Changeset 2742932

Timestamp:

06/15/2022 01:45:22 PM (4 years ago)

Author:

navigationnorth

Message:

Update to version 0.9.0 from GitHub

Location:

wp-oer

Files:

• tags/0.9.0 (copied) (copied from wp-oer/trunk)
• tags/0.9.0/blocks/subject-resources-block-v2/init.php (modified) (1 diff)
• tags/0.9.0/includes/init.php (modified) (1 diff)
• tags/0.9.0/includes/oer-functions.php (modified) (5 diffs)
• tags/0.9.0/includes/related-resources.php (modified) (1 diff)
• tags/0.9.0/includes/resources-importer.php (modified) (1 diff)
• tags/0.9.0/oer_template/resource-subject-area.php (modified) (3 diffs)
• tags/0.9.0/oer_template/search-layout.php (modified) (4 diffs)
• tags/0.9.0/oer_template/single-resource-audio.php (modified) (2 diffs)
• tags/0.9.0/oer_template/single-resource-pdf.php (modified) (5 diffs)
• tags/0.9.0/oer_template/single-resource-standard.php (modified) (5 diffs)
• tags/0.9.0/oer_template/single-resource-video.php (modified) (3 diffs)
• tags/0.9.0/oer_template/single-resource-website.php (modified) (2 diffs)
• tags/0.9.0/oer_template/single-resource-youtube.php (modified) (2 diffs)
• tags/0.9.0/open-educational-resources.php (modified) (14 diffs)
• tags/0.9.0/readme.txt (modified) (2 diffs)
• tags/0.9.0/widgets/class-subject-area-widget.php (modified) (1 diff)
• trunk/blocks/subject-resources-block-v2/init.php (modified) (1 diff)
• trunk/includes/init.php (modified) (1 diff)
• trunk/includes/oer-functions.php (modified) (5 diffs)
• trunk/includes/related-resources.php (modified) (1 diff)
• trunk/includes/resources-importer.php (modified) (1 diff)
• trunk/oer_template/resource-subject-area.php (modified) (3 diffs)
• trunk/oer_template/search-layout.php (modified) (4 diffs)
• trunk/oer_template/single-resource-audio.php (modified) (2 diffs)
• trunk/oer_template/single-resource-pdf.php (modified) (5 diffs)
• trunk/oer_template/single-resource-standard.php (modified) (5 diffs)
• trunk/oer_template/single-resource-video.php (modified) (3 diffs)
• trunk/oer_template/single-resource-website.php (modified) (2 diffs)
• trunk/oer_template/single-resource-youtube.php (modified) (2 diffs)
• trunk/open-educational-resources.php (modified) (14 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/widgets/class-subject-area-widget.php (modified) (1 diff)

wp-oer/tags/0.9.0/blocks/subject-resources-block-v2/init.php

@@ -592 +592 @@
     $params = array();
     $params['action'] = sanitize_text_field($_POST['action']);
-    $attributes = $_POST['attributes'];
-    foreach($attributes as $attribute){
-        $attribute['displayCount'] = sanitize_text_field($attribute['displayCount']);
-        $attribute['selectedSubject'] = sanitize_text_field($attribute['selectedSubject']);
-        $attribute['sort'] = sanitize_text_field($attribute['sort']);
-        $attribute['isChanged'] = sanitize_text_field($attribute['isChanged']);
-        $attribute['blockId'] = sanitize_text_field($attribute['blockId']);
-        $attribute['firstLoad'] = sanitize_text_field($attribute['firstLoad']);
-    }
-    $params['attributes'] = $attributes;
+    $params['attributes'] = $_POST['attributes'];
+    array_walk($params['attributes'], function(&$value, &$key){
+        $value['displayCount'] = sanitize_text_field($value['displayCount']);
+        $value['sort'] = sanitize_text_field($value['sort']);
+        $value['isChanged'] = sanitize_text_field($value['isChanged']);
+        $value['blockId'] = sanitize_text_field($value['blockId']);
+        $value['firstLoad'] = sanitize_text_field($value['firstLoad']);
+    });
     
     $resources = oer_get_subject_resources($params, true);

wp-oer/tags/0.9.0/includes/init.php

@@ -698 +698 @@
         if(isset($_POST['oer_related_resource']))
         {
-            update_post_meta( $post->ID , 'oer_related_resource' , addslashes($_POST['oer_related_resource']));
-        }
-
+            update_post_meta( $post->ID , 'oer_related_resource' , sanitize_text_field($_POST['oer_related_resource']));
+        }
     }
     }

wp-oer/tags/0.9.0/includes/oer-functions.php

@@ -37 +37 @@
                 $child = oer_check_child($id);
 
-                echo "<li class='oer_sbstndard ". $class ."'>
+                echo "<li class='oer_sbstndard ". esc_attr($class) ."'>
                         <div class='stndrd_ttl'>";
 
@@ -45 +45 @@
                     }
 
-                echo            "<input type='checkbox' ".$chck." name='oer_standard[]' value='".$value."' onclick='oer_check_all(this)' >
-                            ".$result['standard_title']."
+                echo            "<input type='checkbox' ".esc_attr($chck)." name='oer_standard[]' value='".esc_attr($value)."' onclick='oer_check_all(this)' >
+                            ".esc_html($result['standard_title'])."
                         </div><div class='oer_stndrd_desc'></div>";
 
