Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed: XSS issue in the options page, Improved: Options page slug is …
…sanitized now, Fixed Settings warning in taxonomy and taxonomy cloud widget

git-svn-id: https://plugins.svn.wordpress.org/fancy-gallery/trunk@1026822 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information
dhoppe committed Nov 16, 2014
1 parent 4cdd349 commit fdf1f9e
Show file tree
Hide file tree
Showing 6 changed files with 20 additions and 9 deletions.
2 changes: 1 addition & 1 deletion assets/js/fancy-gallery.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 5 additions & 3 deletions class.options.php
Expand Up @@ -4,10 +4,12 @@
class Options {
private
$arr_option_box, # Meta boxes for the option page
$options_page_slug, # Slug for the options page
$core; # Pointer to the core object

public function __construct($core){
$this->core = $core;
$this->options_page_slug = Sanitize_Title(Str_Replace(Array('\\', '/', '_'), '-', __CLASS__));

# Option boxes
$this->arr_option_box = Array(
Expand All @@ -27,7 +29,7 @@ public function Add_Options_Page(){
$this->t('Fancy Gallery Options'),
$this->t('Fancy Gallery'),
'manage_options',
__CLASS__,
$this->options_page_slug,
Array($this, 'Print_Options_Page')
);

Expand All @@ -45,7 +47,7 @@ public function Add_Options_Page(){
}

private function Get_Options_Page_Url($parameters = Array()){
$url = Add_Query_Arg(Array('page' => __CLASS__), Admin_Url('options-general.php'));
$url = Add_Query_Arg(Array('page' => $this->options_page_slug), Admin_Url('options-general.php'));
If (Is_Array($parameters) && !Empty($parameters)) $url = Add_Query_Arg($parameters, $url);
return $url;
}
Expand All @@ -57,7 +59,7 @@ public function Load_Options_Page(){
WP_Redirect( $this->Get_Options_Page_Url(Array('template_deleted' => 'true')) );
}
ElseIf (IsSet($_GET['delete'])){
WP_Die($this->t('Error while deleting: ' . $_GET['delete']));
WP_Die($this->t('Error while deleting: ' . HTMLSpecialChars($_GET['delete'])));
}

# If the Request was redirected from a "Save Options"-Post
Expand Down
2 changes: 1 addition & 1 deletion plugin.php
Expand Up @@ -3,7 +3,7 @@
Plugin Name: Fancy Gallery Lite
Plugin URI: http://dennishoppe.de/en/wordpress-plugins/fancy-gallery
Description: Fancy Gallery enables you to create and manage galleries and converts your galleries in post and pages to valid HTML5 blocks and associates linked images with a nice and responsive lightbox.
Version: 1.5.12
Version: 1.5.13
Author: Dennis Hoppe
Author URI: http://DennisHoppe.de
*/
Expand Down
5 changes: 5 additions & 0 deletions readme.txt
Expand Up @@ -168,6 +168,11 @@ Possibly even more important, buying the premium edition gives you access to me

== Changelog ==

= 1.5.13 =
* Fixed: XSS issue in the options page
* Improved: Options page slug is sanitized now
* Fixed Settings warning in taxonomy and taxonomy cloud widget

= 1.5.12 =
* Removed the Install_Template() function

Expand Down
6 changes: 4 additions & 2 deletions widget.taxonomies.php
Expand Up @@ -2,7 +2,9 @@
Namespace WordPress\Plugin\Fancy_Gallery\Widget;

class Taxonomies Extends \WP_Widget {
var $core; # Pointer to the core class
public
$arr_options,
$core; # Pointer to the core class

function __construct(){
$this->core = $GLOBALS['WordPress\Plugin\Fancy_Gallery\Core'];
Expand Down Expand Up @@ -120,7 +122,7 @@ function Widget ($args, $settings){
# Display Widget
Echo $args['before_widget'];

Echo $args['before_title'] . Apply_Filters('widget_title', $this->Get_Option('title'), $settings, $this->id_base) . $args['after_title'];
Echo $args['before_title'] . Apply_Filters('widget_title', $this->Get_Option('title'), $this->arr_option, $this->id_base) . $args['after_title'];

Echo '<ul>';
WP_List_Categories(Array(
Expand Down
6 changes: 4 additions & 2 deletions widget.taxonomy-cloud.php
Expand Up @@ -2,7 +2,9 @@
Namespace WordPress\Plugin\Fancy_Gallery\Widget;

class Taxonomy_Cloud Extends \WP_Widget {
var $core; # Pointer to the core class
public
$arr_option,
$core; # Pointer to the core class

function __construct(){
$this->core = $GLOBALS['WordPress\Plugin\Fancy_Gallery\Core'];
Expand Down Expand Up @@ -115,7 +117,7 @@ function Widget ($args, $settings){
# Display Widget
Echo $args['before_widget'];

Echo $args['before_title'] . Apply_Filters('widget_title', $this->get_option('title'), $settings, $this->id_base) . $args['after_title'];
Echo $args['before_title'] . Apply_Filters('widget_title', $this->get_option('title'), $this->arr_option, $this->id_base) . $args['after_title'];

Echo '<ul>';
WP_Tag_Cloud(Array(
Expand Down

0 comments on commit fdf1f9e

Please sign in to comment.