WordPress.org
Get WordPress

Plugin Directory

Changeset 3181339


Ignore:
Timestamp:
11/04/2024 11:48:48 AM (17 months ago)
Author:
blueglassinteractive
Message:

v 2.7.10

Location:
job-postings
Files:
554 added
3 edited

Legend:

Unmodified
Added
Removed

  • job-postings/trunk/include/class-job-single-view.php

    r3174757 r3181339  
    558558                                    case 'tinymce':
    559559
     560                                        //print_r( $allowed_html );
     561
    560562                                        # INPUT
    561563                                        $value = isset( $values[$key] ) ? $values[$key][0] : '';
    562564                                        $value = apply_filters('job-postings/content/tinymce', $value, $post_id);
     565
     566                                        $allow_script_in_html = apply_filters( 'job-postings/allow-script-in-html', false, $post_id );
     567                                       
     568                                        $allowed_html = wp_kses_allowed_html('post');
     569                                        if( $allow_script_in_html === false ){
     570                                            if( isset($allowed_html['script']) ) unset($allowed_html['script']);
     571                                        }else{
     572                                            $allowed_html['script'] = [];
     573                                        }
     574                                       
     575                                        $value = wp_kses($value, $allowed_html);
    563576
    564577                                        $tinymce_content = wpautop($value);

  • job-postings/trunk/job-postings.php

    r3174757 r3181339  
    55Description: WordPress plugin that make it easy to add job postings to your company’s website in a structured way.
    66Author: BlueGlass
    7 Version: 2.7.9
     7Version: 2.7.10
    88Author URI: http://blueglass.ch/
    99Text Domain: job-postings
     
    1414if( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
    1515
    16 define('JOBPOSTINGSVERSION', '2.7.8');
     16define('JOBPOSTINGSVERSION', '2.7.10');
    1717define('JOBPOSTINGSPATH', plugin_dir_path( __FILE__ ));
    1818define('JOBPOSTINGSURL', plugin_dir_url(__FILE__));

  • job-postings/trunk/readme.txt

    r3174757 r3181339  
    44Requires at least: 5.0
    55Tested up to: 6.4.3
    6 Stable tag: 2.7.9
     6Stable tag: 2.7.10
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    4141== Changelog ==
    4242
     43= 2.7.10 =
     44* Fixed escaping for TinyMCE fields to enhance XSS protection.
     45* Added a conditional filter to allow specific users to include <script> tags in meta fields if required: $allow_script_in_html = apply_filters('job-postings/allow-script-in-html', false, $post_id);
     46* Updated security measures to ensure that only permitted users can embed scripts, with all other users restricted to safe HTML.
     47
    4348= 2.7.9 =
    4449* Hot fix for HTML escape in content
Note: See TracChangeset for help on using the changeset viewer.