Fixing sanitizing, escaping and prefix´s issues

understrap · Dec 6, 2017 · a97c485 · a97c485
1 parent 44c38d7
commit a97c485
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -15,7 +15,8 @@ That’s what UnderStrap is.
 You can use it as starter theme and build your own theme on top of it. Or you use it as parent theme and create your own child theme for UnderStrap.
 
 ## License
-UnderStrap is released under the terms of the GPL version 2 or (at your option) any later version.
+UnderStrap WordPress Theme, Copyright 2013-2017 Holger Koenemann
+UnderStrap is distributed under the terms of the GNU GPL version 2
 
 http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
 

diff --git a/author.php b/author.php
@@ -63,7 +63,7 @@
 						<?php while ( have_posts() ) : the_post(); ?>
 							<li>
 								<a rel="bookmark" href="<?php the_permalink() ?>"
-								   title="Permanent Link: <?php the_title(); ?>">
+								   title="<?php esc_html_e( 'Permanent Link:', 'understrap' ); ?> <?php the_title(); ?>">
 									<?php the_title(); ?></a>,
 								<?php understrap_posted_on(); ?> <?php esc_html_e( 'in',
 								'understrap' ); ?> <?php the_category( '&' ); ?>

diff --git a/inc/customizer.php b/inc/customizer.php
@@ -40,10 +40,24 @@ function understrap_theme_customize_register( $wp_customize ) {
 			'priority'    => 160,
 		) );
 
+		 //select sanitization function
+        function understrap_theme_slug_sanitize_select( $input, $setting ){
+
+            //input must be a slug: lowercase alphanumeric characters, dashes and underscores are allowed only
+            $input = sanitize_key($input);
+
+            //get the list of possible select options 
+            $choices = $setting->manager->get_control( $setting->id )->choices;
+
+            //return input if valid or return default option
+            return ( array_key_exists( $input, $choices ) ? $input : $setting->default );                
+
+        }
+
 		$wp_customize->add_setting( 'understrap_container_type', array(
 			'default'           => 'container',
 			'type'              => 'theme_mod',
-			'sanitize_callback' => 'esc_textarea',
+			'sanitize_callback' => 'understrap_theme_slug_sanitize_select',
 			'capability'        => 'edit_theme_options',
 		) );
 
@@ -67,7 +81,7 @@ function understrap_theme_customize_register( $wp_customize ) {
 		$wp_customize->add_setting( 'understrap_sidebar_position', array(
 			'default'           => 'right',
 			'type'              => 'theme_mod',
-			'sanitize_callback' => 'esc_textarea',
+			'sanitize_callback' => 'sanitize_text_field',
 			'capability'        => 'edit_theme_options',
 		) );
 
@@ -81,6 +95,7 @@ function understrap_theme_customize_register( $wp_customize ) {
 					'section'     => 'understrap_theme_layout_options',
 					'settings'    => 'understrap_sidebar_position',
 					'type'        => 'select',
+					'sanitize_callback' => 'understrap_theme_slug_sanitize_select',
 					'choices'     => array(
 						'right' => __( 'Right sidebar', 'understrap' ),
 						'left'  => __( 'Left sidebar', 'understrap' ),

diff --git a/inc/enqueue.php b/inc/enqueue.php
@@ -13,8 +13,6 @@ function understrap_scripts() {
 		// Get the theme data.
 		$the_theme = wp_get_theme();
 		wp_enqueue_style( 'understrap-styles', get_stylesheet_directory_uri() . '/css/theme.min.css', array(), $the_theme->get( 'Version' ), false );
-		//wp_register_script('jquery-slim', (get_template_directory_uri() . '/js/jquery.slim.min.js'), true, '3.2.1');
-		//wp_enqueue_script( 'jquery-slim' );
 		wp_enqueue_script( 'popper-scripts', get_template_directory_uri() . '/js/popper.min.js', array(), true);
 		wp_enqueue_script( 'understrap-scripts', get_template_directory_uri() . '/js/theme.min.js', array(), $the_theme->get( 'Version' ), true );
 		if ( is_singular() && comments_open() && get_option( 'thread_comments' ) ) {

diff --git a/inc/woocommerce.php b/inc/woocommerce.php
@@ -4,12 +4,12 @@
  *
  * @package understrap
  */
-add_action( 'after_setup_theme', 'woocommerce_support' );
-if ( ! function_exists( 'woocommerce_support' ) ) {
+add_action( 'after_setup_theme', 'understrap_woocommerce_support' );
+if ( ! function_exists( 'understrap_woocommerce_support' ) ) {
 	/**
 	 * Declares WooCommerce theme support.
 	 */
-	function woocommerce_support() {
+	function understrap_woocommerce_support() {
 		add_theme_support( 'woocommerce' );
 
 		// Add New Woocommerce 3.0.0 Product Gallery support

diff --git a/readme.txt b/readme.txt
@@ -16,7 +16,8 @@ Website: [http://understrap.com](http://understrap.com)
 Child Theme Project: [https://github.com/holger1411/understrap-child](https://github.com/holger1411/understrap-child)
 
 ## License
-UnderStrap is released under the terms of the GPL version 2 or (at your option) any later version.
+UnderStrap WordPress Theme, Copyright 2013-2017 Holger Koenemann
+UnderStrap is distributed under the terms of the GNU GPL version 2
 
 http://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
 

diff --git a/sidebar-hero.php b/sidebar-hero.php
@@ -23,15 +23,15 @@
 
 			    <span class="carousel-control-prev-icon" aria-hidden="true"></span>
 
-			    <span class="sr-only">Previous</span>
+			    <span class="sr-only"><?php esc_html_e( 'Previous', 'understrap' ); ?></span>
 
 			 </a>
 
 			 <a class="carousel-control-next" href="#carouselExampleControls" role="button" data-slide="next">
 
 			    <span class="carousel-control-next-icon" aria-hidden="true"></span>
 
-			    <span class="sr-only">Next</span>
+			    <span class="sr-only"><?php esc_html_e( 'Next', 'understrap' ); ?></span></span>
 
 			</a>