Changeset 3212197

Timestamp:

12/23/2024 01:10:01 PM (12 months ago)

Author:

flippercode

Message:

security issues updated

Location:

ai-content

Files:

• tags/1.0.7 (added)
• tags/1.0.7/Licensing (added)
• tags/1.0.7/Licensing/GPL.txt (added)
• tags/1.0.7/Licensing/README_License.txt (added)
• tags/1.0.7/assets (added)
• tags/1.0.7/assets/css (added)
• tags/1.0.7/assets/css/backend.css (added)
• tags/1.0.7/assets/css/block.css (added)
• tags/1.0.7/assets/css/fc-modal.css (added)
• tags/1.0.7/assets/css/flippercode-ui.css (added)
• tags/1.0.7/assets/images (added)
• tags/1.0.7/assets/images/Preloader_3.gif (added)
• tags/1.0.7/assets/images/accordian-close.png (added)
• tags/1.0.7/assets/images/accordian-open.png (added)
• tags/1.0.7/assets/images/add-shortcode.png (added)
• tags/1.0.7/assets/images/arrow-left.png (added)
• tags/1.0.7/assets/images/arrow-right.png (added)
• tags/1.0.7/assets/images/arrow.png (added)
• tags/1.0.7/assets/images/back-skin (added)
• tags/1.0.7/assets/images/back-skin/body-bg1.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg10.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg11.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg12.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg13.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg14.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg15.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg16.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg2.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg3.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg4.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg5.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg6.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg7.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg8.png (added)
• tags/1.0.7/assets/images/back-skin/body-bg9.png (added)
• tags/1.0.7/assets/images/checkbox-checkmark.png (added)
• tags/1.0.7/assets/images/close.png (added)
• tags/1.0.7/assets/images/coding_Flatline.png (added)
• tags/1.0.7/assets/images/copy-to-clipboard.png (added)
• tags/1.0.7/assets/images/cross.png (added)
• tags/1.0.7/assets/images/delete-icon.png (added)
• tags/1.0.7/assets/images/email_campaign_Flatline.png (added)
• tags/1.0.7/assets/images/facebook.png (added)
• tags/1.0.7/assets/images/fc-small-logo.png (added)
• tags/1.0.7/assets/images/fc_pre_loader.gif (added)
• tags/1.0.7/assets/images/flippdercode_logo.png (added)
• tags/1.0.7/assets/images/flippdercode_logo1.png (added)
• tags/1.0.7/assets/images/folder-logo.png (added)
• tags/1.0.7/assets/images/folder-logo1.png (added)
• tags/1.0.7/assets/images/grid-hover.png (added)
• tags/1.0.7/assets/images/grid.png (added)
• tags/1.0.7/assets/images/gutenberg-editor.png (added)
• tags/1.0.7/assets/images/helpdesk.png (added)
• tags/1.0.7/assets/images/hire-expert.png (added)
• tags/1.0.7/assets/images/icons-checkmark.png (added)
• tags/1.0.7/assets/images/it_Support_Flatline.png (added)
• tags/1.0.7/assets/images/list-hover.png (added)
• tags/1.0.7/assets/images/list.png (added)
• tags/1.0.7/assets/images/loader.gif (added)
• tags/1.0.7/assets/images/money_transfer_Flatline.png (added)
• tags/1.0.7/assets/images/nav.png (added)
• tags/1.0.7/assets/images/notification.png (added)
• tags/1.0.7/assets/images/post-thumnail.jpg (added)
