diff --git a/includes/Component/Component.php b/includes/Component/Component.php
new file mode 100644
index 00000000..0d7dc365
--- /dev/null
+++ b/includes/Component/Component.php
@@ -0,0 +1,50 @@
+ array(
+ 'for' => array(),
+ ),
+ 'option' => array(
+ 'value' => array(),
+ 'selected' => array(),
+ ),
+ 'select' => array(
+ 'id' => array(),
+ 'name' => array(),
+ ),
+ 'input' => array(
+ 'type' => array(),
+ 'class' => array(),
+ 'id' => array(),
+ 'name' => array(),
+ 'value' => array(),
+ 'size' => array(),
+ 'readonly' => array(),
+ ),
+ );
+
+ /**
+ * @return string
+ */
+ abstract public function render(): string;
+
+ /**
+ * Adds our input elements to the allowed HTML elements of a post
+ */
+ public static function get_allowed_html(): array {
+ $my_allowed = wp_kses_allowed_html( 'post' );
+
+ return array_merge( $my_allowed, self::ALLOWED_HTML );
+ }
+}
diff --git a/includes/Component/Icon.php b/includes/Component/Icon.php
index dfc4134b..b10c6489 100644
--- a/includes/Component/Icon.php
+++ b/includes/Component/Icon.php
@@ -1,9 +1,10 @@
-map[ $language ] ?? $this->maybe( $language, '', '.png' );
}
-
-}
\ No newline at end of file
+}
diff --git a/includes/Component/Icon/IconSvg.php b/includes/Component/Icon/IconSvg.php
index 631d7c62..8ef0a60b 100644
--- a/includes/Component/Icon/IconSvg.php
+++ b/includes/Component/Icon/IconSvg.php
@@ -1,4 +1,4 @@
-map[ $language ] ?? $this->maybe( $language, 'flag-icon-' );
}
-
-}
\ No newline at end of file
+}
diff --git a/includes/Component/Input/Checkbox.php b/includes/Component/Input/Checkbox.php
index 5a1072ac..11aba33c 100644
--- a/includes/Component/Input/Checkbox.php
+++ b/includes/Component/Input/Checkbox.php
@@ -1,15 +1,15 @@
-arr[] = $input;
return $this;
@@ -47,7 +46,7 @@ public function add( InputInterface $input ): self {
*/
public function render(): string {
$items = array_map(
- function ( InputInterface $input ) {
+ function ( Component $input ) {
return $input->render(); // phpcs:ignore WordPress.Security.EscapeOutput
},
$this->arr
diff --git a/includes/Component/Input/Label.php b/includes/Component/Input/Label.php
index a32d497f..61c26b76 100644
--- a/includes/Component/Input/Label.php
+++ b/includes/Component/Input/Label.php
@@ -1,15 +1,15 @@
-options = new Group( '' );
foreach ( $arr as $key => $value ) {
- $this->options->add( new Option( $key, strval( $value ), $selected ) );
+ $this->options->add( new Option( strval( $key ), strval( $value ), $selected ) );
}
}
diff --git a/includes/Component/Input/Text.php b/includes/Component/Input/Text.php
index 363fbb3a..16573bca 100644
--- a/includes/Component/Input/Text.php
+++ b/includes/Component/Input/Text.php
@@ -1,11 +1,10 @@
-%2$s', esc_html( $this->element ), wp_kses_post( $this->content ) );
+ return sprintf( '<%1$s>%2$s', esc_html( $this->element ), wp_kses( $this->content, self::get_allowed_html() ) );
}
}
diff --git a/includes/ContentImport/LogWriters/AdminNoticeLogger.php b/includes/ContentImport/LogWriters/AdminNoticeLogger.php
index f760770e..2fe55013 100644
--- a/includes/ContentImport/LogWriters/AdminNoticeLogger.php
+++ b/includes/ContentImport/LogWriters/AdminNoticeLogger.php
@@ -2,6 +2,7 @@
namespace lloc\Msls\ContentImport\LogWriters;
+use lloc\Msls\Component\Component;
use lloc\Msls\ContentImport\ImportCoordinates;
use lloc\Msls\MslsRegistryInstance;
@@ -141,7 +142,7 @@ public function show_last_log( $echo = true ): ?string {
}
if ( $echo ) {
- echo wp_kses_post( $html );
+ echo wp_kses( $html, Component::get_allowed_html() );
}
// we've shown it, no reason to keep it
diff --git a/includes/ContentImport/MetaBox.php b/includes/ContentImport/MetaBox.php
index 10a25f08..0e527363 100644
--- a/includes/ContentImport/MetaBox.php
+++ b/includes/ContentImport/MetaBox.php
@@ -2,6 +2,7 @@
namespace lloc\Msls\ContentImport;
+use lloc\Msls\Component\Component;
use lloc\Msls\Component\Wrapper;
use lloc\Msls\ContentImport\Importers\Map;
use lloc\Msls\MslsBlogCollection;
@@ -86,7 +87,7 @@ function ( $lang ) use ( $mydata ) {
$output = ( new Wrapper( 'p', $warning ) )->render();
}
- echo wp_kses_post( $output );
+ echo wp_kses( $output, Component::get_allowed_html() );
}
protected function inline_thickbox_url( array $data = array() ): string {
@@ -172,7 +173,7 @@ protected function inline_thickbox_html( $echo = true, array $data = array() ):
$html = ob_get_clean();
if ( $echo ) {
- echo wp_kses_post( $html );
+ echo wp_kses( $html, Component::get_allowed_html() );
}
return $html;
