WP_PLUGIN/POST_ORDER_BY_ARCHIVE
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

WP PLUGIN 申請指摘事項の再修正

Browse Source 
・echoのエスケープ
・メソッドの変数をエスケープ
This commit is contained in:
nobu
2021-06-18 09:50:16 +09:00
parent 00d6775f77
commit 28c02ebce2
4 changed files with 51 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
class/class.apop.apop_ui.php
+31 -31
View File
@@ -25,9 +25,9 @@ if ( ! class_exists( 'APOP_UI' ) ) {
foreach ( $posts_data as $i => $post_data ) { foreach ( $posts_data as $i => $post_data ) {
$order = $i + 1; $order = $i + 1;
$no_order = self::is_sort_post_registered( $post_data->ID, $meta_key ) ? '' : ' no_order'; $no_order = self::is_sort_post_registered( $post_data->ID, $meta_key ) ? '' : ' no_order';
$list[] = '<li class="product-list' . $no_order . '">' . self::crate_non_registerd_mark( $no_order ) . ' $list[] = '<li class="product-list' . esc_html( $no_order ) . '">' . esc_html( self::crate_non_registerd_mark( $no_order ) ) . '
<span class="sort-num-label">' . $order . '</span>' . $post_data->post_title . ' <span class="sort-num-label">' . esc_html( $order ) . '</span>' . esc_html( $post_data->post_title ) . '
<input type="hidden" class="list_order" name="_apop_post_' . $key . '[post_sort][' . $post_data->ID . ']" value="' . $order . '"> <input type="hidden" class="list_order" name="_apop_post_' . esc_html( $key ) . '[post_sort][' . esc_html( $post_data->ID ) . ']" value="' . esc_html( $order ) . '">
</li>'; </li>';
} }
@@ -142,10 +142,11 @@ if ( ! class_exists( 'APOP_UI' ) ) {
$sort_num = $key + 1; $sort_num = $key + 1;
$no_order = self::is_sort_post_registered( $target_post->ID, $return_data['meta_key'] ) ? '' : ' no_order'; $no_order = self::is_sort_post_registered( $target_post->ID, $return_data['meta_key'] ) ? '' : ' no_order';
$list[] = ' $list[] = '
<li class="product-list' . $no_order . '">' . self::crate_non_registerd_mark( $no_order ) . '<span class="sort-num-label">' . $sort_num . '</span>' . get_the_title( $target_post->ID ) . ' <li class="product-list' . esc_html( $no_order ) . '">' . esc_html( self::crate_non_registerd_mark( $no_order ) )
. '<span class="sort-num-label">' . esc_html( $sort_num ) . '</span>' . get_the_title( $target_post->ID ) . '
<input type="hidden" class="list_order" <input type="hidden" class="list_order"
name="_apop_post_' . self::create_post_sort_key( $tax_data->taxonomy, $tax_key ) . '[post_sort][' . $tax_data->term_id . '][' . $target_post->ID . ']" name="_apop_post_' . esc_html( self::create_post_sort_key( $tax_data->taxonomy, $tax_key ) ) . '[post_sort][' . esc_html( $tax_data->term_id ) . '][' . esc_html( $target_post->ID ) . ']"
value="' . $sort_num . '"> value="' . esc_html( $sort_num ) . '">
</li>'; </li>';
} }
@@ -243,7 +244,7 @@ value="' . $sort_num . '">
if ( count( $tax_data ) > 0 ) { if ( count( $tax_data ) > 0 ) {
$order_name = $order_name; $order_name = $order_name;
$order_tax = $key == 'post_tag' ? 'tag' : $key; $order_tax = $key == 'post_tag' ? 'tag' : $key;
echo '<tr><th scope="row">' . $title . '設定</th><td>'; echo '<tr><th scope="row">' . esc_html( $title ) . '設定</th><td>';
include APOP_PLUGIN_PATH . 'template/setting_parts_taxonomy.php'; include APOP_PLUGIN_PATH . 'template/setting_parts_taxonomy.php';
echo '</td></tr>'; echo '</td></tr>';
} }
@@ -300,6 +301,8 @@ value="' . $sort_num . '">
$alert = $cnv_order_params['alert']; $alert = $cnv_order_params['alert'];
$no_order_class = $cnv_order_params['no_order_class']; $no_order_class = $cnv_order_params['no_order_class'];
$field_metakey_input = ''; $field_metakey_input = '';
$name_use_key = '_' . $name_key . '[' . $target_key . '][use]';
$name_sort_key = '_' . $name_key . '[' . $target_key . '][ sort ]';
if ( strpos( $target_key, 'custom_field' ) !== false ) { if ( strpos( $target_key, 'custom_field' ) !== false ) {
$meta_key = $cnv_order_params[ $target_key ]['meta_key']; $meta_key = $cnv_order_params[ $target_key ]['meta_key'];
$value_type = $cnv_order_params[ $target_key ]['value_type']; $value_type = $cnv_order_params[ $target_key ]['value_type'];
@@ -308,21 +311,23 @@ value="' . $sort_num . '">
} else { } else {
$target_key_check_class = 'sort_' . $target_key . '_check'; $target_key_check_class = 'sort_' . $target_key . '_check';
} }
$list[] = '<li class="product-list' . $no_order_class . '"> $list[] = '<li class="product-list' . esc_html( $no_order_class ) . '">
<div class="product-list-type-label"><b>' . $target_values[ $target_key ] . '</b></div> <div class="product-list-type-label"><b>' . esc_html( $target_values[ $target_key ] ) . '</b></div>
<div class="product-list-sort-type"> <div class="product-list-sort-type">
<label> <label>
<input type="hidden" name="_' . $name_key . '[' . $target_key . '][use]" value="0"' . self::set_search_normal_checked( $use, 0 ) . '> <input type="hidden" name="' . esc_html( $name_use_key ) . '"
<span class="en_dis_label">有効</span><input class="' . $target_key_check_class . '" type="checkbox" name="_' . $name_key . '[' . $target_key . '][use]" value="1"' . self::set_search_normal_checked( $use, 1 ) . '> value="0"' . esc_html( self::set_search_normal_checked( $use, 0 ) ) . '>
<span class="en_dis_label">有効</span><input class="' . esc_html( $target_key_check_class ) . '"
type="checkbox" name="' . esc_html( $name_use_key ) . '" value="1"' . esc_html( self::set_search_normal_checked( $use, 1 ) ) . '>
</label> </label>
<label> <label>
<input class="order_param" type="radio" <input class="order_param" type="radio"
name="_' . $name_key . '[' . $target_key . '][sort]" name="' . esc_html( $name_sort_key ) . '"
value="1"' . self::set_search_normal_checked( $sort, 1 ) . '>昇順</label> value="1"' . esc_html( self::set_search_normal_checked( $sort, 1 ) ) . '>昇順</label>
<label> <label>
<input class="order_param" type="radio" <input class="order_param" type="radio"
name="_' . $name_key . '[' . $target_key . '][sort]" name="' . esc_html( $name_sort_key ) . '"
value="2"' . self::set_search_normal_checked( $sort, 2 ) . '>降順</label> value="2"' . esc_html( self::set_search_normal_checked( $sort, 2 ) ) . '>降順</label>
' . $field_metakey_input . ' ' . $field_metakey_input . '
</div> </div>
</li>'; </li>';
@@ -330,25 +335,28 @@ value="' . $sort_num . '">
return array( return array(
implode( PHP_EOL, $list ), implode( PHP_EOL, $list ),
$alert $alert,
); );
} }
private static function create_custom_field_sort_type( $name_key, $target_key, $meta_key, $value_type ): string { private static function create_custom_field_sort_type( $name_key, $target_key, $meta_key, $value_type ): string {
$name_meta_key = '_' . $name_key . '[' . $target_key . '][field][meta_key]';
$name_value_type = '_' . $name_key . '[' . $target_key . '][field][value_type]';
return '<div class="sort_custom_field"> return '<div class="sort_custom_field">
<div class="sort_custom_field_inner"><div class="sort_custom_field_inner_label">カスタムフィールドキー:</div> <div class="sort_custom_field_inner"><div class="sort_custom_field_inner_label">カスタムフィールドキー:</div>
<input type="text" class="custom_field_key" name="_' . $name_key . '[' . $target_key . '][field][meta_key]" value="' . $meta_key . '"> <input type="text" class="custom_field_key" name="' . esc_html( $name_meta_key ) . '" value="' . esc_html( $meta_key ) . '">
</div> </div>
<div class="sort_custom_field_inner"> <div class="sort_custom_field_inner">
<div class="sort_custom_field_inner_label">値タイプ:</div> <div class="sort_custom_field_inner_label">値タイプ:</div>
<label><input type="radio" <label><input type="radio"
class="custom_field_meta_value" class="custom_field_meta_value"
name="_' . $name_key . '[' . $target_key . '][field][value_type]" name="' . esc_html( $name_value_type ) . '"
value="meta_value"' . self::set_search_normal_checked( $value_type, 'meta_value' ) . '>テキスト</label> value="meta_value"' . esc_html( self::set_search_normal_checked( $value_type, 'meta_value' ) ) . '>テキスト</label>
<label><input type="radio" <label><input type="radio"
class="custom_field_meta_value" class="custom_field_meta_value"
name="_' . $name_key . '[' . $target_key . '][field][value_type]" name="' . esc_html( $name_value_type ) . '"
value="meta_value_num"' . self::set_search_normal_checked( $value_type, 'meta_value_num' ) . '>数値</label> value="meta_value_num"' . esc_html( self::set_search_normal_checked( $value_type, 'meta_value_num' ) ) . '>数値</label>
</div> </div>
</div>'; </div>';
} }
@@ -358,7 +366,7 @@ value="meta_value_num"' . self::set_search_normal_checked( $value_type, 'meta_va
$param = array( $param = array(
'use' => 0, 'use' => 0,
'sort' => 2, 'sort' => 2,
'alert' => '<p>並べ替えを登録するには「変更を保存」をクリックしてください。</p>', 'alert' => '並べ替えを登録するには「変更を保存」をクリックしてください。',
'no_order_class' => ' no_order', 'no_order_class' => ' no_order',
); );
if ( strpos( $target_key, 'custom_field' ) !== false ) { if ( strpos( $target_key, 'custom_field' ) !== false ) {
@@ -372,7 +380,7 @@ value="meta_value_num"' . self::set_search_normal_checked( $value_type, 'meta_va
$param = array( $param = array(
'use' => $order_param[ $target_key ]['use'] ?? 0, 'use' => $order_param[ $target_key ]['use'] ?? 0,
'sort' => $order_param[ $target_key ]['sort'] ?? 2, 'sort' => $order_param[ $target_key ]['sort'] ?? 2,
'alert' => ! $order_param[ $target_key ]['use'] ? '<p>並べ替えを登録するには「変更を保存」をクリックしてください。</p>' : '', 'alert' => ! $order_param[ $target_key ]['use'] ? '並べ替えを登録するには「変更を保存」をクリックしてください。' : '',
'no_order_class' => ! $order_param[ $target_key ]['use'] ? ' no_order' : '', 'no_order_class' => ! $order_param[ $target_key ]['use'] ? ' no_order' : '',
); );
if ( strpos( $target_key, 'custom_field' ) !== false ) { if ( strpos( $target_key, 'custom_field' ) !== false ) {
@@ -446,13 +454,5 @@ value="meta_value_num"' . self::set_search_normal_checked( $value_type, 'meta_va
} }
} }
public static function create_none_select_msg( $str ): string {
return '<p class="no_registered_exp">並べ替えをカスタマイズする' . $str . 'は選択されていません。</p>';
}
public static function none_registered_alert_msg(): string {
return '<div class="no_registered_exp">&#9632;は未登録項目です。ドラッグして並び順を変更後に「変更を保存」をクリックしてください。</div>';
}
} }
} }
template/order.php
+6 -5
View File
@@ -15,7 +15,8 @@ $submit_type = APOP_UI::input_post_filter( 'apop_submit_type', 'str' );
<div class="post-order-box-outer"> <div class="post-order-box-outer">
<form action="" method="post"> <form action="" method="post">
<?php wp_nonce_field( 'sh_options' ); ?> <?php wp_nonce_field( 'sh_options' ); ?>
<input id="apop_submit_type" type="hidden" name="apop_submit_type" value="<?php echo $submit_type; ?>"> <input id="apop_submit_type" type="hidden" name="apop_submit_type"
value="<?php echo esc_html( $submit_type ); ?>">
<div class="post-order-box"> <div class="post-order-box">
<div class="list-orders-outer"> <div class="list-orders-outer">
<div class="list-orders-inner"> <div class="list-orders-inner">
@@ -28,7 +29,7 @@ $submit_type = APOP_UI::input_post_filter( 'apop_submit_type', 'str' );
<hr> <hr>
<div class="sort_box"> <div class="sort_box">
<?php list( $list, $alert) = APOP_UI::create_search_normal_list( 'normal' ); ?> <?php list( $list, $alert) = APOP_UI::create_search_normal_list( 'normal' ); ?>
<?php echo $alert; ?> <p><?php echo esc_html( $alert ); ?></p>
<div class="enable_box"> <div class="enable_box">
<h4>有効</h4> <h4>有効</h4>
<ul class="post-order-list search_normal_sort"> <ul class="post-order-list search_normal_sort">
@@ -41,7 +42,7 @@ $submit_type = APOP_UI::input_post_filter( 'apop_submit_type', 'str' );
