Escaping Echo

Author: circuscode

tootpress_developer.php

@@ -171,7 +171,7 @@ function tootpress_clearing_load() {
 
 function tootpress_tools_dev_close() {
 
-	echo '<p>&nbsp;<br/><a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-dev-menu">Back to TootPress Tools</a></p>';
+	echo '<p>&nbsp;<br/><a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-dev-menu">Back to TootPress Tools</a></p>';
 
 }
 
@@ -224,12 +224,12 @@ function tootpress_options_dev_content() {
 
  function tootpress_options_dev_display_latest_toot()
  {
-	 echo '<input class="regular-text" type="text" name="tootpress_latest_toot" id="tootpress_latest_toot" value="'. get_option('tootpress_latest_toot') .'"/>';
+	 echo '<input class="regular-text" type="text" name="tootpress_latest_toot" id="tootpress_latest_toot" value="' . esc_attr(get_option('tootpress_latest_toot')) .'"/>';
  }
 
  function tootpress_options_dev_display_oldest_toot()
  {
-	 echo '<input class="regular-text" type="text" name="tootpress_oldest_toot" id="tootpress_oldest_toot" value="'. get_option('tootpress_oldest_toot') .'"/>';
+	 echo '<input class="regular-text" type="text" name="tootpress_oldest_toot" id="tootpress_oldest_toot" value="'. esc_attr(get_option('tootpress_oldest_toot')) .'"/>';
  }
 
 /**

tootpress_healthy.php

@@ -160,37 +160,37 @@ function tootpress_healthy_check() {
 
 	// Amount of previous API Requests
 	$amount_of_api_requests=tootpress_get_amount_of_api_requests();
-	$output.='Amount of Requests to Mastodon API: '.$amount_of_api_requests;
+	$output.='Amount of Requests to Mastodon API: '.esc_html($amount_of_api_requests);
 	$output.='<br/>';
 
 	// Amount of Toots in Database
 	$amount_of_toots=tootpress_get_amount_of_toots();
-	$output.='Amount of Toots in Database: '.$amount_of_toots;
+	$output.='Amount of Toots in Database: '.esc_html($amount_of_toots);
 	$output.='<br/>';
 
 	// Amount of Media in Database
 	$amount_of_media=tootpress_get_amount_of_media();
-	$output.='Amount of Media in Database: '.$amount_of_media;
+	$output.='Amount of Media in Database: '.esc_html($amount_of_media);
 	$output.='<br/>';
 
 	// Latest Toot
 	$latest_toot=tootpress_get_latest_toot();
-	if($latest_toot){$output.='Latest Toot: '.$latest_toot.'<br/>';}
+	if($latest_toot){$output.='Latest Toot: '.esc_html($latest_toot).'<br/>';}
 
 	// Oldest Toot
 	$oldest_toot=tootpress_get_oldest_toot();
-	if($oldest_toot){$output.='Oldest Toot: '.$oldest_toot.'<br/>';};
+	if($oldest_toot){$output.='Oldest Toot: '.esc_html($oldest_toot).'<br/>';};
 
 	// Last Insert
 	$last_insert=get_option('tootpress_last_insert');
-	if($last_insert){$output.='Last Insert: '.$last_insert.'<br/>';}
+	if($last_insert){$output.='Last Insert: '.esc_html($last_insert).'<br/>';}
 
 	// PHP Max Execution Time
 	$this_environment_php_execution_time=ini_get('max_execution_time');
 	if($this_environment_php_execution_time==0) {
 		$output.='Max PHP script execution time: not limited';
 	} else {
-		$output.='Max PHP script execution time: '.$this_environment_php_execution_time.' Seconds';
+		$output.='Max PHP script execution time: '.esc_html($this_environment_php_execution_time).' Seconds';
 	}
 
 	$output.='</p>';

tootpress_options.php

@@ -54,46 +54,46 @@ function tootpress_options_content() {
 
  function tootpress_options_display_mastodon_instance()
  {
-	 echo '<input class="regular-text" type="text" name="tootpress_mastodon_instance" id="tootpress_mastodon_instance" value="'. get_option('tootpress_mastodon_instance') .'"/>';
+	 echo '<input class="regular-text" type="text" name="tootpress_mastodon_instance" id="tootpress_mastodon_instance" value="'. esc_attr(get_option('tootpress_mastodon_instance')) .'"/>';
  }
 
 function tootpress_options_display_mastodon_oauth_access_token()
 {
-	echo '<input class="regular-text" type="text" name="tootpress_mastodon_oauth_access_token" id="tootpress_mastodon_oauth_access_token" value="'. get_option('tootpress_mastodon_oauth_access_token') .'"/>';
+	echo '<input class="regular-text" type="text" name="tootpress_mastodon_oauth_access_token" id="tootpress_mastodon_oauth_access_token" value="'. esc_attr(get_option('tootpress_mastodon_oauth_access_token')) .'"/>';
 }
 
 function tootpress_options_display_mastodon_account_id()
 {
-	echo '<input type="text" name="tootpress_mastodon_account_id" id="tootpress_mastodon_account_id" value="'. get_option('tootpress_mastodon_account_id') .'"/>';
+	echo '<input type="text" name="tootpress_mastodon_account_id" id="tootpress_mastodon_account_id" value="'. esc_attr(get_option('tootpress_mastodon_account_id')) .'"/>';
 }
 
 function tootpress_options_display_page_id()
 {
-	echo '<input type="text" name="tootpress_page_id" id="tootpress_page_id" value="'. get_option('tootpress_page_id') .'"/>';
+	echo '<input type="text" name="tootpress_page_id" id="tootpress_page_id" value="'. esc_attr(get_option('tootpress_page_id')) .'"/>';
 }
 
 function tootpress_options_display_amount_toots_page()
 {
-	echo '<input type="text" name="tootpress_amount_toots_page" id="tootpress_amount_toots_page" value="'. get_option('tootpress_amount_toots_page') .'"/>';
+	echo '<input type="text" name="tootpress_amount_toots_page" id="tootpress_amount_toots_page" value="'. esc_attr(get_option('tootpress_amount_toots_page')) .'"/>';
 }
 
 function tootpress_options_display_cron_period()
 {
-	echo '<input type="text" name="tootpress_cron_period" id="tootpress_cron_period" value="'. tootpress_get_custom_cron_period_in_minutes() .'"/>';
+	echo '<input type="text" name="tootpress_cron_period" id="tootpress_cron_period" value="'. esc_attr(tootpress_get_custom_cron_period_in_minutes()) .'"/>';
 }
 
 function tootpress_options_display_navigation()
 {
-	echo '<input type="radio" id="tootpress_navigation_standard" name="tootpress_navigation" value="standard" ' .  checked('standard', get_option('tootpress_navigation'), false) . '/>'; 
-	echo '<label for="tootpress_navigation_standard">Standard</label>';
+	echo '<input type="radio" id="tootpress_navigation_standard" name="tootpress_navigation" value="standard" ' .  checked('standard', esc_attr(get_option('tootpress_navigation')), false) . '/>'; 
+	 '<label for="tootpress_navigation_standard">Standard</label>';
 	echo '<br/>&nbsp;<br/>';
-	echo '<input type="radio" id="tootpress_navigation_numbers" name="tootpress_navigation" value="numbers" ' .  checked('numbers', get_option('tootpress_navigation'), false) . '/>'; 
+	echo '<input type="radio" id="tootpress_navigation_numbers" name="tootpress_navigation" value="numbers" ' .  checked('numbers', esc_attr(get_option('tootpress_navigation')), false) . '/>'; 
 	echo '<label for="tootpress_navigation_numbers">Numbers</label>';
 }	
 
 function tootpress_options_display_css()
 {
-	echo '<input type="checkbox" name="tootpress_css" value="1" ' .  checked(1, tootpress_get_css_option(), false) . '/>'; 
+	echo '<input type="checkbox" name="tootpress_css" value="1" ' .  checked(1, esc_attr(tootpress_get_css_option()), false) . '/>'; 
 }	
 
 /**

tootpress_plugin.php

@@ -61,4 +61,25 @@ function tootpress_flag( $classes ) {
 }
 add_filter( 'body_class', 'tootpress_flag' );
 
+/**
+ * Returns allowed HTML tags
+ * 
+ * Used for escaping echos
+ * 
+ * @since 0.2
+ * 
+ * @return array Allowed HTML Tags
+ */
+
+function tootpress_escaping_allowed_html() {
+	return array(
+		'p' => array(),
+        'br' => array(),
+		'strong' => array(),
+		'span' => array(
+			'class' => array(),
+		),
+	);
+}
+
 ?>

tootpress_tools.php

@@ -154,7 +154,7 @@ function tootpress_tools() {
 	<label for="copy-toots">Mastodon API Request</label>
 	</th>
 	<td>
-	<a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-menu&copytoots=true">Run</a>
+	<a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-menu&copytoots=true">Run</a>
 	</td>
 
 	<!-- Steady Fetch -->
@@ -163,7 +163,7 @@ function tootpress_tools() {
 	<label for="cron-newtoots">Steady Fetch</label>
 	</th>
 	<td>
-	<a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-menu&cronnewtoots=true">'.$button_newtoots_label.'</a>
+	<a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-menu&cronnewtoots=true">'.esc_html($button_newtoots_label).'</a>
 	</td>
 
 	<!-- Complete Archiv -->
@@ -172,7 +172,7 @@ function tootpress_tools() {
 	<label for="cron-alltoots">Complete Timeline</label>
 	</th>
 	<td>
-	<a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-menu&cronalltoots=true">'.$button_alltoots_label.'</a>
+	<a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-menu&cronalltoots=true">'.esc_html($button_alltoots_label).'</a>
 	</td>
 
 	<!-- Receive ID -->
@@ -181,7 +181,7 @@ function tootpress_tools() {
 	<label for="retrieve-id">Account ID</label>
 	</th>
 	<td>
-	<a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-menu&retrieveid=true">Retrieve</a>
+	<a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-menu&retrieveid=true">Retrieve</a>
 	</td>
 
 	<!-- Plugin Healthy Check -->
@@ -190,7 +190,7 @@ function tootpress_tools() {
 	<label for="plugin-healthy-check">Healthy Check</label>
 	</th>
 	<td>
-	<a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-menu&healthy=true">Show Results</a>
+	<a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-menu&healthy=true">Show Results</a>
 	</td>
 
 	<!-- Factory Settings -->
@@ -199,7 +199,7 @@ function tootpress_tools() {
 	<label for="factory-settings">Factory Settings</label>
 	</th>
 	<td>
-	<a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-menu&factorysettings=true">Reset</a>
+	<a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-menu&factorysettings=true">Reset</a>
 	</td>
 	
 	</table>';
@@ -214,7 +214,7 @@ function tootpress_tools() {
 
  function tootpress_tools_close() {
 
-	echo '<p>&nbsp;<br/><a class="button" href="'.admin_url().'tools.php?page=tootpress-tools-menu">Back to TootPress Tools</a></p>';
+	echo '<p>&nbsp;<br/><a class="button" href="'.esc_url(admin_url()).'tools.php?page=tootpress-tools-menu">Back to TootPress Tools</a></p>';
 
 }
 
@@ -246,7 +246,7 @@ function tootpress_copy_toots_load() {
 	} else {
 		// TootPress is not ready to run
 		echo '<p>Request not possible.</p>';
-		echo tootpress_error_message_required_api_options_missing();
+		echo wp_kses( tootpress_error_message_required_api_options_missing(), tootpress_escaping_allowed_html() );
 	} 
 
 	tootpress_tools_close();
@@ -274,12 +274,12 @@ function tootpress_switch_cron_newtoots_load() {
 			update_option('tootpress_cron_newtoots_status','1');
 			$period=tootpress_get_custom_cron_period_in_minutes();
 			echo '<p>Cron was activated.<br/>';
-			echo 'Steady Fetch runs every '.$period.' Minutes.<br/>';
+			echo 'Steady Fetch runs every '.esc_html($period).' Minutes.<br/>';
 			echo 'New Toots will be added automatically.</p>';
 		} else {
 			// TootPress is not ready to run
 			echo '<p>Steady Fetch could not be activated.</p>';
-			echo tootpress_error_message_required_api_options_missing();
+			echo wp_kses( tootpress_error_message_required_api_options_missing(), tootpress_escaping_allowed_html() );
 		}
 
 	} else {
@@ -327,7 +327,7 @@ function tootpress_trigger_cron_alltoots_load() {
 			} else {
 				// TootPress is not ready to run
 				echo '<p>Procedure could not be activated.</p>';
-				echo tootpress_error_message_required_api_options_missing();
+				echo wp_kses( tootpress_error_message_required_api_options_missing(), tootpress_escaping_allowed_html() );
 			}
 
 		}
@@ -356,10 +356,10 @@ function tootpress_retrieve_mastodonid() {
 		$mastodonid=$verifycrendentials['id'];
 
 		echo '<p>Your Mastodon Account ID is the following.</p>';
-		echo '<p>'.$mastodonid.'</p>';
+		echo '<p>'.esc_html($mastodonid).'</p>';
 
 	} else {
-		echo tootpress_error_message_instance_andor_token_missing();
+		echo wp_kses( tootpress_error_message_instance_andor_token_missing(), tootpress_escaping_allowed_html() );
 	}
 
 	tootpress_tools_close();
@@ -377,7 +377,7 @@ function tootpress_healthy_check_load() {
 	echo '<h1 class="tootpress_tools_headline">TootPress › Healthy Check</h1>';
 	echo '<p class="tootpress_tools_description">Analysis<br/>&nbsp;</p>';
 	$health_status=tootpress_healthy_check();
-	echo $health_status;
+	echo wp_kses( $health_status, tootpress_escaping_allowed_html() );
 	tootpress_tools_close();
 
 }