Plugin Directory

Changeset 3029599 for starbox


Ignore:
Timestamp:
01/31/2024 03:57:10 PM (15 months ago)
Author:
cifi
Message:

Update security in Starbox for User Profile
Update field sanitizer on Author Box BIO

Location:
starbox/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • starbox/trunk/classes/Tools.php

    r2964031 r3029599  
    171171
    172172    /**
     173     * Clear the field string
     174     *
     175     * @param  $value
     176     * @return mixed|null|string|string[]
     177     */
     178    public static function sanitizeField($value)
     179    {
     180
     181        if(is_array($value)){
     182            return array_map(array('ABH_Classes_Tools', 'sanitizeField'), $value);
     183        }
     184
     185        if (is_string($value) && $value <> '') {
     186
     187            $search = array(
     188                "'<!--(.*?)-->'is",
     189                "'<script[^>]*?>.*?<\/script>'si", // strip out javascript
     190                "'<style[^>]*?>.*?<\/style>'si", // strip out styles
     191                "'<form.*?<\/form>'si",
     192                "'<iframe.*?<\/iframe>'si",
     193                "'&lt;!--(.*?)--&gt;'is",
     194                "'&lt;script&gt;.*?&lt;\/script&gt;'si", // strip out javascript
     195                "'&lt;style&gt;.*?&lt;\/style&gt;'si", // strip out styles
     196            );
     197            $value = preg_replace($search, "", $value);
     198
     199            $search = array(
     200                "/&nbsp;/si",
     201                "/\s{2,}/",
     202            );
     203            $value = preg_replace($search, " ", $value);
     204
     205            //more sanitization
     206            $value = wp_strip_all_tags($value);
     207            $value = ent2ncr($value);
     208            $value = trim($value);
     209
     210            $value = ABH_Classes_Tools::i18n($value);
     211
     212        }
     213
     214        return $value;
     215    }
     216
     217
     218    /**
    173219     * Get a value from $_POST / $_GET
    174220     * if unavailable, take a default value
     
    183229        }
    184230
    185         $ret = sanitize_text_field((isset($_POST[$key]) ? $_POST[$key] : $defaultValue));
     231        $ret = (isset($_POST[$key]) ? $_POST[$key] : $defaultValue);
     232        $ret = ABH_Classes_Tools::sanitizeField($ret);
    186233
    187234        return wp_unslash($ret);
  • starbox/trunk/models/Frontend.php

    r2964031 r3029599  
    6262
    6363            $content .= '
    64                          <div class="abh_box abh_box_' . $this->position . ' abh_box_' . $this->details['abh_theme'] . '">
     64                         <div class="abh_box abh_box_' . $this->position . ' abh_box_' . esc_attr($this->details['abh_theme']) . '">
    6565                                <ul class="abh_tabs">
    66                                  <li class="abh_about abh_active"><a href="#abh_about">' . __('About', _ABH_PLUGIN_NAME_) . '</a></li>
    67                                  <li class="abh_posts"><a href="#abh_posts">' . __('Latest Posts', _ABH_PLUGIN_NAME_) . '</a></li>
     66                                 <li class="abh_about abh_active"><a href="#abh_about">' . esc_html__('About', _ABH_PLUGIN_NAME_) . '</a></li>
     67                                 <li class="abh_posts"><a href="#abh_posts">' . esc_html__('Latest Posts', _ABH_PLUGIN_NAME_) . '</a></li>
    6868                                </ul>
    6969                                <div class="abh_tab_content">' .
     
    8484    public function getProfileImage() {
    8585        if (isset($this->details['abh_gravatar']) && $this->details['abh_gravatar'] <> '' && file_exists(_ABH_GRAVATAR_DIR_ . $this->details['abh_gravatar'])) {
    86             $image =  '<img src="' . _ABH_GRAVATAR_URL_ . $this->details['abh_gravatar'] . '" class="photo" width="' . ABH_IMAGESIZE . '" alt="' . $this->author->display_name . '" />';
     86            $image =  '<img src="' . _ABH_GRAVATAR_URL_ . $this->details['abh_gravatar'] . '" class="photo" width="' . ABH_IMAGESIZE . '" alt="' . esc_attr($this->author->display_name) . '" />';
    8787        } else {
    88             $image =  get_avatar($this->author->ID, ABH_IMAGESIZE, '', $this->author->display_name);
     88            $image =  get_avatar($this->author->ID, ABH_IMAGESIZE, '', esc_attr($this->author->display_name));
    8989        }
    9090
     
    121121        if (ABH_AUTHORLINK) {
    122122            if ($this->author->user_url) {
    123                 $content .= '<a href = "' . $this->author->user_url . '" class="url" target = "_blank" title = "' . $this->author->display_name . '" ' . $nofollow . ' > ' . $this->getProfileImage() . '</a > ';
     123                $content .= '<a href = "' . esc_url($this->author->user_url) . '" class="url" target = "_blank" title = "' . esc_attr($this->author->display_name) . '" ' . $nofollow . ' > ' . $this->getProfileImage() . '</a > ';
    124124            } else {
    125                 $content .= '<a href = "' . get_author_posts_url($this->author->ID) . '" class="url" title = "' . $this->author->display_name . '" > ' . $this->getProfileImage() . '</a > ';
     125                $content .= '<a href = "' . get_author_posts_url($this->author->ID) . '" class="url" title = "' . esc_attr($this->author->display_name) . '" > ' . $this->getProfileImage() . '</a > ';
    126126            }
    127127        } else {
     
    131131                    <div class="abh_social"> ' . $this->getSocial($this->single) . '</div>
    132132                    <div class="abh_text">
    133                         <div class="abh_name fn name" ' . (($this->single) ? 'itemprop="name"' : '') . ' ' . ((ABH_Classes_Tools::getOption('abh_titlefontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_titlefontsize') . ' !important;"' : '') . '>' . (ABH_AUTHORLINK ? (($this->author->user_url) ? '<a href="' . $this->author->user_url . '" class="url" target="_blank" ' . $nofollow . '>' . $this->author->display_name . '</a>' : '<a href="' . get_author_posts_url($this->author->ID) . '" class="url">' . $this->author->display_name . '</a>') : $this->author->display_name) . '</div>
    134                         <div class="abh_job" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_descfontsize') . ' !important;"' : '') . '>' . (($this->details['abh_title'] <> '' && $this->details['abh_company'] <> '') ? '<span class="title" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_descfontsize') . ' !important;"' : '') . '>' . $this->details['abh_title'] . '</span> ' . __('at', _ABH_PLUGIN_NAME_) . ' <span class="org" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_descfontsize') . ' !important;"' : '') . '>' . (($this->details['abh_company_url'] <> '') ? sprintf('<a href="%s" target="_blank">%s</a>', $this->details['abh_company_url'], $this->details['abh_company']) : $this->details['abh_company']) . '</span>' : '') . '</div>
     133                        <div class="abh_name fn name" ' . (($this->single) ? 'itemprop="name"' : '') . ' ' . ((ABH_Classes_Tools::getOption('abh_titlefontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_titlefontsize') . ' !important;"' : '') . '>' . (ABH_AUTHORLINK ? (($this->author->user_url) ? '<a href="' . esc_url($this->author->user_url) . '" class="url" target="_blank" ' . $nofollow . '>' . esc_html($this->author->display_name) . '</a>' : '<a href="' . get_author_posts_url($this->author->ID) . '" class="url">' . esc_html($this->author->display_name) . '</a>') : esc_html($this->author->display_name)) . '</div>
     134                        <div class="abh_job" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_descfontsize') . ' !important;"' : '') . '>' . (($this->details['abh_title'] <> '' && $this->details['abh_company'] <> '') ? '<span class="title" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_descfontsize') . ' !important;"' : '') . '>' . esc_html($this->details['abh_title']) . '</span> ' . __('at', _ABH_PLUGIN_NAME_) . ' <span class="org" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_descfontsize') . ' !important;"' : '') . '>' . (($this->details['abh_company_url'] <> '') ? sprintf('<a href="%s" target="_blank">%s</a>', esc_url($this->details['abh_company_url']), esc_attr($this->details['abh_company'])) : esc_attr($this->details['abh_company'])) . '</span>' : '') . '</div>
    135135                        <div class="description note abh_description" ' . (($this->single) ? 'itemprop="description"' : '') . ' ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_descfontsize') . ' !important;"' : '') . '>' . ((isset($this->details['abh_extra_description']) && $this->details['abh_extra_description'] <> '') ? nl2br($this->details['abh_extra_description']) : nl2br($this->author->user_description)) . '</div>
    136136                    </div>
     
    165165                <section class="abh_posts_tab abh_tab" >
    166166                    <div class="abh_image">
    167                       ' . (ABH_AUTHORLINK ? (($this->author->user_url) ? '<a href="' . $this->author->user_url . '" class="url" target="_blank" title="' . $this->author->display_name . '" ' . $nofollow . '>' . $this->getProfileImage() . '</a>' : '<a href="' . get_author_posts_url($this->author->ID) . '" class="url" title="' . $this->author->display_name . '">' . $this->getProfileImage() . '</a>') : $this->getProfileImage()) . '
     167                      ' . (ABH_AUTHORLINK ? (($this->author->user_url) ? '<a href="' . esc_url($this->author->user_url) . '" class="url" target="_blank" title="' . esc_attr($this->author->display_name) . '" ' . $nofollow . '>' . $this->getProfileImage() . '</a>' : '<a href="' . get_author_posts_url($this->author->ID) . '" class="url" title="' . esc_attr($this->author->display_name) . '">' . $this->getProfileImage() . '</a>') : $this->getProfileImage()) . '
    168168                    </div>
    169169                    <div class="abh_social"> ' . $this->getSocial() . '</div>
    170170                    <div class="abh_text">
    171                         <div class="abh_name" ' . ((ABH_Classes_Tools::getOption('abh_titlefontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_titlefontsize') . ' !important;"' : '') . '>' . sprintf(__('Latest posts by %s', _ABH_PLUGIN_NAME_), $this->author->display_name) . ' <span class="abh_allposts">' . (ABH_AUTHORLINK ? '(<a href="' . get_author_posts_url($this->author->ID) . '">' . __('see all', _ABH_PLUGIN_NAME_) . '</a>)' : '') . '</span></div>
     171                        <div class="abh_name" ' . ((ABH_Classes_Tools::getOption('abh_titlefontsize') <> 'default') ? 'style="font-size:' . ABH_Classes_Tools::getOption('abh_titlefontsize') . ' !important;"' : '') . '>' . sprintf(__('Latest posts by %s', _ABH_PLUGIN_NAME_), esc_attr($this->author->display_name)) . ' <span class="abh_allposts">' . (ABH_AUTHORLINK ? '(<a href="' . get_author_posts_url($this->author->ID) . '">' . __('see all', _ABH_PLUGIN_NAME_) . '</a>)' : '') . '</span></div>
    172172                        <div class="abh_description note" >' . $this->getLatestPosts() . '</div>
    173173                    </div>
     
