diff --git a/addons/accordion/accordion.php b/addons/accordion/accordion.php index fd7197a..15368f5 100644 --- a/addons/accordion/accordion.php +++ b/addons/accordion/accordion.php @@ -460,7 +460,7 @@ public function render($data = null){ } } if( get_wppb_array_value_by_key($value, 'title') ){ - $output .= ''.$value['title'].''; + $output .= '' . esc_html( $value['title'] ).''; } if(get_wppb_array_value_by_key($value, 'icon_position') == "right" ) { if(! empty($value['icon_list'])){ @@ -478,7 +478,7 @@ public function render($data = null){ $panelStyle = (($key != 0 || $openitem == "hide") && $openitem != "show") ? "display: none;" : ""; $output .= '
'; - $output .= '
'.$value['content'].'
'; + $output .= '
' . wp_kses_post( $value['content'] ) . '
'; $output .= '
';//wppb-panel-collapse $output .= ''; } diff --git a/addons/alert/alert.php b/addons/alert/alert.php index a699984..e6d9ea7 100644 --- a/addons/alert/alert.php +++ b/addons/alert/alert.php @@ -149,19 +149,19 @@ public function get_settings() { // Alert Render HTML public function render($data = null){ $settings = $data['settings']; - $alert_title = isset($settings['alert_title']) ? $settings['alert_title'] : ''; - $alert_description = isset($settings['alert_description']) ? $settings['alert_description'] : ''; + $alert_title = isset($settings['alert_title']) ? sanitize_text_field( $settings['alert_title'] ) : ''; + $alert_description = isset($settings['alert_description']) ? sanitize_text_field( $settings['alert_description'] ) : ''; $alert_close = (bool) isset($settings['alert_close']) ? $settings['alert_close'] : false; - $alert_style = isset($settings['alert_style']) ? $settings['alert_style'] : 'info'; + $alert_style = isset($settings['alert_style']) ? sanitize_text_field( $settings['alert_style'] ) : 'info'; $output = ''; $output .= '
'; $output .= '
'; if ($alert_title) { - $output .= '' . esc_attr($alert_title) .''; + $output .= '' . esc_html( $alert_title ) .''; } if ($alert_description) { - $output .= '' . esc_attr($alert_description) . ''; + $output .= '' . wp_kses_post( $alert_description ) . ''; } if ($alert_close == 1) { $output .= ''; diff --git a/addons/animated_number/animated_number.php b/addons/animated_number/animated_number.php index 836e406..013eced 100644 --- a/addons/animated_number/animated_number.php +++ b/addons/animated_number/animated_number.php @@ -364,14 +364,14 @@ public function get_settings() { // Animated Render HTML public function render($data = null){ $settings = $data['settings']; - $title = isset($settings['counter_title']) ? $settings['counter_title'] : ''; + $title = isset($settings['counter_title']) ? sanitize_text_field( $settings['counter_title'] ) : ''; $duration = (int) isset($settings['duration']) ? $settings['duration'] : 1000; $digit = (int) isset($settings['digit']) ? $settings['digit'] : 500; - $animated_layout = isset($settings['animated_layout']) ? $settings['animated_layout'] : 'one'; + $animated_layout = isset($settings['animated_layout']) ? sanitize_text_field( $settings['animated_layout'] ) : 'one'; $digit_animation = (bool) isset($settings['digit_animation']) ? $settings['digit_animation'] : false; - $title_animation = isset($settings['title_animation']) ? $settings['title_animation'] : ''; - $additional = isset($settings['additional']) ? $settings['additional'] : ''; - $prefix_text = isset($settings['prefix_text']) ? $settings['prefix_text'] : ''; + $title_animation = isset($settings['title_animation']) ? sanitize_text_field( $settings['title_animation'] ) : ''; + $additional = isset($settings['additional']) ? sanitize_text_field( $settings['additional'] ) : ''; + $prefix_text = isset($settings['prefix_text']) ? sanitize_text_field( $settings['prefix_text'] ) : ''; $output = ''; diff --git a/addons/blocknumber/blocknumber.php b/addons/blocknumber/blocknumber.php index 5521762..61670ef 100644 --- a/addons/blocknumber/blocknumber.php +++ b/addons/blocknumber/blocknumber.php @@ -207,26 +207,26 @@ public function get_settings() { } // Block Number Render HTML - public function render($data = null){ - $settings = $data['settings']; + public function render( $data = null ) { + $settings = $data['settings']; - $number_title = isset($settings['number_title']) ? $settings['number_title'] : ''; - $number_description = isset($settings['number_description']) ? $settings['number_description'] : ''; - $number = isset($settings['number']) ? $settings['number'] : ''; + $number_title = isset( $settings['number_title'] ) ? sanitize_text_field( $settings['number_title'] ) : ''; + $number_description = isset( $settings['number_description'] ) ? sanitize_textarea_field( $settings['number_description'] ) : ''; + $number = isset( $settings['number'] ) ? (int) $settings['number'] : ''; $output = ''; $output .= '
'; $output .= '
'; $output .= '
'; - if($number){ - $output .= '
'.esc_attr($number).'
