Changeset 2600087
- Timestamp:
- 09/16/2021 04:58:12 PM (5 years ago)
- Location:
- joy-of-text/trunk
- Files:
-
- 6 edited
-
classes/class-jot-plugin-admin.php (modified) (10 diffs)
-
classes/class-jot-plugin-messenger.php (modified) (6 diffs)
-
classes/class-jot-plugin-options.php (modified) (21 diffs)
-
classes/class-jot-plugin-settings.php (modified) (8 diffs)
-
classes/class-jot-plugin-shortcodes.php (modified) (2 diffs)
-
joy-of-text.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
joy-of-text/trunk/classes/class-jot-plugin-admin.php
r2597353 r2600087 84 84 $tabform = $tab . "-" . $subform; 85 85 86 echo $this->get_admin_header_html( $sections, $title);86 echo wp_kses_post($this->get_admin_header_html( $sections, $title )); 87 87 switch ( $tabform ) { 88 88 case 'smsprovider-main'; … … 94 94 case 'group-list-main': 95 95 $this->write_group_list_fields($sections, $tab); 96 break; 97 case 'group-list-add': 98 $this->write_group_add_fields($sections, $tab); 99 break; 100 //case 'scheduler-manager-main': 101 // $this->write_scheduler_fields($sections, $tab); 102 //break; 96 break; 103 97 case 'extensions-main': 104 98 $this->write_extensions_fields($sections, $tab); … … 119 113 echo "<form id=\"smsprovider-fields-form\" action=\"options.php\" method=\"post\">"; 120 114 settings_fields( 'jot-plugin-settings-' . $tab ); 121 //do_settings_sections( 'jot-plugin-' . $tab ); 122 115 123 116 $pagehtml = Joy_Of_Text_Plugin()->settings->render_smsprovider_settings($sections,$tab); 124 echo $pagehtml['html'];125 117 echo wp_kses($pagehtml['html'], Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 118 126 119 if (isset($_GET['section'])) { 127 120 // Don't display Save button on Get Started or system info tabs … … 161 154 162 155 163 echo "<div id=\"jot-messagestatus\" class=\"". esc_attr($cssclass) . "\"> $guidance</div>";156 echo "<div id=\"jot-messagestatus\" class=\"". esc_attr($cssclass) . "\">" . esc_html($guidance) . "</div>"; 164 157 165 158 $this->write_page_footer(); … … 174 167 echo "<form id=\"jot-message-field-form\" action=\"\" method=\"post\">"; 175 168 settings_fields( 'jot-plugin-settings-' . $tab ); 176 //do_settings_sections( 'jot-plugin-' . $tab ); 177 echo Joy_Of_Text_Plugin()->settings->render_message_panel($sections,$tab); 178 echo "<a href=\"#\" class=\"button button-primary\" id=\"jot-sendmessage\">Send your message</a>"; 169 170 echo wp_kses(Joy_Of_Text_Plugin()->settings->render_message_panel($sections,$tab), Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 171 172 echo "<a href=\"#\" class=\"button button-primary\" id=\"jot-sendmessage\">" . __("Send your message","jot-plugin") . "</a>"; 179 173 echo "</form>"; 180 174 echo "<br>"; … … 193 187 settings_fields( 'jot-plugin-settings-' . $tab ); 194 188 echo "</form>"; 195 //echo "</div><!--/.wrap-->";196 189 echo "<br>"; 197 190 echo "<br>"; … … 202 195 wp_localize_script( 'jot-js', 'jot_lastgroup', 203 196 array( 'id' => $lastid ) ); 204 echo Joy_Of_Text_Plugin()->settings->render_grouplisttabs(); 205 echo Joy_Of_Text_Plugin()->settings->render_groupdetails($sections, $tab, $lastid); 206 echo Joy_Of_Text_Plugin()->settings->render_groupmembers($sections, $tab, $lastid); 207 echo Joy_Of_Text_Plugin()->settings->render_groupinvites($sections, $tab, $lastid); 208 209 $this->write_page_footer(); 210 197 198 echo wp_kses(Joy_Of_Text_Plugin()->settings->render_grouplisttabs(), Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 199 echo wp_kses(Joy_Of_Text_Plugin()->settings->render_groupdetails($sections, $tab, $lastid), Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 200 echo wp_kses(Joy_Of_Text_Plugin()->settings->render_groupmembers($sections, $tab, $lastid), Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 201 echo wp_kses(Joy_Of_Text_Plugin()->settings->render_groupinvites($sections, $tab, $lastid), Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 202 211 203 do_action("jot_render_extension_subtab",$sections, $tab, $lastid); 212 213 } 214 215 public function write_group_add_fields($sections,$tab) { 216 217 if( isset($_GET['settings-updated']) ) { 218 echo "<div id=\"message\" class=\"updated\">"; 219 echo "<p><strong>" . _e('Settings saved.') . "</strong></p>"; 220 echo "</div>"; 221 } 222 //echo "<form id=\"group-add-fields-form\" action=\"" . plugins_url( 