    204204        if (isset($this->details['abh_facebook']) && $this->details['abh_facebook'] <> '') {
    205205            $count++;
    206             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_facebook'], 'http') === false) ? 'http://facebook.com/' : '') . $this->details['abh_facebook'] . '" title="' . __('Facebook', _ABH_PLUGIN_NAME_) . '" class="abh_facebook" target="_blank" ' . $nofollow . '></a>';
     206            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_facebook'], 'http') === false) ? 'http://facebook.com/' : '') . esc_attr($this->details['abh_facebook']) . '" title="' . __('Facebook', _ABH_PLUGIN_NAME_) . '" class="abh_facebook" target="_blank" ' . $nofollow . '></a>';
    207207        }
    208208        if (isset($this->details['abh_twitter']) && $this->details['abh_twitter'] <> '') {
    209209            $count++;
    210             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_twitter'], 'http') === false) ? 'http://twitter.com/' : '') . $this->details['abh_twitter'] . '" title="' . __('Twitter', _ABH_PLUGIN_NAME_) . '" class="abh_twitter" target="_blank" ' . $nofollow . '></a>';
     210            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_twitter'], 'http') === false) ? 'http://twitter.com/' : '') . esc_attr($this->details['abh_twitter']) . '" title="' . __('Twitter', _ABH_PLUGIN_NAME_) . '" class="abh_twitter" target="_blank" ' . $nofollow . '></a>';
    211211        }
    212212        if (isset($this->details['abh_linkedin']) && $this->details['abh_linkedin'] <> '') {
    213213            $count++;
    214             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_linkedin'], 'http') === false) ? 'http://www.linkedin.com/in/' : '') . $this->details['abh_linkedin'] . '" title="' . __('LinkedIn', _ABH_PLUGIN_NAME_) . '" class="abh_linkedin" target="_blank" ' . $nofollow . '></a>';
     214            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_linkedin'], 'http') === false) ? 'http://www.linkedin.com/in/' : '') . esc_attr($this->details['abh_linkedin']) . '" title="' . __('LinkedIn', _ABH_PLUGIN_NAME_) . '" class="abh_linkedin" target="_blank" ' . $nofollow . '></a>';
    215215        }
    216216        if (isset($this->details['abh_instagram']) && $this->details['abh_instagram'] <> '') {
    217217            $count++;
    218             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_instagram'], 'http') === false) ? 'http://instagram.com/' : '') . $this->details['abh_instagram'] . '" title="' . __('Instagram', _ABH_PLUGIN_NAME_) . '" class="abh_instagram" target="_blank" ' . $nofollow . '></a>';
     218            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_instagram'], 'http') === false) ? 'http://instagram.com/' : '') . esc_attr($this->details['abh_instagram']) . '" title="' . __('Instagram', _ABH_PLUGIN_NAME_) . '" class="abh_instagram" target="_blank" ' . $nofollow . '></a>';
    219219        }
    220220        if (isset($this->details['abh_flickr']) && $this->details['abh_flickr'] <> '') {
    221221            $count++;
    222             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_flickr'], 'http') === false) ? 'http://www.flickr.com/photos/' : '') . $this->details['abh_flickr'] . '" title="' . __('Flickr', _ABH_PLUGIN_NAME_) . '" class="abh_flickr" target="_blank" ' . $nofollow . '></a>';
     222            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_flickr'], 'http') === false) ? 'http://www.flickr.com/photos/' : '') . esc_attr($this->details['abh_flickr']) . '" title="' . __('Flickr', _ABH_PLUGIN_NAME_) . '" class="abh_flickr" target="_blank" ' . $nofollow . '></a>';
    223223        }
    224224        if (isset($this->details['abh_pinterest']) && $this->details['abh_pinterest'] <> '') {
    225225            $count++;
    226             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_pinterest'], 'http') === false) ? 'http://pinterest.com/' : '') . $this->details['abh_pinterest'] . '" title="' . __('Pinterest', _ABH_PLUGIN_NAME_) . '" class="abh_pinterest" target="_blank" ' . $nofollow . '></a>';
     226            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_pinterest'], 'http') === false) ? 'http://pinterest.com/' : '') . esc_attr($this->details['abh_pinterest']) . '" title="' . __('Pinterest', _ABH_PLUGIN_NAME_) . '" class="abh_pinterest" target="_blank" ' . $nofollow . '></a>';
    227227        }
    228228        if (isset($this->details['abh_tumblr']) && $this->details['abh_tumblr'] <> '') {
    229229            $count++;
    230             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_tumblr'], 'http') === false) ? 'http://' . $this->details['abh_tumblr'] . '.tumblr.com/' : $this->details['abh_tumblr']) . '" title="' . __('Tumblr', _ABH_PLUGIN_NAME_) . '" class="abh_tumblr" target="_blank" ' . $nofollow . '></a>';
     230            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_tumblr'], 'http') === false) ? 'http://' . esc_attr($this->details['abh_tumblr']) . '.tumblr.com/' : esc_attr($this->details['abh_tumblr'])) . '" title="' . __('Tumblr', _ABH_PLUGIN_NAME_) . '" class="abh_tumblr" target="_blank" ' . $nofollow . '></a>';
    231231        }
    232232        if (isset($this->details['abh_youtube']) && $this->details['abh_youtube'] <> '') {
    233233            $count++;
    234             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_youtube'], 'http') === false) ? 'http://www.youtube.com/user/' : '') . $this->details['abh_youtube'] . '" title="' . __('YouTube', _ABH_PLUGIN_NAME_) . '" class="abh_youtube" target="_blank" ' . $nofollow . '></a>';
     234            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_youtube'], 'http') === false) ? 'http://www.youtube.com/user/' : '') . esc_attr($this->details['abh_youtube']) . '" title="' . __('YouTube', _ABH_PLUGIN_NAME_) . '" class="abh_youtube" target="_blank" ' . $nofollow . '></a>';
    235235        }
    236236        if (isset($this->details['abh_vimeo']) && $this->details['abh_vimeo'] <> '') {
    237237            $count++;
    238             $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_vimeo'], 'http') === false) ? 'http://vimeo.com/' : '') . $this->details['abh_vimeo'] . '" title="' . __('Vimeo', _ABH_PLUGIN_NAME_) . '" class="abh_vimeo" target="_blank" ' . $nofollow . '></a>';
     238            $content .= '<a ' . (($itemprop) ? 'itemprop="sameAs"' : '') . ' href="' . ((strpos($this->details['abh_vimeo'], 'http') === false) ? 'http://vimeo.com/' : '') . esc_attr($this->details['abh_vimeo']) . '" title="' . __('Vimeo', _ABH_PLUGIN_NAME_) . '" class="abh_vimeo" target="_blank" ' . $nofollow . '></a>';
    239239        }
    240240
     
