Skip to content
This repository
Browse code

misc escaping and revision to social_action

  • Loading branch information...
commit 599b964554ed44551687283151c31d59130c0f2a 1 parent fba80f8
Alex King authored April 05, 2012

Showing 1 changed file with 18 additions and 18 deletions. Show diff stats Hide diff stats

  1. 36  views/wp-admin/post/broadcast/options.php
36  views/wp-admin/post/broadcast/options.php
@@ -3,12 +3,12 @@
3 3
 <head>
4 4
 	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5 5
 	<title><?php _e('Social Broadcasting Options', 'social'); ?></title>
6  
-	<?php
7  
-		wp_admin_css('install', true);
8  
-		// Need to do this because we are enqueuing some styles for the admin in social.php
9  
-		do_action('admin_enqueue_scripts');
10  
-		do_action('admin_print_styles');
11  
-	?>
  6
+<?php
  7
+wp_admin_css('install', true);
  8
+// Need to do this because we are enqueuing some styles for the admin in social.php
  9
+do_action('admin_enqueue_scripts');
  10
+do_action('admin_print_styles');
  11
+?>
12 12
 </head>
13 13
 <body>
14 14
 <h1 id="logo"><?php _e('Social Broadcasts', 'social'); ?></h1>
@@ -122,10 +122,10 @@
122 122
 
123 123
 				$_content = stripslashes((isset($_POST['social_account_content'][$service->key()][$account->id()])) ? $_POST['social_account_content'][$service->key()][$account->id()] : '');
124 124
 				if (empty($_content) and isset($broadcast_content[$key][$account->id()])) {
125  
-					$content = esc_textarea($broadcast_content[$key][$account->id()]);
  125
+					$content = $broadcast_content[$key][$account->id()];
126 126
 				}
127 127
 				else {
128  
-					$content = esc_textarea($content);
  128
+					$content = $content;
129 129
 				}
130 130
 		?>
131 131
 		<li class="social-accounts-item<?php echo (isset($errors[$key][$account->id()]) ? ' error' : ''); ?>">
@@ -136,14 +136,14 @@
136 136
 				<div class="broadcast-content">
137 137
 					<span class="name"><?php echo esc_html($account->name()); ?></span>
138 138
 
139  
-					<p><?php echo $content; ?></p>
  139
+					<p><?php echo esc_html($content); ?></p>
140 140
 					<div class="social-broadcast-editable"<?php echo (isset($errors[$key][$account->id()]) ? ' style="display:block"' : ''); ?>>
141 141
 						<input type="hidden" value="<?php echo $content; ?>" />
142  
-						<textarea name="social_account_content[<?php echo esc_attr($service->key()); ?>][<?php echo esc_attr($account->id()); ?>]" class="social-preview-content" cols="40" rows="2"><?php echo $content; ?></textarea><br />
  142
+						<textarea name="social_account_content[<?php echo esc_attr($service->key()); ?>][<?php echo esc_attr($account->id()); ?>]" class="social-preview-content" cols="40" rows="2"><?php echo esc_textarea($content); ?></textarea><br />
143 143
 
144 144
 						<?php
145 145
 							if (isset($errors[$key][$account->id()])) {
146  
-								echo '<span>'.$errors[$key][$account->id()].'</span><br />';
  146
+								echo '<span>'.esc_html($errors[$key][$account->id()]).'</span><br />';
147 147
 							}
148 148
 						?>
149 149
 
@@ -166,10 +166,10 @@
166 166
 
167 167
 							$_content = stripslashes((isset($_POST['social_account_content'][$service->key()][$page->id])) ? $_POST['social_account_content'][$service->key()][$page->id] : '');
168 168
 							if (empty($_content) and isset($broadcast_content[$key][$page->id])) {
169  
-								$content = esc_textarea($broadcast_content[$key][$page->id]);
  169
+								$content = $broadcast_content[$key][$page->id];
170 170
 							}
171 171
 							else {
172  
-								$content = esc_textarea($content);
  172
+								$content = $_content;
173 173
 							}
174 174
 		?>
175 175
 		<li class="social-accounts-item<?php echo (isset($errors[$key][$page->id]) ? ' error' : ''); ?>">
@@ -180,14 +180,14 @@
180 180
 				<div class="broadcast-content"<?php echo (isset($errors[$key][$account->id()]) ? ' style="display:block"' : ''); ?>>
181 181
 					<span class="name"><?php echo esc_html($page->name); ?></span>
182 182
 
183  
-					<p><?php echo $content; ?></p>
  183
+					<p><?php echo esc_html($content); ?></p>
184 184
 					<div class="social-broadcast-editable"<?php echo (isset($errors[$key][$page->id]) ? ' style="display:block"' : ''); ?>>
185 185
 						<input type="hidden" value="<?php echo $content; ?>" />
186  
-						<textarea name="social_account_content[facebook][<?php echo $page->id; ?>]" class="social-preview-content" cols="40" rows="2"><?php echo $content; ?></textarea><br />
  186
+						<textarea name="social_account_content[facebook][<?php echo $page->id; ?>]" class="social-preview-content" cols="40" rows="2"><?php echo esc_textarea($content); ?></textarea><br />
187 187
 
188 188
 						<?php
189 189
 							if (isset($errors[$key][$page->id])) {
190  
-								echo '<span>'.$errors[$key][$page->id].'</span><br />';
  190
+								echo '<span>'.esc_html($errors[$key][$page->id]).'</span><br />';
191 191
 							}
192 192
 						?>
193 193
 
@@ -212,8 +212,8 @@
212 212
 ?>
213 213
 </div>
214 214
 <p class="step">
215  
-	<input type="hidden" name="social_action" value="<?php echo esc_attr($step_text); ?>" />
216  
-	<input type="submit" name="social_submit" value="<?php _e($step_text, 'social'); ?>" class="button" />
  215
+	<input type="hidden" name="social_action" value="<?php echo esc_attr($step); ?>" />
  216
+	<input type="submit" name="social_submit" value="<?php echo $step_text; // already localized in controller ?>" class="button" />
217 217
 	<a href="<?php echo esc_url(get_edit_post_link($post->ID, 'url')); ?>" class="button"><?php _e('Cancel', 'social'); ?></a>
218 218
 </p>
219 219
 </form>

0 notes on commit 599b964

Please sign in to comment.
Something went wrong with that request. Please try again.