Allowed HTML in Component class

lloc · Sep 24, 2024 · 8025146 · 8025146
1 parent 05ec26c
commit 8025146
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 10 deletions.
diff --git a/includes/MslsAdminIcon.php b/includes/MslsAdminIcon.php
@@ -243,15 +243,16 @@ public function get_icon(): string {
 				$icon = sprintf(
 					'<span class="language-badge %s">%s</span>',
 					esc_attr( $this->language ),
-					wp_kses( $text, Component::get_allowed_html() )
+					$text
 				);
+
 				break;
 			default:
 				$class = empty( $this->href ) ? 'dashicons-plus' : 'dashicons-edit';
 				$icon  = sprintf( '<span class="dashicons %s"></span>', esc_attr( $class ) );
 		}
 
-		return $icon;
+		return wp_kses( $icon, Component::get_allowed_html() );
 	}
 
 	/**

diff --git a/includes/MslsCustomColumn.php b/includes/MslsCustomColumn.php
@@ -93,10 +93,13 @@ public function td( $column_name, $item_id ): void {
 						$icon->set_href( (int) $mydata->$language );
 					}
 
-					printf(
-						'<span class="msls-icon-wrapper %1$s">%2$s</span>',
-						esc_attr( $this->options->get_icon_type() ),
-						wp_kses( $icon->get_a(), Component::get_allowed_html() )
+					echo wp_kses(
+						sprintf(
+							'<span class="msls-icon-wrapper %1$s">%2$s</span>',
+							esc_attr( $this->options->get_icon_type() ),
+							$icon->get_a()
+						),
+						Component::get_allowed_html()
 					);
 
 					restore_current_blog();

diff --git a/includes/MslsPostTag.php b/includes/MslsPostTag.php
@@ -8,6 +8,8 @@
 
 namespace lloc\Msls;
 
+use lloc\Msls\Component\Component;
+
 /**
  * Post Tag
  *
@@ -160,7 +162,12 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
 
 			$this->maybe_set_linked_term( $mydata );
 
-			printf( wp_kses_post( $title_format ), esc_html( $this->get_select_title() ), esc_attr( $type ) );
+			$allowed_html = Component::get_allowed_html();
+
+			echo wp_kses(
+				sprintf( $title_format, esc_html( $this->get_select_title() ), esc_attr( $type ) ),
+				$allowed_html
+			);
 
 			foreach ( $blogs as $blog ) {
 				switch_to_blog( $blog->userblog_id );
@@ -179,7 +186,10 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
 					}
 				}
 
-				printf( wp_kses_post( $item_format ), esc_attr( $blog->userblog_id ), wp_kses_post( $icon ), esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );
+				echo wp_kses(
+					sprintf( $item_format, esc_attr( $blog->userblog_id ), $icon, esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) ),
+					$allowed_html
+				);
 
 				restore_current_blog();
 			}

diff --git a/includes/MslsPostTagClassic.php b/includes/MslsPostTagClassic.php
@@ -79,7 +79,10 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
 
 			$this->maybe_set_linked_term( $mydata );
 
-			printf( wp_kses( $title_format, Component::get_allowed_html() ), esc_html( $this->get_select_title() ) );
+			echo wp_kses(
+				sprintf( $title_format, esc_html( $this->get_select_title() ), esc_attr( $type ) ),
+				Component::get_allowed_html()
+			);
 
 			foreach ( $blogs as $blog ) {
 				$this->print_option( $blog, $type, $mydata, $item_format );
@@ -128,7 +131,10 @@ public function print_option( MslsBlog $blog, string $type, MslsOptionsTax $myda
 			}
 		}
 
-		printf( wp_kses_post( $item_format ), esc_attr( $language ), wp_kses_post( $icon ), wp_kses_post( $options ) );
+		echo wp_kses(
+			sprintf( $item_format, esc_attr( $language ), $icon, $options ),
+			Component::get_allowed_html()
+		);
 
 		restore_current_blog();
 	}