Changeset 3356450
- Timestamp:
- 09/05/2025 05:45:58 AM (6 months ago)
- Location:
- osm-map-elementor/trunk
- Files:
-
- 4 edited
-
constants.php (modified) (1 diff)
-
osm-map-elementor.php (modified) (6 diffs)
-
osm-map.php (modified) (18 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
osm-map-elementor/trunk/constants.php
r3107495 r3356450 2 2 define('OSM_MAP_SLUG', 'osm-map-elementor'); 3 3 define('OSM_PLUGIN_FOLDER', basename(__DIR__) != 'trunk' ? basename(__DIR__) : OSM_MAP_SLUG); 4 define('OSM_MAP_VERSION', '1.3. 0');4 define('OSM_MAP_VERSION', '1.3.1'); -
osm-map-elementor/trunk/osm-map-elementor.php
r3107495 r3356450 5 5 * Author: Plugin Contributors 6 6 * Author URI: https://github.com/flopperj/osm-map-elementor/graphs/contributors 7 * Version: 1.3. 07 * Version: 1.3.1 8 8 */ 9 9 … … 35 35 36 36 // queue admin styles 37 wp_register_style('osm-map-admin', plugins_url('/' . OSM_PLUGIN_FOLDER . '/assets/css/admin.css') );37 wp_register_style('osm-map-admin', plugins_url('/' . OSM_PLUGIN_FOLDER . '/assets/css/admin.css'), [], OSM_MAP_VERSION); 38 38 wp_enqueue_style('osm-map-admin'); 39 39 … … 41 41 42 42 // grab settings, sanitize, validate and save them 43 if (!empty($action) && $action == 'save_settings' && isset($_REQUEST['osm_widget']) && is_array($_REQUEST['osm_widget'])) { 44 43 if (!empty($action) && $action == 'save_settings' && isset($_REQUEST['osm_widget']) && is_array($_REQUEST['osm_widget']) && wp_verify_nonce($_REQUEST['osm_settings_nonce'], 'osm_settings_action')) { 45 44 $input = isset($_REQUEST['osm_widget']) ? $_REQUEST['osm_widget'] : []; 46 45 … … 60 59 61 60 // redirect to form with confirmation alert message 62 wp_redirect($_SERVER['HTTP_REFERER'] . '&action=settings_saved'); 61 $redirect_url = admin_url('options-general.php'); 62 wp_redirect(add_query_arg([ 63 'page' => 'osm-map-elementor', 64 'action' => 'settings_saved', 65 ], $redirect_url)); 63 66 } 64 67 … … 70 73 <?php if (!empty($_REQUEST['action']) && sanitize_key($_REQUEST['action']) == 'settings_saved'): ?> 71 74 <div style="background-color: rgb(255, 251, 204);" id="alert-message" class="updated"><p> 72 <strong><?php echo __('Settings saved') ?>.</strong></p></div>75 <strong><?php echo esc_html(__('Settings saved')) ?>.</strong></p></div> 73 76 <?php endif; ?> 74 <form action="<?php echo $_SERVER['REQUEST_URI'] . '&action=save_settings'; ?>" method="post"> 77 <form action="<?php 78 $form_action_url = admin_url('options-general.php'); 79 echo esc_url(add_query_arg([ 80 'page' => 'osm-map-elementor', 81 'action' => 'save_settings', 82 ], $form_action_url)); 83 ?>" method="post"> 84 <?php wp_nonce_field('osm_settings_action', 'osm_settings_nonce'); ?> 75 85 <div class="form-group"> 76 86 <div class="card"> … … 189 199 add_action('init', function () { 190 200 add_filter('wp_enqueue_scripts', function () { 191 wp_enqueue_script('jquery', false, [], false, false);201 wp_enqueue_script('jquery', false, [], OSM_MAP_VERSION, false); 192 202 }, 1); 193 203 }, 1); -
osm-map-elementor/trunk/osm-map.php
