Reviewed unescaped echoing

joeyblake · joeyblake · commit dd3ac5fcfd13 · 2018-05-23T10:59:03.000-04:00
diff --git a/core/Field/Group_Field.php b/core/Field/Group_Field.php
@@ -196,7 +196,7 @@ public function get_label_template() {
 	 * Print the label template.
 	 */
 	public function template_label() {
-		echo $this->label_template;
+		echo $this->label_template; // XSS ok.
 	}
 
 	/**
diff --git a/core/Field/Rich_Text_Field.php b/core/Field/Rich_Text_Field.php
@@ -54,7 +54,7 @@ public function upload_image_button_html() {
 		$upload_image_button = '<a href="#" class="button insert-media add_media" data-editor="<%- id %>" title="Add Media">
 			<span class="wp-media-buttons-icon"></span> Add Media
 		</a>';
-		echo apply_filters( 'crb_upload_image_button_html', $upload_image_button, $this->base_name );
+		echo apply_filters( 'crb_upload_image_button_html', $upload_image_button, $this->base_name ); // XSS ok.
 	}
 
 	/**
diff --git a/core/Field/Scripts_Field.php b/core/Field/Scripts_Field.php
@@ -52,7 +52,7 @@ public function print_scripts() {
 		}
 
 		$this->load();
-		echo $this->get_formatted_value();
+		echo $this->get_formatted_value(); // XSS ok.
 	}
 
 	/**
diff --git a/core/Widget/Widget.php b/core/Widget/Widget.php
@@ -156,7 +156,7 @@ public function widget( $args, $instance ) {
 		$this->datastore->import_storage( $instance );
 
 		if ( $this->print_wrappers ) {
-			echo $args['before_widget'];
+			echo $args['before_widget']; // XSS ok.
 		}
 
 		$instance_values = array();
@@ -168,7 +168,7 @@ public function widget( $args, $instance ) {
 		$this->front_end( $args, $instance_values );
 
 		if ( $this->print_wrappers ) {
-			echo $args['after_widget'];
+			echo $args['after_widget']; // XSS ok.
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,7 @@ public function get_label_template() {`
`196`	`196`	`* Print the label template.`
`197`	`197`	`*/`
`198`	`198`	`public function template_label() {`
`199`		`- echo $this->label_template;`
	`199`	`+ echo $this->label_template; // XSS ok.`
`200`	`200`	`}`
`201`	`201`
`202`	`202`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public function upload_image_button_html() {`
`54`	`54`	`$upload_image_button = '<a href="#" class="button insert-media add_media" data-editor="<%- id %>" title="Add Media">`
`55`	`55`	`<span class="wp-media-buttons-icon"></span> Add Media`
`56`	`56`	`</a>';`
`57`		`- echo apply_filters( 'crb_upload_image_button_html', $upload_image_button, $this->base_name );`
	`57`	`+ echo apply_filters( 'crb_upload_image_button_html', $upload_image_button, $this->base_name ); // XSS ok.`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public function print_scripts() {`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`$this->load();`
`55`		`- echo $this->get_formatted_value();`
	`55`	`+ echo $this->get_formatted_value(); // XSS ok.`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ public function widget( $args, $instance ) {`
`156`	`156`	`$this->datastore->import_storage( $instance );`
`157`	`157`
`158`	`158`	`if ( $this->print_wrappers ) {`
`159`		`- echo $args['before_widget'];`
	`159`	`+ echo $args['before_widget']; // XSS ok.`
`160`	`160`	`}`
`161`	`161`
`162`	`162`	`$instance_values = array();`
`@@ -168,7 +168,7 @@ public function widget( $args, $instance ) {`
`168`	`168`	`$this->front_end( $args, $instance_values );`
`169`	`169`
`170`	`170`	`if ( $this->print_wrappers ) {`
`171`		`- echo $args['after_widget'];`
	`171`	`+ echo $args['after_widget']; // XSS ok.`
`172`	`172`	`}`
`173`	`173`	`}`
`174`	`174`