Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Escaping the output of the field id and names with esc_attr(); #154

Closed
wants to merge 3 commits into from

2 participants

@c3mdigital

Prevents quotation marks from breaking the the text fields. Also provides an additional security layer.

Jared Atchison and others added some commits
Jared Atchison Merge pull request #134 from jtsternberg/master
Please consider adding the 'std' ability to the select type.
40fbb59
@c3mdigital c3mdigital Escaping the output of the field id and names with esc_attr(); to pre…
…vent quotation marks from breaking fields. Also adds additional security.
d5ce802
@c3mdigital c3mdigital Added inline doc 4b73bf5
@c3mdigital

Conditional check to make sure we are not on a file type field.

@c3mdigital

Pre escapes all the fields on output.

@jtsternberg
Owner

If this is still an issue post-1.0.0, feel free to submit another PR against the trunk branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 16, 2012
  1. Merge pull request #134 from jtsternberg/master

    Jared Atchison authored
    Please consider adding the 'std' ability to the select type.
Commits on Jun 6, 2012
  1. @c3mdigital

    Escaping the output of the field id and names with esc_attr(); to pre…

    c3mdigital authored
    …vent quotation marks from breaking fields. Also adds additional security.
  2. @c3mdigital

    Added inline doc

    c3mdigital authored
This page is out of date. Refresh to see the latest.
Showing with 2 additions and 0 deletions.
  1. +2 −0  init.php
View
2  init.php
@@ -182,6 +182,8 @@ function show() {
if ( 'multicheck' == $field['type'] ) $field['multiple'] = true;
$meta = get_post_meta( $post->ID, $field['id'], 'multicheck' != $field['type'] /* If multicheck this can be multiple values */ );
+ if ( 'file' != $field['type'] && $field['type'] != 'file_list ' )
+ $meta = is_array( $meta ) ? array_map( 'esc_attr', $meta ) : esc_attr( $meta ); /** Pre escaping the fields */
echo '<tr>';
Something went wrong with that request. Please try again.