From d86e54544b18045095c5143fb6dafd745808c682 Mon Sep 17 00:00:00 2001
From: David Stone <david@nnucomputerwhiz.com>
Date: Mon, 7 Apr 2025 09:47:01 -0600
Subject: [PATCH] Remove overzealous escaping

---
 views/base/centered.php                        | 2 +-
 views/dashboard-statistics/widget-forms.php    | 2 +-
 views/events/widget-message.php                | 2 +-
 views/invoice/template.php                     | 4 ++--
 views/settings/fields/field-text.php           | 4 ++--
 views/shortcodes/shortcodes.php                | 4 ++--
 views/wizards/host-integrations/activation.php | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/views/base/centered.php b/views/base/centered.php
index f112f4f..38fe665 100644
--- a/views/base/centered.php
+++ b/views/base/centered.php
@@ -108,7 +108,7 @@
 
 						<div class="inside">
 
-							<?php echo wp_kses_post($content); ?>
+							<?php echo $content; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 
 						</div>
 
diff --git a/views/dashboard-statistics/widget-forms.php b/views/dashboard-statistics/widget-forms.php
index 5befb81..e026c09 100644
--- a/views/dashboard-statistics/widget-forms.php
+++ b/views/dashboard-statistics/widget-forms.php
@@ -61,7 +61,7 @@
 					<td>
 						<?php echo esc_html($form->signup_form); ?>
 						<?php if ('by-admin' === $form->signup_form) : ?>
-							<?php echo wp_kses_post(wu_tooltip(__('Customers created via the admin panel, by super admins.', 'wp-multisite-waas'))); ?>
+							<?php echo wu_tooltip(__('Customers created via the admin panel, by super admins.', 'wp-multisite-waas')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 						<?php endif; ?>
 					</td>
 					<td class="wu-text-right"><?php echo intval($form->count); ?></td> <!-- Ensure count is an integer and properly escaped -->
diff --git a/views/events/widget-message.php b/views/events/widget-message.php
index 4d1fe46..252c6ec 100644
--- a/views/events/widget-message.php
+++ b/views/events/widget-message.php
@@ -12,7 +12,7 @@
 	<h3 class="wu-my-1 wu-text-2xs wu-uppercase"><?php echo esc_html__('Message', 'wp-multisite-waas'); ?></h3>
 
 	<span class="wu-my-1 wu-inline-block">
-		<?php echo wp_kses_post($object->get_message()); ?>
+		<?php echo $object->get_message(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 	</span>
 
 	</li>
diff --git a/views/invoice/template.php b/views/invoice/template.php
index 29743cc..ce7c652 100644
--- a/views/invoice/template.php
+++ b/views/invoice/template.php
@@ -185,7 +185,7 @@ $has_tax_included = false;
 							/**
 							 * Displays the company address.
 							 */
-							echo wp_kses(nl2br($company_address), array('br' => array()));
+							echo nl2br(esc_html($company_address), array('br' => array()));
 
 							?>
 						</td>
@@ -198,7 +198,7 @@ $has_tax_included = false;
 							/**
 							 * Displays the clients address.
 							 */
-							echo wp_kses(nl2br(implode(PHP_EOL, (array) $billing_address)), array('br' => array()));
+							echo nl2br(esc_html(implode(PHP_EOL, (array) $billing_address)), array('br' => array()));
 
 							?>
 						   
diff --git a/views/settings/fields/field-text.php b/views/settings/fields/field-text.php
index f928ffd..82e8b44 100644
--- a/views/settings/fields/field-text.php
+++ b/views/settings/fields/field-text.php
@@ -25,7 +25,7 @@
 
 		<?php if (isset($field->append) && ! empty($field->append)) : ?>
 
-			<?php echo wp_kses_post($field->append); ?>
+			<?php echo $field->append; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 
 		<?php endif; ?>
 
@@ -33,7 +33,7 @@
 
 		<p class="description" id="<?php echo esc_attr($field->id); ?>-desc">
 
-			<?php echo $field->desc; ?>
+			<?php echo $field->desc; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 
 		</p>
 
diff --git a/views/shortcodes/shortcodes.php b/views/shortcodes/shortcodes.php
index 7913183..0c76cfc 100644
--- a/views/shortcodes/shortcodes.php
+++ b/views/shortcodes/shortcodes.php
@@ -34,7 +34,7 @@
 						<?php echo esc_html($shortcode['title']); ?> <code>[<?php echo esc_html($shortcode['shortcode']); ?>]</code>
 					</h3>
 					<p class="wu-mt-1 wu-mb-0 wu-text-gray-700">
-						<?php echo wp_kses_post($shortcode['description']); ?>
+						<?php echo $shortcode['description']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 					</p>
 					</div>
 				</div>
@@ -61,7 +61,7 @@
 							<?php echo esc_html($param); ?>
 						</td>
 						<td class="wu-px-4 wu-py-2 wu-text-left">
-							<?php echo wp_kses_post($value['desc']); ?>
+							<?php echo $value['desc']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 						</td>
 						<td class="wu-px-4 wu-py-2 wu-text-left">
 							<?php echo esc_html($value['options']); ?>
diff --git a/views/wizards/host-integrations/activation.php b/views/wizards/host-integrations/activation.php
index cfe8b4f..6886c5d 100644
--- a/views/wizards/host-integrations/activation.php
+++ b/views/wizards/host-integrations/activation.php
@@ -10,7 +10,7 @@
 </h1>
 
 <p class="wu-text-lg wu-text-gray-600 wu-my-4">
-	<?php echo wp_kses_post($integration->get_description()); ?>
+	<?php echo $integration->get_description(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 </p>
 
 <div class="wu-bg-white wu-p-4 wu--mx-6">