From c81272d3e2582fc672797858d569ab4b43160557 Mon Sep 17 00:00:00 2001 From: Joe Dolson Date: Tue, 7 Jan 2025 16:07:17 -0600 Subject: [PATCH] Swap direct calls to mc_kses_post for the wp_kses equivalent --- src/includes/widgets/class-my-calendar-mini-widget.php | 4 ++-- .../widgets/class-my-calendar-simple-search.php | 2 +- src/my-calendar-categories.php | 2 +- src/my-calendar-event-manager.php | 2 +- src/my-calendar-iframe.php | 2 +- src/my-calendar-locations.php | 2 +- src/my-calendar-templates.php | 10 +++++----- src/templates/legacy-functions.php | 6 +++--- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/includes/widgets/class-my-calendar-mini-widget.php b/src/includes/widgets/class-my-calendar-mini-widget.php index 1db011d8..144ce1bc 100644 --- a/src/includes/widgets/class-my-calendar-mini-widget.php +++ b/src/includes/widgets/class-my-calendar-mini-widget.php @@ -242,8 +242,8 @@ public function form( $instance ) { * @return array $instance Updated instance. */ public function update( $new_data, $instance ) { - $instance['my_calendar_mini_title'] = mc_kses_post( $new_data['my_calendar_mini_title'] ); - $instance['my_calendar_mini_time'] = mc_kses_post( $new_data['my_calendar_mini_time'] ); + $instance['my_calendar_mini_title'] = wp_kses( $new_data['my_calendar_mini_title'], 'mycalendar' ); + $instance['my_calendar_mini_time'] = wp_kses( $new_data['my_calendar_mini_time'], 'mycalendar' ); $instance['my_calendar_mini_category'] = ( in_array( 'all', (array) $new_data['my_calendar_mini_category'], true ) ) ? array() : $new_data['my_calendar_mini_category']; $instance['above'] = ( isset( $new_data['above'] ) && '' !== $new_data['above'] ) ? $new_data['above'] : 'none'; $instance['mc_link'] = $new_data['mc_link']; diff --git a/src/includes/widgets/class-my-calendar-simple-search.php b/src/includes/widgets/class-my-calendar-simple-search.php index 712667e6..2c5a1ac4 100644 --- a/src/includes/widgets/class-my-calendar-simple-search.php +++ b/src/includes/widgets/class-my-calendar-simple-search.php @@ -88,7 +88,7 @@ public function form( $instance ) { * @return array $instance Updated instance. */ public function update( $new_settings, $instance ) { - $instance['title'] = mc_kses_post( $new_settings['title'] ); + $instance['title'] = wp_kses( $new_settings['title'], 'mycalendar' ); $instance['url'] = esc_url_raw( $new_settings['url'] ); return $instance; diff --git a/src/my-calendar-categories.php b/src/my-calendar-categories.php index 53f6b456..fadaf50a 100644 --- a/src/my-calendar-categories.php +++ b/src/my-calendar-categories.php @@ -375,7 +375,7 @@ function mc_create_category( $category ) { 'category_term' => $term, ); - $add = array_map( 'mc_kses_post', $add ); + $add = array_map( 'wp_kses_post', $add ); /** * Filter data before inserting a new category. * diff --git a/src/my-calendar-event-manager.php b/src/my-calendar-event-manager.php index 9653ae71..a548e42b 100644 --- a/src/my-calendar-event-manager.php +++ b/src/my-calendar-event-manager.php @@ -788,7 +788,7 @@ function mc_list_events() { $col_head .= mc_table_header( __( 'Author', 'my-calendar' ), $sortbydirection, $sortby, '5', $url ); $url = add_query_arg( 'sort', '6', $admin_url ); $col_head .= mc_table_header( __( 'Category', 'my-calendar' ), $sortbydirection, $sortby, '6', $url ); - echo mc_kses_post( $col_head ); + echo wp_kses( $col_head, 'mycalendar' ); ?> diff --git a/src/my-calendar-iframe.php b/src/my-calendar-iframe.php index c8c90a20..d65ba165 100644 --- a/src/my-calendar-iframe.php +++ b/src/my-calendar-iframe.php @@ -62,7 +62,7 @@ function my_calendar_iframe() { $body .= mc_get_event( $mc_id, 'html' ); } } - echo mc_kses_post( $body ); + echo wp_kses( $body, 'mycalendar' ); ?> diff --git a/src/my-calendar-locations.php b/src/my-calendar-locations.php index 7c944734..fc4e60f5 100644 --- a/src/my-calendar-locations.php +++ b/src/my-calendar-locations.php @@ -1398,7 +1398,7 @@ function mc_location_select( $location = false ) { $l .= ' selected="selected"'; } } - $l .= '>' . mc_kses_post( stripslashes( $label ) ) . ''; + $l .= '>' . esc_html( wp_strip_all_tags( wp_unslash( $label ) ) ) . ''; $list .= $l; } diff --git a/src/my-calendar-templates.php b/src/my-calendar-templates.php index 458b0963..2f6e1f8d 100644 --- a/src/my-calendar-templates.php +++ b/src/my-calendar-templates.php @@ -1973,7 +1973,7 @@ function mc_get_template_tag( $event, $key ) { * @param string $key Array key in the tags array for data to fetch. */ function mc_template_tag( $data, $key = 'calendar' ) { - echo mc_kses_post( mc_get_template_tag( $data, $key ) ); + echo wp_kses( mc_get_template_tag( $data, $key ), 'mycalendar' ); } /** @@ -1984,7 +1984,7 @@ function mc_template_tag( $data, $key = 'calendar' ) { */ function mc_template_time( $data, $type = 'calendar' ) { $event = $data->event; - echo mc_kses_post( mc_time_html( $event, $type ) ); + echo wp_kses( mc_time_html( $event, $type ), 'mycalendar' ); } /** @@ -2127,7 +2127,7 @@ function mc_template_description( $data, $type = 'calendar' ) { $description = ''; if ( mc_output_is_visible( 'description', $type, $event ) ) { if ( '' !== trim( $event->event_desc ) ) { - $description = wpautop( stripcslashes( mc_kses_post( $event->event_desc ) ), 1 ); + $description = wpautop( wp_unslash( $event->event_desc ), 1 ); $description = "
$description
"; } } @@ -2145,7 +2145,7 @@ function mc_template_registration( $data, $type = 'calendar' ) { $event = $data->event; $tickets = ''; if ( mc_output_is_visible( 'tickets', $type, $event ) ) { - $info = wpautop( stripcslashes( mc_kses_post( $event->event_registration ) ) ); + $info = wpautop( wp_unslash( $event->event_registration ) ); $url = esc_url( $event->event_tickets ); $external = ( $url && mc_external_link( $url ) ) ? 'external' : ''; $text = ( '' !== mc_get_option( 'buy_tickets', '' ) ) ? mc_get_option( 'buy_tickets' ) : __( 'Buy Tickets', 'my-calendar' ); @@ -2169,7 +2169,7 @@ function mc_template_excerpt( $data, $type = 'calendar' ) { $short = ''; if ( mc_output_is_visible( 'excerpt', $type, $event ) ) { if ( '' !== trim( $event->event_short ) ) { - $short = wpautop( stripcslashes( mc_kses_post( $event->event_short ) ), 1 ); + $short = wpautop( wp_unslash( $event->event_short ), 1 ); $short = "
$short
"; } } diff --git a/src/templates/legacy-functions.php b/src/templates/legacy-functions.php index 1ff6e22e..eeb1a6aa 100644 --- a/src/templates/legacy-functions.php +++ b/src/templates/legacy-functions.php @@ -223,13 +223,13 @@ function mc_legacy_template_draw_event( $event, $type, $process_date, $time, $te if ( 'true' === $display_desc || mc_output_is_visible( 'description', $type, $event ) ) { if ( '' !== trim( $event->event_desc ) ) { - $description = wpautop( stripcslashes( mc_kses_post( $event->event_desc ) ), 1 ); + $description = wpautop( wp_kses( wp_unslash( $event->event_desc ), 'mycalendar' ), 1 ); $description = "
$description
"; } } if ( 'true' === $display_reg || mc_output_is_visible( 'tickets', $type, $event ) ) { - $info = wpautop( stripcslashes( mc_kses_post( $event->event_registration ) ) ); + $info = wpautop( wp_kses( wp_unslash( $event->event_registration ), 'mycalendar' ), 1 ); $url = esc_url( $event->event_tickets ); $external = ( $url && mc_external_link( $url ) ) ? 'external' : ''; $text = ( '' !== mc_get_option( 'buy_tickets', '' ) ) ? mc_get_option( 'buy_tickets' ) : __( 'Buy Tickets', 'my-calendar' ); @@ -243,7 +243,7 @@ function mc_legacy_template_draw_event( $event, $type, $process_date, $time, $te if ( 'true' === $display_short || mc_output_is_visible( 'excerpt', $type, $event ) ) { if ( '' !== trim( $event->event_short ) ) { - $short = wpautop( stripcslashes( mc_kses_post( $event->event_short ) ), 1 ); + $short = wpautop( wp_kses( wp_unslash( $event->event_short ), 'mycalendar' ), 1 ); $short = "
$short
"; } }