diff --git a/admin/admin-active-setting-page.php b/admin/admin-active-setting-page.php
index 6644fc5c..c5dddb8b 100644
--- a/admin/admin-active-setting-page.php
+++ b/admin/admin-active-setting-page.php
@@ -41,8 +41,8 @@
?>
" >
|
-
-
+
+
|
-
+
1 && $i >= 1 ) ? ' | ' : ''; ?>
-
-
+
+
-
+
|
diff --git a/admin/customizer.php b/admin/customizer.php
index 4287f988..ce44e627 100644
--- a/admin/customizer.php
+++ b/admin/customizer.php
@@ -65,7 +65,7 @@ public function render_content() {
link(); ?> />
input_after ); ?>
- description; ?>
+ description ); ?>
'',
),
'vkExUnit_cta_img' => array(
- 'escape_type' => '',
+ 'escape_type' => 'esc_url',
),
'vkExUnit_cta_img_position' => array(
'escape_type' => '',
),
'vkExUnit_cta_button_text' => array(
- 'escape_type' => 'stripslashes',
+ 'escape_type' => array( 'stripslashes', 'wp_kses_post' ),
),
'vkExUnit_cta_button_icon' => array(
- 'escape_type' => 'stripslashes',
+ 'escape_type' => 'wp_kses_post',
),
'vkExUnit_cta_button_icon_before' => array(
- 'escape_type' => 'stripslashes',
+ 'escape_type' => 'wp_kses_post',
),
'vkExUnit_cta_button_icon_after' => array(
- 'escape_type' => 'stripslashes',
+ 'escape_type' => 'wp_kses_post',
),
'vkExUnit_cta_url' => array(
- 'escape_type' => '',
+ 'escape_type' => 'esc_url',
),
'vkExUnit_cta_url_blank' => array(
'escape_type' => '',
),
'vkExUnit_cta_text' => array(
- 'escape_type' => 'stripslashes',
+ 'escape_type' => array( 'stripslashes', 'wp_kses_post' ),
),
);
@@ -198,8 +198,17 @@ public static function save_custom_field( $post_id ) {
foreach ( $custom_fields as $custom_field_name => $custom_field_options ) {
if ( isset( $_POST[ $custom_field_name ] ) ) {
- if ( isset( $custom_field_name['escape_type'] ) && $custom_field_name['escape_type'] == 'stripslashes' ) {
- $data = stripslashes( $_POST[ $custom_field_name ] );
+ if ( ! empty( $custom_field_name['escape_type'] ) ) {
+ if ( is_array( $custom_field_name['escape_type'] ) ) {
+ // エスケープ処理が複数ある場合
+ $data = $_POST[ $custom_field_name ];
+ foreach ( $custom_field_name['escape_type'] as $escape ) {
+ $data = call_user_func( $escape, $data );
+ }
+ } else {
+ // エスケープ処理が一つの場合
+ $data = call_user_func( $custom_field_name['escape_type'], $_POST[ $custom_field_name ] );
+ }
} else {
$data = $_POST[ $custom_field_name ];
}
@@ -462,8 +471,9 @@ public static function render_meta_box_cta() {
'itemtype' => array(),
),
'i' => array(
- 'id' => array(),
- 'class' => array(),
+ 'id' => array(),
+ 'class' => array(),
+ 'aria-hidden' => array()
),
);
?>
@@ -498,6 +508,92 @@ public static function get_cta_post( $id ) {
return $target;
}
+ /**
+ * 許可する HTML
+ */
+ public static function cta_allow_html() {
+ $allowed_html = array(
+ 'div' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'itemprop' => array(),
+ 'itemscope' => array(),
+ 'itemtype' => array(),
+ 'style' => array(),
+ ),
+ 'h3' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'style' => array(),
+ ),
+ 'h4' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'style' => array(),
+ ),
+ 'h5' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'style' => array(),
+ ),
+ 'h6' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'style' => array(),
+ ),
