Skip to content

Commit

Permalink
Security improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
@GeekPress
GeekPress committed Oct 22, 2019
1 parent f7f2eed commit 46c3f79
Show file tree
Hide file tree
Showing 9 changed files with 78 additions and 79 deletions.
2 changes: 1 addition & 1 deletion Notices.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ public function echo_notices( $trash = true ) {
$notices = json_decode( $this->notices, true );
if ( isset( $notices[ $this->user_id ] ) ) {
foreach ( $notices[ $this->user_id ] as $n ) {
echo '<div class="notice notice-' . $n['class'] . ' is-dismissible"><p>' . $n['notice'] . '</p></div>';
echo '<div class="notice notice-' . esc_attr( $n['class'] ) . ' is-dismissible"><p>' . esc_html( $n['notice'] ) . '</p></div>';
}

if ( $trash ) {
Expand Down
4 changes: 2 additions & 2 deletions WPM_Settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ public function __construct() {
*/
public function render_slider_field( $field, $field_escaped_value, $field_object_id, $field_object_type, $field_type_object ) {
echo '<div class="slider-field"></div>';
echo $field_type_object->input(
echo $field_type_object->input( // phpcs:ignore WordPress.Security.EscapeOutput
array(
'type' => 'hidden',
'class' => 'slider-field-value',
Expand Down Expand Up @@ -129,7 +129,7 @@ public function init_metaboxes() {
function( $object_id, $cmb_id, $updated, $t ) {
if ( 'heartbeat_control_settings' === $object_id && $updated ) {
$notices = Notices::get_instance();
$notices->append( 'success', __( 'Your changes have been saved successfully !', 'heartbeat-control' ) );
$notices->append( 'success', __( 'Your changes have been saved successfully!', 'heartbeat-control' ) );
}
},
10,
Expand Down
2 changes: 1 addition & 1 deletion heartbeat-control.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ public function upgrade_db( $version ) {
update_option( 'heartbeat_control_version', $this->version );

$notices = Notices::get_instance();
$notices->append( 'success', __( 'Heartbeat Control data have been migrated successfully !', 'heartbeat-control' ) );
$notices->append( 'success', __( 'Heartbeat Control data have been migrated successfully!', 'heartbeat-control' ) );
}

}
Expand Down
1 change: 0 additions & 1 deletion phpcs.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
<exclude name="Squiz.Commenting.FileComment.MissingPackageTag"/>
<exclude name="Squiz.Commenting.FunctionCommentThrowTag"/>
<exclude name="WordPress.Files.FileName.NotHyphenatedLowercase" />
<exclude name="WordPress.Security.EscapeOutput"/>
</rule>

<rule ref="WordPress.Files.FileName">
Expand Down
82 changes: 41 additions & 41 deletions views/admin-page.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@
?>
<div class="wrap">
<div class="heartbeat-control-settings">
<<?php echo $heading_tag; ?> class="screen-reader-text"><?php echo esc_html( get_admin_page_title() ); ?></<?php echo $heading_tag; ?>>
<<?php echo $heading_tag; // phpcs:ignore WordPress.Security.EscapeOutput ?> class="screen-reader-text"><?php echo esc_html( get_admin_page_title() ); ?></<?php echo $heading_tag; // phpcs:ignore WordPress.Security.EscapeOutput ?>>
<div class="header">
<div class="header-left">
<div class="visuel">
<img src="<?php echo $asset_image_url . 'logo-heartbeat.svg'; ?>" alt="">
<img src="<?php echo esc_url( $asset_image_url . 'logo-heartbeat.svg' ); ?>" alt="">
</div>
</div>
<div class="header-right">
Expand All @@ -23,7 +23,7 @@
<?php
printf(
// translators: %1$s %2$s: link markup.
__( 'Please, take a few seconds to %1$srate it on WordPress.org%2$s', 'heartbeat-control' ),
esc_html__( 'Please, take a few seconds to %1$srate it on WordPress.org%2$s', 'heartbeat-control' ),
'<a href="https://wordpress.org/support/plugin/heartbeat-control/reviews/?filter=5"><strong>',
'</strong></a>'
);
Expand All @@ -42,42 +42,42 @@
</div>
<div class="wrapper-nav">
<h2 class="nav-tab-wrapper">
<span class="nav-tab nav-tab-active" data-tab="general-settings"><?php esc_html_e( 'General settings', 'heartbeat-control' ); ?></span>
<?php if ( ! $plugins_block['wp-rocket']->is_activated() ) : ?>
<span class="nav-tab" data-tab="more-optimization"><?php esc_html_e( 'More optimization', 'heartbeat-control' ); ?></span>
<?php endif; ?>
<span class="nav-tab" data-tab="about-us" ><?php esc_html_e( 'About us', 'heartbeat-control' ); ?></span>
<span class="nav-tab nav-tab-active" data-tab="general-settings"><?php esc_html_e( 'General settings', 'heartbeat-control' ); ?></span>
<?php if ( ! $plugins_block['wp-rocket']->is_activated() ) : ?>
<span class="nav-tab" data-tab="more-optimization"><?php esc_html_e( 'More optimization', 'heartbeat-control' ); ?></span>
<?php endif; ?>
<span class="nav-tab" data-tab="about-us" ><?php esc_html_e( 'About us', 'heartbeat-control' ); ?></span>
</h2>
</div>
<div id="tab_general-settings" class="tab tab-active"><?php echo $cmb_form; ?></div>
<?php if ( ! $plugins_block['wp-rocket']->is_activated() ) : ?>
<div id="tab_more-optimization" class="tab">
<div id="tab_general-settings" class="tab tab-active"><?php echo $cmb_form; // phpcs:ignore WordPress.Security.EscapeOutput ?></div>
<?php if ( ! $plugins_block['wp-rocket']->is_activated() ) : ?>
<div id="tab_more-optimization" class="tab">
<div class="wrapper-content wrapper-intro">
<div class="wrapper-left">
<div class="wrapper-img">
<img src="<?php echo $asset_image_url . 'logo-wprocket.svg'; ?>" alt="">
<img src="<?php echo esc_url( $asset_image_url . 'logo-wprocket.svg' ); ?>" alt="">
</div>
<div class="wrapper-txt">
<p>
<?php
printf(
// translators: %1$s: line break, %2$s %3$s: bold markup.
__( 'Looking for more optimization? %1$sThen you should use %2$sWP Rocket%3$s, and your site will be cached and optimized without you lifting a finger!', 'heartbeat-control' ),
esc_html__( 'Looking for more optimization? %1$sThen you should use %2$sWP Rocket%3$s, and your site will be cached and optimized without you lifting a finger!', 'heartbeat-control' ),
'<br>',
'<strong>',
'</strong>'
);
?>
</div>
<?php if ( 'installed' === $plugins_block['wp-rocket']->get_status() ) : ?>
<a class="btn referer-link <?php echo esc_attr( $plugins_block['wp-rocket']->get_status() ); ?>" href="<?php echo $plugins_block['wp-rocket']->get_install_url(); ?>">
<?php esc_html_e( 'Activate WP Rocket', 'heartbeat-control' ); ?>
</a>
<?php else : ?>
<a href="https://wp-rocket.me/?utm_source=wp_plugin&utm_medium=rocket_heartbeat" class="btn" target="_blank" rel="noopener">
<?php esc_html_e( 'Get Wp Rocket', 'heartbeat-control' ); ?>
<?php if ( 'installed' === $plugins_block['wp-rocket']->get_status() ) : ?>
<a class="btn referer-link <?php echo esc_attr( $plugins_block['wp-rocket']->get_status() ); ?>" href="<?php echo esc_url( $plugins_block['wp-rocket']->get_install_url() ); ?>">
<?php esc_html_e( 'Activate WP Rocket', 'heartbeat-control' ); ?>
</a>
<?php endif; ?>
<?php else : ?>
<a href="https://wp-rocket.me/?utm_source=wp_plugin&utm_medium=rocket_heartbeat" class="btn" target="_blank" rel="noopener">
<?php esc_html_e( 'Get Wp Rocket', 'heartbeat-control' ); ?>
</a>
<?php endif; ?>
<div class="wrapper-img"></div>
</div>
<div class="wrapper-right">
Expand All @@ -89,7 +89,7 @@
<?php
printf(
// translators: %1$s %2$s: bold markup.
__( 'Recognized as the %1$smost powerful caching plugin%2$s by WordPress experts', 'heartbeat-control' ),
esc_html__( 'Recognized as the %1$smost powerful caching plugin%2$s by WordPress experts', 'heartbeat-control' ),
'<strong>',
'</strong>'
);
Expand All @@ -103,7 +103,7 @@
<?php
printf(
// translators: %1$s %2$s: bold markup.
__( 'Automatically apply more than %1$s80&#x25;%2$s of web performance best practices', 'heartbeat-control' ),
esc_html__( 'Automatically apply more than %1$s80&#x25;%2$s of web performance best practices', 'heartbeat-control' ),
'<strong>',
'</strong>'
);
Expand All @@ -112,13 +112,13 @@
</li>
<li>
<div class="visuel">
<img src="<?php echo $asset_image_url . 'noun_performance_1221123.svg'; ?>" alt="">
<img src="<?php echo esc_url( $asset_image_url . 'noun_performance_1221123.svg' ); ?>" alt="">
</div>
<div class="txt">
<?php
printf(
// translators: %1$s %2$s: bold markup.
__( 'Help improve your %1$sGoogle PageSpeed%2$s score', 'heartbeat-control' ),
esc_html__( 'Help improve your %1$sGoogle PageSpeed%2$s score', 'heartbeat-control' ),
'<strong>',
'</strong>'
);
Expand All @@ -127,13 +127,13 @@
</li>
<li>
<div class="visuel">
<img src="<?php echo $asset_image_url . 'noun_SEO_737036.svg'; ?>" alt="">
<img src="<?php echo esc_url( $asset_image_url . 'noun_SEO_737036.svg' ); ?>" alt="">
</div>
<div class="txt">
<?php
printf(
// translators: %1$s %2$s: bold markup.
__( '%1$sBoost your SEO%2$s by preloading your pages and make them faster for Google\'s bots', 'heartbeat-control' ),
esc_html__( '%1$sBoost your SEO%2$s by preloading your pages and make them faster for Google\'s bots', 'heartbeat-control' ),
'<strong>',
'</strong>'
);
Expand All @@ -142,13 +142,13 @@
</li>
<li>
<div class="visuel">
<img src="<?php echo $asset_image_url . 'noun_revenue_949180.svg'; ?>" alt="">
<img src="<?php echo esc_url( $asset_image_url . 'noun_revenue_949180.svg' ); ?>" alt="">
</div>
<div class="txt">
<?php
printf(
// translators: %1$s %2$s: bold markup.
__( 'Improve %1$sconversions and revenue%2$s thanks to a stunning web performance', 'heartbeat-control' ),
esc_html__( 'Improve %1$sconversions and revenue%2$s thanks to a stunning web performance', 'heartbeat-control' ),
'<strong>',
'</strong>'
);
Expand Down Expand Up @@ -182,30 +182,30 @@
<?php
printf(
// translators: %1$s %2$s: bold markup.
__( 'Forget complicated settings and headaches, and %1$senjoy the fastest speed results%2$s your site has ever had!', 'heartbeat-control' ),
esc_html__( 'Forget complicated settings and headaches, and %1$senjoy the fastest speed results%2$s your site has ever had!', 'heartbeat-control' ),
