Changeset 3194519
- Timestamp:
- 11/21/2024 09:21:38 PM (14 months ago)
- Location:
- page-parts/trunk
- Files:
-
- 7 edited
-
CHANGELOG.md (modified) (2 diffs)
-
admin/admin.php (modified) (10 diffs)
-
admin/documentation/getting-started.php (modified) (5 diffs)
-
admin/documentation/index.php (modified) (1 diff)
-
admin/page-parts-list-table.php (modified) (3 diffs)
-
page-parts.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
page-parts/trunk/CHANGELOG.md
r3032894 r3194519 4 4 5 5 ## [Unreleased] 6 7 ## [1.4.4] - 2024-11-21 8 9 ### Security 10 - Escape URLs and HTML output to prevent XSS. 6 11 7 12 ## [1.4.3] - 2024-02-07 … … 145 150 - First public release. 146 151 147 [Unreleased]: https://github.com/benhuson/page-parts/compare/1.4.3...HEAD 152 [Unreleased]: https://github.com/benhuson/page-parts/compare/1.4.4...HEAD 153 [1.4.4]: https://github.com/benhuson/page-parts/compare/1.4.3...1.4.4 148 154 [1.4.3]: https://github.com/benhuson/page-parts/compare/1.4.2...1.4.3 149 155 [1.4.2]: https://github.com/benhuson/page-parts/compare/1.4.1...1.4.2 -
page-parts/trunk/admin/admin.php
r3032894 r3194519 161 161 foreach ( $ancestors as $ancestor ) { 162 162 if ( $i > 0 ) { 163 echo _x( ' →', 'Admin hierarchy seperator', 'page-parts' );163 echo esc_html_x( ' → ', 'Admin hierarchy seperator', 'page-parts' ); 164 164 } 165 165 edit_post_link( get_the_title( $ancestor ), null, null, $ancestor ); … … 174 174 175 175 if ( $page_part_template->is_supported() ) { 176 echo $name;176 echo esc_html( $name ); 177 177 } else { 178 178 printf( '<del>%s</del>', esc_html( $name ) ); … … 266 266 'echo' => 0, 267 267 'name' => 'parent_id', 268 'show_option_none' => sprintf( '–– %s ––', __( 'No Parent', 'page-parts' ) ),268 'show_option_none' => sprintf( '–– %s ––', esc_html__( 'No Parent', 'page-parts' ) ), 269 269 'option_none_value' => 0, 270 270 'sort_order' => 'ASC', 271 271 'sort_column' => 'menu_order,post_title', 272 'post_type' => get_post_type( $post->post_parent),272 'post_type' => esc_attr( get_post_type( $post->post_parent ) ), 273 273 'post_status' => 'publish,draft,pending,private,future,trash' 274 274 ); … … 278 278 279 279 echo '<p>'; 280 _e( 'Parent ID:', 'page-parts' );281 printf( ' <input type="text" name="parent_id" value="%s" class="small-text" />', $post->post_parent);280 esc_html_e( 'Parent ID:', 'page-parts' ); 281 printf( ' <input type="text" name="parent_id" value="%s" class="small-text" />', esc_attr( $post->post_parent ) ); 282 282 echo '</p>'; 283 283 … … 286 286 echo '<p>'; 287 287 if ( $post->post_parent > 0 ) { 288 printf( '<a class="post-edit-link button button-small" href="%s">%s</a> ', esc_url( get_edit_post_link( $post->post_parent ) ), __( 'Edit parent', 'page-parts' ) );289 } 290 printf( '<a class="button button-small button-primary" href="post-new.php?post_type=page-part&parent_id=%s" class="button button-primary">%s</a>', $post->post_parent,__( 'Add new page part', 'page-parts' ) );288 printf( '<a class="post-edit-link button button-small" href="%s">%s</a> ', esc_url( get_edit_post_link( $post->post_parent ) ), esc_html__( 'Edit parent', 'page-parts' ) ); 289 } 290 printf( '<a class="button button-small button-primary" href="post-new.php?post_type=page-part&parent_id=%s" class="button button-primary">%s</a>', esc_attr( $post->post_parent ), esc_html__( 'Add new page part', 'page-parts' ) ); 291 291 echo '</p>'; 292 292 … … 340 340 $class = empty( $current_template ) ? 'page-part-image selected' : 'page-part-image'; 341 341 $image_src = apply_filters( 'page_part_theme_default_template_image', plugins_url( 'images/templates/default.png', dirname( __FILE__ ) ) ); 342 $image_grid = '<div class="page-part-image-container"><img src="' . $image_src . '" width="80" height="50" alt="Remove Template..." title="Remove Template..." class="' . $class . '">' . $image_grid. '</div>';343 echo $image_grid;342 $image_grid = '<div class="page-part-image-container"><img src="' . esc_url( $image_src ) . '" width="80" height="50" alt="Remove Template..." title="Remove Template..." class="' . esc_attr( $class ) . '">' . wp_kses( $image_grid, 'post' ) . '</div>'; 343 echo wp_kses( $image_grid, 'post' ); 344 344 } 345 345 … … 491 491 action : 'page_parts_dragndrop_order', 492 492 pageParts : $( '#page_parts table.wp-list-table tbody' ).sortable( 'toArray' ), 493 ajaxNonce : '<?php echo wp_create_nonce( "order_page_parts"); ?