Changeset 3487103
- Timestamp:
- 03/20/2026 10:14:29 AM (2 weeks ago)
- Location:
- easy-table-of-contents/trunk
- Files:
-
- 1 added
- 9 edited
-
README.txt (modified) (3 diffs)
-
assets/js/elementor-toc-anchor-fix.js (added)
-
changelog.txt (modified) (1 diff)
-
easy-table-of-contents.php (modified) (19 diffs)
-
includes/class-eztoc-admin.php (modified) (5 diffs)
-
includes/class-eztoc-option.php (modified) (3 diffs)
-
includes/class-eztoc-pointers.php (modified) (2 diffs)
-
includes/class-eztoc-widgetsticky.php (modified) (4 diffs)
-
includes/helper-function.php (modified) (5 diffs)
-
includes/inc.functions.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
easy-table-of-contents/trunk/README.txt
r3463974 r3487103 6 6 Tested up to: 6.9 7 7 Requires PHP: 5.6.20 8 Stable tag: 2.0.8 18 Stable tag: 2.0.82 9 9 License: GPLv2 or later 10 10 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 135 135 136 136 == Changelog == 137 = 2.0.82 20/03/2026 = 138 * Fixed: Underlined Header Issue in elementor text editor #944 139 * Fixed: 'Disable Sticky TOC' setting ignored (Pro filter result overwritten by free plugin) #940 140 * Fixed: Authenticated (Contributor+) CSS Injection in <= 2.0.80 reported by Wordfence (type5afe) 141 137 142 = 2.0.81 18/02/2026 = 138 143 * Fixed: Make "Exclude Headings by Class" work if class is contained inside the heading #941 … … 263 268 = 2.0.67.1 19/06/2024 = 264 269 * Bug: Plugin Does Not Save Changes in recent version 2.0.67 #771 265 266 = 2.0.67 18/06/2024 =267 * New: Read Time in Minutes option for individual posts and set the translation for reading time. #763268 * New: Exclude heading by id option #768269 * New: Exclude TOC added using shortcode on specific pages/posts [post_not_in="1,2"] #758270 * Compatibility: Added compatibility with the theme StoreHub #760271 * Compatibility: Conflict issue with custom theme(user specific issue) #750272 * Compatibility: Conflict issue with DIVI theme #749273 * Bug: Highlight Heading colors are not getting customized #755274 * Bug: Sticky TOC appears on homepage without enabling option when front page is set #754275 * Bug: TOC is showing on homepage's post's excerpt Avada theme conflict #757276 * Fix: Passing null to parameter #1 ($string) of type string is deprecated #769277 * Fix: Patched Security Vulnerability disclosed by Dmitrii Ignatyev from cleantalk.org278 279 = 2.0.66.1 15/05/2024 =280 * Bug: ETOC version 2.0.66 giving **Fatal error**: Uncaught TypeError: method_exists() #752281 282 270 283 271 Full changelog available at [changelog.txt](https://plugins.svn.wordpress.org/easy-table-of-contents/trunk/changelog.txt) -
easy-table-of-contents/trunk/changelog.txt
r3463974 r3487103 1 1 == Changelog == 2 = 2.0.82 20/03/2026 = 3 * Fixed: Underlined Header Issue in elementor text editor #944 4 * Fixed: 'Disable Sticky TOC' setting ignored (Pro filter result overwritten by free plugin) #940 5 * Fixed: Authenticated (Contributor+) CSS Injection in <= 2.0.80 reported by Wordfence (type5afe) 6 2 7 = 2.0.81 18/02/2026 = 3 8 * Fixed: Make "Exclude Headings by Class" work if class is contained inside the heading #941 -
easy-table-of-contents/trunk/easy-table-of-contents.php
r3463974 r3487103 4 4 * Plugin URI: https://tocwp.com/ 5 5 * Description: Adds a user friendly and fully automatic way to create and display a table of contents generated from the page content. 6 * Version: 2.0.8 16 * Version: 2.0.82 7 7 * Author: Magazine3 8 8 * Author URI: https://tocwp.com/ … … 29 29 * @category Plugin 30 30 * @author Magazine3 31 * @version 2.0.8 131 * @version 2.0.82 32 32 */ 33 33 … … 53 53 * @var string 54 54 */ 55 const VERSION = '2.0.8 1';55 const VERSION = '2.0.82'; 56 56 57 57 /** … … 263 263 264 264 $cssChecked = '#ez-toc-container input[type="checkbox"]:checked + nav, #ez-toc-widget-container input[type="checkbox"]:checked + nav {opacity: 0;max-height: 0;border: none;display: none;}'; 265 wp_register_style( 'ez -toc-exclude-toggle-css', false, array(), ezTOC::VERSION );266 wp_enqueue_style( 'ez -toc-exclude-toggle-css', false, array(), ezTOC::VERSION );267 wp_add_inline_style( 'ez -toc-exclude-toggle-css', $cssChecked );265 wp_register_style( 'eztoc-exclude-toggle-css', false, array(), ezTOC::VERSION ); 266 wp_enqueue_style( 'eztoc-exclude-toggle-css', false, array(), ezTOC::VERSION ); 267 wp_add_inline_style( 'eztoc-exclude-toggle-css', $cssChecked ); 268 268 } 269 269 } … … 346 346 $inline_css .