r3107495 r3356450 261 261 'type' => Controls_Manager::SELECT, 262 262 'options' => [ 263 264 263 '_self' => 'Same Window', 264 '_blank' => 'New Window/Tab' 265 265 ], 266 266 'default' => '_blank', … … 1059 1059 ] 1060 1060 ); 1061 1061 1062 1062 $this->add_control( 1063 1063 'title_color', … … 1446 1446 $settings['breakpoints'] = \Elementor\Plugin::$instance->breakpoints->get_breakpoints(); 1447 1447 1448 if (0 === absint($settings['zoom']['size'])) { 1448 // Ensure zoom settings exist and have proper defaults 1449 if (!isset($settings['zoom']) || !is_array($settings['zoom'])) { 1450 $settings['zoom'] = ['size' => 10]; 1451 } elseif (!isset($settings['zoom']['size']) || 0 === absint($settings['zoom']['size'])) { 1449 1452 $settings['zoom']['size'] = 10; 1450 1453 } 1451 1454 1452 if (0 === absint($settings['height']['size'])) { 1455 // Ensure height settings exist and have proper defaults 1456 if (!isset($settings['height']) || !is_array($settings['height'])) { 1457 $settings['height'] = ['size' => 200]; 1458 } elseif (!isset($settings['height']['size']) || 0 === absint($settings['height']['size'])) { 1453 1459 $settings['height']['size'] = 200; 1454 1460 } … … 1456 1462 // get all marker coords to help calculate center 1457 1463 $coords = []; 1458 foreach ($markers as $marker) { 1459 1460 // hide markers that have been toggled off 1461 if (isset($marker['marker_visible']) && empty($marker['marker_visible'])) { 1462 continue; 1463 } 1464 1465 $loc = explode(',', $marker['marker_coords']); 1466 if (!empty($loc) && sizeof($loc) == 2) { 1467 $coords[] = [ 1468 'marker' => $marker, 1469 'lat' => $loc[0], 1470 'lng' => $loc[1] 1471 ]; 1464 if (is_array($markers)) { 1465 foreach ($markers as $marker) { 1466 1467 // hide markers that have been toggled off 1468 if (isset($marker['marker_visible']) && empty($marker['marker_visible'])) { 1469 continue; 1470 } 1471 1472 $loc = explode(',', $marker['marker_coords']); 1473 if (!empty($loc) && sizeof($loc) == 2) { 1474 $coords[] = [ 1475 'marker' => $marker, 1476 'lat' => $loc[0], 1477 'lng' => $loc[1] 1478 ]; 1479 } 1472 1480 } 1473 1481 } … … 1478 1486 echo '<div id="' . esc_attr('osm-map-' . $this->get_id()) . '" 1479 1487 class="osm-map-container" 1480 data-center="' . implode(',', $center_coords) . '"></div>';1488 data-center="' . esc_attr(implode(',', $center_coords)) . '"></div>'; 1481 1489 1482 1490 ?> … … 1489 1497 "use strict"; 1490 1498 const displaySettings = <?php echo wp_json_encode($settings); ?>; 1491 const mapId = '<?php echo 'osm-map-' . $this->get_id(); ?>';1499 const mapId = '<?php echo esc_js('osm-map-' . $this->get_id()); ?>'; 1492 1500 const mapContainer = jQuery('#' + mapId); 1493 1501 const center = mapContainer.data('center'); 1502 1503 // Security: HTML escaping functions to prevent XSS 1504 const escapeHtml = function (text) { 1505 if (!text) return ''; 1506 const map = { 1507 '&': '&', 1508 '<': '<', 1509 '>': '>', 1510 '"': '"', 1511 "'": ''' 1512 }; 1513 return text.toString().replace(/[&<>"']/g, function (m) { 1514 return map[m]; 1515 }); 1516 }; 1517 1518 // Security: URL escaping function to prevent XSS in href attributes 1519 const escapeUrl = function (url) { 1520 if (!url) return '#'; 1521 // Basic URL validation and escaping 1522 try { 1523 // If it's a valid URL, return it 1524 new URL(url); 1525 return url; 1526 } catch (e) { 1527 // If not a valid URL, escape it and return as javascript:void(0) 1528 return 'javascript:void(0)'; 1529 } 1530 }; 1494 1531 const