Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2740677

Timestamp:

06/10/2022 11:10:44 PM (4 years ago)

Author:

vohotv

Message:

Fixed security issues

Location:

dyslexiefont

Files:

: 4 edited

tags/1.0.0/dyslexiefont.php (modified) (1 diff)
tags/1.0.0/dyslexiefont_plugin_settings.php (modified) (1 diff)
trunk/dyslexiefont.php (modified) (1 diff)
trunk/dyslexiefont_plugin_settings.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

dyslexiefont/tags/1.0.0/dyslexiefont.php

-                      r2739098
+                      r2740677
         $script_params = array(
             'df_fontsize' => sanitize_option('dyslexiefont_free_fontsize',strip_tags(get_option('dyslexiefont_free_fontsize'))),
             'df_fontcolor' => sanitize_hex_color(strip_tags(get_option('dyslexiefont_free_fontcolor'))),
             'df_linkcolor' => sanitize_hex_color(strip_tags(get_option('dyslexiefont_free_linkcolor'))),
             'df_panellocation' => sanitize_option('dyslexiefont_free_panellocation',strip_tags(get_option('dyslexiefont_free_panellocation'))),
             'df_fonttype' => sanitize_option('dyslexiefont_free_fonttype',strip_tags(get_option('dyslexiefont_free_fonttype'))),
             'df_include_elements' => sanitize_option('dyslexiefont_free_include_elements',strip_tags(get_option('dyslexiefont_free_include_elements'))),
             'df_exclude_elements' => sanitize_option('dyslexiefont_free_exclude_elements',strip_tags(get_option('dyslexiefont_free_exclude_elements'))),
             'cookielocation' => esc_url_raw(site_url())
+            'df_fontsize'         => esc_js( get_option('dyslexiefont_free_fontsize') ),
+            'df_fontcolor'        => esc_js( get_option('dyslexiefont_free_fontcolor' ) ),
+            'df_linkcolor'        => esc_js( get_option('dyslexiefont_free_linkcolor' ) ),
+            'df_panellocation'    => esc_js( get_option('dyslexiefont_free_panellocation' ) ),
+            'df_fonttype'         => esc_js( get_option('dyslexiefont_free_fonttype' ) ),
+            'df_include_elements' => esc_js( get_option('dyslexiefont_free_include_elements' ) ),
+            'df_exclude_elements' => esc_js( get_option('dyslexiefont_free_exclude_elements' ) ),
+            'cookielocation'      => esc_js( site_url() ),
         );
         wp_localize_script( 'dfcore', 'dyslexiefont_free_settings', $script_params );

