Changeset 3434625
- Timestamp:
- 01/07/2026 06:50:02 PM (3 months ago)
- Location:
- wordpress-tooltips/trunk
- Files:
-
- 4 edited
-
addons/tooltips_languages.php (modified) (4 diffs)
-
readme.txt (modified) (2 diffs)
-
rules/ttsimport.php (modified) (2 diffs)
-
tooltips.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wordpress-tooltips/trunk/addons/tooltips_languages.php
r3186731 r3434625 2 2 if (!defined('ABSPATH')) 3 3 { 4 exit; 4 exit; // Prevent direct access 5 5 } 6 6 //!!! 10.8.7 7 7 function tooltips_free_language_menu_addon() 8 8 { 9 add_submenu_page('edit.php?post_type=tooltips', __('Languages','wordpress-tooltips'), __('Languages','wordpress-tooltips'),"manage_options", 'tooltipsFreeLanguageMenu','tooltipsFreeLanguageMenu');9 add_submenu_page('edit.php?post_type=tooltips', __('Languages', 'wordpress-tooltips'), __('Languages', 'wordpress-tooltips'), "manage_options", 'tooltipsFreeLanguageMenu', 'tooltipsFreeLanguageMenu'); 10 10 } 11 11 12 12 add_action('admin_menu', 'tooltips_free_language_menu_addon'); 13 13 14 15 14 // Function for displaying the language setting panel 16 15 function tooltips_free_language_setting_panel($title = '', $content = '') 17 16 { 17 18 $allowed_html = array( 19 'a' => array( 20 'href' => array(), 21 'target' => array(), 22 ), 23 'i' => array(), 24 'p' => array(), 25 'br' => array(), 26 'table' => array(), 27 'tr' => array(), 28 'td' => array( 29 'width' => array(), 30 'style' => array(), 31 ), 32 'input' => array( 33 'type' => array(), 34 'id' => array(), 35 'name' => array(), 36 'value' => array(), 37 'required' => array(), 38 'placeholder' => array(), 39 'class' => array(), 40 ), 41 'button' => array( 42 'type' => array(), 43 'id' => array(), 44 'name' => array(), 45 'class' => array(), 46 'value' => array(), 47 ), 48 'form' => array( 49 'method' => array(), 50 'action' => array(), 51 'name' => array(), 52 'class' => array(), 53 ), 54 ); 55 18 56 ?> 19 <div class="wrap tooltipsaddonclass"> 20 <div id="dashboard-widgets-wrap"> 21 <div id="dashboard-widgets" class="metabox-holder"> 22 <div id="post-body"> 23 <div id="dashboard-widgets-main-content"> 24 <div class="postbox-container" style="width: 90%;"> 25 <div class="postbox"> 26 <h3 class='hndle' style='padding: 10px 0px; border-bottom: 0px solid #eee !important;'> 27 <span> 28 <?php echo $title; ?> 29 </span> 30 </h3> 31 32 <div class="inside postbox" style='padding-top:10px; padding-left: 10px; ' > 33 <?php echo $content; ?> 34 57 <div class="wrap tooltipsaddonclass"> 58 <div id="dashboard-widgets-wrap"> 59 <div id="dashboard-widgets" class="metabox-holder"> 60 <div id="post-body"> 61 <div id="dashboard-widgets-main-content"> 62 <div class="postbox-container" style="width: 90%;"> 63 <div class="postbox"> 64 <h3 class='hndle' style='padding: 10px 0px; border-bottom: 0px solid #eee !important;'> 65 <span> 66 <?php echo wp_kses_post($title); ?> 67 </span> 68 </h3> 69 70 <div class="inside postbox" style='padding-top:10px; padding-left: 10px;'> 71 <?php echo wp_kses($content, $allowed_html); ?> 72 <?php // echo $content; ?> 73 </div> 35 74 </div> 36 75 </div> … … 40 79 </div> 41 80 </div> 42 </div> 43 <div style="clear: both"></div> 44 <?php 81 <div style="clear: both"></div> 82 <?php 45 83 } 46 47 48 84 49 85 function tooltips_free_language_setting_panel_head($title) 50 86 { 51 87 ?> 52 <div style='padding-top:20px; font-size:22px;'><?php echo $title; ?