Escaping output

strangerstudios · Mar 19, 2024 · 57abe2b · 57abe2b
1 parent b0b3d83
commit 57abe2b
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 47 deletions.
diff --git a/includes/api-wrapper.php b/includes/api-wrapper.php
@@ -163,7 +163,7 @@ function pmpromc_process_audience_member_updates_queue( $filter_contents = null
 				$index_to_process += 500;
 			}
 		} else {
-			wp_die( __('Error during unsubscribe operation. Please report this error to the administrator', 'pmpro-mailchimp') );
+			wp_die( esc_html__('Error during unsubscribe operation. Please report this error to the administrator', 'pmpro-mailchimp') );
 		}
 	}
 

diff --git a/includes/export-csv.php b/includes/export-csv.php
@@ -2,7 +2,7 @@
 
 	if(!function_exists("current_user_can") || (!current_user_can("manage_options") && !current_user_can("pmpro_memberslistcsv")))
 	{
-		die(__("You do not have permissions to perform this action.", "pmpro"));
+		die( esc_html__( "You do not have permissions to perform this action.", "pmpro-mailchimp" ) );
 	}
 
 	if (!defined('PMPRO_BENCHMARK'))
@@ -372,12 +372,12 @@ function pmpro_transmit_content( $csv_fh, $filename, $headers = array() ) {
 		//did we accidentally send errors/warnings to browser?
 		if (headers_sent())
 		{
-			echo str_repeat('-', 75) . "<br/>\n";
+			echo esc_html( str_repeat('-', 75 ) ) . "<br/>\n";
 			echo 'Please open a support case and paste in the warnings/errors you see above this text to\n ';
 			echo 'the <a href="http://paidmembershipspro.com/support/" target="_blank">Paid Memberships Pro support forum</a><br/>\n';
-			echo str_repeat("=", 75) . "<br/>\n";
-			echo file_get_contents($filename);
-			echo str_repeat("=", 75) . "<br/>\n";
+			echo esc_html( str_repeat("=", 75) ) . "<br/>\n";
+			echo esc_html( file_get_contents($filename) );
+			echo esc_html( str_repeat("=", 75) ) . "<br/>\n";
 		}
 
 		//transmission

diff --git a/includes/functions.php b/includes/functions.php
@@ -179,7 +179,7 @@ function pmpromc_additional_lists_on_checkout() {
 
 	$display_modifier = empty( $pmpro_review ) ? '' : 'style="display: none;"';
 	?>
-    <div id="pmpro_mailing_lists" class="pmpro_checkout" <?php echo( $display_modifier ); ?>>
+    <div id="pmpro_mailing_lists" class="pmpro_checkout" <?php echo esc_html( $display_modifier ); ?>>
         <hr />
         <h2>
             <span class="pmpro_checkout-h2-name">
@@ -208,14 +208,14 @@ function pmpromc_additional_lists_on_checkout() {
             foreach ( $additional_lists_array as $key => $additional_list ) {
                 $count++;
                 ?>
-                <input type="checkbox" id="additional_lists_<?php echo( $count ); ?>" name="additional_lists[]" value="<?php echo( $additional_list->id ); ?>"
+                <input type="checkbox" id="additional_lists_<?php echo esc_attr( $count ); ?>" name="additional_lists[]" value="<?php echo esc_attr( $additional_list->id ); ?>"
                     <?php
                     if ( is_array( $additional_lists_selected ) ) {
                         checked( in_array( $additional_list->id, $additional_lists_selected ) );
                     };
                     ?>
                 />
-                <label for="additional_lists_<?php echo( $count ); ?>" class="pmpromc-checkbox-label"><?php echo( $additional_list->name ); ?></label><br/>
+                <label for="additional_lists_<?php echo esc_attr( $count ); ?>" class="pmpromc-checkbox-label"><?php echo esc_html( $additional_list->name ); ?></label><br/>
                 <?php
             }
             ?>

diff --git a/includes/profile.php b/includes/profile.php
@@ -72,8 +72,8 @@ function pmpromc_add_custom_user_profile_fields( $user ) {
 					echo '<input type="hidden" name="additional_lists_profile" value="1" />';
 					foreach ( $additional_audiences_info as $audience_arr ) {
 						$checked_modifier = ( is_array( $selected_audiences ) && in_array( $audience_arr['id'], $selected_audiences ) ) ? ' checked' : '';
-						echo( "<input type='checkbox' name='additional_lists[]' value='" . esc_attr( $audience_arr['id'] ) . "' id='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) . "'" . $checked_modifier . ">" );
-						echo( "<label for='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) .  "' class='pmpromc-checkbox-label'>" . $audience_arr['name'] .  "</label><br>" );
+						echo( "<input type='checkbox' name='additional_lists[]' value='" . esc_attr( $audience_arr['id'] ) . "' id='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) . "'" . esc_attr( $checked_modifier ) . ">" );
+						echo( "<label for='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) .  "' class='pmpromc-checkbox-label'>" . esc_html( $audience_arr['name'] ) .  "</label><br>" );
 					}
 					?>
 				</td>
@@ -99,8 +99,8 @@ function pmpromc_add_custom_user_profile_fields( $user ) {
 			echo '<input type="hidden" name="additional_lists_profile" value="1" />';
 			foreach ( $additional_audiences_info as $audience_arr ) {
 				$checked_modifier = ( is_array( $selected_audiences ) && in_array( $audience_arr['id'], $selected_audiences ) ) ? ' checked' : '';
-				echo( "<input type='checkbox' name='additional_lists[]' value='" . esc_attr( $audience_arr['id'] ) . "' id='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) . "'" . $checked_modifier . ">" );
-				echo( "<label for='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) .  "' class='pmpromc-checkbox-label'>" . $audience_arr['name'] .  "</label><br>" );
+				echo( "<input type='checkbox' name='additional_lists[]' value='" . esc_attr( $audience_arr['id'] ) . "' id='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) . "'" . esc_attr( $checked_modifier ) . ">" );
+				echo( "<label for='pmpromc_additional_lists_" . esc_attr( $audience_arr['id'] ) .  "' class='pmpromc-checkbox-label'>" . esc_html( $audience_arr['name'] ) .  "</label><br>" );
 			} ?>
 	</div> <!-- end pmpro_member_profile_edit-field-first_name -->
 	<?php