WordPress.org
Get WordPress

Plugin Directory

Changeset 3488995


Ignore:
Timestamp:
03/23/2026 12:35:28 PM (5 days ago)
Author:
DaveFX
Message:

Update trunk via GitHub Actions

Location:
dfx-parish-retreat-letters/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • dfx-parish-retreat-letters/trunk/dfx-parish-retreat-letters.php

    r3488281 r3488995  
    44 * Plugin URI: https://github.com/davefx/dfx-parish-retreat-letters
    55 * Description: A WordPress plugin for managing parish retreat letters.
    6  * Version: 26.03.22
     6 * Version: 26.03.23
    77 * Author: David Marín Carreño
    88 * Author URI: https://davefx.com
     
    2828 */
    2929if ( ! defined( 'DFXPRL_VERSION' ) ) {
    30     define( 'DFXPRL_VERSION', '26.03.22' );
     30    define( 'DFXPRL_VERSION', '26.03.23' );
    3131}
    3232

  • dfx-parish-retreat-letters/trunk/includes/class-retreat.php

    r3488281 r3488995  
    311311            'custom_header_block_id'     => $this->sanitize_block_selection( $data['custom_header_block_id'] ?? null ),
    312312            'custom_footer_block_id'     => $this->sanitize_block_selection( $data['custom_footer_block_id'] ?? null ),
    313             'body_classes'               => sanitize_text_field( $data['body_classes'] ?? '' ),
     313            'body_classes'               => $this->sanitize_class_list( $data['body_classes'] ?? '' ),
    314314            'notes_enabled'              => isset( $data['notes_enabled'] ) ? (int) (bool) $data['notes_enabled'] : 0,
    315315            'internal_notes_enabled'     => isset( $data['internal_notes_enabled'] ) ? (int) (bool) $data['internal_notes_enabled'] : 0,
     
    351351
    352352    /**
     353     * Sanitize a space-separated list of CSS class names.
     354     *
     355     * Strips any characters that are not valid in a CSS class name
     356     * (only allows A-Z, a-z, 0-9, hyphens, and underscores per class token).
     357     *
     358     * @since 1.0.0
     359     * @param string $classes Space-separated CSS class names.
     360     * @return string Sanitized space-separated CSS class names.
     361     */
     362    private function sanitize_class_list( $classes ) {
     363        if ( empty( $classes ) ) {
     364            return '';
     365        }
     366
     367        $class_list = preg_split( '/\s+/', trim( (string) $classes ), -1, PREG_SPLIT_NO_EMPTY );
     368        $sanitized  = array();
     369
     370        foreach ( $class_list as $class ) {
     371            // Remove percent-encoded octets.
     372            $class = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );
     373            // Only allow characters valid in CSS class names.
     374            $class = preg_replace( '/[^A-Za-z0-9_-]/', '', $class );
     375            if ( '' !== $class ) {
     376                $sanitized[] = $class;
     377            }
     378        }
     379
     380        return implode( ' ', $sanitized );
     381    }
     382
     383    /**
    353384     * Validate retreat data.
    354385     *

  • dfx-parish-retreat-letters/trunk/languages/dfx-parish-retreat-letters.pot

    r3488281 r3488995  
    33msgid ""
    44msgstr ""
    5 "Project-Id-Version: DFX Parish Retreat Letters 26.03.22\n"
     5"Project-Id-Version: DFX Parish Retreat Letters 26.03.23\n"
    66"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/dfx-parish-retreat-letters\n"
    77"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"

  • dfx-parish-retreat-letters/trunk/readme.txt

    r3488335 r3488995  
    44Requires at least: 5.0
    55Tested up to: 6.9
    6 Stable tag: 26.03.22
     6Stable tag: 26.03.23
    77Requires PHP: 7.4
    88License: GPLv3 or later
     
    174174
    175175## Changelog
     176
     177### 26.03.23
     178
     179- Fix: `body_classes` field now stores only a list of CSS class names instead of arbitrary CSS, with sanitization enforcing valid class-name characters only.
    176180
    177181### 26.03.22
Note: See TracChangeset for help on using the changeset viewer.