Skip to content

Commit

Permalink
Issue #841: Move ternaary conditionals inside escaping functions.
Browse files Browse the repository at this point in the history 
Before, the output was only escaped
if the value was set.
Also, remove the isset() check for $title.
As Weston mentioned, this is always a string.
  • Loading branch information
Ryan Kienstra committed Feb 15, 2018
1 parent 78f7368 commit ccc066d
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions includes/embeds/class-amp-playlist-embed-handler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,10 +145,10 @@ public function audio_playlist() {
<div class="wp-playlist-current-item">
<amp-img src="<?php echo esc_url( $image_url ); ?>" height="<?php echo esc_attr( $image_height ); ?>" width="<?php echo esc_attr( $image_width ); ?>"></amp-img>
<div class="wp-playlist-caption">
<span class="wp-playlist-item-meta wp-playlist-item-title"><?php echo isset( $title ) ? esc_html( $title ) : ''; ?></span>
<span class="wp-playlist-item-meta wp-playlist-item-title"><?php echo esc_html( $title ); ?></span>
</div>
</div>
<amp-audio width="auto" height="50" src="<?php echo isset( $track['src'] ) ? esc_url( $track['src'] ) : ''; ?>"></amp-audio>
<amp-audio width="auto" height="50" src="<?php echo esc_url( isset( $track['src'] ) ? $track['src'] : '' ); ?>"></amp-audio>
</div>
<?php endforeach; ?>
</amp-carousel>
Expand Down Expand Up @@ -197,7 +197,7 @@ public function video_playlist() {
<?php echo wp_unslash( wp_json_encode( $amp_state ) ); // WPCS: XSS ok. ?>
</script>
</amp-state>
<amp-video id="amp-video" src="<?php echo esc_url( $this->data['tracks'][0]['src'] ); ?>" [src]="<?php echo esc_attr( $playlist ); ?>[<?php echo esc_attr( $playlist ); ?>.currentVideo].videoUrl" width="<?php echo esc_attr( $width ); ?>" height="<?php echo isset( $height ) ? esc_attr( $height ) : ''; ?>" controls></amp-video>
<amp-video id="amp-video" src="<?php echo esc_url( $this->data['tracks'][0]['src'] ); ?>" [src]="<?php echo esc_attr( $playlist ); ?>[<?php echo esc_attr( $playlist ); ?>.currentVideo].videoUrl" width="<?php echo esc_attr( $width ); ?>" height="<?php echo esc_attr( isset( $height ) ? $height : '' ); ?>" controls></amp-video>
<?php $this->tracks( 'video', $playlist ); ?>
</div>
<?php
Expand Down Expand Up @@ -259,9 +259,9 @@ public function tracks( $type, $container_id ) {
}

?>
<div class="wp-playlist-item" [class]="<?php echo isset( $item_class ) ? esc_attr( $item_class ) : ''; ?>">
<a class="wp-playlist-caption" on="<?php echo isset( $on ) ? esc_attr( $on ) : ''; ?>">
<?php echo esc_html( strval( $i + 1 ) . '.' ); ?> <span class="wp-playlist-item-title"><?php echo isset( $title ) ? esc_html( $title ) : ''; ?></span>
<div class="wp-playlist-item" [class]="<?php echo esc_attr( isset( $item_class ) ? $item_class : '' ); ?>">
<a class="wp-playlist-caption" on="<?php echo esc_attr( isset( $on ) ? $on : '' ); ?>">
<?php echo esc_html( strval( $i + 1 ) . '.' ); ?> <span class="wp-playlist-item-title"><?php echo esc_html( $title ); ?></span>
</a>
<?php if ( isset( $track['meta']['length_formatted'] ) ) : ?>
<div class="wp-playlist-item-length"><?php echo esc_html( $track['meta']['length_formatted'] ); ?></div>
Expand Down

0 comments on commit ccc066d

Please sign in to comment.