WordPress.org
Get WordPress

Plugin Directory

Changeset 2883000


Ignore:
Timestamp:
03/19/2023 08:39:06 PM (3 years ago)
Author:
buntegiraffe
Message:

Enhanced plugin security +

Location:
show-hidecollapse-expand/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • show-hidecollapse-expand/trunk/PluginContext.php

    r2843664 r2883000  
    5050    }   
    5151    public function getEffectsEnabledOption() {
    52         return $this->_effectsEnabled;
     52        return  esc_html($this->_effectsEnabled);
    5353    }
    5454   
     
    5757    }   
    5858    public function getAnimationEffect() {
    59         return $this->_animationEffect;
     59        return  esc_html($this->_animationEffect);
    6060    }
    6161   
     
    6464    }   
    6565    public function getAnimationSpeed() {
    66         return $this->_animationSpeed;
     66        return  esc_html($this->_animationSpeed);
    6767    }
    6868   
     
    7171    }
    7272    public function getStickToBottom() {
    73         return $this->_stickToBottom;
     73        return  esc_html($this->_stickToBottom);
    7474    }
    7575   
     
    7878    }
    7979    public function getPreset1() {
    80         return $this->_preset1;
     80        return  esc_html($this->_preset1);
    8181    }
    8282   

  • show-hidecollapse-expand/trunk/bg_show_hide.php

    r2882995 r2883000  
    160160function bg_filter_shortcode_presets( $content = null) {
    161161    if ( strstr($content, '[bg_collapse_preset1') || strstr($content, strtoupper('[bg_collapse_preset1')) ) {
    162         $content = str_replace('bg_collapse_preset1', 'bg_collapse '.str_replace('\"', '"',get_option('bg_shce_preset1',' ')), $content);
     162        $content = str_replace('bg_collapse_preset1', 'bg_collapse '.str_replace('\"', '"',esc_html(get_option('bg_shce_preset1',' '))), $content);
    163163    }
    164164    return $content;
     
    203203    $bg_inline_css = esc_attr($a["inline_css"]);
    204204    $bg_custom_class = esc_attr($a["custom_class"]);
    205     $bg_button_or_link_sticks_to_content_bottom = get_option('bg_shce_stickToBottom', '0');
     205    $bg_button_or_link_sticks_to_content_bottom = esc_html(get_option('bg_shce_stickToBottom', '0'));
    206206    $showmore_btn = "";
    207207    $bg_button_or_link = false;
     
    292292    );
    293293
    294     wp_localize_script( "bg-show-hide-script", 'BG_SHCE_USE_EFFECTS', get_option('bg_shce_effectsEnabled','0'));
    295     wp_localize_script( "bg-show-hide-script", 'BG_SHCE_TOGGLE_SPEED', get_option('bg_shce_animationSpeed','400'));
     294    wp_localize_script( "bg-show-hide-script", 'BG_SHCE_USE_EFFECTS', esc_html(get_option('bg_shce_effectsEnabled','0')));
     295    wp_localize_script( "bg-show-hide-script", 'BG_SHCE_TOGGLE_SPEED', esc_html(get_option('bg_shce_animationSpeed','400')));
    296296    wp_localize_script( "bg-show-hide-script", 'BG_SHCE_TOGGLE_OPTIONS', 'none');
    297     wp_localize_script( "bg-show-hide-script", 'BG_SHCE_TOGGLE_EFFECT', get_option('bg_shce_animationEffect','blind'));
     297    wp_localize_script( "bg-show-hide-script", 'BG_SHCE_TOGGLE_EFFECT', esc_html(get_option('bg_shce_animationEffect','blind')));   
    298298   
    299299}
     
    338338    $pluginContext = new bg_show_hide_PluginContext( );
    339339    $pluginContext->setAdminPostUrl( admin_url( 'admin-post.php' ) );
    340     $pluginContext->setRedirectValue( $_SERVER['REQUEST_URI'] );
     340    $pluginContext->setRedirectValue( esc_url($_SERVER['REQUEST_URI']) );
    341341    $pluginContext->setPluginName( "Show-Hide/Collapse-Expand");
    342342    $pluginContext->setPluginSlug( "bg_show_hide");
    343     $pluginContext->setEffectsEnabledOption( get_option('bg_shce_effectsEnabled','0') );
    344     $pluginContext->setAnimationEffect( get_option('bg_shce_animationEffect','blind') );
    345     $pluginContext->setAnimationSpeed( get_option('bg_shce_animationSpeed', 400) );
    346     $pluginContext->setStickToBottom( get_option('bg_shce_stickToBottom', '0') );
    347     $pluginContext->setPreset1( get_option('bg_shce_preset1', 'view="link" icon="arrow" color="#0071bb" collapse_text="Click to close" inline_css="font-weight:bold;"') );
     343    $pluginContext->setEffectsEnabledOption( esc_html(get_option('bg_shce_effectsEnabled','0')) );
     344    $pluginContext->setAnimationEffect( esc_html(get_option('bg_shce_animationEffect','blind')) );
     345    $pluginContext->setAnimationSpeed( esc_html(get_option('bg_shce_animationSpeed', 400)) );
     346    $pluginContext->setStickToBottom( esc_html(get_option('bg_shce_stickToBottom', '0')) );
     347    $pluginContext->setPreset1( esc_html(get_option('bg_shce_preset1', 'view="link" icon="arrow" color="#0071bb" collapse_text="Click to close" inline_css="font-weight:bold;"')) );
    348348   
    349349    $activeTabName = "settings";
     
    415415        plugins_url( BG_SHCE_TMCE_STYLESHEET_FILE_URL, __FILE__ ) );
    416416
    417     wp_localize_script( "jquery", "BG_SHCE_PRESET1", array(get_option('bg_shce_preset1',' ')));
     417    wp_localize_script( "jquery", "BG_SHCE_PRESET1", array(esc_html(get_option('bg_shce_preset1',' '))));
    418418
    419419}
Note: See TracChangeset for help on using the changeset viewer.