= self::inline_sticky_toggle_css(); 347 347 348 wp_register_style( 'ez -toc-sticky-style', false, array(), ezTOC::VERSION );349 wp_enqueue_style( 'ez -toc-sticky-style', false, array(), ezTOC::VERSION );350 wp_add_inline_style( 'ez -toc-sticky-style', $inline_css );348 wp_register_style( 'eztoc-sticky-style', false, array(), ezTOC::VERSION ); 349 wp_enqueue_style( 'eztoc-sticky-style', false, array(), ezTOC::VERSION ); 350 wp_add_inline_style( 'eztoc-sticky-style', $inline_css ); 351 351 352 352 } … … 368 368 $inline_css .= self::inline_css(); 369 369 370 wp_register_style( 'ez -toc-style', false, array(), ezTOC::VERSION );371 wp_enqueue_style( 'ez -toc-style', false, array(), ezTOC::VERSION );372 wp_add_inline_style( 'ez -toc-style', $inline_css );370 wp_register_style( 'eztoc-style', false, array(), ezTOC::VERSION ); 371 wp_enqueue_style( 'eztoc-style', false, array(), ezTOC::VERSION ); 372 wp_add_inline_style( 'eztoc-style', $inline_css ); 373 373 374 374 } … … 521 521 522 522 // Register stylesheet which can be called later using wp_enqueue_style() 523 wp_register_style( 'ez -toc', EZ_TOC_URL . "assets/css/screen{$min}.css",array( ), ezTOC::VERSION );524 wp_register_style( 'ez -toc-sticky', EZ_TOC_URL . "assets/css/ez-toc-sticky{$min}.css", array(), self::VERSION );523 wp_register_style( 'eztoc', EZ_TOC_URL . "assets/css/screen{$min}.css",array( ), ezTOC::VERSION ); 524 wp_register_style( 'eztoc-sticky', EZ_TOC_URL . "assets/css/ez-toc-sticky{$min}.css", array(), self::VERSION ); 525 525 526 526 // Register scripts which can be called later using wp_enqueue_script() … … 529 529 $in_footer = false; 530 530 } 531 wp_register_script( 'ez -toc-sticky', EZ_TOC_URL . "assets/js/ez-toc-sticky{$min}.js", array( 'jquery'), ezTOC::VERSION . '-' . filemtime( EZ_TOC_PATH . "/assets/js/ez-toc-sticky{$min}.js" ), $in_footer );532 wp_register_script( 'ez -toc-js-cookie', EZ_TOC_URL . "vendor/js-cookie/js.cookie{$min}.js", array(), '2.2.1', $in_footer );533 wp_register_script( 'ez -toc-jquery-sticky-kit', EZ_TOC_URL . "vendor/sticky-kit/jquery.sticky-kit{$min}.js", array( 'jquery' ), '1.9.2', $in_footer );534 wp_register_script( 'ez -toc-js', EZ_TOC_URL . "assets/js/front{$min}.js", array( 'jquery', 'ez-toc-js-cookie', 'ez-toc-jquery-sticky-kit' ), ezTOC::VERSION . '-' . filemtime( EZ_TOC_PATH . "/assets/js/front{$min}.js" ), $in_footer );531 wp_register_script( 'eztoc-sticky', EZ_TOC_URL . "assets/js/ez-toc-sticky{$min}.js", array( 'jquery'), ezTOC::VERSION . '-' . filemtime( EZ_TOC_PATH . "/assets/js/ez-toc-sticky{$min}.js" ), $in_footer ); 532 wp_register_script( 'eztoc-js-cookie', EZ_TOC_URL . "vendor/js-cookie/js.cookie{$min}.js", array(), '2.2.1', $in_footer ); 533 wp_register_script( 'eztoc-jquery-sticky-kit', EZ_TOC_URL . "vendor/sticky-kit/jquery.sticky-kit{$min}.js", array( 'jquery' ), '1.9.2', $in_footer ); 534 wp_register_script( 'eztoc-js', EZ_TOC_URL . "assets/js/front{$min}.js", array( 'jquery', 'eztoc-js-cookie', 'eztoc-jquery-sticky-kit' ), ezTOC::VERSION . '-' . filemtime( EZ_TOC_PATH . "/assets/js/front{$min}.js" ), $in_footer ); 535 535 //This is legacy hook,it will be removed in future versions. 536 536 $eztoc_smscroll_jsfile_filter = apply_filters('ez_toc_smscroll_jsfile_filter',EZ_TOC_URL . "assets/js/smooth_scroll{$min}.js"); //phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound -- Legacy hook name. 537 537 //This is the new hook , it should be used instead of the legacy one. 538 538 $eztoc_smscroll_jsfile_filter = apply_filters('eztoc_smscroll_jsfile_filter',EZ_TOC_URL . "assets/js/smooth_scroll{$min}.js"); 539 wp_register_script( 'ez-toc-scroll-scriptjs', $eztoc_smscroll_jsfile_filter, array( 'jquery' ), ezTOC::VERSION, $in_footer ); 539 wp_register_script( 'eztoc-scroll-scriptjs', $eztoc_smscroll_jsfile_filter, array( 'jquery' ), ezTOC::VERSION, $in_footer ); 540 wp_register_script( 'eztoc-elementor-anchor-fix', EZ_TOC_URL . 