Escape more variables

includes/builder/class-builder.php

@@ -153,7 +153,7 @@ public function load_templates( $post_id ) {
                     var item_template = wp.template( 'fxb-item' );
                     <?php foreach ( $items_data as $item_id => $item ) { ?>
                         <?php if ( isset( $rows_data[ $item['row_id'] ] ) ) { ?>
-                            $( '.fxb-row[data-id="<?php echo $item['row_id']; ?>"] .fxb-col[data-col_index="<?php echo $item['col_index']; ?>"] .fxb-col-content' ).append( item_template( <?php echo wp_json_encode( $item ); ?> ) );
+                            $( '.fxb-row[data-id="<?php echo esc_attr( $item['row_id'] ); ?>"] .fxb-col[data-col_index="<?php echo esc_attr( $item['col_index'] ); ?>"] .fxb-col-content' ).append( item_template( <?php echo wp_json_encode( $item ); ?> ) );
                         <?php } ?>
                     <?php } // end foreach ?>
                 <?php } ?>

includes/builder/class-functions.php

@@ -174,7 +174,9 @@ public static function render_column( $args = array() ) {
         );
 
         $args = wp_parse_args( $args, $args_default );
-        extract( $args );
+
+        $title = $args['title'];
+        $index = $args['index'];
 
         /* Var */
         $field = "col_{$index}";

includes/builder/class-tools.php

@@ -174,7 +174,7 @@ public function ajax_import_data() {
                     var item_template = wp.template( 'fxb-item' );
                     <?php foreach ( $items_data as $item_id => $item ) { ?>
                         <?php if ( isset( $rows_data[ $item['row_id'] ] ) ) { ?>
-                            $( '.fxb-row[data-id="<?php echo $item['row_id']; ?>"] .fxb-col[data-col_index="<?php echo $item['col_index']; ?>"] .fxb-col-content' ).append( item_template( <?php echo wp_json_encode( $item ); ?> ) );
+                            $( '.fxb-row[data-id="<?php echo esc_attr( $item['row_id'] ); ?>"] .fxb-col[data-col_index="<?php echo esc_attr( $item['col_index'] ); ?>"] .fxb-col-content' ).append( item_template( <?php echo wp_json_encode( $item ); ?> ) );
                         <?php } ?>
                     <?php } // end foreach ?>
                 <?php } ?>

includes/settings/class-settings.php

@@ -152,7 +152,7 @@ function() {
                         ?>
                         <p>
                             <label>
-                                <input type="checkbox" value="<?php echo esc_attr( $post_type->name ); ?>" name="fx-builder_post_types[]" <?php checked( post_type_supports( $post_type->name, 'fx_builder' ) ); ?>> <?php echo $post_type->label; ?>
+                                <input type="checkbox" value="<?php echo esc_attr( $post_type->name ); ?>" name="fx-builder_post_types[]" <?php checked( post_type_supports( esc_attr( $post_type->name ), 'fx_builder' ) ); ?>> <?php echo $post_type->label; ?>
                             </label>
                         </p>
                         <?php

includes/updater.php

@@ -58,12 +58,12 @@ function fxb_plugin_api_call( $def, $action, $args ) {
     $request = wp_remote_post( $api_url, $request_string );
 
     if ( is_wp_error( $request ) ) {
-        $res = new WP_Error( 'plugins_api_failed', __( 'An Unexpected HTTP Error occurred during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>' ), $request->get_error_message() );
+        $res = new WP_Error( 'plugins_api_failed', __( 'An Unexpected HTTP Error occurred during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>', 'fx-builder' ), $request->get_error_message() );
     } else {
         $res = unserialize( $request['body'] );
 
         if ( $res === false ) {
-            $res = new WP_Error( 'plugins_api_failed', __( 'An unknown error occurred' ), $request['body'] );
+            $res = new WP_Error( 'plugins_api_failed', __( 'An unknown error occurred', 'fx-builder' ), $request['body'] );
         }
     }