Skip to content

Commit

Permalink
🔒️ Properly sanitize show_all attribute in shortcode
Browse files Browse the repository at this point in the history 
Closes #199
  • Loading branch information
@MatzeKitt
MatzeKitt committed Nov 1, 2023
1 parent 7cd58f6 commit f809299
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 5 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Changelog

## 1.8.1
* Fixed the output of the opt-out shortcode

## 1.8.0
* Added support for Anghami
* Added filter to prevent thumbnail orphan deletion
Expand Down
4 changes: 2 additions & 2 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ We usually only support the latest major version.

| Version | Supported |
| ------- | ------------------ |
| 1.7.x | :white_check_mark: |
| < 1.7 | :x: |
| 1.8.x | :white_check_mark: |
| < 1.8 | :x: |

## Reporting a Vulnerability

Expand Down
4 changes: 2 additions & 2 deletions embed-privacy.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
/*
Plugin Name: Embed Privacy
Description: Embed Privacy prevents from loading external embeds directly and lets the user control which one should be loaded.
Version: 1.8.0
Version: 1.8.1
Author: Epiphyt
Author URI: https://epiph.yt
License: GPL2
Expand All @@ -29,7 +29,7 @@
// exit if ABSPATH is not defined
\defined( 'ABSPATH' ) || exit;

\define( 'EMBED_PRIVACY_VERSION', '1.8.0' );
\define( 'EMBED_PRIVACY_VERSION', '1.8.1' );

if ( ! \defined( 'EPI_EMBED_PRIVACY_BASE' ) ) {
\define( 'EPI_EMBED_PRIVACY_BASE', \WP_PLUGIN_DIR . '/embed-privacy/' );
Expand Down
2 changes: 1 addition & 1 deletion inc/class-embed-privacy.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2163,7 +2163,7 @@ public function shortcode_opt_out( $attributes ) {
*/
$subline = \apply_filters( 'embed_privacy_opt_out_subline', '<p>' . \esc_html( $attributes['subline'] ) . '</p>' . \PHP_EOL, $attributes );

$output = '<div class="embed-privacy-opt-out" data-show-all="' . $attributes['show_all'] . '">' . \PHP_EOL . $headline . $subline;
$output = '<div class="embed-privacy-opt-out" data-show-all="' . ( $attributes['show_all'] ? 1 : 0 ) . '">' . \PHP_EOL . $headline . $subline;

foreach ( $embed_providers as $provider ) {
if ( $is_javascript_detection ) {
Expand Down
3 changes: 3 additions & 0 deletions readme.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,9 @@ We are [Epiphyt](https://epiph.yt/), your friendly neighborhood WordPress plugin

== Changelog ==

= 1.8.1 =
* Fixed the output of the opt-out shortcode

= 1.8.0 =
* Added support for Anghami
* Added filter to prevent thumbnail orphan deletion
Expand Down

0 comments on commit f809299

Please sign in to comment.