Skip to content

Commit

Permalink
Fixed output escaping in settings page functions to prevent potential…
Browse files Browse the repository at this point in the history 
… security vulnerabilities.
  • Loading branch information
@wikiwyrhead
wikiwyrhead committed Apr 23, 2024
1 parent 4207389 commit c68ebec
Showing 1 changed file with 11 additions and 11 deletions.
22 changes: 11 additions & 11 deletions trds-visitor-counter-settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,60 +122,60 @@ function custom_visitor_settings_section_callback()
function custom_visitor_input_callback()
{
$input = get_option('custom_visitor_input');
echo "<input type='text' name='custom_visitor_input' value='$input' />";
echo "<input type='text' name='custom_visitor_input' value='" . esc_attr($input) . "' />";
}

// Input color callback function
function custom_visitor_input_color_callback()
{
$input_color = get_option('custom_visitor_input_color', '#000000');
echo "<input type='color' name='custom_visitor_input_color' value='$input_color' />";
echo "<input type='color' name='custom_visitor_input_color' value='" . esc_attr($input_color) . "' />";
}

// Input alignment callback function
function custom_visitor_input_alignment_callback()
{
$input_alignment = get_option('custom_visitor_input_alignment', 'left');
$options = array('left', 'center', 'right');
echo "<select name='custom_visitor_input_alignment'>";
echo '<select name="custom_visitor_input_alignment">';
foreach ($options as $option) {
$selected = ($input_alignment == $option) ? 'selected' : '';
echo "<option value='$option' $selected>$option</option>";
echo '<option value="' . esc_attr($option) . '" ' . esc_attr($selected) . '>' . esc_html($option) . '</option>';
}
echo "</select>";
echo '</select>';
}

// Views text today callback function
function custom_visitor_views_text_today_callback()
{
$views_text_today = get_option('custom_visitor_views_text_today', 'Views Today');
echo "<input type='text' name='custom_visitor_views_text_today' value='$views_text_today' />";
echo "<input type='text' name='custom_visitor_views_text_today' value='" . esc_attr($views_text_today) . "' />";
}

// Views text month callback function
function custom_visitor_views_text_month_callback()
{
$views_text_month = get_option('custom_visitor_views_text_month', 'Views This Month');
echo "<input type='text' name='custom_visitor_views_text_month' value='$views_text_month' />";
echo "<input type='text' name='custom_visitor_views_text_month' value='" . esc_attr($views_text_month) . "' />";
}

// Views color callback function
function custom_visitor_views_color_callback()
{
$views_color = get_option('custom_visitor_views_color', '#815b0a');
echo "<input type='color' name='custom_visitor_views_color' value='$views_color' />";
echo "<input type='color' name='custom_visitor_views_color' value='" . esc_attr($views_color) . "' />";
}

// Views alignment callback function
function custom_visitor_views_alignment_callback()
{
$views_alignment = get_option('custom_visitor_views_alignment', 'left');
$options = array('left', 'center', 'right');
echo "<select name='custom_visitor_views_alignment'>";
echo '<select name="custom_visitor_views_alignment">';
foreach ($options as $option) {
$selected = ($views_alignment == $option) ? 'selected' : '';
echo "<option value='$option' $selected>$option</option>";
echo '<option value="' . esc_attr($option) . '" ' . esc_attr($selected) . '>' . esc_html($option) . '</option>';
}
echo "</select>";
echo '</select>';
}
?>

0 comments on commit c68ebec

Please sign in to comment.