></div>53 88 <div style='padding-top:20px; font-size:22px;'><?php echo wp_kses_post($title); ?> </div> 89 <div style='clear:both'></div> 54 90 <?php 55 91 } … … 57 93 function tooltipsFreeLanguageMenu() 58 94 { 59 global $wpdb, $table_prefix;95 global $wpdb, $table_prefix; 60 96 61 if (isset($_POST['glossaryLanguageCustomNavALLSubmit'])) 62 { 63 check_admin_referer ( 'tooltipslanguagenonce' ); 64 //7.8.7 65 // $glossaryLanguageCustomNavALL = $_POST['glossaryLanguageCustomNavALL']; 97 if (isset($_POST['glossaryLanguageCustomNavALLSubmit'])) { 98 check_admin_referer('tooltipslanguagenonce'); 99 100 // Sanitize the input properly 66 101 $glossaryLanguageCustomNavALL = sanitize_textarea_field($_POST['glossaryLanguageCustomNavALL']); 67 102 update_option('glossaryLanguageCustomNavALL', $glossaryLanguageCustomNavALL); … … 69 104 } 70 105 71 72 //10.3.3 73 if (isset($_POST['tooltipLanguageReadMeSubmit'])) 74 { 75 check_admin_referer ( 'tooltipslanguagenonce' ); 106 if (isset($_POST['tooltipLanguageReadMeSubmit'])) { 107 check_admin_referer('tooltipslanguagenonce'); 76 108 $tooltipLanguageReadMe = sanitize_text_field($_POST['tooltipLanguageReadMe']); 77 78 109 update_option('tooltipLanguageReadMe', $tooltipLanguageReadMe); 79 110 tooltipsMessage('Language of "Read More" has been changed'); 80 111 } 81 112 82 $tooltipLanguageReadMe = get_option('tooltipLanguageReadMe'); 83 if (empty($tooltipLanguageReadMe)) 84 { 85 $tooltipLanguageReadMe = 'Read More'; 86 } 87 //end 10.3.3 113 $tooltipLanguageReadMe = get_option('tooltipLanguageReadMe', 'Read More'); 114 $glossaryLanguageCustomNavALL = get_option('glossaryLanguageCustomNavALL', 'ALL'); 88 115 89 $glossaryLanguageCustomNavALL = get_option('glossaryLanguageCustomNavALL'); 90 if (empty($glossaryLanguageCustomNavALL)) 91 { 92 $glossaryLanguageCustomNavALL = 'ALL'; 93 } 94 95 $languageselectboxURL = get_option('siteurl'). '/wp-admin/edit.php?post_type=tooltips&page=glossarysettingsfree'; 96 //7.9.3 97 //$title = "Custom Language of Tooltip and Glossary <p><i style='color:gray;'>(please select '<a href='$languageselectboxURL' target='_blank'>custom my language</a>' option in <a href='$languageselectboxURL' target='_blank'>language selectbox</a> first )</i></p>"; 98 // before 9.5.9 $title = "Custom Language of Tooltip and Glossary <p><i style='color:gray;'>(please select '<a href='".esc_url($languageselectboxURL)."' target='_blank'>custom my language</a>' option in <a href='$languageselectboxURL' target='_blank'>language selectbox</a> first )</i></p>"; 99 //9.5.9 100 $title = "Custom Language of Tooltip and Glossary <p><i style='color:gray;'>(please select '<a href='".esc_url($languageselectboxURL)."' target='_blank'>custom my language</a>' option in <a href='".esc_url($languageselectboxURL)."' target='_blank'>language selectbox</a> first )</i></p>"; 116 $languageselectboxURL = esc_url(get_option('siteurl') . '/wp-admin/edit.php?post_type=tooltips&page=glossarysettingsfree'); 117 118 $title = "Custom Language of Tooltip and Glossary <p><i style='color:gray;'>(please select '<a href='" . esc_url($languageselectboxURL) . "' target='_blank'>custom my language</a>' option in <a href='" . esc_url($languageselectboxURL) . "' target='_blank'>language selectbox</a> first )</i></p>"; 101 119 tooltips_free_language_setting_panel_head($title); 102 120 103 121 $title = 'Custom Glossary to Your Own Language -- word "ALL" on Navigation Bar:'; 104 122 $content = ''; 105 123 106 124 $content .= '<form class="formTooltips" name="formTooltips" action="" method="POST">'; 107 108 $content .= wp_nonce_field ( 'tooltipslanguagenonce'); 125 $content .= wp_nonce_field('tooltipslanguagenonce', '_wpnonce', true, false); 109 126 110 127 $content .= '<table id="tableTooltips" width="100%">'; 111 112 $content .= '<tr style="text-align:left;">'; 113 $content .= '<td width="25%" style="text-align:left;">'; 128 $content .= '<tr>'; 129 $content .= '<td width="40%" >'; 114 130 $content .= 'Custom the word "ALL" on Nav Bar: '; 115 131 $content .= '</td>'; 116 $content .= '<td width="30%" style="text-align:left;">'; 117 //7.9.3 118 //$content .= '<input type="text" id="glossaryLanguageCustomNavALL" name="glossaryLanguageCustomNavALL" value="'. $glossaryLanguageCustomNavALL .'" required placeholder="for example:ALL">'; 119 $content .= '<input type="text" id="glossaryLanguageCustomNavALL" name="glossaryLanguageCustomNavALL" value="'. esc_attr($glossaryLanguageCustomNavALL) .'" required placeholder="for example:ALL">'; 132 $content .= '<td width="30%" >'; 133 $content .= '<input type="text" id="glossaryLanguageCustomNavALL" name="glossaryLanguageCustomNavALL" value="' . esc_attr($glossaryLanguageCustomNavALL) . '" required placeholder="for example:ALL">'; 120 134 $content .= '</td>'; 121 $content .= '<td width="30%" style="text-align:left;">';135 $content .= '<td width="30%" >'; 122 136 $content .= '<input type="submit" class="button-primary" id="glossaryLanguageCustomNavALLSubmit" name="glossaryLanguageCustomNavALLSubmit" value=" Submit ">'; 123 137 $content .= '</td>'; 124 138 $content .= '</tr>'; 125 126 139 $content .= '</table>'; 127 140 $content .= '</form>'; 128 141 129 142 tooltips_free_language_setting_panel($title, $content); 130 143 131 //start 10.3.3 132 $title = 'Custom "Read More" in the excerpt paragraph -- this "Read More" will only appear when users decide to use the excerpt as the content in glossary '; 144 $title = 'Custom "Read More" in the excerpt paragraph -- this "Read More" will only appear when users decide to use the excerpt as the content in glossary'; 133 145 $content = ''; 134 135 $tooltipLanguageReadMe = get_option('tooltipLanguageReadMe'); 136 if (empty($tooltipLanguageReadMe)) 137 { 138 $tooltipLanguageReadMe = "Read More"; 139 } 140 146 147 $tooltipLanguageReadMe = get_option('tooltipLanguageReadMe', 'Read More'); 148 141 149 $content .= '<form class="formTooltips" name="formTooltips" action="" method="POST">'; 142 $content .= wp_nonce_field ( 'tooltipslanguagenonce');150 $content .= wp_nonce_field('tooltipslanguagenonce', '_wpnonce', true, false); 143 151 $content .= '<table id="tableTooltips" width="100%">'; 144 145 152 $content .= '<tr style="text-align:left;">'; 146 $content .= '<td width=" 25%"style="text-align:left;">';153 $content .= '<td width="40%" style="text-align:left;">'; 147 154 $content .= 'Custom "Read More" in Tooltips Excerpt: '; 148 155 $content .= '</td>'; 149 $content .= '<td width="30%" 150 $content .= '<input type="text" style="width:300px;" id="tooltipLanguageReadMe" name="tooltipLanguageReadMe" value="'. $tooltipLanguageReadMe .'" required placeholder="More Details">';156 $content .= '<td width="30%" style="text-align:left;">'; 157 $content .= '<input type="text" style="width:300px;" id="tooltipLanguageReadMe" name="tooltipLanguageReadMe" value="' . esc_attr($tooltipLanguageReadMe) . '" required placeholder="More Details">'; 151 158 $content .= '</td>'; 152 $content .= '<td width="30%" 159 $content .= '<td width="30%" style="text-align:left;">'; 153 160 $content .= '<input type="submit" class="button-primary" id="tooltipLanguageReadMeSubmit" name="tooltipLanguageReadMeSubmit" value=" Submit ">'; 154 161 $content .= '</td>'; 155 162 $content .= '</tr>'; 156 157 163 $content .= '</table>'; 158 164 $content .= '</form>'; 165 159 166 tooltips_free_language_setting_panel($title, $content); 160 //end 10.3.3161 167 } 168 ?> -