>'493 ajaxNonce : '<?php echo esc_js( wp_create_nonce( "order_page_parts" ) ); ?>' 494 494 }; 495 495 $.post( ajaxurl, data, function( response ) { … … 517 517 post_id : id, 518 518 location : val, 519 ajaxNonce : '<?php echo wp_create_nonce( "page_parts_location"); ?>'519 ajaxNonce : '<?php echo esc_js( wp_create_nonce( "page_parts_location" ) ); ?>' 520 520 }; 521 521 $.post( ajaxurl, data, function( response ) { … … 541 541 post_id : id, 542 542 template : val, 543 ajaxNonce : '<?php echo wp_create_nonce( "page_parts_template"); ?>'543 ajaxNonce : '<?php echo esc_js( wp_create_nonce( "page_parts_template" ) ); ?>' 544 544 }; 545 545 $.post( ajaxurl, data, function( response ) { … … 838 838 839 839 <p> 840 <a href="post-new.php?post_type=page-part&parent_id=<?php echo $post->ID ?>" class="button button-primary"><?php_e( 'Add new page part', 'page-parts' ); ?></a>841 <input type="submit" name="orderpageparts" id="orderpagepartssub" class="button" value="<?php _e( 'Save page parts', 'page-parts' ); ?>">840 <a href="post-new.php?post_type=page-part&parent_id=<?php echo esc_attr( $post->ID ); ?>" class="button button-primary"><?php esc_html_e( 'Add new page part', 'page-parts' ); ?></a> 841 <input type="submit" name="orderpageparts" id="orderpagepartssub" class="button" value="<?php esc_attr_e( 'Save page parts', 'page-parts' ); ?>"> 842 842 </p> 843 843 -
page-parts/trunk/admin/documentation/getting-started.php
r1495007 r3194519 34 34 <h3>1. Supported Post Types</h3> 35 35 <p>By default, page part support is automatically added for pages.</p> 36 <p>If you need to add support for other post types or remove support for pages, use the <a href="<?php echo add_query_arg( 'tab', 'examples'); ?>#page_parts_supported_post_types"><code>page_parts_supported_post_types</code></a> filter.</p>36 <p>If you need to add support for other post types or remove support for pages, use the <a href="<?php echo esc_url( add_query_arg( 'tab', 'examples' ) ); ?>#page_parts_supported_post_types"><code>page_parts_supported_post_types</code></a> filter.</p> 37 37 <p>Once you have added support for your required post types you will be able to add page parts when editing the post type.</p> 38 38 <p><?php include( dirname( __FILE__ ) . '/code-samples/filter-page_parts_supported_post_types.php' ); ?></p> … … 41 41 <div id="query_page_parts"> 42 42 <h3>2. Query Page Parts</h3> 43 <p>To display page parts in a template, use WP_Query to get and <a href="<?php echo add_query_arg( 'tab', 'templates'); ?>#getting_a_page_part_template">loop through the page parts</a>.</p>43 <p>To display page parts in a template, use WP_Query to get and <a href="<?php echo esc_url( add_query_arg( 'tab', 'templates' ) ); ?>#getting_a_page_part_template">loop through the page parts</a>.</p> 44 44 <p>Use <code>Page_Parts::get_page_part_template()</code> to load the page part template in the loop.</p> 45 45 <p><?php include( dirname( __FILE__ ) . '/code-samples/page-part-template-loop.php' ); ?></p> … … 49 49 <h3>3. Add Default Template <em>(optional)</em></h3> 50 50 <p>The default built-in page part template is very basic, just outputting the title and content.</p> 51 <p>It is recommended to add a <a href="<?php echo add_query_arg( 'tab', 'templates'); ?>#default_page_part_template"><code>page-part.php</code></a> template in the root of your theme so that you can customize the appearance of page parts that do not have a custom template assigned.</p>51 <p>It is recommended to add a <a href="<?php echo esc_url( add_query_arg( 'tab', 'templates' ) ); ?>#default_page_part_template"><code>page-part.php</code></a> template in the root of your theme so that you can customize the appearance of page parts that do not have a custom template assigned.</p> 52 52 <p><?php include( dirname( __FILE__ ) . '/code-samples/default-page-part-template.php' ); ?></p> 53 53 </div> … … 55 55 <div id="add_custom_templates"> 56 56 <h3>4. Add Custom Templates <em>(optional)</em></h3> 57 <p>Define custom templates by adding a <a href="<?php echo add_query_arg( 'tab', 'templates'); ?>#define_a_custom_template"><code>Page Part Name:</code></a> docblock to the top of your page part template files.