I have got a comment from someone superior to me who wants me to escape some comment in two php snippets which I have posted below. The problem is I don’t know how to do that. Can anyone help me by modifying the snippets.
Comment I got:
Comment #1:
Validate and/or sanitize untrusted data before entering into the database. All untrusted data should be escaped before output.
Code Snippet #1:
<?php
if ( get_header_image() && !('blank' == get_header_textcolor()) ) {
echo '<div class="site-branding header-background-image" style="background-image: url(' . get_header_image() . ')">';
} else {
echo '<div class="site-branding">';
}
?>
Code Snippet #2:
<?php
printf(
/* translators: %1$s = text link: sangeet, URL: http://wordpress.org/themes/sangeet/, %2$s = text link: Kiran Kumar Dash, URL: https://twitter.com/TheKiranDash */
__( 'Theme: %1$s by %2$s', 'sangeet' ),
'<a href="http://wordpress.org/themes/sangeet/" rel="nofollow">' . esc_attr( 'sangeet', 'sangeet' ) . '</a>',
'<a href="https://twitter.com/TheKiranDash" rel="designer nofollow">' . esc_attr__( 'Kiran Kumar Dash', 'sangeet' ) . '</a>' );
?>
Comment #2:
esc all get_permalink() in content.php
Code snippet #3
<?php
if ( !is_single() ) {
echo '<div class="index-box">';
if ( has_post_thumbnail()) {
echo '<div class="small-index-thumbnail clear">';
echo '<a href="' . get_permalink() . '" title="' . __('Read ', 'sangeet') . get_the_title() . '" rel="bookmark">';
echo the_post_thumbnail('index-thumb');
echo '</a>';
echo '</div>';
}
}
?>
My approach:
I used esc_url to esc the get_permalink() in the snippet. Shall I use esc_all? Or esc_url is just fine.
<?php
if ( !is_single() ) {
echo '<div class="index-box">';
if ( has_post_thumbnail()) {
echo '<div class="small-index-thumbnail clear">';
echo '<a href="' . esc_url(get_permalink()) . '" title="' . __('Read ', 'sangeet') . get_the_title() . '" rel="bookmark">';
echo the_post_thumbnail('index-thumb');
echo '</a>';
echo '</div>';
}
}
?>
As requested:
PS. I didnt write this, only advanced it.
Usage:
Function: