Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2829365

Timestamp:

12/06/2022 01:04:33 PM (3 years ago)

Author:

zephilou

Message:

address last issues

Location:

cyklodev-wp-notify

Files:

: 16 added
: 3 edited

tags/1.3.4 (added)
tags/1.3.4/images (added)
tags/1.3.4/images/cyklodev.png (added)
tags/1.3.4/index.php (added)
tags/1.3.4/languages-en (added)
tags/1.3.4/languages-en/cyklodev-en_US.mo (added)
tags/1.3.4/languages-en/cyklodev-en_US.po (added)
tags/1.3.4/languages-fr (added)
tags/1.3.4/languages-fr/cyklodev-fr_FR.mo (added)
tags/1.3.4/languages-fr/cyklodev-fr_FR.po (added)
tags/1.3.4/lib (added)
tags/1.3.4/lib/twitter_api.php (added)
tags/1.3.4/readme.txt (added)
tags/1.3.4/views (added)
tags/1.3.4/views/notify.php (added)
tags/1.3.4/views/twitter.php (added)
trunk/readme.txt (modified) (1 diff)
trunk/views/notify.php (modified) (5 diffs)
trunk/views/twitter.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

cyklodev-wp-notify/trunk/readme.txt

r2825257	r2829365
5	5	Requires at least: 6.0.0
6	6	Tested up to: 6.1.1
7		Stable tag: 1.3.3
	7	Stable tag: 1.3.4
8	8	License: GPLv2 or later
9	9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

cyklodev-wp-notify/trunk/views/notify.php

-                      r2825252
+                      r2829365
             $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
             $formated_tweet = esc_html($_POST['cyklodev_notify_tweet']);
             $formated_tweet = preg_replace( "/POST_TITLE/", $post_data->post_title, $formated_tweet );
+            $formated_tweet = wp_kses_post($_POST['cyklodev_notify_tweet']);
+            $formated_tweet = preg_replace( "/POST_TITLE/", esc_html($post_data->post_title), $formated_tweet );
             $formated_tweet = preg_replace( "/POST_URL/", get_permalink(intval($_GET['update_id'])), $formated_tweet );
             $formated_tweet = preg_replace( "/BLOG_NAME/", $blogname, $formated_tweet );
 …
                     $subject = __('Un nouvel article ', 'cyklodev').$post_data->post_title.__(' sur ','cyklodev').$blogname.__(' pourrait vous intéresser.','cyklodev');
                 } else {
                     $message = esc_html($_POST['cyklodev_notify_form']);
+                    $message = wp_kses_post($_POST['cyklodev_notify_form']);
                     $message = preg_replace( "/USER_NAME/", esc_html($user->user_login), $message );
                     $message = preg_replace( "/POST_TITLE/", esc_html($post_data->post_title), $message );
                     $message = preg_replace( "/POST_URL/", get_permalink(intval($_GET['update_id'])), $message );
                     $message = preg_replace( "/BLOG_URL/", get_site_url(), $message );
                     $subject = esc_html($_POST['cyklodev_notify_subject']);
+                    $subject = wp_kses_post($_POST['cyklodev_notify_subject']);
                     $subject = preg_replace( "/POST_TITLE/", esc_html($post_data->post_title), $subject );
                     $subject = preg_replace( "/BLOG_NAME/", $blogname, $subject );
 …
 echo '  <h3>'.__("Customisez le sujet",'cyklodev').'</h3>
         <center>
             <input type="text" name="cyklodev_notify_subject" id="cyklodev_notify_subject" size="80" value="'.$default_notify_subject.'">
+            <input type="text" name="cyklodev_notify_subject" id="cyklodev_notify_subject" size="80" value="'.esc_attr($default_notify_subject).'">
         <br /><b>Tips</b> : Metawords are POST_TITLE , BLOG_NAME </center>
         <hr/>';
 …
 echo '  <h3>'.__("Customisez le texte",'cyklodev').'</h3>
         <center><textarea name="cyklodev_notify_form" id="cyklodev_notify_form" rows="10" cols="80">';
         echo preg_replace( "/<br \/><br \/>/", "\n", $default_notify_message );
+        echo preg_replace( "/<br \/><br \/>/", "\n", esc_attr($default_notify_message) );
         echo '</textarea>
 …
     echo '
         <tr>
            <td>'.$v.' ( '.  get_count_of_users($k).' )</td>
+           <td>'.esc_attr($v).' ( '.  get_count_of_users($k).' )</td>
            <td>';
     if (get_count_of_users($k) > 0){
         echo '<input type="submit" name="'.$k.'" value="'.__('Notifier','cyklodev').'" class="button"';
+        echo '<input type="submit" name="'.esc_attr($k).'" value="'.__('Notifier','cyklodev').'" class="button"';
+    }
     echo '</td>

cyklodev-wp-notify/trunk/views/twitter.php

-                      r2823001
+                      r2829365
     <tr valign="top">
         <th scope="row"><label for="<?php echo $k;?>"><?php echo $v;?></label></th>
+        <th scope="row"><label for="<?php echo esc_attr($k);?>"><?php echo esc_attr($v);?></label></th>
         <td>
             <input type="text" name="<?php echo $k;?>" value="<?php echo get_option(esc_html($k)) ?>" size="60"/>
+            <input type="text" name="<?php echo esc_attr($k);?>" value="<?php echo get_option(esc_attr($k)) ?>" size="60"/>
         </td>
     </tr>

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 2829365

Legend:

cyklodev-wp-notify/trunk/readme.txt

cyklodev-wp-notify/trunk/views/notify.php

cyklodev-wp-notify/trunk/views/twitter.php

Download in other formats: