Coding Standards: Consistently escape URLs in wp-admin/themes.php.

SergeyBiryukov · SergeyBiryukov · commit a27e6a8ecd52 · 2024-11-13T12:25:43.000Z
Includes: * Wrapping long lines for better readability. * Bringing some consistency to the placement of `href` and `aria-label` attributes. * Adding missing `aria-label` attributes for Live Preview links. Follow-up to [26726], [52020], [51083]. Props patelketan, sainathpoojary, SergeyBiryukov. Fixes #62405. git-svn-id: https://develop.svn.wordpress.org/trunk@59400 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-admin/themes.php b/src/wp-admin/themes.php
@@ -583,7 +583,9 @@
 	/* translators: %s: Theme name. */
 	$details_aria_label = sprintf( _x( 'View Theme Details for %s', 'theme' ), $theme['name'] );
 	?>
-	<button type="button" aria-label="<?php echo esc_attr( $details_aria_label ); ?>" class="more-details" id="<?php echo esc_attr( $aria_action ); ?>"><?php _e( 'Theme Details' ); ?></button>
+	<button type="button" class="more-details" id="<?php echo esc_attr( $aria_action ); ?>"
+		aria-label="<?php echo esc_attr( $details_aria_label ); ?>"
+	><?php _e( 'Theme Details' ); ?></button>
 	<div class="theme-author">
 		<?php
 		/* translators: %s: Theme author name. */
@@ -607,30 +609,49 @@
 				/* translators: %s: Theme name. */
 				$customize_aria_label = sprintf( _x( 'Customize %s', 'theme' ), $theme['name'] );
 				?>
-				<a aria-label="<?php echo esc_attr( $customize_aria_label ); ?>" class="button button-primary customize load-customize hide-if-no-customize" href="<?php echo $theme['actions']['customize']; ?>"><?php _e( 'Customize' ); ?></a>
+				<a class="button button-primary customize load-customize hide-if-no-customize"
+					href="<?php echo esc_url( $theme['actions']['customize'] ); ?>"
+					aria-label="<?php echo esc_attr( $customize_aria_label ); ?>"
+				><?php _e( 'Customize' ); ?></a>
 			<?php } ?>
 		<?php } elseif ( $theme['compatibleWP'] && $theme['compatiblePHP'] ) { ?>
 			<?php
 			/* translators: %s: Theme name. */
 			$aria_label = sprintf( _x( 'Activate %s', 'theme' ), '{{ data.name }}' );
 			?>
-			<a class="button activate" href="<?php echo $theme['actions']['activate']; ?>" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Activate' ); ?></a>
+			<a class="button activate"
+				href="<?php echo esc_url( $theme['actions']['activate'] ); ?>"
+				aria-label="<?php echo esc_attr( $aria_label ); ?>"
+			><?php _e( 'Activate' ); ?></a>
+
 			<?php
 			// Only classic themes require the "customize" capability.
 			if ( current_user_can( 'edit_theme_options' ) && ( $theme['blockTheme'] || current_user_can( 'customize' ) ) ) {
 				/* translators: %s: Theme name. */
 				$live_preview_aria_label = sprintf( _x( 'Live Preview %s', 'theme' ), '{{ data.name }}' );
 				?>
-				<a aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>" class="button button-primary load-customize hide-if-no-customize" href="<?php echo $theme['actions']['customize']; ?>"><?php _e( 'Live Preview' ); ?></a>
+				<a class="button button-primary load-customize hide-if-no-customize"
+					href="<?php echo esc_url( $theme['actions']['customize'] ); ?>"
+					aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>"
+				><?php _e( 'Live Preview' ); ?></a>
 			<?php } ?>
 		<?php } else { ?>
 			<?php
 			/* translators: %s: Theme name. */
 			$aria_label = sprintf( _x( 'Cannot Activate %s', 'theme' ), '{{ data.name }}' );
 			?>
-			<a class="button disabled" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
-			<?php if ( ! $theme['blockTheme'] && current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { ?>
-				<a class="button button-primary hide-if-no-customize disabled"><?php _e( 'Live Preview' ); ?></a>
+			<a class="button disabled"
