WP_PLUGIN/POST_ORDER_BY_ARCHIVE
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

WP PLUGIN エスケープ処理の修正

Browse Source 
・echo時にエスケープするようメソッド修正
・HTMLタグないのエスケープをesc_attr()に変更
This commit is contained in:
nobu
2021-06-19 09:18:48 +09:00
parent f9fe860c81
commit ff1dcdc5f4
8 changed files with 144 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files
class/class.apop.apop_ui.php
+59 -64
View File
@@ -15,9 +15,7 @@ if ( ! class_exists( 'APOP_UI' ) ) {
return $type_data;
}
public static function get_all_search_normal_posts(
$key
): string {
public static function get_all_search_normal_posts( $key ) {
$meta_key = '_apop_post_' . $key;
$args = self::create_search_normal_args( $meta_key );
$posts_data = get_posts( $args );
@@ -25,13 +23,14 @@ if ( ! class_exists( 'APOP_UI' ) ) {
foreach ( $posts_data as $i => $post_data ) {
$order = $i + 1;
$no_order = self::is_sort_post_registered( $post_data->ID, $meta_key ) ? '' : ' no_order';
$list[] = '<li class="product-list' . esc_html( $no_order ) . '">' . esc_html( self::crate_non_registerd_mark( $no_order ) ) . '
<span class="sort-num-label">' . esc_html( $order ) . '</span>' . esc_html( $post_data->post_title ) . '
<input type="hidden" class="list_order" name="_apop_post_' . esc_html( $key ) . '[post_sort][' . esc_html( $post_data->ID ) . ']" value="' . esc_html( $order ) . '">
</li>';
echo '<li class="product-list' . esc_attr( $no_order ) . '">'
. esc_attr( self::crate_non_registerd_mark( $no_order ) )
. '<span class="sort-num-label">' . esc_html( $order ) . '</span>' . esc_html( $post_data->post_title )
. '<input type="hidden" class="list_order"
name="_apop_post_' . esc_attr( $key ) . '[post_sort][' . esc_attr( $post_data->ID ) . ']"
value="' . esc_attr( $order ) . '">
</li>';
}
return implode( PHP_EOL, $list );
}
private static function crate_non_registerd_mark( $no_order ): string {
@@ -270,7 +269,7 @@ value="' . esc_html( $sort_num ) . '">
);
}
public static function create_search_normal_list( $type, $id = null ): array {
public static function create_search_normal_list( $type, $id = null ) {
$name_keys = self::create_name_keys( $id, $type );
$name_key = $name_keys['name_key'];
$get_option_key = $name_keys['get_option_key'];
@@ -298,67 +297,64 @@ value="' . esc_html( $sort_num ) . '">
$cnv_order_params = self::set_order_list_param( $order_param, $target_key );
$use = $cnv_order_params['use'];
$sort = $cnv_order_params['sort'];
$alert = $cnv_order_params['alert'];
$no_order_class = $cnv_order_params['no_order_class'];
$field_metakey_input = '';
$name_use_key = '_' . $name_key . '[' . $target_key . '][use]';
$name_sort_key = '_' . $name_key . '[' . $target_key . '][sort]';
if ( strpos( $target_key, 'custom_field' ) !== false ) {
$meta_key = $cnv_order_params[ $target_key ]['meta_key'];
$value_type = $cnv_order_params[ $target_key ]['value_type'];
$field_metakey_input = self::create_custom_field_sort_type( $name_key, $target_key, $meta_key, $value_type );
$target_key_check_class = 'custom_field_check';
} else {
$target_key_check_class = 'sort_' . $target_key . '_check';
}
$list[] = '<li class="product-list' . esc_html( $no_order_class ) . '">
<div class="product-list-type-label"><b>' . esc_html( $target_values[ $target_key ] ) . '</b></div>
<div class="product-list-sort-type">
<label>
<input type="hidden" name="' . esc_html( $name_use_key ) . '"
value="0"' . esc_html( self::set_search_normal_checked( $use, 0 ) ) . '>
<span class="en_dis_label">有効</span><input class="' . esc_html( $target_key_check_class ) . '"
type="checkbox" name="' . esc_html( $name_use_key ) . '" value="1"' . esc_html( self::set_search_normal_checked( $use, 1 ) ) . '>
</label>
<label>
<input class="order_param" type="radio"
name="' . esc_html( $name_sort_key ) . '"
value="1"' . esc_html( self::set_search_normal_checked( $sort, 1 ) ) . '>昇順</label>
<label>
<input class="order_param" type="radio"
name="' . esc_html( $name_sort_key ) . '"
value="2"' . esc_html( self::set_search_normal_checked( $sort, 2 ) ) . '>降順</label>
' . $field_metakey_input . '
</div>
</li>';
}
return array(
implode( PHP_EOL, $list ),
$alert,
);
echo '<li class="product-list' . esc_attr( $no_order_class ) . '">
<div class="product-list-type-label"><b>' . esc_attr( $target_values[ $target_key ] ) . '</b></div>