@@ -92 +92 @@
                 }
 
-              echo "<li class='".$class."'>
+              echo "<li class='".esc_attr($class)."'>
                    <div class='stndrd_ttl'>";
                     if(!empty($child))
@@ -99 +99 @@
                     }
 
-              echo "<input type='checkbox' ".$chck." name='oer_standard[]' value='".$value."' onclick='oer_check_myChild(this)'>
-                   ". $result['standard_notation']."
+              echo "<input type='checkbox' ".esc_attr($chck)." name='oer_standard[]' value='".esc_attr($value)."' onclick='oer_check_myChild(this)'>
+                   ". esc_html($result['standard_notation'])."
                    </div>
-                   <div class='oer_stndrd_desc'> ". $result['description']." </div>";
+                   <div class='oer_stndrd_desc'> ". wp_kses_post($result['description'])." </div>";
 
                    oer_get_standard_notation($id, $oer_standard);
@@ -1998 +1998 @@
             </ul>
         </div>
-        <select class="sort-selectbox" data-subject-ids="<?php echo json_encode($subjects); ?>">
+        <select class="sort-selectbox" data-subject-ids="<?php echo esc_attr(json_encode($subjects)); ?>">
             <option value="0"<?php if ($sort==0): ?>  selected<?php endif; ?>>Newest</option>
             <option value="1"<?php if ($sort==1): ?>  selected<?php endif; ?>>Oldest</option>

wp-oer/tags/0.9.0/includes/related-resources.php

@@ -40 +40 @@
                    <?php endif; ?>
                    <?php /* if( $oer_authorname2 != ''):?>
-                     <div class="lp-resource-author_block"><a href=""><?php echo $oer_authorname2; ?></a></div>
+                     <div class="lp-resource-author_block"><a href=""><?php echo esc_html($oer_authorname2); ?></a></div>
                    <?php endif;*/ ?>
                  </div>

wp-oer/tags/0.9.0/includes/resources-importer.php

@@ -3 +3 @@
     <form method="post" enctype="multipart/form-data" action="<?php echo esc_url( admin_url('admin.php') ); ?>" onsubmit="return processImport('#resource_submit','resource_import')">
     <fieldset>
-        <legend><div class="oer_heading"><?php _e("Import Resources", OER_SLUG); ?></div></legend>
+        <legend><div class="oer_heading"><?php esc_html_e("Import Resources", OER_SLUG); ?></div></legend>
         <div class="oer-import-row">
             <div class="row-left">

wp-oer/tags/0.9.0/oer_template/resource-subject-area.php

@@ -20 +20 @@
 
 //Add this hack to display top nav and head section on Eleganto theme
+$_rsort = "";
 $cur_theme = wp_get_theme();
 $theme = $cur_theme->get('Name');
@@ -436 +437 @@
                         $content = substr($content, 0, 180).$ellipsis;
                         
-                        $img_path = $new_img_path = parse_url($img_url[0]);
-                        $image_path = $img_path['path'];
-
-                        $pos = strpos($image_path,$site_dir_path);
-                        if ($pos==0){
-                            $image_path = substr_replace($image_path, "", $pos, strlen($site_dir_path));
-                        }
-
-                        $img_path = sanitize_url($site_path . $image_path);
-                        
                         if(!empty($img_url))
                         {
+                            $img_path = $new_img_path = parse_url($img_url[0]);
+                            $image_path = $img_path['path'];
+
+                            $pos = strpos($image_path,$site_dir_path);
+                            if ($pos==0){
+                                $image_path = substr_replace($image_path, "", $pos, strlen($site_dir_path));
+                            }
+
+                            $img_path = sanitize_url($site_path . $image_path);
+
                             //Resize Image using WP_Image_Editor
                             $image_editor = wp_get_image_editor($img_path);
@@ -556 +557 @@
                     if (strpos($base_url,"page"))
                             $base_url = substr($base_url,0,strpos($base_url, "page")-1);
-                    echo '<div class="col-md-12 tagcloud resourcecloud"><a href="?page='.($paged+1).'" '.$_rsort.' data-subject-ids="'.json_encode(array($rsltdata['term_id'])).'" data-page-number="'.($paged+1).'" data-base-url="'.esc_url($base_url).'" class="button resource-load-more-button" data-max-page="'.esc_attr($max_pages).'" class="btn-load-more">Load More</a></div>';
+                    echo '<div class="col-md-12 tagcloud resourcecloud"><a href="?page='.esc_url($paged+1).'" '.esc_attr($_rsort).' data-subject-ids="'.esc_html(json_encode(array($rsltdata['term_id']))).'" data-page-number="'.esc_attr($paged+1).'" data-base-url="'.esc_url($base_url).'" class="button resource-load-more-button" data-max-page="'.esc_attr($max_pages).'" class="btn-load-more">Load More</a></div>';
                 }
                 ?>

