Open rcass opened 6 years ago
hey rose, just to be clear, am i to wrap both the CFS calls and echos? i'm not sure exactly which to use the esc_ functions. for example, in about.php we have carousels present with echos. will those need to be wrapped as well?
The escape function doesn't have to wrap the echo.
Basically it will look something like this:
<?php echo esc_html( CFS()->get( 'price' ) ); ?>
basically anytime there is a <?php echo CFS()->get( 'price' ) ?>
it should be turned into <?php echo esc_html( CFS()->get( 'price' ) ); ?>
ah i see. so i can leave the lone echos alone and focus on the CFS gets then. i wasn't too sure about that after going through the documentation. thanks for clearing that up!
sorry rose, i'm unsure about one thing.
do the CFS gets need to contain an echo?
should i be wrapping them in escaping functions if they don't have an echo? e.g. $carousels = CFS()->get( 'about_carousel' );
wrap only the gets containing an echo?
also, there are a few CFS gets for the forms, e.g. <?php echo CFS()->get( 'form_title' ); ?> <?php echo CFS()->get( 'apply_here' ); ?>
i'm having issues wrapping these. tried html, textarea, and attr.
hmmm, ya... whenever i attempt to wrap the CFS gets it just displays the content you'd see in the wysiwig.
i input this:
<?php echo esc_html( CFS()->get( 'volunteer_perks_content' ) ); ?>
this displays:
any suggestions? sorry so many messages!
In your theme php files, remember to use escaping functions such as esc_html as a security standard (we want to make sure we are outputting what we think we are outputting). There is more about this in the security lesson slides as well!