    251251
    252252        if ($count > 0 && isset($this->details['abh_socialtext']) && $this->details['abh_socialtext'] <> '')
    253             $content = '<div style="clear: both; font-size:12px; font-weight:normal; width: 85px; margin: 0 0 2px auto; line-height: 20px;">' . $this->details['abh_socialtext'] . '</div>' . $content;
     253            $content = '<div style="clear: both; font-size:12px; font-weight:normal; width: 85px; margin: 0 0 2px auto; line-height: 20px;">' . esc_html($this->details['abh_socialtext']) . '</div>' . $content;
    254254
    255255        return $content;
     
    287287                if (!$found)
    288288                    continue;
    289                 //echo '<pre>' . print_r($category, true) . '</pre>';
    290289            }
    291290
  • starbox/trunk/readme.txt

    r3028775 r3029599  
    104104
    105105== Changelog ==
    106 = 3.4.9 =
     106= 3.5.0 =
    107107* Update security on User setting
    108108* Fixed Small Bugs
  • starbox/trunk/starbox.php

    r3028851 r3029599  
    88*  Author: Squirrly UK
    99*  Description: Starbox is the Author Box for Humans. Professional Themes to choose from, HTML5, Social Media Profiles, Google Authorship
    10 *  Version: 3.4.9
     10*  Version: 3.5.0
    1111*  Author URI: https://www.squirrly.co/wordpress-seo-by-squirrly
    1212*  License:     GPLv2 or later
     
    2727
    2828/* SET THE CURRENT VERSION ABOVE AND BELOW */
    29 define('ABH_VERSION', '3.4.9');
     29define('ABH_VERSION', '3.5.0');
    3030
    3131if (!defined('ABHP_VERSION')) {
  • starbox/trunk/themes/admin/UserSettings.php

    r2964031 r3029599  
    1 <?php defined('ABSPATH') || die('Cheatin\' uh?'); ?>
     1<?php defined('ABSPATH') || die('Cheatin\' uh?'); if(!isset($view)) return;?>
    22<div id="abh_settings" >
    33    <a id="abh_settings"></a>
    4     <div id="abh_settings_title" ><?php _e('Starbox Settings for this Author', _ABH_PLUGIN_NAME_); ?></div>
     4    <div id="abh_settings_title" ><?php echo esc_html__('Starbox Settings for this Author', _ABH_PLUGIN_NAME_); ?></div>
    55    <div id="abh_settings_body">
    66        <div id="abh_settings_left" >
     
