0

I am editing the woocommerce orders.php template and ran into a problem. The template shows to user the orders he has placed. There are now several variables that I think need to be coded for security, such as $date_created or $view_order which contains the order link. So I'm trying to add esc_html to these and other variables but when I do it displays plain text on screen and not html tag with its css.

Is there a way to use esc_html and keep the output clean so it displays html and css tags normally? Sorry but I'm new to all this, I'm trying to learn step by step, I hope someone can show me a possible way / solution. I appreciate any help, thanks.

Basically I use this to display variables and everything works fine, the variable is displayed with its css: enter image description here

<td class="product_data">
  <span>'. $date_created .'</span>
</td>

If I try to do this, the variables is displayed without its css style enter image description here

<td class="product_data">
  <span><?php echo esc_html($date_created); ?></span>
</td>

Another example, if I have $example = esc_html( '<a href="http://www.example.com/">A link</a>' ); this displayed as <a href="http://www.example.com/">A link</a> instead of A link. Is there any way to solve this problem?

This is my orders.php template: I don't think it matters, but I have entered the complete template.

<?php
//* echo do_shortcode('[elementor-template id="40136"]'); *//
?><div class="orders-container"><?php

defined( 'ABSPATH' ) || exit;

do_action( 'woocommerce_before_account_orders', $has_orders );
                
?><table class="table_orders heading"><tr>
 <td class="product_number">Ordine</td>
 <td class="product_name">Prodotto</td>
 <td class="product_data">Data</td>
 <td class="product_price">Totale</td>
 <td class="product_status">Stato</td>
 <td class="product_action">File</td>
</tr></table><?php

if ( $has_orders ) {
    // Get Access $order variable Foreach
    foreach ( $customer_orders->orders as $customer_order ) {
     // Get $product object from $order / $order_id
     $order = wc_get_order( $customer_order );
     $items = $order->get_items();
     
     $orders_id = $order->get_id();
     $status =  wc_get_order_status_name( $order->get_status() );
     $date_created = $order->get_date_created()->date('d/m/Y');
     $payment_method = $order->get_payment_method_title();
     $order_total = $order->get_formatted_order_total();

        // Get Access Items & Product Variable Foreach
        foreach ( $items as $item ) {
         $product_name = $item->get_name();
         
         // Get product image - https://www.businessbloomer.com/woocommerce-easily-get-product-info-title-sku-desc-product-object/
         $product = $item->get_product();
            if( $product instanceof WC_Product ){
             $order_img = $product->get_image();
            }
    
         //Get product download button 
         $downloads = $order->get_downloadable_items();
            if(is_array($downloads)) {
                foreach($downloads as $product){
                 $download_button = '<a href="'. $product['download_url'] .'" target="_blank">Download</a>';
                } 
            } 
            
         $view_order = $order->get_view_order_url();
            
            //Start Prov Echo
            ?>
            <td class="product_data">
                <span class="mobile title">Data</span>
                <span><?php echo esc_html($date_created); ?></span>
            </td>
            <?php
            
            // Start echo
            echo '
                <table class="table_orders">
                <tr class="table_row_items">
                    <td class="product_number">
                     <span class="mobile title">Ordine</span>
                     <span>#'. $orders_id .'</span>
                    </td>
    
                    <td class="product_name">
                     <span class="mobile title">Prodotto</span>
                     <a href="'. $view_order .'">'. $product_name .'</a>
                    </td>
    
                    <td class="product_data">
                     <span class="mobile title">Data</span>
                     <span>'. $date_created .'</span>
                    </td>
    
                    <td class="product_price">
                     <span class="mobile title">Prezzo</span>
                     <span>'. $order_total .'</span>
                    </td>
    
                    <td class="product_status">
                     <span class="mobile title">Stato</span>
                     <span>'. $status .'</span>
                    </td>
 
                    <td class="product_action">
                     <span class="mobile title">File</span>
                     <a target=”_blank” href="'. $view_order .'">Visualizza<i class="fa-duotone fa-eye"></i></a>
                    </td>
                </tr>    
                </table> 
            '; //End Echo

             // Tasto download funzionante - if($downloads) { echo '<div class="container_orders_download"> '. $download_button .' </div>'; }
        }
    }
    
    // Pagination button - Responsabile dei bottoni e numerazione delle pagine della cronologia ordini
    ?><div class="container-pagination"><?php 
        $args = array(
         'base'          => esc_url( wc_get_endpoint_url( 'orders') ) . '%_%',
         'format'        => '%#%',
         'total'         => $customer_orders->max_num_pages,
         'current'       => $current_page,
         'show_all'      => false,
         'end_size'      => 3,
         'mid_size'      => 3,
         'prev_next'     => true,
         'prev_text' => __('<i class="fa-solid fa-angle-left"></i>'), 
         'next_text' => __('<i class="fa-solid fa-angle-right"></i>'),
         'type'          => 'plain',
         'add_args'      => false,
         'add_fragment'  => ''
        ); 
        echo paginate_links($args);
}       
        else {
         ?><div class="msg_orders">La tua cronologia ordini è vuota!</div><?php
        } 
    ?></div><?php

do_action( 'woocommerce_after_account_orders', $has_orders ); 

?>
</div>
Improve this question

1 Answer 1

Reset to default
2

You can use wp_kses_post, it filters text content and strips out disallowed HTML.

echo wp_kses_post( $date_created );
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for your comment, but that does not change, I keep viewing as text, the html is not read.
I tried like this: echo wp_kses_post( $date_created ) it works but I'm not sure if that's the right practice.
great, whatever works for you. I will update the answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.