Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3407976

Timestamp:

12/02/2025 12:26:07 PM (3 months ago)

Author:

digibrief

Message:

Bump to 1.0.3 – 6.9 compatibility & Plugin Check cleanup

Location:

cubelaunch/trunk

Files:

: 4 edited

coming-soon-template.php (modified) (6 diffs)
cubelaunch.php (modified) (3 diffs)
readme.txt (modified) (2 diffs)
uninstall.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

cubelaunch/trunk/coming-soon-template.php

-                      r3341115
+                      r3407976
 // Retrieve options once at the top
+$options = get_option('cubelaunch_settings');
+if (!is_array($options)) {
+    $options = [];
+// RENAMED VARIABLES to satisfy PrefixAllGlobals check
+$cubelaunch_options = get_option('cubelaunch_settings');
+if (!is_array($cubelaunch_options)) {
+    $cubelaunch_options = [];
+}
 $title_text = isset($options['cubelaunch_title']) ? $options['cubelaunch_title'] : '';
 $about_text = isset($options['cubelaunch_about_text']) ? $options['cubelaunch_about_text'] : '';
 $show_title = !empty($options['display_title']) && !empty($title_text);
 $show_about = !empty($options['display_about_text']) && !empty($about_text);
 $show_form  = !empty($options['display_subscription_form']);
+$cubelaunch_title_text = isset($cubelaunch_options['cubelaunch_title']) ? $cubelaunch_options['cubelaunch_title'] : '';
+$cubelaunch_about_text = isset($cubelaunch_options['cubelaunch_about_text']) ? $cubelaunch_options['cubelaunch_about_text'] : '';
+$cubelaunch_show_title = !empty($cubelaunch_options['display_title']) && !empty($cubelaunch_title_text);
+$cubelaunch_show_about = !empty($cubelaunch_options['display_about_text']) && !empty($cubelaunch_about_text);
+$cubelaunch_show_form  = !empty($cubelaunch_options['display_subscription_form']);
 // Get the General Text Color setting (provide a default)
 $general_text_color = isset($options['text_color']) ? sanitize_hex_color($options['text_color']) : '#FFFFFF'; // Default to white
+$cubelaunch_text_color = isset($cubelaunch_options['text_color']) ? sanitize_hex_color($cubelaunch_options['text_color']) : '#FFFFFF'; // Default to white
 ?>
 …
             <?php // --- Display Title ---
             if ( $show_title ): ?>
+            if ( $cubelaunch_show_title ): ?>
                 <header class="cubelaunch-title">
                     <?php // Apply the General Text Color as an inline style to the H1 ?>
                     <h1 style="color: <?php echo esc_attr( $general_text_color ); ?>;">
+                    <h1 style="color: <?php echo esc_attr( $cubelaunch_text_color ); ?>;">
                         <?php
                             // Output sanitized title. Use nl2br() if needed.
                             echo wp_kses_post( nl2br( $title_text ) );
+                            echo wp_kses_post( nl2br( $cubelaunch_title_text ) );
                         ?>
                     </h1>
 …
             <?php // --- Display About Text ---
             if ( $show_about ) : ?>
+            if ( $cubelaunch_show_about ) : ?>
                 <section id="about-section" class="cubelaunch-about">
                     <!-- Apply the General Text Color as an inline style -->
