Merge pull request #911 from EvanHerman/updates

Escape and sanitize fields. Fix interest group breaking block.
EvanHerman · Mar 27, 2023 · 74c8030 · 74c8030
2 parents d32496e + 197aa09
commit 74c8030
Show file tree

Hide file tree

Showing 11 changed files with 81 additions and 68 deletions.
diff --git a/admin/class-yikes-inc-easy-mailchimp-extender-admin.php b/admin/class-yikes-inc-easy-mailchimp-extender-admin.php
@@ -2562,7 +2562,7 @@ public function yikes_easy_mailchimp_reset_impression_stats() {
 				$form_id_to_reset,
 				array(
 					'impressions' => 0,
-					'submissions' => 0
+					'submissions' => 0,
 				)
 			);
 

diff --git a/admin/partials/ajax/add_interest_group_to_form.php b/admin/partials/ajax/add_interest_group_to_form.php
@@ -40,7 +40,7 @@
 	?>
 	<section class="draggable" id="error-container">
 		<p>
-			<span class="dashicons dashicons-no-alt"></span> <?php printf( __( 'Error: %s', 'yikes-inc-easy-mailchimp-extender' ), $error_messages ); ?>
+			<span class="dashicons dashicons-no-alt"></span> <?php printf( esc_html__( 'Error: %s', 'yikes-inc-easy-mailchimp-extender' ), $error_messages ); ?>
 		</p>
 	</section>
 	<?php
@@ -60,17 +60,17 @@
 	<section class="draggable" id="<?php echo esc_attr( $group['group_id'] ); ?>">
 		<!-- top -->
 		<a href="#" class="expansion-section-title settings-sidebar">
-			<span class="dashicons dashicons-plus yikes-mc-expansion-toggle" title="<?php _e( 'Expand Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>"></span>
-			<?php echo stripslashes( $group['field_name'] ); ?>
-			<span class="field-type-text"><small><?php echo __( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . $group['field_type']; ?></small></span>
+			<span class="dashicons dashicons-plus yikes-mc-expansion-toggle" title="<?php esc_attr_e( 'Expand Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>"></span>
+			<?php echo esc_html( stripslashes( $group['field_name'] ) ); ?>
+			<span class="field-type-text"><small><?php echo esc_html__( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . esc_html( $group['field_type'] ); ?></small></span>
 		</a>
 		<!-- expansion section -->
 		<div class="yikes-mc-settings-expansion-section">
 
 			<!-- Single or Double Opt-in -->
 			<p class="type-container"><!-- necessary to prevent skipping on slideToggle(); -->
 				<!-- store the label -->
-				<input type="hidden" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][label]" value="<?php echo htmlspecialchars( $group['field_name'] ); ?>" />
+				<input type="hidden" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][label]" value="<?php echo esc_attr( htmlspecialchars( $group['field_name'] ) ); ?>" />
 				<input type="hidden" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][type]" value="<?php echo esc_attr( $group['field_type'] ); ?>" />
 				<input type="hidden" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][group_id]" value="<?php echo esc_attr( $group['group_id'] ); ?>" />
 				<input type="hidden" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][groups]" value='<?php echo esc_attr( json_encode( $groups, true ) ); ?>' />
@@ -86,21 +86,21 @@
 							<tr valign="top">
 								<td scope="row">
 									<label for="placeholder">
-										<?php _e( 'Default Selection' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+										<?php esc_html_e( 'Default Selection' , 'yikes-inc-easy-mailchimp-extender' ); ?>
 									</label>
 								</td>
 								<td>
 
 									<?php $pre_selected = ! empty( $field_data['default_choice'] ) ? $field_data['default_choice'] : 'no-default'; ?>
 
 									<!-- No Default option for radio buttons -->
-									<input type="radio" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][default_choice][]" value="no-default" <?php checked( $pre_selected, 'no-default' ); ?>>No Default
+									<input type="radio" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][default_choice][]" value="no-default" <?php checked( $pre_selected, 'no-default' ); ?>><?php esc_html_e( 'No Default', 'yikes-inc-easy-mailchimp-extender' ); ?>
 
 									<?php foreach ( $field_data['items'] as $id => $interest_group ) { ?>
-										<input type="radio" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][default_choice][]" value="<?php echo esc_attr( $id ); ?>" <?php checked( $pre_selected, $id ); ?>><?php echo stripslashes( $interest_group['name'] );
+										<input type="radio" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][default_choice][]" value="<?php echo esc_attr( $id ); ?>" <?php checked( $pre_selected, $id ); ?>><?php echo esc_html( stripslashes( $interest_group['name'] ) );
 									} ?>
 
-									<p class="description"><small><?php _e( "Select the option that should be selected by default.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+									<p class="description"><small><?php esc_html_e( "Select the option that should be selected by default.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 								</td>
 							</tr>
 