hasDesktopZoomLevel = displaySettings && displaySettings.hasOwnProperty('zoom') && displaySettings.zoom && displaySettings.zoom.hasOwnProperty('size'); 1495 1532 const hasTabletZoomLevel = displaySettings && displaySettings.hasOwnProperty('zoom_tablet') && displaySettings.zoom_tablet && displaySettings.zoom_tablet.hasOwnProperty('size'); … … 1532 1569 map.setView(centerCoords, zoomLevel); 1533 1570 } 1534 1571 1535 1572 <?php if(empty($settings['geoapify_tile']) || $settings['geoapify_tile'] == 'osm-carto'):?> 1536 1573 L.tileLayer('https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png', { … … 1607 1644 1608 1645 L.mapboxGL({ 1609 style: 'https://maps.geoapify.com/v1/styles/<?php echo $settings['geoapify_tile']; ?>/style.json?apiKey=<?php echo !empty($global_settings['geoapify_key']) ? esc_textarea(__($global_settings['geoapify_key'], 'your-slug')) : null; ?>',1646 style: 'https://maps.geoapify.com/v1/styles/<?php echo esc_js($settings['geoapify_tile']); ?>/style.json?apiKey=<?php echo !empty($global_settings['geoapify_key']) ? esc_textarea(__($global_settings['geoapify_key'], 'your-slug')) : null; ?>', 1610 1647 accessToken: '<?php echo !empty($global_settings['mapbox_token']) ? esc_textarea(__($global_settings['mapbox_token'], 'your-slug')) : 'no-token'; ?>' 1611 1648 }).addTo(map); … … 1736 1773 // add marker title 1737 1774 if (this.marker.marker_title) { 1738 tooltipContent += `<div class="marker-title"><h5 class="elementor-heading-title elementor-size-default">${ this.marker.marker_title}</h5></div>`;1775 tooltipContent += `<div class="marker-title"><h5 class="elementor-heading-title elementor-size-default">${escapeHtml(this.marker.marker_title)}</h5></div>`; 1739 1776 } 1740 1777 … … 1744 1781 // add marker description 1745 1782 if (this.marker.marker_description) { 1746 tooltipContent += `<div class="marker-description">${ this.marker.marker_description}</div>`;1783 tooltipContent += `<div class="marker-description">${escapeHtml(this.marker.marker_description)}</div>`; 1747 1784 } 1748 1785 1749 1786 // add marker button 1750 1787 if (this.marker.show_button === 'yes' && this.marker.button_text) { 1751 let button_url_target = this.marker.hasOwnProperty('button_url_target') && this.marker.button_url_target ? this.marker.button_url_target : '_blank'; 1788 let button_url_target = this.marker.hasOwnProperty('button_url_target') && this.marker.button_url_target ? escapeHtml(this.marker.button_url_target) : '_blank'; 1789 let button_url = this.marker.button_url ? escapeUrl(this.marker.button_url) : '#'; 1752 1790 tooltipContent += `<div class="marker-button elementor-button-wrapper"> 1753 <a class="elementor-button elementor-button-link" target="${button_url_target}" href= '${this.marker.button_url}'role="button">1791 <a class="elementor-button elementor-button-link" target="${button_url_target}" href="${button_url}" role="button"> 1754 1792 <span class="elementor-button-content-wrapper"> 1755 1793 <span class="elementor-button-text"> 1756 ${ this.marker.button_text}1794 ${escapeHtml(this.marker.button_text)} 1757 1795 </span> 1758 1796 </span> … … 1773 1811 1774 1812 case 'static_close_on': 1775 marker.bindPopup(tooltipContent,{closeOnClick: false, autoClose: false, closeOnEscapeKey: false}).openPopup(); 