    99                    <div class="abh_switch">
    1010                        <input id="abh_use_on" type="radio" class="abh_switch-input" name="abh_use"  value="1" <?php echo (($view->author['abh_use'] == 1) ? "checked" : '') ?> />
    11                         <label for="abh_use_on" class="abh_switch-label abh_switch-label-off"><?php _e('Yes', _ABH_PLUGIN_NAME_); ?></label>
     11                        <label for="abh_use_on" class="abh_switch-label abh_switch-label-off"><?php echo esc_html__('Yes', _ABH_PLUGIN_NAME_); ?></label>
    1212                        <input id="abh_use_off" type="radio" class="abh_switch-input" name="abh_use" value="0" <?php echo ((!$view->author['abh_use'] == 1) ? "checked" : '') ?> />
    13                         <label for="abh_use_off" class="abh_switch-label abh_switch-label-on"><?php _e('No', _ABH_PLUGIN_NAME_); ?></label>
     13                        <label for="abh_use_off" class="abh_switch-label abh_switch-label-on"><?php echo esc_html__('No', _ABH_PLUGIN_NAME_); ?></label>
    1414                        <span class="abh_switch-selection"></span>
    1515                    </div>
    16                     <span><?php _e('Show the StarBox for this author', _ABH_PLUGIN_NAME_); ?></span>
     16                    <span><?php echo esc_html__('Show the StarBox for this author', _ABH_PLUGIN_NAME_); ?></span>
    1717                </div>
    1818
    1919            </fieldset>
    2020            <fieldset>
    21                 <legend><?php _e('Change the Profile Image', _ABH_PLUGIN_NAME_); ?></legend>
     21                <legend><?php echo esc_html__('Change the Profile Image', _ABH_PLUGIN_NAME_); ?></legend>
    2222                <div class="abh_gravatar">
    2323                    <p>
    24                         <?php _e('File types: JPG, JPEG, GIF and PNG. Ideal image size is: 80x80', _ABH_PLUGIN_NAME_); ?>
     24                        <?php echo esc_html__('File types: JPG, JPEG, GIF and PNG. Ideal image size is: 80x80', _ABH_PLUGIN_NAME_); ?>
    2525                    </p>
    26                     <p><span class="sq_settings_info"><?php echo ((defined('ABH_MESSAGE_FAVICON')) ? ABH_MESSAGE_FAVICON : '') ?></span></p>
     26                    <p><span class="sq_settings_info"><?php echo ((defined('ABH_MESSAGE_FAVICON')) ? esc_attr(ABH_MESSAGE_FAVICON) : '') ?></span></p>
    2727                    <div>
    2828                        <?php if (isset($view->author['abh_gravatar']) && $view->author['abh_gravatar'] <> '' && file_exists(_ABH_GRAVATAR_DIR_ . $view->author['abh_gravatar'])) { ?>
    29                             <img src="<?php echo _ABH_GRAVATAR_URL_ . $view->author['abh_gravatar'] . '?' . time() ?>" width="<?php echo ABH_IMAGESIZE?>" class="photo" />
     29                            <img src="<?php echo esc_url(_ABH_GRAVATAR_URL_) . esc_attr($view->author['abh_gravatar']) . '?' . esc_attr(time()) ?>" width="<?php echo esc_attr(ABH_IMAGESIZE)?>" class="photo" />
    3030                            <?php
    3131                        } else {
     
    3636                        <div class="abh_upload">
    3737                            <input type="file" name="abh_gravatar" autocomplete="off" />
    38                             <input type="submit"  id="abh_gravatar_update" name="abh_update" value="<?php _e('Upload', _ABH_PLUGIN_NAME_) ?>" />
    39                             <div class="abh_upload_reset"><label for="abh_resetgravatar"><?php _e('Reset the uploaded image', _ABH_PLUGIN_NAME_); ?></label><input name="abh_resetgravatar" type="checkbox" value="1" /></div>
    40                             <span class="abh_settings_info"><?php echo sprintf(__('You can also set your image on %shttps://en.gravatar.com/%s for your email address', _ABH_PLUGIN_NAME_), '<a href="https://en.gravatar.com/" target="_blank">', '</a>'); ?></span>
     38                            <input type="submit"  id="abh_gravatar_update" name="abh_update" value="<?php echo esc_attr__('Upload', _ABH_PLUGIN_NAME_) ?>" />
     39                            <div class="abh_upload_reset"><label for="abh_resetgravatar"><?php echo esc_html__('Reset the uploaded image', _ABH_PLUGIN_NAME_); ?></label><input name="abh_resetgravatar" type="checkbox" value="1" /></div>
     40                            <span class="abh_settings_info"><?php echo sprintf(esc_attr__('You can also set your image on %shttps://en.gravatar.com/%s for your email address', _ABH_PLUGIN_NAME_), '<a href="https://en.gravatar.com/" target="_blank">', '</a>'); ?></span>
    4141                        </div>
    4242                    </div>
     
    4545            </fieldset>
    4646            <fieldset>
    47                 <legend><?php _e('Theme settings:', _ABH_PLUGIN_NAME_); ?></legend>
     47                <legend><?php echo esc_html__('Theme settings:', _ABH_PLUGIN_NAME_); ?></legend>
    4848                <div class="abh_option_content">
    4949                    <div class="abh_select">
     
    5555                                $position = 'default';
    5656                            ?>
    57                             <option value="default" <?php echo (($position == 'default') ? 'selected="selected"' : '') ?>><?php _e('Default', _ABH_PLUGIN_NAME_); ?></option>
    58                             <option value="up" <?php echo (($position == 'up') ? 'selected="selected"' : '') ?>><?php _e('Up', _ABH_PLUGIN_NAME_); ?></option>
    59                             <option value="down" <?php echo (($position == 'down') ? 'selected="selected"' : '') ?>><?php _e('Down', _ABH_PLUGIN_NAME_); ?></option>
     57                            <option value="default" <?php echo (($position == 'default') ? 'selected="selected"' : '') ?>><?php echo esc_html__('Default', _ABH_PLUGIN_NAME_); ?></option>
     58                            <option value="up" <?php echo (($position == 'up') ? 'selected="selected"' : '') ?>><?php echo esc_html__('Up', _ABH_PLUGIN_NAME_); ?></option>
     59                            <option value="down" <?php echo (($position == 'down') ? 'selected="selected"' : '') ?>><?php echo esc_html__('Down', _ABH_PLUGIN_NAME_); ?></option>
    6060                        </select>
    6161                    </div>
    62                     <span><?php _e('The Author Box position', _ABH_PLUGIN_NAME_); ?></span>
     62                    <span><?php echo esc_html__('The Author Box position', _ABH_PLUGIN_NAME_); ?></span>
    6363                </div>
    6464
     
