WordPress.org
Get WordPress

Plugin Directory

Changeset 3074011


Ignore:
Timestamp:
04/19/2024 06:29:05 PM (2 years ago)
Author:
baden03
Message:

the tag, targtag and elwrap will be filtered to only allow certain tags

Location:
jquery-collapse-o-matic/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • jquery-collapse-o-matic/trunk/README.md

    r2961946 r3074011  
    44* Tags: collapse, expand, collapsible, expandable, expandable content, collapsable content, shortcode, hidden, hide, display, accordion, accordion, jQuery, javascript, roll-your-own, twinpictures, read me, read more, more, plugin oven
    55* Requires at least: 4.9
    6 * Tested up to: 6.3.1
    7 * Stable tag: 1.8.5.5
     6* Tested up to: 6.5.3
     7* Stable tag: 1.8.5.6
    88* Requires PHP: 7.2
    99* License: GPLv2 or later

  • jquery-collapse-o-matic/trunk/collapse-o-matic.php

    r2961946 r3074011  
    55Plugin URI: https://pluginoven.com/plugins/collapse-o-matic/
    66Description: Collapse-O-Matic adds an [expand] shortcode that wraps content into a lovely, jQuery collapsible div.
    7 Version: 1.8.5.5
     7Version: 1.8.5.6
    88Author: twinpictures, baden03
    99Author URI: https://twinpictures.de/
     
    3030     * @var string
    3131     */
    32     var $version = '1.8.5.5';
     32    var $version = '1.8.5.6';
    3333
    3434    /**
     
    291291        $swapout_arr = array('<', '>', '[', ']');
    292292
     293        $allowed_tags = [
     294            "div", "span", "p", "li", "ul", "ol", "strong", "b",
     295            "em", "i", "u", "h1", "h2", "h3", "h4", "h5", "h6",
     296            "blockquote", "a", "img", "tr", "td", "th", "caption", "small", "cite", "q"
     297        ];
     298
     299       
     300        if(!empty($tag)){
     301            $tag = $this->filter_allowed_tags( $tag, $allowed_tags );
     302        }
     303
    293304        $title = do_shortcode(str_replace($placeholder_arr, $swapout_arr, $title));
    294305        if($swaptitle){
     
    302313        }
    303314        //need to check for a few versions, because of new option setting. can be removed after a few revisiosn.
    304         if(empty($targtag)){
     315        if(!empty($targtag)){
     316            $targtag = $this->filter_allowed_tags( $targtag, $allowed_tags );
     317        }
     318        else{
    305319            $targtag = 'div';
    306320        }
     321
    307322       
    308323        if(!empty($elwraptag)){
     
    311326                $ewclass = 'class="'.esc_attr($elwrapclass).'"';
    312327            }
    313             $ewo = '<'. esc_attr( $elwraptag ) .' '.$ewclass.'>';
    314             $ewc = '</'. esc_attr( $elwraptag ) .'>';
     328            $elwraptag = $this->filter_allowed_tags( $elwraptag, $allowed_tags );
     329
     330            $ewo = '<'. $elwraptag .' '.$ewclass.'>';
     331            $ewc = '</'. $elwraptag .'>';
    315332        }
    316333
     
    336353            }
    337354            if($excerptpos == 'above-trigger'){
    338                 $nibble = '<'. esc_attr( $excerpttag ) .' id="excerpt-'.esc_attr($id).'" class="'.esc_attr($excerptclass).'">' . $excerpt . '</'. esc_attr( $excerpttag ) .'>';
     355                $nibble = '<'. esc_attr( $excerpttag ) .' id="excerpt-'.esc_attr($id).'" class="'.esc_attr($excerptclass).'">'. esc_attr( $excerpt ).'</'. esc_attr( $excerpttag ) .'>';
    339356            }
    340357            else{
     
    346363                $swapexcerpt = do_shortcode($swapexcerpt);
    347364                $swapexcerpt = apply_filters( 'colomat_swapexcerpt', $swapexcerpt );
    348                 $nibble .= '<'. esc_attr( $excerpttag ) .' id="swapexcerpt-'.esc_attr($id).'" style="display:none;">' . $swapexcerpt . '</'. esc_attr( $excerpttag ) .'>';
     365                $nibble .= '<'. esc_attr( $excerpttag ) .' id="swapexcerpt-'.esc_attr($id).'" style="display:none;">'. esc_attr( $swapexcerpt ).'</'. esc_attr( $excerpttag ) .'>';
    349366            }
    350367        }
     
    920937    }
    921938
     939    /**
     940     * Filter $input to allow only tags from $allowed_tags array
     941     */
     942    function filter_allowed_tags( $input, $allowed_tags ) {
     943        $pattern = '/\A(' . implode( '|', $allowed_tags ) . ')\Z/';
     944        if ( preg_match( $pattern, $input, $matches ) ) {
     945            $output = $matches[0];
     946        } else {
     947            $output = '';
     948        }
     949
     950        return $output;
     951    }
     952
    922953} // end class WP_Collapse_O_Matic
    923954

  • jquery-collapse-o-matic/trunk/readme.txt

    r2961946 r3074011  
    55Tags: collapse, expand, collapsible, expandable, expandable content, collapsable content, shortcode, hidden, hide, display, accordion, accordion, jQuery, javascript, roll-your-own, twinpictures, read me, read more, more, plugin oven
    66Requires at least: 4.9
    7 Tested up to: 6.3.1
    8 Stable tag: 1.8.5.5
     7Tested up to: 6.5.2
     8Stable tag: 1.8.5.6
    99Requires PHP: 7.2
    1010License: GPLv2 or later
     
    5151
    5252== Changelog ==
     53
     54= 1.8.5.6 =
     55* the tag, targtag and elwrap will be filtered to only allow certain tags
    5356
    5457= 1.8.5.5 =
     
    433436
    434437== Upgrade Notice ==
    435 * removed escaping on excerpt/swapexcerpt
     438* the tag, targtag and elwrap will be filtered to only allow certain tags
Note: See TracChangeset for help on using the changeset viewer.