+ 'p' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'style' => array(),
+ ),
+ 'ul' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'itemprop' => array(),
+ 'itemscope' => array(),
+ 'itemtype' => array(),
+ 'style' => array(),
+ ),
+ 'ol' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'itemprop' => array(),
+ 'itemscope' => array(),
+ 'itemtype' => array(),
+ 'style' => array(),
+ ),
+ 'li' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'itemprop' => array(),
+ 'itemscope' => array(),
+ 'itemtype' => array(),
+ 'style' => array(),
+ ),
+ 'a' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'href' => array(),
+ 'target' => array(),
+ 'itemprop' => array(),
+ 'style' => array(),
+ ),
+ 'span' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'itemprop' => array(),
+ 'itemscope' => array(),
+ 'itemtype' => array(),
+ 'style' => array(),
+ ),
+ 'i' => array(
+ 'id' => array(),
+ 'class' => array(),
+ 'aria-hidden' => array()
+ ),
+ );
+ return $allowed_html;
+ }
/**
* CTAとして返す内容の処理
@@ -545,7 +641,7 @@ public static function render_cta_content( $id ) {
wp_reset_postdata();
// wp_kses_post でエスケープすると outerブロックが出力するstyle属性を無効化される.
- return do_blocks( do_shortcode( $content ) );
+ return do_blocks( do_shortcode( wp_kses( $content, cta_allow_html() ) ) );
}
/**
@@ -717,7 +813,8 @@ public static function get_option( $show_label = false ) {
// ↓ これであかんの?
// $output_option = wp_parse_args( $option, $default );
if ( ! $option || ! is_array( $option ) ) {
- return $default; }
+ return $default;
+ }
$posttypes = array_merge(
array(
diff --git a/inc/common-block.php b/inc/common-block.php
index 4598e9ca..e4c64bf8 100644
--- a/inc/common-block.php
+++ b/inc/common-block.php
@@ -52,6 +52,7 @@ function veu_block_deprecated_alart() {
$text .= '';
$text .= '';
+ // 入力由来でないのでエスケープ不要
echo $text;
}
}
diff --git a/inc/contact-section/contact-section.php b/inc/contact-section/contact-section.php
index 12323910..ded59b9e 100644
--- a/inc/contact-section/contact-section.php
+++ b/inc/contact-section/contact-section.php
@@ -241,16 +241,16 @@ public function options_page() {
}
public function option_sanitaize( $option ) {
- $option['contact_txt'] = stripslashes( $option['contact_txt'] );
- $option['tel_number'] = stripslashes( $option['tel_number'] );
- $option['tel_icon'] = stripslashes( $option['tel_icon'] );
- $option['contact_time'] = stripslashes( $option['contact_time'] );
- $option['contact_link'] = stripslashes( $option['contact_link'] );
- $option['button_text'] = stripslashes( $option['button_text'] );
- $option['button_text_small'] = stripslashes( $option['button_text_small'] );
- $option['short_text'] = stripslashes( $option['short_text'] );
+ $option['contact_txt'] = wp_kses_post( stripslashes( $option['contact_txt'] ) );
+ $option['tel_number'] = wp_kses_post( stripslashes( $option['tel_number'] ) );
+ $option['tel_icon'] = wp_kses( $option['tel_icon'] , array( 'i' => array( 'class' => array(), 'aria-hidden' => array() ) ) );
+ $option['contact_time'] = wp_kses_post( stripslashes( $option['contact_time'] ) );
+ $option['contact_link'] = esc_url ( $option['contact_link'] );
+ $option['button_text'] = wp_kses_post( stripslashes( $option['button_text'] ) );
