Remove overzealous escaping

2025-04-07 09:47:01 -06:00
parent 816abe7360
commit d86e54544b
7 changed files with 10 additions and 10 deletions
--- a/views/base/centered.php
+++ b/views/base/centered.php
@ -108,7 +108,7 @@
 						<div class="inside">
-							<?php echo wp_kses_post($content); ?>
+							<?php echo $content; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 						</div>
--- a/views/dashboard-statistics/widget-forms.php
+++ b/views/dashboard-statistics/widget-forms.php
@ -61,7 +61,7 @@
 					<td>
 						<?php echo esc_html($form->signup_form); ?>
 						<?php if ('by-admin' === $form->signup_form) : ?>
-							<?php echo wp_kses_post(wu_tooltip(__('Customers created via the admin panel, by super admins.', 'wp-multisite-waas'))); ?>
+							<?php echo wu_tooltip(__('Customers created via the admin panel, by super admins.', 'wp-multisite-waas')); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 						<?php endif; ?>
 					</td>
 					<td class="wu-text-right"><?php echo intval($form->count); ?></td> <!-- Ensure count is an integer and properly escaped -->
--- a/views/events/widget-message.php
+++ b/views/events/widget-message.php
@ -12,7 +12,7 @@
 	<h3 class="wu-my-1 wu-text-2xs wu-uppercase"><?php echo esc_html__('Message', 'wp-multisite-waas'); ?></h3>
 	<span class="wu-my-1 wu-inline-block">
-		<?php echo wp_kses_post($object->get_message()); ?>
+		<?php echo $object->get_message(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 	</span>
 	</li>
--- a/views/invoice/template.php
+++ b/views/invoice/template.php
@ -185,7 +185,7 @@ $has_tax_included = false;
 							/**
 							 * Displays the company address.
 							 */
-							echo wp_kses(nl2br($company_address), array('br' => array()));
+							echo nl2br(esc_html($company_address), array('br' => array()));
 							?>
 						</td>
@ -198,7 +198,7 @@ $has_tax_included = false;
 							/**
 							 * Displays the clients address.
 							 */
-							echo wp_kses(nl2br(implode(PHP_EOL, (array) $billing_address)), array('br' => array()));
+							echo nl2br(esc_html(implode(PHP_EOL, (array) $billing_address)), array('br' => array()));
 							?>
--- a/views/settings/fields/field-text.php
+++ b/views/settings/fields/field-text.php
@ -25,7 +25,7 @@
 		<?php if (isset($field->append) && ! empty($field->append)) : ?>
-			<?php echo wp_kses_post($field->append); ?>
+			<?php echo $field->append; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 		<?php endif; ?>
@ -33,7 +33,7 @@
 		<p class="description" id="<?php echo esc_attr($field->id); ?>-desc">
-			<?php echo $field->desc; ?>
+			<?php echo $field->desc; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 		</p>
--- a/views/shortcodes/shortcodes.php
+++ b/views/shortcodes/shortcodes.php
@ -34,7 +34,7 @@
 						<?php echo esc_html($shortcode['title']); ?> <code>[<?php echo esc_html($shortcode['shortcode']); ?>]</code>
 					</h3>
 					<p class="wu-mt-1 wu-mb-0 wu-text-gray-700">
-						<?php echo wp_kses_post($shortcode['description']); ?>
+						<?php echo $shortcode['description']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 					</p>
 					</div>
 				</div>
@ -61,7 +61,7 @@
 							<?php echo esc_html($param); ?>
 						</td>
 						<td class="wu-px-4 wu-py-2 wu-text-left">
-							<?php echo wp_kses_post($value['desc']); ?>
+							<?php echo $value['desc']; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 						</td>
 						<td class="wu-px-4 wu-py-2 wu-text-left">
 							<?php echo esc_html($value['options']); ?>
--- a/views/wizards/host-integrations/activation.php
+++ b/views/wizards/host-integrations/activation.php
@ -10,7 +10,7 @@
 </h1>
 <p class="wu-text-lg wu-text-gray-600 wu-my-4">
-	<?php echo wp_kses_post($integration->get_description()); ?>
+	<?php echo $integration->get_description(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 </p>
 <div class="wu-bg-white wu-p-4 wu--mx-6">