'<strong>',
'</strong>'
);
?>
</div>
<div class="contact-btn">
<?php if ( 'installed' === $plugins_block['wp-rocket']->get_status() ) : ?>
<a class="btn referer-link <?php echo esc_attr( $plugins_block['wp-rocket']->get_status() ); ?>" href="<?php echo $plugins_block['wp-rocket']->get_install_url(); ?>">
<?php esc_html_e( 'Activate WP Rocket', 'heartbeat-control' ); ?>
</a>
<?php else : ?>
<a href="https://wp-rocket.me/?utm_source=wp_plugin&utm_medium=rocket_heartbeat" class="btn" target="_blank" rel="noopener">
<?php esc_html_e( 'Get Wp Rocket', 'heartbeat-control' ); ?>
</a>
<?php endif; ?>
<?php if ( 'installed' === $plugins_block['wp-rocket']->get_status() ) : ?>
<a class="btn referer-link <?php echo esc_attr( $plugins_block['wp-rocket']->get_status() ); ?>" href="<?php echo esc_url( $plugins_block['wp-rocket']->get_install_url() ); ?>">
<?php esc_html_e( 'Activate WP Rocket', 'heartbeat-control' ); ?>
</a>
<?php else : ?>
<a href="https://wp-rocket.me/?utm_source=wp_plugin&utm_medium=rocket_heartbeat" class="btn" target="_blank" rel="noopener">
<?php esc_html_e( 'Get Wp Rocket', 'heartbeat-control' ); ?>
</a>
<?php endif; ?>
</div>
</div>
</div>
<?php endif; ?>
<?php endif; ?>
<div id="tab_about-us" class="tab">
<div class="wrapper-top wrapper-info">
<div class="top-img">
<img src="<?php echo $asset_image_url . 'team.jpg'; ?>" alt="">
<img src="<?php echo esc_url( $asset_image_url . 'team.jpg' ); ?>" alt="">
</div>
<div class="top-txt">
<h2><?php esc_html_e( 'Welcome to WP Media!', 'heartbeat-control' ); ?></h2>
Expand Down
14 changes: 7 additions & 7 deletions views/plugin-cards/default.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,24 @@
?>
<div class="card single-link">
<div class="link-infos">
<div class="link-infos-logo"><?php echo $helper->get_icon(); ?></div>
<div class="link-infos-logo"><?php echo $helper->get_icon(); // phpcs:ignore WordPress.Security.EscapeOutput ?></div>
<span class="link-infos-txt">
<h3><?php echo $helper->get_title(); ?></h3>
<h3><?php echo esc_html( $helper->get_title() ); ?></h3>
<p>
<?php
printf(
// translators: %1$s: status (not installed, installed or activated).
__( 'Status : %1$s', 'heartbeat-control' ),
$helper->get_status_text()
esc_html__( 'Status : %1$s', 'heartbeat-control' ),
esc_html( $helper->get_status_text() )
);
?>
</p>
</span>
</div>
<div class="link-content"><?php echo $helper->get_description(); ?></div>
<div class="link-content"><?php echo esc_html( $helper->get_description() ); ?></div>
<?php if ( 'activated' === $helper->get_status() ) : ?>
<span class="wrapper-infos-active"><span class="dashicons dashicons-yes"></span><span class="info-active"><?php echo $helper->get_button_text(); ?></span></span>
<span class="wrapper-infos-active"><span class="dashicons dashicons-yes"></span><span class="info-active"><?php echo esc_html( $helper->get_button_text() ); ?></span></span>
<?php else : ?>
<a class="link-btn button-primary referer-link <?php echo esc_attr( $helper->get_status() ); ?>" href="<?php echo $helper->get_install_url(); ?>"><?php echo $helper->get_button_text(); ?></a>
<a class="link-btn button-primary referer-link <?php echo esc_attr( $helper->get_status() ); ?>" href="<?php echo esc_url( $helper->get_install_url() ); ?>"><?php echo esc_html( $helper->get_button_text() ); ?></a>
<?php endif; ?>
</div>
20 changes: 10 additions & 10 deletions views/plugin-cards/imagify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Plugin card template imagify
*/

