WordPress.org
Get WordPress

Plugin Directory

Changeset 1326142


Ignore:
Timestamp:
01/12/2016 12:24:55 AM (10 years ago)
Author:
hunk
Message:

tag 2.3.2.3

Location:
magic-fields-2/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • magic-fields-2/trunk/admin/mf_upload.php

    r1321819 r1326142  
    111111    var mf_par = window.parent;
    112112    var mf_js = <?php echo json_encode($resp); ?>;
    113     mf_par.<?php echo $_POST['callback']; ?>(mf_js);
     113    mf_par.<?php echo htmlspecialchars($_POST['callback'], ENT_QUOTES, 'UTF-8'); ?>(mf_js);
    114114 
    115115    var par = window.parent.document;
    116     var iframe = par.getElementById('iframe_upload_<?php echo $_POST["input_name"]?>');
     116    var iframe = par.getElementById('iframe_upload_<?php echo htmlspecialchars($_POST['input_name'], ENT_QUOTES, 'UTF-8');?>');
    117117    iframe.style.display="";
    118118  </script>
     
    144144  // hide old iframe
    145145  var par = window.parent.document;
    146   var iframe = par.getElementById('iframe_upload_<?php echo $_GET["input_name"]?>');
     146  var iframe = par.getElementById('iframe_upload_<?php echo htmlspecialchars($_GET['input_name'], ENT_QUOTES, 'UTF-8');?>');
    147147  iframe.style.display="none";
    148148 
    149   par.getElementById("response-<?php echo $_GET['input_name'];?>").style.display = "block";
    150   par.getElementById("response-<?php echo $_GET['input_name'];?>").innerHTML = "Transferring ";
     149  par.getElementById("response-<?php echo htmlspecialchars($_GET['input_name'], ENT_QUOTES, 'UTF-8');?>").style.display = "block";
     150  par.getElementById("response-<?php echo htmlspecialchars($_GET['input_name'], ENT_QUOTES, 'UTF-8');?>").innerHTML = "Transferring ";
    151151  setTimeout("transferring(0)",1000);
    152152  // send
     
    162162  var par = window.parent.document;
    163163  // update progress
    164   if (par.getElementById("response-<?php echo $_GET['input_name'];?>").innerHTML.substring(0,5) != "Trans") return;
    165   par.getElementById("response-<?php echo $_GET['input_name'];?>").innerHTML = newString;
     164  if (par.getElementById("response-<?php echo htmlspecialchars($_GET['input_name'], ENT_QUOTES, 'UTF-8');?>").innerHTML.substring(0,5) != "Trans") return;
     165  par.getElementById("response-<?php echo htmlspecialchars($_GET['input_name'], ENT_QUOTES, 'UTF-8');?>").innerHTML = newString;
    166166  if (dots == 4) dots = 0; else dots = dots + 1;
    167167  setTimeout("transferring("+dots+")",1000) ;
     
    175175  <input id="file" type="file" name="file" onchange="upload()" class="mf-file" />
    176176  <?php wp_nonce_field('nonce_upload_file','checking'); ?>
    177   <input type="hidden" name="input_name" value="<?php echo $_GET["input_name"]?>" />
    178   <input type="hidden" name="callback" value="<?php echo $_GET["callback"]?>" />
     177  <input type="hidden" name="input_name" value="<?php echo htmlspecialchars($_GET['input_name'], ENT_QUOTES, 'UTF-8')?>" />
     178  <input type="hidden" name="callback" value="<?php echo htmlspecialchars($_GET['callback'], ENT_QUOTES, 'UTF-8')?>" />
    179179  <input type="hidden" name="fileframe" value="true" />
    180   <input type="hidden" name="type" value="<?php echo $_GET["type"]?>" />
     180  <input type="hidden" name="type" value="<?php echo htmlspecialchars($_GET['type'], ENT_QUOTES, 'UTF-8')?>" />
    181181</form>
    182182</body>

  • magic-fields-2/trunk/main.php

    r1321819 r1326142  
    44 * Plugin URI: http://magicfields.org
    55 * Description: Create custom fields for your post types
    6  * Version: 2.3.2.2
     6 * Version: 2.3.2.3
    77 * Author:  Hunk
    88 * Author URI: http://magicfields.org

  • magic-fields-2/trunk/readme.txt

    r1321819 r1326142  
    55Requires at least: 3.1
    66Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=edgar%40programador%2ecom&lc=GB&item_name=Donation%20Magic%20Fields&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHostedGuest
    7 Stable tag: 2.3.2.2
     7Stable tag: 2.3.2.3
    88Description:  Magic Fields 2 is a feature rich Wordpress CMS plugin
    99
     
    2828
    2929== Changelog ==
     30
     31= 2.3.2.3 =
     32* Patch for mf_upload.php (sanitize input), thanks @robre
    3033
    3134= 2.3.2.2 =
Note: See TracChangeset for help on using the changeset viewer.