From c8667ce0656fab0068dcbe4d9524929be7f8854c Mon Sep 17 00:00:00 2001 From: Braad Date: Thu, 30 Apr 2015 14:49:46 -0700 Subject: [PATCH] Better sanitization of options in the Customizer, other fixes --- includes/admin/admin.php | 2 +- includes/admin/customizer.php | 112 +++++++++++++------------ includes/functions/theme-functions.php | 2 +- 3 files changed, 59 insertions(+), 57 deletions(-) diff --git a/includes/admin/admin.php b/includes/admin/admin.php index 2399fd7..9e9aa27 100644 --- a/includes/admin/admin.php +++ b/includes/admin/admin.php @@ -36,7 +36,7 @@ function trestle_settings_defaults() { 'logo_url_mobile' => '', 'favicon_url' => '', 'nav_primary_location' => 'full', - 'custom_nav_extras_text' => '', + 'search_in_nav' => '', 'read_more_text' => __( 'Read More »', 'trestle' ), 'revisions_number' => 3, 'footer_widgets_number' => 3, diff --git a/includes/admin/customizer.php b/includes/admin/customizer.php index e2ee241..59df250 100644 --- a/includes/admin/customizer.php +++ b/includes/admin/customizer.php @@ -51,10 +51,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[layout]', array( - 'default' => genesis_get_option( 'layout', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'layout', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( @@ -75,10 +75,11 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[logo_url]', array( - 'default' => genesis_get_option( 'logo_url', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'logo_url', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', + 'sanitize_callback' => 'esc_url_raw', ) ); $wp_customize->add_control( @@ -97,10 +98,11 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[logo_url_mobile]', array( - 'default' => genesis_get_option( 'logo_url_mobile', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'logo_url_mobile', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', + 'sanitize_callback' => 'esc_url_raw', ) ); $wp_customize->add_control( @@ -119,10 +121,11 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[favicon_url]', array( - 'default' => genesis_get_option( 'favicon_url', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'favicon_url', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', + 'sanitize_callback' => 'esc_url_raw', ) ); $wp_customize->add_control( @@ -141,10 +144,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[nav_primary_location]', array( - 'default' => genesis_get_option( 'nav_primary_location', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'nav_primary_location', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( @@ -155,27 +158,27 @@ function trestle_customizer_controls( $wp_customize ) { 'label' => __( 'Menu style', 'trestle' ), 'type' => 'select', 'choices' => array( - 'full' => __( 'Full Width', 'trestle' ), - 'header' => __( 'Header Right', 'trestle' ), + 'full' => __( 'Full Width', 'trestle' ), + 'header' => __( 'Header Right', 'trestle' ), ) ) ); // Primary nav extras. $wp_customize->add_setting( - 'trestle-settings[custom_nav_extras_text]', + 'trestle-settings[search_in_nav]', array( - 'default' => genesis_get_option( 'custom_nav_extras_text', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'search_in_nav', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( 'trestle_custom_nav_extras_text_control', array( 'section' => 'trestle_settings_section', - 'settings' => 'trestle-settings[custom_nav_extras_text]', + 'settings' => 'trestle-settings[search_in_nav]', 'label' => __( 'Add search to mobile navigation', 'trestle' ), 'type' => 'checkbox', ) @@ -205,10 +208,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[revisions_number]', array( - 'default' => genesis_get_option( 'revisions_number', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'revisions_number', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( @@ -239,10 +242,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[footer_widgets_number]', array( - 'default' => genesis_get_option( 'footer_widgets_number', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'footer_widgets_number', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( @@ -268,9 +271,8 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[link_icons_title]', array( - 'default' => genesis_get_option( 'link_icons_title', 'trestle-settings' ), - 'type' => 'option', - 'capability' => 'edit_theme_options', + 'default' => '', + 'type' => 'option', ) ); $wp_customize->add_control( @@ -287,10 +289,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[external_link_icons]', array( - 'default' => genesis_get_option( 'external_link_icons', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'external_link_icons', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( @@ -307,10 +309,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[email_link_icons]', array( - 'default' => genesis_get_option( 'email_link_icons', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'email_link_icons', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( @@ -327,10 +329,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[pdf_link_icons]', array( - 'default' => genesis_get_option( 'pdf_link_icons', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'pdf_link_icons', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( @@ -347,10 +349,10 @@ function trestle_customizer_controls( $wp_customize ) { $wp_customize->add_setting( 'trestle-settings[doc_link_icons]', array( - 'default' => genesis_get_option( 'doc_link_icons', 'trestle-settings' ), - 'type' => 'option', - 'transport' => 'postMessage', - 'capability' => 'edit_theme_options', + 'default' => genesis_get_option( 'doc_link_icons', 'trestle-settings' ), + 'type' => 'option', + 'transport' => 'postMessage', + 'capability' => 'edit_theme_options', ) ); $wp_customize->add_control( diff --git a/includes/functions/theme-functions.php b/includes/functions/theme-functions.php index b549e9e..3fc2787 100644 --- a/includes/functions/theme-functions.php +++ b/includes/functions/theme-functions.php @@ -233,7 +233,7 @@ add_filter( 'wp_nav_menu_items', 'trestle_custom_nav_extras', 10, 2 ); */ function trestle_custom_nav_extras( $nav_items, stdClass $menu_args ) { - if ( 'primary' == $menu_args->theme_location && genesis_get_option( 'custom_nav_extras_text', 'trestle-settings' ) ) { + if ( 'primary' == $menu_args->theme_location && genesis_get_option( 'search_in_nav', 'trestle-settings' ) ) { return $nav_items . '
  • ' . get_search_form( false ) . '
    • '; }