@@ -114,7 +114,7 @@
 							<tr valign="top" class="yikes-checkbox-container">
 								<td scope="row">
 									<label for="placeholder">
-										<?php _e( 'Default Selection' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+										<?php esc_html_e( 'Default Selection', 'yikes-inc-easy-mailchimp-extender' ); ?>
 									</label>
 								</td>
 								<td>
@@ -123,13 +123,13 @@
 										$pre_selected = ! empty( $field_data['default_choice'] ) ? $field_data['default_choice'] : '0';
 										?>
 										<label>
-											<input type="checkbox" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][default_choice][]" value="<?php echo $id; ?>" <?php checked( $pre_selected, $id ); ?>>
-											<?php echo stripslashes( $interest_group['name'] ); ?>
+											<input type="checkbox" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][default_choice][]" value="<?php echo esc_attr( $id ); ?>" <?php checked( $pre_selected, $id ); ?>>
+											<?php echo esc_html( stripslashes( $interest_group['name'] ) ); ?>
 										</label>
 										<?php
 									}
 									?>
-									<p class="description"><small><?php _e( "Select the option that should be selected by default.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+									<p class="description"><small><?php esc_html_e( "Select the option that should be selected by default.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 								</td>
 							</tr>
 
@@ -142,29 +142,29 @@
 							<tr valign="top">
 								<td scope="row">
 									<label for="placeholder_<?php echo esc_attr( $field['merge'] ); ?>">
-										<?php _e( 'Placeholder', 'yikes-inc-easy-mailchimp-extender' ); ?>
+										<?php esc_html_e( 'Placeholder', 'yikes-inc-easy-mailchimp-extender' ); ?>
 									</label>
 								</td>
 								<td>
-									<input type="text" id="placeholder_<?php echo esc_attr( $field['merge'] ); ?>" class="widefat" name="field[<?php echo $field['merge']; ?>][placeholder]" value="<?php echo isset( $field['placeholder'] ) ? $field['placeholder'] : '' ; ?>" />
-									<p class="description"><small><?php _e( "Assign a placeholder value for the select option.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+									<input type="text" id="placeholder_<?php echo esc_attr( $field['merge'] ); ?>" class="widefat" name="field[<?php echo esc_attr( $field['merge'] ); ?>][placeholder]" value="<?php echo isset( $field['placeholder'] ) ? esc_attr( $field['placeholder'] ) : '' ; ?>" />
+									<p class="description"><small><?php esc_html_e( "Assign a placeholder value for the select option.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 								</td>
 							</tr>
 							<tr valign="top">
 								<td scope="row">
 									<label for="placeholder">
-										<?php _e( 'Default Selection' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+										<?php esc_html_e( 'Default Selection', 'yikes-inc-easy-mailchimp-extender' ); ?>
 									</label>
 								</td>
 								<td>
 									<select type="default" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][default_choice]">
 										<?php $pre_selected = ! empty( $field_data['default_choice'] ) ? $field_data['default_choice'] : 'no-default'; ?>
-										<option value="no-default">No Default</option>
+										<option value="no-default"><?php esc_html_e( 'No Default', 'yikes-inc-easy-mailchimp-extender' ); ?></option>
 										<?php foreach ( $field_data['items'] as $id => $interest_group ) { ?>
-											<option value="<?php echo $id; ?>" <?php selected( $pre_selected, $id ); ?>><?php echo $interest_group['name']; ?></option>
+											<option value="<?php echo esc_attr( $id ); ?>" <?php selected( $pre_selected, $id ); ?>><?php echo esc_html( $interest_group['name'] ); ?></option>
 										<?php } ?>
 									</select>
-									<p class="description"><small><?php _e( "Which option should be selected by default?", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+									<p class="description"><small><?php esc_html_e( "Which option should be selected by default?", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 								</td>
 							</tr>
 
@@ -176,74 +176,74 @@
 					<tr valign="top">
 						<td scope="row">
 							<label for="placeholder">
-								<?php _e( 'Description' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+								<?php esc_html_e( 'Description' , 'yikes-inc-easy-mailchimp-extender' ); ?>
 							</label>
 						</td>
 						<td>
 							<textarea class="widefat field-description-input" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][description]"></textarea>
-							<p class="description"><small><?php _e( "Enter the description for the form field. This will be displayed to the user and provide some direction on how the field should be filled out or selected.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+							<p class="description"><small><?php esc_html_e( "Enter the description for the form field. This will be displayed to the user and provide some direction on how the field should be filled out or selected.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 						</td>
 					</tr>
 
 					<!-- Description Above Field -->
 					<tr valign="top" class="yikes-checkbox-container">
 						<td scope="row">
 							<label for="description_above_<?php echo esc_attr( $group['group_id'] ); ?>">
-								<?php _e( 'Description Above Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+								<?php esc_html_e( 'Description Above Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>
 							</label>
 						</td>
 						<td>
 							<input type="checkbox" id="description_above_<?php echo esc_attr( $group['group_id'] ); ?>" class="widefat field-description-input" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][description_above]" value="1" />
-							<p class="description"><small><?php _e( "By default the description will appear undearneath the field. Check this box if you'd like the description to appear above the field.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+							<p class="description"><small><?php esc_html_e( "By default the description will appear undearneath the field. Check this box if you'd like the description to appear above the field.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 						</td>
 					</tr>
 