    7474
    7575                            foreach ($view->themes as $name) {
    76                                 echo '<option value="' . $name . '" ' . (($theme == $name) ? 'selected="selected"' : '') . ' >' . ucfirst($name) . '</option>';
     76                                echo '<option value="' . esc_attr($name) . '" ' . (($theme == $name) ? 'selected="selected"' : '') . ' >' . esc_html(ucfirst($name)) . '</option>';
    7777                            }
    7878                            ?>
    7979                        </select>
    8080                    </div>
    81                     <span><?php _e('This Author\'s theme', _ABH_PLUGIN_NAME_); ?></span>
     81                    <span><?php echo esc_html__('This Author\'s theme', _ABH_PLUGIN_NAME_); ?></span>
    8282
    8383                </div>
     
    8888                            <?php
    8989                            foreach (ABH_Classes_Tools::getOption('abh_titlefontsizes') as $name) {
    90                                 echo '<option value="' . $name . '" ' . ((ABH_Classes_Tools::getOption('abh_titlefontsize') == $name) ? 'selected="selected"' : '') . ' >' . $name . '</option>';
     90                                echo '<option value="' . esc_attr($name) . '" ' . ((ABH_Classes_Tools::getOption('abh_titlefontsize') == $name) ? 'selected="selected"' : '') . ' >' . esc_html($name) . '</option>';
    9191                            }
    9292                            ?>
    9393                        </select>
    9494                    </div>
    95                     <span><?php _e('Choose the size of the name', _ABH_PLUGIN_NAME_); ?></span>
     95                    <span><?php echo esc_html__('Choose the size of the name', _ABH_PLUGIN_NAME_); ?></span>
    9696
    9797                    <div class="abh_select">&nbsp;
     
    9999                            <?php
    100100                            foreach (ABH_Classes_Tools::getOption('abh_descfontsizes') as $name) {
    101                                 echo '<option value="' . $name . '" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') == $name) ? 'selected="selected"' : '') . ' >' . $name . '</option>';
     101                                echo '<option value="' . esc_attr($name) . '" ' . ((ABH_Classes_Tools::getOption('abh_descfontsize') == $name) ? 'selected="selected"' : '') . ' >' . esc_html($name) . '</option>';
    102102                            }
    103103                            ?>
    104104                        </select>
    105105                    </div>
    106                     <span><?php _e('Choose the size of the description', _ABH_PLUGIN_NAME_); ?></span>
     106                    <span><?php echo esc_html__('Choose the size of the description', _ABH_PLUGIN_NAME_); ?></span>
    107107                </div>
    108108
    109                 <div id="abh_box_preview_title"><?php _e('Preview mode (change the theme)', _ABH_PLUGIN_NAME_); ?></div>
     109                <div id="abh_box_preview_title"><?php echo esc_html__('Preview mode (change the theme)', _ABH_PLUGIN_NAME_); ?></div>
    110110                <div id="abh_box_preview"><?php
    111111                    if ($theme == 'default')
    112112                        $theme = ABH_Classes_Tools::getOption('abh_theme');
    113113                    if (file_exists((_ABH_ALL_THEMES_DIR_ . $theme . '/js/frontend.js')))
    114                         echo '<script type="text/javascript" src="' . _ABH_ALL_THEMES_URL_ . $theme . '/js/frontend.js?ver=' . ABH_VERSION . '"></script>';
    115                     echo '<link rel="stylesheet"  href="' . _ABH_ALL_THEMES_URL_ . $theme . '/css/frontend.css?ver=' . ABH_VERSION . '" type="text/css" media="all" />';
     114                        echo '<script type="text/javascript" src="' . esc_url(_ABH_ALL_THEMES_URL_ . $theme . '/js/frontend.js?ver=' . ABH_VERSION) . '"></script>';
     115                    echo '<link rel="stylesheet"  href="' . esc_url(_ABH_ALL_THEMES_URL_ . $theme . '/css/frontend.css?ver=' . ABH_VERSION) . '" type="text/css" media="all" />';
    116116
    117117                    echo ABH_Classes_ObjController::getController('ABH_Controllers_Frontend')->showBox($view->user->ID);
     
