More esc_attr() on text inputs

brandondove · Sep 24, 2011 · 43d9c41 · 43d9c41
1 parent 66bcf34
commit 43d9c41
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/admin/writepanels/writepanel-coupon_data.php b/admin/writepanels/writepanel-coupon_data.php
@@ -49,7 +49,7 @@ function woocommerce_coupon_data_meta_box($post) {
 			$field = array( 'id' => 'coupon_amount', 'label' => __('Coupon amount', 'woothemes') );
 			echo '<p class="form-field">
 				<label for="'.$field['id'].'">'.$field['label'].':</label>
-				<input type="text" class="short" name="'.$field['id'].'" id="'.$field['id'].'" value="'.$value.'" /> <span class="description">' . __('Enter an amount e.g. 2.99 or an integer for percentages e.g. 20', 'woothemes') . '</span></p>';
+				<input type="text" class="short" name="'.$field['id'].'" id="'.$field['id'].'" value="'.esc_attr( $value ).'" /> <span class="description">' . __('Enter an amount e.g. 2.99 or an integer for percentages e.g. 20', 'woothemes') . '</span></p>';
 
 			// Individual use
 			$value = get_post_meta($post->ID, 'individual_use', true);
@@ -65,21 +65,21 @@ function woocommerce_coupon_data_meta_box($post) {
 			$field = array( 'id' => 'product_ids', 'label' => __('Product IDs', 'woothemes') );
 			echo '<p class="form-field">
 				<label for="'.$field['id'].'">'.$field['label'].':</label>
-				<input type="text" class="short" name="'.$field['id'].'" id="'.$field['id'].'" value="'.$value.'" /> <span class="description">' . __('(optional) Comma separate product IDs which are required for this coupon to work', 'woothemes') . '</span></p>';
+				<input type="text" class="short" name="'.$field['id'].'" id="'.$field['id'].'" value="'.esc_attr( $value ).'" /> <span class="description">' . __('(optional) Comma separate product IDs which are required for this coupon to work', 'woothemes') . '</span></p>';
 
 			// Usage limit
 			$value = get_post_meta($post->ID, 'usage_limit', true);
 			$field = array( 'id' => 'usage_limit', 'label' => __('Usage limit', 'woothemes') );
 			echo '<p class="form-field">
 				<label for="'.$field['id'].'">'.$field['label'].':</label>
-				<input type="text" class="short" name="'.$field['id'].'" id="'.$field['id'].'" value="'.$value.'" /> <span class="description">' . __('(optional) How many times this coupon can be used before it is void', 'woothemes') . '</span></p>';
+				<input type="text" class="short" name="'.$field['id'].'" id="'.$field['id'].'" value="'.esc_attr( $value ).'" /> <span class="description">' . __('(optional) How many times this coupon can be used before it is void', 'woothemes') . '</span></p>';
 
 			// Expiry date
 			$value = get_post_meta($post->ID, 'expiry_date', true);
 			$field = array( 'id' => 'expiry_date', 'label' => __('Expiry date', 'woothemes') );
 			echo '<p class="form-field">
 				<label for="'.$field['id'].'">'.$field['label'].':</label>
-				<input type="text" class="short date-picker" name="'.$field['id'].'" id="'.$field['id'].'" value="'.$value.'" /> <span class="description">' . __('(optional) The date this coupon will expire, <code>YYYY-MM-DD</code>', 'woothemes') . '</span></p>';
+				<input type="text" class="short date-picker" name="'.$field['id'].'" id="'.$field['id'].'" value="'.esc_attr( $value ).'" /> <span class="description">' . __('(optional) The date this coupon will expire, <code>YYYY-MM-DD</code>', 'woothemes') . '</span></p>';
 
 		?>
 	</div>

diff --git a/admin/writepanels/writepanel-order_data.php b/admin/writepanels/writepanel-order_data.php
@@ -172,7 +172,7 @@ function woocommerce_order_items_meta_box($post) {
 								<tbody class="meta_items">
 								<?php
 									if (isset($item['item_meta']) && is_array($item['item_meta'])) foreach ($item['item_meta'] as $key => $value) :
-										echo '<tr><td><input type="text" name="meta_name['.$loop.'][]" value="'.$key.'" /></td><td><input type="text" name="meta_value['.$loop.'][]" value="'.$value.'" /></td><td><button class="remove_meta button">&times;</button></td></tr>';
+										echo '<tr><td><input type="text" name="meta_name['.$loop.'][]" value="'.$key.'" /></td><td><input type="text" name="meta_value['.$loop.'][]" value="'.esc_attr( $value ).'" /></td><td><button class="remove_meta button">&times;</button></td></tr>';
 									endforeach;
 								?>
 								</tbody>

diff --git a/classes/gateways/gateway-paypal.php b/classes/gateways/gateway-paypal.php
@@ -214,7 +214,7 @@ public function generate_paypal_form( $order_id ) {
 		$paypal_args_array = array();
 
 		foreach ($paypal_args as $key => $value) {
-			$paypal_args_array[] = '<input type="hidden" name="'.$key.'" value="'.$value.'" />';
+			$paypal_args_array[] = '<input type="hidden" name="'.$key.'" value="'.esc_attr( $value ).'" />';
 		}
 
 		return '<form action="'.$paypal_adr.'" method="post" id="paypal_payment_form">