1813 marker.bindPopup(tooltipContent, { 1814 closeOnClick: false, 1815 autoClose: false, 1816 closeOnEscapeKey: false 1817 }).openPopup(); 1776 1818 break; 1777 1819 1778 1820 case 'static_close_off': 1779 marker.bindPopup(tooltipContent,{closeOnClick: false, autoClose: false, closeButton: false, closeOnEscapeKey: false}).openPopup(); 1821 marker.bindPopup(tooltipContent, { 1822 closeOnClick: false, 1823 autoClose: false, 1824 closeButton: false, 1825 closeOnEscapeKey: false 1826 }).openPopup(); 1780 1827 break; 1781 1828 1782 1829 case 'tooltip': 1783 1830 … … 1850 1897 // echo out the markers script while in admin mode. 1851 1898 // all required scripts will be loaded in header 1852 echo is_admin() ? $markers_script : null; 1899 if (is_admin()) { 1900 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- This is intentionally JavaScript output 1901 echo $markers_script; 1902 } 1853 1903 ?> 1854 1904 </script> … … 1888 1938 1889 1939 foreach ($styles as $handle => $path) { 1890 wp_register_style($handle, $path );1940 wp_register_style($handle, $path, [], self::$ver); 1891 1941 wp_enqueue_style($handle); 1892 1942 } … … 1907 1957 $dependencies = ['jquery']; 1908 1958 foreach ($admin_scripts as $handle => $path) { 1909 wp_register_script($handle, $path, $dependencies, self::$ver );1959 wp_register_script($handle, $path, $dependencies, self::$ver, true); 1910 1960 wp_enqueue_script($handle); 1911 1961 $dependencies[] = $handle; … … 1922 1972 $deps = []; 1923 1973 foreach ($scripts as $handle => $path) { 1924 wp_register_script($handle, $path, $deps, self::$ver );1974 wp_register_script($handle, $path, $deps, self::$ver, true); 1925 1975 wp_enqueue_script($handle); 1926 1976 $deps[] = $handle; … … 1950 2000 return; 1951 2001 // Print script & mark it as included. 2002 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- This is intentionally JavaScript output 1952 2003 echo "<script type=\"text/javascript\" id=\"js-$handle\">\n$js\n</script>\n"; 1953 2004 global $wp_scripts; … … 2026 2077 if ($showFrom) { 2027 2078 $calledFrom = debug_backtrace(); 2028 echo '<strong>' . substr($calledFrom[0]['file'], 1) . '</strong>';2029 echo ' (line <strong>' . $calledFrom[0]['line']. '</strong>)';2079 echo '<strong>' . esc_html(substr($calledFrom[0]['file'], 1)) . '</strong>'; 2080 echo ' (line <strong>' . esc_html($calledFrom[0]['line']) . '</strong>)'; 2030 2081 } 2031 2082 echo "\n<pre class=\"fi-debug\">\n"; … … 2035 2086 $var = str_replace('<', '<', str_replace('>', '>', $var)); 2036 2087 } 2037 echo $var. "\n</pre>\n";2088 echo esc_html($var) . "\n</pre>\n"; 2038 2089 } 2039 2090 } -
osm-map-elementor/trunk/readme.txt
r3107495 r3356450 1 1 === OSM Map Widget for Elementor === 2 2 Plugin Name: OSM Map Widget for Elementor 3 Version: 1.3. 03 Version: 1.3.1 4 4 Author: Plugin Contributors 5 5 Author URI: https://github.com/flopperj/osm-map-elementor/graphs/contributors … … 7 7 Tags: elementor, elementor widget, map widget, open street map, addons 8 8 Requires at least: 6.0 9 Tested up to: 6. 5.49 Tested up to: 6.8.2 10 10 Requires PHP: 7.3 11 Stable tag: 1.3. 011 Stable tag: 1.3.1 12 12 License: GPLv3 13 13 License URI: https://www.gnu.org/licenses/gpl-3.0.html
Note: See TracChangeset
for help on using the changeset viewer.