WordPress.org
Get WordPress

Plugin Directory

Changeset 1409054


Ignore:
Timestamp:
05/02/2016 04:53:57 PM (10 years ago)
Author:
HeroPlugins
Message:

Cross-site scripting vulnerability patch

Location:
hero-maps-pro
Files:
744 added
21 edited

Legend:

Unmodified
Added
Removed

  • hero-maps-pro/trunk/classes/core/auto_generate.class.php

    r1087159 r1409054  
    4646                        //place the core view (index.php)
    4747                        $handle = fopen(realpath($dir) .'/index.php', 'w');
    48                         fwrite($handle, '<script type="text/javascript" src="<?php echo $_GET[\'v\']; ?>js/view.core.js"></script>' ."\n");
     48                        fwrite($handle, '<script type="text/javascript" src="<?php echo $_GET[\'v\']; ?>js/view.core.js" data-cfasync="false"></script>' ."\n");
    4949                        fwrite($handle, '<div class="hero_viewport">'. "\n" .'</div>');
    5050                        fclose($handle);
     
    6363                                    //place the view
    6464                                    $handle = fopen(realpath($dir) .'/'. $sub['view'] .'.view.php', 'w');
    65                                     fwrite($handle, '<script type="text/javascript" src="<?php echo $_GET[\'vp\']; ?>js/'. $sub['view'] .'.view.js"></script>' ."\n");
     65                                    fwrite($handle, '<script type="text/javascript" src="<?php echo $_GET[\'vp\']; ?>js/'. $sub['view'] .'.view.js" data-cfasync="false"></script>' ."\n");
    6666                                    fclose($handle);
    6767                                }

  • hero-maps-pro/trunk/classes/core/shortcode.class.php

    r1087159 r1409054  
    3838            //output front-end JS references
    3939            echo '
    40                 <script type="text/javascript">
     40                <script type="text/javascript" data-cfasync="false">
    4141                    var ajax_url = "'. admin_url('admin-ajax.php') .'";
    42                     var '. $this->plugin_prefix .'dir = "'. str_replace('\\','/',$this->plugin_dir) .'/";
    4342                    var '. $this->plugin_prefix .'url = "'. $this->plugin_url .'";
    4443                </script>

  • hero-maps-pro/trunk/classes/frontend.class.php

    r1087159 r1409054  
    123123            $map_uid = 'muid'.str_replace('-','',$hmapspro_helper->genGUID());
    124124            $map = '
    125                 <script type="text/javascript">
     125                <script type="text/javascript" data-cfasync="false">
    126126                    var hmapspro_map_object_'. $map_uid .' = '. json_encode($map_object) .';
    127127                    jQuery(function(){

  • hero-maps-pro/trunk/hmapspro.php

    r1260316 r1409054  
    66        Plugin URI: http://www.heroplugins.com
    77        Description: Easily create your own Google Maps with a simple drag and drop interface
    8         Version: 2.1.0
     8        Version: 2.2.0
    99        Author: Hero Plugins
    1010        Author URI: http://www.heroplugins.com
     
    5959        private $plugin_friendly_name = 'Hero Maps Pro';
    6060        private $plugin_friendly_description = 'Easily create your own Google Maps with a simple drag and drop interface';
    61         private $plugin_version = '2.1.0';
     61        private $plugin_version = '2.2.0';
    6262        private $plugin_prefix = 'hmapspro_';
    6363        private $first_release = '2014-11-24';
    64         private $last_update = '2015-09-06';
     64        private $last_update = '2016-05-02';
    6565        private $api_version = '2.0.1';
    6666       

  • hero-maps-pro/trunk/inc/custom_marker_uploader.php

    r1091650 r1409054  
    3232                move_uploaded_file($_FILES['custom_marker']['tmp_name'], $file);
    3333                echo '
    34                     <script type="text/javascript">
     34                    <script type="text/javascript" data-cfasync="false">
    3535                        window.parent.process_custom_marker(\'process_complete\');
    3636                    </script>
     
    3838            }else{
    3939                echo '
    40                     <script type="text/javascript">
     40                    <script type="text/javascript" data-cfasync="false">
    4141                        window.parent.show_message("error", "Upload Error", "The selected file was not a valid marker.");
    4242                    </script>
     
    5050<!--BEGIN: includes-->
    5151<link type="text/css" rel="stylesheet" href="../assets/css/custom_marker_uploader.css"></link>
    52 <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    53 <script type="text/javascript" src="../assets/js/custom_marker_uploader.js"></script>
     52<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js" data-cfasync="false"></script>
     53<script type="text/javascript" src="../assets/js/custom_marker_uploader.js" data-cfasync="false"></script>
    5454<!--END: includes-->
    5555

  • hero-maps-pro/trunk/inc/frame_sec.check.php

    r1087159 r1409054  
    99        }else{
    1010            echo '
    11                 <script type="text/javascript">
     11                <script type="text/javascript" data-cfasync="false">
    1212                    window.parent.show_security_tag_timeout_error();
    1313                </script>

  • hero-maps-pro/trunk/inc/marker_pack_uploader.php

    r1087159 r1409054  
    3636                move_uploaded_file($_FILES['marker_pack']['tmp_name'], $file);
    3737                echo '
    38                     <script type="text/javascript">
     38                    <script type="text/javascript" data-cfasync="false">
    3939                        window.parent.process_marker_pack(\'process_complete\');
    4040                    </script>
     
    4242            }else{
    4343                echo '
    44                     <script type="text/javascript">
     44                    <script type="text/javascript" data-cfasync="false">
    4545                        window.parent.show_message("error", "Upload Error", "The selected file was not a valid marker pack.");
    4646                    </script>
     
    5454<!--BEGIN: includes-->
    5555<link type="text/css" rel="stylesheet" href="../assets/css/marker_pack_uploader.css"></link>
    56 <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
    57 <script type="text/javascript" src="../assets/js/marker_pack_uploader.js"></script>
     56<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js" data-cfasync="false"></script>
     57<script type="text/javascript" src="../assets/js/marker_pack_uploader.js" data-cfasync="false"></script>
    5858<!--END: includes-->
    5959

  • hero-maps-pro/trunk/panels/panel.core.php

    r1089014 r1409054  
    22    #PLUGIN CORE FRAMEWORK PANEL
    33?>
    4 <script type="text/javascript">
     4<script type="text/javascript" data-cfasync="false">
    55    var plugin_name = '<?php echo $plugin_name; ?>';
    66    var plugin_friendly_name = '<?php echo $plugin_friendly_name; ?>';
     
    1919    var core_view_path = '<?php echo $core_view_path; ?>';
    2020</script>
    21 <script type="text/javascript" src="<?php echo $plugin_url; ?>/views/sidebar_prepopulation.js"></script>
     21<script type="text/javascript" src="<?php echo htmlspecialchars($plugin_url, ENT_QUOTES, 'UTF-8'); ?>/views/sidebar_prepopulation.js" data-cfasync="false"></script>
    2222<div class="hero_message_status">
    2323</div>

  • hero-maps-pro/trunk/readme.txt

    r1260316 r1409054  
    22Contributors: HeroPlugins
    33Tags: google maps, custom maps, easy maps, maps, responsive, markers, streetview, wp maps, wp google maps, map plugin, latitude, longitude, geocoder, location, shortcode, posts, clustering, marker geo mashup, marker icons, custom markers, custom icons, multiple maps, multiple markers
    4 Requires at least: 4.0
    5 Tested up to: 4.3
    6 Stable Tag: 2.1.0
     4Requires at least: 4.0.0
     5Tested up to: 4.5.1
     6Stable Tag: 2.2.0
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    6969== Changelog ==
    7070
     71= 2.2.0 =
     72* Cross-site scripting vulnerability patch
     73
     74= 2.1.1 =
     75* Minor bug fixes
     76
    7177= 2.1.0 =
    7278* Updated map initialization to allow for v3.21 Google Maps JavaScript API controls

  • hero-maps-pro/trunk/views/dashboard/index.php

    r1229056 r1409054  
    22    header("X-Robots-Tag: noindex, nofollow", true);
    33?>
    4 <script type="text/javascript" src="<?php echo $_GET['v']; ?>js/view.core.js"></script>
     4<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['v'], ENT_QUOTES, 'UTF-8'); ?>js/view.core.js" data-cfasync="false"></script>
    55
    66<!--BEGIN: dashboard-->

  • hero-maps-pro/trunk/views/maps/index.php

    r1099073 r1409054  
    22    header("X-Robots-Tag: noindex, nofollow", true);
    33?>
    4 <script type="text/javascript" src="<?php echo $_GET['v']; ?>js/view.core.js"></script>
     4<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['v'], ENT_QUOTES, 'UTF-8'); ?>js/view.core.js" data-cfasync="false"></script>
    55
    66<div class="hero_maps_pro">
     
    4040                        <div style="display:table; float:right; width:auto;" class="hero_col_12">
    4141                            <div id="del_location_marker_btn" class="hero_button_auto red_button rounded_3"><img></div>
    42                             <script type="text/javascript">
     42                            <script type="text/javascript" data-cfasync="false">
    4343                                jQuery('#del_location_marker_btn img').attr('src',plugin_url +'assets/images/admin/delete_btn_img.png');
    4444                            </script>

  • hero-maps-pro/trunk/views/maps/maps_advanced.view.php

    r1087159 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/maps_advanced.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/maps_advanced.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">

  • hero-maps-pro/trunk/views/maps/maps_controls.view.php

    r1087159 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/maps_controls.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/maps_controls.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">

  • hero-maps-pro/trunk/views/maps/maps_developers.view.php

    r1087159 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/maps_developers.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/maps_developers.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">

  • hero-maps-pro/trunk/views/maps/maps_markers.view.php

    r1087159 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/maps_markers.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/maps_markers.view.js" data-cfasync="false"></script>
    22<div class="marker_selection hero_col_12">
    33    <div class="hero_col_2 marker_pack">

  • hero-maps-pro/trunk/views/maps/maps_settings.view.php

    r1087159 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/maps_settings.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/maps_settings.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">

  • hero-maps-pro/trunk/views/maps/maps_setup.view.php

    r1087159 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/maps_setup.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8');; ?>js/maps_setup.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">

  • hero-maps-pro/trunk/views/markers/index.php

    r1099073 r1409054  
    22    header("X-Robots-Tag: noindex, nofollow", true);
    33?>
    4 <script type="text/javascript" src="<?php echo $_GET['v']; ?>js/view.core.js"></script>
     4<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['v'], ENT_QUOTES, 'UTF-8'); ?>js/view.core.js" data-cfasync="false"></script>
    55<div class="hero_viewport">
    66</div>

  • hero-maps-pro/trunk/views/markers/marker_custom_upload_view.view.php

    r1091650 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/marker_custom_upload_view.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/marker_custom_upload_view.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">

  • hero-maps-pro/trunk/views/markers/marker_packs_view.view.php

    r1229056 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/marker_packs_view.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/marker_packs_view.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">
     
    5050            <div class="hero_col_12">
    5151                <img id="additional_markers_img" width="100%">
    52                 <script type="text/javascript">
     52                <script type="text/javascript" data-cfasync="false">
    5353                    jQuery(function(){
    5454                        jQuery('#additional_markers_img').attr('src', plugin_url +'assets/images/additional_markers.jpg');

  • hero-maps-pro/trunk/views/markers/upload_marker_pack_view.view.php

    r1087159 r1409054  
    1 <script type="text/javascript" src="<?php echo $_GET['vp']; ?>js/upload_marker_pack_view.view.js"></script>
     1<script type="text/javascript" src="<?php echo htmlspecialchars($_GET['vp'], ENT_QUOTES, 'UTF-8'); ?>js/upload_marker_pack_view.view.js" data-cfasync="false"></script>
    22<div class="hero_views">
    33    <div class="hero_col_12">
Note: See TracChangeset for help on using the changeset viewer.