'jot-options.php\"', __FILE__ ) . " method=\"post\">"; 223 echo "<form id=\"jot-group-add-fields-form\" action=\"\" method=\"post\">"; 224 echo "<input type=\"hidden\" name=\"jot_form_id\" value=\"jot-group-add\">"; 225 echo "<input type=\"hidden\" name=\"jot_form_target\" value=\"main\">"; 226 settings_fields( 'jot-plugin-settings-' . $tab ); 227 //do_settings_sections( 'jot-plugin-' . $tab ); 228 echo Joy_Of_Text_Plugin()->settings->render_groupadd($sections, $tab); 229 echo "<div class='jot-group-add-buttons'>"; 230 echo "<a href=\"#\" class=\"button button-primary\" id=\"jot-addgroup\">Add new group</a>"; 231 echo "<div class=\"divider\"></div>"; 232 echo "<a href=\"#\" class=\"button button-primary\" id=\"jot-addgroupcancel\">Cancel</a>"; 233 echo "</div>"; 234 echo "</form>"; 235 echo "<br>"; 236 echo "<div id=\"jot-messagestatus\"></div>"; 237 echo "</div><!--/.wrap-->"; 238 239 $this->write_page_footer(); 204 205 $this->write_page_footer(); 240 206 } 241 207 … … 388 354 389 355 if (isset($referrer['tab'])) { 390 $tab = $referrer['tab'];356 $tab = sanitize_text_field($referrer['tab']); 391 357 } else { 392 358 return $input; … … 568 534 } 569 535 } 570 $response = '<' . esc_attr( $args['tag'] ) . $atts . '>' . $args['content'] . '</' . esc_attr( $args['tag'] ). '>' . "\n";536 $response = '<' . $args['tag'] . $atts . '>' . $args['content'] . '</' . $args['tag'] . '>' . "\n"; 571 537 return $response; 572 538 } // End get_admin_header_html() … … 594 560 595 561 private function get_subform () { 596 if ( isset ( $_GET['subform']) ) {562 if ( isset ($_GET['subform']) ) { 597 563 $response = sanitize_title_with_dashes( $_GET['subform'] ); 598 564 } else { -
joy-of-text/trunk/classes/class-jot-plugin-messenger.php
r2597353 r2600087 52 52 53 53 // Get selected schedule time and date 54 $schedule_input_timestamp = array('jot-scheddate' => isset($output['jot-scheddate']) ? $output['jot-scheddate']: "",55 'jot-schedtime' => isset($output['jot-schedtime']) ? $output['jot-schedtime']: ""54 $schedule_input_timestamp = array('jot-scheddate' => isset($output['jot-scheddate']) ? sanitize_text_field($output['jot-scheddate']) : "", 55 'jot-schedtime' => isset($output['jot-schedtime']) ? sanitize_text_field($output['jot-schedtime']) : "" 56 56 ); 57 57 58 58 // Get schedule repeats 59 $schedule_input_repeat = array('jot-sched-repeats-interval' => isset($output['jot-sched-repeats-interval']) ? $output['jot-sched-repeats-interval']: "",60 'jot-sched-repeats-unit' => isset($output['jot-sched-repeats-unit']) ? $output['jot-sched-repeats-unit']: ""59 $schedule_input_repeat = array('jot-sched-repeats-interval' => isset($output['jot-sched-repeats-interval']) ? sanitize_text_field($output['jot-sched-repeats-interval']) : "", 60 'jot-sched-repeats-unit' => isset($output['jot-sched-repeats-unit']) ? sanitize_text_field($output['jot-sched-repeats-unit']) : "" 61 61 ); 62 62 … … 65 65 $error = 3; 66 66 } 67 //$message = $output['jot-plugin-messages']['jot-message']; 68 69 if ($mess_type=='jot-call' && empty($message) && (empty($mess_audioid) || $mess_audioid == 'default' )) { 67 68 if ($mess_type=='jot-call' && empty($message) && (empty($mess_audioid) || $mess_audioid == 'default' )) { 70 69 // Empty audio message 71 70 $error = 6; 72 }71 } 73 72 74 $selected_provider = Joy_Of_Text_Plugin()->currentsmsprovidername;73 $selected_provider = Joy_Of_Text_Plugin()->currentsmsprovidername; 75 74 76 if ($selected_provider == 'default' || empty($selected_provider)) {75 if ($selected_provider == 'default' || empty($selected_provider)) { 77 76 $error = 1; 78 }79 80 81 if ($error == 0) {77 } 78 79 80 if ($error == 0) { 82 81 83 82 // Save message type … … 201 200 } 202 201 203 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'batchid' => $batchid, 'fullbatchsize' => count($mess_memsel), 'scheduled' => $scheduled);202 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'batchid' => $batchid, 'fullbatchsize' => count($mess_memsel), 'scheduled' => $scheduled); 204 203 echo json_encode($response); 205 204 … … 212 211 * JavaScript callback used to send the message entered by the admin user via Twilio 213 212 */ 214 public function send_message_callback() { 215 213 public function send_message_callback() { 216 214 217 $error = 0; 218 215 $error = 0; 219 216 220 217 $formdata = $_POST['formdata']; … … 259 256 $fullmessage = apply_filters('jot-send-message-messagetext',$fullmessage); 260 257 261 if (!empty($member)) { 262 switch ( $output['jot-plugin-messages']['jot-message-type'] ) { 258 if (!empty($member)) { 259 $message_type = sanitize_text_field($output['jot-plugin-messages']['jot-message-type']); 260 switch ( $message_type ) { 263 261 case 'jot-sms'; 264 262 $message_error = Joy_Of_Text_Plugin()->currentsmsprovider->send_smsmessage($member['jot_grpmemnum'],$fullmessage); … … 309 307 //} 310 308 311 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'send_errors'=>$all_send_errors );309 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'send_errors'=>$all_send_errors ); 312 310 echo json_encode($response); 313 311 -
joy-of-text/trunk/classes/class-jot-plugin-options.php
r2597353 r2600087 85 85 86 86 $groupfields = $output['jot-plugin-group-list']; 87 88 if (!isset($groupfields['jot_groupdescupd']) || str_replace(' ', '',sanitize_text_field($groupfields['jot_groupdescupd'])) == '') { 87 $jot_grpid = isset($output['jot_grpid']) ? sanitize_text_field($output['jot_grpid']) : ""; 88 $jot_groupdescupd = isset($groupfields['jot_groupdescupd']) ? sanitize_text_field($groupfields['jot_groupdescupd']) : ""; 89 $jot_groupnameupd = isset($groupfields['jot_groupnameupd']) ? sanitize_text_field($groupfields['jot_groupnameupd']) : ""; 90 91 if (str_replace(' ', '',$jot_groupdescupd) == '') { 89 92 $error = 2; 90 93 } 91 94 92 if ( !isset($groupfields['jot_groupnameupd']) || str_replace(' ', '',sanitize_text_field($groupfields['jot_groupnameupd'])) == '') {95 if (str_replace(' ', '',$jot_groupnameupd) == '') { 93 96 $error = 1; 94 97 } … … 103 106 AND jot_groupdesc = %s 104 107 ", 105 sanitize_text_field($groupfields['jot_groupnameupd']),106 sanitize_text_field($groupfields['jot_groupdescupd'])108 $jot_groupnameupd, 109 $jot_groupdescupd 107 110 ) ); 108 111 … … 114 117 if ($error===0) { 115 118 $data = array( 116 'jot_groupname' => sanitize_text_field($groupfields['jot_groupnameupd']),117 'jot_groupdesc' => sanitize_text_field($groupfields['jot_groupdescupd'])119 'jot_groupname' => $jot_groupnameupd, 120 'jot_groupdesc' => $jot_groupdescupd 118 121 ); 119 $sqlerr=$wpdb->update( $table, $data, array( 'jot_groupid' => sanitize_text_field($output['jot_grpid'])));122 $sqlerr=$wpdb->update( $table, $data, array( 'jot_groupid' => $jot_grpid)); 120 123 121 124 } … … 137 140 $msg = __("You are not an Admin user.", "jot-plugin"); 138 141 break; 142 case 5; // Group ID not set 143 $msg = __("Group ID was not provided.", "jot-plugin"); 144 break; 139 145 default: 140 146 # code... … … 143 149 144 150 145 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid' => "" );151 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid' => "" ); 146 152 echo json_encode($response); 147 153 … … 164 170 parse_str($formdata, $output); 165 171 166 $groupfields = $output['jot-plugin-group-list']; 167 $table = $wpdb->prefix."jot_groupinvites"; 172 $groupfields = $output['jot-plugin-group-list']; 168 173 169 174 $jot_grpinvdesc = isset($groupfields['jot_grpinvdesc']) ? sanitize_text_field ($groupfields['jot_grpinvdesc']) : ""; … … 174 179 175 180 if (isset($groupfields['jot_grpinvretchk'])) { 176 $jot_grpinvretchk = sanitize_text_field ($groupfields['jot_grpinvretchk'] === 'true' ? 1:0);181 $jot_grpinvretchk = sanitize_text_field ($groupfields['jot_grpinvretchk']) === 'true' ? 1:0; 177 182 } else { 178 183 $jot_grpinvretchk = 0; 179 184 } 180 185 186 $table = $wpdb->prefix."jot_groupinvites"; 181 187 $invite_exists =$wpdb->get_col( $wpdb->prepare( 182 188 " … … 237 243 } 238 244 239 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid' => "" );245 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid' => "" ); 240 246 echo json_encode($response); 241 247 wp_die(); … … 262 268 $formdata = $_POST['formdata']; 263 269 parse_str($formdata, $output); 264 265 270 $jot_subscribe_num = sanitize_text_field($output['jot-subscribe-num']); 271 $jot_subscribe_name = sanitize_text_field($output['jot-subscribe-name']); 272 $jot_group_id = (int) $output['jot-group-id']; 273 274 // Spam bot check 275 $jot_subscribe_special = isset($output['jot-subscribe-special']) ? sanitize_text_field($output['jot-subscribe-special']) : ""; 276 266 277 //Strip spaces out of number 