    119119            </fieldset>
    120120            <fieldset>
    121                 <legend><?php _e('Job settings:', _ABH_PLUGIN_NAME_); ?></legend>
     121                <legend><?php echo esc_html__('Job settings:', _ABH_PLUGIN_NAME_); ?></legend>
    122122                <div>
    123                     <p><span><?php _e('Job Title:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_title" value="<?php echo $view->author['abh_title']; ?>" size="30" /></p>
    124                     <p><span><?php _e('Company:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_company" value="<?php echo $view->author['abh_company']; ?>" size="30" /></p>
    125                     <p><span><?php _e('Company URL:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_company_url" value="<?php echo $view->author['abh_company_url']; ?>" size="30" /></p>
     123                    <p><span><?php echo esc_html__('Job Title:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_title" value="<?php echo esc_attr($view->author['abh_title']); ?>" size="30" /></p>
     124                    <p><span><?php echo esc_html__('Company:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_company" value="<?php echo esc_attr($view->author['abh_company']); ?>" size="30" /></p>
     125                    <p><span><?php echo esc_html__('Company URL:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_company_url" value="<?php echo esc_url($view->author['abh_company_url']); ?>" size="30" /></p>
    126126                    <p class="abh_description_author"></p>
    127                     <p class="abh_show_extra_description" <?php echo (($view->author['abh_extra_description'] == '') ? '' : 'style="display: none"'); ?>><?php _e('add custom author bio >>', _ABH_PLUGIN_NAME_); ?></p>
     127                    <p class="abh_show_extra_description" <?php echo (($view->author['abh_extra_description'] == '') ? '' : 'style="display: none"'); ?>><?php echo esc_html__('add custom author bio >>', _ABH_PLUGIN_NAME_); ?></p>
    128128                    <p class="abh_extra_description" <?php echo (($view->author['abh_extra_description'] <> '') ? '' : 'style="display: none"'); ?>>
    129                         <span> </span><span style="font-size:12px; font-weight: normal; margin-left: 15px; font-style: italic;"><?php _e('By adding text here, you will replace the above description with this one', _ABH_PLUGIN_NAME_); ?></span>
     129                        <span> </span><span style="font-size:12px; font-weight: normal; margin-left: 15px; font-style: italic;"><?php echo esc_html__('By adding text here, you will replace the above description with this one', _ABH_PLUGIN_NAME_); ?></span>
    130130                        <br style="clear:both;" />
    131                         <span><?php _e('Author BIO:', _ABH_PLUGIN_NAME_); ?></span> <textarea id="abh_extra_description" name="abh_extra_description"  ><?php echo $view->author['abh_extra_description']; ?></textarea>
     131                        <span><?php echo esc_html__('Author BIO:', _ABH_PLUGIN_NAME_); ?></span> <textarea id="abh_extra_description" name="abh_extra_description"  ><?php echo esc_html($view->author['abh_extra_description']); ?></textarea>
    132132                        <br style="clear:both;" />
    133                         <span> </span><a href="javascript:void(0);" onclick="jQuery('#abh_extra_description').val('')" style="font-size:12px; font-weight: normal; margin-left: 15px;"><?php _e('Clear the custom description and show the default description', _ABH_PLUGIN_NAME_); ?></a>
     133                        <span> </span><a href="javascript:void(0);" onclick="jQuery('#abh_extra_description').val('')" style="font-size:12px; font-weight: normal; margin-left: 15px;"><?php echo esc_html__('Clear the custom description and show the default description', _ABH_PLUGIN_NAME_); ?></a>
    134134                    </p>
    135135                </div>
    136136            </fieldset>
    137137            <fieldset >
    138                 <legend><?php _e('Social settings:', _ABH_PLUGIN_NAME_); ?></legend>
     138                <legend><?php echo esc_html__('Social settings:', _ABH_PLUGIN_NAME_); ?></legend>
    139139
    140140                <div id="abh_option_social" >
    141141                    <p class="abh_social_text" style="height:30px; line-height: 30px;">
    142                         <span><?php _e('Social text (12 chars):', _ABH_PLUGIN_NAME_); ?></span>
    143                         <span ><input name="abh_socialtext" value="<?php echo $view->author['abh_socialtext']; ?>" size="30" maxlength="12" style="min-width: 100px; width: 100px;" /></span>
    144                         <span style="font-size:12px; font-weight: normal; font-style: italic; margin-left: 5px;"><?php _e('eq. "Follow me"', _ABH_PLUGIN_NAME_); ?></span>
     142                        <span><?php echo esc_html__('Social text (12 chars):', _ABH_PLUGIN_NAME_); ?></span>
     143                        <span ><input name="abh_socialtext" value="<?php echo esc_attr($view->author['abh_socialtext']); ?>" size="30" maxlength="12" style="min-width: 100px; width: 100px;" /></span>
     144                        <span style="font-size:12px; font-weight: normal; font-style: italic; margin-left: 5px;"><?php echo esc_html__('eq. "Follow me"', _ABH_PLUGIN_NAME_); ?></span>
    145145                    </p>
    146                     <p><span class="abh_social_settings abh_twitter"></span><span><?php _e('Twitter:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_twitter" value="<?php echo $view->author['abh_twitter']; ?>" size="30" /></p>
    147                     <p><span class="abh_social_settings abh_facebook"></span><span><?php _e('Facebook:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_facebook" value="<?php echo $view->author['abh_facebook']; ?>" size="30" /></p>
    148                     <p style="font-size: 18px; color: red;"><?php echo sprintf(__('Need more Socials Links and High Priority support? Visit %sStarbox PRO%s', _ABH_PLUGIN_NAME_), '<a href="http://starbox.squirrly.co/product/starbox-the-author-box-for-humans/" target="_blank">', '</a>'); ?></p>
