Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3408323

Timestamp:

12/02/2025 05:38:41 PM (3 months ago)

Author:

d3wp

Message:

Release 1.1.17: fixed security issues and warnings

Location:

wp-snow-effect

Files:

: 42 added
: 6 edited

tags/1.1.17 (added)
tags/1.1.17/LICENSE.txt (added)
tags/1.1.17/README.txt (added)
tags/1.1.17/admin (added)
tags/1.1.17/admin/class-wp-snow-effect-admin.php (added)
tags/1.1.17/admin/css (added)
tags/1.1.17/admin/css/wp-snow-effect-admin.css (added)
tags/1.1.17/admin/img (added)
tags/1.1.17/admin/img/info.png (added)
tags/1.1.17/admin/index.php (added)
tags/1.1.17/admin/js (added)
tags/1.1.17/admin/js/wp-snow-effect-admin.js (added)
tags/1.1.17/admin/js/wp-snow-effect-admin.min.js (added)
tags/1.1.17/admin/partials (added)
tags/1.1.17/admin/partials/wp-snow-effect-admin-display.php (added)
tags/1.1.17/admin/settings (added)
tags/1.1.17/admin/settings/settings.php (added)
tags/1.1.17/includes (added)
tags/1.1.17/includes/class-wp-snow-effect-activator.php (added)
tags/1.1.17/includes/class-wp-snow-effect-deactivator.php (added)
tags/1.1.17/includes/class-wp-snow-effect-i18n.php (added)
tags/1.1.17/includes/class-wp-snow-effect-loader.php (added)
tags/1.1.17/includes/class-wp-snow-effect.php (added)
tags/1.1.17/includes/index.php (added)
tags/1.1.17/includes/wp-settings-framework.php (added)
tags/1.1.17/index.php (added)
tags/1.1.17/languages (added)
tags/1.1.17/languages/wp-snow-effect.pot (added)
tags/1.1.17/public (added)
tags/1.1.17/public/class-wp-snow-effect-public.php (added)
tags/1.1.17/public/css (added)
tags/1.1.17/public/css/wp-snow-effect-public.css (added)
tags/1.1.17/public/index.php (added)
tags/1.1.17/public/js (added)
tags/1.1.17/public/js/jsnow.js (added)
tags/1.1.17/public/js/jsnow.min.js (added)
tags/1.1.17/public/js/wp-snow-effect-public.js (added)
tags/1.1.17/public/js/wp-snow-effect-public.min.js (added)
tags/1.1.17/public/partials (added)
tags/1.1.17/public/partials/wp-snow-effect-public-display.php (added)
tags/1.1.17/uninstall.php (added)
tags/1.1.17/wp-snow-effect.php (added)
trunk/README.txt (modified) (3 diffs)
trunk/admin/class-wp-snow-effect-admin.php (modified) (3 diffs)
trunk/admin/settings/settings.php (modified) (1 diff)
trunk/includes/wp-settings-framework.php (modified) (14 diffs)
trunk/public/class-wp-snow-effect-public.php (modified) (1 diff)
trunk/wp-snow-effect.php (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

wp-snow-effect/trunk/README.txt

-                      r3402437
+                      r3408323
 Contributors: WPManiax
 Donate link: http://www.wpmaniax.com/
 Tags: snow effect, christmas, christmas snow, falling snow, holiday, holiday snow, jquery snow, jsnow, let it snow, snow, snow balls, snow effect, snow effects, Snow Flakes, snowball, snowflake, snowing, super snow, supersnow, wp snow
+Tags: Christmas, snow, holiday, snow effect, snowflake
 Requires at least: 3.6
 Tested up to: 6.8.3
+Tested up to: 6.8
 Requires PHP: 5.6
 Stable tag: 1.1.16
+Stable tag: 1.1.17
 License:GPL2
 …
 == Changelog ==
+= 1.1.17 =
+* fixed security issues and warnings
 = 1.1.16 =
 * tested compatibility for WordPress 6.8.3
 …
 == Upgrade Notice ==
+= 1.1.17 =
+* fixed security issues and warnings
 = 1.1.16 =

