Changeset 3067351
- Timestamp:
- 04/09/2024 07:43:26 AM (2 years ago)
- Location:
- carousel-slider/trunk
- Files:
-
- 6 edited
-
carousel-slider.php (modified) (2 diffs)
-
includes/Supports/Sanitize.php (modified) (15 diffs)
-
modules/HeroCarousel/Admin.php (modified) (1 diff)
-
modules/HeroCarousel/Item.php (modified) (7 diffs)
-
modules/HeroCarousel/Module.php (modified) (5 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
carousel-slider/trunk/carousel-slider.php
r3066158 r3067351 4 4 * Plugin URI: https://sayfulislam.com/?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash 5 5 * Description: <strong>Carousel Slider</strong> allows you to create beautiful, touch enabled, responsive carousels and sliders. It let you create SEO friendly Image carousel from Media Library or from custom URL, Video carousel using Youtube and Vimeo video, Post carousel, Hero banner slider and various types of WooCommerce products carousels. 6 * Version: 2.2. 96 * Version: 2.2.10 7 7 * Author: Sayful Islam 8 8 * Author URI: https://sayfulislam.com/?utm_source=wp-plugins&utm_campaign=author-uri&utm_medium=wp-dash … … 53 53 * @var string 54 54 */ 55 private $version = '2.2. 9';55 private $version = '2.2.10'; 56 56 57 57 /** -
carousel-slider/trunk/includes/Supports/Sanitize.php
r2994748 r3067351 13 13 * Sanitize number options. 14 14 * 15 * @param mixed $valueThe value to be sanitized.15 * @param mixed $value The value to be sanitized. 16 16 * 17 17 * @return int|float … … 32 32 * Sanitize float number 33 33 * 34 * @param mixed $valueThe value to be sanitized.34 * @param mixed $value The value to be sanitized. 35 35 * 36 36 * @return float … … 47 47 * Sanitize integer number 48 48 * 49 * @param mixed $valueThe value to be sanitized.49 * @param mixed $value The value to be sanitized. 50 50 * 51 51 * @return int … … 62 62 * Sanitize email 63 63 * 64 * @param mixed $valueThe value to be sanitized.64 * @param mixed $value The value to be sanitized. 65 65 * 66 66 * @return string … … 73 73 * Sanitize url 74 74 * 75 * @param mixed $valueThe value to be sanitized.75 * @param mixed $value The value to be sanitized. 76 76 * 77 77 * @return string … … 90 90 * - Strips octets 91 91 * 92 * @param mixed $valueThe value to be sanitized.92 * @param mixed $value The value to be sanitized. 93 93 * 94 94 * @return string … … 105 105 * input in textarea elements. 106 106 * 107 * @param mixed $valueThe value to be sanitized.107 * @param mixed $value The value to be sanitized. 108 108 * 109 109 * @return string … … 118 118 * This can be used for determining if an HTML checkbox has been checked. 119 119 * 120 * @param mixed $valueThe value to be sanitized.120 * @param mixed $value The value to be sanitized. 121 121 * 122 122 * @return mixed|boolean|string … … 132 132 * Check if the given input is a valid date. 133 133 * 134 * @param mixed $valueThe value to be sanitized.134 * @param mixed $value The value to be sanitized. 135 135 * 136 136 * @return boolean … … 149 149 * Sanitize short block html input 150 150 * 151 * @param mixed $valueThe value to be sanitized.151 * @param mixed $value The value to be sanitized. 152 152 * 153 153 * @return string … … 160 160 * Sanitize colors. 161 161 * 162 * @param mixed $valueThe color.162 * @param mixed $value The color. 163 163 * 164 164 * @return string … … 174 174 175 175 // This pattern will check and match 3/6/8-character hex, rgb, rgba, hsl, & hsla colors. 176 $pattern 176 $pattern = '/^(\#[\da-f]{3}|\#[\da-f]{6}|\#[\da-f]{8}|'; 177 177 $pattern .= 'rgba\(((\d{1,2}|1\d\d|2([0-4]\d|5[0-5]))\s*,\s*){2}((\d{1,2}|1\d\d|2([0-4]\d|5[0-5]))\s*)(,\s*(0\.\d+|1))\)|'; 178 178 $pattern .= 'hsla\(\s*((\d{1,2}|[1-2]\d{2}|3([0-5]\d|60)))\s*,\s*((\d{1,2}|100)\s*%)\s*,\s*((\d{1,2}|100)\s*%)(,\s*(0\.\d+|1))\)|'; … … 193 193 * Sanitize meta value 194 194 * 195 * @param mixed $valueThe value to be sanitized.195 * @param mixed $value The value to be sanitized. 196 196 * 197 197 * @return mixed … … 222 222 * Sanitize array of integer 223 223 * 224 * @param mixed $valueThe value to be sanitized.224 * @param mixed $value The value to be sanitized. 225 225 * 226 226 * @return array … … 233 233 return map_deep( $value, 'intval' ); 234 234 } 235 236 /** 237 * Sanitizes css dimensions. 238 * 239 * @param mixed $value The value to be sanitized. 240 * 241 * @return string 242 */ 243 public static function css_dimension( $value ): string { 244 if ( ! ( is_string( $value ) || is_numeric( $value ) ) ) { 245 return ''; 246 } 247 // Trim it. 248 $value = trim( $value ); 249 250 // If the value is round, then return 50%. 251 if ( 'round' === $value ) { 252 $value = '50%'; 253 } 254 255 // If the value is empty, return empty. 256 if ( '' === $value ) { 257 return ''; 258 } 259 260 // If auto, inherit or initial, return the value. 261 if ( 'auto' === $value || 'initial' === $value || 'inherit' === $value ) { 262 return $value; 263 } 264 265 // Return empty if there are no numbers in the value. 266 if ( ! preg_match( '#[0-9]#', $value ) ) { 267 return ''; 268 } 269 270 // The raw value without the units. 271 $raw_value = filter_var( $value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION ); 272 $unit_used = ''; 273 274 // An array of all valid CSS units. Their order was carefully chosen for this evaluation, don't mix it up!!! 275 $units = array( 276 'rem', 277 'em', 278 'ex', 279 '%', 280 'px', 281 'cm', 282 'mm', 283 'in', 284 'pt', 285 'pc', 286 'ch', 287 'vh', 288 'vw', 289 'vmin', 290 'vmax', 291 ); 292 foreach ( $units as $unit ) { 293 if ( false !== strpos( $value, $unit ) ) { 294 $unit_used = $unit; 295 } 296 } 297 298 // Hack for rem values. 299 if ( 'em' === $unit_used && false !== strpos( $value, 'rem' ) ) { 300 $unit_used = 'rem'; 301 } 302 303 return $raw_value . $unit_used; 304 } 235 305 } -
carousel-slider/trunk/modules/HeroCarousel/Admin.php
r2994748 r3067351 842 842 'left' => '1rem', 843 843 ], 844 'input_attributes' => [ 845 'value' => isset( $content_settings['slide_padding'] ) && is_array( $content_settings['slide_padding'] ) ? 846 $content_settings['slide_padding'] : [], 847 ], 844 848 ] 845 849 ); -
carousel-slider/trunk/modules/HeroCarousel/Item.php
r2994748 r3067351 84 84 * Class constructor. 85 85 * 86 * @param array $argsOptional arguments.87 * @param array $slider_settingsSlider settings.86 * @param array $args Optional arguments. 87 * @param array $slider_settings Slider settings. 88 88 */ 89 89 public function __construct( array $args = [], array $slider_settings = [] ) { … … 104 104 * Set setting 105 105 * 106 * @param Setting|SliderSetting $settingThe SliderSetting object.106 * @param Setting|SliderSetting $setting The SliderSetting object. 107 107 */ 108 108 public function set_setting( Setting $setting ) { … … 123 123 * Get default value 124 124 * 125 * @param string $keyProps key.126 * @param mixed $defaultDefault value.125 * @param string $key Props key. 126 * @param mixed $default Default value. 127 127 * 128 128 * @return mixed|string … … 135 135 * Sanitize item data 136 136 * 137 * @param array $dataThe data to be sanitized.137 * @param array $data The data to be sanitized. 138 138 * 139 139 * @return array … … 262 262 'left' => '3rem', 263 263 ]; 264 $slide_padding = isset( $this->slider_settings['slide_padding'] ) && is_array( $this->slider_settings['slide_padding'] ) ? 265 $this->slider_settings['slide_padding'] : []; 264 $slide_padding = []; 265 if ( isset( $this->slider_settings['slide_padding'] ) && is_array( $this->slider_settings['slide_padding'] ) ) { 266 foreach ( $this->slider_settings['slide_padding'] as $position => $value ) { 267 if ( array_key_exists( $position, $default ) ) { 268 $slide_padding[ $position ] = $value; 269 } 270 } 271 } 266 272 267 273 return wp_parse_args( $slide_padding, $default ); … … 422 428 423 429 $styles = [ 424 'padding-top' => $slide_padding['top'],425 'padding-right' => $slide_padding['right'],426 'padding-bottom' => $slide_padding['bottom'],427 'padding-left' => $slide_padding['left'],430 'padding-top' => esc_attr( $slide_padding['top'] ), 431 'padding-right' => esc_attr( $slide_padding['right'] ), 432 'padding-bottom' => esc_attr( $slide_padding['bottom'] ), 433 'padding-left' => esc_attr( $slide_padding['left'] ), 428 434 ]; 429 435 … … 571 577 } 572 578 573 return '<' . ( $is_full_link ? 'a' : 'div' ) . ' ' . join( ' ', Helper::array_to_attribute( $cell_attr ) ) . '>'; 579 return '<' . ( $is_full_link ? 'a' : 'div' ) . ' ' . join( ' ', 580 Helper::array_to_attribute( $cell_attr ) ) . '>'; 574 581 } 575 582 -
carousel-slider/trunk/modules/HeroCarousel/Module.php
r2994748 r3067351 4 4 5 5 use CarouselSlider\Helper; 6 use CarouselSlider\Supports\Sanitize; 6 7 7 8 defined( 'ABSPATH' ) || exit; … … 45 46 * Register view for hero carousel 46 47 * 47 * @param array $viewsList of views.48 * @param array $views List of views. 48 49 * 49 50 * @return array … … 58 59 * Save slider content and settings 59 60 * 60 * @param int $slider_idThe slider id.61 * @param array $dataUser submitted data.61 * @param int $slider_id The slider id. 62 * @param array $data User submitted data. 62 63 */ 63 64 public function save_slider( int $slider_id, array $data ) { … … 76 77 } 77 78 78 if ( isset( $data['content_settings'] ) ) {79 $this->update_content_settings( $slider_id );79 if ( isset( $data['content_settings'] ) && is_array( $data['content_settings'] ) ) { 80 $this->update_content_settings( $slider_id, $data['content_settings'] ); 80 81 } 81 82 } … … 84 85 * Update hero carousel settings 85 86 * 86 * @param int $post_idpost id.87 * @param int $post_id post id. 87 88 */ 88 private function update_content_settings( int $post_id ) { 89 // phpcs:ignore WordPress.Security.NonceVerification.Missing 90 $setting = $_POST['content_settings'] ?? []; 89 private function update_content_settings( int $post_id, array $setting ) { 91 90 $_settings = [ 92 'slide_height' => sanitize_text_field( $setting['slide_height'] ),93 'content_width' => sanitize_text_field( $setting['content_width'] ),91 'slide_height' => Sanitize::css_dimension( $setting['slide_height'] ), 92 'content_width' => Sanitize::css_dimension( $setting['content_width'] ), 94 93 'content_animation' => sanitize_text_field( $setting['content_animation'] ), 95 94 'slide_padding' => [ 96 'top' => sanitize_text_field( $setting['slide_padding']['top'] ),97 'right' => sanitize_text_field( $setting['slide_padding']['right'] ),98 'bottom' => sanitize_text_field( $setting['slide_padding']['bottom'] ),99 'left' => sanitize_text_field( $setting['slide_padding']['left'] ),95 'top' => Sanitize::css_dimension( $setting['slide_padding']['top'] ), 96 'right' => Sanitize::css_dimension( $setting['slide_padding']['right'] ), 97 'bottom' => Sanitize::css_dimension( $setting['slide_padding']['bottom'] ), 98 'left' => Sanitize::css_dimension( $setting['slide_padding']['left'] ), 100 99 ], 101 100 ]; -
carousel-slider/trunk/readme.txt
r3066158 r3067351 4 4 Tags: carousel, carousel slider, image carousel, product carousel, slider 5 5 Requires at least: 5.6 6 Tested up to: 6. 46 Tested up to: 6.5 7 7 Requires PHP: 7.0 8 Stable tag: 2.2. 88 Stable tag: 2.2.10 9 9 License: GPLv3 10 10 License URI: https://www.gnu.org/licenses/gpl-3.0.txt … … 97 97 == Changelog == 98 98 99 = version 2.2.10 - 2024-04-09 = 100 * Fix - Fix XSS security vulnerability from slide edit page. 101 99 102 = version 2.2.9 - 2024-04-07 = 100 103 * Dev - Update compatibility with WooCommerce High-Performance Order Storage.
Note: See TracChangeset
for help on using the changeset viewer.