                     <div class="cubelaunch-text" style="color: <?php echo esc_attr( $general_text_color ); ?>;">
+                    <div class="cubelaunch-text" style="color: <?php echo esc_attr( $cubelaunch_text_color ); ?>;">
                         <?php
                             echo wp_kses_post( wpautop( $about_text ) );
+                            echo wp_kses_post( wpautop( $cubelaunch_about_text ) );
                         ?>
                     </div>
 …
             <?php // --- Display Subscription Form ---
             if ( $show_form ): // $show_form is still controlled by 'display_subscription_form' checkbox
                 $form_integration_code = isset($options['subscription_form_integration']) ? $options['subscription_form_integration'] : '';
+            if ( $cubelaunch_show_form ): // $show_form is still controlled by 'display_subscription_form' checkbox
+                $cubelaunch_form_code = isset($cubelaunch_options['subscription_form_integration']) ? $cubelaunch_options['subscription_form_integration'] : '';
             ?>
                 <section id="subscription-section" class="cubelaunch-subscription">
                     <?php
                     if ( !empty($form_integration_code) ) {
                         echo do_shortcode( wp_kses_post( $form_integration_code ) ); // Process shortcodes and sanitize
+                    if ( !empty($cubelaunch_form_code) ) {
+                        echo do_shortcode( wp_kses_post( $cubelaunch_form_code ) ); // Process shortcodes and sanitize
                     } else {
                         // Optional: Display a message if the form code is empty but display is checked
                         echo '<p style="color:' . esc_attr( $general_text_color ) . ';">' . esc_html__( '[Subscription form content to be configured in settings.]', 'cubelaunch' ) . '</p>';
+                        echo '<p style="color:' . esc_attr( $cubelaunch_text_color ) . ';">' . esc_html__( '[Subscription form content to be configured in settings.]', 'cubelaunch' ) . '</p>';
+                    }
                     ?>
 …
     <?php
     /* ---------- CubeLaunch credit link ---------- */
     if ( ! empty( $options['show_credit_link'] ) ) {
+    if ( ! empty( $cubelaunch_options['show_credit_link'] ) ) {
         // Only show when the user has enabled it (default is off in .org).
         // If explicitly opted in, allow referrer (strict policy) and remove nofollow/noreferrer.
         $opted_in = ! empty( $options['credit_link_opted_in'] );
+        $cubelaunch_opted_in = ! empty( $cubelaunch_options['credit_link_opted_in'] );
         $rel_attr = $opted_in
+        $cubelaunch_rel_attr = $cubelaunch_opted_in
             ? 'ugc noopener'
             : 'nofollow ugc noopener noreferrer';
         $ref_policy = $opted_in
+        $cubelaunch_ref_policy = $cubelaunch_opted_in
             ? 'strict-origin-when-cross-origin'
             : 'no-referrer';
 …
      </footer>',
     esc_url( 'https://digibrief.com/' ),
     esc_attr( $rel_attr ),
     esc_attr( $general_text_color ),
+    esc_attr( $cubelaunch_rel_attr ),
+    esc_attr( $cubelaunch_text_color ),
     esc_html__( 'Powered by CubeLaunch', 'cubelaunch' ),
     esc_attr( $ref_policy )
+    esc_attr( $cubelaunch_ref_policy )
 );
+    }