wp-oer/tags/0.9.0/oer_template/search-layout.php

@@ -68 +68 @@
 ?>
 <div id="posts-container" class="fusion-blog-archive <?php echo esc_attr( $wrapper_class ); ?>fusion-clearfix">
-    <div class="<?php echo esc_attr( $container_class ); ?>" data-pages="<?php echo (int) $number_of_pages; ?>">
+    <div class="<?php echo esc_attr( $container_class ); ?>" data-pages="<?php echo esc_attr($number_of_pages); ?>">
         <?php if ( 'timeline' === $blog_layout ) : ?>
             <?php // Add the timeline icon. ?>
@@ -239 +239 @@
                     <?php
                     if ( 'masonry' === $blog_layout ) {
-                        echo $image; // WPCS: XSS ok.
+                        echo wp_kses_post($image); // WPCS: XSS ok.
                     } else {
                         // Get featured images for all but large-alternate layout.
@@ -363 +363 @@
                                 <?php if ( Avada()->settings->get( 'post_meta_read' ) ) : ?>
                                     <?php $link_target = ( 'yes' === fusion_get_page_option( 'link_icon_target', $post->ID ) || 'yes' === fusion_get_page_option( 'post_links_target', $post->ID ) ) ? ' target="_blank" rel="noopener noreferrer"' : ''; ?>
-                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo $link_target; // WPCS: XSS ok. ?>>
+                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo esc_attr($link_target); // WPCS: XSS ok. ?>>
                                         <?php echo esc_textarea( apply_filters( 'avada_blog_read_more_link', esc_attr__( 'Read More', 'Avada' ) ) ); ?>
                                     </a>
@@ -389 +389 @@
                                 <?php if ( Avada()->settings->get( 'post_meta_read' ) ) : ?>
                                     <?php $link_target = ( 'yes' === fusion_get_page_option( 'link_icon_target', $post->ID ) || 'yes' === fusion_get_page_option( 'post_links_target', $post->ID ) ) ? ' target="_blank" rel="noopener noreferrer"' : ''; ?>
-                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo $link_target; // WPCS: XSS ok. ?>>
+                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo esc_attr($link_target); // WPCS: XSS ok. ?>>
                                         <?php echo esc_textarea( apply_filters( 'avada_read_more_name', esc_attr__( 'Read More', 'Avada' ) ) ); ?>
                                     </a>

wp-oer/tags/0.9.0/oer_template/single-resource-audio.php

@@ -127 +127 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -158 +158 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/tags/0.9.0/oer_template/single-resource-pdf.php

@@ -9 +9 @@
             $external_option = get_option("oer_external_pdf_viewer");
             if ($external_option==1) {
-                $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                 echo oer_get_embed_code_frame($pdf_url);
             } elseif($external_option==0) {
@@ -21 +21 @@
                     break;
                 case 1:
-                    $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                    $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                     echo oer_get_embed_code_frame($pdf_url);
                     break;
@@ -47 +47 @@
                 case 5:
                     if(shortcode_exists('pdfviewer')){
-                        $embed_code = "[pdfviewer width='100%']".$url."[/pdfviewer]";
+                        $embed_code = "[pdfviewer width='100%']".esc_url_raw($url)."[/pdfviewer]";
                         echo do_shortcode($embed_code);
                     } else {
@@ -171 +171 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -202 +202 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/tags/0.9.0/oer_template/single-resource-standard.php

@@ -34 +34 @@
                 $external_option = get_option("oer_external_pdf_viewer");
                 if ($external_option==1) {
-                    $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                    $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                     echo oer_get_embed_code_frame($pdf_url);
                 } elseif($external_option==0) {
@@ -46 +46 @@
                         break;
                     case 1:
-                        $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                        $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                         echo oer_get_embed_code_frame($pdf_url);
                         break;
@@ -72 +72 @@
                     case 5:
                         if(shortcode_exists('pdfviewer')){
-                            $embed_code = "[pdfviewer width='100%']".$url."[/pdfviewer]";
+                            $embed_code = "[pdfviewer width='100%']".esc_url_raw($url)."[/pdfviewer]";
                             echo do_shortcode($embed_code);
                         } else {
@@ -207 +207 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -238 +238 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/tags/0.9.0/oer_template/single-resource-video.php

@@ -115 +115 @@
         <div class="tc-oer-subject-areas">
            <h4 class="tc-field-heading clearfix">
-                <?php _e("Subjects",OER_SLUG); ?>
+                <?php esc_html_e("Subjects",OER_SLUG); ?>
             </h4>
            <div class="tc-oer-subject-details clearfix">
@@ -131 +131 @@
                             echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }
@@ -162 +162 @@
                             echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }

wp-oer/tags/0.9.0/oer_template/single-resource-website.php

@@ -122 +122 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -153 +153 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/tags/0.9.0/oer_template/single-resource-youtube.php

@@ -143 +143 @@
                             echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }
@@ -174 +174 @@
                             echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }

wp-oer/tags/0.9.0/open-educational-resources.php

@@ -4 +4 @@
  Plugin URI:         https://www.wp-oer.com
  Description:        Open Educational Resource management and curation, metadata publishing, and alignment to Common Core State Standards.
- Version:            0.8.9
+ Version:            0.9.0
  Requires at least:  4.4
  Requires PHP:       7.0
@@ -39 +39 @@
 define( 'OER_PLUGIN_NAME', 'WP OER Plugin' );
 define( 'OER_ADMIN_PLUGIN_NAME', 'WP OER Plugin');
-define( 'OER_VERSION', '0.8.9' );
+define( 'OER_VERSION', '0.9.0' );
 define( 'OER_SITE_PATH', ABSPATH );
 