     146                    <p><span class="abh_social_settings abh_twitter"></span><span><?php echo esc_html__('Twitter:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_twitter" value="<?php echo esc_attr($view->author['abh_twitter']); ?>" size="30" /></p>
     147                    <p><span class="abh_social_settings abh_facebook"></span><span><?php echo esc_html__('Facebook:', _ABH_PLUGIN_NAME_); ?></span> <input type="text" name="abh_facebook" value="<?php echo esc_attr($view->author['abh_facebook']); ?>" size="30" /></p>
     148                    <p style="font-size: 18px; color: red;"><?php echo sprintf(esc_html__('Need more Socials Links and High Priority support? Visit %sStarbox PRO%s', _ABH_PLUGIN_NAME_), '<a href="http://starbox.squirrly.co/product/starbox-the-author-box-for-humans/" target="_blank">', '</a>'); ?></p>
    149149                    <div class="abh_option_content">
    150150                        <div class="abh_switch">
    151151                            <input id="abh_nofollow_social_on" type="radio" class="abh_switch-input" name="abh_nofollow_social"  value="1" <?php echo ((!$view->author['abh_nofollow_social'] == 0) ? "checked" : '') ?> />
    152                             <label for="abh_nofollow_social_on" class="abh_switch-label abh_switch-label-off"><?php _e('Yes', _ABH_PLUGIN_NAME_); ?></label>
     152                            <label for="abh_nofollow_social_on" class="abh_switch-label abh_switch-label-off"><?php echo esc_html__('Yes', _ABH_PLUGIN_NAME_); ?></label>
    153153                            <input id="abh_nofollow_social_off" type="radio" class="abh_switch-input" name="abh_nofollow_social" value="0" <?php echo (($view->author['abh_nofollow_social'] == 0) ? "checked" : '') ?> />
    154                             <label for="abh_nofollow_social_off" class="abh_switch-label abh_switch-label-on"><?php _e('No', _ABH_PLUGIN_NAME_); ?></label>
     154                            <label for="abh_nofollow_social_off" class="abh_switch-label abh_switch-label-on"><?php echo esc_html__('No', _ABH_PLUGIN_NAME_); ?></label>
    155155                            <span class="abh_switch-selection"></span>
    156156                        </div>
    157                         <span><?php _e('Add rel="nofollow" to Social links and user URL', _ABH_PLUGIN_NAME_); ?></span>
     157                        <span><?php echo esc_html__('Add rel="nofollow" to Social links and user URL', _ABH_PLUGIN_NAME_); ?></span>
    158158                    </div>
    159159                    <div class="abh_option_content">
    160160                        <div class="abh_switch">
    161161                            <input id="abh_noopener_social_on" type="radio" class="abh_switch-input" name="abh_noopener_social"  value="1" <?php echo ((!$view->author['abh_noopener_social'] == 0) ? "checked" : '') ?> />
    162                             <label for="abh_noopener_social_on" class="abh_switch-label abh_switch-label-off"><?php _e('Yes', _ABH_PLUGIN_NAME_); ?></label>
     162                            <label for="abh_noopener_social_on" class="abh_switch-label abh_switch-label-off"><?php echo esc_html__('Yes', _ABH_PLUGIN_NAME_); ?></label>
    163163                            <input id="abh_noopener_social_off" type="radio" class="abh_switch-input" name="abh_noopener_social" value="0" <?php echo (($view->author['abh_noopener_social'] == 0) ? "checked" : '') ?> />
    164                             <label for="abh_noopener_social_off" class="abh_switch-label abh_switch-label-on"><?php _e('No', _ABH_PLUGIN_NAME_); ?></label>
     164                            <label for="abh_noopener_social_off" class="abh_switch-label abh_switch-label-on"><?php echo esc_html__('No', _ABH_PLUGIN_NAME_); ?></label>
    165165                            <span class="abh_switch-selection"></span>
    166166                        </div>
    167                         <span><?php _e('Add rel="noopener" to Social links and user URL', _ABH_PLUGIN_NAME_); ?></span>
     167                        <span><?php echo esc_html__('Add rel="noopener" to Social links and user URL', _ABH_PLUGIN_NAME_); ?></span>
    168168                    </div>
    169169                    <div class="abh_option_content">
    170170                        <div class="abh_switch">
    171171                            <input id="abh_noreferrer_social_on" type="radio" class="abh_switch-input" name="abh_noreferrer_social"  value="1" <?php echo ((!$view->author['abh_noreferrer_social'] == 0) ? "checked" : '') ?> />
    172                             <label for="abh_noreferrer_social_on" class="abh_switch-label abh_switch-label-off"><?php _e('Yes', _ABH_PLUGIN_NAME_); ?></label>
     172                            <label for="abh_noreferrer_social_on" class="abh_switch-label abh_switch-label-off"><?php echo esc_html__('Yes', _ABH_PLUGIN_NAME_); ?></label>
    173173                            <input id="abh_noreferrer_social_off" type="radio" class="abh_switch-input" name="abh_noreferrer_social" value="0" <?php echo (($view->author['abh_noreferrer_social'] == 0) ? "checked" : '') ?> />
    174                             <label for="abh_noreferrer_social_off" class="abh_switch-label abh_switch-label-on"><?php _e('No', _ABH_PLUGIN_NAME_); ?></label>
     174                            <label for="abh_noreferrer_social_off" class="abh_switch-label abh_switch-label-on"><?php echo esc_html__('No', _ABH_PLUGIN_NAME_); ?></label>
    175175                            <span class="abh_switch-selection"></span>
    176176                        </div>
    177                         <span><?php _e('Add rel="noreferrer" to Social links and user URL', _ABH_PLUGIN_NAME_); ?></span>
     177                        <span><?php echo esc_html__('Add rel="noreferrer" to Social links and user URL', _ABH_PLUGIN_NAME_); ?></span>
    178178                    </div>
    179179
Note: See TracChangeset for help on using the changeset viewer.