'assets/js/elementor-toc-anchor-fix.js', array(), ezTOC::VERSION, $in_footer ); 540 541 self::localize_scripts(); 541 542 542 543 if ( self::is_enqueue_scripts_eligible() ) { 544 if ( eztoc_is_plugin_active( 'elementor/elementor.php' ) ) { 545 wp_enqueue_script( 'eztoc-elementor-anchor-fix' ); 546 } 543 547 self::enqueue_registered_script(); 544 548 self::enqueue_registered_style(); … … 565 569 if ( 'Foodie Pro' == $eztoc_current_theme->get( 'Name' ) ) { 566 570 567 wp_register_style( 'ez -toc-foodie-pro', EZ_TOC_URL . "assets/css/foodie-pro{$min}.css",array(), ezTOC::VERSION );568 wp_enqueue_style( 'ez -toc-foodie-pro' );571 wp_register_style( 'eztoc-foodie-pro', EZ_TOC_URL . "assets/css/foodie-pro{$min}.css",array(), ezTOC::VERSION ); 572 wp_enqueue_style( 'eztoc-foodie-pro' ); 569 573 570 574 } … … 578 582 if ( 'Thrive Theme Builder' == $eztoc_current_theme->get( 'Name' ) ) { 579 583 580 wp_register_style( 'ez -toc-thrive-theme-builder', EZ_TOC_URL . "assets/css/thrive-theme-builder{$min}.css",array(), ezTOC::VERSION );581 wp_enqueue_style( 'ez -toc-thrive-theme-builder' );584 wp_register_style( 'eztoc-thrive-theme-builder', EZ_TOC_URL . "assets/css/thrive-theme-builder{$min}.css",array(), ezTOC::VERSION ); 585 wp_enqueue_style( 'eztoc-thrive-theme-builder' ); 582 586 583 587 } … … 677 681 678 682 if ( 0 < count( $js_vars ) ) { 679 wp_localize_script( 'ez -toc-js', 'ezTOC', $js_vars );683 wp_localize_script( 'eztoc-js', 'ezTOC', $js_vars ); 680 684 // smooth scroll js localization 681 685 $js_scroll = array(); … … 687 691 $js_scroll['JumpJsLinks'] = true; 688 692 } 689 wp_localize_script( 'ez -toc-scroll-scriptjs', 'eztoc_smooth_local', $js_scroll );693 wp_localize_script( 'eztoc-scroll-scriptjs', 'eztoc_smooth_local', $js_scroll ); 690 694 } 691 695 //localize sticky js … … 697 701 $js_sticky['close_on_link_click'] = true; 698 702 } 699 wp_localize_script( 'ez -toc-sticky', 'eztoc_sticky_local', $js_sticky );703 wp_localize_script( 'eztoc-sticky', 'eztoc_sticky_local', $js_sticky ); 700 704 } 701 705 … … 716 720 if ( ! ezTOC_Option::get( 'exclude_css' )){ 717 721 if ( ! ezTOC_Option::get( 'inline_css' ) ) { 718 wp_enqueue_style( 'ez -toc-sticky' );722 wp_enqueue_style( 'eztoc-sticky' ); 719 723 $css = self::inline_sticky_toggle_css(); 720 wp_add_inline_style( 'ez -toc-sticky', $css );724 wp_add_inline_style( 'eztoc-sticky', $css ); 721 725 } 722 726 } … … 737 741 if( ! ezTOC_Option::get( 'exclude_css' ) ) { 738 742 if ( ! ezTOC_Option::get( 'inline_css' ) ) { 739 wp_enqueue_style( 'ez -toc' );743 wp_enqueue_style( 'eztoc' ); 740 744 $css = self::inline_css(); 741 wp_add_inline_style( 'ez -toc', $css );745 wp_add_inline_style( 'eztoc', $css ); 742 746 } 743 747 } … … 758 762 if (ezTOC_Option::get( 'toc_loading' ) == 'js') { 759 763 if ( ezTOC_Option::get( 'smooth_scroll' ) ) { 760 wp_enqueue_script( 'ez -toc-scroll-scriptjs' );764 wp_enqueue_script( 'eztoc-scroll-scriptjs' ); 761 765 } 762 wp_enqueue_script( 'ez -toc-js' );766 wp_enqueue_script( 'eztoc-js' ); 763 767 } 764 768 … … 1400 1404 1401 1405 return $post; 1406 } 1407 1408 /** 1409 * Sanitize a CSS color value for safe output in `<style>` context. 1410 * 1411 * Allows: hex colors, rgb()/rgba(), hsl()/hsla(), `var(--token)`, 1412 * and a small set of CSS keywords. 1413 * 1414 * @since 2.0.83 1415 * 1416 * @param mixed $value 1417 * @return string 1418 */ 1419 public static function sanitize_css_color( $value ) { 1420 if ( ! is_string( $value ) ) { 1421 return ''; 1422 } 1423 1424 $value = trim( $value ); 1425 if ( '' === $value ) { 1426 return ''; 1427 } 1428 1429 $keywords = array( 1430 'transparent', 1431 'currentcolor', 1432 'inherit', 1433 'initial', 1434 'unset', 1435 'revert', 1436 'revert-layer', 1437 ); 1438 if ( in_array( strtolower( $value ), $keywords, true ) ) { 1439 return $value; 1440 } 1441 1442 $hex = sanitize_hex_color( $value ); 1443 if ( ! empty( $hex ) ) { 1444 return $hex; 1445 } 1446 1447 if ( preg_match( '/^var\\(--[A-Za-z0-9_-]+\\)$/', $value ) ) { 1448 return $value; 1449 } 1450 1451 // rgb() / rgba() 1452 if ( preg_match( '/^rgba?\\(\\s*(\\d{1,3})\\s*,\\s*(\\d{1,3})\\s*,\\s*(\\d{1,3})(?:\\s*,\\s*(0|1|0?\\.\\d+)\\s*)?\\)$/', $value, $m ) ) { 1453 $r = (int) $m[1]; 1454 $g = (int) $m[2]; 1455 $b = (int) $m[3]; 1456 if ( $r >= 0 && $r <= 255 && $g >= 0 && $g <= 255 && $b >= 0 && $b <= 255 ) { 1457 return $value; 1458 } 1459 } 1460 1461 // hsl() / hsla() 1462 if ( preg_match( '/^hsla?\\(\\s*(\\d{1,3})\\s*,\\s*(\\d{1,3})%\\s*,\\s*(\\d{1,3})%(?:\\s*,\\s*(0|1|0?\\.\\d+)\\s*)?\\)$/', $value, $m ) ) { 1463 $h = (int) $m[1]; 1464 $s = (int) $m[2]; 1465 $l = (int) $m[3]; 1466 if ( $h >= 0 && $h <= 360 && $s >= 0 && $s <= 100 && $l >= 0 && $l <= 100 ) { 1467 return $value; 1468 } 1469 } 1470 1471 return ''; 1472 } 1473 1474 /** 1475 * Sanitize a CSS length unit for safe concatenation. 1476 * 1477 * @since 2.0.83 1478 * 1479 * @param mixed $unit 1480 * @param array $allowed 1481 * @param string $default 1482 * @return string 1483 */ 1484 public static function sanitize_css_unit( $unit, array $allowed, $default ) { 1485 if ( ! is_string( $unit ) ) { 1486 return $default; 1487 } 1488 $unit = trim( $unit ); 1489 return in_array( $unit, $allowed, true ) ? $unit : $default; 1490 } 1491 1492 /** 1493 * Sanitize a CSS font-weight. 1494 * 1495 * @since 2.0.83 1496 * 1497 * @param mixed $value 1498 * @param string $default 1499 * @return string 1500 */ 1501 private static function sanitize_css_font_weight( $value, $default = '' ) { 1502 if ( ! is_string( $value ) ) { 1503 return $default; 1504 } 1505 $value = trim( $value ); 1506 if ( '' === $value ) { 1507 return $default; 1508 } 1509 1510 $lower = strtolower( $value ); 1511 if ( in_array( $lower, array( 'normal', 'bold', 'bolder', 'lighter', 'inherit', 'initial', 'unset', 'revert' ), true ) ) { 1512 return $value; 1513 } 1514 1515 if ( preg_match( '/^(100|200|300|400|500|600|700|800|900)$/', $value ) ) { 1516 return $value; 1517 } 1518 1519 return $default; 1402 1520 } 1403 1521 … … 1468 1586 ), $atts ) ); 1469 1587 1588 // Sanitize shortcode attributes that are used in `<style>` context. 1589 $title_font_color = self::sanitize_css_color( $title_font_color ); 1590 $text_font_color = self::sanitize_css_color( $text_font_color ); 1591 $highlight_color = self::sanitize_css_color( $highlight_color ); 1592 $toc_background_color = self::sanitize_css_color( $toc_background_color ); 1593 $toc_title_background_color = self::sanitize_css_color( $toc_title_background_color ); 1594 1595 $title_font_size_unit = self::sanitize_css_unit( $title_font_size_unit, array( '%', 'px', 'pt', 'em', 'rem', 'vw', 'vh' ), '%' ); 1596 $text_font_size_unit = self::sanitize_css_unit( $text_font_size_unit, array( '%', 'px', 'pt', 'em', 'rem', 'vw', 'vh' ), '%' ); 1597 1598 $title_font_weight = self::sanitize_css_font_weight( $title_font_weight, '600' ); 1599 $text_font_weight = self::sanitize_css_font_weight( $text_font_weight, '400' ); 1600 1470 1601 $widget_name = esc_html( 'ezTOC_WidgetSticky' ); 1471 1602 … … 1486 1617 'sidebar_sticky_title_size_unit' => ( $has_title_font_size_unit && ! empty ( $title_font_size_unit ) ) ? $title_font_size_unit : ezTOC_Option::get( 'title_font_size_units', '%' ), 1487 1618 'sidebar_sticky_title_weight' => ( $has_title_font_weight && ! empty ( $title_font_weight ) ) ? $title_font_weight : ezTOC_Option::get( 'title_font_weight', '600' ), 1488 'sidebar_sticky_title_color' => ( $has_title_font_color && ! empty ( $title_font_color ) ) ? $title_font_color : ezTOC_Option::get( 'custom_title_colour', ''),1619 'sidebar_sticky_title_color' => ( $has_title_font_color && ! empty ( $title_font_color ) ) ? $title_font_color : self::sanitize_css_color( ezTOC_Option::get( 'custom_title_colour', '' ) ), 1489 1620 'sidebar_sticky_size' => ( $has_text_font_size && ! empty ( $text_font_size ) ) ? ( 'auto' == $text_font_size ) ? $text_font_size : ( int ) wp_strip_all_tags ( $text_font_size ) : (int) ezTOC_Option::get( 'font_size', 95 ), 1490 1621 'sidebar_sticky_size_unit' => ( $has_text_font_size_unit && ! empty ( $text_font_size_unit ) ) ? $text_font_size_unit : ezTOC_Option::get( 'font_size_units', '%' ), 1491 1622 'sidebar_sticky_weight' => ( $has_text_font_weight && ! empty ( $text_font_weight ) ) ? $text_font_weight : ezTOC_Option::get( 'font_weight', '400' ), 1492 'sidebar_sticky_color' => ( $has_text_font_color && ! empty ( $text_font_color ) ) ? $text_font_color : ezTOC_Option::get( 'custom_link_colour', ''),1493 'toc_background_color' => ( $has_toc_background_color && ! empty ( $toc_background_color ) ) ? $toc_background_color : ezTOC_Option::get( 'custom_background_colour', ''),1494 'toc_title_background_color' => ( $has_toc_title_background_color && ! empty ( $toc_title_background_color ) ) ? $toc_title_background_color : ezTOC_Option::get( 'custom_title_background', ''),1623 'sidebar_sticky_color' => ( $has_text_font_color && ! empty ( $text_font_color ) ) ? $text_font_color : self::sanitize_css_color( ezTOC_Option::get( 'custom_link_colour', '' ) ), 1624 'toc_background_color' => ( $has_toc_background_color && ! empty ( $toc_background_color ) ) ? $toc_background_color : self::sanitize_css_color( ezTOC_Option::get( 'custom_background_colour', '' ) ), 1625 'toc_title_background_color' => ( $has_toc_title_background_color && ! empty ( $toc_title_background_color ) ) ? $toc_title_background_color : self::sanitize_css_color( ezTOC_Option::get( 'custom_title_background', '' ) ), 1495 1626 'show_toggle' => ( ! empty ( $show_toggle ) ) ? $show_toggle : '', 1496 1627 'device_target' => ( ! empty ( $device_target ) ) ? $device_target : '' -
easy-table-of-contents/trunk/includes/class-eztoc-admin.php
r3429975 r3487103 100 100 } 101 101 $min = defined ( 'SCRIPT_DEBUG' ) && SCRIPT_DEBUG ? '' : '.min'; 102 wp_register_script( ' cn_toc_admin_script', EZ_TOC_URL . "assets/js/admin{$min}.js", array( 'jquery', 'wp-color-picker' ), ezTOC::VERSION, true );103 wp_register_style( ' cn_toc_admin_style', EZ_TOC_URL . "assets/css/admin{$min}.css", array( 'wp-color-picker' ), ezTOC::VERSION );104 105 wp_enqueue_script( ' cn_toc_admin_script' );102 wp_register_script( 'eztoc_admin_script', EZ_TOC_URL . "assets/js/admin{$min}.js", array( 'jquery', 'wp-color-picker' ), ezTOC::VERSION, true ); 103 wp_register_style( 'eztoc_admin_style', EZ_TOC_URL . "assets/css/admin{$min}.css", array( 'wp-color-picker' ), ezTOC::VERSION ); 104 105 wp_enqueue_script( 'eztoc_admin_script' ); 106 106 $data = array( 107 107 'ajax_url' => admin_url( 'admin-ajax.php' ), … … 112 112 $data = apply_filters( 'eztoc_localize_filter', $data, 'eztoc_admin_data' ); 113 113 114 wp_localize_script( ' cn_toc_admin_script', 'cn_toc_admin_data', $data );114 wp_localize_script( 'eztoc_admin_script', 'eztoc_admin_data', $data ); 115 115 } 116 116 … … 147 147 public function enqueueScripts() { 148 148 149 wp_enqueue_script( ' cn_toc_admin_script' );150 wp_enqueue_style( ' cn_toc_admin_style' );149 wp_enqueue_script( 'eztoc_admin_script' ); 150 wp_enqueue_style( 'eztoc_admin_style' ); 151 151 } 152 152 … … 830 830 831 831 if ( ! isset( $_POST['eztoc_security_nonce'] ) ){ 832 return; 832 echo wp_json_encode(array('status'=>'f')); 833 return; 833 834 } 834 835 if ( !wp_verify_nonce( wp_unslash( $_POST['eztoc_security_nonce'] ), 'eztoc_ajax_check_nonce' ) ){ //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized 835 return; 836 echo wp_json_encode(array('status'=>'f')); 837 return; 836 838 } 837 839 if ( !current_user_can( 'manage_options' ) ) { 838 return; 840 echo wp_json_encode(array('status'=>'f')); 841 return; 839 842 } 840 843 $message = isset($_POST['message']) ? $this->eztoc_sanitize_textarea_field(wp_unslash( $_POST['message'] )) : ''; //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized … … 859 862 860 863 $headers[] = 'Content-Type: text/html; charset=UTF-8'; 861 $headers[] = 'From: '. esc_attr($user_email);862 $headers[] = 'Reply-To: ' . esc_attr($user_email);864 $headers[] = 'From: '. sanitize_email($user_email); 865 $headers[] = 'Reply-To: ' . sanitize_email($user_email); 863 866 // Load WP components, no themes. 864 867 -
easy-table-of-contents/trunk/includes/class-eztoc-option.php
r3463974 r3487103 102 102 if(isset($_FILES['eztoc_import_backup']) && !empty($_FILES['eztoc_import_backup']['name'])){ 103 103 //phpcs:ignore WordPress.Security.NonceVerification.Missing -- Reason : Nonce is already verified in the settings page 104 $file_error = isset($_FILES['eztoc_import_backup']['error']) ? $_FILES['eztoc_import_backup']['error']: UPLOAD_ERR_NO_FILE;104 $file_error = isset($_FILES['eztoc_import_backup']['error']) ? sanitize_text_field($_FILES['eztoc_import_backup']['error']) : UPLOAD_ERR_NO_FILE; 105 105 106 106 // Check for file upload errors … … 120 120 } else { 121 121 //phpcs:ignore WordPress.Security.NonceVerification.Missing -- Reason : Nonce is already verified in the settings page 122 $eztoc_import_backup_name_original = isset($_FILES['eztoc_import_backup']['name']) ? wp_unslash($_FILES["eztoc_import_backup"]["name"]) : '';122 $eztoc_import_backup_name_original = isset($_FILES['eztoc_import_backup']['name']) ? sanitize_text_field(wp_unslash($_FILES["eztoc_import_backup"]["name"])) : ''; 123 123 $eztoc_import_backup_name = sanitize_file_name($eztoc_import_backup_name_original); 124 124 … … 132 132 // Check file extension 133 133 if (empty($file_extension) || $file_extension !