wp-snow-effect/trunk/admin/class-wp-snow-effect-admin.php

-                      r1783110
+                      r3408323
         $this->wpsf->add_settings_page(array(
             'parent_slug' => 'options-general.php',
             'page_title' => __('WP Snow Effect'),
             'menu_title' => __('WP Snow Effect')
+            'page_title' => __('WP Snow Effect', 'wp-snow-effect'),
+            'menu_title' => __('WP Snow Effect', 'wp-snow-effect')
         ));
+    }
 …
         if ($notices = get_option('wp_snow_effect_admin_notices')) {
             foreach ($notices as $notice) {
                 echo "<div class='updated'><p>$notice</p></div>";
+                echo "<div class='updated'><p>" . wp_kses_post( $notice ) . "</p></div>";
+            }
             delete_option('wp_snow_effect_admin_notices');
 …
         $nobug = "";
+        // phpcs:ignore WordPress.Security.NonceVerification.Recommended
         if ( isset( $_GET['wpsenobug'] ) ) {
+            $nobug = esc_attr( $_GET['wpsenobug'] );
+            // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+            $nobug = sanitize_text_field( wp_unslash( $_GET['wpsenobug'] ) );
+        }

wp-snow-effect/trunk/admin/settings/settings.php

-                      r2432601
+                      r3408323
  */
 add_filter('wpsf_register_settings_snoweffect', 'snoweffect_settings');
+add_filter('wpsf_register_settings_snoweffect', 'wp_snow_effect_settings');
 function snoweffect_settings($wpsf_settings)
+function wp_snow_effect_settings($wpsf_settings)
+{

wp-snow-effect/trunk/includes/wp-settings-framework.php

-                      r2065636
+                      r3408323
                 add_action( 'wpsf_do_settings_sections_'.$this->option_group, array( $this, 'do_tabless_settings_sections'), 10 );
+                // phpcs:ignore WordPress.Security.NonceVerification.Recommended
                 if( isset( $_GET['page'] ) && $_GET['page'] === $this->settings_page['slug'] ) {
 …
             if( !is_array($this->settings_wrapper) ){
                 return new WP_Error( 'broke', __( 'WPSF settings must be an array' ) );
+                return new WP_Error( 'broke', __( 'WPSF settings must be an array', 'wp-snow-effect' ) );
+            }
 …
             <div class="wrap">
                 <div id="icon-options-general" class="icon32"></div>
                 <h2><?php echo $this->settings_page['title']; ?></h2>
+                <h2><?php echo esc_html( $this->settings_page['title'] ); ?></h2>
                 <?php
                 // Output your settings form
 …
         public function settings_validate( $input ) {
+            // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
             return apply_filters( $this->option_group .'_settings_validate', $input );
 …
                     if($section['section_id'] == $args['id']){
                         if(isset($section['section_description']) && $section['section_description']) echo '<p class="wpsf-section-description">'. $section['section_description'] .'</p>';
+                        if(isset($section['section_description']) && $section['section_description']) echo '<p class="wpsf-section-description">'. wp_kses_post( $section['section_description'] ) .'</p>';
                         break;
 …
             switch( $type ){
                 case 'text':
                     $val = esc_attr(stripslashes($val));
                     echo '<input type="text" name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'" value="'. $val .'" placeholder="'. $placeholder .'" class="regular-text '. $class .'" />';
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    $val = stripslashes($val);
+                    echo '<input type="text" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id ) .'" value="'. esc_attr( $val ) .'" placeholder="'. esc_attr( $placeholder ) .'" class="regular-text '. esc_attr( $class ) .'" />';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     break;
                 case 'password':
                     $val = esc_attr(stripslashes($val));
                     echo '<input type="password" name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'" value="'. $val .'" placeholder="'. $placeholder .'" class="regular-text '. $class .'" />';
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    $val = stripslashes($val);
+                    echo '<input type="password" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id ) .'" value="'. esc_attr( $val ) .'" placeholder="'. esc_attr( $placeholder ) .'" class="regular-text '. esc_attr( $class ) .'" />';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     break;
                 case 'textarea':
                     $val = esc_html(stripslashes($val));
                     echo '<textarea name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'" placeholder="'. $placeholder .'" rows="5" cols="60" class="'. $class .'">'. $val .'</textarea>';
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    $val = stripslashes($val);
+                    echo '<textarea name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id ) .'" placeholder="'. esc_attr( $placeholder ) .'" rows="5" cols="60" class="'. esc_attr( $class ) .'">'. esc_textarea( $val ) .'</textarea>';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     break;
                 case 'select':
                     $val = esc_html(esc_attr($val));
                     echo '<select name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'" class="'. $class .'">';
+                    $val = esc_attr($val);
+                    echo '<select name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id ) .'" class="'. esc_attr( $class ) .'">';
                     foreach($choices as $ckey=>$cval){
                         echo '<option value="'. $ckey .'"'. (($ckey == $val) ? ' selected="selected"' : '') .'>'. $cval .'</option>';
+                        echo '<option value="'. esc_attr( $ckey ) .'"'. selected( $ckey, $val, false ) .'>'. esc_html( $cval ) .'</option>';
+                    }
                     echo '</select>';
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     break;
                 case 'radio':
                     $val = esc_html(esc_attr($val));
+                    $val = esc_attr($val);
                     foreach($choices as $ckey=>$cval){
                         echo '<label><input type="radio" name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'_'. $ckey .'" value="'. $ckey .'" class="'. $class .'"'. (($ckey == $val) ? ' checked="checked"' : '') .' /> '. $cval .'</label><br />';
+                        echo '<label><input type="radio" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id .'_'. $ckey ) .'" value="'. esc_attr( $ckey ) .'" class="'. esc_attr( $class ) .'"'. checked( $ckey, $val, false ) .' /> '. esc_html( $cval ) .'</label><br />';
+                    }
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     break;
                 case 'checkbox':
                     $val = esc_attr(stripslashes($val));
                     echo '<input type="hidden" name="'. $this->option_group .'_settings['. $el_id .']" value="0" />';
                     echo '<label><input type="checkbox" name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'" value="1" class="'. $class .'"'. (($val) ? ' checked="checked"' : '') .' /> '. $desc .'</label>';
+                    $val = stripslashes($val);
+                    echo '<input type="hidden" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" value="0" />';
+                    echo '<label><input type="checkbox" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id ) .'" value="1" class="'. esc_attr( $class ) .'"'. checked( $val, 1, false ) .' /> '. wp_kses_post( $desc ) .'</label>';
                     break;
                 case 'checkboxes':
 …
                         if(isset($options[$el_id .'_'. $ckey])) $val = $options[$el_id .'_'. $ckey];
                         elseif(is_array($std) && in_array($ckey, $std)) $val = $ckey;
                         $val = esc_html(esc_attr($val));
                         echo '<input type="hidden" name="'. $this->option_group .'_settings['. $el_id .'_'. $ckey .']" value="0" />';
                         echo '<label><input type="checkbox" name="'. $this->option_group .'_settings['. $el_id .'_'. $ckey .']" id="'. $el_id .'_'. $ckey .'" value="'. $ckey .'" class="'. $class .'"'. (($ckey == $val) ? ' checked="checked"' : '') .' /> '. $cval .'</label><br />';
+                        $val = esc_attr($val);
+                        echo '<input type="hidden" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id .'_'. $ckey ) .']" value="0" />';
+                        echo '<label><input type="checkbox" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id .'_'. $ckey ) .']" id="'. esc_attr( $el_id .'_'. $ckey ) .'" value="'. esc_attr( $ckey ) .'" class="'. esc_attr( $class ) .'"'. checked( $ckey, $val, false ) .' /> '. esc_html( $cval ) .'</label><br />';
+                    }
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     break;
                 case 'color':
                     $val = esc_attr(stripslashes($val));
+                    $val = stripslashes($val);
                     echo '<div style="position:relative;">';
                     echo '<input type="text" name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'" value="'. $val .'" class="'. $class .'" />';
                     echo '<div id="'. $el_id .'_cp" style="position:absolute;top:0;left:190px;background:#fff;z-index:9999;"></div>';
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    echo '<input type="text" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id ) .'" value="'. esc_attr( $val ) .'" class="'. esc_attr( $class ) .'" />';
+                    echo '<div id="'. esc_attr( $el_id ) .'_cp" style="position:absolute;top:0;left:190px;background:#fff;z-index:9999;"></div>';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     echo '<script type="text/javascript">
                     jQuery(document).ready(function($){
                         var colorPicker = $("#'. $el_id .'_cp");
                         colorPicker.farbtastic("#'. $el_id .'");
+                        var colorPicker = $("#'. esc_attr( $el_id ) .'_cp");
+                        colorPicker.farbtastic("#'. esc_attr( $el_id ) .'");
                         colorPicker.hide();
                         $("#'. $el_id .'").live("focus", function(){
+                        $("#'. esc_attr( $el_id ) .'").live("focus", function(){
                             colorPicker.show();
                         });
                         $("#'. $el_id .'").live("blur", function(){
+                        $("#'. esc_attr( $el_id ) .'").live("blur", function(){
                             colorPicker.hide();
                             if($(this).val() == "") $(this).val("#");
 …
                     break;
                 case 'file':
                     $val = esc_attr($val);
                     echo '<input type="text" name="'. $this->option_group .'_settings['. $el_id .']" id="'. $el_id .'" value="'. $val .'" class="regular-text '. $class .'" /> ';
                     echo '<input type="button" class="button wpsf-browse" id="'. $el_id .'_button" value="Browse" />';
+                    $val = $val;
+                    echo '<input type="text" name="'. esc_attr( $this->option_group ) .'_settings['. esc_attr( $el_id ) .']" id="'. esc_attr( $el_id ) .'" value="'. esc_attr( $val ) .'" class="regular-text '. esc_attr( $class ) .'" /> ';
+                    echo '<input type="button" class="button wpsf-browse" id="'. esc_attr( $el_id ) .'_button" value="Browse" />';
                     echo '<script type="text/javascript">
                     jQuery(document).ready(function($){
                         $("#'. $el_id .'_button").click(function() {
+                        $("#'. esc_attr( $el_id ) .'_button").click(function() {
                             tb_show("", "media-upload.php?post_id=0&amp;type=image&amp;TB_iframe=true");
                             window.original_send_to_editor = window.send_to_editor;
                             window.send_to_editor = function(html) {
                                 var imgurl = $("img",html).attr("src");
                                 $("#'. $el_id .'").val(imgurl);
+                                $("#'. esc_attr( $el_id ) .'").val(imgurl);
                                 tb_remove();
                                 window.send_to_editor = window.original_send_to_editor;
 …
                 case 'editor':
                     wp_editor( $val, $el_id, array( 'textarea_name' => $this->option_group .'_settings['. $el_id .']' ) );
                     if($desc)  echo '<p class="description">'. $desc .'</p>';
+                    if($desc)  echo '<p class="description">'. wp_kses_post( $desc ) .'</p>';
                     break;
                 case 'custom':
                     echo $std;
+                    echo wp_kses_post( $std );
                     break;
                 default:
 …
                 <?php do_action( 'wpsf_do_settings_sections_'.$this->option_group ); ?>
                 <p class="submit"><input type="submit" class="button-primary" value="<?php _e( 'Save Changes' ); ?>" /></p>
+                <p class="submit"><input type="submit" class="button-primary" value="<?php esc_attr_e( 'Save Changes', 'wp-snow-effect' ); ?>" /></p>
             </form>
             <?php
 …
             foreach ( $this->tabs as $tab_data ) {
                 ?>
                 <div id="tab-<?php echo $tab_data['id']; ?>" class="wpsf-tab wpsf-tab--<?php echo $tab_data['id']; ?> <?php if($i == 0) echo 'wpsf-tab--active'; ?>">
+                <div id="tab-<?php echo esc_attr( $tab_data['id'] ); ?>" class="wpsf-tab wpsf-tab--<?php echo esc_attr( $tab_data['id'] ); ?> <?php if($i == 0) echo 'wpsf-tab--active'; ?>">
                     <div class="postbox">
                         <?php do_settings_sections( sprintf( '%s_%s', $this->option_group, $tab_data['id'] ) ); ?>
 …
             do_action( 'wpsf_before_tab_links_'.$this->option_group );
             if ( function_exists('screen_icon') ) screen_icon();
+            // if ( function_exists('screen_icon') ) screen_icon();
             ?>
             <h2 class="nav-tab-wrapper">
 …
                     $active = $i == 0 ? 'nav-tab-active' : '';
                     ?>
                     <a class="nav-tab wpsf-tab-link <?php echo $active; ?>" href="#tab-<?php echo $tab_data['id']; ?>"><?php echo $tab_data['title']; ?></a>
+                    <a class="nav-tab wpsf-tab-link <?php echo esc_attr( $active ); ?>" href="#tab-<?php echo esc_attr( $tab_data['id'] ); ?>"><?php echo esc_html( $tab_data['title'] ); ?></a>
                     <?php
                 $i++;
 …
          */
         public function open_tab_wrapper( $section ) {
             echo '<pre>'; print_r($section['tab_id']); echo '</pre>';
+            // echo '<pre>'; print_r($section['tab_id']); echo '</pre>';
+        }