</div> </div>
</div> </div>
<div class="sort_box"> <div class="sort_box">
<?php echo APOP_UI::none_registered_alert_msg(); ?> <div class="no_registered_exp">&#9632;は未登録項目です。ドラッグして並び順を変更後に「変更を保存」をクリックしてください。</div>
<ul class="post-order-list drag_sort"> <ul class="post-order-list drag_sort">
<?php echo APOP_UI::get_all_search_normal_posts( 'normal' ); ?> <?php echo APOP_UI::get_all_search_normal_posts( 'normal' ); ?>
</ul> </ul>
@@ -61,7 +62,7 @@ $submit_type = APOP_UI::input_post_filter( 'apop_submit_type', 'str' );
<hr> <hr>
<div class="sort_box"> <div class="sort_box">
<?php list( $list, $alert) = APOP_UI::create_search_normal_list( 'search' ); ?> <?php list( $list, $alert) = APOP_UI::create_search_normal_list( 'search' ); ?>
<?php echo $alert; ?> <p><?php echo esc_html( $alert ); ?></p>
<div class="enable_box"> <div class="enable_box">
<h4>有効</h4> <h4>有効</h4>
<ul class="post-order-list search_normal_sort"> <ul class="post-order-list search_normal_sort">
@@ -74,7 +75,7 @@ $submit_type = APOP_UI::input_post_filter( 'apop_submit_type', 'str' );
</div> </div>
</div> </div>
<div class="sort_box"> <div class="sort_box">
<?php echo APOP_UI::none_registered_alert_msg(); ?> <div class="no_registered_exp">&#9632;は未登録項目です。ドラッグして並び順を変更後に「変更を保存」をクリックしてください。</div>
<ul class="post-order-list drag_sort"> <ul class="post-order-list drag_sort">
<?php echo APOP_UI::get_all_search_normal_posts( 'search' ); ?> <?php echo APOP_UI::get_all_search_normal_posts( 'search' ); ?>
</ul> </ul>
template/order_parts_taxonomy.php
+3 -3
View File
@@ -2,7 +2,7 @@
<?php foreach ( $tax_lists as $tax_key => $tax_list ) : ?> <?php foreach ( $tax_lists as $tax_key => $tax_list ) : ?>
<div class="list-orders-outer"> <div class="list-orders-outer">
<?php if ( count( $tax_list ) > 0 ): ?> <?php if ( count( $tax_list ) > 0 ): ?>
<?php echo APOP_UI::none_registered_alert_msg(); ?> <div class="no_registered_exp">&#9632;は未登録項目です。ドラッグして並び順を変更後に「変更を保存」をクリックしてください。</div>
<?php foreach ( $tax_list as $tax_data ): ?> <?php foreach ( $tax_list as $tax_data ): ?>
<div class="list-orders-inner"> <div class="list-orders-inner">
<h3><?php echo esc_html( $tax_data->name ); ?></h3> <h3><?php echo esc_html( $tax_data->name ); ?></h3>
@@ -37,7 +37,7 @@
</div> </div>
<div class="sort_box"> <div class="sort_box">
<?php list( $list, $alert ) = APOP_UI::create_search_normal_list( 'tax', $tax_data->term_id ); ?> <?php list( $list, $alert ) = APOP_UI::create_search_normal_list( 'tax', $tax_data->term_id ); ?>
<?php echo $alert; ?> <p><?php echo esc_html( $alert ); ?></p>
<div class="enable_box"> <div class="enable_box">
<h4>有効</h4> <h4>有効</h4>
<ul class="post-order-list search_normal_sort"> <ul class="post-order-list search_normal_sort">
@@ -52,7 +52,7 @@
</div> </div>
<?php endforeach; ?> <?php endforeach; ?>
<?php else: ?> <?php else: ?>
<?php echo APOP_UI::create_none_select_msg( $tax_title_text ); ?> <p class="no_registered_exp">並べ替えをカスタマイズする<?php echo esc_html( $tax_title_text ); ?>は選択されていません。</p>
<?php endif; ?> <?php endif; ?>
</div> </div>
<?php endforeach; ?> <?php endforeach; ?>
template/setting_post_custom_field.php
+3 -2
View File
@@ -8,8 +8,9 @@
<?php foreach ( $items as $item ): ?> <?php foreach ( $items as $item ): ?>
<?php if ( ! empty( $item ) ): ?> <?php if ( ! empty( $item ) ): ?>
<li><label><?php echo esc_html( $item ); ?></label> <li><label><?php echo esc_html( $item ); ?></label>
<input type="text" name="<?php echo APOP_CUSTOM_FIELD_PREFIX . $item; ?>" <input type="text"
value="<?php echo $this->get_custom_field_data( $item ); ?>"/> name="<?php echo esc_html( APOP_CUSTOM_FIELD_PREFIX . $item ); ?>"
value="<?php echo esc_html( $this->get_custom_field_data( $item ) ); ?>"/>
</li> </li>
<?php endif; ?> <?php endif; ?>
<?php endforeach; ?> <?php endforeach; ?>