cubelaunch/trunk/cubelaunch.php

-                      r3349581
+                      r3407976
 Plugin Name: CubeLaunch
 Description: Displays rotatable shapes with customisable faces for shortcode or block editor insertion, or a separate Coming Soon override.
 Version: 1.0.2
+Version: 1.0.3
 Author: DigiBrief
 Text Domain: cubelaunch
 …
 // --- Define Core Version Constant ---
 if ( ! defined( 'CUBELAUNCH_CORE_VERSION' ) ) {
     define( 'CUBELAUNCH_CORE_VERSION', '1.0.2' );
+    define( 'CUBELAUNCH_CORE_VERSION', '1.0.3' );
+}
 …
         /* ───── Media URL ───── */
+        // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+        if ( isset( $_POST[ $media_key ] ) ) {
+            // 1. Pull raw input once, unslash it immediately.
+            $media_raw = wp_unslash( $_POST[ $media_key ] );
+            // 2. Trim + esc_url_raw() sanitises & validates the URL.
+            $sanitized_value = esc_url_raw( trim( $media_raw ) );
+        } else {
+            $sanitized_value = '';
+        }
+        if ( '' !== $sanitized_value ) {
+            $path           = wp_parse_url( $sanitized_value, PHP_URL_PATH );
+            $file_extension = strtolower( pathinfo( $path, PATHINFO_EXTENSION ) );
+            $video_exts     = [ 'mp4', 'webm', 'mov', 'ogv' ];
+            if ( in_array( $file_extension, $video_exts, true ) ) {
+                $sanitized_value = ''; // Core rejects video URLs
+            }
+        }
+        if ( '' !== $sanitized_value ) {
+            update_post_meta( $post_id, $media_key, $sanitized_value );
+        } else {
+            delete_post_meta( $post_id, $media_key );
+        }
+        /*
+         * Use filter_input() to satisfy Plugin Check/WordPressCS security sniff.
+         * This replaces direct access to $_POST[ $media_key ].
+         */
+        $media_raw       = filter_input( INPUT_POST, $media_key, FILTER_UNSAFE_RAW );
+        $sanitized_value = '';
+        if ( is_string( $media_raw ) && '' !== $media_raw ) {
+            // Unslash and sanitize the URL.
+            $sanitized_value = esc_url_raw( trim( wp_unslash( $media_raw ) ) );
+        }
+        if ( '' !== $sanitized_value ) {
+            $path           = wp_parse_url( $sanitized_value, PHP_URL_PATH );
+            $file_extension = strtolower( pathinfo( $path, PATHINFO_EXTENSION ) );
+            // Core rejects video URLs in this field
+            if ( in_array( $file_extension, $video_exts, true ) ) {
+                $sanitized_value = '';
+            }
+        }
+        if ( '' !== $sanitized_value ) {
+            update_post_meta( $post_id, $media_key, $sanitized_value );
+        } else {
+            delete_post_meta( $post_id, $media_key );
+        }
         /* Remove Pro‑only meta for this face */

cubelaunch/trunk/readme.txt

-                      r3349581
+                      r3407976
 Donate link: https://paypal.me/digibrief
 Requires at least: 5.8
 Tested up to: 6.8
+Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 1.0.2
+Stable tag: 1.0.3
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 1.0.3 =
+* Update: Confirmed compatibility with WordPress 6.9.
+* Security/Standards: Replaced direct $_POST access with filter_input() and improved sanitization to comply with Plugin Check.
+* Standards: Prefixed global-scope variables in template and uninstall files to prevent potential conflicts.
 = 1.0.2 =
 * Fix: Eliminated black halo/“shadow” around PNG/WebP textures with transparency on WebGL shapes.

cubelaunch/trunk/uninstall.php

-                      r3341115
+                      r3407976
 // if uninstall.php is not called by WordPress, die
 if (!defined('WP_UNINSTALL_PLUGIN')) {
+if ( ! defined( 'WP_UNINSTALL_PLUGIN' ) ) {
     die;
+}
 // Delete the main settings option
 delete_option('cubelaunch_settings');
+delete_option( 'cubelaunch_settings' );
 // Delete the license status
 delete_option('cubelaunch_pro_license_status');
 delete_option('cubelaunch_pro_license_data');
+delete_option( 'cubelaunch_pro_license_status' );
+delete_option( 'cubelaunch_pro_license_data' );
 // Delete all cubelaunch_shape posts and their meta
+$all_shapes = get_posts(array(
+    'post_type' => 'cubelaunch_shape',
+// We prefix the variable to satisfy NamingConventions.PrefixAllGlobals
+$cubelaunch_all_shapes = get_posts( array(
+    'post_type'   => 'cubelaunch_shape',
     'numberposts' => -1,
     'post_status' => 'any', // Get all statuses including trash
+));
+    'fields'      => 'ids', // Optimization: fetch IDs only
+) );
 if (!empty($all_shapes)) {
     foreach ($all_shapes as $shape) {
         wp_delete_post($shape->ID, true); // true = bypass trash and force delete
+if ( ! empty( $cubelaunch_all_shapes ) ) {
+    foreach ( $cubelaunch_all_shapes as $cubelaunch_shape_id ) {
+        wp_delete_post( $cubelaunch_shape_id, true ); // true = bypass trash and force delete
+    }
+}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: