Changeset 3487263
- Timestamp:
- 03/20/2026 02:41:43 PM (2 weeks ago)
- Location:
- artplacer-widget/trunk
- Files:
-
- 3 edited
-
artplacer-widget.php (modified) (1 diff)
-
includes/functions.php (modified) (1 diff)
-
readme.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
artplacer-widget/trunk/artplacer-widget.php
r3487257 r3487263 4 4 Plugin URI: https://wordpress.org/plugins/artplacer-widget/ 5 5 Description: Display the ArtPlacer widget into your products or posts. 6 Version: 2.23. 36 Version: 2.23.4 7 7 Author: ArtPlacer 8 8 Author URI: http://www.artplacer.com -
artplacer-widget/trunk/includes/functions.php
r3487257 r3487263 53 53 $attribute_exists = str_contains($string, ' ' . $attribute_name . '="'); 54 54 $attribute_name = preg_replace('/[^a-zA-Z0-9_\-:]/', '', (string) $attribute_name); 55 if ($attribute_name === '') return $string; 55 56 $forbidden_attributes = ["onclick", "ondblclick", "onmousedown", "onmouseup", "onmouseover", "onmousemove", "onmouseout", "onkeydown", "onkeypress", "onkeyup", "onload", "onunload", "onbeforeunload", "onerror", "onabort", "onsubmit", "onreset", "onchange", "oninput", "onselect", "onfocus", "onblur", "onscroll", "onresize", "ondragstart", "ondrop", "ondragover", "onplay", "onpause", "onended", "onvolumechange", "onmessage", "onstorage", "onoffline", "ononline", "href", "src", "action", "formaction", "data", "poster", "background", "lowsrc", "dynsrc", "srcdoc", "style", "xlink:href", "content"]; 57 if ($attribute_name === '' || in_array($attribute_name, $forbidden_attributes)) return $string; 58 56 59 $value = function_exists('esc_attr') ? esc_attr($value) : htmlspecialchars((string) $value, ENT_QUOTES, 'UTF-8'); 57 60 if ($attribute_exists && $replace) { -
artplacer-widget/trunk/readme.txt
r3487257 r3487263 138 138 = 2.23.2 = 139 139 * Prevents remote XSS vulnerability. 140 = 2.23. 3=140 = 2.23.4 = 141 141 * Prevents unlikely XSS vulnerability.
Note: See TracChangeset
for help on using the changeset viewer.