Merge pull request #31 from marcissimus/theme_check_esc

Theme Check: Escape URLs used in attributes
sayontan · Feb 21, 2022 · 4efe9ed · 4efe9ed
2 parents 8f8a0e1 + 8b4bd7f
commit 4efe9ed
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 8 deletions.
diff --git a/code/functions/actions.php b/code/functions/actions.php
@@ -900,7 +900,7 @@ function suffusion_template_specific_header() {
 			<header class='post-header'>
 				<h2 class='posttitle'><?php $title = wp_title(':', false); $title = trim($title); if (substr($title, 0, 1) == ':') { $title = substr($title, 1);} echo $title; ?></h2>
 			</header>
-			<form method="get" action="<?php echo home_url(); ?>/" class='search-info' id='search-info'>
+			<form method="get" action="<?php echo esc_url( home_url( '/' ) ); ?>/" class='search-info' id='search-info'>
 				<input class="search-hl checkbox" name="search-hl" id="search-hl" type="checkbox"/>
 				<label class='search-hl' for='search-hl'><?php _e('Highlight matching results below', 'suffusion');?></label>
 				<input type='hidden' name='search-term' id='search-term' value="<?php $search_term = get_search_query(); echo esc_attr($search_term);?>"/>

diff --git a/code/header.php b/code/header.php
@@ -39,7 +39,7 @@
 	}
 ?>
 	<!--[if lt IE 9]>
-	<script src="<?php echo get_template_directory_uri(); ?>/scripts/html5.js" type="text/javascript"></script>
+	<script src="<?php echo esc_url(get_template_directory_uri()); ?>/scripts/html5.js" type="text/javascript"></script>
 	<![endif]-->
 <?php
 	global $suf_cpt_layouts, $suffusion_cpt_layouts;

diff --git a/code/now-reading/single.php b/code/now-reading/single.php
@@ -33,7 +33,7 @@
 
 			<div class="rating">
 				Rating: <?php echo book_rating(false); ?>
-<!--				<img src="<?php echo get_template_directory_uri(); ?>/images/<?php book_rating() ?>.png" height="20px" title="Rating: <?php book_rating()?>" alt="Rating: <?php book_rating()?>" />-->
+<!--				<img src="<?php echo esc_url(get_template_directory_uri()); ?>/images/<?php book_rating() ?>.png" height="20px" title="Rating: <?php book_rating()?>" alt="Rating: <?php book_rating()?>" />-->
 			</div>
 <?php
 		if( can_now_reading_admin() ) {

diff --git a/code/searchform.php b/code/searchform.php
@@ -15,7 +15,7 @@
 }
 ?>
 
-<form method="get" class="searchform <?php echo $collapse; ?>" action="<?php echo home_url(); ?>/">
+<form method="get" class="searchform <?php echo $collapse; ?>" action="<?php echo esc_url( home_url( '/' ) ); ?>/">
 	<input type="text" name="s" class="searchfield"
 <?php
 	if ($collapse == '') {

diff --git a/code/widgets/suffusion-subscription.php b/code/widgets/suffusion-subscription.php
@@ -176,7 +176,7 @@ function form($instance) {
 <?php
             foreach($icon_type_suffixes as $icon_type_suffix) {
 ?>
-            <div class="suf-radio-block"><input type="radio" name="<?php echo $this->get_field_name($icon_type.'_icon'); ?>" value="<?php echo $icon_type."-".$icon_type_suffix; ?>" <?php checked($icon_type."-".$icon_type_suffix, $icon); ?> /><img src="<?php echo get_template_directory_uri(); ?>/images/follow/<?php echo $icon_type."-".$icon_type_suffix; ?>.png" alt="<?php echo $icon_type."-".$icon_type_suffix; ?>"/></div>
+            <div class="suf-radio-block"><input type="radio" name="<?php echo $this->get_field_name($icon_type.'_icon'); ?>" value="<?php echo $icon_type."-".$icon_type_suffix; ?>" <?php checked($icon_type."-".$icon_type_suffix, $icon); ?> /><img src="<?php echo esc_url(get_template_directory_uri()); ?>/images/follow/<?php echo $icon_type."-".$icon_type_suffix; ?>.png" alt="<?php echo $icon_type."-".$icon_type_suffix; ?>"/></div>
 <?php
             }
 ?>
@@ -202,7 +202,7 @@ function form($instance) {
 <?php
             foreach($icon_type_suffixes as $icon_type_suffix) {
 ?>
-            <div class="suf-radio-block"><input type="radio" name="<?php echo $this->get_field_name($icon_type.'_icon'); ?>" value="<?php echo $icon_type."-".$icon_type_suffix; ?>" <?php checked($icon_type."-".$icon_type_suffix, $icon); ?> /><img src="<?php echo get_template_directory_uri(); ?>/images/follow/<?php echo $icon_type."-".$icon_type_suffix; ?>.png" alt="<?php echo $icon_type."-".$icon_type_suffix; ?>"/></div>
+            <div class="suf-radio-block"><input type="radio" name="<?php echo $this->get_field_name($icon_type.'_icon'); ?>" value="<?php echo $icon_type."-".$icon_type_suffix; ?>" <?php checked($icon_type."-".$icon_type_suffix, $icon); ?> /><img src="<?php echo esc_url(get_template_directory_uri()); ?>/images/follow/<?php echo $icon_type."-".$icon_type_suffix; ?>.png" alt="<?php echo $icon_type."-".$icon_type_suffix; ?>"/></div>
 <?php
             }
 ?>

diff --git a/code/widgets/suffusion-twitter.php b/code/widgets/suffusion-twitter.php
@@ -47,7 +47,7 @@ function widget( $args, $instance ) {
 <?php
 			if ($show_icon) {
 ?>
-		<img src="<?php echo get_template_directory_uri(); ?>/images/twitter/<?php echo $icon;?>-big.png" alt="Twitter" height="<?php echo $icon_height;?>" width="<?php echo $icon_height;?>"/>
+		<img src="<?php echo esc_url(get_template_directory_uri()); ?>/images/twitter/<?php echo $icon;?>-big.png" alt="Twitter" height="<?php echo $icon_height;?>" width="<?php echo $icon_height;?>"/>
 <?php
 			}
 
@@ -331,7 +331,7 @@ function form($instance) {
 <?php
 		for ($i = 0; $i < 10; $i++) {
 ?>
-			<span><input type="radio" name="<?php echo $this->get_field_name('icon'); ?>" value="twitter-0<?php echo $i; ?>" <?php checked("twitter-0$i", $icon); ?>/><img src="<?php echo get_template_directory_uri(); ?>/images/twitter/twitter-0<?php echo $i; ?>.png" alt="Twitter 0<?php echo $i; ?>"/></span>
+			<span><input type="radio" name="<?php echo $this->get_field_name('icon'); ?>" value="twitter-0<?php echo $i; ?>" <?php checked("twitter-0$i", $icon); ?>/><img src="<?php echo esc_url(get_template_directory_uri()); ?>/images/twitter/twitter-0<?php echo $i; ?>.png" alt="Twitter 0<?php echo $i; ?>"/></span>
 <?php
 		}
 ?>