$im_status = $template_args['imagify_partner']::is_imagify_installed() ? ( $template_args['imagify_partner']::is_imagify_activated() ? 'activated' : 'installed' ) : 'not_installed';
$imagify_status = $template_args['imagify_partner']::is_imagify_installed() ? ( $template_args['imagify_partner']::is_imagify_activated() ? 'activated' : 'installed' ) : 'not_installed';
$helper->set_title( 'Imagify' );
$helper->set_button_text(
array(
Expand All @@ -15,7 +15,7 @@
$helper->set_description(
sprintf(
// translators: %1$s: line break, %2$s %3$s: bold markup.
__( '%2$sReduces image file sizes%3$s without loosing quality. %1$sBy compressing your images our speed up your website and boost your SEO.', 'heartbeat-control' ),
esc_html__( '%2$sReduces image file sizes%3$s without loosing quality. %1$sBy compressing your images our speed up your website and boost your SEO.', 'heartbeat-control' ),
'<br>',
'<strong>',
'</strong>'
Expand All @@ -26,24 +26,24 @@
<div class="link-infos">
<div class="link-infos-logo"></div>
<span class="link-infos-txt">
<h3><?php echo $helper->get_title(); ?></h3>
<h3><?php echo esc_html( $helper->get_title() ); ?></h3>
<p>
<?php
printf(
// translators: %1$s: status (not installed, installed or activated).
__( 'Status : %1$s', 'heartbeat-control' ),
$helper->get_status_text( $im_status )
esc_html__( 'Status : %1$s', 'heartbeat-control' ),
esc_html( $helper->get_status_text( $imagify_status ) )
);
?>
</p>
</span>
</div>
<div class="link-content"><?php echo $helper->get_description(); ?></div>
<?php if ( 'activated' === $im_status ) : ?>
<span class="wrapper-infos-active"><span class="dashicons dashicons-yes"></span><span class="info-active"><?php echo $helper->get_button_text( $im_status ); ?></span></span>
<div class="link-content"><?php echo $helper->get_description(); // phpcs:ignore WordPress.Security.EscapeOutput ?></div>
<?php if ( 'activated' === $imagify_status ) : ?>
<span class="wrapper-infos-active"><span class="dashicons dashicons-yes"></span><span class="info-active"><?php echo esc_html( $helper->get_button_text( $imagify_status ) ); ?></span></span>
<?php else : ?>
<a class="link-btn button-primary referer-link <?php echo esc_attr( $im_status ); ?>" href="<?php echo esc_url( $template_args['imagify_partner']->get_post_install_url() ); ?>">
<?php echo $helper->get_button_text( $im_status ); ?>
<a class="link-btn button-primary referer-link <?php echo esc_attr( $imagify_status ); ?>" href="<?php echo esc_url( $template_args['imagify_partner']->get_post_install_url() ); ?>">
<?php echo esc_html( $helper->get_button_text( $imagify_status ) ); ?>
</a>
<?php endif; ?>
</div>
12 changes: 6 additions & 6 deletions views/plugin-cards/rocket-lazy-load.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,24 @@
?>
<div class="card single-link">
<div class="link-infos">
<div class="link-infos-logo"><?php echo $helper->get_icon(); ?></div>
<div class="link-infos-logo"><?php echo $helper->get_icon(); // phpcs:ignore WordPress.Security.EscapeOutput ?></div>
<span class="link-infos-txt">
<h3><?php esc_html_e( 'Lazyload', 'heartbeat-control' ); ?></h3>
<p>
<?php
printf(
// translators: %1$s: status (not installed, installed or activated).
__( 'Status : %1$s', 'heartbeat-control' ),
$helper->get_status_text()
esc_html__( 'Status : %1$s', 'heartbeat-control' ),
esc_html( $helper->get_status_text() )
);
?>
</p>
</span>
</div>
<div class="link-content"><?php echo $helper->get_description(); ?></div>
<div class="link-content"><?php echo esc_html( $helper->get_description() ); ?></div>
<?php if ( 'activated' === $helper->get_status() ) : ?>
<span class="wrapper-infos-active"><span class="dashicons dashicons-yes"></span><span class="info-active"><?php echo $helper->get_button_text(); ?></span></span>
<span class="wrapper-infos-active"><span class="dashicons dashicons-yes"></span><span class="info-active"><?php echo esc_html( $helper->get_button_text() ); ?></span></span>
<?php else : ?>
<a class="link-btn button-primary referer-link <?php echo esc_attr( $helper->get_status() ); ?>" href="<?php echo $helper->get_install_url(); ?>"><?php echo $helper->get_button_text(); ?></a>
<a class="link-btn button-primary referer-link <?php echo esc_attr( $helper->get_status() ); ?>" href="<?php echo esc_url( $helper->get_install_url() ); ?>"><?php echo esc_html( $helper->get_button_text() ); ?></a>
<?php endif; ?>
</div>
Loading

0 comments on commit 46c3f79

Please sign in to comment.