Merge pull request #336 from Ecwid/dev

meteor-ec · web-flow · commit d6ca1cbb609d · 2025-04-09T02:02:48.000+04:00
PLUGINS-7030
diff --git a/includes/gutenberg/class-ecwid-gutenberg-block-store.php b/includes/gutenberg/class-ecwid-gutenberg-block-store.php
@@ -166,9 +166,9 @@ public function render_callback( $params ) {
 
 				if ( ! $is_profile_default ) {
 					if ( @$attribute['type'] == 'boolean' ) {
-						$config_js[] = 'window.ec.storefront.' . $name . '=' . ( $value === true ? 'true' : 'false' ) . ';';
+						$config_js[] = 'window.ec.storefront.' . esc_js( $name ) . '=' . ( $value === true ? 'true' : 'false' ) . ';';
 					} else {
-						$config_js[] = 'window.ec.storefront.' . $name . "='" . $value . "';";
+						$config_js[] = 'window.ec.storefront.' . esc_js( $name ) . "='" . esc_js( $value ) . "';";
 					}
 					$store_page_data[ $name ] = $value;
 				}
@@ -179,7 +179,7 @@ public function render_callback( $params ) {
 		foreach ( array( 'foreground', 'background', 'link', 'price', 'button' ) as $kind ) {
 			$color = ( isset( $params[ 'chameleon_color_' . $kind ] ) ) ? $params[ 'chameleon_color_' . $kind ] : false;
 			if ( $color ) {
-				$colors[ 'color-' . $kind ] = $color;
+				$colors[ 'color-' . esc_js( $kind ) ] = esc_js( $color );
 			}
 		}
 
diff --git a/includes/integrations/class-ecwid-integration-gutenberg.php b/includes/integrations/class-ecwid-integration-gutenberg.php
@@ -287,9 +287,9 @@ public function render_callback( $params ) {
 
 			if ( @$attribute['is_storefront_api'] ) {
 				if ( @$attribute['type'] == 'boolean' ) {
-					$result .= 'window.ec.storefront.' . $name . '=' . ( $value ? 'true' : 'false' ) . ';' . PHP_EOL;
+					$result .= 'window.ec.storefront.' . esc_js( $name ) . '=' . ( $value ? 'true' : 'false' ) . ';' . PHP_EOL;
 				} else {
-					$result .= 'window.ec.storefront.' . $name . "='" . $value . "';" . PHP_EOL;
+					$result .= 'window.ec.storefront.' . esc_js( $name ) . "='" . esc_js( $value ) . "';" . PHP_EOL;
 				}
 				$store_page_data[ $name ] = $value;
 			}
@@ -299,7 +299,7 @@ public function render_callback( $params ) {
 		foreach ( array( 'foreground', 'background', 'link', 'price', 'button' ) as $kind ) {
 			$color = @$params[ 'chameleon_color_' . $kind ];
 			if ( $color ) {
-				$colors[ 'color-' . $kind ] = $color;
+				$colors[ 'color-' . esc_js( $kind ) ] = esc_js( $color );
 			}
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -166,9 +166,9 @@ public function render_callback( $params ) {`
`166`	`166`
`167`	`167`	`if ( ! $is_profile_default ) {`
`168`	`168`	`if ( @$attribute['type'] == 'boolean' ) {`
`169`		`- $config_js[] = 'window.ec.storefront.' . $name . '=' . ( $value === true ? 'true' : 'false' ) . ';';`
	`169`	`+ $config_js[] = 'window.ec.storefront.' . esc_js( $name ) . '=' . ( $value === true ? 'true' : 'false' ) . ';';`
`170`	`170`	`} else {`
`171`		`- $config_js[] = 'window.ec.storefront.' . $name . "='" . $value . "';";`
	`171`	`+ $config_js[] = 'window.ec.storefront.' . esc_js( $name ) . "='" . esc_js( $value ) . "';";`
`172`	`172`	`}`
`173`	`173`	`$store_page_data[ $name ] = $value;`
`174`	`174`	`}`
`@@ -179,7 +179,7 @@ public function render_callback( $params ) {`
`179`	`179`	`foreach ( array( 'foreground', 'background', 'link', 'price', 'button' ) as $kind ) {`
`180`	`180`	`$color = ( isset( $params[ 'chameleon_color_' . $kind ] ) ) ? $params[ 'chameleon_color_' . $kind ] : false;`
`181`	`181`	`if ( $color ) {`
`182`		`- $colors[ 'color-' . $kind ] = $color;`
	`182`	`+ $colors[ 'color-' . esc_js( $kind ) ] = esc_js( $color );`
`183`	`183`	`}`
`184`	`184`	`}`
`185`	`185`
Original file line number	Diff line number	Diff line change
`@@ -287,9 +287,9 @@ public function render_callback( $params ) {`
`287`	`287`
`288`	`288`	`if ( @$attribute['is_storefront_api'] ) {`
`289`	`289`	`if ( @$attribute['type'] == 'boolean' ) {`
`290`		`- $result .= 'window.ec.storefront.' . $name . '=' . ( $value ? 'true' : 'false' ) . ';' . PHP_EOL;`
	`290`	`+ $result .= 'window.ec.storefront.' . esc_js( $name ) . '=' . ( $value ? 'true' : 'false' ) . ';' . PHP_EOL;`
`291`	`291`	`} else {`
`292`		`- $result .= 'window.ec.storefront.' . $name . "='" . $value . "';" . PHP_EOL;`
	`292`	`+ $result .= 'window.ec.storefront.' . esc_js( $name ) . "='" . esc_js( $value ) . "';" . PHP_EOL;`
`293`	`293`	`}`
`294`	`294`	`$store_page_data[ $name ] = $value;`
`295`	`295`	`}`
`@@ -299,7 +299,7 @@ public function render_callback( $params ) {`
`299`	`299`	`foreach ( array( 'foreground', 'background', 'link', 'price', 'button' ) as $kind ) {`
`300`	`300`	`$color = @$params[ 'chameleon_color_' . $kind ];`
`301`	`301`	`if ( $color ) {`
`302`		`- $colors[ 'color-' . $kind ] = $color;`
	`302`	`+ $colors[ 'color-' . esc_js( $kind ) ] = esc_js( $color );`
`303`	`303`	`}`
`304`	`304`	`}`
`305`	`305`