+				aria-label="<?php echo esc_attr( $aria_label ); ?>"
+			><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
+
+			<?php
+			if ( ! $theme['blockTheme'] && current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) {
+				/* translators: %s: Theme name. */
+				$live_preview_aria_label = sprintf( _x( 'Live Preview %s', 'theme' ), '{{ data.name }}' );
+				?>
+				<a class="button button-primary hide-if-no-customize disabled"
+					aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>"
+				><?php _e( 'Live Preview' ); ?></a>
 			<?php } ?>
 		<?php } ?>
 
@@ -954,7 +975,9 @@ function wp_theme_auto_update_setting_template() {
 	/* translators: %s: Theme name. */
 	$details_aria_label = sprintf( _x( 'View Theme Details for %s', 'theme' ), '{{ data.name }}' );
 	?>
-	<button type="button" aria-label="<?php echo esc_attr( $details_aria_label ); ?>" class="more-details" id="{{ data.id }}-action"><?php _e( 'Theme Details' ); ?></button>
+	<button type="button" class="more-details" id="{{ data.id }}-action"
+		aria-label="<?php echo esc_attr( $details_aria_label ); ?>"
+	><?php _e( 'Theme Details' ); ?></button>
 	<div class="theme-author">
 		<?php
 		/* translators: %s: Theme author name. */
@@ -978,28 +1001,47 @@ function wp_theme_auto_update_setting_template() {
 					/* translators: %s: Theme name. */
 					$customize_aria_label = sprintf( _x( 'Customize %s', 'theme' ), '{{ data.name }}' );
 					?>
-					<a aria-label="<?php echo esc_attr( $customize_aria_label ); ?>" class="button button-primary customize load-customize hide-if-no-customize" href="{{{ data.actions.customize }}}"><?php _e( 'Customize' ); ?></a>
+					<a class="button button-primary customize load-customize hide-if-no-customize"
+						href="{{{ data.actions.customize }}}"
+						aria-label="<?php echo esc_attr( $customize_aria_label ); ?>"
+					><?php _e( 'Customize' ); ?></a>
 				<# } #>
 			<# } else { #>
 				<# if ( data.compatibleWP && data.compatiblePHP ) { #>
 					<?php
 					/* translators: %s: Theme name. */
 					$aria_label = sprintf( _x( 'Activate %s', 'theme' ), '{{ data.name }}' );
 					?>
-					<a class="button activate" href="{{{ data.actions.activate }}}" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Activate' ); ?></a>
+					<a class="button activate"
+						href="{{{ data.actions.activate }}}"
+						aria-label="<?php echo esc_attr( $aria_label ); ?>"
+					><?php _e( 'Activate' ); ?></a>
+
 					<?php
 					/* translators: %s: Theme name. */
 					$live_preview_aria_label = sprintf( _x( 'Live Preview %s', 'theme' ), '{{ data.name }}' );
 					?>
-					<a aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>" class="button button-primary load-customize hide-if-no-customize" href="{{{ data.actions.customize }}}"><?php _e( 'Live Preview' ); ?></a>
+					<a class="button button-primary load-customize hide-if-no-customize"
+						href="{{{ data.actions.customize }}}"
+						aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>"
+					><?php _e( 'Live Preview' ); ?></a>
 				<# } else { #>
 					<?php
 					/* translators: %s: Theme name. */
 					$aria_label = sprintf( _x( 'Cannot Activate %s', 'theme' ), '{{ data.name }}' );
 					?>
-					<a class="button disabled" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
+					<a class="button disabled"
+						aria-label="<?php echo esc_attr( $aria_label ); ?>"
+					><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
+
 					<# if ( ! data.blockTheme ) { #>
-						<a class="button button-primary hide-if-no-customize disabled"><?php _e( 'Live Preview' ); ?></a>
+						<?php
+						/* translators: %s: Theme name. */
+						$live_preview_aria_label = sprintf( _x( 'Live Preview %s', 'theme' ), '{{ data.name }}' );
+						?>
+						<a class="button button-primary hide-if-no-customize disabled"
