From b53415a95b8f7c65ecd421117d656c8e5effc3da Mon Sep 17 00:00:00 2001 From: claudiulodro Date: Tue, 23 Apr 2024 11:52:25 -0700 Subject: [PATCH] fix: improved attribute handling --- includes/class-newspack-popups-inserter.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/includes/class-newspack-popups-inserter.php b/includes/class-newspack-popups-inserter.php index 9a4fee7e..bfbaeb62 100755 --- a/includes/class-newspack-popups-inserter.php +++ b/includes/class-newspack-popups-inserter.php @@ -721,11 +721,18 @@ public static function enqueue_scripts() { * @return HTML */ public static function popup_shortcode( $atts = array() ) { + $default_atts = [ + 'id' => 0, + 'class' => '', + ]; + $atts = \shortcode_atts( $default_atts, $atts, 'newspack-popup' ); + + $found_popup = false; if ( Newspack_Popups::preset_popup_id() ) { $found_popup = Newspack_Popups_Presets::retrieve_preset_popup( Newspack_Popups::preset_popup_id() ); - } elseif ( isset( $atts['id'] ) ) { + } elseif ( ! empty( $atts['id'] ) && is_numeric( $atts['id'] ) ) { $include_unpublished = Newspack_Popups::is_preview_request(); - $found_popup = Newspack_Popups_Model::retrieve_popup_by_id( $atts['id'], $include_unpublished ); + $found_popup = Newspack_Popups_Model::retrieve_popup_by_id( (int) $atts['id'], $include_unpublished ); } if ( ! $found_popup ) { return; @@ -742,7 +749,7 @@ public static function popup_shortcode( $atts = array() ) { $class_names = ''; if ( ! empty( $atts['class'] ) ) { - $class_names .= ' class="' . $atts['class'] . '"'; + $class_names = sprintf( ' class="%s"', \esc_attr( $atts['class'] ) ); } // Wrapping the inline popup in an aside element prevents the markup from being mangled