WordPress.org
Get WordPress

Plugin Directory

Changeset 2984506


Ignore:
Timestamp:
10/26/2023 03:06:02 PM (2 years ago)
Author:
93digital
Message:

Security issue patched and tested with WP version 6.3.2

Location:
animated-typing-effect/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • animated-typing-effect/trunk/README.txt

    r2636927 r2984506  
    33Tags: animated typing effect, typewriter effect, typing effect plugin
    44Requires at least: 3.5
    5 Tested up to: 5.4
     5Tested up to: 6.3.2
    66Stable tag: trunk
    77License: GPL v3
     
    5252== Changelog ==
    5353
     54= 1.3.7 =
     55* Security patch. Tested with WordPress v6.3.2
     56
    5457= 1.3.6 =
    5558* Plugin abandoned and not longer supported! We are keeping it publicly available due to its popularity. We hope to start developing a v2 in the coming year or so.

  • animated-typing-effect/trunk/typingeffect.php

    r2636926 r2984506  
    22/**
    33 * Plugin Name: Typing Effect
    4  * Version: 1.3.6
     4 * Version: 1.3.7
    55 * Plugin URI: http://93digital.co.uk/
    66 * Description: Animated typing effect plugin, allowing you to generate a shortcode that 'types' out words on your page or post. Based on Typed.js by Matt Boldt.
     
    8484    $options = array();
    8585
     86    /**
     87     * List of allowed attributes.
     88     *
     89     * @version 1.3.7
     90     */
     91    $allowed_settings = [
     92      'typespeed',
     93      'startdelay',
     94      'backspeed',
     95      'backdelay',
     96      'loopcount',
     97      'loop',
     98      'shuffle',
     99    ];
     100
    86101    //WP Convert the parameters in lowercase format, but I need in camel case
    87102    $params = array(
    88103      'typespeed' => 'type-speed',
    89104      'backdelay' => 'back-delay',
     105      'backspeed' => 'back-speed',
    90106      'startdelay' => 'start-delay',
    91107      'loopcount' => 'loop-count',
    92108      'shuffle' => 'shuffle',
    93109    );
    94 
     110   
    95111    //Generate the javascript code
    96112    foreach( $atts as $key => $value ) {
     113      if ( strpos( $key, 'string' ) !== 0 && ! in_array( $key, $allowed_settings ) ) {
     114        // Attribute not recognised so skip adding it as a HTML attr.
     115        continue;
     116      }
    97117      $key = isset( $params[ $key ] ) ? $params[$key] : $key;
    98       $span .= " data-{$key}=\"" . $value . '"';
     118      $span .= " data-{$key}=\"" . esc_attr( $value ) . '"';
    99119    }
    100120
Note: See TracChangeset for help on using the changeset viewer.