Gbet website links,Slot machine finder app.REGISTER NOW GET FREE 888 PESOS REWARDS!

(@franchidesign)

Hi,
I would like to ask for advice for escaped before output.
This is my code:

 <?php
   $whowearecontent = get_theme_mod( 'page_id_whoweare', '' );
   $whoweare_count = 1;
   $mod = new WP_Query( array( 'page_id' => $whowearecontent ,'showposts' => $whoweare_count ) );
   while ( $mod->have_posts() ) : $mod->the_post(); { ?>
   <?php $avik_image_attributes = wp_get_attachment_image_src( get_post_thumbnail_id( $post->ID ), 'avik_big');?>
  <section id="who-we-are" class="avik-who-we-are">
    <div class="row m-0">
      <div class="col-xs-12 col-sm-4">
        <!-- Title who-we-are -->
        <h3><?php the_title();?></h3>
          <div><?php the_excerpt();?></div>
             <div class="avik-btn-who-we-are">
             <a>" class="btn btn-avik" role="button" aria-pressed="true" data-aos="zoom-in" data-aos-duration="2000"><?php esc_html_e('Read more...','avik'); ?></a>
             </div>
      </div>
      <div class="col-xs-12 col-sm-8 who-we-are-image-frame">
          <div class="col-xs-12 row">
              <!-- Image 1 who we are -->
              <div class="first-image-who-we-are" data-aos="fade-right" data-aos-duration="2000">
                  <img />"
                         alt="<?php echo get_theme_mod('alt_image_whoweare','who we are'); ?>" />
              </div>
              <!-- Image 2 who we are -->
              <div class="second-image-who-we-are" data-aos="fade-left" data-aos-duration="2000">
              <img class="img-who-we-are border-who-we-are" src="<?php if ( $avik_image_attributes[0] ) : 
              echo $avik_image_attributes[0]; else: echo get_template_directory_uri().'/images/avik-default.jpg'; endif; ?>" 
              alt="<?php echo get_theme_mod('alt_image_2_whoweare','who we are 2'); ?>"/>
              </div>
          </div>
      </div>
    </div>
  </section>
  <div class="clear"></div> 
 <?php }
   endwhile;
   wp_reset_query();
   wp_reset_postdata(); ?>

How can I intervene to be sure?
Thank you!

This topic was modified 6 years, 9 months ago by Steven Stern (sterndata).
This topic was modified 6 years, 9 months ago by Steven Stern (sterndata).

Viewing 4 replies - 1 through 4 (of 4 total)

Moderator bcworkz
(@bcworkz)

6 years, 9 months ago

If the content you are outputting contains any data that was originally sourced from a user or similar unreliable input, it needs to be escaped. How to escape depends on the type of data being output. If you are outputting HTML, use esc_html().

No need to escape hardcoded or reliable content:
echo '<em>Hello world!</em>';

Beware of user input, it must be escaped:
echo esc_html("<em>Hello $user_provided_name!</em>");

Thread Starter Franchi Web Design
(@franchidesign)

6 years, 9 months ago

Thanks, so for example

alt="<?php echo get_theme_mod('alt_image_2_whoweare','who we are 2'); ?>"

how can i use esc_html ?

Moderator bcworkz
(@bcworkz)

6 years, 9 months ago

Ah! That appears to be an img tag attribute. There’s a special escape function just for HTML attributes, esc_attr(). Use it like so:
alt="<?php echo esc_attr( get_theme_mod('alt_image_2_whoweare','who we are 2')); ?>"

Thread Starter Franchi Web Design
(@franchidesign)

6 years, 9 months ago

Thanks so much!

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Escaped before output in get_theme_mod’ is closed to new replies.

Escaped before output in get_theme_mod

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics