- added escape functions, security fix for XSS;

This commit is contained in:
nikitasinelnikov
2019-08-08 00:36:33 +03:00
parent b2e57e8f92
commit 5f66fd5fe3
95 changed files with 2228 additions and 2026 deletions
+8 -2
View File
@@ -19,7 +19,9 @@ if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
if ( $count_posts > 10 ) { ?>
<div class="um-load-items">
<a href="javascript:void(0);" class="um-ajax-paginate um-button" data-hook="um_load_posts" data-author="<?php echo esc_attr( um_get_requested_user() ); ?>" data-page="1" data-pages="<?php echo esc_attr( ceil( $count_posts / 10 ) ); ?>">
<a href="javascript:void(0);" class="um-ajax-paginate um-button" data-hook="um_load_posts"
data-author="<?php echo esc_attr( um_get_requested_user() ); ?>" data-page="1"
data-pages="<?php echo esc_attr( ceil( $count_posts / 10 ) ); ?>">
<?php _e( 'load more posts', 'ultimate-member' ); ?>
</a>
</div>
@@ -31,7 +33,11 @@ if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
<div class="um-profile-note">
<span>
<?php echo ( um_profile_id() == get_current_user_id() ) ? __( 'You have not created any posts.', 'ultimate-member' ) : __( 'This user has not created any posts.', 'ultimate-member' ); ?>
<?php if ( um_profile_id() == get_current_user_id() ) {
_e( 'You have not created any posts.', 'ultimate-member' );
} else {
_e( 'This user has not created any posts.', 'ultimate-member' );
} ?>
</span>
</div>