267 $phone_num = $this->parse_phone_number( sanitize_text_field($output['jot-subscribe-num']));278 $phone_num = $this->parse_phone_number($jot_subscribe_num); 268 279 269 280 // Check name is entered 270 if (!isset($output['jot-subscribe-name']) || str_replace(' ', '',sanitize_text_field($output['jot-subscribe-name'])) == '') {281 if (str_replace(' ', '',$jot_subscribe_name) == '') { 271 282 $error = 4; 272 283 } … … 296 307 } 297 308 298 if ($this->number_exists($table, $verified_number, $ output['jot-group-id'])) {309 if ($this->number_exists($table, $verified_number, $jot_group_id)) { 299 310 $error = 3; 300 311 } 301 312 302 // Spam bot check303 $jot_subscribe_special = isset($output['jot-subscribe-special']) ? wp_strip_all_tags($output['jot-subscribe-special']) : "";304 313 305 314 if ($jot_subscribe_special != "") { … … 310 319 if ( $error===0) { 311 320 $data = array( 312 'jot_grpid' => $ output['jot-group-id'],313 'jot_grpmemname' => sanitize_text_field ($output['jot-subscribe-name']),321 'jot_grpid' => $jot_group_id, 322 'jot_grpmemname' => $jot_subscribe_name, 314 323 'jot_grpmemnum' => $verified_number 315 324 ); … … 322 331 $table = $wpdb->prefix."jot_groupmemxref"; 323 332 $data = array( 324 'jot_grpid' => $ output['jot-group-id'],333 'jot_grpid' => $jot_group_id, 325 334 'jot_grpmemid' => $lastmemid, 326 335 'jot_grpxrefts' => current_time('mysql', 0) … … 334 343 } else { 335 344 // Send welcome message if required 336 $msgerr = $this->send_welcome_message($ output['jot-group-id'], $verified_number ,$lastmemid);345 $msgerr = $this->send_welcome_message($jot_group_id, $verified_number ,$lastmemid); 337 346 } 338 347 } … … 384 393 385 394 386 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid' => $lastid, 'message_error' => $msgerr );395 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid' => $lastid, 'message_error' => $msgerr ); 387 396 echo json_encode($response); 388 397 … … 520 529 } 521 530 522 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'errorfield' => $errorfield,'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid'=> $lastmemid, 'verifiednumber' => $verified_number );531 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'errorfield' => $errorfield,'url'=> "", 'sqlerr' => $wpdb->last_error, 'lastid'=> $lastmemid, 'verifiednumber' => $verified_number ); 523 532 524 533 // If called from frontend … … 548 557 $formdata = $_POST['formdata']; 549 558 $table = $wpdb->prefix."jot_groupmembers"; 550 559 $jot_grpmemname = isset($formdata['jot_grpmemname']) ? sanitize_text_field($formdata['jot_grpmemname']) : ""; 560 $jot_grpmemnum = isset($formdata['jot_grpmemnum']) ? sanitize_text_field($formdata['jot_grpmemnum']) : ""; 561 $jot_grpmemid = isset($formdata['jot_grpmemid']) ? sanitize_text_field($formdata['jot_grpmemid']) : ""; 562 $jot_grpid = (int) $formdata['jot_grpid']; 551 563 552 564 // Check name is entered 553 if ( !isset($formdata['jot_grpmemname']) || str_replace(' ', '',sanitize_text_field($formdata['jot_grpmemname'])) == '') {565 if (str_replace(' ', '',$jot_grpmemname) == '') { 554 566 $error = 1; 555 567 } … … 557 569 // Check phone number 558 570 $removed_plus = false; 559 $phone_num = $this->parse_phone_number( sanitize_text_field($formdata['jot_grpmemnum']));571 $phone_num = $this->parse_phone_number( $jot_grpmemnum ); 560 572 561 573 … … 580 592 } 581 593 582 if ($this->number_exists_for_member($table, $verified_number, sanitize_text_field($formdata['jot_grpid']), sanitize_text_field($formdata['jot_grpmemid']))) {594 if ($this->number_exists_for_member($table, $verified_number, $jot_grpid, $jot_grpmemid)) { 583 595 $error = 3; 584 596 } … … 587 599 588 600 $data = array( 589 'jot_grpmemname' => sanitize_text_field ($formdata['jot_grpmemname']),590 'jot_grpmemnum' => sanitize_text_field ($verified_number)601 'jot_grpmemname' => $jot_grpmemname, 602 'jot_grpmemnum' => $verified_number 591 603 ); 592 604 593 605 594 $success=$wpdb->update( $table, $data, array( 'jot_grpid' => sanitize_text_field($formdata['jot_grpid']),'jot_grpmemid' => sanitize_text_field($formdata['jot_grpmemid'])) );606 $success=$wpdb->update( $table, $data, array( 'jot_grpid' => $jot_grpid,'jot_grpmemid' => $jot_grpmemid ) ); 595 607 596 608 } … … 623 635 624 636 625 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'errorfield' => $errorfield,'url'=> "", 'sqlerr' => $wpdb->last_error );637 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'errorfield' => $errorfield,'url'=> "", 'sqlerr' => $wpdb->last_error ); 626 638 echo json_encode($response); 627 639 … … 674 686 675 687 676 $response = array('errormsg'=> $msg, 'errorcode' => $error, 'errorfield' => "",'url'=> "", 'sqlerr' => $wpdb->last_error );688 $response = array('errormsg'=> esc_html($msg), 'errorcode' => $error, 'errorfield' => "",'url'=> "", 'sqlerr' => $wpdb->last_error ); 677 689 echo json_encode($response); 678 690 -
