Skip to content
This repository was archived by the owner on Mar 1, 2024. It is now read-only.

Commit fdf1f9e

Browse files
author
dhoppe
committed
Fixed: XSS issue in the options page, Improved: Options page slug is sanitized now, Fixed Settings warning in taxonomy and taxonomy cloud widget
git-svn-id: https://plugins.svn.wordpress.org/fancy-gallery/trunk@1026822 b8457f37-d9ea-0310-8a92-e5e31aec5664
1 parent 4cdd349 commit fdf1f9e

6 files changed

+20
-9
lines changed

Diff for: assets/js/fancy-gallery.js

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Diff for: class.options.php

+5-3
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,12 @@
44
class Options {
55
private
66
$arr_option_box, # Meta boxes for the option page
7+
$options_page_slug, # Slug for the options page
78
$core; # Pointer to the core object
89

910
public function __construct($core){
1011
$this->core = $core;
12+
$this->options_page_slug = Sanitize_Title(Str_Replace(Array('\\', '/', '_'), '-', __CLASS__));
1113

1214
# Option boxes
1315
$this->arr_option_box = Array(
@@ -27,7 +29,7 @@ public function Add_Options_Page(){
2729
$this->t('Fancy Gallery Options'),
2830
$this->t('Fancy Gallery'),
2931
'manage_options',
30-
__CLASS__,
32+
$this->options_page_slug,
3133
Array($this, 'Print_Options_Page')
3234
);
3335

@@ -45,7 +47,7 @@ public function Add_Options_Page(){
4547
}
4648

4749
private function Get_Options_Page_Url($parameters = Array()){
48-
$url = Add_Query_Arg(Array('page' => __CLASS__), Admin_Url('options-general.php'));
50+
$url = Add_Query_Arg(Array('page' => $this->options_page_slug), Admin_Url('options-general.php'));
4951
If (Is_Array($parameters) && !Empty($parameters)) $url = Add_Query_Arg($parameters, $url);
5052
return $url;
5153
}
@@ -57,7 +59,7 @@ public function Load_Options_Page(){
5759
WP_Redirect( $this->Get_Options_Page_Url(Array('template_deleted' => 'true')) );
5860
}
5961
ElseIf (IsSet($_GET['delete'])){
60-
WP_Die($this->t('Error while deleting: ' . $_GET['delete']));
62+
WP_Die($this->t('Error while deleting: ' . HTMLSpecialChars($_GET['delete'])));
6163
}
6264

6365
# If the Request was redirected from a "Save Options"-Post

Diff for: plugin.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
Plugin Name: Fancy Gallery Lite
44
Plugin URI: http://dennishoppe.de/en/wordpress-plugins/fancy-gallery
55
Description: Fancy Gallery enables you to create and manage galleries and converts your galleries in post and pages to valid HTML5 blocks and associates linked images with a nice and responsive lightbox.
6-
Version: 1.5.12
6+
Version: 1.5.13
77
Author: Dennis Hoppe
88
Author URI: http://DennisHoppe.de
99
*/

Diff for: readme.txt

+5
Original file line numberDiff line numberDiff line change
@@ -168,6 +168,11 @@ Possibly even more important, buying the premium edition gives you access to me
168168

169169
== Changelog ==
170170

171+
= 1.5.13 =
172+
* Fixed: XSS issue in the options page
173+
* Improved: Options page slug is sanitized now
174+
* Fixed Settings warning in taxonomy and taxonomy cloud widget
175+
171176
= 1.5.12 =
172177
* Removed the Install_Template() function
173178

Diff for: widget.taxonomies.php

+4-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,9 @@
22
Namespace WordPress\Plugin\Fancy_Gallery\Widget;
33

44
class Taxonomies Extends \WP_Widget {
5-
var $core; # Pointer to the core class
5+
public
6+
$arr_options,
7+
$core; # Pointer to the core class
68

79
function __construct(){
810
$this->core = $GLOBALS['WordPress\Plugin\Fancy_Gallery\Core'];
@@ -120,7 +122,7 @@ function Widget ($args, $settings){
120122
# Display Widget
121123
Echo $args['before_widget'];
122124

123-
Echo $args['before_title'] . Apply_Filters('widget_title', $this->Get_Option('title'), $settings, $this->id_base) . $args['after_title'];
125+
Echo $args['before_title'] . Apply_Filters('widget_title', $this->Get_Option('title'), $this->arr_option, $this->id_base) . $args['after_title'];
124126

125127
Echo '<ul>';
126128
WP_List_Categories(Array(

Diff for: widget.taxonomy-cloud.php

+4-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,9 @@
22
Namespace WordPress\Plugin\Fancy_Gallery\Widget;
33

44
class Taxonomy_Cloud Extends \WP_Widget {
5-
var $core; # Pointer to the core class
5+
public
6+
$arr_option,
7+
$core; # Pointer to the core class
68

79
function __construct(){
810
$this->core = $GLOBALS['WordPress\Plugin\Fancy_Gallery\Core'];
@@ -115,7 +117,7 @@ function Widget ($args, $settings){
115117
# Display Widget
116118
Echo $args['before_widget'];
117119

118-
Echo $args['before_title'] . Apply_Filters('widget_title', $this->get_option('title'), $settings, $this->id_base) . $args['after_title'];
120+
Echo $args['before_title'] . Apply_Filters('widget_title', $this->get_option('title'), $this->arr_option, $this->id_base) . $args['after_title'];
119121

120122
Echo '<ul>';
121123
WP_Tag_Cloud(Array(

0 commit comments

Comments
 (0)