Skip to content

Commit 6c57ef2

Browse files
carl-wells-crowdhandlercarl-wells-crowdhandler
committed
Escping variables
1 parent c653c0b commit 6c57ef2

1 file changed

Lines changed: 15 additions & 8 deletions

File tree

admin/class-crowdhandler-admin.php

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ public function settings_field_public_key_callback($args)
229229
id="<?php echo esc_attr( $args['label_for'] ); ?>"
230230
name="crowdhandler_settings[<?php echo esc_attr( $args['label_for'] ); ?>]"
231231
class="crowdhandler-input crowdhandler-input--textarea"
232-
><?php echo isset($options[$args['label_for']]) ? $options[$args['label_for']] : (''); ?></textarea>
232+
><?php echo isset($options[$args['label_for']]) ? esc_textarea($options[$args['label_for']]) : ''; ?></textarea>
233233
<p class="description">
234234
<?php esc_html_e( 'Your CrowdHandler API Public Key', 'crowdhandler' ); ?>. Find your <a target="_blank" href="https://admin.crowdhandler.com/account/api">key here</a>.
235235
</p>
@@ -238,11 +238,16 @@ class="crowdhandler-input crowdhandler-input--textarea"
238238

239239
public function settings_field_is_enabled_callback($args)
240240
{
241-
$options = get_option('crowdhandler_settings');
241+
$options = get_option('crowdhandler_settings');
242242
?>
243243
<input
244244
type="checkbox"
245-
<?php echo isset($options[$args['label_for']]) ? (checked( $options[$args['label_for']], 'on', false )) : ( '' ); ?>
245+
<?php
246+
if ( isset($options[$args['label_for']]) )
247+
{
248+
esc_attr(checked( $options[$args['label_for']], "on", true ));
249+
}
250+
?>
246251
id="<?php echo esc_attr( $args['label_for'] ); ?>"
247252
name="crowdhandler_settings[<?php echo esc_attr( $args['label_for'] ); ?>]"
248253
class="crowdhandler-input"
@@ -257,14 +262,16 @@ public function settings_field_override_index_callback($args)
257262
{
258263
$options = get_option('crowdhandler_settings');
259264
$canOverrideIndexFile = $this->isIndexFileWritable();
260-
$checked = '';
261-
if (isset($options[$args['label_for']])) {
262-
$checked = checked($options[$args['label_for']], 'on', false);
263-
}
265+
264266
?>
265267
<input
266268
type="checkbox"
267-
<?php echo $checked; ?>
269+
<?php
270+
if ( isset($options[$args['label_for']]) )
271+
{
272+
esc_attr(checked( $options[$args['label_for']], "on", true ));
273+
}
274+
?>
268275
id="<?php echo esc_attr( $args['label_for'] ); ?>"
269276
name="crowdhandler_settings[<?php echo esc_attr( $args['label_for'] ); ?>]"
270277
class="crowdhandler-input"

0 commit comments

Comments
 (0)