joy-of-text/trunk/classes/class-jot-plugin-settings.php
r2597353 r2600087 30 30 public function __construct () { 31 31 32 add_action( 'wp_ajax_process_refresh_languages', array( $this, 'process_refresh_languages' ) ); 32 add_action( 'wp_ajax_process_refresh_languages', array( $this, 'process_refresh_languages' ) ); 33 34 add_filter( 'safe_style_css', array($this, 'allowed_style_attributes')); 33 35 34 36 } // End __construct() … … 83 85 84 86 if (isset($args['display'])) { 85 if ($args['display']=='echo') {86 echo $html;87 } else {88 return $html;89 }87 if ($args['display']=='echo') { 88 echo wp_kses($html, Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 89 } else { 90 return $html; 91 } 90 92 } else { 91 93 return $html; … … 403 405 404 406 public function render_smsprovider_settings ($sections, $tab) { 405 407 408 406 409 $return_array = array(); 407 410 $return_array['message_code'] = ''; … … 1288 1291 if (isset($_GET['subtab'])) { 1289 1292 $current = sanitize_text_field($_GET['subtab']); 1293 } else { 1294 $current = ""; 1290 1295 } 1291 1296 $tabs = array( 'jottabgroupdetails' => 'Group Details', 'jottabgroupmembers' => 'Member List', 'jottabgroupinvite' => 'Group Invite' ); … … 1427 1432 " AND a.jot_grpid = b.jot_grpid" . 1428 1433 " ORDER BY 3 ASC"; 1429 //echo $sql;1434 1430 1435 $groupmembers = $wpdb->get_results( $sql ); 1431 1436 … … 1623 1628 protected function render_field_textvalue ( $key, $args ) { 1624 1629 1625 $html = "<span id='" . esc_attr( $key ) . "'>" . esc_ attr( $args['value'] ) . "</span>";1630 $html = "<span id='" . esc_attr( $key ) . "'>" . esc_html( $args['value'] ) . "</span>"; 1626 1631 1627 1632 return apply_filters('jot_render_field_textvalue',$html); … … 1759 1764 } 1760 1765 1761 //echo "<br>Arg " . $args['multiple'] . "<" . $currselections . ">>" . $key . " " . $currselections . "<<>>" . is_array($currselections) . "<<";1762 1763 1766 if ( isset( $args['options'] ) && ( 0 < count( (array)$args['options'] ) ) ) { 1764 1767 $html .= '<select id="' . esc_attr( $key ) . '" name="' . esc_attr( $key ) . $arr .'"' . $size . $multiple . '>'; … … 1991 1994 } 1992 1995 1996 public function allowed_style_attributes() { 1997 $styles[] = 'display'; 1998 return $styles; 1999 } 2000 2001 /* 2002 public function allowed_html_tags() { 2003 $allowed_atts = array( 2004 'align' => array(), 2005 'class' => array(), 2006 'type' => array(), 2007 'id' => array(), 2008 'style' => array(), 2009 'src' => array(), 2010 'alt' => array(), 2011 'href' => array(), 2012 'rel' => array(), 2013 'rev' => array(), 2014 'target' => array(), 2015 'type' => array(), 2016 'value' => array(), 2017 'name' => array(), 2018 'option' => array(), 2019 'action' => array(), 2020 'method' => array(), 2021 'for' => array(), 2022 'width' => array(), 2023 'size' => array(), 2024 'rows' => array(), 2025 'cols' => array(), 2026 'height' => array(), 2027 'selected' => array(), 2028 'multiple' => array(), 2029 'checked' => array(), 2030 'data' => array(), 2031 'colspan' => array(), 2032 'readonly' => array(), 2033 'placeholder'=> array(), 2034 'title' => array(), 2035 ); 2036 $allowed_tags['form'] = $allowed_atts; 2037 $allowed_tags['label'] = $allowed_atts; 2038 $allowed_tags['input'] = $allowed_atts; 2039 $allowed_tags['textarea'] = $allowed_atts; 2040 $allowed_tags['select'] = $allowed_atts; 2041 $allowed_tags['option'] = $allowed_atts; 2042 $allowed_tags['optgroup'] = $allowed_atts; 2043 $allowed_tags['style'] = $allowed_atts; 2044 $allowed_tags['strong'] = $allowed_atts; 2045 $allowed_tags['table'] = $allowed_atts; 2046 $allowed_tags['span'] = $allowed_atts; 2047 $allowed_tags['pre'] = $allowed_atts; 2048 $allowed_tags['div'] = $allowed_atts; 2049 $allowed_tags['img'] = $allowed_atts; 2050 $allowed_tags['h1'] = $allowed_atts; 2051 $allowed_tags['h2'] = $allowed_atts; 2052 $allowed_tags['h3'] = $allowed_atts; 2053 $allowed_tags['h4'] = $allowed_atts; 2054 $allowed_tags['h5'] = $allowed_atts; 2055 $allowed_tags['h6'] = $allowed_atts; 2056 $allowed_tags['ol'] = $allowed_atts; 2057 $allowed_tags['ul'] = $allowed_atts; 2058 $allowed_tags['li'] = $allowed_atts; 2059 $allowed_tags['em'] = $allowed_atts; 2060 $allowed_tags['hr'] = $allowed_atts; 2061 $allowed_tags['br'] = $allowed_atts; 2062 $allowed_tags['th'] = $allowed_atts; 2063 $allowed_tags['tr'] = $allowed_atts; 2064 $allowed_tags['td'] = $allowed_atts; 2065 $allowed_tags['p'] = $allowed_atts; 2066 $allowed_tags['a'] = $allowed_atts; 2067 $allowed_tags['b'] = $allowed_atts; 2068 $allowed_tags['i'] = $allowed_atts; 2069 2070 return $allowed_tags; 2071 } 2072 */ 2073 2074 public function allowed_html_tags() { 2075 return array( 2076 2077 'h1' => $this->prefix_allowed_global_attributes(), 2078 'h2' => $this->prefix_allowed_global_attributes(), 2079 'h3' => $this->prefix_allowed_global_attributes(), 2080 'h4' => $this->prefix_allowed_global_attributes(), 2081 'h5' => $this->prefix_allowed_global_attributes(), 2082 'h6' => $this->prefix_allowed_global_attributes(), 2083 2084 2085 // Text Content. 2086 'div' => $this->prefix_allowed_global_attributes(), 2087 'hr' => array_merge( 2088 $this->prefix_allowed_global_attributes(), 2089 array( 2090 'align' => true, 2091 'color' => true, 2092 'noshade' => true, 2093 'size' => true, 2094 'width' => true, 2095 ) 2096 ), 2097 'li' => array_merge( 2098 $this->prefix_allowed_global_attributes(), 2099 array( 2100 'value' => true, 2101 ) 2102 ), 2103 'ol' => array_merge( 2104 $this->prefix_allowed_global_attributes(), 2105 array( 2106 'reversed' => true, 2107 'start' => true, 2108 ) 2109 ), 2110 'p' => $this->prefix_allowed_global_attributes(), 2111 'ul' => array_merge( 2112 $this->prefix_allowed_global_attributes(), 2113 array( 2114 'compact' => true, 2115 'type' => true, 2116 ) 2117 ), 2118 2119 // Inline Text Sematics 2120 'a' => array_merge( 2121 $this->prefix_allowed_global_attributes(), 2122 array( 2123 'download' => true, 2124 'href' => true, 2125 'referrerpolicy' => true, 2126 'rel' => true, 2127 'target' => true, 2128 'type' => true, 2129 ) 2130 ), 2131 'b' => $this->prefix_allowed_global_attributes(), 2132 'br' => array_merge( 2133 $this->prefix_allowed_global_attributes(), 2134 array( 2135 'clear' => true, 2136 ) 2137 ), 2138 'data' => array_merge( 2139 $this->prefix_allowed_global_attributes(), 2140 array( 2141 'value' => true, 2142 ) 2143 ), 2144 'i' => $this->prefix_allowed_global_attributes(), 2145 'span' => $this->prefix_allowed_global_attributes(), 2146 'strong' => $this->prefix_allowed_global_attributes(), 2147 2148 2149 // Image & Media. 2150 'audio' => array_merge( 2151 $this->prefix_allowed_global_attributes(), 2152 array( 2153 'autoplay' => true, 2154 'buffered' => true, 2155 'controls' => true, 2156 'loop' => true, 2157 'muted' => true, 2158 'played' => true, 2159 'preload' => true, 2160 'src' => true, 2161 'volume' => true, 2162 ) 2163 ), 2164 'img' => array_merge( 2165 $this->prefix_allowed_global_attributes(), 2166 array( 2167 'align' => true, 2168 'alt' => true, 2169 'border' => true, 2170 'crossorigin' => true, 2171 'decoding' => true, 2172 'height' => true, 2173 'hspace' => true, 2174 'importance' => true, 2175 'intrinsicsize' => true, 2176 'ismap' => true, 2177 'loading' => true, 2178 'longdesc' => true, 2179 'name' => true, 2180 'onerror' => true, 2181 'referrerpolicy' => true, 2182 'sizes' => true, 2183 'src' => true, 2184 'srcset' => true, 2185 'usemap' => true, 2186 'vspace' => true, 2187 'width' => true, 2188 ) 2189 ), 2190 'video' => array_merge( 2191 $this->prefix_allowed_global_attributes(), 2192 array( 2193 'autoplay' => true, 2194 'autoPictureInPicture' => true, 2195 'buffered' => true, 2196 'controls' => true, 2197 'controlslist' => true, 2198 'crossorigin' => true, 2199 'currentTime' => true, 2200 'duration' => true, 2201 'height' => true, 2202 'intrinsicsize' => true, 2203 'loop' => true, 2204 'muted' => true, 2205 'playinline' => true, 2206 'poster' => true, 2207 'preload' => true, 2208 'src' => true, 2209 'width' => true, 2210 ) 2211 ), 2212 2213 // Embedded Content. 2214 'object' => array_merge( 2215 $this->prefix_allowed_global_attributes(), 2216 array( 2217 'archive' => true, // Deprecated. 2218 'border' => true, // Deprecated. 2219 'classid' => true, // Deprecated. 2220 'codebase' => true, // Deprecated. 2221 'codetype' => true, // Deprecated. 2222 'data' => true, 2223 'declare' => true, // Deprecated. 2224 'form' => true, 2225 'height' => true, 2226 'name' => true, 2227 'standby' => true, // Deprecated. 2228 'tabindex' => true, // Deprecated. 2229 'type' => true, 2230 'typemustmatch' => true, 2231 'usemap' => true, 2232 'width' => true, 2233 ) 2234 ), 2235 2236 // Table Content. 2237 'caption' => array_merge( 2238 $this->prefix_allowed_global_attributes(), 2239 array( 2240 'align' => true, // Deprecated. 2241 ) 2242 ), 2243 'col' => array_merge( 2244 $this->prefix_allowed_global_attributes(), 2245 array( 2246 'align' => true, // Deprecated. 2247 'bgcolor' => true, // Deprecated. 2248 'char' => true, // Deprecated. 2249 'charoff' => true, // Deprecated. 2250 'span' => true, 2251 'valign' => true, // Deprecated. 2252 'width' => true, // Deprecated. 2253 ) 2254 ), 2255 'colgroup' => array_merge( 2256 $this->prefix_allowed_global_attributes(), 2257 array( 2258 'align' => true, // Deprecated. 2259 'bgcolor' => true, // Deprecated. 2260 'char' => true, // Deprecated. 2261 'charoff' => true, // Deprecated. 2262 'span' => true, 2263 'valign' => true, // Deprecated. 2264 'width' => true, // Deprecated. 2265 ) 2266 ), 2267 'table' => array_merge( 2268 $this->prefix_allowed_global_attributes(), 2269 array( 2270 'align' => true, // Deprecated. 2271 'bgcolor' => true, // Deprecated. 2272 'border' => true, // Deprecated. 2273 'cellpadding' => true, // Deprecated. 2274 'cellspacing' => true, // Deprecated. 2275 'frame' => true, // Deprecated. 2276 'rules' => true, // Deprecated. 2277 'summary' => true, // Deprecated. 2278 'width' => true, // Deprecated. 2279 ) 2280 ), 2281 'tbody' => array_merge( 2282 $this->prefix_allowed_global_attributes(), 2283 array( 2284 'align' => true, // Deprecated. 2285 'bgcolor' => true, // Deprecated. 2286 'char' => true, // Deprecated. 2287 'charoff' => true, // Deprecated. 2288 'valign' => true, // Deprecated. 2289 ) 2290 ), 2291 'td' => array_merge( 2292 $this->prefix_allowed_global_attributes(), 2293 array( 2294 'abbr' => true, // Deprecated. 2295 'align' => true, // Deprecated. 2296 'axis' => true, // Deprecated. 2297 'bgcolor' => true, // Deprecated. 2298 'char' => true, // Deprecated. 2299 'charoff' => true, // Deprecated. 2300 'colspan' => true, 2301 'headers' => true, 2302 'rowspan' => true, 2303 'scope' => true, // Deprecated. 2304 'valign' => true, // Deprecated. 2305 'width' => true, // Deprecated. 2306 ) 2307 ), 2308 'tfoot' => array_merge( 2309 $this->prefix_allowed_global_attributes(), 2310 array( 2311 'align' => true, // Deprecated. 2312 'bgcolor' => true, // Deprecated. 2313 'char' => true, // Deprecated. 2314 'charoff' => true, // Deprecated. 2315 'valign' => true, // Deprecated. 2316 ) 2317 ), 2318 'th' => array_merge( 2319 $this->prefix_allowed_global_attributes(), 2320 array( 2321 'abbr' => true, 2322 'align' => true, // Deprecated. 2323 'axis' => true, // Deprecated. 2324 'bgcolor' => true, // Deprecated. 2325 'char' => true, // Deprecated. 2326 'charoff' => true, // Deprecated. 2327 'colspan' => true, 2328 'headers' => true, 2329 'rowspan' => true, 2330 'scope' => true, 2331 'valign' => true, // Deprecated. 2332 'width' => true, // Deprecated. 2333 ) 2334 ), 2335 'thead' => array_merge( 2336 $this->prefix_allowed_global_attributes(), 2337 array( 2338 'align' => true, // Deprecated. 2339 'bgcolor' => true, // Deprecated. 2340 'char' => true, // Deprecated. 2341 'charoff' => true, // Deprecated. 2342 'valign' => true, // Deprecated. 2343 ) 2344 ), 2345 'tr' => array_merge( 2346 $this->prefix_allowed_global_attributes(), 2347 array( 2348 'align' => true, // Deprecated. 2349 'bgcolor' => true, // Deprecated. 2350 'char' => true, // Deprecated. 2351 'charoff' => true, // Deprecated. 2352 'valign' => true, // Deprecated. 2353 ) 2354 ), 2355 2356 // Forms. 