Merge pull request #466 from Rahmon/hotfix/escape

Update to escape content correctly
wpbrasil · Feb 17, 2018 · c1436be · c1436be
2 parents c6eff67 + 293abe0
commit c1436be
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 5 deletions.
diff --git a/audio.php b/audio.php
@@ -20,7 +20,7 @@
 					<div class="entry-content entry-attachment">
 						<?php echo wp_audio_shortcode( array( 'src' => wp_get_attachment_url() ) ); ?>
 
-						<p><strong><?php _e( 'URL:', 'odin' ); ?></strong> <a href="<?php echo esc_url( wp_get_attachment_url() ); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><span><?php echo esc_attr( basename( wp_get_attachment_url() ) ); ?></span></a></p>
+						<p><strong><?php _e( 'URL:', 'odin' ); ?></strong> <a href="<?php echo esc_url( wp_get_attachment_url() ); ?>" title="<?php the_title_attribute(); ?>" rel="attachment"><span><?php echo esc_html( basename( wp_get_attachment_url() ) ); ?></span></a></p>
 
 						<?php the_content(); ?>
 

diff --git a/core/classes/class-bootstrap-nav.php b/core/classes/class-bootstrap-nav.php
@@ -49,9 +49,9 @@ public function start_el( &$output, $item, $depth = 0, $args = array(), $id = 0
 		} else if ( strcasecmp( $item->title, 'divider' ) == 0 && $depth === 1 ) {
 			$output .= $indent . '<li role="presentation" class="divider">';
 		} else if ( strcasecmp( $item->attr_title, 'dropdown-header' ) == 0 && $depth === 1 ) {
-			$output .= $indent . '<li role="presentation" class="dropdown-header">' . esc_attr( $item->title );
+			$output .= $indent . '<li role="presentation" class="dropdown-header">' . esc_html( $item->title );
 		} else if ( strcasecmp( $item->attr_title, 'disabled' ) == 0 ) {
-			$output .= $indent . '<li role="presentation" class="disabled"><a href="#">' . esc_attr( $item->title ) . '</a>';
+			$output .= $indent . '<li role="presentation" class="disabled"><a href="#">' . esc_html( $item->title ) . '</a>';
 		} else {
 
 			$class_names = $value = '';

diff --git a/core/helpers.php b/core/helpers.php
@@ -149,7 +149,7 @@ function odin_related_posts( $display = 'category', $qty = 4, $title = '', $thum
 		if ( $related->have_posts() ) {
 
 			$layout = '<div id="related-post">';
-			$layout .= '<h3>' . esc_attr( $title ) . '</h3>';
+			$layout .= '<h3>' . esc_html( $title ) . '</h3>';
 			$layout .= ( $thumb ) ? '<div class="row">' : '<ul>';
 
 			while ( $related->have_posts() ) {

diff --git a/inc/woocommerce/template-tags.php b/inc/woocommerce/template-tags.php
@@ -25,7 +25,7 @@ function odin_cart_link() {
 		}
 		?>
 		<li class="<?php echo esc_attr( $class ); ?>">
-			<a class="cart-contents" href="<?php echo esc_url( WC()->cart->get_cart_url() ); ?>" title="<?php _e( 'View your shopping cart', 'odin' ); ?>">
+			<a class="cart-contents" href="<?php echo esc_url( WC()->cart->get_cart_url() ); ?>" title="<?php esc_attr_e( 'View your shopping cart', 'odin' ); ?>">
 				<?php echo wp_kses_data( WC()->cart->get_cart_total() ); ?> <span class="count"><?php echo wp_kses_data( sprintf( _n( '%d item', '%d items', WC()->cart->get_cart_contents_count(), 'odin' ), WC()->cart->get_cart_contents_count() ) );?></span>
 			</a>
 		</li>