr($info['name']) ?>" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="image-type-editor-short-name">
|
<tr class="image-type-editor-short-name">
|
||||||
<th scope="row">Short name <em>(used in template tags):</em></th>
|
<th scope="row">Short name <em>(used in template tags):</em></th>
|
||||||
<td><input type="text" name="cp[image_types][<?php echo $type ?>][short_name]" value="<?php echo $type ?>" /></td>
|
<td><input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][short_name]" value="<?php echo esc_attr($type) ?>" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr class="image-type-editor-default">
|
<tr class="image-type-editor-default">
|
||||||
<th scope="row">Default image type?</th>
|
<th scope="row">Default image type?</th>
|
||||||
@ -22,8 +22,8 @@
|
|||||||
<th scope="row">Dimensions</th>
|
<th scope="row">Dimensions</th>
|
||||||
<td>
|
<td>
|
||||||
<?php list($width, $height) = explode("x", $info['dimensions']) ?>
|
<?php list($width, $height) = explode("x", $info['dimensions']) ?>
|
||||||
<input type="text" name="cp[image_types][<?php echo $type ?>][dimensions][width]" value="<?php echo $width ?>" size="5" /> x
|
<input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][dimensions][width]" value="<?php echo esc_attr($width) ?>" size="5" /> x
|
||||||
<input type="text" name="cp[image_types][<?php echo $type ?>][dimensions][height]" value="<?php echo $height ?>" size="5" />
|
<input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][dimensions][height]" value="<?php echo esc_attr($height) ?>" size="5" />
|
||||||
<br />
|
<br />
|
||||||
<em>(<?php _e('Leave a dimension blank to allow WordPress to calculate that dimension while scaling', 'comicpress') ?>)</em>
|
<em>(<?php _e('Leave a dimension blank to allow WordPress to calculate that dimension while scaling', 'comicpress') ?>)</em>
|
||||||
</td>
|
</td>
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('ComicPress Config', 'comicpress') ?></h2>
|
<h2><?php _e('ComicPress Config', 'comicpress') ?></h2>
|
||||||
<form method="post" action="">
|
<form method="post" action="">
|
||||||
<input type="hidden" name="cp[_nonce]" value="<?php echo $nonce ?>" />
|
<input type="hidden" name="cp[_nonce]" value="<?php echo esc_attr($nonce) ?>" />
|
||||||
<h3><?php _e('Global Options', 'comicpress') ?></h3>
|
<h3><?php _e('Global Options', 'comicpress') ?></h3>
|
||||||
<table class="widefat fixed">
|
<table class="widefat fixed">
|
||||||
<tr>
|
<tr>
|
||||||
|
Loading…
Reference in New Issue
Block a user