+ $option['button_text_small'] = wp_kses_post( stripslashes( $option['button_text_small'] ) );
+ $option['short_text'] = wp_kses_post( stripslashes( $option['short_text'] ) );
$option['contact_image'] = esc_url( $option['contact_image'] );
- $option['contact_html'] = stripslashes( $option['contact_html'] );
+ $option['contact_html'] = wp_kses_post( stripslashes( $option['contact_html'] ) );
return $option;
}
@@ -451,7 +451,7 @@ public static function render_widget_contact_btn_html() {
}
$cont .= ' ';
- $cont .= $options['short_text'];
+ $cont .= wp_kses_post( $options['short_text'] );
// Arrow Icon
$class = 'far fa-arrow-alt-circle-right';
@@ -462,7 +462,7 @@ public static function render_widget_contact_btn_html() {
$cont .= '';
if ( isset( $options['button_text_small'] ) && $options['button_text_small'] ) {
- $cont .= '' . $options['button_text_small'] . '';
+ $cont .= '' . wp_kses_post( $options['button_text_small'] ) . '';
}
$cont .= '';
}
diff --git a/inc/insert-ads.php b/inc/insert-ads.php
index d3d9047d..ba33c495 100644
--- a/inc/insert-ads.php
+++ b/inc/insert-ads.php
@@ -125,7 +125,6 @@ public function print_google_auto_ad() {
$option = $this->get_option();
if ( $option['google-ads-active'] && $option['google-pub-id'] ) {
- $overlay = ',overlays: {bottom: true}';
?>
@@ -230,7 +229,7 @@ public function render_configPage() {
$lang = ( get_locale() == 'ja' ) ? 'ja' : 'en';
$Google_ad_url = 'https://support.google.com/adsense/answer/7478040?hl=' . $lang;
?>
- [ ]
+ [ ]
diff --git a/inc/other-widget/widget-3pr-area.php b/inc/other-widget/widget-3pr-area.php
index 13185301..371b16ca 100644
--- a/inc/other-widget/widget-3pr-area.php
+++ b/inc/other-widget/widget-3pr-area.php
@@ -137,13 +137,13 @@ function update( $new_instance, $old_instance ) {
$instance = $old_instance;
for ( $i = 1; $i <= 3; ) {
- $instance[ 'label_' . $i ] = $new_instance[ 'label_' . $i ];
- $instance[ 'media_3pr_image_' . $i ] = $new_instance[ 'media_3pr_image_' . $i ];
- $instance[ 'media_3pr_alt_' . $i ] = $new_instance[ 'media_3pr_alt_' . $i ];
- $instance[ 'media_3pr_image_sp_' . $i ] = $new_instance[ 'media_3pr_image_sp_' . $i ];
- $instance[ 'media_3pr_alt_sp_' . $i ] = $new_instance[ 'media_3pr_alt_sp_' . $i ];
- $instance[ 'summary_' . $i ] = $new_instance[ 'summary_' . $i ];
- $instance[ 'linkurl_' . $i ] = $new_instance[ 'linkurl_' . $i ];
+ $instance[ 'label_' . $i ] = wp_kses_post( stripslashes($new_instance[ 'label_' . $i ] ) );
+ $instance[ 'media_3pr_image_' . $i ] = esc_url( $new_instance[ 'media_3pr_image_' . $i ] );
+ $instance[ 'media_3pr_alt_' . $i ] = esc_html( stripslashes( $new_instance[ 'media_3pr_alt_' . $i ] ) );
+ $instance[ 'media_3pr_image_sp_' . $i ] = esc_url( $new_instance[ 'media_3pr_image_sp_' . $i ] );
+ $instance[ 'media_3pr_alt_sp_' . $i ] = esc_html( stripslashes( $new_instance[ 'media_3pr_alt_sp_' . $i ] ) );
+ $instance[ 'summary_' . $i ] = wp_kses_post( stripslashes( $new_instance[ 'summary_' . $i ] ) );
+ $instance[ 'linkurl_' . $i ] = esc_url( $new_instance[ 'linkurl_' . $i ] );
$instance[ 'blank_' . $i ] = ( isset( $new_instance[ 'blank_' . $i ] ) && $new_instance[ 'blank_' . $i ] == 'true' );
$i++;
}
@@ -163,7 +163,7 @@ function widget( $args, $instance ) {
echo ' |