WordPress.org
Get WordPress

Plugin Directory

Changeset 3180850


Ignore:
Timestamp:
11/03/2024 09:09:38 PM (17 months ago)
Author:
LogicHunt
Message:

Fixed Cross-Site Scripting Issue.

  • Check Latest Compatibility.
Location:
logo-slider-wp
Files:
125 added
6 edited

Legend:

Unmodified
Added
Removed

  • logo-slider-wp/trunk/admin/class-logo-slider-wp-admin.php

    r3154367 r3180850  
    229229
    230230                $savable_Data['company_url']   = sanitize_url( $postData['company_url'] );
    231                 $savable_Data['company_name']  = sanitize_text_field( $postData['company_name'] );
    232                 $savable_Data['tooltip_text']  = sanitize_text_field( $postData['tooltip_text'] );
     231              //  $savable_Data['company_name']  = sanitize_text_field( $postData['company_name'] );
     232                $savable_Data['company_name']  = (( isset($postData['company_name'])) ? sanitize_text_field( esc_html(esc_js($postData['company_name']) )): '');
     233               // $savable_Data['tooltip_text']  = sanitize_text_field( $postData['tooltip_text'] );
     234                $savable_Data['tooltip_text']  = (( isset($postData['tooltip_text'])) ? sanitize_text_field( esc_html(esc_js($postData['tooltip_text']) )): '');
    233235                $savable_Data['company_desc']  = sanitize_textarea_field( $postData['company_desc'] );
    234236
     
    863865                $savable_Data['lgx_item_sort_order_by'] = (( isset($postData['lgx_item_sort_order_by'])) ? sanitize_text_field( $postData['lgx_item_sort_order_by']) :'menu_order');
    864866               
    865                 $savable_Data['lgx_logo_height']                = (( isset($postData['lgx_logo_height'])) ? sanitize_text_field( $postData['lgx_logo_height']) : 'auto');
     867                //$savable_Data['lgx_logo_height']                = (( isset($postData['lgx_logo_height'])) ? sanitize_text_field( $postData['lgx_logo_height']) : 'auto');
     868                $savable_Data['lgx_logo_height']                 = (( isset($postData['lgx_logo_height'])) ? sanitize_text_field( esc_html(esc_js($postData['lgx_logo_height']) )): 'auto');
    866869                $savable_Data['lgx_logo_height_property']        = (( isset($postData['lgx_logo_height_property'])) ? sanitize_text_field( $postData['lgx_logo_height_property']) : 'max-height');
    867870
    868                 $savable_Data['lgx_logo_width']         = (( isset($postData['lgx_logo_width'])) ? sanitize_text_field( $postData['lgx_logo_width'])  : '100%');
     871                //$savable_Data['lgx_logo_width']         = (( isset($postData['lgx_logo_width'])) ? sanitize_text_field( $postData['lgx_logo_width'])  : '100%');
     872                $savable_Data['lgx_logo_width']             = (( isset($postData['lgx_logo_width'])) ? sanitize_text_field( esc_html(esc_js($postData['lgx_logo_width']) )): '100%');
    869873                $savable_Data['lgx_logo_width_property']         = (( isset($postData['lgx_logo_width_property'])) ? sanitize_text_field( $postData['lgx_logo_width_property'])  : 'max-width');
    870874               

  • logo-slider-wp/trunk/admin/partials/meta_fields_display_for_logosliderwp.php

    r3154367 r3180850  
    2121
    2222$company_url         = isset( $fieldValues['company_url'] ) ? esc_url($fieldValues['company_url'] ): '';
    23 $company_name        = isset( $fieldValues['company_name'] ) ? esc_attr($fieldValues['company_name']) : '';
    24 $tooltip_text        = isset( $fieldValues['tooltip_text'] ) ? esc_attr($fieldValues['tooltip_text'] ): '';
     23$company_name = (! empty( $fieldValues['company_name']) ? esc_html(esc_js($fieldValues['company_name'])) : '');
     24//$company_name        = isset( $fieldValues['company_name'] ) ? esc_attr($fieldValues['company_name']) : '';
     25//$tooltip_text        = isset( $fieldValues['tooltip_text'] ) ? esc_attr($fieldValues['tooltip_text'] ): '';
     26$tooltip_text = (! empty( $fieldValues['tooltip_text']) ? esc_html(esc_js($fieldValues['tooltip_text'])) : '');
    2527$company_desc        = isset( $fieldValues['company_desc'] ) ? esc_attr($fieldValues['company_desc'] ): '';
    2628
     29
     30       
    2731
    2832?>