• tags/1.0.7/assets/images/rating.png (added)
• tags/1.0.7/assets/images/sample.jpg (added)
• tags/1.0.7/assets/images/select2.png (added)
• tags/1.0.7/assets/images/select_arrow.png (added)
• tags/1.0.7/assets/images/sort_asc.png (added)
• tags/1.0.7/assets/images/sort_asc_disabled.png (added)
• tags/1.0.7/assets/images/sort_both.png (added)
• tags/1.0.7/assets/images/sort_desc.png (added)
• tags/1.0.7/assets/images/sort_desc_disabled.png (added)
• tags/1.0.7/assets/images/subscribe.png (added)
• tags/1.0.7/assets/images/support-ticket.png (added)
• tags/1.0.7/assets/images/sync_icon.png (added)
• tags/1.0.7/assets/images/technical-support.png (added)
• tags/1.0.7/assets/images/twitter.png (added)
• tags/1.0.7/assets/images/vector.png (added)
• tags/1.0.7/assets/images/video-icon.png (added)
• tags/1.0.7/assets/images/web_Developer_Flatline.png (added)
• tags/1.0.7/assets/images/white_select_arrow.png (added)
• tags/1.0.7/assets/images/wpgmp-toggle-sprite.png (added)
• tags/1.0.7/assets/js (added)
• tags/1.0.7/assets/js/backend.js (added)
• tags/1.0.7/assets/js/fc-modal.js (added)
• tags/1.0.7/assets/js/flippercode-ui.js (added)
• tags/1.0.7/assets/js/select2.js (added)
• tags/1.0.7/assets/sample.csv (added)
• tags/1.0.7/build (added)
• tags/1.0.7/build/index.asset.php (added)
• tags/1.0.7/build/index.js (added)
• tags/1.0.7/build/index.js.map (added)
• tags/1.0.7/classes (added)
• tags/1.0.7/classes/wai-auto-update.php (added)
• tags/1.0.7/classes/wai-controller.php (added)
• tags/1.0.7/classes/wai-form.php (added)
• tags/1.0.7/classes/wai-fresh-settings.php (added)
• tags/1.0.7/classes/wai-model.php (added)
• tags/1.0.7/core (added)
• tags/1.0.7/core/class.controller-factory.php (added)
• tags/1.0.7/core/class.controller.php (added)
• tags/1.0.7/core/class.database.php (added)
• tags/1.0.7/core/class.importer.php (added)
• tags/1.0.7/core/class.initiate-core.php (added)
• tags/1.0.7/core/class.model-factory.php (added)
• tags/1.0.7/core/class.model.php (added)
• tags/1.0.7/core/class.plugin-overview.php (added)
• tags/1.0.7/core/class.plugin.php (added)
• tags/1.0.7/core/class.tabular.php (added)
• tags/1.0.7/core/class.template.php (added)
• tags/1.0.7/core/class.validation.php (added)
• tags/1.0.7/core/inc (added)
• tags/1.0.7/core/inc/modals (added)
• tags/1.0.7/core/inc/modals/custom-action.php (added)
• tags/1.0.7/core/inc/modals/delete-bulk.php (added)
• tags/1.0.7/core/inc/modals/delete.php (added)
• tags/1.0.7/lang (added)
• tags/1.0.7/lang/text-prompter-en_US.pot (added)
• tags/1.0.7/modules (added)
• tags/1.0.7/modules/overview (added)
• tags/1.0.7/modules/overview/model.overview.php (added)
• tags/1.0.7/modules/overview/views (added)
• tags/1.0.7/modules/overview/views/how.php (added)
• tags/1.0.7/modules/overview/views/view.php (added)
• tags/1.0.7/modules/prompt (added)
• tags/1.0.7/modules/prompt/model.prompt.php (added)
• tags/1.0.7/modules/prompt/views (added)
• tags/1.0.7/modules/prompt/views/form.php (added)
• tags/1.0.7/modules/prompt/views/import.php (added)
• tags/1.0.7/modules/prompt/views/manage.php (added)
• tags/1.0.7/modules/settings (added)
• tags/1.0.7/modules/settings/model.settings.php (added)
• tags/1.0.7/modules/settings/views (added)
• tags/1.0.7/modules/settings/views/manage.php (added)
• tags/1.0.7/modules/settings/views/test.php (added)
• tags/1.0.7/readme.txt (added)
• tags/1.0.7/text-prompter.php (added)
• tags/1.0.8 (added)
• tags/1.0.8/Licensing (added)
• tags/1.0.8/Licensing/GPL.txt (added)
• tags/1.0.8/Licensing/README_License.txt (added)
• tags/1.0.8/assets (added)
• tags/1.0.8/assets/css (added)
• tags/1.0.8/assets/css/backend.css (added)
• tags/1.0.8/assets/css/block.css (added)
• tags/1.0.8/assets/css/fc-modal.css (added)
• tags/1.0.8/assets/css/flippercode-ui.css (added)
• tags/1.0.8/assets/images (added)
• tags/1.0.8/assets/images/Preloader_3.gif (added)
• tags/1.0.8/assets/images/accordian-close.png (added)
• tags/1.0.8/assets/images/accordian-open.png (added)
• tags/1.0.8/assets/images/add-shortcode.png (added)
• tags/1.0.8/assets/images/arrow-left.png (added)
• tags/1.0.8/assets/images/arrow-right.png (added)
• tags/1.0.8/assets/images/arrow.png (added)
• tags/1.0.8/assets/images/back-skin (added)
• tags/1.0.8/assets/images/back-skin/body-bg1.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg10.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg11.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg12.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg13.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg14.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg15.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg16.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg2.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg3.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg4.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg5.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg6.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg7.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg8.png (added)
• tags/1.0.8/assets/images/back-skin/body-bg9.png (added)
• tags/1.0.8/assets/images/checkbox-checkmark.png (added)
• tags/1.0.8/assets/images/close.png (added)
• tags/1.0.8/assets/images/coding_Flatline.png (added)
• tags/1.0.8/assets/images/copy-to-clipboard.png (added)
• tags/1.0.8/assets/images/cross.png (added)
• tags/1.0.8/assets/images/delete-icon.png (added)
• tags/1.0.8/assets/images/email_campaign_Flatline.png (added)
• tags/1.0.8/assets/images/facebook.png (added)
• tags/1.0.8/assets/images/fc-small-logo.png (added)
• tags/1.0.8/assets/images/fc_pre_loader.gif (added)
• tags/1.0.8/assets/images/flippdercode_logo.png (added)
• tags/1.0.8/assets/images/flippdercode_logo1.png (added)
• tags/1.0.8/assets/images/folder-logo.png (added)
• tags/1.0.8/assets/images/folder-logo1.png (added)
• tags/1.0.8/assets/images/grid-hover.png (added)
• tags/1.0.8/assets/images/grid.png (added)
• tags/1.0.8/assets/images/gutenberg-editor.png (added)
• tags/1.0.8/assets/images/helpdesk.png (added)
• tags/1.0.8/assets/images/hire-expert.png (added)
• tags/1.0.8/assets/images/icons-checkmark.png (added)
• tags/1.0.8/assets/images/it_Support_Flatline.png (added)
• tags/1.0.8/assets/images/list-hover.png (added)
• tags/1.0.8/assets/images/list.png (added)
• tags/1.0.8/assets/images/loader.gif (added)
• tags/1.0.8/assets/images/money_transfer_Flatline.png (added)
• tags/1.0.8/assets/images/nav.png (added)
• tags/1.0.8/assets/images/notification.png (added)
• tags/1.0.8/assets/images/post-thumnail.jpg (added)
• tags/1.0.8/assets/images/rating.png (added)
• tags/1.0.8/assets/images/sample.jpg (added)
• tags/1.0.8/assets/images/select2.png (added)
• tags/1.0.8/assets/images/select_arrow.png (added)
• tags/1.0.8/assets/images/sort_asc.png (added)
• tags/1.0.8/assets/images/sort_asc_disabled.png (added)
• tags/1.0.8/assets/images/sort_both.png (added)
• tags/1.0.8/assets/images/sort_desc.png (added)
• tags/1.0.8/assets/images/sort_desc_disabled.png (added)
• tags/1.0.8/assets/images/subscribe.png (added)
• tags/1.0.8/assets/images/support-ticket.png (added)
• tags/1.0.8/assets/images/sync_icon.png (added)
• tags/1.0.8/assets/images/technical-support.png (added)
• tags/1.0.8/assets/images/twitter.png (added)
• tags/1.0.8/assets/images/vector.png (added)
• tags/1.0.8/assets/images/video-icon.png (added)
• tags/1.0.8/assets/images/web_Developer_Flatline.png (added)
• tags/1.0.8/assets/images/white_select_arrow.png (added)
• tags/1.0.8/assets/images/wpgmp-toggle-sprite.png (added)
• tags/1.0.8/assets/js (added)
• tags/1.0.8/assets/js/backend.js (added)
• tags/1.0.8/assets/js/fc-modal.js (added)
• tags/1.0.8/assets/js/flippercode-ui.js (added)
• tags/1.0.8/assets/js/select2.js (added)
• tags/1.0.8/assets/sample.csv (added)
• tags/1.0.8/build (added)
• tags/1.0.8/build/index.asset.php (added)
• tags/1.0.8/build/index.js (added)
• tags/1.0.8/build/index.js.map (added)
• tags/1.0.8/classes (added)
• tags/1.0.8/classes/wai-auto-update.php (added)
• tags/1.0.8/classes/wai-controller.php (added)
• tags/1.0.8/classes/wai-form.php (added)
• tags/1.0.8/classes/wai-fresh-settings.php (added)
• tags/1.0.8/classes/wai-model.php (added)
• tags/1.0.8/core (added)
• tags/1.0.8/core/class.controller-factory.php (added)
• tags/1.0.8/core/class.controller.php (added)
• tags/1.0.8/core/class.database.php (added)
• tags/1.0.8/core/class.importer.php (added)
• tags/1.0.8/core/class.initiate-core.php (added)
• tags/1.0.8/core/class.model-factory.php (added)
• tags/1.0.8/core/class.model.php (added)
• tags/1.0.8/core/class.plugin-overview.php (added)
• tags/1.0.8/core/class.plugin.php (added)
• tags/1.0.8/core/class.tabular.php (added)
• tags/1.0.8/core/class.template.php (added)
• tags/1.0.8/core/class.validation.php (added)
• tags/1.0.8/core/inc (added)
• tags/1.0.8/core/inc/modals (added)
• tags/1.0.8/core/inc/modals/custom-action.php (added)
• tags/1.0.8/core/inc/modals/delete-bulk.php (added)
• tags/1.0.8/core/inc/modals/delete.php (added)
• tags/1.0.8/lang (added)
• tags/1.0.8/lang/text-prompter-en_US.pot (added)
• tags/1.0.8/modules (added)
• tags/1.0.8/modules/overview (added)
• tags/1.0.8/modules/overview/model.overview.php (added)
• tags/1.0.8/modules/overview/views (added)
• tags/1.0.8/modules/overview/views/how.php (added)
• tags/1.0.8/modules/overview/views/view.php (added)
• tags/1.0.8/modules/prompt (added)
• tags/1.0.8/modules/prompt/model.prompt.php (added)
• tags/1.0.8/modules/prompt/views (added)
• tags/1.0.8/modules/prompt/views/form.php (added)
• tags/1.0.8/modules/prompt/views/import.php (added)
• tags/1.0.8/modules/prompt/views/manage.php (added)
• tags/1.0.8/modules/settings (added)
• tags/1.0.8/modules/settings/model.settings.php (added)
• tags/1.0.8/modules/settings/views (added)
• tags/1.0.8/modules/settings/views/manage.php (added)
• tags/1.0.8/modules/settings/views/test.php (added)
• tags/1.0.8/readme.txt (added)
• tags/1.0.8/text-prompter.php (added)
• trunk/readme.txt (modified) (2 diffs)
• trunk/text-prompter.php (modified) (8 diffs)

ai-content/trunk/readme.txt

@@ -4 +4 @@
 Tags: chatgpt, openai, gpt,ai,content
 Requires at least: 4.0
-Tested up to: 6.7.0
-Stable tag: 1.0.7
+Tested up to: 6.7.1
+Stable tag: 1.0.8
 Requires PHP: 5.0
 License: GPLv2 or later
@@ -122 +122 @@
 == Changelog ==
 
+= 1.0.8 =
+* Fix : Security issue in shortcode render function fixed.
+
 = 1.0.7 =
 * Fix : Max Token error is resolved.

ai-content/trunk/text-prompter.php

@@ -6 +6 @@
 Author: flippercode
 Author URI: https://www.flippercode.com/
-Version: 1.0.7
+Version: 1.0.8
 Text Domain: text-prompter
 Domain Path: /lang/
@@ -80 +80 @@
                 'pluginDirectoryBaseName' => basename( dirname( __FILE__ ) ),
                 'settingsPageSlug'        => 'wai_manage_settings',
-                'plugin_row_links'        => array( 'Docs' => 'http://guide.flippercode.com/securityquestions/' ),
+                'plugin_row_links'        => array( 'Docs' => admin_url('admin.php?page=wai_how_overview') ),
             );
 
@@ -89 +89 @@
 
             if ( is_admin() ) {
+
                 add_action( 'fc_plugin_module_to_load', array( $this, 'wai_plugin_module_to_load' ) );
-
                 add_action( 'wpgmp_form_header_html', [ $this, 'wai_add_custom_loader' ] );
-
                 add_action( 'admin_init', [ $this, 'aicontent_export_data' ] );
                 add_action( 'admin_init', [ $this, 'wai_sample_csv_download' ] );
 
             }
-            // don't
+
+            // Register endpoint for REST
             add_action(
                 'rest_api_init',
@@ -114 +114 @@
                 }
             );
-            // don't
+
             add_action( 'enqueue_block_editor_assets', array( $this, 'aicontent_block_assets' ) );
             add_action( 'plugins_loaded', array( $this, 'wai_load_plugin_languages' ) );
-
             add_shortcode( 'text_prompter', array($this,'wai_prompt_shortcode') );
 
@@ -126 +125 @@
         }
 
-        //dont
+        //Shortcode handler function
         function wai_prompt_shortcode($atts,$content) {
+
             $defaults = array(
               'model' => 'text-davinci-002',
@@ -138 +138 @@
             $args = shortcode_atts($defaults, $atts);
           
-            // Construct the request data
-            $data = array(
-              'model' => $args['model'],
-              'prompt' => $content,
-              'temperature' => $args['temperature'],
-              'max_tokens' => $args['max_tokens'],
-              'transist' => $args['transist'],
-            );
+             // Sanitize the attributes
+             $args['model'] = sanitize_text_field($args['model']); // Sanitize text input
+             $args['temperature'] = floatval($args['temperature']); // Ensure temperature is a float
+             $args['max_tokens'] = intval($args['max_tokens']); // Ensure max_tokens is an integer
+             $args['transist'] = intval($args['transist']); // Ensure transist is an integer
+             $args['attributes'] = sanitize_text_field($args['attributes']); // Sanitize additional attributes
+         
+             // Sanitize and process the content
+             $content = wp_kses_post($content); // Allow basic HTML in the content
+         
+             // Construct the request data
+             $data = array(
+                 'model' => $args['model'],
+                 'prompt' => $content,
+                 'temperature' => $args['temperature'],
+                 'max_tokens' => $args['max_tokens'],
+                 'transist' => $args['transist'],
+             );
           
             // Check if there is an existing cache for this prompt
@@ -171 +181 @@
             $attributes = $args['attributes'];
           
-            // Return the result with any specified attributes
-            return '<div ' . $attributes . '>' . $cache_value . '</div>';
+            // Return the result with any specified attributes also with Escaped HTML
+            return '<div ' . esc_attr( $attributes ) . '>' . wp_kses_post( $cache_value ) . '</div>';
+            
           }
 
@@ -501 +512 @@
 
             $this->wai_define( 'WAI_SLUG', 'wai_view_overview' );
-            $this->wai_define( 'WAI_VERSION', '1.0.1' );
+            $this->wai_define( 'WAI_VERSION', '1.0.8' );
             $this->wai_define( 'WAI_TEXT_DOMAIN', 'text-prompter' );
             $this->wai_define( 'WAI_TBL_PROMPTS', 'wai_prompts' );