== 'json') { 134 add_settings_error('ez-toc-settings', 'import_file_type', sprintf( esc_html__('Import failed: Please upload a valid JSON file. File extension must be .json (detected extension: %s)', 'easy-table-of-contents'), $file_extension ? $file_extension : esc_html__('none', 'easy-table-of-contents')), 'error');134 add_settings_error('ez-toc-settings', 'import_file_type', sprintf(/* translators: %s: file extension */ esc_html__('Import failed: Please upload a valid JSON file. File extension must be .json (detected extension: %s)', 'easy-table-of-contents'), $file_extension ? $file_extension : esc_html__('none', 'easy-table-of-contents')), 'error'); 135 135 $import_error = true; 136 136 } else { -
easy-table-of-contents/trunk/includes/class-eztoc-pointers.php
r3414473 r3487103 13 13 public function eztoc_subscribe_for_newsletter() { 14 14 15 if ( isset( $_POST['eztoc_security_nonce'] ) && ! wp_verify_nonce( sanitize_text_field ( wp_unslash( $_POST['eztoc_security_nonce'] ) ) , 'eztoc_ajax_check_nonce' ) ) { 16 17 echo esc_html__( 'security_nonce_not_verified', 'easy-table-of-contents' ); 18 wp_die(); 19 15 if ( ! isset( $_POST['eztoc_security_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['eztoc_security_nonce'] ) ), 'eztoc_ajax_check_nonce' ) ) { 16 wp_send_json_error( esc_html__( 'Security check failed.', 'easy-table-of-contents' ) ); 20 17 } 21 18 22 if ( ! current_user_can( 'manage_options' ) ) {23 wp_ die();19 if ( ! current_user_can( 'manage_options' ) ) { 20 wp_send_json_error( esc_html__( 'Insufficient permissions.', 'easy-table-of-contents' ) ); 24 21 } 25 22 26 $api_url = 'http ://magazine3.company/wp-json/api/central/email/subscribe';23 $api_url = 'https://magazine3.company/wp-json/api/central/email/subscribe'; 27 24 28 25 $api_params = array( … … 33 30 ); 34 31 35 $response = wp_remote_post( $api_url, array( 'timeout' => 15, 'sslverify' => false, 'body' => $api_params ) );32 $response = wp_remote_post( $api_url, array( 'timeout' => 15, 'sslverify' => true, 'body' => $api_params ) ); 36 33 $response = wp_remote_retrieve_body( $response ); 37 34 $response = json_decode( $response, true ); -
easy-table-of-contents/trunk/includes/class-eztoc-widgetsticky.php
r3463974 r3487103 74 74 75 75 $widgetStickyAdminCSSVersion = ezTOC::VERSION . '-' . filemtime ( EZ_TOC_PATH . DIRECTORY_SEPARATOR . "assets" . DIRECTORY_SEPARATOR . "css" . DIRECTORY_SEPARATOR . "ez-toc-widget-sticky-admin$min.css" ); 76 wp_register_style ( 'ez -toc-widget-sticky-admin', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky-admin$min.css", array(), $widgetStickyAdminCSSVersion );77 wp_enqueue_style ( 'ez -toc-widget-sticky-admin', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky-admin$min.css", array(), $widgetStickyAdminCSSVersion );76 wp_register_style ( 'eztoc-widget-sticky-admin', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky-admin$min.css", array(), $widgetStickyAdminCSSVersion ); 77 wp_enqueue_style ( 'eztoc-widget-sticky-admin', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky-admin$min.css", array(), $widgetStickyAdminCSSVersion ); 78 78 } 79 79 … … 361 361 ?> 362 362 363 <?php if(isset($instance[ 'sidebar_sticky_title_size' ]) && isset($instance[ 'sidebar_sticky_title_size_unit' ])){ 364 $title_font_size = $instance[ 'sidebar_sticky_title_size' ].$instance[ 'sidebar_sticky_title_size_unit' ]; 365 }else{ 363 <?php 364 if ( isset( $instance['sidebar_sticky_title_size'] ) && isset( $instance['sidebar_sticky_title_size_unit'] ) ) { 365 $title_unit = ezTOC::sanitize_css_unit( $instance['sidebar_sticky_title_size_unit'], array( '%', 'px', 'pt', 'em', 'rem', 'vw', 'vh' ), '%' ); 366 $title_font_size = (int) $instance['sidebar_sticky_title_size'] . $title_unit; 367 } else { 366 368 $title_font_size = '120%'; 367 } ?> 369 } 370 ?> 368 371 369 372 <span class="ez-toc-widget-sticky-title-container"> … … 372 375 font-size: <?php echo esc_attr ( $title_font_size ); ?>; 373 376 font-weight: <?php echo esc_attr ( isset($instance[ 'sidebar_sticky_title_weight' ]) ? $instance[ 'sidebar_sticky_title_weight' ] : '' ); ?>; 374 color: <?php echo esc_attr (isset($instance[ 'sidebar_sticky_title_color' ]) ? $instance[ 'sidebar_sticky_title_color' ]: '' ); ?>;377 color: <?php echo esc_attr( isset( $instance['sidebar_sticky_title_color'] ) ? ezTOC::sanitize_css_color( $instance['sidebar_sticky_title_color'] ) : '' ); ?>; 375 378 } 376 379 #<?php echo esc_attr($this->id) ?> .ez-toc-widget-sticky-list li a , .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> .ez-toc-widget-sticky-list li a{ 377 380 <?php if( isset ( $instance[ 'sidebar_sticky_size' ] ) && isset($instance[ 'sidebar_sticky_size_unit' ]) ){ ?> 378 font-size: <?php echo esc_attr ( $instance[ 'sidebar_sticky_size' ].$instance[ 'sidebar_sticky_size_unit' ]); } ?>;381 font-size: <?php echo esc_attr( (int) $instance['sidebar_sticky_size'] . ezTOC::sanitize_css_unit( $instance['sidebar_sticky_size_unit'], array( '%', 'px', 'pt', 'em', 'rem', 'vw', 'vh' ), '%' ) ); } ?>; 379 382 <?php if( isset ( $instance[ 'sidebar_sticky_weight' ] ) && ! empty( $instance[ 'sidebar_sticky_weight' ] )){ ?> 380 383 font-weight: <?php echo esc_attr ( $instance[ 'sidebar_sticky_weight' ] ); } ?>; 381 384 <?php if( isset ( $instance[ 'sidebar_sticky_color' ] ) && ! empty($instance[ 'sidebar_sticky_color' ])){ ?> 382 color: <?php echo esc_attr ( $instance[ 'sidebar_sticky_color' ]); } ?>;385 color: <?php echo esc_attr( ezTOC::sanitize_css_color( $instance['sidebar_sticky_color'] ) ); } ?>; 383 386 384 387 } 385 388 #<?php echo esc_attr($this->id) ?> .ez-toc-widget-sticky-container ul.ez-toc-widget-sticky-list li.active > a, .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> ul.ez-toc-widget-sticky-list li.active > a{ 386 background-color: <?php echo esc_attr ( isset($instance[ 'highlight_color' ]) ? $instance[ 'highlight_color' ]: '' ); ?>;387 color: <?php echo esc_attr ( isset($instance[ 'active_section_text_color' ]) ? $instance[ 'active_section_text_color' ]: '' ); ?>;389 background-color: <?php echo esc_attr( isset( $instance['highlight_color'] ) ? ezTOC::sanitize_css_color( $instance['highlight_color'] ) : '' ); ?>; 390 color: <?php echo esc_attr( isset( $instance['active_section_text_color'] ) ? ezTOC::sanitize_css_color( $instance['active_section_text_color'] ) : '' ); ?>; 388 391 } 389 392 <?php if (!empty($instance['toc_background_color'])): ?> 390 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> { background-color: <?php echo esc_attr( $instance['toc_background_color']); ?> !important; }391 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> .ez-toc-sidebar { background-color: <?php echo esc_attr( $instance['toc_background_color']); ?> !important; }393 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> { background-color: <?php echo esc_attr( ezTOC::sanitize_css_color( $instance['toc_background_color'] ) ); ?> !important; } 394 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> .ez-toc-sidebar { background-color: <?php echo esc_attr( ezTOC::sanitize_css_color( $instance['toc_background_color'] ) ); ?> !important; } 392 395 <?php endif; ?> 393 396 <?php if (!empty($instance['toc_title_background_color'])): ?> 394 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> .ez-toc-widget-sticky-title-container { background-color: <?php echo esc_attr( $instance['toc_title_background_color']); ?> !important; }395 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> .ez-toc-sticky-title-container { background-color: <?php echo esc_attr( $instance['toc_title_background_color']); ?> !important; }397 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> .ez-toc-widget-sticky-title-container { background-color: <?php echo esc_attr( ezTOC::sanitize_css_color( $instance['toc_title_background_color'] ) ); ?> !important; } 398 .ez-toc-widget-sticky-container-<?php echo esc_attr($this->id) ?> .ez-toc-sticky-title-container { background-color: <?php echo esc_attr( ezTOC::sanitize_css_color( $instance['toc_title_background_color'] ) ); ?> !important; } 396 399 <?php endif; ?