Changeset 1917968

Timestamp:

08/01/2018 05:10:06 AM (7 years ago)

Author:

atmistinc

Message:

Fixed the XSS issues and updated the WordPress version.

Location:

snazzy-maps/trunk

Files:

• admin/explore.php (modified) (2 diffs)
• admin/helpers.php (added)
• admin/index.php (modified) (3 diffs)
• admin/settings.php (modified) (1 diff)
• admin/styles.php (modified) (4 diffs)
• readme.txt (modified) (2 diffs)
• snazzymaps.php (modified) (2 diffs)

snazzy-maps/trunk/admin/explore.php

@@ -8 +8 @@
     foreach((array)$options as $value => $text){
     ?>
-        <option value="<?php echo $value;?>"
-                <?php echo $value == $selected ? 'selected' : '' ?>>
-                <?php echo $text;?>
+        <option value="<?php echo esc_attr($value);?>" <?php echo esc_attr($value == $selected ? 'selected' : '') ?>>
+            <?php echo esc_html($text);?>
         </option>
     <?php
@@ -32 +31 @@
         <form id="search-form" class="clearfix">
            <div class="search-box">
-               <input name="text" type="text" placeholder="Search..." value="<?php echo $text ?>"/>
+               <input name="text" type="text" placeholder="Search..." value="<?php echo esc_attr($text) ?>"/>
                <button class="button" type="submit">Search Styles</button>
             </div>

snazzy-maps/trunk/admin/index.php

@@ -6 +6 @@
 include_once(plugin_dir_path(__FILE__) . _DS . 'settings.php');
 include_once(plugin_dir_path(__FILE__) . _DS . 'help.php');
+include_once(plugin_dir_path(__FILE__) . _DS . 'helpers.php');
 
 
@@ -96 +97 @@
         <?php if(!get_option('HideWelcomeMessage', false)) { ?>
             <div id="welcome-panel" class="box-shadow-cell welcome-panel">
-                <a href="?page=snazzy_maps&tab=<?php echo $active_tab; ?>&welcome=hide" class="welcome-panel-close">Dismiss</a>
+                <a href="<?php echo esc_rel_url('?page=snazzy_maps&tab=' . $active_tab . '&welcome=hide'); ?>" class="welcome-panel-close">Dismiss</a>
                 <div class="row">
                     <div class="col-md-10 col-lg-6">
@@ -115 +116 @@
                         foreach((array)$tabs as $index => $tab){
                         ?>
-                            <a href="?page=snazzy_maps&tab=<?php echo $index;?>"
-                               class="nav-tab <?php echo $active_tab == $index ? 'nav-tab-active' : '';?>">
-                                <?php echo $tab;?>
+                            <a href="<?php echo esc_rel_url('?page=snazzy_maps&tab=' . $index);?>"
+                               class="nav-tab <?php echo esc_attr($active_tab == $index ? 'nav-tab-active' : '');?>">
+                                <?php echo esc_html($tab);?>
                             </a>
                         <?php

snazzy-maps/trunk/admin/settings.php

@@ -29 +29 @@
                <label for="api_key"><strong>API Key</strong></label>
                <input type="text" id="api_key" name="api_key" 
-                      placeholder="Enter your API Key" value="<?php echo $api_key; ?>"/>
+                      placeholder="Enter your API Key" value="<?php echo esc_attr($api_key); ?>"/>
                <button type="submit" class="button button-primary">SAVE</button>
                <?php if(!is_null($api_key)){ ?>

snazzy-maps/trunk/admin/styles.php

@@ -1 +1 @@
 <?php
 defined( 'ABSPATH' ) OR exit;
+include_once(plugin_dir_path(__FILE__) . _DS . 'helpers.php');
 
     //Removed closures for PHP 5.0.x support
@@ -17 +18 @@
 
     function _styleAction(&$style, $action){
-        return "?page=snazzy_maps&tab=0&action=$action&style=" . $style['id'];
+        return esc_rel_url("?page=snazzy_maps&tab=0&action=$action&style=" . $style['id']);
     };
 
@@ -95 +96 @@
                     $isEnabled = !is_null($defaultStyle) && $defaultStyle['id'] == $style['id'];
                 ?>        
-                    <div class="style col-sm-6 col-md-4 <?php echo $isEnabled ? 'enabled' : '';?>">
+                    <div class="style col-sm-6 col-md-4 <?php echo esc_attr($isEnabled ? 'enabled' : '');?>">
                         <div class="sm-style">
                             <div class="sm-map">
-                                <img src="<?php echo $style['imageUrl']; ?>"
-                                     alt="<?php echo $style['name']; ?>"/>
+                                <img src="<?php echo esc_url($style['imageUrl']); ?>"
+                                     alt="<?php echo esc_attr($style['name']); ?>"/>
                                 <?php
                                 if($isEnabled) {
@@ -111 +112 @@
                             <div class="sm-content info">
                                 <h3>
-                                    <a href="<?php echo $style['url']; ?>" class="title" target="_blank">
-                                        <?php echo $style['name']; ?>
+                                    <a href="<?php echo esc_url($style['url']); ?>" class="title" target="_blank">
+                                        <?php echo esc_html($style['name']); ?>
                                     </a>
                                 </h3>
                                 <div class="author">                            
-                                    by <?php echo $style['createdBy']['name'];?></span>
+                                    by <?php echo esc_html($style['createdBy']['name']);?></span>
                                 </div>
                                 <div class="stats">
                                     <div class="views">
                                         <span class="icon-eye"></span>
-                                        <?php echo $style['views']; ?> views
+                                        <?php echo esc_html($style['views']); ?> views
                                     </div>
                                     <div class="favorites">
                                         <span class="icon-star"></span>
-                                        <?php echo $style['favorites']; ?> favorites
+                                        <?php echo esc_html($style['favorites']); ?> favorites
                                     </div>
                                 </div>

snazzy-maps/trunk/readme.txt

@@ -4 +4 @@
 Tags: google,maps,google maps,styled maps,styles,color,schemes,themes
 Requires at least: 2.8
-Tested up to: 4.7.3
-Stable tag: 1.1.3
+Tested up to: 4.9.7
+Stable tag: 1.1.4
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -99 +99 @@
 == Changelog ==
 
+= 1.1.4 =
+Release Date: July 31st, 2018
+
+* Update: Security fixes.
+* Update: Verified that the plugin works with newer versions of WordPress up to 4.9.7.
+
 = 1.1.3 =
 Release Date: March 10th, 2017

snazzy-maps/trunk/snazzymaps.php

@@ -4 +4 @@
  * Plugin URI: https://snazzymaps.com/plugins
  * Description: Apply styles to your Google Maps with the official Snazzy Maps WordPress plugin.
- * Version: 1.1.3
+ * Version: 1.1.4
  * Author: Atmist
  * Author URI: http://atmist.com/
@@ -31 +31 @@
 define('API_BASE', 'https://snazzymaps.com/');
 define('API_KEY', 'ecaccc3c-44fa-486c-9503-5d473587a493');
-define('SNAZZY_VERSION_NUMBER', '1.1.3');
+define('SNAZZY_VERSION_NUMBER', '1.1.4');
 
 if(!defined('_DS')) {