wordpress-tooltips/trunk/readme.txt
r3433237 r3434625 347 347 348 348 == Changelog == 349 = Version 10.8.7 = 350 >[We Fixed the Issue: Stored Cross-Site Scripting in 4 Hours](https://tooltips.org/we-fixed-the-issue-stored-cross-site-scripting-in-4-hours-securing-your-wordpress-tooltips-and-language-settings-best-practices-for-file-uploads-data-sanitization-and-user-input-handling/) 351 349 352 = Version 10.8.3 = 350 353 >[Full Gutenberg & Polylang Compatibility for Widgets](https://tooltips.org/%f0%9f%9a%80-wordpress-tooltips-plugin-update-full-gutenberg-polylang-compatibility-for-widgets-wordpress-tooltips-pro-plus-36-2-8/) … … 368 371 * General code clean up 369 372 370 please check change log at:371 >[Tooltips for Wordpress change log:](https://tooltips.org/change-log-of-wordpress-tooltips-free-plugin/)372 373 373 == Upgrade Notice == 374 374 -
wordpress-tooltips/trunk/rules/ttsimport.php
r3376758 r3434625 1 1 <?php 2 if (!defined('ABSPATH')) 3 { 4 exit; 2 if (!defined('ABSPATH')) { 3 exit; // Exit if accessed directly 5 4 } 6 5 7 function tooltipsImportFree() 8 { 9 ?> 10 <div class="wrap tooltipsaddonclass"> 11 <h2> 12 <?php 13 echo __("Import Tooltips", "wordpress-tooltips"); 14 ?> 15 </h2> 16 <table class="wp-list-table widefat fixed" style="margin-top:20px;"> 17 <tr><td> 18 <form enctype="multipart/form-data" action="" method="POST"> 19 <h3><?php echo __("Import tooltips from csv", "wordpress-tooltips"); ?></h3> 20 <label for="Your CSV File"> <?php echo __("Your CSV File:", "wordpress-tooltips"); ?> </label> 21 <?php 22 wp_nonce_field ( 'tooltipscsvuploadfilenonce' ); 23 ?> 24 <input name="tooltips_csv_upload_file" type="file" /> 25 <div style="margin-top:30px !important;margin-bottom:30px !important;"> 26 <input type="submit" value=" <?php echo __("Import", "wordpress-tooltips"); ?> " name="import" /> 27 </div> 28 </form> 6 //!!! 10.8.7 7 8 function tooltipsImportFree() { 9 ?> 10 <div class="wrap tooltipsaddonclass"> 11 <h2> 12 <?php 13 echo __("Import Tooltips", "wordpress-tooltips"); 14 ?> 15 </h2> 16 <table class="wp-list-table widefat fixed" style="margin-top:20px;"> 17 <tr><td> 18 <form enctype="multipart/form-data" action="" method="POST"> 19 <h3><?php echo __("Import tooltips from csv:", "wordpress-tooltips"); ?></h3> 20 <label for="Your CSV File"> <?php echo __("Your CSV File:", "wordpress-tooltips"); ?> </label> 21 <?php 22 wp_nonce_field('tooltipscsvuploadfilenonce'); 23 ?> 24 <input name="tooltips_csv_upload_file" type="file" /> 25 <div style="margin-top:30px !important;margin-bottom:30px !important;"> 26 <input type="submit" value=" <?php echo __("Import", "wordpress-tooltips"); ?