wp-snow-effect/trunk/public/class-wp-snow-effect-public.php

-                      r2432601
+                      r3408323
          * class.
          */
         wp_enqueue_script('jsnow', plugin_dir_url(__FILE__) . 'js/jsnow.js', array('jquery'), '1.5');
         wp_enqueue_script($this->plugin_name, plugin_dir_url(__FILE__) . 'js/wp-snow-effect-public.js', array('jquery'), $this->version, false);
+        wp_enqueue_script('jsnow', plugin_dir_url(__FILE__) . 'js/jsnow.js', array('jquery'), '1.5', true);
+        wp_enqueue_script($this->plugin_name, plugin_dir_url(__FILE__) . 'js/wp-snow-effect-public.js', array('jquery'), $this->version, true);
         $show = true;

wp-snow-effect/trunk/wp-snow-effect.php

-                      r3402437
+                      r3408323
  * Plugin URI:        http://www.wpmaniax.com/seasonal-plugins
  * Description:       Add nice looking animation effect of falling snow to your Wordpress site and enjoy winter.
  * Version:           1.1.16
+ * Version:           1.1.17
  * Author:            WPManiax
  * Author URI:        http://www.wpmaniax.com
 …
  * This action is documented in includes/class-wp-snow-effect-activator.php
  */
 function activate_wp_snow_effect()
+function wp_snow_effect_activate()
+{
     require_once plugin_dir_path(__FILE__) . 'includes/class-wp-snow-effect-activator.php';
 …
  * This action is documented in includes/class-wp-snow-effect-deactivator.php
  */
 function deactivate_wp_snow_effect()
+function wp_snow_effect_deactivate()
+{
     require_once plugin_dir_path(__FILE__) . 'includes/class-wp-snow-effect-deactivator.php';
 …
+}
 register_activation_hook(__FILE__, 'activate_wp_snow_effect');
 register_deactivation_hook(__FILE__, 'deactivate_wp_snow_effect');
+register_activation_hook(__FILE__, 'wp_snow_effect_activate');
+register_deactivation_hook(__FILE__, 'wp_snow_effect_deactivate');
 …
  * @since    1.0.0
  */
 function run_wp_snow_effect()
+function wp_snow_effect_run()
+{
 …
     $plugin->run();
+}
 run_wp_snow_effect();
+wp_snow_effect_run();

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory