github-migration
/
comicpress-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix security echo issues, making this theme wp 2.8 only

This commit is contained in:
John Bintz 2009-11-14 13:56:54 -05:00
parent 58d45f89e6
commit 39c0bce9f5
4 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
classes/partials/_comic-image-ordering-sorters.inc
View File

@ -3,7 +3,7 @@
<?php <?php
printf( printf(
__('To upload new images, use the %s.', 'comicpress'), __('To upload new images, use the %s.', 'comicpress'),
'<a href="' . $image_upload_iframe_src . '" class="thickbox" onclick="return false;">' . __('Image Uploader', 'comicpress') . '</a>' '<a href="' . esc_attr($image_upload_iframe_src) . '" class="thickbox" onclick="return false;">' . __('Image Uploader', 'comicpress') . '</a>'
) )
?> ?>
<?php _e('Click the Refesh button underneath the zoom slider if you\'ve changed the images attached to this post.', 'comicpress') ?> <?php _e('Click the Refesh button underneath the zoom slider if you\'ve changed the images attached to this post.', 'comicpress') ?>
@ -15,22 +15,22 @@
$result = ComicPressBackend::generate_from_id($id); $result = ComicPressBackend::generate_from_id($id);
if (!empty($result)) { if (!empty($result)) {
$info = $result->get_info(); ?> $info = $result->get_info(); ?>
<div class="cp-comic-attachment" id="attachment_<?php echo $id ?>"> <div class="cp-comic-attachment" id="attachment_<?php echo esc_attr($id) ?>">
<div style="overflow: hidden"> <div style="overflow: hidden">
<img src="<?php echo $result->url() ?>" border="0" height="<?php echo $zoom_level ?>" /> <img src="<?php echo esc_attr($result->url()) ?>" border="0" height="<?php echo esc_attr($zoom_level) ?>" />
<div class="cp-comic-info"> <div class="cp-comic-info">
<p> <p>
<label> <label>
<input type="checkbox" name="cp[attachments][<?php echo $id ?>][visible]" value="yes" <?php echo ($attachment_info['enabled']) ? 'checked="checked"' : '' ?>/> <?php _e('Allow this image to be shown', 'comicpress') ?> <input type="checkbox" name="cp[attachments][<?php echo esc_attr($id) ?>][visible]" value="yes" <?php echo ($attachment_info['enabled']) ? 'checked="checked"' : '' ?>/> <?php _e('Allow this image to be shown', 'comicpress') ?>
</label> </label>
</p> </p>
<?php if (isset($info['file'])) { ?> <?php if (isset($info['file'])) { ?>
<p><strong><?php echo $result->source_name ?>:</strong> <?php echo basename($info['file']) ?></p> <p><strong><?php echo esc_html($result->source_name) ?>:</strong> <?php echo esc_html(basename($info['file'])) ?></p>
<?php } ?> <?php } ?>
<?php if (isset($info['width']) && isset($info['height'])) { ?> <?php if (isset($info['width']) && isset($info['height'])) { ?>
<p> <p>
<strong><?php _e('Size:', 'comicpress') ?></strong> <strong><?php _e('Size:', 'comicpress') ?></strong>
<?php printf('%dx%d', $info['width'], $info['height'] ) ?> <?php echo esc_html(sprintf('%dx%d', $info['width'], $info['height'])) ?>
</p> </p>
<?php } ?> <?php } ?>
<?php if (count($comicpress->comicpress_options['image_types']) > 1) { ?> <?php if (count($comicpress->comicpress_options['image_types']) > 1) { ?>
@ -40,8 +40,8 @@
<?php foreach ($comicpress->comicpress_options['image_types'] as $type => $info) { ?> <?php foreach ($comicpress->comicpress_options['image_types'] as $type => $info) { ?>
<?php if (!$info['default']) { ?> <?php if (!$info['default']) { ?>
<li> <li>
<strong><?php echo $info['name'] ?>:</strong> <strong><?php echo esc_html($info['name']) ?>:</strong>
<select name="cp[attachments][<?php echo $id ?>][<?php echo $type ?>]"></select> <select name="cp[attachments][<?php echo esc_attr($id) ?>][<?php echo esc_attr($type) ?>]"></select>
</li> </li>
<?php } ?> <?php } ?>
<?php } ?> <?php } ?>
@ -58,8 +58,8 @@
<?php } ?> <?php } ?>
<script type="text/javascript"> <script type="text/javascript">
ComicImageOrdering.slider_value = <?php echo 190 - $zoom_level ?>; ComicImageOrdering.slider_value = <?php echo esc_js(190 - $zoom_level) ?>;
ComicImageOrdering.available_attachments = <?php echo $this->_json_encode($available_attachments) ?>; ComicImageOrdering.available_attachments = <?php echo esc_js($this->_json_encode($available_attachments)) ?>;
ComicImageOrdering.setup(); ComicImageOrdering.setup();
</script> </script>

