Escape HTML in plugin language files

da09b279 · Scott · 10b32cf8 · da09b279 · da09b279 · da09b279
Commit da09b279 authored Dec 12, 2018 by Scott
5 changed files
--- a/qa-plugin/basic-adsense/qa-basic-adsense-lang-default.php
+++ b/qa-plugin/basic-adsense/qa-basic-adsense-lang-default.php
@@ -21,6 +21,6 @@
 return array(
 	'ad_unit_id' => 'AdSense Ad Unit ID:',
-	'example_x' => 'Example: <i>^</i>',
+	'example_x' => 'Example: ^',
 	'publisher_id' => 'AdSense Publisher ID:',
 );
--- a/qa-plugin/basic-adsense/qa-basic-adsense.php
+++ b/qa-plugin/basic-adsense/qa-basic-adsense.php
@@ -55,13 +55,13 @@ class qa_basic_adsense
 					'label' => qa_lang_html('basic_adsense/publisher_id'),
 					'value' => qa_html(qa_opt('adsense_publisher_id')),
 					'tags' => 'name="adsense_publisher_id_field"',
-					'note' => qa_lang_sub('basic_adsense/example_x', 'pub-1234567890123456'),
+					'note' => qa_lang_html_sub('basic_adsense/example_x', '<i>pub-1234567890123456</i>'),
 				),
 				array(
 					'label' => qa_lang_html('basic_adsense/ad_unit_id'),
 					'value' => qa_html(qa_opt('adsense_adunit_id')),
 					'tags' => 'name="adsense_adunit_id_field"',
-					'note' => qa_lang_sub('basic_adsense/example_x', '8XXXXX1'),
+					'note' => qa_lang_html_sub('basic_adsense/example_x', '<i>8XXXXX1</i>'),
 				),
 			),

--- a/qa-plugin/event-logger/qa-event-logger-lang-default.php
+++ b/qa-plugin/event-logger/qa-event-logger-lang-default.php
@@ -26,7 +26,7 @@ return array(
 	'extras' => 'extras...',
 	'header_lines' => 'Include header lines at top of each log file',
 	'log_events_daily' => 'Log events to daily log files',
-	'log_events_x_table' => 'Log events to <code>^</code> database table',
+	'log_events_x_table' => 'Log events to ^ database table',
 	'log_files_dir' => 'Directory for log files - enter full path:',
 	'q2a_x_log_file_generated' => 'Question2Answer ^ log file generated by Event Logger plugin.',
 	'specify_dir_writable' => 'Please specify a directory that is writable by the web server.',

--- a/qa-plugin/event-logger/qa-event-logger.php
+++ b/qa-plugin/event-logger/qa-event-logger.php
@@ -102,7 +102,7 @@ class qa_event_logger
 			'fields' => array(
 				array(
-					'label' => qa_lang_sub('event_logger/log_events_x_table', QA_MYSQL_TABLE_PREFIX . 'eventlog'),
+					'label' => qa_lang_html_sub('event_logger/log_events_x_table', '<code>' . qa_html(QA_MYSQL_TABLE_PREFIX . 'eventlog') . '</code>'),
 					'tags' => 'name="event_logger_to_database_field"',
 					'value' => qa_opt('event_logger_to_database'),
 					'type' => 'checkbox',

--- a/qa-plugin/wysiwyg-editor/qa-wysiwyg-upload.php
+++ b/qa-plugin/wysiwyg-editor/qa-wysiwyg-upload.php
@@ -35,7 +35,7 @@ class qa_wysiwyg_upload
 		if (is_array($_FILES) && count($_FILES)) {
 			if (!qa_opt('wysiwyg_editor_upload_images'))
-				$message = qa_lang('users/no_permission');
+				$message = qa_lang_html('users/no_permission');
 			require_once QA_INCLUDE_DIR.'app/upload.php';