WordPress.org
Get WordPress

Plugin Directory

Changeset 3147180


Ignore:
Timestamp:
09/05/2024 03:40:43 PM (15 months ago)
Author:
10web
Message:

Fixed: Security issue

Location:
slider-wd/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • slider-wd/trunk/admin/controllers/Sliders.php

    r2714154 r3147180  
    684684        $published = (int) WDW_S_Library::esc_sanitize_data($params_array, 'published' . $slide_id, '', 0);
    685685        $target_attr_slide = (int) WDW_S_Library::esc_sanitize_data($params_array, 'target_attr_slide' . $slide_id, '', 0);
    686         $link = ((isset($params_array['link' . $slide_id])) ? WDW_S_Library::esc_sanitize_data($params_array, 'link' . $slide_id, 'sanitize_text_field') : ( ($type == 'video') ? 0 : '') );
     686        $link = ((isset($params_array['link' . $slide_id])) ? WDW_S_Library::esc_sanitize_data($params_array, 'link' . $slide_id, 'sanitize_url') : ( ($type == 'video') ? 0 : '') );
     687        $link = str_replace([')', '(', '\''], ['', '', ''], $link);
    687688        $image_url = WDW_S_Library::esc_sanitize_data($params_array, 'image_url' . $slide_id, 'sanitize_text_field');
    688689        $image_url = str_replace(site_url(), '{site_url}', $image_url);

  • slider-wd/trunk/admin/views/Sliders.php

    r3114483 r3147180  
    20202020                                        </div>
    20212021                                        <div class="wd-group" id="trlink<?php echo $slide_row->id; ?>" <?php echo $slide_row->type == 'image' ? '' : 'style="display: none;"'; ?>>
    2022                                           <label class="wd-label" for="link<?php echo $slide_row->id; ?>"><?php _e('Link the slide to:', WDS()->prefix); ?></label><input class="wds_external_link" id="link<?php echo $slide_row->id; ?>" type="text" value="<?php echo esc_attr($slide_row->link); ?>" name="link<?php echo $slide_row->id; ?>" /><input id="target_attr_slide<?php echo $slide_row->id; ?>" type="checkbox" name="target_attr_slide<?php echo $slide_row->id; ?>" <?php echo (($slide_row->target_attr_slide) ? 'checked="checked"' : ''); ?> value="1" /><label for="target_attr_slide<?php echo $slide_row->id; ?>"><?php _e('Open in a new window', WDS()->prefix); ?></label>
     2022                                          <label class="wd-label" for="link<?php echo intval($slide_row->id); ?>">
     2023                                              <?php _e('Link the slide to:', WDS()->prefix); ?>
     2024                                          </label>
     2025                                          <input class="wds_external_link" id="link<?php echo intval($slide_row->id); ?>" type="text" value="<?php echo esc_url($slide_row->link); ?>" name="link<?php echo intval($slide_row->id); ?>" /><input id="target_attr_slide<?php echo $slide_row->id; ?>" type="checkbox" name="target_attr_slide<?php echo $slide_row->id; ?>" <?php echo (($slide_row->target_attr_slide) ? 'checked="checked"' : ''); ?> value="1" /><label for="target_attr_slide<?php echo $slide_row->id; ?>"><?php _e('Open in a new window', WDS()->prefix); ?></label>
    20232026                                          <p class="description"><?php _e('You can add a URL, to which the users will be redirected upon clicking on the slide. Use http:// and https:// for external links.', WDS()->prefix); ?></p>
    20242027                                       </div>

  • slider-wd/trunk/frontend/views/WDSViewSlider.php

    r2862277 r3147180  
    256256                        <span data-img-id="wds_slideshow_image<?php echo $image_div_num; ?>_<?php echo $wds; ?>"
    257257                             class="wds_slideshow_image_<?php echo $wds; ?>"
    258                              onclick="<?php echo $slide_row->link ? 'wds_slide_redirect_link(event, \'' . $slide_row->link . '\', \'' . ($slide_row->target_attr_slide ? '_blank' : '_self') . '\')' : ''; ?>"
     258                             onclick="<?php echo $slide_row->link ? 'wds_slide_redirect_link(event, \'' . esc_js(esc_url($slide_row->link)) . '\', \'' . (intval($slide_row->target_attr_slide)? '_blank' : '_self') . '\')' : ''; ?>"
    259259                              <?php if($slider_row->effect === 'zoomFade') { ?>
    260260                              style="<?php echo $slide_row->link ? 'cursor: pointer;' : ''; ?>"
     
    273273                             data-image-id="<?php echo $slide_row->id; ?>"
    274274                             data-image-key="<?php echo $key; ?>">
    275                           <span style="display:<?php echo ($slide_row->link)?'block':'none'; ?> " class="wds_play_btn_cont" onclick="wds_video_play_pause(<?php echo $wds; ?>, wds_slide_<?php echo $wds; ?>_<?php echo $slide_row->id; ?>)" >
     275                          <span style="display:<?php echo ($slide_row->link)?'block':'none'; ?> " class="wds_play_btn_cont" onclick="wds_video_play_pause(<?php echo intval($wds); ?>, wds_slide_<?php echo intval($wds); ?>_<?php echo intval($slide_row->id); ?>)" >
    276276                              <span class="wds_bigplay_<?php echo $wds; ?> <?php echo ($slide_row->target_attr_slide)? 'wds_hide':'' ?>"></span>
    277277                          </span>
     
    349349                                             box-shadow: <?php echo $layer->shadow; ?>;
    350350                                             text-align: <?php echo $layer->text_alignment; ?>"
    351                                       onclick="<?php echo $layer->link ? 'window.open(\'' . $layer->link . '\', \'' . ($layer->target_attr_layer ? '_blank' : '_self') . '\');' : $layer_callback_list; ?>event.stopPropagation();"><?php echo str_replace(array("\r\n", "\r", "\n"), "<br>", $from_shortcode ? do_shortcode($layer->text) : $layer->text); ?></span>
     351                                      onclick="<?php echo $layer->link ? 'window.open(\'' . esc_js(esc_url($layer->link)) . '\', \'' . (intval($layer->target_attr_layer) ? '_blank' : '_self') . '\');' : esc_html($layer_callback_list); ?>event.stopPropagation();"><?php echo str_replace(array("\r\n", "\r", "\n"), "<br>", $from_shortcode ? do_shortcode($layer->text) : $layer->text); ?></span>
    352352                                  <?php
    353353                                  break;
     
    369369                                            border-radius: <?php echo $layer->border_radius; ?>;
    370370                                            box-shadow: <?php echo $layer->shadow; ?>"
    371                                      onclick="<?php echo $layer->link ? 'window.open(\'' . $layer->link . '\', \'' . ($layer->target_attr_layer ? '_blank' : '_self') . '\');' : $layer_callback_list; ?>event.stopPropagation();"
     371                                     onclick="<?php echo $layer->link ? 'window.open(\'' . esc_js(esc_url($layer->link)) . '\', \'' . (intval($layer->target_attr_layer) ? '_blank' : '_self') . '\');' : esc_html($layer_callback_list); ?>event.stopPropagation();"
    372372                                     data-wds-scale="<?php echo $layer->image_scale; ?>"
    373373                                     data-wds-image-width="<?php echo $layer->image_width; ?>"
     
    432432                                             border-radius: <?php echo $layer->border_radius; ?>;
    433433                                             box-shadow: <?php echo $layer->shadow; ?>">
    434                                    <span style="display:<?php echo ($layer->target_attr_layer) ? 'block' : 'none'; ?> " class="wds_play_btn_cont" onclick="wds_video_play_pause_layer(event,<?php echo  $wds ; ?>,<?php echo $slide_row->id ; ?>,<?php echo  $layer->id; ?>)">
    435                                    <span style="display:<?php echo ($layer->image_scale == 'on') ? 'none' : 'block'; ?> " class="wds_bigplay_layer" id="wds_bigplay_layer_<?php echo $wds . '_' . $slide_row->id . '_layer_' . $layer->id; ?>" onclick="wds_video_play_pause_layer(event,<?php echo  $wds ; ?>,<?php echo $slide_row->id ; ?>,<?php echo  $layer->id; ?>)"></span>
     434                                   <span style="display:<?php echo ($layer->target_attr_layer) ? 'block' : 'none'; ?> " class="wds_play_btn_cont" onclick="wds_video_play_pause_layer(event,<?php echo  intval($wds) ; ?>,<?php echo intval($slide_row->id) ; ?>,<?php echo  intval($layer->id); ?>)">
     435                                   <span style="display:<?php echo ($layer->image_scale == 'on') ? 'none' : 'block'; ?> " class="wds_bigplay_layer" id="wds_bigplay_layer_<?php echo $wds . '_' . $slide_row->id . '_layer_' . $layer->id; ?>" onclick="wds_video_play_pause_layer(event,<?php echo  intval($wds) ; ?>,<?php echo intval($slide_row->id) ; ?>,<?php echo  intval($layer->id); ?>)"></span>
    436436                                   </span>
    437437                                  <video poster="<?php echo WDS()->plugin_url . '/images/blank.gif' ?>"
     
    529529                                                 display: block;
    530530                                                 opacity: 1 !important;"
    531                                           onclick="<?php echo $layer->link ? 'window.open(\'' . $layer->link . '\', \'' . ($layer->target_attr_layer ? '_blank' : '_self') . '\');' : $layer_callback_list; ?>event.stopPropagation();">   
     531                                          onclick="<?php echo $layer->link ? 'window.open(\'' . esc_js(esc_url($layer->link)) . '\', \'' . (intval($layer->target_attr_layer) ? '_blank' : '_self') . '\');' : esc_html($layer_callback_list); ?>event.stopPropagation();">
    532532                                    </span>
    533533                                    <span class="wds_layer_<?php echo $layer->id; ?>"
     
    606606                  <span class="wds_btn_cont wds_contTableCell" style="position: relative; text-align: left;">
    607607                    <span class="wds_left_btn_cont">
    608                       <span class="wds_left-ico_<?php echo $wds; ?>" onclick="wds_change_image('<?php echo $wds; ?>', parseInt(jQuery('#wds_current_image_key_<?php echo $wds; ?>').val()), 0 <= (parseInt(jQuery('#wds_current_image_key_<?php echo $wds; ?>').val()) - wds_iterator_wds(<?php echo $wds; ?>)) ? (parseInt(jQuery('#wds_current_image_key_<?php echo $wds; ?>').val()) - wds_iterator_wds(<?php echo $wds; ?>)) % wds_params[<?php echo $wds; ?>].wds_data.length : wds_params[<?php echo $wds; ?>].wds_data.length - 1, wds_data_<?php echo $wds; ?>, false, 'left'); return false;">
     608                      <span class="wds_left-ico_<?php echo $wds; ?>" onclick="wds_change_image('<?php echo intval($wds); ?>', parseInt(jQuery('#wds_current_image_key_<?php echo $wds; ?>').val()), 0 <= (parseInt(jQuery('#wds_current_image_key_<?php echo $wds; ?>').val()) - wds_iterator_wds(<?php echo $wds; ?>)) ? (parseInt(jQuery('#wds_current_image_key_<?php echo $wds; ?>').val()) - wds_iterator_wds(<?php echo $wds; ?>)) % wds_params[<?php echo $wds; ?>].wds_data.length : wds_params[<?php echo $wds; ?>].wds_data.length - 1, wds_data_<?php echo $wds; ?>, false, 'left'); return false;">
    609609                        <?php
    610610                        if ($slider_row->rl_butt_img_or_not == 'style') {
     
    677677        if ( ! WDW_S_Library::elementor_is_active() ) {
    678678            if ( function_exists('wp_add_inline_script') && ! $minify_plugin ) { // Since WordPress 4.5.0
    679         $included = wp_add_inline_script('wds_frontend', $script, 'before');
     679                $included = wp_add_inline_script('wds_frontend', $script, 'before');
    680680        if ( !$included ) {
    681681          wp_add_inline_script('jquery', $script, 'before');

  • slider-wd/trunk/readme.txt

    r3131688 r3147180  
    55Tested up to: 5.8
    66Requires PHP: 5.2
    7 Stable tag: 1.2.58
     7Stable tag: 1.2.59
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    1919
    2020== Changelog ==
     21
     22= 1.2.59 =
     23* Fixed: Vulnerability issue.
    2124
    2225= 1.2.58 =

  • slider-wd/trunk/slider-wd.php

    r3131688 r3147180  
    44 * Plugin URI: https://10web.io/plugins/wordpress-slider/?utm_source=slider&utm_medium=free_plugin
    55 * Description: This is a responsive plugin, which allows adding sliders to your posts/pages and to custom location. It uses large number of transition effects and supports various types of layers.
    6  * Version: 1.2.58
     6 * Version: 1.2.59
    77 * Author: 10Web
    88 * Author URI: https://10web.io/pricing/?utm_source=slider&utm_medium=free_plugin
     
    8080    $this->plugin_url = plugins_url(plugin_basename(dirname(__FILE__)));
    8181    $this->main_file = plugin_basename(__FILE__);
    82     $this->plugin_version = '1.2.58';
    83     $this->db_version = '1.2.58';
     82    $this->plugin_version = '1.2.59';
     83    $this->db_version = '1.2.59';
    8484    $this->prefix = 'wds';
    8585    $this->nicename = __('Slider', $this->prefix);
Note: See TracChangeset for help on using the changeset viewer.