+							aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>"
+						><?php _e( 'Live Preview' ); ?></a>
 					<# } #>
 				<# } #>
 			<# } #>
@@ -1211,31 +1253,54 @@ function wp_theme_auto_update_setting_template() {
 
 		<div class="theme-actions">
 			<div class="active-theme">
-				<a href="{{{ data.actions.customize }}}" class="button button-primary customize load-customize hide-if-no-customize"><?php _e( 'Customize' ); ?></a>
+				<a class="button button-primary customize load-customize hide-if-no-customize"
+					href="{{{ data.actions.customize }}}"
+				><?php _e( 'Customize' ); ?></a>
 				<?php echo implode( ' ', $current_theme_actions ); ?>
 			</div>
+
 			<div class="inactive-theme">
 				<# if ( data.compatibleWP && data.compatiblePHP ) { #>
-					<?php
-					/* translators: %s: Theme name. */
-					$aria_label = sprintf( _x( 'Activate %s', 'theme' ), '{{ data.name }}' );
-					?>
 					<# if ( ! data.blockTheme ) { #>
-						<a href="{{{ data.actions.customize }}}" class="button button-primary load-customize hide-if-no-customize"><?php _e( 'Live Preview' ); ?></a>
+						<?php
+						/* translators: %s: Theme name. */
+						$live_preview_aria_label = sprintf( _x( 'Live Preview %s', 'theme' ), '{{ data.name }}' );
+						?>
+						<a class="button button-primary load-customize hide-if-no-customize"
+							href="{{{ data.actions.customize }}}"
+							aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>"
+						><?php _e( 'Live Preview' ); ?></a>
 					<# } #>
+
 					<# if ( data.actions.activate ) { #>
-						<a href="{{{ data.actions.activate }}}" class="button activate" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Activate' ); ?></a>
+						<?php
+						/* translators: %s: Theme name. */
+						$aria_label = sprintf( _x( 'Activate %s', 'theme' ), '{{ data.name }}' );
+						?>
+						<a class="button activate"
+							href="{{{ data.actions.activate }}}"
+							aria-label="<?php echo esc_attr( $aria_label ); ?>"
+						><?php _e( 'Activate' ); ?></a>
 					<# } #>
 				<# } else { #>
-					<?php
-					/* translators: %s: Theme name. */
-					$aria_label = sprintf( _x( 'Cannot Activate %s', 'theme' ), '{{ data.name }}' );
-					?>
 					<# if ( ! data.blockTheme ) { #>
-						<a class="button button-primary hide-if-no-customize disabled"><?php _e( 'Live Preview' ); ?></a>
+						<?php
+						/* translators: %s: Theme name. */
+						$live_preview_aria_label = sprintf( _x( 'Live Preview %s', 'theme' ), '{{ data.name }}' );
+						?>
+						<a class="button button-primary hide-if-no-customize disabled"
+							aria-label="<?php echo esc_attr( $live_preview_aria_label ); ?>"
+						><?php _e( 'Live Preview' ); ?></a>
 					<# } #>
+
 					<# if ( data.actions.activate ) { #>
-						<a class="button disabled" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
+						<?php
+						/* translators: %s: Theme name. */
+						$aria_label = sprintf( _x( 'Cannot Activate %s', 'theme' ), '{{ data.name }}' );
+						?>
+						<a class="button disabled"
+							aria-label="<?php echo esc_attr( $aria_label ); ?>"
+						><?php _ex( 'Cannot Activate', 'theme' ); ?></a>
 					<# } #>
 				<# } #>
 			</div>
@@ -1245,7 +1310,10 @@ function wp_theme_auto_update_setting_template() {
 				/* translators: %s: Theme name. */
 				$aria_label = sprintf( _x( 'Delete %s', 'theme' ), '{{ data.name }}' );
 				?>
-				<a href="{{{ data.actions['delete'] }}}" class="button delete-theme" aria-label="<?php echo esc_attr( $aria_label ); ?>"><?php _e( 'Delete' ); ?></a>
+				<a class="button delete-theme"
+					href="{{{ data.actions['delete'] }}}"
+					aria-label="<?php echo esc_attr( $aria_label ); ?>"
+				><?php _e( 'Delete' ); ?></a>
 			<# } #>
 		</div>
 	</div>