2357 'button' => array_merge( 2358 $this->prefix_allowed_global_attributes(), 2359 array( 2360 'autofocus' => true, 2361 'disabled' => true, 2362 'form' => true, 2363 'formaction' => true, 2364 'formenctype' => true, 2365 'formmethod' => true, 2366 'formnovalidate' => true, 2367 'formtarget' => true, 2368 'name' => true, 2369 'type' => true, 2370 'value' => true, 2371 ) 2372 ), 2373 'datalist' => $this->prefix_allowed_global_attributes(), 2374 'fieldset' => array_merge( 2375 $this->prefix_allowed_global_attributes(), 2376 array( 2377 'disabled' => true, 2378 'form' => true, 2379 'name' => true, 2380 ) 2381 ), 2382 'form' => array_merge( 2383 $this->prefix_allowed_global_attributes(), 2384 array( 2385 'accept' => true, // Deprecated. 2386 'accept-charset' => true, 2387 'action' => true, 2388 'enctype' => true, 2389 'method' => true, 2390 'name' => true, 2391 'novalidate' => true, 2392 'target' => true, 2393 ) 2394 ), 2395 'input' => array_merge( 2396 $this->prefix_allowed_global_attributes(), 2397 array( 2398 'accept' => true, 2399 'alt' => true, 2400 'autocomplete' => true, 2401 'autofocus' => true, 2402 'capture' => true, 2403 'checked' => true, 2404 'dirname' => true, 2405 'disabled' => true, 2406 'form' => true, 2407 'formaction' => true, 2408 'formenctype' => true, 2409 'formmethod' => true, 2410 'formnovalidate' => true, 2411 'formtarget' => true, 2412 'height' => true, 2413 'list' => true, 2414 'max' => true, 2415 'maxlength' => true, 2416 'min' => true, 2417 'minlength' => true, 2418 'multiple' => true, 2419 'name' => true, 2420 'pattern' => true, 2421 'placeholder' => true, 2422 'readonly' => true, 2423 'required' => true, 2424 'size' => true, 2425 'src' => true, 2426 'step' => true, 2427 'type' => true, 2428 'value' => true, 2429 'width' => true, 2430 ) 2431 ), 2432 'label' => array_merge( 2433 $this->prefix_allowed_global_attributes(), 2434 array( 2435 'for' => true, 2436 'form' => true, // Deprecated. 2437 ) 2438 ), 2439 'optgroup' => array_merge( 2440 $this->prefix_allowed_global_attributes(), 2441 array( 2442 'disabled' => true, 2443 'label' => true, 2444 ) 2445 ), 2446 'option' => array_merge( 2447 $this->prefix_allowed_global_attributes(), 2448 array( 2449 'disabled' => true, 2450 'label' => true, 2451 'selected' => true, 2452 'value' => true, 2453 ) 2454 ), 2455 'select' => array_merge( 2456 $this->prefix_allowed_global_attributes(), 2457 array( 2458 'autofocus' => true, 2459 'disabled' => true, 2460 'form' => true, 2461 'multiple' => true, 2462 'name' => true, 2463 'required' => true, 2464 'size' => true, 2465 ) 2466 ), 2467 'textarea' => array_merge( 2468 $this->prefix_allowed_global_attributes(), 2469 array( 2470 'autofocus' => true, 2471 'cols' => true, 2472 'disabled' => true, 2473 'form' => true, 2474 'maxlength' => true, 2475 'minlength' => true, 2476 'name' => true, 2477 'placeholder' => true, 2478 'readonly' => true, 2479 'required' => true, 2480 'rows' => true, 2481 'spellcheck' => true, 2482 'wrap' => true, 2483 ) 2484 ), 2485 2486 ); 2487 } 2488 2489 /** 2490 * Allowed Global Attributes. 2491 * 2492 * @return array 2493 */ 2494 private function prefix_allowed_global_attributes() { 2495 return array( 2496 'aria-*' => true, 2497 'class' => true, 2498 'contenteditable' => true, 2499 'data-*' => true, 2500 'hidden' => true, 2501 'id' => true, 2502 'style' => true, 2503 'tabindex' => true, 2504 'title' => true, 2505 ); 2506 } 2507 1993 2508 } // End Class -
joy-of-text/trunk/classes/class-jot-plugin-shortcodes.php
r2597353 r2600087 308 308 309 309 if ($jot_groupid == "") { 310 echo json_encode(array("html" => "Group ID not set. Could not build HTML"));310 echo json_encode(array("html" => __("Group ID not set. Could not build HTML","jot-plugin"))); 311 311 die(); 312 312 } … … 325 325 $all_group_id = array($group_id); 326 326 $subhtml = Joy_Of_Text_Plugin()->shortcodes->get_wrapped_jotform($group_id, $all_group_id, array(), $atts, $confirm_set); 327 328 echo json_encode(array("html" => $subhtml)); 327 $subhtml = wp_kses($subhtml, Joy_Of_Text_Plugin()->settings->allowed_html_tags()); 328 329 echo json_encode(array("html" => $subhtml)); 329 330 die(); 330 331 -
joy-of-text/trunk/joy-of-text.php
r2597353 r2600087 79 79 if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly 80 80 81 81 82 82 83 //******************************************** … … 503 504 wp_localize_script ( 'jot-js', 'jot_strings',$strings); 504 505 505 if ( 506 if (isset($_GET['lastid'])) { 506 507 $id = sanitize_text_field($_GET['lastid']); 507 508 } else {
Note: See TracChangeset
for help on using the changeset viewer.