  • logo-slider-wp/trunk/includes/LgxMetaForm.php

    r3081227 r3180850  
    4444       $default_value_text = isset( $args['default_text'] ) ? $args['default_text'] : '';
    4545       $meta_text          = get_post_meta( $post->ID, '_lgx_lsp_shortcodes_meta', true );
    46        $meta_value_text    = (! empty( $meta[$args['id_text']] ) ? $meta[$args['id_text']] : $default_value_text);
    47 
    48 
     46       $meta_value_text    = (! empty( $meta[$args['id_text']] ) ? esc_html(esc_js($meta[$args['id_text']])) : $default_value_text);
     47       
    4948        $output.= '<td>';
    5049        $output.= '<div class="lgx_group_field_wrap">';

  • logo-slider-wp/trunk/logo-slider-wp.php

    r3154367 r3180850  
    88 *
    99 * @wordpress-plugin
    10  * Plugin Name:       Logo Slider Free
     10 * Plugin Name:       Logo Slider
    1111 * Plugin URI:        https://logichunt.com/product/wordpress-logo-slider/
    1212 * Description:       Ultimate & Most Popular Responsive Logo Showcase Slider. Display Unlimited Client, Supporter, Partner, Sponsor, or Brand Logo with Infinite Slides Loop.
    13  * Version:           4.1.0
     13 * Version:           4.5.0
    1414 * Author:            LogicHunt Inc.
    1515 * Author URI:        http://logichunt.com
     
    2828
    2929//plugin definition specific constants
    30 defined( 'LGX_LS_PLUGIN_VERSION' )        or define( 'LGX_LS_PLUGIN_VERSION', '4.1.0' );
     30defined( 'LGX_LS_PLUGIN_VERSION' )        or define( 'LGX_LS_PLUGIN_VERSION', '4.5.0' );
    3131defined( 'LGX_LS_WP_PLUGIN' )             or define( 'LGX_LS_WP_PLUGIN', 'logo-slider-wp' );
    3232defined( 'LGX_LS_PLUGIN_BASE' )           or define( 'LGX_LS_PLUGIN_BASE', plugin_basename( __FILE__ ) );

  • logo-slider-wp/trunk/public/partials/template/_item.php

    r2916521 r3180850  
    2222$post_id            = get_the_ID();
    2323$metavalues         = get_post_meta( $post_id, '_logosliderwpmeta', true );
    24 $company_name       = ( (isset($metavalues['company_name'])) ? $metavalues['company_name'] : '' );
     24//$company_name       = ( (isset($metavalues['company_name'])) ? $metavalues['company_name'] : '' );
     25$company_name = (! empty( $fieldValues['company_name']) ? esc_html(esc_js($fieldValues['company_name'])) : '');
    2526$company_url        = ( (isset($metavalues['company_url'])) ? $metavalues['company_url'] : 'javascript:void(0);' );
    26 $tooltip_text       = ( (isset($metavalues['tooltip_text'])) ? $metavalues['tooltip_text'] : '' );
     27//$tooltip_text       = ( (isset($metavalues['tooltip_text'])) ? $metavalues['tooltip_text'] : '' );
     28$tooltip_text = (! empty( $fieldValues['tooltip_text']) ? esc_html(esc_js($fieldValues['tooltip_text'])) : '');
    2729$company_desc        = (!empty($metavalues['company_desc']) ? $metavalues['company_desc'] : '');
    2830$thumb_url          = '';

  • logo-slider-wp/trunk/readme.txt

    r3154367 r3180850  
    1 === Logo Slider - Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin ===
     1=== Logo Slider - Logo Carousel, Logo Showcase & Client Logo Slider Plugin ===
    22Contributors: LogicHunt, themearth, vaskarjewel, sudarshan955
    33Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=vaspal%2ekt%40gmail%2ecom&lc=US&item_name=LogicHunt&item_number=wp&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_LG%2egif%3aNonHosted
    44TagsTags: logo slider, logo carousel, logo showcase, logo grid, wordpress logo slider, client logo slider, brand logo carousel slider, sponsors logo slider, logo carousel slider, responsive slider, wordpress logo slider, logo ticker, wordpress logo carousel, logo slideshow, partners slider, affiliates, supporters logo slider, team slider, team showcase, wordpress logo showcase, wp logo slider
    55Requires at least: 4.3
    6 Tested up to: 6.6.2
    7 Stable tag: 4.1.0
     6Tested up to: 6.7.0
     7Stable tag: 4.5.0
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
    1010
    11 Logo Slider is a 100% Responsive Logo Carousel Slider & Grid Showcase WordPress Plugin. This Highly Customizable Logo Carousel Slider Can Display Unlimited Logo with Infinity Slides Loop.
     11Responsive Logo Slider & Grid Showcase plugin for WordPress. Display unlimited logos with customizable carousel and infinite loop.
    1212
    1313== Description ==
     
    200200== Changelog ==
    201201
     202= 4.5.0 =
     203* Fixed Cross-Site Scripting Issue.
     204* Check Latest Compatibility.
     205
    202206= 4.1.0 =
    203207* Improved Plugin Securities.
Note: See TracChangeset for help on using the changeset viewer.