As the plugin is being used on the WordPress.com VIP platform, we have noticed some minor escaping issues while doing code review of the plugin. This commit is fixing the escaping related issues in order to make sure we don't have to patch the plugin for our clients on the platform.
In some cases, there is esc_html used for escaping HTML attribute (esc_attr should be used instead).
In other cases, an escaping function is missing altogether.
*Not all URLs are being properly escaped. This commit is adding esc_url everywhere, where valid URL is expected.
This PR also contains one PHPCS related comment - // Override ok. which assures PHPCS that the override of a global variable is okay.
As the plugin is being used on the WordPress.com VIP platform, we have noticed some minor escaping issues while doing code review of the plugin. This commit is fixing the escaping related issues in order to make sure we don't have to patch the plugin for our clients on the platform.
In some cases, there is
esc_htmlused for escaping HTML attribute (esc_attrshould be used instead). In other cases, an escaping function is missing altogether. *Not all URLs are being properly escaped. This commit is addingesc_urleverywhere, where valid URL is expected.This PR also contains one PHPCS related comment -
// Override ok.which assures PHPCS that the override of a global variable is okay.