dyslexiefont/tags/1.0.0/dyslexiefont_plugin_settings.php

-                      r2740653
+                      r2740677
 /* -- tabs */
-function sanitize_option_dyslexiefont_free_fontsize($number) {
-    if (is_number($number)) {
-        return $number;
+    }
+}
-function sanitize_option_dyslexiefont_free_panellocation($loc) {
-    if ($loc == "tl" || $loc == "tr" || $loc == "bl" || $loc == "br") {
-        return $loc;
+    }
+}
-function sanitize_option_dyslexiefont_free_fonttype($fontselected) {
-    if ($fontselected == "dyslexiefont" || $fontselected == "dyslexiefontkids") {
-        return $fontselected;
+    }
+}
-function sanitize_option_dyslexiefont_free_include_elements($elemslist) {
-    $elemslist_clean = esc_html(strip_tags($elemslist));
-    return $elemslist_clean;
+}
-function sanitize_option_dyslexiefont_free_exclude_elements($elemslist) {
-    $elemslist_clean = esc_html(strip_tags($elemslist));
-    return $elemslist_clean;
+}
 // settings page
 if ((isset($_GET["tab"]) &&  $_GET["tab"] == "settings") || !isset($_GET["tab"])) {
     if (isset($_POST["df_savesettings"])) {
         // escape posts
         update_option('dyslexiefont_free_fontsize', sanitize_option('dyslexiefont_free_fontsize',strip_tags($_POST["dfp_fontsize"])));
         update_option('dyslexiefont_free_fontcolor', sanitize_hex_color(strip_tags($_POST["dfp_color"])));
         update_option('dyslexiefont_free_linkcolor', sanitize_hex_color(strip_tags($_POST["dfp_linkcolor"])));
         update_option('dyslexiefont_free_panellocation', sanitize_option('dyslexiefont_free_panellocation',strip_tags($_POST["dfp_location"])));
         update_option('dyslexiefont_free_fonttype', sanitize_option('dyslexiefont_free_fonttype',strip_tags($_POST["dfp_fonttype"])));
         update_option('dyslexiefont_free_include_elements', sanitize_option('dyslexiefont_free_include_elements',strip_tags($_POST["dfp_includes"])));
         update_option('dyslexiefont_free_exclude_elements', sanitize_option('dyslexiefont_free_exclude_elements',strip_tags($_POST["dfp_excludes"])));
+        // sanitize posts
+        update_option('dyslexiefont_free_fontsize',         sanitize_text_field( $_POST["dfp_fontsize"] ) );
+        update_option('dyslexiefont_free_fontcolor',        sanitize_hex_color( $_POST["dfp_color"] ) );
+        update_option('dyslexiefont_free_linkcolor',        sanitize_hex_color( $_POST["dfp_linkcolor"] ) );
+        update_option('dyslexiefont_free_panellocation',    sanitize_text_field( $_POST["dfp_location"] ) );
+        update_option('dyslexiefont_free_fonttype',         sanitize_text_field( $_POST["dfp_fonttype"] ) );
+        update_option('dyslexiefont_free_include_elements', sanitize_text_field( $_POST["dfp_includes"] ) );
+        update_option('dyslexiefont_free_exclude_elements', sanitize_text_field( $_POST["dfp_excludes"] ) );
         $savedSettingsMessage = "<span>Settings saved</span>";

dyslexiefont/trunk/dyslexiefont.php

-                      r2739098
+                      r2740677
         $script_params = array(
             'df_fontsize' => sanitize_option('dyslexiefont_free_fontsize',strip_tags(get_option('dyslexiefont_free_fontsize'))),
             'df_fontcolor' => sanitize_hex_color(strip_tags(get_option('dyslexiefont_free_fontcolor'))),
             'df_linkcolor' => sanitize_hex_color(strip_tags(get_option('dyslexiefont_free_linkcolor'))),
             'df_panellocation' => sanitize_option('dyslexiefont_free_panellocation',strip_tags(get_option('dyslexiefont_free_panellocation'))),
             'df_fonttype' => sanitize_option('dyslexiefont_free_fonttype',strip_tags(get_option('dyslexiefont_free_fonttype'))),
             'df_include_elements' => sanitize_option('dyslexiefont_free_include_elements',strip_tags(get_option('dyslexiefont_free_include_elements'))),
             'df_exclude_elements' => sanitize_option('dyslexiefont_free_exclude_elements',strip_tags(get_option('dyslexiefont_free_exclude_elements'))),
             'cookielocation' => esc_url_raw(site_url())
+            'df_fontsize'         => esc_js( get_option('dyslexiefont_free_fontsize') ),
+            'df_fontcolor'        => esc_js( get_option('dyslexiefont_free_fontcolor' ) ),
+            'df_linkcolor'        => esc_js( get_option('dyslexiefont_free_linkcolor' ) ),
+            'df_panellocation'    => esc_js( get_option('dyslexiefont_free_panellocation' ) ),
+            'df_fonttype'         => esc_js( get_option('dyslexiefont_free_fonttype' ) ),
+            'df_include_elements' => esc_js( get_option('dyslexiefont_free_include_elements' ) ),
+            'df_exclude_elements' => esc_js( get_option('dyslexiefont_free_exclude_elements' ) ),
+            'cookielocation'      => esc_js( site_url() ),
         );
         wp_localize_script( 'dfcore', 'dyslexiefont_free_settings', $script_params );