@@ -1242 +1242 @@
             if (isset($arguments['title']))
                 $title = $arguments['title'];
-            echo '<label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($title).'</strong></label><input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" type="'.esc_attr($arguments['type']).'" value="' . esc_attr($value) . '" ' . esc_attr($size) . ' ' .  $selected . ' />';
+            echo '<label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($title).'</strong></label><input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" type="'.esc_attr($arguments['type']).'" value="' . esc_attr($value) . '" ' . esc_attr($size) . ' ' .  esc_attr($selected) . ' />';
             break;
         case "checkbox":
@@ -1267 +1267 @@
             }
 
-            echo '<input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" '.esc_attr($class).' type="'.esc_attr($arguments['type']).'" ' . $display_value . ' ' . $size . ' ' .  $selected . ' ' . $disabled . '  /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
+            echo '<input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" '.esc_attr($class).' type="'.esc_attr($arguments['type']).'" ' . esc_attr($display_value) . ' ' . esc_attr($size) . ' ' .  esc_attr($selected) . ' ' . esc_attr($disabled) . '  /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
             break;
         case "select":
@@ -1304 +1304 @@
                         break;
                 }
-                echo '<option value="'.esc_attr($key).'"'.$selected.''.$disabled.'>'.esc_html($desc).'</option>';
+                echo '<option value="'.esc_attr($key).'"'.esc_attr($selected).''.esc_attr($disabled).'>'.esc_html($desc).'</option>';
             }
 
@@ -1345 +1345 @@
     $val = get_option($arguments['uid']);
 
-    echo '<input name="'.esc_attr($arguments['uid']).'" value="'.esc_attr($arguments['value']).'" id="'.esc_attr($arguments['uid']).'" '.$class.' type="'.esc_attr($arguments['type']).'" ' . checked($arguments['value'], $val, false) . ' /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
+    echo '<input name="'.esc_attr($arguments['uid']).'" value="'.esc_attr($arguments['value']).'" id="'.esc_attr($arguments['uid']).'" '.esc_attr($class).' type="'.esc_attr($arguments['type']).'" ' . checked($arguments['value'], $val, false) . ' /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
 }
 
@@ -1378 +1378 @@
 
     if (isset($_POST["post_var"])) {
-        $page_num = intval($_POST["post_var"]);
-        $terms = json_decode($_POST["subjects"]);
+        $page_num = intval(sanitize_text_field($_POST["post_var"]));
+        $terms = json_decode(sanitize_text_field($_POST["subjects"]));
 
         if (is_array($terms)){
@@ -1474 +1474 @@
     if (isset($_POST["sort"])) {
 
-        $oer_session['resource_sort'] = intval($_POST['sort']);
-
-        $terms = json_decode($_POST["subjects"]);
+        $oer_session['resource_sort'] = intval(sanitize_text_field($_POST['sort']));
+
+        $terms = json_decode(sanitize_text_field($_POST["subjects"]));
 
         if (is_array($terms)){
@@ -1506 +1506 @@
         $paged = 1;
         if ($_POST['post_var']){
-            $paged = intval($_POST['post_var']);
+            $paged = intval(sanitize_text_field($_POST['post_var']));
         }
 
@@ -1598 +1598 @@
 
     if (isset($_POST["post_var"])) {
-        $page_num = intval(["post_var"]);
+        $page_num = intval(sanitize_text_field(["post_var"]));
         $items_per_load = 4;
-        $term_id = intval($_POST['term_id']);
+        $term_id = intval(sanitize_text_field($_POST['term_id']));
 
         $args = array(
@@ -1634 +1634 @@
                     $style = ' style="'.esc_attr($_POST['style']).'"';
                 ?>
-                <li<?php echo $style; ?>>
+                <li<?php echo esc_attr($style); ?>>
                     <div class="frtdsnglwpr">
                         <?php
@@ -1643 +1643 @@
                         ?>
                         <a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><div class="img"><img src="<?php echo esc_url($new_image_url);?>" alt="<?php echo esc_html($title);?>"></div></a>
-                        <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo $title;?></a></div>
+                        <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo esc_html($title);?></a></div>
                         <div class="desc"><?php echo apply_filters('the_content',$content); ?></div>
                     </div>
@@ -1661 +1661 @@
 
     if (isset($_POST["post_var"])) {
-        $resource_id = intval(["post_var"]);
+        $resource_id = intval(sanitize_text_field(["post_var"]));
 
         $args = array(
@@ -1703 +1703 @@
                     $new_image_url = oer_resize_image( $image, 220, 180, true );
                     ?>
-                    <a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><div class="img"><img src="<?php echo esc_url($new_image_url); ?>" alt="<?php echo $title;?>"></div></a>
-                    <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo $title;?></a></div>
+                    <a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><div class="img"><img src="<?php echo esc_url($new_image_url); ?>" alt="<?php echo esc_html($title);?>"></div></a>
+                    <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo esc_html($title);?></a></div>
                     <div class="desc"><?php echo apply_filters('the_content',$content); ?></div>
                 </div><?php

wp-oer/tags/0.9.0/readme.txt

@@ -5 +5 @@
 Tested up to: 6.0
 Requires PHP: 7.0
-Stable tag: 0.8.9
+Stable tag: 0.9.0
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -42 +42 @@
 
 == Changelog ==
+= 0.9.0 =
+* Implement further sanitizing of input and escaping of displayed data 
+
 = 0.8.9 =
 * Upgrade Bootstrap library to 5.1.3

wp-oer/tags/0.9.0/widgets/class-subject-area-widget.php

@@ -111 +111 @@
                 if( !empty( $children ) )
                 {
-                    echo '<li class="oer-sub-category has-child'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'" title="'. esc_attr($category->name) .'" >'. $category->name .'</a></span>';
+                    echo '<li class="oer-sub-category has-child'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'" title="'. esc_attr($category->name) .'" >'. esc_html($category->name) .'</a></span>';
                 }
                 else
                 {
-                    echo '<li class="oer-sub-category'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'"  title="'. esc_attr($category->name) .'" >'. $category->name .'</a></span>';
+                    echo '<li class="oer-sub-category'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'"  title="'. esc_attr($category->name) .'" >'. esc_html($category->name) .'</a></span>';
                 }
                 

wp-oer/trunk/blocks/subject-resources-block-v2/init.php

@@ -592 +592 @@
     $params = array();
     $params['action'] = sanitize_text_field($_POST['action']);
-    $attributes = $_POST['attributes'];
-    foreach($attributes as $attribute){
-        $attribute['displayCount'] = sanitize_text_field($attribute['displayCount']);
-        $attribute['selectedSubject'] = sanitize_text_field($attribute['selectedSubject']);
-        $attribute['sort'] = sanitize_text_field($attribute['sort']);
-        $attribute['isChanged'] = sanitize_text_field($attribute['isChanged']);
-        $attribute['blockId'] = sanitize_text_field($attribute['blockId']);
-        $attribute['firstLoad'] = sanitize_text_field($attribute['firstLoad']);
-    }
-    $params['attributes'] = $attributes;
+    $params['attributes'] = $_POST['attributes'];
+    array_walk($params['attributes'], function(&$value, &$key){
+        $value['displayCount'] = sanitize_text_field($value['displayCount']);
+        $value['sort'] = sanitize_text_field($value['sort']);
+        $value['isChanged'] = sanitize_text_field($value['isChanged']);
+        $value['blockId'] = sanitize_text_field($value['blockId']);
+        $value['firstLoad'] = sanitize_text_field($value['firstLoad']);
+    });
     
     $resources = oer_get_subject_resources($params, true);

wp-oer/trunk/includes/init.php

@@ -698 +698 @@
         if(isset($_POST['oer_related_resource']))
         {
-            update_post_meta( $post->ID , 'oer_related_resource' , addslashes($_POST['oer_related_resource']));
-        }
-
+            update_post_meta( $post->ID , 'oer_related_resource' , sanitize_text_field($_POST['oer_related_resource']));
+        }
     }
     }

wp-oer/trunk/includes/oer-functions.php

@@ -37 +37 @@
                 $child = oer_check_child($id);
 
-                echo "<li class='oer_sbstndard ". $class ."'>
+                echo "<li class='oer_sbstndard ". esc_attr($class) ."'>
                         <div class='stndrd_ttl'>";
 
@@ -45 +45 @@
                     }
 
-                echo            "<input type='checkbox' ".$chck." name='oer_standard[]' value='".$value."' onclick='oer_check_all(this)' >
-                            ".$result['standard_title']."
+                echo            "<input type='checkbox' ".esc_attr($chck)." name='oer_standard[]' value='".esc_attr($value)."' onclick='oer_check_all(this)' >
+                            ".esc_html($result['standard_title'])."
                         </div><div class='oer_stndrd_desc'></div>";
 
@@ -92 +92 @@
                 }
 
-              echo "<li class='".$class."'>
+              echo "<li class='".esc_attr($class)."'>
                    <div class='stndrd_ttl'>";
                     if(!empty($child))
@@ -99 +99 @@
                     }
 
-              echo "<input type='checkbox' ".$chck." name='oer_standard[]' value='".$value."' onclick='oer_check_myChild(this)'>
-                   ". $result['standard_notation']."
+              echo "<input type='checkbox' ".esc_attr($chck)." name='oer_standard[]' value='".esc_attr($value)."' onclick='oer_check_myChild(this)'>
+                   ". esc_html($result['standard_notation'])."
                    </div>
-                   <div class='oer_stndrd_desc'> ". $result['description']." </div>";
+                   <div class='oer_stndrd_desc'> ". wp_kses_post($result['description'])." </div>";
 
                    oer_get_standard_notation($id, $oer_standard);
@@ -1998 +1998 @@
             </ul>
         </div>
-        <select class="sort-selectbox" data-subject-ids="<?php echo json_encode($subjects); ?>">
+        <select class="sort-selectbox" data-subject-ids="<?php echo esc_attr(json_encode($subjects)); ?>">
             <option value="0"<?php if ($sort==0): ?>  selected<?php endif; ?>>Newest</option>
             <option value="1"<?php if ($sort==1): ?>  selected<?php endif; ?>>Oldest</option>

wp-oer/trunk/includes/related-resources.php

@@ -40 +40 @@
                    <?php endif; ?>
                    <?php /* if( $oer_authorname2 != ''):?>
-                     <div class="lp-resource-author_block"><a href=""><?php echo $oer_authorname2; ?></a></div>
+                     <div class="lp-resource-author_block"><a href=""><?php echo esc_html($oer_authorname2); ?></a></div>
                    <?php endif;*/ ?>
                  </div>

wp-oer/trunk/includes/resources-importer.php

@@ -3 +3 @@
     <form method="post" enctype="multipart/form-data" action="<?php echo esc_url( admin_url('admin.php') ); ?>" onsubmit="return processImport('#resource_submit','resource_import')">
     <fieldset>
-        <legend><div class="oer_heading"><?php _e("Import Resources", OER_SLUG); ?></div></legend>
+        <legend><div class="oer_heading"><?php esc_html_e("Import Resources", OER_SLUG); ?></div></legend>
         <div class="oer-import-row">
             <div class="row-left">

wp-oer/trunk/oer_template/resource-subject-area.php

@@ -20 +20 @@
 
 //Add this hack to display top nav and head section on Eleganto theme
+$_rsort = "";
 $cur_theme = wp_get_theme();
 $theme = $cur_theme->get('Name');
@@ -436 +437 @@
                         $content = substr($content, 0, 180).$ellipsis;
                         
-                        $img_path = $new_img_path = parse_url($img_url[0]);
-                        $image_path = $img_path['path'];
-
-                        $pos = strpos($image_path,$site_dir_path);
-                        if ($pos==0){
-                            $image_path = substr_replace($image_path, "", $pos, strlen($site_dir_path));
-                        }
-
-                        $img_path = sanitize_url($site_path . $image_path);
-                        
                         if(!empty($img_url))
                         {
+                            $img_path = $new_img_path = parse_url($img_url[0]);
+                            $image_path = $img_path['path'];
+
+                            $pos = strpos($image_path,$site_dir_path);
+                            if ($pos==0){
+                                $image_path = substr_replace($image_path, "", $pos, strlen($site_dir_path));
+                            }
+
+                            $img_path = sanitize_url($site_path . $image_path);
+
                             //Resize Image using WP_Image_Editor
                             $image_editor = wp_get_image_editor($img_path);
@@ -556 +557 @@
                     if (strpos($base_url,"page"))
                             $base_url = substr($base_url,0,strpos($base_url, "page")-1);
-                    echo '<div class="col-md-12 tagcloud resourcecloud"><a href="?page='.($paged+1).'" '.$_rsort.' data-subject-ids="'.json_encode(array($rsltdata['term_id'])).'" data-page-number="'.($paged+1).'" data-base-url="'.esc_url($base_url).'" class="button resource-load-more-button" data-max-page="'.esc_attr($max_pages).'" class="btn-load-more">Load More</a></div>';
+                    echo '<div class="col-md-12 tagcloud resourcecloud"><a href="?page='.esc_url($paged+1).'" '.esc_attr($_rsort).' data-subject-ids="'.esc_html(json_encode(array($rsltdata['term_id']))).'" data-page-number="'.esc_attr($paged+1).'" data-base-url="'.esc_url($base_url).'" class="button resource-load-more-button" data-max-page="'.esc_attr($max_pages).'" class="btn-load-more">Load More</a></div>';
                 }
                 ?>

wp-oer/trunk/oer_template/search-layout.php

@@ -68 +68 @@
 ?>
 <div id="posts-container" class="fusion-blog-archive <?php echo esc_attr( $wrapper_class ); ?>fusion-clearfix">
-    <div class="<?php echo esc_attr( $container_class ); ?>" data-pages="<?php echo (int) $number_of_pages; ?>">
+    <div class="<?php echo esc_attr( $container_class ); ?>" data-pages="<?php echo esc_attr($number_of_pages); ?>">
         <?php if ( 'timeline' === $blog_layout ) : ?>
             <?php // Add the timeline icon. ?>
@@ -239 +239 @@
                     <?php
                     if ( 'masonry' === $blog_layout ) {
-                        echo $image; // WPCS: XSS ok.
+                        echo wp_kses_post($image); // WPCS: XSS ok.
                     } else {
                         // Get featured images for all but large-alternate layout.
@@ -363 +363 @@
                                 <?php if ( Avada()->settings->get( 'post_meta_read' ) ) : ?>
                                     <?php $link_target = ( 'yes' === fusion_get_page_option( 'link_icon_target', $post->ID ) || 'yes' === fusion_get_page_option( 'post_links_target', $post->ID ) ) ? ' target="_blank" rel="noopener noreferrer"' : ''; ?>
-                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo $link_target; // WPCS: XSS ok. ?>>
+                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo esc_attr($link_target); // WPCS: XSS ok. ?>>
                                         <?php echo esc_textarea( apply_filters( 'avada_blog_read_more_link', esc_attr__( 'Read More', 'Avada' ) ) ); ?>
                                     </a>
@@ -389 +389 @@
                                 <?php if ( Avada()->settings->get( 'post_meta_read' ) ) : ?>
                                     <?php $link_target = ( 'yes' === fusion_get_page_option( 'link_icon_target', $post->ID ) || 'yes' === fusion_get_page_option( 'post_links_target', $post->ID ) ) ? ' target="_blank" rel="noopener noreferrer"' : ''; ?>
-                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo $link_target; // WPCS: XSS ok. ?>>
+                                    <a href="<?php echo esc_url_raw( get_permalink() ); ?>" class="fusion-read-more"<?php echo esc_attr($link_target); // WPCS: XSS ok. ?>>
                                         <?php echo esc_textarea( apply_filters( 'avada_read_more_name', esc_attr__( 'Read More', 'Avada' ) ) ); ?>
                                     </a>

wp-oer/trunk/oer_template/single-resource-audio.php

@@ -127 +127 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -158 +158 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/trunk/oer_template/single-resource-pdf.php

