Skip to content

Commit 2a40275

Browse files
wealcoderahsanwealcoderahsan
committed
author box security checking done
1 parent 9a30fcb commit 2a40275

File tree

1 file changed

+20
-20
lines changed

1 file changed

+20
-20
lines changed

widgets/author-box.php

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ public function get_icon()
3636

3737
public function get_categories()
3838
{
39-
return ['animation-addons-for-elementor'];
39+
return ['weal-coder-addon'];
4040
}
4141

4242
public function get_keywords()
@@ -709,7 +709,7 @@ protected function register_controls()
709709
$this->start_controls_section(
710710
'section_style_button',
711711
[
712-
'label' => 'Button',
712+
'label' => esc_html__('Button', 'animation-addons-for-elementor'),
713713
'tab' => Controls_Manager::TAB_STYLE,
714714
]
715715
);
@@ -883,7 +883,7 @@ protected function style_author_meta()
883883
$this->start_controls_section(
884884
'style_author_meta',
885885
[
886-
'label' => 'Meta',
886+
'label' => esc_html__('Meta', 'animation-addons-for-elementor'),
887887
'tab' => Controls_Manager::TAB_STYLE,
888888
'condition' => [
889889
'show_meta' => 'yes',
@@ -932,7 +932,7 @@ protected function style_author_contact_info()
932932
$this->start_controls_section(
933933
'style_contact',
934934
[
935-
'label' => 'Contact',
935+
'label' => esc_html__('Contact', 'animation-addons-for-elementor'),
936936
'tab' => Controls_Manager::TAB_STYLE,
937937
'condition' => [
938938
'show_contact' => 'yes',
@@ -1280,9 +1280,7 @@ protected function render()
12801280
$custom_src = ('custom' === $settings['source']);
12811281

12821282
if ('current' === $settings['source']) {
1283-
1284-
$avatar_args['size'] = $settings['avatar_size'];
1285-
1283+
$avatar_args['size'] = absint($settings['avatar_size']);
12861284
$user_id = get_the_author_meta('ID');
12871285
$author['avatar'] = get_avatar_url($user_id, $avatar_args);
12881286
$author['display_name'] = get_the_author_meta('display_name');
@@ -1292,10 +1290,10 @@ protected function render()
12921290
} elseif ($custom_src) {
12931291

12941292
if (! empty($settings['author_avatar']['url'])) {
1295-
$avatar_src = $settings['author_avatar']['url'];
1293+
$avatar_src = esc_url_raw($settings['author_avatar']['url']);
12961294

1297-
if ($settings['author_avatar']['id']) {
1298-
$attachment_image_src = wp_get_attachment_image_src($settings['author_avatar']['id'], 'medium');
1295+
if (absint($settings['author_avatar']['id'])) {
1296+
$attachment_image_src = wp_get_attachment_image_src(absint($settings['author_avatar']['id']), 'medium');
12991297

13001298
if (! empty($attachment_image_src[0])) {
13011299
$avatar_src = $attachment_image_src[0];
@@ -1305,10 +1303,10 @@ protected function render()
13051303
$author['avatar'] = $avatar_src;
13061304
}
13071305

1308-
$author['display_name'] = $settings['author_name'];
1309-
$author['website'] = $settings['author_website']['url'];
1310-
$author['bio'] = wpautop($settings['author_bio']);
1311-
$author['posts_url'] = $settings['posts_url']['url'];
1306+
$author['display_name'] = sanitize_text_field($settings['author_name']);
1307+
$author['website'] = esc_url_raw($settings['author_website']['url']);
1308+
$author['bio'] = wp_kses_post(wpautop($settings['author_bio']));
1309+
$author['posts_url'] = esc_url_raw($settings['posts_url']['url']);
13121310
}
13131311

13141312
$print_avatar = ((! $custom_src && 'yes' === $settings['show_avatar']) || ($custom_src && ! empty($author['avatar'])));
@@ -1404,11 +1402,11 @@ class="wcf-author-box__avatar">
14041402
?>
14051403
<ul class="wcf--author-meta">
14061404
<li class="total-posts">
1407-
<?php echo $post_count;
1405+
<?php echo intval($post_count);
14081406
echo esc_html__(' articles', 'animation-addons-for-elementor'); ?>
14091407
</li>
14101408
<li class="total-comments">
1411-
<?php echo $comments;
1409+
<?php echo intval($comments);
14121410
echo esc_html__(' comments', 'animation-addons-for-elementor'); ?>
14131411
</li>
14141412
</ul>
@@ -1445,19 +1443,21 @@ class="wcf-author-box__avatar">
14451443
?>
14461444
<li>
14471445
<?php if (! empty($settings['email_label'])) { ?>
1448-
<span class="label"><?php echo $settings['email_label']; ?></span>
1446+
<span
1447+
class="label"><?php echo esc_html($settings['email_label'], 'animation-addons-for-elementor'); ?></span>
14491448
<?php } ?>
1450-
<a href="mailto:<?php echo $email; ?>"><?php echo $email; ?></a>
1449+
<a href="mailto:<?php echo esc_attr($email); ?>"><?php echo esc_attr($email); ?></a>
14511450
</li>
14521451
<?php
14531452
}
14541453
if (! empty($phone)) {
14551454
?>
14561455
<li>
14571456
<?php if (! empty($settings['phone_label'])) { ?>
1458-
<span class="label"><?php echo $settings['phone_label']; ?></span>
1457+
<span
1458+
class="label"><?php echo esc_html($settings['phone_label'], 'animation-addons-for-elementor'); ?></span>
14591459
<?php } ?>
1460-
<a href="tel:<?php echo $phone; ?>"><?php echo $phone; ?></a>
1460+
<a href="tel:<?php echo esc_attr($phone); ?>"><?php echo esc_attr($phone); ?></a>
14611461
</li>
14621462
<?php
14631463
}

0 commit comments

Comments
 (0)