Update wp-accessibility.php

joedolson · joedolson · commit f22bfd35d84e · 2025-02-11T12:08:48.000-06:00
diff --git a/src/wp-accessibility.php b/src/wp-accessibility.php
@@ -781,7 +781,7 @@ function wpa_get_support_form() {
 		if ( ! wp_verify_nonce( $nonce, 'wpa-nonce' ) ) {
 			wp_die( 'WP Accessibility: Security check failed' );
 		}
-		$request     = ( ! empty( $_POST['support_request'] ) ) ? sanitize_textarea_field( stripslashes( $_POST['support_request'] ) ) : false;
+		$request     = ( ! empty( $_POST['support_request'] ) ) ? sanitize_textarea_field( wp_unslash( $_POST['support_request'] ) ) : false;
 		$has_donated = ( 'on' === $_POST['has_donated'] ) ? 'Donor' : 'No donation';
 		$subject     = "WP Accessibility support request. $has_donated";
 		$message     = $request . "\n\n" . $data;
@@ -794,13 +794,13 @@ function wpa_get_support_form() {
 		$from       = "From: $current_user->display_name <$from_email>\r\nReply-to: $current_user->display_name <$current_user->user_email>\r\n";
 
 		if ( ! $request ) {
-			echo "<div class='message error'><p>" . __( 'Please describe your problem.', 'wp-accessibility' ) . '</p></div>';
+			echo "<div class='message error'><p>" . esc_html__( 'Please describe your problem.', 'wp-accessibility' ) . '</p></div>';
 		} else {
 			wp_mail( 'plugins@joedolson.com', $subject, $message, $from );
 			if ( 'Donor' === $has_donated ) {
-				echo "<div class='message updated'><p>" . __( 'Thank you for supporting the continuing development of this plug-in! I\'ll get back to you as soon as I can.', 'wp-accessibility' ) . '</p></div>';
+				echo "<div class='message updated'><p>" . esc_html__( 'Thank you for supporting the continuing development of this plug-in! I\'ll get back to you as soon as I can.', 'wp-accessibility' ) . '</p></div>';
 			} else {
-				echo "<div class='message updated'><p>" . __( 'I cannot provide support, but will treat your request as a bug report, and will incorporate any permanent solutions I discover into the plug-in.', 'wp-accessibility' ) . '</p></div>';
+				echo "<div class='message updated'><p>" . esc_html__( 'I cannot provide support, but will treat your request as a bug report, and will incorporate any permanent solutions I discover into the plug-in.', 'wp-accessibility' ) . '</p></div>';
 			}
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -781,7 +781,7 @@ function wpa_get_support_form() {`
`781`	`781`	`if ( ! wp_verify_nonce( $nonce, 'wpa-nonce' ) ) {`
`782`	`782`	`wp_die( 'WP Accessibility: Security check failed' );`
`783`	`783`	`}`
`784`		`- $request = ( ! empty( $_POST['support_request'] ) ) ? sanitize_textarea_field( stripslashes( $_POST['support_request'] ) ) : false;`
	`784`	`+ $request = ( ! empty( $_POST['support_request'] ) ) ? sanitize_textarea_field( wp_unslash( $_POST['support_request'] ) ) : false;`
`785`	`785`	`$has_donated = ( 'on' === $_POST['has_donated'] ) ? 'Donor' : 'No donation';`
`786`	`786`	`$subject = "WP Accessibility support request. $has_donated";`
`787`	`787`	`$message = $request . "\n\n" . $data;`
`@@ -794,13 +794,13 @@ function wpa_get_support_form() {`
`794`	`794`	`$from = "From: $current_user->display_name <$from_email>\r\nReply-to: $current_user->display_name <$current_user->user_email>\r\n";`
`795`	`795`
`796`	`796`	`if ( ! $request ) {`
`797`		`- echo "<div class='message error'><p>" . __( 'Please describe your problem.', 'wp-accessibility' ) . '</p></div>';`
	`797`	`+ echo "<div class='message error'><p>" . esc_html__( 'Please describe your problem.', 'wp-accessibility' ) . '</p></div>';`
`798`	`798`	`} else {`
`799`	`799`	`wp_mail( '[email protected]', $subject, $message, $from );`
`800`	`800`	`if ( 'Donor' === $has_donated ) {`
`801`		`- echo "<div class='message updated'><p>" . __( 'Thank you for supporting the continuing development of this plug-in! I\'ll get back to you as soon as I can.', 'wp-accessibility' ) . '</p></div>';`
	`801`	`+ echo "<div class='message updated'><p>" . esc_html__( 'Thank you for supporting the continuing development of this plug-in! I\'ll get back to you as soon as I can.', 'wp-accessibility' ) . '</p></div>';`
`802`	`802`	`} else {`
`803`		`- echo "<div class='message updated'><p>" . __( 'I cannot provide support, but will treat your request as a bug report, and will incorporate any permanent solutions I discover into the plug-in.', 'wp-accessibility' ) . '</p></div>';`
	`803`	`+ echo "<div class='message updated'><p>" . esc_html__( 'I cannot provide support, but will treat your request as a bug report, and will incorporate any permanent solutions I discover into the plug-in.', 'wp-accessibility' ) . '</p></div>';`
`804`	`804`	`}`
`805`	`805`	`}`
`806`	`806`	`}`