Changeset 2749984
- Timestamp:
- 06/30/2022 04:56:03 AM (4 years ago)
- Location:
- wp-video-lightbox/trunk
- Files:
-
- 3 edited
-
readme.txt (modified) (2 diffs)
-
wp-video-lightbox.php (modified) (2 diffs)
-
wpvl-settings.php (modified) (12 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wp-video-lightbox/trunk/readme.txt
r2728690 r2749984 5 5 Requires at least: 3.0 6 6 Tested up to: 6.0 7 Stable tag: 1.9. 47 Stable tag: 1.9.5 8 8 License: GPLv2 or later 9 9 … … 124 124 == Changelog == 125 125 126 = 1.9.5 = 127 * Made some security improvements in the settings. The issues were reported by WPScan. 128 126 129 = 1.9.4 = 127 130 * Added support for private Vimeo videos. -
wp-video-lightbox/trunk/wp-video-lightbox.php
r2623792 r2749984 2 2 /* 3 3 Plugin Name: WP Video Lightbox 4 Version: 1.9. 44 Version: 1.9.5 5 5 Plugin URI: https://www.tipsandtricks-hq.com/?p=2700 6 6 Author: Tips and Tricks HQ, Ruhul Amin … … 16 16 class WP_Video_Lightbox 17 17 { 18 var $version = '1.9. 4';18 var $version = '1.9.5'; 19 19 var $db_version = '1.0'; 20 20 var $plugin_url; -
wp-video-lightbox/trunk/wpvl-settings.php
r2255406 r2749984 21 21 echo '<div class="wrap"><h1>WP Video Lightbox v'.WP_VIDEO_LIGHTBOX_VERSION.'</h1>'; 22 22 echo '<div id="poststuff"><div id="post-body">'; 23 23 $current = ''; 24 $action = ''; 24 25 if(isset($_GET['page'])){ 25 $current = $_GET['page'];26 $current = sanitize_text_field($_GET['page']); 26 27 if(isset($_GET['action'])){ 27 $current .= "&action=".$_GET['action']; 28 $action = sanitize_text_field($_GET['action']); 29 $current .= "&action=".$action; 28 30 } 29 31 } … … 42 44 echo $content; 43 45 44 if( isset($_GET['action']))46 if(!empty($action)) 45 47 { 46 switch ($ _GET['action'])48 switch ($action) 47 49 { 48 50 case 'prettyPhoto': … … 85 87 </div> 86 88 87 <form method="post" action=" <?php echo $_SERVER["REQUEST_URI"]; ?>">89 <form method="post" action=""> 88 90 <?php wp_nonce_field('wpvl_general_settings'); ?> 89 91 … … 119 121 $wpvl_prettyPhoto = WP_Video_Lightbox_prettyPhoto::get_instance(); 120 122 update_option('wpvl_enable_prettyPhoto', (isset($_POST["enable_prettyPhoto"]))?'1':''); 121 $wpvl_prettyPhoto->animation_speed = trim($_POST["animation_speed"]);122 $wpvl_prettyPhoto->slideshow = trim($_POST["slideshow"]);123 $wpvl_prettyPhoto->animation_speed = sanitize_text_field($_POST["animation_speed"]); 124 $wpvl_prettyPhoto->slideshow = sanitize_text_field($_POST["slideshow"]); 123 125 $wpvl_prettyPhoto->autoplay_slideshow = (isset($_POST["autoplay_slideshow"]))?'true':'false'; 124 $wpvl_prettyPhoto->opacity = trim($_POST["opacity"]);126 $wpvl_prettyPhoto->opacity = sanitize_text_field($_POST["opacity"]); 125 127 $wpvl_prettyPhoto->show_title = (isset($_POST["show_title"]))?'true':'false'; 126 128 $wpvl_prettyPhoto->allow_resize = (isset($_POST["allow_resize"]))?'true':'false'; 127 129 $wpvl_prettyPhoto->allow_expand = (isset($_POST["allow_expand"]))?'true':'false'; 128 $wpvl_prettyPhoto->default_width = trim($_POST["default_width"]);129 $wpvl_prettyPhoto->default_height = trim($_POST["default_height"]);130 $wpvl_prettyPhoto->counter_separator_label = trim($_POST["counter_separator_label"]);131 $wpvl_prettyPhoto->theme = trim($_POST["theme"]);132 $wpvl_prettyPhoto->horizontal_padding = trim($_POST["horizontal_padding"]);130 $wpvl_prettyPhoto->default_width = sanitize_text_field($_POST["default_width"]); 131 $wpvl_prettyPhoto->default_height = sanitize_text_field($_POST["default_height"]); 132 $wpvl_prettyPhoto->counter_separator_label = sanitize_text_field($_POST["counter_separator_label"]); 133 $wpvl_prettyPhoto->theme = sanitize_text_field($_POST["theme"]); 134 $wpvl_prettyPhoto->horizontal_padding = sanitize_text_field($_POST["horizontal_padding"]); 133 135 $wpvl_prettyPhoto->hideflash = (isset($_POST["hideflash"]))?'true':'false'; 134 $wpvl_prettyPhoto->wmode = trim($_POST["wmode"]);136 $wpvl_prettyPhoto->wmode = sanitize_text_field($_POST["wmode"]); 135 137 $wpvl_prettyPhoto->autoplay = (isset($_POST["autoplay"]))?'true':'false'; 136 138 $wpvl_prettyPhoto->modal = (isset($_POST["modal"]))?'true':'false'; … … 157 159 </div> 158 160 159 <form method="post" action=" <?php echo $_SERVER["REQUEST_URI"]; ?