Merge branch 'dev'

Author: andrewlimaza

pmpro-advanced-levels-shortcode.php

@@ -63,15 +63,51 @@ function pmproal_getLevelLandingPage($level_id) {
 		return $posts[0];
 }
 
+/**
+ * Function for allowed HTML tags in various templates
+ * 
+ * @since TBD
+ * @return array $allowed_html The allowed HTML to be used for wp_kses escaping.
+ */
+function pmproal_allowed_html() {
+	$allowed_html = array (
+		'a' => array (
+			'class' => array(),
+			'href' => array(),
+			'target' => array(),
+			'title' => array(),
+		),
+		'p' => array(
+			'class' => array(),
+		),
+		'b' => array(
+			'class' => array(),
+		),
+		'em' => array(
+			'class' => array(),
+		),
+		'br' => array(),
+		'strike' => array(),
+		'strong' => array(),
+	);
+
+	/**
+	 * Filters the allowed HTML tags for the Advanced Levels Shortcode.
+	 * @param array $allowed_html The allowed html elements for the Advanced Levels Shortcode escaping where wp_kses is used (like in compared elements etc.)
+	 * @since TBD
+	 */
+	return apply_filters( 'pmproal_allowed_html', $allowed_html );
+}
+
 /*
 Function to add links to the plugin row meta
 */
 function pmpro_advanced_levels_plugin_row_meta($links, $file) {
 	if(strpos($file, 'pmpro-advanced-levels-shortcode.php') !== false)
 	{
 		$new_links = array(
-			'<a href="' . esc_url('http://www.paidmembershipspro.com/add-ons/plus-add-ons/pmpro-advanced-levels-shortcode/')  . '" title="' . esc_attr( __( 'View Documentation', 'pmpro-advanced-levels-shortcode' ) ) . '">' . esc_html__( 'Docs', 'pmpro-advanced-levels-shortcode' ) . '</a>',
-			'<a href="' . esc_url('http://paidmembershipspro.com/support/') . '" title="' . esc_attr( __( 'Visit Customer Support Forum', 'pmpro-advanced-levels-shortcode' ) ) . '">' . esc_html__( 'Support', 'pmpro-advanced-levels-shortcode' ) . '</a>',
+			'<a href="' . esc_url('http://www.paidmembershipspro.com/add-ons/plus-add-ons/pmpro-advanced-levels-shortcode/')  . '" title="' . esc_attr__( 'View Documentation', 'pmpro-advanced-levels-shortcode' ) . '">' . esc_html__( 'Docs', 'pmpro-advanced-levels-shortcode' ) . '</a>',
+			'<a href="' . esc_url('http://paidmembershipspro.com/support/') . '" title="' . esc_attr__( 'Visit Customer Support Forum', 'pmpro-advanced-levels-shortcode' ) . '">' . esc_html__( 'Support', 'pmpro-advanced-levels-shortcode' ) . '</a>',
 		);
 		$links = array_merge($links, $new_links);
 	}

templates/levels-compare_table.php

@@ -14,7 +14,7 @@
 				{
 					?>
 					<th class="<?php if( pmpro_hasMembershipLevel( $level->id ) ) { echo 'pmpro_level-current '; } if(!empty($level) && $highlight == $level->id) { echo 'pmpro_level-highlight '; } ?>">
-						<h2><?php echo esc_html( $level->name ); ?></h2>
+						<h2><?php echo wp_kses( $level->name, pmproal_allowed_html() ); ?></h2>
 					</th>
 					<?php
 				}
@@ -69,7 +69,7 @@
 							if(empty($level_expiration))
 								esc_html_e('Membership never expires.', 'pmpro-advanced-levels-shortcode');
 							else
-								echo esc_html( $level_expiration );
+								echo wp_kses( $level_expiration, pmproal_allowed_html() );
 						?>
 					</th>
 					<?php 
@@ -137,8 +137,7 @@
 		</tr>
 	</thead>
 	<tbody>
-		<?php if(!empty($compareitems)) 
-		{ 
+		<?php if(!empty($compareitems)) { 
 			foreach($compareitems as $compareitem)
 			{
 				?>
@@ -159,9 +158,12 @@
 						?>
 						<td class="<?php if( ! empty( $level->id ) && pmpro_hasMembershipLevel( $level->id ) ) { echo 'pmpro_level-current '; } if(!empty($level) && $highlight == $level->id) { echo 'pmpro_level-highlight '; } ?>">
 							<?php 
-								if($compareitem_value == '1') { echo '<span class="pmpro_level-compare-true"></span>'; } 
-								elseif($compareitem_value == '0') { echo '<span class="pmpro_level-compare-false"></span>'; } 
-								else { echo esc_html( $compareitem_value ); } 
+
+								if( $compareitem_value == '1' ) { 
+									echo '<span class="pmpro_level-compare-true"></span>'; 
+								} elseif( $compareitem_value == '0' ) { 
+									echo '<span class="pmpro_level-compare-false"></span>'; 
+								} else { echo  wp_kses( $compareitem_value, pmproal_allowed_html() ); } 
 							?>
 						</td>
 						<?php
@@ -245,7 +247,7 @@
 							if(empty($level_expiration))
 								esc_html_e('Membership never expires.', 'pmpro');
 							else
-								echo esc_html( $level_expiration );
+								echo wp_kses( $level_expiration, pmproal_allowed_html() );
 						?>
 					</td>
 					<?php 
@@ -382,12 +384,12 @@
 						{ 
 							if($compareitem_values[$count] == '1') 
 							{
-								echo ' <strong>' . esc_html( $compareitem_values[0] ) . '</strong>';
+								echo ' <strong>' . wp_kses( $compareitem_values[0], pmproal_allowed_html() ) . '</strong>';
 							}
 							else 
 							{
-								echo ' <strong>' . esc_html( $compareitem_values[0] ) . '</strong>: ';
-								echo esc_html( $compareitem_values[$count] ); 
+								echo ' <strong>' . wp_kses( $compareitem_values[0], pmproal_allowed_html() ) . '</strong>: ';
+								echo wp_kses( $compareitem_values[$count], pmproal_allowed_html() ); 
 							}
 							echo '<br />';
 						}
@@ -467,7 +469,7 @@
 					if(empty($level_expiration))
 						esc_html_e('Membership Never Expires.', 'pmpro-advanced-levels-shortcode');
 					else
-						echo esc_html( $level_expiration );
+						echo wp_kses( $level_expiration, pmproal_allowed_html() );
 					if($template === "bootstrap")
 						echo '</span>';
 					echo '</p>';

templates/levels-div.php

@@ -113,7 +113,7 @@
 				?>
 				<?php if(!empty($description)) { ?>
 <li class="description">
-						<?php echo esc_html( $level->description ); ?>
+						<?php echo wp_kses( $level->description, pmproal_allowed_html() ); ?>
 					</li>
 				<?php } ?>
 				<?php 
@@ -124,7 +124,7 @@
 						if(empty($level_expiration))
 							esc_html_e('Membership Never Expires.', 'pmpro-advanced-levels-shortcode');
 						else
-							echo esc_html( $level_expiration );
+							echo wp_kses( $level_expiration, pmproal_allowed_html() );
 						echo '</li>';
 					} 
 				?>
@@ -320,7 +320,7 @@
 						if(empty($level_expiration))
 							esc_html_e('Membership Never Expires.', 'pmpro-advanced-levels-shortcode');
 						else
-							echo esc_html( $level_expiration );
+							echo wp_kses( $level_expiration, pmproal_allowed_html() );
 						if($template === "bootstrap")
 							echo '</span>';
 					} 
@@ -425,7 +425,7 @@
 						if(empty($level_expiration))
 							esc_html_e('Membership Never Expires.', 'pmpro-advanced-levels-shortcode');
 						else
-							echo esc_html( $level_expiration );
+							echo wp_kses( $level_expiration, pmproal_allowed_html() );
 						echo '</footer>';
 					} 
 				?>

templates/levels-table.php

@@ -39,7 +39,7 @@
 	<tr id="pmpro_level-<?php echo esc_attr( $level->id ); ?>" class="<?php if($current_level) { echo 'pmpro_level-current '; } if($highlight == $level->id) { echo 'pmpro_level-highlight '; } ?>">
 		<?php do_action('pmproal_extra_cols_before_body', $level->id, $template); ?>
 		<td>
-			<h2><?php echo esc_html( $level->name ); ?></h2>
+			<h2><?php echo wp_kses( $level->name, pmproal_allowed_html() ); ?></h2>
 			<?php if(!empty($description)) { echo wp_kses_post( wpautop($level->description) ); } ?>
 		</td>
 		<?php if(!empty($show_price)) { ?>
@@ -62,7 +62,7 @@
 					if(empty($level_expiration))
 						esc_html_e('Membership Never Expires.', 'pmpro-advanced-levels-shortcode');
 					else
-						echo esc_html( $level_expiration );
+						echo wp_kses( $level_expiration, pmproal_allowed_html() );
 				?>
 				</td>
 				<?php