Skip to content

Commit d4094fb

Browse files
aristatharistath
committed
escape strings on output
1 parent 15163b1 commit d4094fb

1 file changed

Lines changed: 6 additions & 9 deletions

File tree

wp-includes/sqlite/class-wp-sqlite-pdo-engine.php

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -328,8 +328,7 @@ private function prepare_directory() {
328328
if ( ! is_dir( FQDBDIR ) ) {
329329
if ( ! @mkdir( FQDBDIR, 0704, true ) ) {
330330
umask( $u );
331-
$message = __( 'Unable to create the required directory! Please check your server settings.', 'sqlite' );
332-
wp_die( $message, 'Error!' );
331+
wp_die( esc_html__( 'Unable to create the required directory! Please check your server settings.', 'sqlite' ), 'Error!' );
333332
}
334333
}
335334
if ( ! is_writable( FQDBDIR ) ) {
@@ -341,8 +340,7 @@ private function prepare_directory() {
341340
$fh = fopen( FQDBDIR . '.htaccess', 'w' );
342341
if ( ! $fh ) {
343342
umask( $u );
344-
$message = __( 'Unable to create a file in the directory! Please check your server settings.', 'sqlite' );
345-
echo $message;
343+
esc_html_e( 'Unable to create a file in the directory! Please check your server settings.', 'sqlite' );
346344

347345
return false;
348346
}
@@ -353,8 +351,7 @@ private function prepare_directory() {
353351
$fh = fopen( FQDBDIR . 'index.php', 'w' );
354352
if ( ! $fh ) {
355353
umask( $u );
356-
$message = __( 'Unable to create a file in the directory! Please check your server settings.', 'sqlite' );
357-
echo $message;
354+
esc_html_e( 'Unable to create a file in the directory! Please check your server settings.', 'sqlite' );
358355

359356
return false;
360357
}
@@ -1304,7 +1301,7 @@ private function set_error( $line, $function, $message ) {
13041301
private function convert_to_object() {
13051302
$_results = array();
13061303
if ( count( $this->results ) === 0 ) {
1307-
echo $this->get_error_message();
1304+
echo wp_kses_post( $this->get_error_message() );
13081305
} else {
13091306
foreach ( $this->results as $row ) {
13101307
$_results[] = new WP_SQLite_Object_Array( $row );
@@ -1332,7 +1329,7 @@ private function convert_to_columns_object() {
13321329
'Extra' => '',
13331330
);
13341331
if ( empty( $this->_results ) ) {
1335-
echo $this->get_error_message();
1332+
echo wp_kses_post( $this->get_error_message() );
13361333
} else {
13371334
foreach ( $this->_results as $row ) {
13381335
if ( ! is_object( $row ) ) {
@@ -1384,7 +1381,7 @@ private function convert_to_index_object() {
13841381
'Comment' => '',
13851382
);
13861383
if ( 0 === count( $this->_results ) ) {
1387-
echo $this->get_error_message();
1384+
echo wp_kses_post( $this->get_error_message() );
13881385
} else {
13891386
foreach ( $this->_results as $row ) {
13901387
if ( 'table' === $row->type && ! stripos( $row->sql, 'primary' ) ) {

0 commit comments

Comments
 (0)