From dc3cd48dccb441d3af251fd73db9403068bb5054 Mon Sep 17 00:00:00 2001 From: Paul Schreiber Date: Tue, 18 Nov 2014 12:11:41 -0500 Subject: [PATCH 1/2] escape literal $ in string in admin_table_row() --- mathjax-latex-admin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mathjax-latex-admin.php b/mathjax-latex-admin.php index a42698f..fbdcdd8 100644 --- a/mathjax-latex-admin.php +++ b/mathjax-latex-admin.php @@ -80,7 +80,7 @@ function plugin_options_menu() { $use_wp_latex_syntax = get_option( 'kblog_mathjax_use_wplatex_syntax', false ) ? "checked='true'" : ''; $this->admin_table_row( 'Use wp-latex syntax?', - "Allows use of the $latex$ syntax, but conflicts with wp-latex. $wp_latex_disabled_warning", + "Allows use of the \$latex$ syntax, but conflicts with wp-latex. $wp_latex_disabled_warning", "", 'kblog_mathjax_use_wplatex_syntax' ); From 3fa4b3763090a6d293b3419c1ccb7f2497f70f82 Mon Sep 17 00:00:00 2001 From: Paul Schreiber Date: Thu, 20 Nov 2014 13:20:20 -0500 Subject: [PATCH 2/2] add late escaping to admin_table_row(), per VIP --- mathjax-latex-admin.php | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) diff --git a/mathjax-latex-admin.php b/mathjax-latex-admin.php index fbdcdd8..21ad63f 100644 --- a/mathjax-latex-admin.php +++ b/mathjax-latex-admin.php @@ -21,6 +21,25 @@ class MathJax_Latex_Admin { + static $admin_tags = array( + 'input' => array( + 'type' => array(), + 'name' => array(), + 'id' => array(), + 'disabled' => array(), + 'value' => array(), + 'checked' => array(), + ), + 'select' => array( + 'name' => array(), + 'id' => array(), + ), + 'option' => array( + 'value' => array(), + 'selected' => array(), + ), + ); + function __construct() { add_action( 'admin_menu', array( $this, 'admin_page_init' ) ); } @@ -198,17 +217,17 @@ function table_foot() { } function admin_table_row( $head, $comment, $input, $input_id ) { - echo << + ?> + - + - $input -

$comment

+ +

-EOT; +