 					<!-- Additional Classes -->
 					<tr valign="top">
 						<td scope="row">
 							<label for="placeholder">
-								<?php _e( 'Additional Classes' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+								<?php esc_html_e( 'Additional Classes', 'yikes-inc-easy-mailchimp-extender' ); ?>
 							</label>
 						</td>
 						<td>
-							<input type="text" class="widefat" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][additional-classes]" value="<?php echo isset( $group['classes'] ) ? stripslashes( wp_strip_all_tags( $group['classes'] ) ) : '' ; ?>" />
-							<p class="description"><small><?php printf( __( "Assign additional classes to this field. %s.", 'yikes-inc-easy-mailchimp-extender' ), '<a target="_blank" href="' . esc_url( 'https://yikesplugins.com/support/knowledge-base/bundled-css-classes/' ) . '">' . __( 'View bundled classes', 'yikes-inc-easy-mailchimp-extender' ) . '</a>' );?></small></p>
+							<input type="text" class="widefat" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][additional-classes]" value="<?php echo isset( $group['classes'] ) ? esc_attr( stripslashes( wp_strip_all_tags( $group['classes'] ) ) ) : '' ; ?>" />
+							<p class="description"><small><?php printf( esc_html__( "Assign additional classes to this field. %s.", 'yikes-inc-easy-mailchimp-extender' ), '<a target="_blank" href="' . esc_url( 'https://yikesplugins.com/support/knowledge-base/bundled-css-classes/' ) . '">' . esc_html__( 'View bundled classes', 'yikes-inc-easy-mailchimp-extender' ) . '</a>' );?></small></p>
 						</td>
 						</tr>
 						<!-- Required Toggle -->
 						<tr valign="top" class="yikes-checkbox-container">
 							<td scope="row">
 								<label for="field-required">
-									<?php _e( 'Field Required?' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+									<?php esc_html_e( 'Field Required?' , 'yikes-inc-easy-mailchimp-extender' ); ?>
 								</label>
 							</td>
 							<td>
 								<input type="checkbox" class="widefat" value="1" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][require]">
-								<p class="description"><small><?php _e( "Require this field to be filled in before the form can be submitted.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+								<p class="description"><small><?php esc_html_e( "Require this field to be filled in before the form can be submitted.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 							</td>
 						</tr>
 						<!-- Visible Toggle -->
 						<tr valign="top" class="yikes-checkbox-container">
 							<td scope="row">
 								<label for="hide-field">
-									<?php _e( 'Hide Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+									<?php esc_html_e( 'Hide Field', 'yikes-inc-easy-mailchimp-extender' ); ?>
 								</label>
 							</td>
 							<td>
 								<input type="checkbox" class="widefat" value="1" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][hide]">
-								<p class="description"><small><?php _e( "Hide this field from being displayed on the front end.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+								<p class="description"><small><?php esc_html_e( "Hide this field from being displayed on the front end.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 							</td>
 						</tr>
 						<!-- Toggle Field Label Visibility -->
 						<tr valign="top" class="yikes-checkbox-container">
 							<td scope="row">
 								<label for="placeholder">
-									<?php _e( 'Hide Label' , 'yikes-inc-easy-mailchimp-extender' ); ?>
+									<?php esc_html_e( 'Hide Label', 'yikes-inc-easy-mailchimp-extender' ); ?>
 								</label>
 							</td>
 							<td>
 								<input type="checkbox" name="field[<?php echo esc_attr( $group['group_id'] ); ?>][hide-label]" value="1" />
-								<p class="description"><small><?php _e( "Toggle field label visibility.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
+								<p class="description"><small><?php esc_html_e( "Toggle field label visibility.", 'yikes-inc-easy-mailchimp-extender' );?></small></p>
 							</td>
 						</tr>
 						<!-- Toggle Buttons -->
@@ -253,8 +253,8 @@
 							</td>
 							<td>
 								<span class="toggle-container">
-									<a href="#" class="hide-field"><?php _e( "Close" , 'yikes-inc-easy-mailchimp-extender' ); ?></a> |
-									<a href="#" class="remove-field" alt="<?php echo esc_attr( $group['group_id'] ); ?>"><?php _e( "Remove Field" , 'yikes-inc-easy-mailchimp-extender' ); ?></a>
+									<a href="#" class="hide-field"><?php esc_html_e( "Close", 'yikes-inc-easy-mailchimp-extender' ); ?></a> |
+									<a href="#" class="remove-field" alt="<?php echo esc_attr( $group['group_id'] ); ?>"><?php esc_html_e( "Remove Field", 'yikes-inc-easy-mailchimp-extender' ); ?></a>
 								</span>
 							</td>
 						</tr>