- added escape functions, security fix for XSS;

This commit is contained in:
nikitasinelnikov
2019-08-08 00:36:33 +03:00
parent b2e57e8f92
commit 5f66fd5fe3
95 changed files with 2228 additions and 2026 deletions
+8 -4
View File
@@ -1,9 +1,10 @@
<?php
namespace um\admin\core;
// Exit if accessed directly.
if ( ! defined( 'ABSPATH' ) ) exit;
if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
@@ -34,6 +35,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
}
/**
*
*/
function create_list() {
$this->old_extensions_notice();
$this->install_core_page_notice();
@@ -195,7 +199,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
ob_start(); ?>
<div class="<?php echo esc_attr( $class ) ?> um-admin-notice notice <?php echo $dismissible ? 'is-dismissible' : '' ?>" data-key="<?php echo $key ?>">
<div class="<?php echo esc_attr( $class ) ?> um-admin-notice notice <?php echo $dismissible ? 'is-dismissible' : '' ?>" data-key="<?php echo esc_attr( $key ) ?>">
<?php echo ! empty( $notice_data['message'] ) ? $notice_data['message'] : '' ?>
</div>
@@ -301,7 +305,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
</p>
<p>
<a href="<?php echo esc_attr( add_query_arg( 'um_adm_action', 'install_core_pages' ) ); ?>" class="button button-primary"><?php _e( 'Create Pages', 'ultimate-member' ) ?></a>
<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'install_core_pages' ) ); ?>" class="button button-primary"><?php _e( 'Create Pages', 'ultimate-member' ) ?></a>
&nbsp;
<a href="javascript:void(0);" class="button-secondary um_secondary_dimiss"><?php _e( 'No thanks', 'ultimate-member' ) ?></a>
</p>
@@ -384,7 +388,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
}
}
$ignore = admin_url('users.php');
$ignore = admin_url( 'users.php' );
$messages[0]['err_content'] = sprintf( __( 'Are you sure you want to delete the selected user(s)? The following users will be deleted: <p>%s</p> <strong>This cannot be undone!</strong>','ultimate-member'), $users);
$messages[0]['err_content'] .= '<p><a href="'. esc_html( $confirm_uri ) .'" class="button-primary">' . __( 'Remove', 'ultimate-member' ) . '</a>&nbsp;&nbsp;<a href="'.$ignore.'" class="button">' . __('Undo','ultimate-member') . '</a></p>';