search

devinsays / portfolio-press

A WordPress theme for artists and designers to showcase their work.
https://wptheming.com/portfolio-theme/
GNU General Public License v2.0
62 stars 30 forks source link

URL Escaping #64

Closed mfields closed 10 years ago

mfields commented 10 years ago

The following src attributes should be escaped with esc_url():

  1. header.php:18: <script src="<?php echo get_template_directory_uri(); ?>/js/html5.js"></script>
  2. header.php:32: <img src="<?php echo of_get_option( 'logo' ); ?>" alt="<?php echo bloginfo( 'name' ) ?>" />
  3. class-tgm-plugin-activation.php:1979: <img alt="" src="' . admin_url( 'images/wpspin_light.gif' )
  4. content-portfolio.php:34: <img src="<?php echo get_template_directory_uri() . '/images/protected-' . $thumbnail . '.gif'; ?>">
  5. content-portfolio.php:39: <img src="<?php echo get_template_directory_uri() . '/images/placeholder-' . $thumbnail . '.gif'; ?>">
  6. portfolio.php:54: <img src="<?php echo get_template_directory_uri() . '/images/protected-' . $thumbnail . '.gif'; ?>">
  7. portfolio.php:59: <img src="<?php echo get_template_directory_uri() . '/images/placeholder-' . $thumbnail . '.gif'; ?>">
  8. full-width-portfolio.php:41: <img src="<?php echo get_template_directory_uri() . '/images/protected-' . $thumbnail . '.gif'; ?>">
  9. full-width-portfolio.php:46: <img src="<?php echo get_template_directory_uri() . '/images/placeholder-' . $thumbnail . '.gif'; ?>">

As well as the following href attributes:

  1. options-functions.php:68: echo '<link rel="shortcut icon" href="'. $favicon .'"/>
  2. class-tgm-plugin-activation.php:2055: <a href="' . admin_url() . '" title="' . __( 'Return to the Dashboard', 'tgmpa' ) . '">
  3. class-tgm-plugin-activation.php:2040: <a href="' . add_query_arg( ... )
  4. class-tgm-plugin-activation.php:1278: admin_url()
  5. class-tgm-plugin-activation.php:1230: add_query_arg( ... )
  6. class-tgm-plugin-activation.php:1209: add_query_arg( ... )
  7. class-tgm-plugin-activation.php:701: add_query_arg( ... )
  8. class-tgm-plugin-activation.php:693: add_query_arg( ... )
  9. class-tgm-plugin-activation.php:689: add_query_arg( ... )
  10. class-tgm-plugin-activation.php:533: add_query_arg( ... )
  11. class-tgm-plugin-activation.php:511: admin_url()
  12. class-tgm-plugin-activation.php:496: add_query_arg( ... )
  13. class-tgm-plugin-activation.php:484: add_query_arg( ... )
  14. header.php:30: home_url()
devinsays commented 10 years ago

Updated everything except items in the class-tgm-plugin-activation library. Will try to get pull requests to them for those.