@@ -9 +9 @@
             $external_option = get_option("oer_external_pdf_viewer");
             if ($external_option==1) {
-                $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                 echo oer_get_embed_code_frame($pdf_url);
             } elseif($external_option==0) {
@@ -21 +21 @@
                     break;
                 case 1:
-                    $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                    $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                     echo oer_get_embed_code_frame($pdf_url);
                     break;
@@ -47 +47 @@
                 case 5:
                     if(shortcode_exists('pdfviewer')){
-                        $embed_code = "[pdfviewer width='100%']".$url."[/pdfviewer]";
+                        $embed_code = "[pdfviewer width='100%']".esc_url_raw($url)."[/pdfviewer]";
                         echo do_shortcode($embed_code);
                     } else {
@@ -171 +171 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -202 +202 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/trunk/oer_template/single-resource-standard.php

@@ -34 +34 @@
                 $external_option = get_option("oer_external_pdf_viewer");
                 if ($external_option==1) {
-                    $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                    $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                     echo oer_get_embed_code_frame($pdf_url);
                 } elseif($external_option==0) {
@@ -46 +46 @@
                         break;
                     case 1:
-                        $pdf_url = "https://docs.google.com/gview?url=".$url."&embedded=true";
+                        $pdf_url = "https://docs.google.com/gview?url=".esc_url_raw($url)."&embedded=true";
                         echo oer_get_embed_code_frame($pdf_url);
                         break;
@@ -72 +72 @@
                     case 5:
                         if(shortcode_exists('pdfviewer')){
-                            $embed_code = "[pdfviewer width='100%']".$url."[/pdfviewer]";
+                            $embed_code = "[pdfviewer width='100%']".esc_url_raw($url)."[/pdfviewer]";
                             echo do_shortcode($embed_code);
                         } else {
@@ -207 +207 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -238 +238 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/trunk/oer_template/single-resource-video.php

@@ -115 +115 @@
         <div class="tc-oer-subject-areas">
            <h4 class="tc-field-heading clearfix">
-                <?php _e("Subjects",OER_SLUG); ?>
+                <?php esc_html_e("Subjects",OER_SLUG); ?>
             </h4>
            <div class="tc-oer-subject-details clearfix">
@@ -131 +131 @@
                             echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }
@@ -162 +162 @@
                             echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }

wp-oer/trunk/oer_template/single-resource-website.php

@@ -122 +122 @@
                         echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }
@@ -153 +153 @@
                         echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                     if (($i==2) && ($cnt>2))
-                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                        echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                     $i++;
                 }

wp-oer/trunk/oer_template/single-resource-youtube.php

@@ -143 +143 @@
                             echo '<li>'.wp_kses($subject,$allowed_tags).'</li>';
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }
@@ -174 +174 @@
                             echo "<li><a href='".esc_url($curriculum_url)."'>".esc_html($curriculum['post_title'])."</a></li>";
                         if (($i==2) && ($cnt>2))
-                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.$moreCnt.'" href=".lp-subject-hidden">SEE '.$moreCnt.' MORE +</a></li>';
+                            echo '<li><a class="see-more-subjects" data-toggle="collapse" data-count="'.esc_attr($moreCnt).'" href=".lp-subject-hidden">SEE '.esc_html($moreCnt).' MORE +</a></li>';
                         $i++;
                     }

wp-oer/trunk/open-educational-resources.php

@@ -4 +4 @@
  Plugin URI:         https://www.wp-oer.com
  Description:        Open Educational Resource management and curation, metadata publishing, and alignment to Common Core State Standards.
- Version:            0.8.9
+ Version:            0.9.0
  Requires at least:  4.4
  Requires PHP:       7.0
@@ -39 +39 @@
 define( 'OER_PLUGIN_NAME', 'WP OER Plugin' );
 define( 'OER_ADMIN_PLUGIN_NAME', 'WP OER Plugin');
-define( 'OER_VERSION', '0.8.9' );
+define( 'OER_VERSION', '0.9.0' );
 define( 'OER_SITE_PATH', ABSPATH );
 
@@ -1242 +1242 @@
             if (isset($arguments['title']))
                 $title = $arguments['title'];
-            echo '<label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($title).'</strong></label><input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" type="'.esc_attr($arguments['type']).'" value="' . esc_attr($value) . '" ' . esc_attr($size) . ' ' .  $selected . ' />';
+            echo '<label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($title).'</strong></label><input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" type="'.esc_attr($arguments['type']).'" value="' . esc_attr($value) . '" ' . esc_attr($size) . ' ' .  esc_attr($selected) . ' />';
             break;
         case "checkbox":
@@ -1267 +1267 @@
             }
 
-            echo '<input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" '.esc_attr($class).' type="'.esc_attr($arguments['type']).'" ' . $display_value . ' ' . $size . ' ' .  $selected . ' ' . $disabled . '  /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
+            echo '<input name="'.esc_attr($arguments['uid']).'" id="'.esc_attr($arguments['uid']).'" '.esc_attr($class).' type="'.esc_attr($arguments['type']).'" ' . esc_attr($display_value) . ' ' . esc_attr($size) . ' ' .  esc_attr($selected) . ' ' . esc_attr($disabled) . '  /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
             break;
         case "select":
@@ -1304 +1304 @@
                         break;
                 }
-                echo '<option value="'.esc_attr($key).'"'.$selected.''.$disabled.'>'.esc_html($desc).'</option>';
+                echo '<option value="'.esc_attr($key).'"'.esc_attr($selected).''.esc_attr($disabled).'>'.esc_html($desc).'</option>';
             }
 
@@ -1345 +1345 @@
     $val = get_option($arguments['uid']);
 
-    echo '<input name="'.esc_attr($arguments['uid']).'" value="'.esc_attr($arguments['value']).'" id="'.esc_attr($arguments['uid']).'" '.$class.' type="'.esc_attr($arguments['type']).'" ' . checked($arguments['value'], $val, false) . ' /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
+    echo '<input name="'.esc_attr($arguments['uid']).'" value="'.esc_attr($arguments['value']).'" id="'.esc_attr($arguments['uid']).'" '.esc_attr($class).' type="'.esc_attr($arguments['type']).'" ' . checked($arguments['value'], $val, false) . ' /><label for="'.esc_attr($arguments['uid']).'"><strong>'.esc_html($arguments['name']).'</strong></label>';
 }
 
@@ -1378 +1378 @@
 
     if (isset($_POST["post_var"])) {
-        $page_num = intval($_POST["post_var"]);
-        $terms = json_decode($_POST["subjects"]);
+        $page_num = intval(sanitize_text_field($_POST["post_var"]));
+        $terms = json_decode(sanitize_text_field($_POST["subjects"]));
 
         if (is_array($terms)){
@@ -1474 +1474 @@
     if (isset($_POST["sort"])) {
 
-        $oer_session['resource_sort'] = intval($_POST['sort']);
-
-        $terms = json_decode($_POST["subjects"]);
+        $oer_session['resource_sort'] = intval(sanitize_text_field($_POST['sort']));
+
+        $terms = json_decode(sanitize_text_field($_POST["subjects"]));
 
         if (is_array($terms)){
@@ -1506 +1506 @@
         $paged = 1;
         if ($_POST['post_var']){
-            $paged = intval($_POST['post_var']);
+            $paged = intval(sanitize_text_field($_POST['post_var']));
         }
 
@@ -1598 +1598 @@
 
     if (isset($_POST["post_var"])) {
-        $page_num = intval(["post_var"]);
+        $page_num = intval(sanitize_text_field(["post_var"]));
         $items_per_load = 4;
-        $term_id = intval($_POST['term_id']);
+        $term_id = intval(sanitize_text_field($_POST['term_id']));
 
         $args = array(
@@ -1634 +1634 @@
                     $style = ' style="'.esc_attr($_POST['style']).'"';
                 ?>
-                <li<?php echo $style; ?>>
+                <li<?php echo esc_attr($style); ?>>
                     <div class="frtdsnglwpr">
                         <?php
@@ -1643 +1643 @@
                         ?>
                         <a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><div class="img"><img src="<?php echo esc_url($new_image_url);?>" alt="<?php echo esc_html($title);?>"></div></a>
-                        <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo $title;?></a></div>
+                        <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo esc_html($title);?></a></div>
                         <div class="desc"><?php echo apply_filters('the_content',$content); ?></div>
                     </div>
@@ -1661 +1661 @@
 
     if (isset($_POST["post_var"])) {
-        $resource_id = intval(["post_var"]);
+        $resource_id = intval(sanitize_text_field(["post_var"]));
 
         $args = array(
@@ -1703 +1703 @@
                     $new_image_url = oer_resize_image( $image, 220, 180, true );
                     ?>
-                    <a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><div class="img"><img src="<?php echo esc_url($new_image_url); ?>" alt="<?php echo $title;?>"></div></a>
-                    <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo $title;?></a></div>
+                    <a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><div class="img"><img src="<?php echo esc_url($new_image_url); ?>" alt="<?php echo esc_html($title);?>"></div></a>
+                    <div class="ttl"><a href="<?php echo esc_url(get_permalink($post->ID)); ?>"><?php echo esc_html($title);?></a></div>
                     <div class="desc"><?php echo apply_filters('the_content',$content); ?></div>
                 </div><?php

wp-oer/trunk/readme.txt

@@ -5 +5 @@
 Tested up to: 6.0
 Requires PHP: 7.0
-Stable tag: 0.8.9
+Stable tag: 0.9.0
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -42 +42 @@
 
 == Changelog ==
+= 0.9.0 =
+* Implement further sanitizing of input and escaping of displayed data 
+
 = 0.8.9 =
 * Upgrade Bootstrap library to 5.1.3

wp-oer/trunk/widgets/class-subject-area-widget.php

@@ -111 +111 @@
                 if( !empty( $children ) )
                 {
-                    echo '<li class="oer-sub-category has-child'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'" title="'. esc_attr($category->name) .'" >'. $category->name .'</a></span>';
+                    echo '<li class="oer-sub-category has-child'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'" title="'. esc_attr($category->name) .'" >'. esc_html($category->name) .'</a></span>';
                 }
                 else
                 {
-                    echo '<li class="oer-sub-category'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'"  title="'. esc_attr($category->name) .'" >'. $category->name .'</a></span>';
+                    echo '<li class="oer-sub-category'.esc_attr($class).'"><span onclick="toggleparent(this);"><a href="'. esc_url(site_url() .'/'.$category->taxonomy.'/'. $category->slug) .'"  title="'. esc_attr($category->name) .'" >'. esc_html($category->name) .'</a></span>';
                 }