Skip to content

Commit

Permalink
Merge pull request CMB2#1262 from CMB2/escaping-file-display-class
Browse files Browse the repository at this point in the history
Add late escaping to CMB2_Display_File
  • Loading branch information
jtsternberg authored Apr 21, 2019
2 parents 4369533 + 060f351 commit 45432cb
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions includes/CMB2_Field_Display.php
Original file line number Diff line number Diff line change
Expand Up @@ -421,17 +421,17 @@ protected function file_output( $url_value, $id, CMB2_Type_File_Base $field_type
) );
} else {
$size = is_array( $img_size ) ? $img_size[0] : 200;
$image = '<img class="cmb-image-display" style="max-width: ' . absint( $size ) . 'px; width: 100%; height: auto;" src="' . $url_value . '" alt="" />';
$image = '<img class="cmb-image-display" style="max-width: ' . absint( $size ) . 'px; width: 100%; height: auto;" src="' . esc_url( $url_value ) . '" alt="" />';
}

echo $image;

} else {

printf( '<div class="file-status"><span>%1$s <strong><a href="%2$s">%3$s</a></strong></span></div>',
esc_html( $field_type->_text( 'file_text', esc_html__( 'File:', 'cmb2' ) ) ),
$url_value,
CMB2_Utils::get_file_name_from_path( $url_value )
esc_html( $field_type->_text( 'file_text', __( 'File:', 'cmb2' ) ) ),
esc_url( $url_value ),
esc_html( CMB2_Utils::get_file_name_from_path( $url_value ) )
);

}
Expand Down

0 comments on commit 45432cb

Please sign in to comment.