> 397 400 </style> … … 486 489 // Enqueue the script. 487 490 $widgetCSSVersion = ezTOC::VERSION . '-' . filemtime ( EZ_TOC_PATH . DIRECTORY_SEPARATOR . "assets" . DIRECTORY_SEPARATOR . "css" . DIRECTORY_SEPARATOR . "ez-toc-widget-sticky$min.css" ); 488 wp_register_style ( 'ez -toc-widget-sticky', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky$min.css", array(), $widgetCSSVersion );489 wp_enqueue_style ( 'ez -toc-widget-sticky', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky$min.css", array(), $widgetCSSVersion );490 491 wp_add_inline_style ( 'ez -toc-widget-sticky', ezTOC::inline_counting_css ( ezTOC_Option::get ( 'heading-text-direction', 'ltr' ), 'ez-toc-widget-sticky-direction', 'ez-toc-widget-sticky-container', 'counter', 'ez-toc-widget-sticky-container' ) );491 wp_register_style ( 'eztoc-widget-sticky', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky$min.css", array(), $widgetCSSVersion ); 492 wp_enqueue_style ( 'eztoc-widget-sticky', EZ_TOC_URL . "assets/css/ez-toc-widget-sticky$min.css", array(), $widgetCSSVersion ); 493 494 wp_add_inline_style ( 'eztoc-widget-sticky', ezTOC::inline_counting_css ( ezTOC_Option::get ( 'heading-text-direction', 'ltr' ), 'eztoc-widget-sticky-direction', 'eztoc-widget-sticky-container', 'counter', 'eztoc-widget-sticky-container' ) ); 492 495 493 496 $widgetJSVersion = ezTOC::VERSION . '-' . filemtime ( EZ_TOC_PATH . DIRECTORY_SEPARATOR . "assets" . DIRECTORY_SEPARATOR . "js" . DIRECTORY_SEPARATOR . "ez-toc-widget-sticky$min.js" ); 494 wp_register_script ( 'ez -toc-widget-stickyjs', EZ_TOC_URL . "assets/js/ez-toc-widget-sticky$min.js", array( 'jquery' ), $widgetJSVersion , true);495 wp_enqueue_script ( 'ez -toc-widget-stickyjs', EZ_TOC_URL . "assets/js/ez-toc-widget-sticky$min.js", array( 'jquery' ), $widgetJSVersion , true);497 wp_register_script ( 'eztoc-widget-stickyjs', EZ_TOC_URL . "assets/js/ez-toc-widget-sticky$min.js", array( 'jquery' ), $widgetJSVersion , true); 498 wp_enqueue_script ( 'eztoc-widget-stickyjs', EZ_TOC_URL . "assets/js/ez-toc-widget-sticky$min.js", array( 'jquery' ), $widgetJSVersion , true); 496 499 if ( 0 < count ( $js_vars ) ) 497 500 { 498 wp_localize_script ( 'ez -toc-widget-stickyjs', 'ezTocWidgetSticky', $js_vars );501 wp_localize_script ( 'eztoc-widget-stickyjs', 'ezTocWidgetSticky', $js_vars ); 499 502 } 500 503 } -
easy-table-of-contents/trunk/includes/helper-function.php
r3414473 r3487103 74 74 75 75 $text = ''; 76 if( isset( $form['eztoc_disable_text'] ) && !is_array($form['eztoc_disable_text']) ) {76 if( isset( $form['eztoc_disable_text'] ) && is_array($form['eztoc_disable_text']) ) { 77 77 $text = implode( "\n\r", $form['eztoc_disable_text'] ); 78 78 } … … 82 82 $from = isset( $form['eztoc_disable_from'] ) ? $form['eztoc_disable_from'] : ''; 83 83 if( $from ) { 84 $headers[] = "From: $from";85 $headers[] = "Reply-To: $from";84 $headers[] = "From: " . sanitize_email( $from ); 85 $headers[] = "Reply-To: " . sanitize_email( $from ); 86 86 } 87 87 … … 149 149 // 4. Register & Enqueue CSS 150 150 wp_enqueue_style( 151 'e toc-bfcm-style',151 'eztoc-bfcm-style', 152 152 EZ_TOC_URL. 'assets/css/bfcm-style.css', 153 153 array(), … … 157 157 // 5. Register & Enqueue JS 158 158 wp_enqueue_script( 159 'e toc-bfcm-script',159 'eztoc-bfcm-script', 160 160 EZ_TOC_URL. 'assets/js/bfcm-script.js', 161 161 array('jquery'), // jQuery dependency … … 165 165 166 166 // 6. Data Pass (PHP to JS) 167 wp_localize_script('e toc-bfcm-script', 'bfcmData', array(167 wp_localize_script('eztoc-bfcm-script', 'bfcmData', array( 168 168 'targetDate' => $expiry_date_str, 169 169 'offerLink' => $offer_link -
easy-table-of-contents/trunk/includes/inc.functions.php
r3429975 r3487103 432 432 $eztoc_sticky_enable_support = apply_filters( 'ez_toc_sticky_enable_support', $status ); //phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound 433 433 //This is new filter, please use this for future compatibility 434 $eztoc_sticky_enable_support = apply_filters( 'eztoc_sticky_enable_support', $ status);434 $eztoc_sticky_enable_support = apply_filters( 'eztoc_sticky_enable_support', $eztoc_sticky_enable_support ); 435 435 436 436 return $eztoc_sticky_enable_support;
Note: See TracChangeset
for help on using the changeset viewer.