justintadlock
commented
7 years ago The following is a list of all remaining escaping issues I could find. I tried to rule out as many false-positives as I could.
The list is organized by file name and line number. Next to each line number, you should see the variable, function, etc. that should be escaped.
customizer/customizer-controls.php
- 117 -
$this->settings['default']->id - 147 -
$this->id - 157 -
$this->data['selection'] - 172 -
$this->data['type'] - 214 -
$optionsVar - 221 -
$optionsVar - 221 -
$item - 227 -
$optionsVar - 227 -
$item['id'] - 229 -
$item['thumb'] - 233 -
$item['id'] - 237 -
$item['id'] - 238 -
$this->data['insertText'] - 244 -
$item['preview'] - 248 -
$item['description'] - 297 -
$value - 348 -
$value
inc/functions.php
- 317 -
get_bloginfo('pingback_url')
inc/header-options/background-options/header-separator.php
- 306 -
$separator
inc/header-options/background-options/overlay-types/gradient-overlay.php
- 55 -
$gradient
inc/header-options/background-options/overlay-types/shapes-overlay.php
- 110 -
$selector {background:$value}
inc/header-options/content-options/buttons.php
- 164 -
$target - 164 -
$class - 166 -
$target - 166 -
$class
inc/header-options/content-options/subtitle.php
- 86 -
$subtitle
inc/header-options/content-options/title.php
- 85 -
$title
inc/header-options/navigation-options/nav-bar.php
- 148 -
$key - 148 -
$value
inc/header-options/navigation-options/top-bar/content-types/social-icons.php
- 159 -
$preview_atts
inc/header-options/navigation-options/top-bar.php
- 64 -
$header_top_bar_class
inc/templates-functions.php
- 134 -
get_bloginfo('name') - 136 -
get_bloginfo('name') - 146 -
$align - 287 -
$color
This is just an general escaping ticket. I'll continue posting here as I continue on with the review.
The following is a list of file names, followed by line numbers and variables, where escaping is needed.
inc/functions.php
$stings[0]$words[$i]