4
classes/partials/_comic-image-ordering.inc
View File

@ -1,5 +1,5 @@
<div style="overflow: hidden"> <div style="overflow: hidden">
<input type="hidden" name="cp[_nonce]" value="<?php echo $nonce ?>" /> <input type="hidden" name="cp[_nonce]" value="<?php echo esc_attr($nonce) ?>" />
<input type="hidden" name="cp[action]" value="comic-ordering" /> <input type="hidden" name="cp[action]" value="comic-ordering" />
<div id="ordering-zoom-slider-holder"> <div id="ordering-zoom-slider-holder">
<div id="ordering-zoom-slider"> <div id="ordering-zoom-slider">
@ -32,4 +32,4 @@
}); });
}()) }())
</script> </script>
</div> </div>

8
classes/partials/_image-type-editor.inc
View File

@ -3,11 +3,11 @@
<table cellspacing="0"> <table cellspacing="0">
<tr class="image-type-editor-name"> <tr class="image-type-editor-name">
<th scope="row" width="30%">Name:</th> <th scope="row" width="30%">Name:</th>
<td width="70%"><input type="text" name="cp[image_types][<?php echo $type ?>][name]" value="<?php echo $info['name'] ?>" /></td> <td width="70%"><input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][name]" value="<?php echo esc_attr($info['name']) ?>" /></td>
</tr> </tr>
<tr class="image-type-editor-short-name"> <tr class="image-type-editor-short-name">
<th scope="row">Short name <em>(used in template tags):</em></th> <th scope="row">Short name <em>(used in template tags):</em></th>
<td><input type="text" name="cp[image_types][<?php echo $type ?>][short_name]" value="<?php echo $type ?>" /></td> <td><input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][short_name]" value="<?php echo esc_attr($type) ?>" /></td>
</tr> </tr>
<tr class="image-type-editor-default"> <tr class="image-type-editor-default">
<th scope="row">Default image type?</th> <th scope="row">Default image type?</th>
@ -22,8 +22,8 @@
<th scope="row">Dimensions</th> <th scope="row">Dimensions</th>
<td> <td>
<?php list($width, $height) = explode("x", $info['dimensions']) ?> <?php list($width, $height) = explode("x", $info['dimensions']) ?>
<input type="text" name="cp[image_types][<?php echo $type ?>][dimensions][width]" value="<?php echo $width ?>" size="5" /> x <input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][dimensions][width]" value="<?php echo esc_attr($width) ?>" size="5" /> x
<input type="text" name="cp[image_types][<?php echo $type ?>][dimensions][height]" value="<?php echo $height ?>" size="5" /> <input type="text" name="cp[image_types][<?php echo esc_attr($type) ?>][dimensions][height]" value="<?php echo esc_attr($height) ?>" size="5" />
<br /> <br />
<em>(<?php _e('Leave a dimension blank to allow WordPress to calculate that dimension while scaling', 'comicpress') ?>)</em> <em>(<?php _e('Leave a dimension blank to allow WordPress to calculate that dimension while scaling', 'comicpress') ?>)</em>
</td> </td>

2
classes/partials/options-admin.inc
View File

@ -1,7 +1,7 @@
<div class="wrap"> <div class="wrap">
<h2><?php _e('ComicPress Config', 'comicpress') ?></h2> <h2><?php _e('ComicPress Config', 'comicpress') ?></h2>
<form method="post" action=""> <form method="post" action="">
<input type="hidden" name="cp[_nonce]" value="<?php echo $nonce ?>" /> <input type="hidden" name="cp[_nonce]" value="<?php echo esc_attr($nonce) ?>" />
<h3><?php _e('Global Options', 'comicpress') ?></h3> <h3><?php _e('Global Options', 'comicpress') ?></h3>
<table class="widefat fixed"> <table class="widefat fixed">
<tr> <tr>