Replace sanitize_file_name() with esc_attr()

postratings-manager.php

@@ -30,7 +30,7 @@
 $postratings_sort_url       = '';
 $postratings_sortby_text    = '';
 $postratings_sortorder_text = '';
-$ratings_image              = sanitize_file_name( get_option( 'postratings_image' ) );
+$ratings_image              = esc_attr( get_option( 'postratings_image' ) );
 $ratings_max                = intval( get_option( 'postratings_max' ) );
 
 // Handle $_GET values

postratings-options.php

@@ -40,7 +40,7 @@
     $postratings_template_none = wp_kses_post(trim($_POST['postratings_template_none']));
     $postratings_template_highestrated = wp_kses_post(trim($_POST['postratings_template_highestrated']));
     $postratings_template_mostrated = wp_kses_post(trim($_POST['postratings_template_mostrated']));
-    $postratings_image = sanitize_file_name(strip_tags(trim($_POST['postratings_image'])));
+    $postratings_image = sanitize_text_field( trim( $_POST['postratings_image'] ) );
     $postratings_max = intval($_POST['postratings_max']);
     $postratings_richsnippet = intval($_POST['postratings_richsnippet']);
     $postratings_ratingstext_array = $_POST['postratings_ratingstext'];

wp-postratings.php

@@ -607,7 +607,7 @@ function manage_ratings()
 
         // Form Processing
         $postratings_customrating = intval($_GET['custom']);
-        $postratings_image = sanitize_file_name(trim($_GET['image']));
+        $postratings_image = esc_attr( trim( $_GET['image'] ) );
         $postratings_max = intval($_GET['max']);
 
         // If It Is A Up/Down Rating
@@ -884,7 +884,7 @@ function postratings_page_most_stats($content) {
 function get_ratings_images($ratings_custom, $ratings_max, $post_rating, $ratings_image, $image_alt, $insert_half) {
     $ratings_images = '';
     $image_alt = esc_attr( $image_alt );
-    $ratings_image = sanitize_file_name( $ratings_image );
+    $ratings_image = esc_attr( $ratings_image );
     $image_alt = apply_filters( 'wp_postratings_ratings_image_alt', $image_alt );
     if(is_rtl() && file_exists(WP_PLUGIN_DIR.'/wp-postratings/images/'.$ratings_image.'/rating_start-rtl.'.RATINGS_IMG_EXT)) {
         $ratings_images .= '<img src="'.plugins_url('/wp-postratings/images/'.$ratings_image.'/rating_start-rtl.'.RATINGS_IMG_EXT).'" alt="" class="post-ratings-image" />';
@@ -932,7 +932,7 @@ function get_ratings_images($ratings_custom, $ratings_max, $post_rating, $rating
 ### Function: Gets HTML of rating images for voting
 function get_ratings_images_vote($post_id, $ratings_custom, $ratings_max, $post_rating, $ratings_image, $image_alt, $insert_half, $ratings_texts) {
     $ratings_images = '';
-    $ratings_image = sanitize_file_name( $ratings_image );
+    $ratings_image = esc_attr( $ratings_image );
     if(is_rtl() && file_exists(WP_PLUGIN_DIR.'/wp-postratings/images/'.$ratings_image.'/rating_start-rtl.'.RATINGS_IMG_EXT)) {
         $ratings_images .= '<img src="'.plugins_url('/wp-postratings/images/'.$ratings_image.'/rating_start-rtl.'.RATINGS_IMG_EXT).'" alt="" class="post-ratings-image" />';
     } elseif(file_exists(WP_PLUGIN_DIR.'/wp-postratings/images/'.$ratings_image.'/rating_start.'.RATINGS_IMG_EXT)) {
@@ -996,7 +996,7 @@ function get_ratings_images_vote($post_id, $ratings_custom, $ratings_max, $post_
 function get_ratings_images_comment_author($ratings_custom, $ratings_max, $comment_author_rating, $ratings_image, $image_alt) {
     $ratings_images = '';
     $image_alt = esc_attr( $image_alt );
-    $ratings_image = sanitize_file_name( $ratings_image );
+    $ratings_image = esc_attr( $ratings_image );
     if(is_rtl() && file_exists(WP_PLUGIN_DIR.'/wp-postratings/images/'.$ratings_image.'/rating_start-rtl.'.RATINGS_IMG_EXT)) {
         $ratings_images .= '<img src="'.plugins_url('/wp-postratings/images/'.$ratings_image.'/rating_start-rtl.'.RATINGS_IMG_EXT).'" alt="" class="post-ratings-image" />';
     } elseif(file_exists(WP_PLUGIN_DIR.'/wp-postratings/images/'.$ratings_image.'/rating_start.'.RATINGS_IMG_EXT)) {