> " name="import" /> 27 </div> 28 </form> 29 29 <div> 30 30 <hr /> … … 61 61 </span> 62 62 </div> 63 </div> 64 </td></tr> 65 </table> 66 <?php 67 global $wpdb; 68 if (isset($_POST['import'])) 69 { 70 check_admin_referer ( 'tooltipscsvuploadfilenonce' ); 71 72 if (!current_user_can('upload_files')) 73 wp_die(__('Sorry, you are not allowed to upload files.')); 74 75 $file = $_FILES ['tooltips_csv_upload_file']; 76 $file_type = substr ( strstr ( $file ['name'], '.' ), 1 ); 77 if ($file_type != 'csv') { 78 echo __ ( "<h4 style='color:firebrick'>Sorry, We only support csv file, please upload csv file again.</h4>", "wordpress-tooltips" ); 79 exit (); 80 } 81 $handle = fopen ( $file ['tmp_name'], "r" ); 82 delete_option ( 'existed_tooltips_post' ); 83 84 $existed_tooltips_post = get_option ( 'existed_tooltips_post' ); 85 if (empty ( $existed_tooltips_post )) { 86 $existed_tooltips_post = array (); 87 } 88 89 $row = 0; 90 while ( $data = fgetcsv ( $handle, 1000, ',' ) ) { 91 $row ++; 92 if ($row == 1) 93 continue; 94 $num = count ( $data ); 95 $term_id = 0; 96 $new_post = ''; 97 $post_title = ''; 98 $post_content = ''; 63 </div> 64 </td></tr> 65 </table> 66 <?php 67 global $wpdb; 99 68 100 //before 9.5.9 101 /* 102 for($i = 0; $i < $num; $i ++) { 103 if ($i == 0) { 104 $post_title = $data [0]; 105 } 106 107 if ($i == 1) { 108 $post_content = $data [1]; 109 } 110 } 111 */ 69 if (isset($_POST['import'])) { 70 check_admin_referer('tooltipscsvuploadfilenonce'); // Validate nonce for CSRF protection 71 72 // File Upload Security Check 73 if (!current_user_can('upload_files')) { 74 wp_die(__('Sorry, you are not allowed to upload files.')); 75 } 112 76 113 //9.8.3 114 $allowed_html = wp_kses_allowed_html('post'); 115 $allowed_html['source'] = array( 116 'src' => true, 117 'type' => true, 118 ); 119 120 // end 9.8.3 121 //9.5.9 122 for($i = 0; $i < $num; $i ++) { 123 if ($i == 0) { 124 $post_title = sanitize_text_field($data [0]); 125 } 126 127 if ($i == 1) { 128 // !!! before 9.8.3 $post_content = sanitize_text_field($data [1]); 129 // 9.8.3 130 $post_content = wp_kses($data [1],$allowed_html); 77 // File Validation 78 if (isset($_FILES['tooltips_csv_upload_file'])) { 79 $file = $_FILES['tooltips_csv_upload_file']; 80 $file_type = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION)); 131 81 132 } 133 } 134 135 $new_post = array ( 136 'post_title' => @$post_title, 137 'post_content' => @$post_content, 138 'post_status' => 'publish', 139 'post_type' => 'tooltips', 140 'post_author' => '1' 141 ); 82 // Validate CSV file extension and MIME type 83 if ($file_type !== 'csv') { 84 echo __("<h4 style='color:firebrick'>Sorry, We only support CSV files, please upload a valid CSV file.</h4>", "wordpress-tooltips"); 85 exit; 86 } 142 87 88 // Further MIME type check 89 if ($file['type'] !== 'text/csv' && $file['type'] !== 'application/vnd.ms-excel') { 90 echo __("<h4 style='color:firebrick'>Invalid file type. Please upload a CSV file.</h4>", "wordpress-tooltips"); 91 exit; 92 } 93 } 143 94 144 95 // Open the uploaded CSV file 96 $handle = fopen($file['tmp_name'], "r"); 97 delete_option('existed_tooltips_post'); 98 99 $existed_tooltips_post = get_option('existed_tooltips_post', []); 100 $row = 0; 145 101 146 $post_table = $wpdb->prefix . 'posts'; 147 // before 9.5.9 148 //$sql = 'select `ID` from `' . $post_table . "` where `post_title` = '" . $post_title . "' and `post_status` = 'publish' and `post_type` = 'tooltips' limit 1"; 149 //9.5.9 150 $sql = $wpdb->prepare( "select ID from $wpdb->posts where post_title = %s and post_status = 'publish' and post_type = 'tooltips' limit 1",$post_title); 151 $result = $wpdb->get_var ( $sql ); 152 $is_dup = ''; 153 if ($result) { 154 $is_dup = true; 155 } 156 157 if ($is_dup == true) { 158 } else { 159 160 $id = wp_insert_post ( $new_post ); 161 if (! (empty ( $id ))) { 162 163 if (in_array ( $id, $existed_tooltips_post )) { 164 } else { 165 $existed_tooltips_post [] = $id; 166 } 167 } 168 } 169 update_option ( 'existed_tooltips_post', $existed_tooltips_post ); 170 } 171 fclose ( $handle ); 172 $checkImportedTooltipsURL = get_option ( 'siteurl' ) . '/wp-admin/edit.php?post_type=tooltips'; 173 174 echo '<br />'; 175 echo __ ( "<h4 style='color:firebrick'>Tooltips imported, Please click <a href='$checkImportedTooltipsURL'>All Tooltips</a> to check the result, thanks</h4>", "wordpress-tooltips" ); 176 } 102 while ($data = fgetcsv($handle, 1000, ',')) { 103 $row++; 104 if ($row == 1) continue; // Skip the header row 105 106 // Ensure that there are enough columns 107 if (count($data) < 2) { 108 continue; // Skip invalid rows 109 } 110 111 $post_title = sanitize_text_field($data[0]); // Sanitize title 112 $post_content = wp_kses(sanitize_text_field($data[1]), wp_kses_allowed_html('post')); // Sanitize and allow post content 113 114 // Prepare new post data 115 $new_post = [ 116 'post_title' => $post_title, 117 'post_content' => $post_content, 118 'post_status' => 'publish', 119 'post_type' => 'tooltips', 120 'post_author' => 1 121 ]; 122 123 // Check for duplicate posts 124 $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_status = 'publish' AND post_type = 'tooltips' LIMIT 1", $post_title); 125 $result = $wpdb->get_var($sql); 126 127 if ($result) { 128 continue; // Skip duplicate entries 129 } 130 131 // Insert new post 132 $id = wp_insert_post($new_post); 133 if ($id && !in_array($id, $existed_tooltips_post)) { 134 $existed_tooltips_post[] = $id; 135 } 136 } 137 138 fclose($handle); 139 140 // Update the list of existing tooltips posts 141 update_option('existed_tooltips_post', $existed_tooltips_post); 142 143 // Success message with link to all tooltips 144 $checkImportedTooltipsURL = get_option('siteurl') . '/wp-admin/edit.php?post_type=tooltips'; 145 echo '<br />'; 146 echo __("<h4 style='color:firebrick'>Tooltips imported, Please click <a href='$checkImportedTooltipsURL'>All Tooltips</a> to check the result, thanks</h4>", "wordpress-tooltips"); 147 } 177 148 } 178 179 180 149 ?> -
wordpress-tooltips/trunk/tooltips.php
r3430297 r3434625 4 4 Plugin URI: https://tooltips.org/features-of-wordpress-tooltips-plugin/ 5 5 Description: Tooltips for Wordpress,You can add text,image,link,video,radio in tooltips, add tooltips in gallery. More amazing features? Do you want to customize a beautiful style for your tooltips? One Minute, Check <a href='https://tooltips.org/features-of-wordpress-tooltips-plugin/' target='_blank'> Features of Tooltips Pro</a>. 6 Version: 10.8. 36 Version: 10.8.7 7 7 Author: Tomas | <a href='https://tooltips.org/wordpress-tooltip-plugin/wordpress-tooltip-plugin-document/' target='_blank'>Docs</a> | <a href='https://tooltips.org/faq/' target='_blank'>FAQ</a> | <a href='https://tooltips.org/contact-us' target='_blank'>Premium Support</a> 8 8 Author URI: https://tooltips.org/wordpress-tooltip-plugin/wordpress-tooltips-demo/ … … 1928 1928 //!!! end 7.9.7 1929 1929 } 1930 update_option('ztooltipversion','10.8. 3');1930 update_option('ztooltipversion','10.8.7'); 1931 1931 } 1932 1932 add_action( 'init', 'upgrade_check');
Note: See TracChangeset
for help on using the changeset viewer.