Changeset 2839760

Timestamp:

12/27/2022 10:40:32 AM (3 years ago)

Author:

baden03

Message:

security update. Now the plugin is escaping all shortcode attributes before output.

Location:

print-o-matic/trunk

Files:

• README.md (modified) (1 diff)
• print-o-matic.php (modified) (3 diffs)
• readme.txt (modified) (3 diffs)

print-o-matic/trunk/README.md

@@ -5 +5 @@
 * Tags: print, print element, print shortcode, send to print, print button, print me, jQuery, print page, javascript, twinpictures, plugin oven
 * Requires at least: 4.9
-* Tested up to: 6.0
-* Stable tag: 2.1.7
+* Tested up to: 6.1.1
+* Stable tag: 2.1.8
 * License: GPLv2 or later
 * License URI: https://www.gnu.org/licenses/gpl-2.0.html

print-o-matic/trunk/print-o-matic.php

@@ -5 +5 @@
 Plugin URI: https://pluginoven.com/plugins/print-o-matic/
 Description: Shortcode that adds a printer icon, allowing the user to print the post or a specified HTML element in the post.
-Version: 2.1.7
+Version: 2.1.8
 Author: twinpictures
 Author URI: https://twinpictures.de
@@ -18 +18 @@
 class WP_Print_O_Matic {
 
-    var $version = '2.1.7';
+    var $version = '2.1.8';
     var $domain = 'printomat';
     var $options_name = 'WP_Print_O_Matic_options';
@@ -221 +221 @@
         }
         if($printicon && $title){
-            $output = "<div class='printomatic ".$printstyle." ".$class."' id='".$id."' ".$alt_tag." data-print_target='".$target."'></div> <div class='printomatictext' id='".$id."' ".$alt_tag." data-print_target='".$target."'>".$title."</div><div style='clear: both;'></div>";
+            $output = "<div class='printomatic ".esc_attr($printstyle)." ".esc_attr($class)."' id='".esc_attr($id)."' ".esc_attr($alt_tag)." data-print_target='".esc_attr($target)."'></div> <div class='printomatictext' id='".esc_attr($id)."' ".esc_attr($alt_tag)." data-print_target='".esc_attr($target)."'>".$title."</div><div style='clear: both;'></div>";
         }
         else if($printicon){
-            $output = "<".$tag." class='printomatic ".$printstyle." ".$class."' id='".$id."' ".$alt_tag." data-print_target='".$target."'></".$tag.">";
+            $output = "<".$tag." class='printomatic ".esc_attr($printstyle)." ".esc_attr($class)."' id='".esc_attr($id)."' ".esc_attr($alt_tag)." data-print_target='".esc_attr($target)."'></".$tag.">";
         }
         else if($title){
-            $output = "<".$tag." class='printomatictext ".$class."' id='".$id."' ".$alt_tag." data-print_target='".$target."'>".$title."</".$tag.">";
+            $output = "<".$tag." class='printomatictext ".esc_attr($class)."' id='".esc_attr($id)."' ".esc_attr($alt_tag)." data-print_target='".esc_attr($target)."'>".$title."</".$tag.">";
         }
         return  $output;

print-o-matic/trunk/readme.txt

@@ -4 +4 @@
 Tags: print, print element, print shortcode, send to print, print button, print me, jQuery, print page, javascript, twinpictures, plugin oven
 Requires at least: 4.9
-Tested up to: 6.0
-Stable tag: 2.1.7
+Tested up to: 6.1.1
+Stable tag: 2.1.8
 Requires PHP: 7.2
 License: GPLv2 or later
@@ -50 +50 @@
 
 == Changelog ==
+
+= 2.1.8 =
+* security update. Now the plugin is escaping all shortcode attributes before output.
 
 = 2.1.7 =
@@ -250 +253 @@
 
 == Upgrade Notice ==
-* re-added method of passing default and print-trigger specific data to js script using wp_add_inline_script
-* added a bit of pause to allow for top and bot html to fully load
-* pause before print now is for adjustingg the amount of time to let the print preview render before reverting back to display layout
-
+* security update. Now the plugin is escaping all shortcode attributes before output.
+