Changeset 3490202
- Timestamp:
- 03/24/2026 04:31:14 PM (8 days ago)
- Location:
- gmap-block
- Files:
-
- 6 edited
- 1 copied
-
tags/1.2.3 (copied) (copied from gmap-block/trunk)
-
tags/1.2.3/gmap-block.php (modified) (2 diffs)
-
tags/1.2.3/inc/classes/dynamic-style.php (modified) (1 diff)
-
tags/1.2.3/readme.txt (modified) (2 diffs)
-
trunk/gmap-block.php (modified) (2 diffs)
-
trunk/inc/classes/dynamic-style.php (modified) (1 diff)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
gmap-block/tags/1.2.3/gmap-block.php
r3486648 r3490202 4 4 * Description: A custom Gutenberg block to display google map in Gutenberg editor. 5 5 * Author: Zakaria Binsaifullah 6 * Version: 1.2. 26 * Version: 1.2.3 7 7 * Text Domain: gmap-block 8 8 * Domain Path: /languages … … 28 28 29 29 // Plugin Version 30 const VERSION = '1.2. 2';30 const VERSION = '1.2.3'; 31 31 32 32 /** -
gmap-block/tags/1.2.3/inc/classes/dynamic-style.php
r3486648 r3490202 84 84 wp_register_style( $handle, false, array(), GMAP_VERSION, 'all' ); 85 85 wp_enqueue_style( $handle, false, array(), GMAP_VERSION, 'all' ); 86 wp_add_inline_style( $handle, wp_strip_all_tags( $style ) );86 wp_add_inline_style( $handle, $this->sanitize_css( $style ) ); 87 87 } 88 } 89 90 /** 91 * Sanitize CSS method 92 * 93 * @since 1.0.0 94 * @param string $css CSS to Sanitize. 95 * @return string 96 */ 97 private function sanitize_css( $css ) { 98 // Validate UTF-8 encoding 99 $css = wp_check_invalid_utf8( $css ); 100 101 if ( empty( $css ) ) { 102 return ''; 103 } 104 105 // Normalize whitespace to prevent obfuscation tricks 106 $css = preg_replace( '/\s+/', ' ', $css ); 107 108 // Remove CSS comments (can hide payloads: /* expression */background:url() */) 109 $css = preg_replace( '!/\*.*?\*/!s', '', $css ); 110 111 // Remove backslash escapes used to bypass keyword filters (e.g. \65 xpression) 112 $css = preg_replace( '/\\\\[0-9a-fA-F]{0,6}\s?/', '', $css ); 113 114 // Block dangerous CSS functions and protocols 115 // Covers: expression(), url(), javascript:, vbscript:, data:, behavior 116 if ( preg_match( 117 '/expression\s*\( 118 | url\s*\( 119 | javascript\s*: 120 | vbscript\s*: 121 | data\s*: 122 | @import 123 | behavior\s*: 124 | -moz-binding\s*: 125 | content\s*:/ix', 126 $css 127 ) ) { 128 return ''; 129 } 130 131 // Block HTML tags that could escape the <style> context 132 if ( preg_match( '/<\s*\/?\s*(script|style|link|meta|object|embed|iframe)/i', $css ) ) { 133 return ''; 134 } 135 136 // Trim and return 137 return trim( $css ); 88 138 } 89 139 } -
gmap-block/tags/1.2.3/readme.txt
r3486648 r3490202 4 4 Requires at least: 6.0 5 5 Tested up to: 6.9 6 Stable tag: 1.2. 26 Stable tag: 1.2.3 7 7 Requires PHP: 7.4 8 8 License: GPLv2 or later … … 34 34 35 35 == Changelog == 36 = 1.2.3 = 37 * Fixed: added sanitize css method 38 36 39 = 1.2.2 = 37 40 * Minor bug fixes -
gmap-block/trunk/gmap-block.php
r3486648 r3490202 4 4 * Description: A custom Gutenberg block to display google map in Gutenberg editor. 5 5 * Author: Zakaria Binsaifullah 6 * Version: 1.2. 26 * Version: 1.2.3 7 7 * Text Domain: gmap-block 8 8 * Domain Path: /languages … … 28 28 29 29 // Plugin Version 30 const VERSION = '1.2. 2';30 const VERSION = '1.2.3'; 31 31 32 32 /** -
gmap-block/trunk/inc/classes/dynamic-style.php
r3486648 r3490202 84 84 wp_register_style( $handle, false, array(), GMAP_VERSION, 'all' ); 85 85 wp_enqueue_style( $handle, false, array(), GMAP_VERSION, 'all' ); 86 wp_add_inline_style( $handle, wp_strip_all_tags( $style ) );86 wp_add_inline_style( $handle, $this->sanitize_css( $style ) ); 87 87 } 88 } 89 90 /** 91 * Sanitize CSS method 92 * 93 * @since 1.0.0 94 * @param string $css CSS to Sanitize. 95 * @return string 96 */ 97 private function sanitize_css( $css ) { 98 // Validate UTF-8 encoding 99 $css = wp_check_invalid_utf8( $css ); 100 101 if ( empty( $css ) ) { 102 return ''; 103 } 104 105 // Normalize whitespace to prevent obfuscation tricks 106 $css = preg_replace( '/\s+/', ' ', $css ); 107 108 // Remove CSS comments (can hide payloads: /* expression */background:url() */) 109 $css = preg_replace( '!/\*.*?\*/!s', '', $css ); 110 111 // Remove backslash escapes used to bypass keyword filters (e.g. \65 xpression) 112 $css = preg_replace( '/\\\\[0-9a-fA-F]{0,6}\s?/', '', $css ); 113 114 // Block dangerous CSS functions and protocols 115 // Covers: expression(), url(), javascript:, vbscript:, data:, behavior 116 if ( preg_match( 117 '/expression\s*\( 118 | url\s*\( 119 | javascript\s*: 120 | vbscript\s*: 121 | data\s*: 122 | @import 123 | behavior\s*: 124 | -moz-binding\s*: 125 | content\s*:/ix', 126 $css 127 ) ) { 128 return ''; 129 } 130 131 // Block HTML tags that could escape the <style> context 132 if ( preg_match( '/<\s*\/?\s*(script|style|link|meta|object|embed|iframe)/i', $css ) ) { 133 return ''; 134 } 135 136 // Trim and return 137 return trim( $css ); 88 138 } 89 139 } -
gmap-block/trunk/readme.txt
r3486648 r3490202 4 4 Requires at least: 6.0 5 5 Tested up to: 6.9 6 Stable tag: 1.2. 26 Stable tag: 1.2.3 7 7 Requires PHP: 7.4 8 8 License: GPLv2 or later … … 34 34 35 35 == Changelog == 36 = 1.2.3 = 37 * Fixed: added sanitize css method 38 36 39 = 1.2.2 = 37 40 * Minor bug fixes
Note: See TracChangeset
for help on using the changeset viewer.