'; + if ( $number ) { + $output .= '
' . esc_html( $number ) . '
'; } $output .= '
'; - if($number_title){ - $output .= '
'.esc_attr($number_title).'
'; + if ( $number_title ) { + $output .= '
' . esc_html( $number_title ) . '
'; } - if($number_description){ - $output .= '
'.esc_attr($number_description).'
'; + if ( $number_description ) { + $output .= '
' . esc_html( $number_description ) . '
'; } $output .= '
';//wppb-blocknumber-body $output .= '
';//wppb-blocknumber-media diff --git a/addons/button/button.php b/addons/button/button.php index 75fb15a..9b8aa18 100644 --- a/addons/button/button.php +++ b/addons/button/button.php @@ -237,36 +237,36 @@ public function get_settings() { // Button Render HTML public function render($data = null){ $settings = $data['settings']; - $button_text = isset($settings["button_text"]) ? $settings["button_text"] : ''; - $button_link = isset($settings['button_link']) ? $settings['button_link'] : array(); - $fullwidth_button = isset($settings["fullwidth_button"]) ? $settings["fullwidth_button"] : ''; - $icon_list = isset($settings["icon_list"]) ? $settings["icon_list"] : ''; - $icon_position = isset($settings["icon_position"]) ? $settings["icon_position"] : ''; - $style = isset($settings["style"]) ? $settings["style"] : ''; - $btn_size = isset($settings["btn_size"]) ? $settings["btn_size"] : ''; - $shape = isset($settings["shape"]) ? $settings["shape"] : ''; + $button_text = isset( $settings["button_text"] ) ? sanitize_text_field( $settings["button_text"] ) : ''; + $button_link = isset( $settings['button_link'] ) ? $settings['button_link'] : array(); + $fullwidth_button = isset( $settings["fullwidth_button"] ) ? sanitize_text_field( $settings["fullwidth_button"] ) : ''; + $icon_list = isset( $settings["icon_list"] ) ? sanitize_text_field( $settings["icon_list"] ) : ''; + $icon_position = isset( $settings["icon_position"] ) ? sanitize_text_field( $settings["icon_position"] ) : ''; + $style = isset( $settings["style"] ) ? sanitize_text_field( $settings["style"] ) : ''; + $btn_size = isset( $settings["btn_size"] ) ? sanitize_text_field( $settings["btn_size"] ) : ''; + $shape = isset( $settings["shape"] ) ? sanitize_text_field( $settings["shape"] ) : ''; //$appearance = isset($settings["appearance"]) ? $settings["appearance"] : ''; $output = $button = $classlist = '' ; - $target = ( isset( $button_link['window']) && $button_link['window'] ) ? 'target=_blank' : 'target=_self'; - $nofolow = ( isset( $button_link['nofolow']) && $button_link['nofolow'] ) ? 'rel=nofolow' : ""; + $target = ( isset( $button_link['window'] ) && $button_link['window'] ) ? 'target=_blank' : 'target=_self'; + $nofolow = ( isset( $button_link['nofolow'] ) && $button_link['nofolow'] ) ? 'rel=nofolow' : ""; //$classlist .= (isset($appearance) && $appearance) ? ' wppb-btn-' . $appearance : ''; - $classlist .= (isset($style) && $style) ? ' wppb-btn-' . $style : ''; - $classlist .= (isset($shape) && $shape) ? ' wppb-btn-' . $shape : ''; - $classlist .= (isset($btn_size) && $btn_size) ? ' wppb-btn-' . $btn_size : ''; - $classlist .= (isset($fullwidth_button) && $fullwidth_button) ? ' wppb-btn-' . $fullwidth_button : ''; + $classlist .= ( isset( $style ) && $style ) ? ' wppb-btn-' . $style : ''; + $classlist .= ( isset( $shape ) && $shape ) ? ' wppb-btn-' . $shape : ''; + $classlist .= ( isset( $btn_size ) && $btn_size ) ? ' wppb-btn-' . $btn_size : ''; + $classlist .= ( isset( $fullwidth_button ) && $fullwidth_button ) ? ' wppb-btn-' . $fullwidth_button : ''; - if($icon_position == 'left') { - $button = (esc_attr($icon_list)) ? ' ' . esc_attr($button_text) : esc_attr($button_text); + if ( $icon_position == 'left' ) { + $button = ( esc_attr( $icon_list ) ) ? ' ' . esc_attr( $button_text ) : esc_attr( $button_text ); } else { - $button = (esc_attr($icon_list)) ? esc_attr($button_text) . ' ' : esc_attr($button_text); + $button = ( esc_attr( $icon_list ) ) ? esc_attr( $button_text ) . ' ' : esc_attr( $button_text ); } - if( $button_link['link'] ){ + if ( $button_link['link'] ) { $output .= '
'; $output .= '
'; - $output .= '' . $button . ''; + $output .= '' . $button . ''; $output .= '
'; $output .= '
'; } diff --git a/addons/carousel/carousel.php b/addons/carousel/carousel.php index 74ac75c..28d40ae 100644 --- a/addons/carousel/carousel.php +++ b/addons/carousel/carousel.php @@ -1084,7 +1084,7 @@ public function render($data = null){ ?>