</p>57 <p>Define custom templates by adding a <a href="<?php echo esc_url( add_query_arg( 'tab', 'templates' ) ); ?>#define_a_custom_template"><code>Page Part Name:</code></a> docblock to the top of your page part template files.</p> 58 58 <p>It is recommended to use the <a href="https://developer.wordpress.org/reference/functions/post_class/" target="wordpress-org"><code>post_class()</code></a> function to add post-specific classes to you page part HTML element. If used, custom page part templates will automatically add the class <code>page-part-template-{filename}</code>. It is recommended to create a <code>page-parts</code> folder in your theme and add page part templates there.</p> 59 59 <p>After defining templates you will be able to assign them to page parts when editing supported post types and page parts.</p> … … 63 63 <div id="add_page_part_theme_locations"> 64 64 <h3>5. Add Page Part Theme Locations <em>(optional)</em></h3> 65 <p>If you need to display page parts in multiple places in the same template, you can <a href="<?php echo add_query_arg( 'tab', 'locations'); ?>">define locations</a> to which you can assign page parts.</p>65 <p>If you need to display page parts in multiple places in the same template, you can <a href="<?php echo esc_url( add_query_arg( 'tab', 'locations' ) ); ?>">define locations</a> to which you can assign page parts.</p> 66 66 </div> 67 67 68 68 <div id="further_customization"> 69 69 <h3>6. Further Customization <em>(optional)</em></h3> 70 <p>View the documentation about <a href="<?php echo add_query_arg( 'tab', 'filters' ); ?>">filters</a> and other <a href="<?php echo add_query_arg( 'tab', 'examples'); ?>">examples</a>.</p>70 <p>View the documentation about <a href="<?php echo esc_url( add_query_arg( 'tab', 'filters' ) ); ?>">filters</a> and other <a href="<?php echo esc_url( add_query_arg( 'tab', 'examples' ) ); ?>">examples</a>.</p> 71 71 </div> 72 72 -
page-parts/trunk/admin/documentation/index.php
r1495007 r3194519 42 42 43 43 ?> 44 <a href="<?php echo $href; ?>" class="nav-tab <?php if ( $tab_id == $tab ) echo 'nav-tab-active'; ?>"><?php echo esc_html( $tab_title ); ?></a>44 <a href="<?php echo esc_url( $href ); ?>" class="nav-tab <?php if ( $tab_id == $tab ) echo 'nav-tab-active'; ?>"><?php echo esc_html( $tab_title ); ?></a> 45 45 <?php 46 46 -
page-parts/trunk/admin/page-parts-list-table.php
r1632000 r3194519 86 86 public function single_row( $item ) { 87 87 static $row_class = ''; 88 $row_class = ( $row_class == '' ? ' class="alternate"' : '' );89 90 echo '<tr id="page-part-' . $item->ID . '" ' . $row_class . '>';88 $row_class = $row_class == '' ? 'alternate' : ''; 89 90 echo '<tr id="page-part-' . esc_attr( $item->ID ) . '" class="' . esc_attr( $row_class ) . '">'; 91 91 $this->single_row_columns( $item ); 92 92 echo '</tr>'; … … 267 267 public function display() { 268 268 ?> 269 <table class="wp-list-table <?php echo implode( ' ', $this->get_table_classes() ); ?>">269 <table class="wp-list-table <?php echo esc_attr( implode( ' ', $this->get_table_classes() ) ); ?>"> 270 270 <thead> 271 271 <tr> … … 289 289 $add_url = admin_url( sprintf( 'post-new.php?post_type=page-part&parent_id=%s', $post->ID ) ); 290 290 291 printf( __( 'No page parts found. <a %s>Add one?</a>', 'page-parts' ), 'href="' . $add_url. '"' );291 printf( wp_kses( __( 'No page parts found. <a %s>Add one?</a>', 'page-parts' ) ), 'href="' . esc_attr( $add_url ) . '"' ); 292 292 293 293 } -
page-parts/trunk/page-parts.php
r3032894 r3194519 5 5 Plugin URI: https://github.com/benhuson/page-parts 6 6 Description: Manage subsections of a page. 7 Version: 1.4. 37 Version: 1.4.4 8 8 Author: Ben Huson 9 9 Author URI: https://github.com/benhuson … … 11 11 */ 12 12 13 define( 'PAGE_PARTS_VERSION', '1.4. 3' );13 define( 'PAGE_PARTS_VERSION', '1.4.4' ); 14 14 define( 'PAGE_PARTS_FILE', __FILE__ ); 15 15 -
page-parts/trunk/readme.txt
r3032894 r3194519 3 3 Tags: pages, cms 4 4 Requires at least: 3.9 5 Tested up to: 6. 4.36 Stable tag: 1.4. 35 Tested up to: 6.7.1 6 Stable tag: 1.4.4 7 7 License: GPL2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 38 38 39 39 = Unreleased = 40 41 = 1.4.4 = 42 43 __Security__ 44 - Escape URLs and HTML output to prevent XSS. 40 45 41 46 = 1.4.3 =
Note: See TracChangeset
for help on using the changeset viewer.