>">161 <form method="post" action=""> 160 162 <?php wp_nonce_field('wpvl_prettyPhoto_settings'); ?> 161 163 … … 231 233 <tr valign="top"> 232 234 <th scope="row"><label for="opacity"><?php _e('Default width', 'wp-video-lightbox')?></label></th> 233 <td><input name="default_width" type="text" id="default_width" value="<?php echo $wpvl_prettyPhoto->default_width; ?>" class="regular-text">235 <td><input name="default_width" type="text" id="default_width" value="<?php echo esc_attr($wpvl_prettyPhoto->default_width); ?>" class="regular-text"> 234 236 <p class="description"><?php echo sprintf(__('[default: %s]', 'wp-video-lightbox'), '640')?></p></td> 235 237 </tr> … … 237 239 <tr valign="top"> 238 240 <th scope="row"><label for="opacity"><?php _e('Default height', 'wp-video-lightbox')?></label></th> 239 <td><input name="default_height" type="text" id="default_height" value="<?php echo $wpvl_prettyPhoto->default_height; ?>" class="regular-text">241 <td><input name="default_height" type="text" id="default_height" value="<?php echo esc_attr($wpvl_prettyPhoto->default_height); ?>" class="regular-text"> 240 242 <p class="description"><?php echo sprintf(__('[default: %s]', 'wp-video-lightbox'), '480')?></p></td> 241 243 </tr> … … 243 245 <tr valign="top"> 244 246 <th scope="row"><label for="opacity"><?php _e('Counter separator label', 'wp-video-lightbox')?></label></th> 245 <td><input name="counter_separator_label" type="text" id="counter_separator_label" value="<?php echo $wpvl_prettyPhoto->counter_separator_label; ?>" class="regular-text">247 <td><input name="counter_separator_label" type="text" id="counter_separator_label" value="<?php echo esc_attr($wpvl_prettyPhoto->counter_separator_label); ?>" class="regular-text"> 246 248 <p class="description"><?php echo sprintf(__('The separator for the gallery counter 1 "of" 2 [default: %s]', 'wp-video-lightbox'), '/')?></p></td> 247 249 </tr> … … 265 267 <tr valign="top"> 266 268 <th scope="row"><label for="opacity"><?php _e('Horizontal padding', 'wp-video-lightbox')?></label></th> 267 <td><input name="horizontal_padding" type="text" id="horizontal_padding" value="<?php echo $wpvl_prettyPhoto->horizontal_padding; ?>" class="regular-text">269 <td><input name="horizontal_padding" type="text" id="horizontal_padding" value="<?php echo esc_attr($wpvl_prettyPhoto->horizontal_padding); ?>" class="regular-text"> 268 270 <p class="description"><?php echo sprintf(__('The padding on each side of the picture [default: %s]', 'wp-video-lightbox'), '20')?> </p></td> 269 271 </tr> … … 373 375 </div> 374 376 375 <form method="post" action=" <?php echo $_SERVER["REQUEST_URI"]; ?>">377 <form method="post" action=""> 376 378 <?php wp_nonce_field('wpvl_fancyBox_settings'); ?> 377 379 … … 398 400 399 401 function current_tab() { 400 $tab = isset( $_GET['tab'] ) ? $_GET['tab']: $this->plugin_settings_page_key;402 $tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $this->plugin_settings_page_key; 401 403 return $tab; 402 404 } … … 410 412 function plugin_options_tabs() 411 413 { 412 $current_tab = isset( $_GET['tab'] ) ? $_GET['tab']: $this->plugin_settings_page_key;414 $current_tab = isset( $_GET['tab'] ) ? sanitize_text_field($_GET['tab']) : $this->plugin_settings_page_key; 413 415 echo '<h2 class="nav-tab-wrapper">'; 414 416 foreach ( $this->plugin_settings_tabs as $tab_key => $tab_caption )
Note: See TracChangeset
for help on using the changeset viewer.