Merge pull request #535 from contactashish13/issue-533

escape data before showing

Author: contactashish13

classes/Visualizer/Render/Layout.php

@@ -154,7 +154,7 @@ public static function _renderJsonScreen( $args ) {
 							type="url"
 							id="vz-import-json-url"
 							name="url"
-							value="<?php echo $url; ?>"
+							value="<?php echo esc_url( $url ); ?>"
 							placeholder="<?php esc_html_e( 'Please enter the URL', 'visualizer' ); ?>"
 							class="visualizer-input">
 						<button class="button button-secondary button-small" id="visualizer-json-fetch"><?php esc_html_e( 'Fetch Endpoint', 'visualizer' ); ?></button>
@@ -168,7 +168,7 @@ class="visualizer-input">
 						<?php
 						if ( ! empty( $root ) ) {
 							?>
-							<option value="<?php echo $root; ?>"><?php echo str_replace( Visualizer_Source_Json::TAG_SEPARATOR, Visualizer_Source_Json::TAG_SEPARATOR_VIEW, $root ); ?></option>
+							<option value="<?php echo esc_attr( $root ); ?>"><?php echo str_replace( Visualizer_Source_Json::TAG_SEPARATOR, Visualizer_Source_Json::TAG_SEPARATOR_VIEW, $root ); ?></option>
 							<?php
 						}
 						?>
@@ -187,7 +187,7 @@ class="visualizer-input">
 								<?php
 								if ( ! empty( $paging ) ) {
 									?>
-									<option value="<?php echo $paging; ?>"><?php echo sprintf( 'Get first %d pages using %s', apply_filters( 'visualizer_json_fetch_pages', 5, $url ), str_replace( Visualizer_Source_Json::TAG_SEPARATOR, Visualizer_Source_Json::TAG_SEPARATOR_VIEW, $paging ) ); ?></option>
+									<option value="<?php echo esc_attr( $paging ); ?>"><?php echo sprintf( 'Get first %d pages using %s', apply_filters( 'visualizer_json_fetch_pages', 5, $url ), str_replace( Visualizer_Source_Json::TAG_SEPARATOR, Visualizer_Source_Json::TAG_SEPARATOR_VIEW, $paging ) ); ?></option>
 									<?php
 								}
 								?>

classes/Visualizer/Render/Page/Data.php

@@ -89,7 +89,7 @@ protected function _renderSidebarContent() {
 		$type               = get_post_meta( $this->chart->ID, Visualizer_Plugin::CF_CHART_TYPE, true );
 		$lib               = get_post_meta( $this->chart->ID, Visualizer_Plugin::CF_CHART_LIBRARY, true );
 		?>
-		<span id="visualizer-chart-id" data-id="<?php echo $this->chart->ID; ?>" data-chart-source="<?php echo $source_of_chart; ?>" data-chart-type="<?php echo $type; ?>" data-chart-lib="<?php echo $lib; ?>"></span>
+		<span id="visualizer-chart-id" data-id="<?php echo $this->chart->ID; ?>" data-chart-source="<?php echo esc_attr( $source_of_chart ); ?>" data-chart-type="<?php echo esc_attr( $type ); ?>" data-chart-lib="<?php echo esc_attr( $lib ); ?>"></span>
 		<iframe id="thehole" name="thehole"></iframe>
 		<ul class="viz-group-wrapper full-height">
 			<li class="viz-group viz-group-category open" id="vz-chart-source">
@@ -149,7 +149,7 @@ class="dashicons dashicons-lock"></span></span>
 											  target="thehole" enctype="multipart/form-data">
 											<div class="remote-file-section">
 												<input type="url" id="vz-schedule-url" name="remote_data"
-													   value="<?php echo get_post_meta( $this->chart->ID, Visualizer_Plugin::CF_CHART_URL, true ); ?>"
+													   value="<?php echo esc_url( get_post_meta( $this->chart->ID, Visualizer_Plugin::CF_CHART_URL, true ) ); ?>"
 													   placeholder="<?php esc_html_e( 'Please enter the URL of CSV file', 'visualizer' ); ?>"
 													   class="visualizer-input visualizer-remote-url">
 												<p class="viz-group-description"><?php _e( 'How often do you want to check the url', 'visualizer' ); ?></p>