Skip to content

Commit

Permalink
Merge pull request #80 from navnorth/stage
Browse files Browse the repository at this point in the history 
Third Round Fixes
  • Loading branch information
@johnpaulbalagolan
johnpaulbalagolan authored Jun 15, 2022
2 parents 7ba170a + e63fb59 commit b2f3a7e
Show file tree
Hide file tree
Showing 16 changed files with 78 additions and 77 deletions.
18 changes: 8 additions & 10 deletions blocks/subject-resources-block-v2/init.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -591,16 +591,14 @@ function oer_ajax_get_subject_resources(){
// Sanitize POST parameters
$params = array();
$params['action'] = sanitize_text_field($_POST['action']);
$attributes = $_POST['attributes'];
foreach($attributes as $attribute){
$attribute['displayCount'] = sanitize_text_field($attribute['displayCount']);
$attribute['selectedSubject'] = sanitize_text_field($attribute['selectedSubject']);
$attribute['sort'] = sanitize_text_field($attribute['sort']);
$attribute['isChanged'] = sanitize_text_field($attribute['isChanged']);
$attribute['blockId'] = sanitize_text_field($attribute['blockId']);
$attribute['firstLoad'] = sanitize_text_field($attribute['firstLoad']);
}
$params['attributes'] = $attributes;
$params['attributes'] = $_POST['attributes'];
array_walk($params['attributes'], function(&$value, &$key){
$value['displayCount'] = sanitize_text_field($value['displayCount']);
$value['sort'] = sanitize_text_field($value['sort']);
$value['isChanged'] = sanitize_text_field($value['isChanged']);
$value['blockId'] = sanitize_text_field($value['blockId']);
$value['firstLoad'] = sanitize_text_field($value['firstLoad']);
});

$resources = oer_get_subject_resources($params, true);
echo wp_kses($resources,$allowed_tags);
Expand Down
3 changes: 1 addition & 2 deletions includes/init.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -697,9 +697,8 @@ function oer_save_customfields()
// Save Related Resource
if(isset($_POST['oer_related_resource']))
{
update_post_meta( $post->ID , 'oer_related_resource' , addslashes($_POST['oer_related_resource']));
update_post_meta( $post->ID , 'oer_related_resource' , sanitize_text_field($_POST['oer_related_resource']));
}

}
}
}
Expand Down
16 changes: 8 additions & 8 deletions includes/oer-functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,16 +36,16 @@ function oer_get_sub_standard($id, $oer_standard)
$subchildren = oer_get_substandard_children($id);
$child = oer_check_child($id);

echo "<li class='oer_sbstndard ". $class ."'>
echo "<li class='oer_sbstndard ". esc_attr($class) ."'>
<div class='stndrd_ttl'>";

if(!empty($subchildren) || !empty($child))
{
echo "<img src='".esc_url(OER_URL)."images/closed_arrow.png' data-pluginpath='".OER_URL."' />";
}

echo "<input type='checkbox' ".$chck." name='oer_standard[]' value='".$value."' onclick='oer_check_all(this)' >
".$result['standard_title']."
echo "<input type='checkbox' ".esc_attr($chck)." name='oer_standard[]' value='".esc_attr($value)."' onclick='oer_check_all(this)' >
".esc_html($result['standard_title'])."
</div><div class='oer_stndrd_desc'></div>";

$id = 'sub_standards-'.$result['id'];
Expand Down Expand Up @@ -91,17 +91,17 @@ function oer_get_standard_notation($id, $oer_standard)
}
}

echo "<li class='".$class."'>
echo "<li class='".esc_attr($class)."'>
<div class='stndrd_ttl'>";
if(!empty($child))
{
echo "<img src='".esc_url(OER_URL)."images/closed_arrow.png' data-pluginpath='".OER_URL."' />";
}

echo "<input type='checkbox' ".$chck." name='oer_standard[]' value='".$value."' onclick='oer_check_myChild(this)'>
". $result['standard_notation']."
echo "<input type='checkbox' ".esc_attr($chck)." name='oer_standard[]' value='".esc_attr($value)."' onclick='oer_check_myChild(this)'>
". esc_html($result['standard_notation'])."
</div>
<div class='oer_stndrd_desc'> ". $result['description']." </div>";
<div class='oer_stndrd_desc'> ". wp_kses_post($result['description'])." </div>";

oer_get_standard_notation($id, $oer_standard);

Expand Down Expand Up @@ -1997,7 +1997,7 @@ function oer_get_sort_box($subjects=array()){
<li data-value="3"<?php if ($sort==3): ?> class="cs-selected"<?php endif; ?>><a href="javascript:void(0);"><span>Z-A</span></a></li>
</ul>
</div>
<select class="sort-selectbox" data-subject-ids="<?php echo json_encode($subjects); ?>">
<select class="sort-selectbox" data-subject-ids="<?php echo esc_attr(json_encode($subjects)); ?>">
<option value="0"<?php if ($sort==0): ?> selected<?php endif; ?>>Newest</option>
<option value="1"<?php if ($sort==1): ?> selected<?php endif; ?>>Oldest</option>
<option value="2"<?php if ($sort==2): ?> selected<?php endif; ?>>A-Z</option>
Expand Down
2 changes: 1 addition & 1 deletion includes/related-resources.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
<div class="lp-resource-author_block"><a href="<?php echo esc_url($oer_authorurl); ?>" target="_new"><?php echo esc_html($oer_authorname); ?></a></div>
<?php endif; ?>
<?php /* if( $oer_authorname2 != ''):?>
<div class="lp-resource-author_block"><a href=""><?php echo $oer_authorname2; ?></a></div>
<div class="lp-resource-author_block"><a href=""><?php echo esc_html($oer_authorname2); ?></a></div>
<?php endif;*/ ?>
</div>
<div class="lp-resource-excerpt"><?php echo oer_get_related_resource_content($_res_post->post_content, 60); ?></div>
Expand Down
2 changes: 1 addition & 1 deletion includes/resources-importer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<div class="oer_imprtrwpr">
<form method="post" enctype="multipart/form-data" action="<?php echo esc_url( admin_url('admin.php') ); ?>" onsubmit="return processImport('#resource_submit','resource_import')">
<fieldset>
<legend><div class="oer_heading"><?php _e("Import Resources", OER_SLUG); ?></div></legend>
<legend><div class="oer_heading"><?php esc_html_e("Import Resources", OER_SLUG); ?></div></legend>
<div class="oer-import-row">
<div class="row-left">
<?php esc_html_e("For bulk upload of resources. Import file must match the spreadsheet template. If screenshot processing is enabled, a maximum of 50 records per transaction is suggested.", OER_SLUG); ?>
Expand Down
23 changes: 12 additions & 11 deletions oer_template/resource-subject-area.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
wp_localize_script( "ajax-script", "oer_ajax_object", array("ajaxurl" => admin_url( 'admin-ajax.php' )));

//Add this hack to display top nav and head section on Eleganto theme
$_rsort = "";
$cur_theme = wp_get_theme();
$theme = $cur_theme->get('Name');
if ($theme == "Eleganto"){
Expand Down Expand Up @@ -435,18 +436,18 @@

$content = substr($content, 0, 180).$ellipsis;

$img_path = $new_img_path = parse_url($img_url[0]);
$image_path = $img_path['path'];

$pos = strpos($image_path,$site_dir_path);
if ($pos==0){
$image_path = substr_replace($image_path, "", $pos, strlen($site_dir_path));
}

$img_path = sanitize_url($site_path . $image_path);

if(!empty($img_url))
{
$img_path = $new_img_path = parse_url($img_url[0]);
$image_path = $img_path['path'];

$pos = strpos($image_path,$site_dir_path);
if ($pos==0){
$image_path = substr_replace($image_path, "", $pos, strlen($site_dir_path));
}

$img_path = sanitize_url($site_path . $image_path);

//Resize Image using WP_Image_Editor
$image_editor = wp_get_image_editor($img_path);
if ( !is_wp_error($image_editor) ) {
Expand Down Expand Up @@ -555,7 +556,7 @@

if (strpos($base_url,"page"))
$base_url = substr($base_url,0,strpos($base_url, "page")-1);
echo '<div class="col-md-12 tagcloud resourcecloud"><a href="?page='.($paged+1).'" '.$_rsort.' data-subject-ids="'.json_encode(array($rsltdata['term_id'])).'" data-page-number="'.($paged+1).'" data-base-url="'.esc_url($base_url).'" class="button resource-load-more-button" data-max-page="'.esc_attr($max_pages).'" class="btn-load-more">Load More</a></div>';
echo '<div class="col-md-12 tagcloud resourcecloud"><a href="?page='.esc_url($paged+1).'" '.esc_attr($_rsort).' data-subject-ids="'.esc_html(json_encode(array($rsltdata['term_id']))).'" data-page-number="'.esc_attr($paged+1).'" data-base-url="'.esc_url($base_url).'" class="button resource-load-more-button" data-max-page="'.esc_attr($max_pages).'" class="btn-load-more">Load More</a></div>';
}
?>
</div>
Expand Down
8 changes: 4 additions & 4 deletions oer_template/search-layout.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@
}
?>
<div id="posts-container" class="fusion-blog-archive <?php echo esc_attr( $wrapper_class ); ?>fusion-clearfix">
<div class="<?php echo esc_attr( $container_class ); ?>" data-pages="<?php echo (int) $number_of_pages; ?>">
<div class="<?php echo esc_attr( $container_class ); ?>" data-pages="<?php echo esc_attr($number_of_pages); ?>">
<?php if ( 'timeline' === $blog_layout ) : ?>
<?php // Add the timeline icon. ?>
<div class="fusion-timeline-icon"><i class="fusion-icon-bubbles"></i></div>
Expand Down Expand Up @@ -238,7 +238,7 @@
<?php if ( ( ( is_search() && Avada()->settings->get( 'search_featured_images' ) ) || ( ! is_search() && Avada()->settings->get( 'featured_images' ) ) ) && 'large-alternate' !== $blog_layout ) : ?>
<?php
if ( 'masonry' === $blog_layout ) {
echo $image; // WPCS: XSS ok.
echo wp_kses_post($image); // WPCS: XSS ok.
} else {
// Get featured images for all but large-alternate layout.
get_template_part( 'new-slideshow' );
Expand Down Expand Up @@ -362,7 +362,7 @@
<div class="fusion-alignleft">
<?php if ( Avada()->settings->get( 'post_meta_read' ) ) : ?>
<?php $link_target = ( 'yes' === fusion_get_page_option( 'link_icon_target', $post->ID ) || 'yes' === fusion_get_page_option( 'post_links_target', $post->ID ) ) ? ' target="_blank" rel="noopener noreferrer"' : ''; ?>
<a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo $link_target; // WPCS: XSS ok. ?>>
<a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo esc_attr($link_target); // WPCS: XSS ok. ?>>
<?php echo esc_textarea( apply_filters( 'avada_blog_read_more_link', esc_attr__( 'Read More', 'Avada' ) ) ); ?>
</a>
<?php endif; ?>
Expand All @@ -388,7 +388,7 @@
<div class="fusion-alignright">
<?php if ( Avada()->settings->get( 'post_meta_read' ) ) : ?>
<?php $link_target = ( 'yes' === fusion_get_page_option( 'link_icon_target', $post->ID ) || 'yes' === fusion_get_page_option( 'post_links_target', $post->ID ) ) ? ' target="_blank" rel="noopener noreferrer"' : ''; ?>
<a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo $link_target; // WPCS: XSS ok. ?>>
<a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo esc_attr($link_target); // WPCS: XSS ok. ?>>
<?php echo esc_textarea( apply_filters( 'avada_read_more_name', esc_attr__( 'Read More', 'Avada' ) ) ); ?>
</a>
<?php endif; ?>
Expand Down
4 changes: 2 additions & 2 deletions oer_template/single-resource-audio.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@
else
echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down Expand Up @@ -157,7 +157,7 @@
else
echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down
10 changes: 5 additions & 5 deletions oer_template/single-resource-pdf.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
if ($isExternal) {
$external_option = get_option("oer_external_pdf_viewer");
if ($external_option==1) {
$pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
$pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
echo oer_get_embed_code_frame($pdf_url);
} elseif($external_option==0) {
$embed_disabled = true;
Expand All @@ -20,7 +20,7 @@
$embed_disabled = true;
break;
case 1:
$pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
$pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
echo oer_get_embed_code_frame($pdf_url);
break;
case 2:
Expand All @@ -46,7 +46,7 @@
break;
case 5:
if(shortcode_exists('pdfviewer')){
$embed_code = "[pdfviewer width='100%']".$url."[/pdfviewer]";
$embed_code = "[pdfviewer width='100%']".esc_url_raw($url)."[/pdfviewer]";
echo do_shortcode($embed_code);
} else {
$embed_disabled = true;
Expand Down Expand Up @@ -170,7 +170,7 @@
else
echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down Expand Up @@ -201,7 +201,7 @@
else
echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down
10 changes: 5 additions & 5 deletions oer_template/single-resource-standard.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
if ($isExternal) {
$external_option = get_option("oer_external_pdf_viewer");
if ($external_option==1) {
$pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
$pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
echo oer_get_embed_code_frame($pdf_url);
} elseif($external_option==0) {
$embed_disabled = true;
Expand All @@ -45,7 +45,7 @@
$embed_disabled = true;
break;
case 1:
$pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
$pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
echo oer_get_embed_code_frame($pdf_url);
break;
case 2:
Expand All @@ -71,7 +71,7 @@
break;
case 5:
if(shortcode_exists('pdfviewer')){
$embed_code = "[pdfviewer width='100%']".$url."[/pdfviewer]";
$embed_code = "[pdfviewer width='100%']".esc_url_raw($url)."[/pdfviewer]";
echo do_shortcode($embed_code);
} else {
$embed_disabled = true;
Expand Down Expand Up @@ -206,7 +206,7 @@
else
echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down Expand Up @@ -237,7 +237,7 @@
else
echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down
6 changes: 3 additions & 3 deletions oer_template/single-resource-video.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@
?>
<div class="tc-oer-subject-areas">
<h4 class="tc-field-heading clearfix">
<?php _e("Subjects",OER_SLUG); ?>
<?php esc_html_e("Subjects",OER_SLUG); ?>
</h4>
<div class="tc-oer-subject-details clearfix">
<ul class="tc-oer-subject-areas-list">
Expand All @@ -130,7 +130,7 @@
else
echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down Expand Up @@ -161,7 +161,7 @@
else
echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down
4 changes: 2 additions & 2 deletions oer_template/single-resource-website.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@
else
echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down Expand Up @@ -152,7 +152,7 @@
else
echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
if (($i==2) && ($cnt>2))
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
$i++;
}
?>
Expand Down
Loading

0 comments on commit b2f3a7e

Please sign in to comment.