Changeset 2584669

Timestamp:

08/18/2021 08:31:45 AM (5 years ago)

Author:

msh134

Message:

Escaped outputs

Location:

wp-upload-restriction/trunk

Files:

• content.php (modified) (3 diffs)
• languages/wp_upload_restriction.pot (modified) (2 diffs)
• readme.txt (modified) (2 diffs)
• settings.php (modified) (8 diffs)
• wp-upload-restriction.php (modified) (4 diffs)

wp-upload-restriction/trunk/content.php

@@ -1 @@
-<h4><?php _e('Allowed File Types', 'wp_upload_restriction'); ?></h4>
-<p><?php _e('Files with selected types will be allowed for uploading.', 'wp_upload_restriction'); ?></p>
-<div class="check-uncheck-links"><a class="check" href="#"><?php _e('Check all', 'wp_upload_restriction'); ?></a> | <a class="uncheck" href="#"><?php _e('Uncheck all', 'wp_upload_restriction'); ?></a></div>
+<?php if(!defined('ABSPATH')){ exit(); } ?>
+<h4><?php esc_html_e('Allowed File Types', 'wp_upload_restriction'); ?></h4>
+<p><?php esc_html_e('Files with selected types will be allowed for uploading.', 'wp_upload_restriction'); ?></p>
+<div class="check-uncheck-links"><a class="check" href="#"><?php esc_html_e('Check all', 'wp_upload_restriction'); ?></a> | <a class="uncheck" href="#"><?php esc_html_e('Uncheck all', 'wp_upload_restriction'); ?></a></div>
 <div class="list">
 <?php
@@ -10 +11 @@
 ?>
     <div>
-        <label for="ext_<?php echo $i; ?>">
-            <input id="ext_<?php echo $i; ?>" type="checkbox" name="types[]" class="chk-mime-types" <?php echo $checked; ?> value="<?php echo esc_attr($ext); ?>::<?php echo esc_attr($type); ?>"> <?php echo $this->processExtention($ext); ?>
+        <label for="ext_<?php esc_attr_e($i); ?>">
+            <input id="ext_<?php esc_attr_e($i); ?>" type="checkbox" name="types[]" class="chk-mime-types" <?php esc_html_e($checked); ?> value="<?php esc_attr_e($ext); ?>::<?php esc_attr_e($type); ?>"> <?php echo $this->processExtention($ext); ?>
         </label>
     </div>
@@ -17 +18 @@
         $i++;
     }
-    
-     
-?>      
+?>
 </div>
 <p>&nbsp</p>
-<h4><?php _e('Allowed Upload Size', 'wp_upload_restriction'); ?>:</h4>
-<p><?php _e('Check the box below and enter value in the field to restrict upload size for the selected role.', 'wp_upload_restriction'); ?></p>
-<input type="checkbox" name="restrict_upload_size" value="1" <?php echo $restrict_upload_size ? 'checked="checked"' : ''; ?>> <lable for="restrict_upload_size"><?php _e('Restrict upload size to', 'wp_upload_restriction'); ?></lable> 
+<h4><?php esc_html_e('Allowed Upload Size', 'wp_upload_restriction'); ?>:</h4>
+<p><?php esc_html_e('Check the box below and enter value in the field to restrict upload size for the selected role.', 'wp_upload_restriction'); ?></p>
+<input type="checkbox" name="restrict_upload_size" value="1" <?php esc_attr_e($restrict_upload_size ? 'checked="checked"' : ''); ?>> <lable for="restrict_upload_size"><?php esc_html_e('Restrict upload size to', 'wp_upload_restriction'); ?></lable> 
 <label>
-    <input type="text" maxlength="5" size="6" name="upload_size" value="<?php echo esc_attr($upload_size); ?>">
+    <input type="text" maxlength="5" size="6" name="upload_size" value="<?php esc_attr_e($upload_size); ?>">
     <select name="upload_size_unit">
-        <option value="KB" <?php echo $upload_size_unit == 'KB' ? 'selected="selected"' : ''; ?>>KB</option>
-        <option value="MB" <?php echo empty($upload_size_unit) || $upload_size_unit == 'MB' ? 'selected="selected"' : ''; ?>>MB</option>
+        <option value="KB" <?php esc_attr_e($upload_size_unit == 'KB' ? 'selected="selected"' : ''); ?>>KB</option>
+        <option value="MB" <?php esc_attr_e(empty($upload_size_unit) || $upload_size_unit == 'MB' ? 'selected="selected"' : ''); ?>>MB</option>
     </select>
 </label>
-            
-
 
 <script type="text/javascript">

wp-upload-restriction/trunk/languages/wp_upload_restriction.pot

@@ -8 +8 @@
 "Language-Team: Sajjad Hossain <[email protected]>\n"
 "MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.8.7.1\n"
+"X-Generator: Poedit 2.4.2\n"
 
 msgid "Select the extensions for allowing file upload"
@@ -74 +74 @@
 msgid "Enter the file extension here. If there are multiple extensions then seperate them with \"|\". Example, \"jpg|jpeg\"."
 msgstr ""
+
+msgid "Type successfully added."
+msgstr ""
+
+msgid "Are you sure you want to delete this?"
+msgstr ""

wp-upload-restriction/trunk/readme.txt

@@ -3 +3 @@
 Tags: upload, media, developer tool
 Tested up to: 5.8
-Stable tag: 2.2.5
+Stable tag: 2.2.6
 License: GPLv2 or later
 
@@ -33 +33 @@
 
 == Changelog ==
-= 2.2.5 =
+= 2.2.6 =
 * Fixed security issues.
 

wp-upload-restriction/trunk/settings.php

@@ -1 +1 @@
 <?php
+    if(!defined('ABSPATH')){ exit(); }
     wp_enqueue_style('wp-upload-restrictions-styles');
 
@@ -8 +9 @@
 ?>
 <script type="text/javascript">var wpur_ajax_nonce = "<?php echo $ajax_nonce; ?>";</script>
-<div id="message" class="updated fade"><p><?php _e('Settings saved.', 'wp_upload_restriction') ?></p></div>
-<div id="error_message" class="error fade"><p><?php _e('Settings could not be saved.', 'wp_upload_restriction') ?></p></div>
+<div id="message" class="updated fade"><p><?php esc_html_e('Settings saved.', 'wp_upload_restriction') ?></p></div>
+<div id="error_message" class="error fade"><p><?php esc_html_e('Settings could not be saved.', 'wp_upload_restriction') ?></p></div>
 <div class="wrap">
     <div class="icon32" id="icon-options-general"><br></div>
     <h2>WP Upload Restriction</h2>
     <h2 class="nav-tab-wrapper">
-        <a href="?page=wp-upload-restriction%2Fsettings.php" class="nav-tab <?php echo empty($tab) ? 'nav-tab-active' : ''; ?>"><?php _e('Restrictions', 'wp_upload_restriction'); ?></a>
-        <a href="?page=wp-upload-restriction%2Fsettings.php&tab=custom" class="nav-tab <?php echo $tab ==  'custom' ? 'nav-tab-active' : ''; ?>"><?php _e('Custom File Types', 'wp_upload_restriction'); ?></a>
+        <a href="?page=wp-upload-restriction%2Fsettings.php" class="nav-tab <?php esc_attr_e(empty($tab) ? 'nav-tab-active' : ''); ?>"><?php esc_html_e('Restrictions', 'wp_upload_restriction'); ?></a>
+        <a href="?page=wp-upload-restriction%2Fsettings.php&tab=custom" class="nav-tab <?php esc_attr_e($tab == 'custom' ? 'nav-tab-active' : ''); ?>"><?php esc_html_e('Custom File Types', 'wp_upload_restriction'); ?></a>
     </h2>
 
@@ -21 +22 @@
     <div class="role-list">
 
-        <div class="sub-title"><?php _e('Roles', 'wp_upload_restriction'); ?></div>
+        <div class="sub-title"><?php esc_html_e('Roles', 'wp_upload_restriction'); ?></div>
         <div class="wp-roles">
         <?php foreach($roles as $key => $role):?>
-        <a href="<?php print $key; ?>"><?php print $role['name']; ?></a>
+        <a href="<?php esc_attr_e($key); ?>"><?php esc_attr_e($role['name']); ?></a>
         <?php endforeach; ?>
         </div>
@@ -31 +32 @@
     <div class="mime-list-section">
         <form action="" method="post" id="wp-upload-restriction-form">
-            <h2 id="role-name"><?php _e('Role', 'wp_upload_restriction'); ?>: <span></span></h2>
+            <h2 id="role-name"><?php esc_html_e('Role', 'wp_upload_restriction'); ?>: <span></span></h2>
             <div id="mime-list">
  
@@ -38 +39 @@
             <input type="hidden" name="action" value="save_selected_mimes_by_role">
             <?php wp_nonce_field( 'wp-upload-restrict', 'wpur_nonce' ) ?>
-            <p class="submit"><input type="button" value="<?php  _e('Save Changes', 'wp_upload_restriction'); ?>"> <span class="submit-loading ajax-loading-img"></span></p>
+            <p class="submit"><input type="button" value="<?php esc_attr_e('Save Changes', 'wp_upload_restriction'); ?>"> <span class="submit-loading ajax-loading-img"></span></p>
         </form>
     </div>
@@ -46 +47 @@
             <tbody>
                 <tr>
-                    <th><?php  _e('Extenstions', 'wp_upload_restriction'); ?></th>
+                    <th><?php esc_html_e('Extenstions', 'wp_upload_restriction'); ?></th>
                     <td>
-                        <input type="input" value="" name="extensions" id="extensions" size="50" maxlength="50" required data-msg="<?php  _e('Extensions field is required', 'wp_upload_restriction'); ?>">
-                        <br><span class="description"><?php  _e('Enter the file extension here. If there are multiple extensions then seperate them with "|". Example, "jpg|jpeg".', 'wp_upload_restriction'); ?></span>
+                        <input type="input" value="" name="extensions" id="extensions" size="50" maxlength="50" required data-msg="<?php esc_html_e('Extensions field is required', 'wp_upload_restriction'); ?>">
+                        <br><span class="description"><?php esc_html_e('Enter the file extension here. If there are multiple extensions then seperate them with "|". Example, "jpg|jpeg".', 'wp_upload_restriction'); ?></span>
                     </td>
                 </tr>
                 <tr>
-                    <th><?php  _e('MIME Type', 'wp_upload_restriction'); ?></th>
-                    <td><input type="input" value="" name="mime_type" id="mime_type" size="50" maxlength="50" required data-msg="<?php  _e('MIME Type field is required', 'wp_upload_restriction'); ?>"></td>
+                    <th><?php esc_html_e('MIME Type', 'wp_upload_restriction'); ?></th>
+                    <td><input type="input" value="" name="mime_type" id="mime_type" size="50" maxlength="50" required data-msg="<?php esc_html_e('MIME Type field is required', 'wp_upload_restriction'); ?>"></td>
                 </tr>
                 <tr>
                     <th>&nbsp;</th>
                     <td id="cont_save_type">
-                        <input type="button" id="save_type" value="<?php  _e('Add Type', 'wp_upload_restriction'); ?>">
-                        <div class="message">Type successfully added.</div>
+                        <input type="button" id="save_type" value="<?php esc_html_e('Add Type', 'wp_upload_restriction'); ?>">
+                        <div class="message"><?php esc_html_e('Type successfully added.', 'wp_upload_restriction'); ?></div>
                     </td>
                 </tr>
@@ -67 +68 @@
     </form>
     <hr>
-    <h3><?php  _e('Custom Extensions', 'wp_upload_restriction'); ?></h3>
+    <h3><?php esc_html_e('Custom Extensions', 'wp_upload_restriction'); ?></h3>
     <table class="wp-list-table widefat striped list-custom-types">
         <thead>
         <tr>
-            <th><?php  _e('Extensions', 'wp_upload_restriction'); ?></th>
-            <th><?php  _e('MIME Type', 'wp_upload_restriction'); ?></th>
+            <th><?php esc_html_e('Extensions', 'wp_upload_restriction'); ?></th>
+            <th><?php esc_html_e('MIME Type', 'wp_upload_restriction'); ?></th>
             <th>&nbsp;</th>
         </tr>
@@ -78 +79 @@
         <tbody><?php echo $wpUploadRestriction->prepareCustomTypeHTML(); ?></tbody>
     </table>
-    <?php endif;?>
+    <?php endif; ?>
 </div>

wp-upload-restriction/trunk/wp-upload-restriction.php

@@ -4 +4 @@
   Plugin URI: https://wordpress.org/plugins/wp-upload-restriction/
   Description: This plugin allows you to control upload of files based on file types and sizes.
-  Version: 2.2.5
+  Version: 2.2.6
   Author: Sajjad Hossain
   Author URI: http://www.sajjadhossain.com
  */
+if(!defined('ABSPATH')){ exit(); }
 
 if(!defined('WP_UPLOAD_RESTRICTION_DB_VER')) {
@@ -90 +91 @@
 
         if ($file == $this->plugin_name) {
-            $settings_link = '<a href="options-general.php?page=wp-upload-restriction/settings.php">' . __('Settings', 'wp_upload_restriction') . '</a>';
+            $settings_link = '<a href="options-general.php?page=wp-upload-restriction/settings.php">' . esc_html__('Settings', 'wp_upload_restriction') . '</a>';
             array_unshift($links, $settings_link);
         }
@@ -512 +513 @@
             $i = 1;
             foreach ($custom_types as $ext => $mime) {
-                $html .= '<tr id="row-' . $i . '">
+                $html .= '<tr id="row-' . esc_attr($i) . '">
                         <td>' . esc_attr($ext) . '</td>
                         <td>' . esc_attr($mime) . '</td>
-                        <td><a href="#" data-row="row-' . $i . '" data="' . esc_attr($ext) . '" class="del-mime">Delete</a></td>
+                        <td><a href="#" data-row="row-' . esc_attr($i) . '" data="' . esc_attr($ext) . '" class="del-mime">Delete</a></td>
                        </tr>';
                 $i++;
@@ -521 +522 @@
         }
         else {
-            $html = '<tr><td colspan="3">' . __('No custom types found.', 'wp_upload_restriction') . '</td></tr>';
+            $html = '<tr><td colspan="3">' . esc_html__('No custom types found.', 'wp_upload_restriction') . '</td></tr>';
         }