<div class="product-list-sort-type">
<label>
<input type="hidden" name="' . esc_attr( $name_use_key ) . '"
value="0"' . esc_attr( self::set_search_normal_checked( $use, 0 ) ) . '>
<span class="en_dis_label">有効</span><input class="' . esc_html( $target_key_check_class ) . '"
type="checkbox" name="' . esc_attr( $name_use_key ) . '" value="1"' . esc_attr( self::set_search_normal_checked( $use, 1 ) ) . '>
</label>
<label>
<input class="order_param" type="radio"
name="' . esc_attr( $name_sort_key ) . '"
value="1"' . esc_attr( self::set_search_normal_checked( $sort, 1 ) ) . '>昇順</label>
<label>
<input class="order_param" type="radio"
name="' . esc_attr( $name_sort_key ) . '"
value="2"' . esc_attr( self::set_search_normal_checked( $sort, 2 ) ) . '>降順</label>';
if ( strpos( $target_key, 'custom_field' ) !== false ) {
self::create_custom_field_sort_type( $name_key, $target_key, $cnv_order_params );
}
echo '</div>
</li>';
}
}
private static function create_custom_field_sort_type( $name_key, $target_key, $meta_key, $value_type ): string {
private static function create_custom_field_sort_type( $name_key, $target_key, $cnv_order_params ) {
$meta_key = $cnv_order_params[ $target_key ]['meta_key'];
$value_type = $cnv_order_params[ $target_key ]['value_type'];
$name_meta_key = '_' . $name_key . '[' . $target_key . '][field][meta_key]';
$name_value_type = '_' . $name_key . '[' . $target_key . '][field][value_type]';
return '<div class="sort_custom_field">
<div class="sort_custom_field_inner"><div class="sort_custom_field_inner_label">カスタムフィールドキー:</div>
<input type="text" class="custom_field_key" name="' . esc_html( $name_meta_key ) . '" value="' . esc_html( $meta_key ) . '">
</div>
<div class="sort_custom_field_inner">
<div class="sort_custom_field_inner_label">値タイプ:</div>
<label><input type="radio"
class="custom_field_meta_value"
name="' . esc_html( $name_value_type ) . '"
value="meta_value"' . esc_html( self::set_search_normal_checked( $value_type, 'meta_value' ) ) . '>テキスト</label>
<label><input type="radio"
class="custom_field_meta_value"
name="' . esc_html( $name_value_type ) . '"
value="meta_value_num"' . esc_html( self::set_search_normal_checked( $value_type, 'meta_value_num' ) ) . '>数値</label>
</div>
</div>';
echo '<div class="sort_custom_field">
<div class="sort_custom_field_inner"><div class="sort_custom_field_inner_label">カスタムフィールドキー:</div>
<input type="text" class="custom_field_key" name="' . esc_attr( $name_meta_key ) . '" value="' . esc_attr( $meta_key ) . '">
</div>
<div class="sort_custom_field_inner">
<div class="sort_custom_field_inner_label">値タイプ:</div>
<label><input type="radio"
class="custom_field_meta_value"
name="' . esc_attr( $name_value_type ) . '"
value="meta_value"' . esc_attr( self::set_search_normal_checked( $value_type, 'meta_value' ) ) . '>テキスト</label>
<label><input type="radio"
class="custom_field_meta_value"
name="' . esc_attr( $name_value_type ) . '"
value="meta_value_num"' . esc_attr( self::set_search_normal_checked( $value_type, 'meta_value_num' ) ) . '>数値</label>
</div>
</div>';
}
private static function set_order_list_param( $order_param, $target_key ): array {
@@ -366,9 +362,9 @@ value="meta_value_num"' . esc_html( self::set_search_normal_checked( $value_type
$param = array(
'use' => 0,
'sort' => 2,
'alert' => '並べ替えを登録するには「変更を保存」をクリックしてください。',
'no_order_class' => ' no_order',
);
if ( strpos( $target_key, 'custom_field' ) !== false ) {
$param[ $target_key ] = array(
'meta_key' => '',
@@ -380,7 +376,6 @@ value="meta_value_num"' . esc_html( self::set_search_normal_checked( $value_type
$param = array(
'use' => $order_param[ $target_key ]['use'] ?? 0,
'sort' => $order_param[ $target_key ]['sort'] ?? 2,
'alert' => ! $order_param[ $target_key ]['use'] ? '並べ替えを登録するには「変更を保存」をクリックしてください。' : '',
'no_order_class' => ! $order_param[ $target_key ]['use'] ? ' no_order' : '',
);
if ( strpos( $target_key, 'custom_field' ) !== false ) {
@@ -448,11 +443,11 @@ value="meta_value_num"' . esc_html( self::set_search_normal_checked( $value_type
}
}
public static function is_disp_per_page( &$disp, $disp_per_page ) {
if ( $disp_per_page ) {
$disp = true;
}
}
// public static function is_disp_per_page( &$disp, $disp_per_page ) {
// if ( $disp_per_page ) {
// $disp = true;
// }
// }
}
}