Doug Stewart avatar Doug Stewart committed c2c7782

esc_html() added to <input type=text> and <textarea> fields in admin interface, as per WPTRT.

Comments (0)

Files changed (2)

 		* Post date changed to use permalink as well as post title to account for posts without a title
 		* Images explicitly noted as GPLv2
 		* Dual setting of `$content_width` removed
+		* Theme options changed to use recommended `checked()` and `selected()` syntax
+		* Required header, list and table formatting applied
 * Version 1.1.1
 	* **Issues Fixed**
 		* Updated to fix 'native' bug in upstream `bbp_twentyten` (ref. [rev. 3331](http://bbpress.trac.wordpress.org/changeset/3331))
 ### KNOWN ISSUES ###
 * Version 1.1.1 aka "The Theme Review One" (taken from the [initial theme review](http://themes.trac.wordpress.org/ticket/4336#comment:3))
 	* <del>Posts with no titles must still include a permalink to the single post view. The recommended practice is to place the permalink on the post date as well.</del>
-	* You must provide styling for heading elements (&lt;h2&gt; - &lt;h6&gt;), blockquotes, tables, definition lists, ordered lists and unordered lists.
+	* <del>You must provide styling for heading elements (&lt;h2&gt; - &lt;h6&gt;), blockquotes, tables, definition lists, ordered lists and unordered lists.</del>
 	* Captioned images must be properly aligned.
 	* Floated elements must be properly cleared.
 	* Check your styling of comments, particularly nested comments.
 	* <del>The use of `$_SERVER['PHP_SELF']` in forms is discouraged as it presents a security risk.</del>
 	* <del>All custom functions and global variables must be prefixed with the theme slug or an appropriate variant.</del>
 	* All data must be sanitized and validated before saving to the database and properly escaped when outputting to forms.
-	* Themes are required to use checked() and selected() for checkbox and select options in forms respectively.
+	* <del>Themes are required to use checked() and selected() for checkbox and select options in forms respectively.</del>
 	* <del>`( ! isset( $content_width ) ) $content_width = '640';` entered twice in `includes/supports.php`.</del>
 	* <del>Please note the license being used for your header images in the readme. They must be GPL-compatible.</del>
 * Version 1.0

includes/functions/admin.php

 			add_settings_field( $key, $value['name'], '', $lblg_options_group, $section );
 			lblg_option_wrapper_header( $value );
 			?>
-			        <input name="<?php echo $lblg_options_group . '[' . $key . ']'; ?>" id="<?php echo $key; ?>" type="<?php echo $value['type']; ?>" value="<?php if( "" != $options[$key] ) { echo $options[$key]; } else { echo $value['std']; } ?>" />
+			        <input name="<?php echo $lblg_options_group . '[' . $key . ']'; ?>" id="<?php echo $key; ?>" type="<?php echo $value['type']; ?>" value="<?php if( "" != $options[$key] ) { echo esc_html( $options[$key] ); } else { echo $value['std']; } ?>" />
 			<?php
 			lblg_option_wrapper_footer( $value );
 			break;
 						<?php 
 							if( $value['options'] === array_values($value['options'])){
 								foreach ( $value['options'] as $option) { 
-									//$selected = ( ($option == $lblg_options[$key]) ? ' selected="selected"' : '' );
 									echo "<option" . selected( $option, $lblg_options[$key], false ) . ">$option</option>\n";
 								}
 							} else {
 								foreach ( $value['options'] as $key => $value ) { 
-									//$selected = ( ($option == $lblg_options[$key]) ? ' selected="selected"' : '' );
 									echo "<option value=\"$key\"" . selected( $option, $lblg_options[$key], false ) .">$option</option>\n";
 								}							
 							}
 			$ta_options = $value['options'];
 			lblg_option_wrapper_header( $value );
 			?>
-					<textarea name="<?php echo $lblg_options_group . '[' . $key . ']'; ?>" id="<?php echo $key; ?>" cols="<?php echo $ta_options['cols']; ?>" rows="<?php echo $ta_options['rows']; ?>"><?php echo $lblg_options[$key]; ?></textarea>
+					<textarea name="<?php echo $lblg_options_group . '[' . $key . ']'; ?>" id="<?php echo $key; ?>" cols="<?php echo $ta_options['cols']; ?>" rows="<?php echo $ta_options['rows']; ?>"><?php echo esc_html( $lblg_options[$key] ); ?></textarea>
 			<?php
 			lblg_option_wrapper_footer( $value );
 			break;
 			if( $value['options'] === array_values($value['options'])){
 		 		foreach ( $value['options'] as $option ) {
 						$radio_setting = $lblg_options[$key];
-						//$checked = (( $option == $lblg_options[$key]) ? ' checked="checked"' : '' );
 						$tmp_name = $lblg_options_group . '['. $key . ']';
 			    		echo "<input type=\"radio\" name=\"$tmp_name\" value=\"$option\"" . checked( $option, $lblg_options[$key], false ) . " />$option<br />\n";
 				}
 			} else {
 		 		foreach ( $value['options'] as $opt_key => $opt_value ) {
 						$radio_setting = $lblg_options[$key];
-						//$checked = (( $opt_key == $lblg_options[$key]) ? ' checked="checked"' : '' );
 						$tmp_name = $lblg_options_group . '['. $key . ']';
 			    		echo "<input type=\"radio\" name=\"$tmp_name\" value=\"$opt_key\"" . checked( $opt_key, $lblg_options[$key], false ) . " />$opt_value<br />\n";
 				}
 			case "checkbox":
 			add_settings_field( $key, $value['name'], '', $lblg_options_group, $section );
 			lblg_option_wrapper_header( $value );
-			
-			//$checked = (( 'true' == $lblg_options[$key]) ? ' checked="checked"' : '' );
+
 			$tmp_name = $lblg_options_group . '['. $key . ']';
 			echo "<input type=\"checkbox\" name=\"$tmp_name\" id=\"$key\" value=\"1\"" . checked( $lblg_options[$key], 1, false ) . " />\n";
 
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.