diff --git a/includes/MslsCustomColumn.php b/includes/MslsCustomColumn.php
index e83c79a5..5876c49f 100644
--- a/includes/MslsCustomColumn.php
+++ b/includes/MslsCustomColumn.php
@@ -2,6 +2,8 @@
namespace lloc\Msls;
+use lloc\Msls\Component\Component;
+
/**
* Handling of existing/not existing translations in the backend listings of
* various post types
@@ -94,7 +96,7 @@ public function td( $column_name, $item_id ): void {
printf(
'%2$s',
esc_attr( $this->options->get_icon_type() ),
- wp_kses_post( $icon->get_a() )
+ wp_kses( $icon->get_a(), Component::get_allowed_html() )
);
restore_current_blog();
diff --git a/includes/MslsMain.php b/includes/MslsMain.php
index e0b003ca..b57e88fe 100644
--- a/includes/MslsMain.php
+++ b/includes/MslsMain.php
@@ -2,7 +2,7 @@
namespace lloc\Msls;
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
/**
* Abstraction for the hook classes
@@ -75,9 +75,9 @@ public function get_input_array( $object_id ): array {
return $arr;
}
- $offset = strlen( InputInterface::INPUT_PREFIX );
+ $offset = strlen( Component::INPUT_PREFIX );
foreach ( $input_post as $key => $value ) {
- if ( false === strpos( $key, InputInterface::INPUT_PREFIX ) || empty( $value ) ) {
+ if ( false === strpos( $key, Component::INPUT_PREFIX ) || empty( $value ) ) {
continue;
}
diff --git a/includes/MslsMetaBox.php b/includes/MslsMetaBox.php
index df1a8a83..0ae6e7ac 100644
--- a/includes/MslsMetaBox.php
+++ b/includes/MslsMetaBox.php
@@ -2,7 +2,7 @@
namespace lloc\Msls;
-use lloc\Msls\Component\InputInterface;
+use lloc\Msls\Component\Component;
use lloc\Msls\Component\Wrapper;
use lloc\Msls\ContentImport\MetaBox as ContentImportMetaBox;
@@ -186,7 +186,7 @@ public function render_select(): void {
$args = array(
'post_type' => $type,
'selected' => $mydata->$language,
- 'name' => InputInterface::INPUT_PREFIX . $language,
+ 'name' => Component::INPUT_PREFIX . $language,
'show_option_none' => ' ',
'option_none_value' => 0,
'sort_column' => 'menu_order, post_title',
@@ -270,13 +270,14 @@ public function render_options( $type, $msls_id ): string {
* @return string
*/
public function render_option( int $post_id, int $msls_id ): string {
- return wp_kses_post(
+ return wp_kses(
sprintf(
'',
esc_attr( $post_id ),
selected( $post_id, $msls_id, false ),
get_the_title( $post_id )
- )
+ ),
+ Component::get_allowed_html()
);
}
@@ -323,12 +324,13 @@ public function render_input(): void {
restore_current_blog();
}
- echo wp_kses_post(
+ echo wp_kses(
sprintf(
'',
$items,
$post_type
- )
+ ),
+ Component::get_allowed_html()
);
$post = $temp;
diff --git a/includes/MslsPostTagClassic.php b/includes/MslsPostTagClassic.php
index 0d894c60..b1d55a83 100644
--- a/includes/MslsPostTagClassic.php
+++ b/includes/MslsPostTagClassic.php
@@ -77,7 +77,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
$this->maybe_set_linked_term( $mydata );
- printf( wp_kses_post( $title_format ), esc_html( $this->get_select_title() ) );
+ printf( wp_kses( $title_format ), esc_html( $this->get_select_title() ) );
foreach ( $blogs as $blog ) {
$this->print_option( $blog, $type, $mydata, $item_format );
diff --git a/includes/MslsWidget.php b/includes/MslsWidget.php
index ac85fbae..e0f2b9d1 100644
--- a/includes/MslsWidget.php
+++ b/includes/MslsWidget.php
@@ -8,6 +8,8 @@
namespace lloc\Msls;
+use lloc\Msls\Component\Component;
+
/**
* The standard widget of the Multisite Language Switcher
*
@@ -60,7 +62,10 @@ public function widget( $args, $instance ) {
$content = apply_filters( 'msls_widget_alternative_content', $text );
}
- echo wp_kses_post( $args['before_widget'] . $title . $content . $args['after_widget'] );
+ echo wp_kses(
+ $args['before_widget'] . $title . $content . $args['after_widget'],
+ Component::get_allowed_html()
+ );
}
/**
@@ -95,7 +100,7 @@ public function form( $instance ) {
( isset( $instance['title'] ) ? esc_attr( $instance['title'] ) : '' )
);
- echo wp_kses_post( $form );
+ echo wp_kses( $form, Component::get_allowed_html() );
return $form;
}
diff --git a/tests/phpunit/MslsUnitTestCase.php b/tests/phpunit/MslsUnitTestCase.php
index 6e2ed13f..984a92d1 100644
--- a/tests/phpunit/MslsUnitTestCase.php
+++ b/tests/phpunit/MslsUnitTestCase.php
@@ -29,6 +29,7 @@ protected function setUp(): void {
Functions\when( 'wp_kses' )->returnArg();
Functions\when( 'wp_kses_post' )->returnArg();
Functions\when( 'sanitize_text_field' )->returnArg();
+ Functions\when( 'wp_kses_allowed_html' )->justReturn( array() );
}
protected function tearDown(): void {