dyslexiefont/trunk/dyslexiefont_plugin_settings.php

-                      r2740653
+                      r2740677
 /* -- tabs */
-function sanitize_option_dyslexiefont_free_fontsize($number) {
-    if (is_number($number)) {
-        return $number;
+    }
+}
-function sanitize_option_dyslexiefont_free_panellocation($loc) {
-    if ($loc == "tl" || $loc == "tr" || $loc == "bl" || $loc == "br") {
-        return $loc;
+    }
+}
-function sanitize_option_dyslexiefont_free_fonttype($fontselected) {
-    if ($fontselected == "dyslexiefont" || $fontselected == "dyslexiefontkids") {
-        return $fontselected;
+    }
+}
-function sanitize_option_dyslexiefont_free_include_elements($elemslist) {
-    $elemslist_clean = esc_html(strip_tags($elemslist));
-    return $elemslist_clean;
+}
-function sanitize_option_dyslexiefont_free_exclude_elements($elemslist) {
-    $elemslist_clean = esc_html(strip_tags($elemslist));
-    return $elemslist_clean;
+}
 // settings page
 if ((isset($_GET["tab"]) &&  $_GET["tab"] == "settings") || !isset($_GET["tab"])) {
     if (isset($_POST["df_savesettings"])) {
         // escape posts
         update_option('dyslexiefont_free_fontsize', sanitize_option('dyslexiefont_free_fontsize',strip_tags($_POST["dfp_fontsize"])));
         update_option('dyslexiefont_free_fontcolor', sanitize_hex_color(strip_tags($_POST["dfp_color"])));
         update_option('dyslexiefont_free_linkcolor', sanitize_hex_color(strip_tags($_POST["dfp_linkcolor"])));
         update_option('dyslexiefont_free_panellocation', sanitize_option('dyslexiefont_free_panellocation',strip_tags($_POST["dfp_location"])));
         update_option('dyslexiefont_free_fonttype', sanitize_option('dyslexiefont_free_fonttype',strip_tags($_POST["dfp_fonttype"])));
         update_option('dyslexiefont_free_include_elements', sanitize_option('dyslexiefont_free_include_elements',strip_tags($_POST["dfp_includes"])));
         update_option('dyslexiefont_free_exclude_elements', sanitize_option('dyslexiefont_free_exclude_elements',strip_tags($_POST["dfp_excludes"])));
+        // sanitize posts
+        update_option('dyslexiefont_free_fontsize',         sanitize_text_field( $_POST["dfp_fontsize"] ) );
+        update_option('dyslexiefont_free_fontcolor',        sanitize_hex_color( $_POST["dfp_color"] ) );
+        update_option('dyslexiefont_free_linkcolor',        sanitize_hex_color( $_POST["dfp_linkcolor"] ) );
+        update_option('dyslexiefont_free_panellocation',    sanitize_text_field( $_POST["dfp_location"] ) );
+        update_option('dyslexiefont_free_fonttype',         sanitize_text_field( $_POST["dfp_fonttype"] ) );
+        update_option('dyslexiefont_free_include_elements', sanitize_text_field( $_POST["dfp_includes"] ) );
+        update_option('dyslexiefont_free_exclude_elements', sanitize_text_field( $_POST["dfp_excludes"] ) );
         $savedSettingsMessage = "<span>Settings saved</span>";

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 2740677

Legend:

dyslexiefont/tags/1.0.0/dyslexiefont.php

dyslexiefont/tags/1.0.0/dyslexiefont_plugin_settings.php

dyslexiefont/trunk/dyslexiefont.php

dyslexiefont/trunk/dyslexiefont_plugin_settings.php

Download in other formats: