Changeset 3261595

Timestamp:

03/25/2025 02:14:56 PM (11 months ago)

Author:

goodlayers

Message:

Improve Security
Scan Plugin With "Plugin Check"

Location:

goodlayers-blocks

Files:

• tags/1.0.3 (added)
• tags/1.0.3/category-filter.php (added)
• tags/1.0.3/editor-style.css (added)
• tags/1.0.3/goodlayers-blocks.php (added)
• tags/1.0.3/js (added)
• tags/1.0.3/js/dist (added)
• tags/1.0.3/js/dist/accordion.asset.php (added)
• tags/1.0.3/js/dist/accordion.js (added)
• tags/1.0.3/js/dist/category-filter.asset.php (added)
• tags/1.0.3/js/dist/category-filter.js (added)
• tags/1.0.3/js/dist/fa-social.asset.php (added)
• tags/1.0.3/js/dist/fa-social.js (added)
• tags/1.0.3/js/dist/group-custom.asset.php (added)
• tags/1.0.3/js/dist/group-custom.js (added)
• tags/1.0.3/js/dist/product-category.asset.php (added)
• tags/1.0.3/js/dist/product-category.js (added)
• tags/1.0.3/js/dist/rating.asset.php (added)
• tags/1.0.3/js/dist/rating.js (added)
• tags/1.0.3/js/dist/shape-divider.asset.php (added)
• tags/1.0.3/js/dist/shape-divider.js (added)
• tags/1.0.3/js/dist/slider-controls.asset.php (added)
• tags/1.0.3/js/dist/slider-controls.js (added)
• tags/1.0.3/product-category.php (added)
• tags/1.0.3/readme.txt (added)
• tags/1.0.3/util.php (added)
• trunk/category-filter.php (modified) (7 diffs)
• trunk/goodlayers-blocks.php (modified) (11 diffs)
• trunk/readme.txt (modified) (1 diff)
• trunk/util.php (modified) (2 diffs)

goodlayers-blocks/trunk/category-filter.php

@@ -4 +4 @@
     if( !function_exists('glgu_category_filter_render_callback') ){
         function glgu_category_filter_render_callback( $atts, $content ){
-            
+            global $glgu_cat, $glgu_section, $glgu_post_type;
+
             // initialize
             if( !isset($atts['style']) ) $atts['style'] = 'dot-top';
@@ -29 +30 @@
 
             $active_cat = '';
-            if( !empty($_GET['glguSection']) && $_GET['glguSection'] == $atts['sectionId'] && 
-                !empty($_GET['glguPostType']) && $_GET['glguPostType'] == $atts['postType'] && !empty($_GET['glguCat']) ){
+            if( !empty($glgu_section) && $glgu_section == $atts['sectionId'] && 
+                !empty($glgu_post_type) && $glgu_post_type == $atts['postType'] && !empty($glgu_cat) ){
                  
-                $active_cat = sanitize_key($_GET['glguCat']);
+                $active_cat = sanitize_key($glgu_cat);
             }
 
@@ -67 +68 @@
     if( !function_exists('glgu_category_filter_ajax') ){
         function glgu_category_filter_ajax(){
+            global $glgu_cat, $glgu_section, $glgu_post_type;
+
             if( !empty($_GET['glguCat']) && !empty($_GET['glguSection']) && !empty($_GET['glguPostType']) ){
-                echo $_GET['glguCat'] . ' ' . $_GET['glguSection'] . ' ' . $_GET['glguPostType'];
+
+                // verify nonce
+                if( isset($_GET['security']) ){
+                    $nonce = sanitize_text_field(wp_unslash($_GET['security']));
+                    if( !wp_verify_nonce($nonce, 'glgu_nonce') ){
+                        die();
+                    }
+                }else{
+                    die();
+                }
+
+                $glgu_cat = sanitize_text_field(wp_unslash($_GET['glguCat']));
+                $glgu_section = sanitize_text_field(wp_unslash($_GET['glguSection']));
+                $glgu_post_type = sanitize_text_field(wp_unslash($_GET['glguPostType']));
+                
+                // get data
                 add_filter('render_block_data', 'glgu_category_filter_block_full', 20, 3);
             }
@@ -76 +94 @@
     if( !function_exists('glgu_category_filter_block_full') ){
         function glgu_category_filter_block_full($parsed_block, $source_block, $parent_block){
+            global $glgu_cat, $glgu_section, $glgu_post_type;
 
             // search for block with id = section_id
-
-            $search_id = 'id="' . sanitize_key($_GET['glguSection']) . '"';
+            $search_id = empty($glgu_section)? '': 'id="' . sanitize_key($glgu_section) . '"';
             if( strpos($parsed_block['innerHTML'], $search_id) !== false ){
                 $target_block = $parsed_block;
@@ -88 +106 @@
 
                 $categories = array();
-                if( $_GET['glguPostType'] == 'product' ){
-                    if( $_GET['glguCat'] != 'all' ){
-                        $term = get_term_by('slug', sanitize_key($_GET['glguCat']), 'product_cat');
+                if( !empty($glgu_post_type) && $glgu_post_type == 'product' ){
+                    if( !empty($glgu_cat) && $glgu_cat != 'all' ){
+                        $term = get_term_by('slug', sanitize_key($glgu_cat), 'product_cat');
                         if( !empty($term) ){
                             $categories[] = $term->term_id;
@@ -98 +116 @@
                     }
             
-                }else if($_GET['glguPostType'] == 'post'){
+                }else if( !empty($glgu_post_type) && $glgu_post_type == 'post' ){
 
                 }
@@ -191 +209 @@
                 $.ajax({
                     url: url,
-                    data: {glguCat: cat, glguSection: section_id, glguPostType: post_type},
+                    data: {
+                        glguCat: cat, 
+                        glguSection: section_id, 
+                        glguPostType: post_type,
+                        security: '<?php echo esc_js(wp_create_nonce("glgu_nonce")); ?>'
+                    },
                     method: 'GET',
                     dataType: 'text',

goodlayers-blocks/trunk/goodlayers-blocks.php

@@ -4 +4 @@
  * Plugin URI:        https://wordpress.org/plugins/
  * Description:       Extra useful elements for theme styling
- * Version:           1.0.2
+ * Version:           1.0.3
  * Author:            Goodlayers
  * Author URI:        https://goodlayers.com/
@@ -26 +26 @@
             /* accordion */
             $block_accordion_asset = include(GLGU_LOCAL . '/js/dist/accordion.asset.php');
-            wp_register_script('glgu-accordion', GLGU_URL . '/js/dist/accordion.js', $block_accordion_asset['dependencies'], $block_accordion_asset['version']);
+            wp_register_script('glgu-accordion', GLGU_URL . '/js/dist/accordion.js', $block_accordion_asset['dependencies'], $block_accordion_asset['version'], true);
             register_block_type('glgu/accordion', array(
                 'editor_script' => 'glgu-accordion'
@@ -33 +33 @@
             /* rating */
             $block_rating_asset = include(GLGU_LOCAL . '/js/dist/rating.asset.php');
-            wp_register_script('glgu-rating', GLGU_URL . '/js/dist/rating.js', $block_rating_asset['dependencies'], $block_rating_asset['version']);
+            wp_register_script('glgu-rating', GLGU_URL . '/js/dist/rating.js', $block_rating_asset['dependencies'], $block_rating_asset['version'], true);
             register_block_type('glgu/rating', array(
                 'editor_script' => 'glgu-rating'
@@ -40 +40 @@
             // slider controls
             $slider_controls_asset = include(GLGU_LOCAL . '/js/dist/slider-controls.asset.php');
-            wp_register_script('glgu-slider-controls', GLGU_URL . '/js/dist/slider-controls.js', $slider_controls_asset['dependencies'], $slider_controls_asset['version']);
+            wp_register_script('glgu-slider-controls', GLGU_URL . '/js/dist/slider-controls.js', $slider_controls_asset['dependencies'], $slider_controls_asset['version'], true);
             register_block_type('glgu/slider-controls', array(
                 'editor_script' => 'glgu-slider-controls'
@@ -47 +47 @@
             /* group custom */
             $group_custom_asset = include(GLGU_LOCAL . '/js/dist/group-custom.asset.php');
-            wp_register_script('glgu-group-custom', GLGU_URL . '/js/dist/group-custom.js', $group_custom_asset['dependencies'], $group_custom_asset['version']);
+            wp_register_script('glgu-group-custom', GLGU_URL . '/js/dist/group-custom.js', $group_custom_asset['dependencies'], $group_custom_asset['version'], true);
             wp_localize_script('glgu-group-custom', 'glguGroupCustom', array(
                 'enableCarousel' => get_theme_support('glgu-group-custom-carousel'),
@@ -57 +57 @@
             // fa social
             $fa_social_asset = include(GLGU_LOCAL . '/js/dist/fa-social.asset.php');
-            wp_register_script('glgu-fa-social', GLGU_URL . '/js/dist/fa-social.js', $fa_social_asset['dependencies'], $fa_social_asset['version']);
+            wp_register_script('glgu-fa-social', GLGU_URL . '/js/dist/fa-social.js', $fa_social_asset['dependencies'], $fa_social_asset['version'], true);
             register_block_type('glgu/fa-social', array(
                 'editor_script' => 'glgu-fa-social'
@@ -64 +64 @@
             // shape divider
             $shape_divider = include(GLGU_LOCAL . '/js/dist/shape-divider.asset.php');
-            wp_register_script('glgu-shape-divider', GLGU_URL . '/js/dist/shape-divider.js', $shape_divider['dependencies'], $shape_divider['version']);
+            wp_register_script('glgu-shape-divider', GLGU_URL . '/js/dist/shape-divider.js', $shape_divider['dependencies'], $shape_divider['version'], true);
             register_block_type('glgu/shape-divider', array(
                 'editor_script' => 'glgu-shape-divider'
@@ -71 +71 @@
             // category filter
             $category_filter = include(GLGU_LOCAL . '/js/dist/category-filter.asset.php');
-            wp_register_script('glgu-category-filter', GLGU_URL . '/js/dist/category-filter.js', $category_filter['dependencies'], $category_filter['version']);
+            wp_register_script('glgu-category-filter', GLGU_URL . '/js/dist/category-filter.js', $category_filter['dependencies'], $category_filter['version'], true);
             wp_localize_script('glgu-category-filter', 'GLGU_CAT', array(
                 'all' => esc_html__('All', 'goodlayers-blocks'),
@@ -84 +84 @@
             /* product-category */
             $product_category_asset = include(GLGU_LOCAL . '/js/dist/product-category.asset.php');
-            wp_register_script('glgu-product-category', GLGU_URL . '/js/dist/product-category.js', $product_category_asset['dependencies'], $product_category_asset['version']);
+            wp_register_script('glgu-product-category', GLGU_URL . '/js/dist/product-category.js', $product_category_asset['dependencies'], $product_category_asset['version'], true);
             wp_localize_script('glgu-product-category', 'GLGU_THUMBNAIL', glgu_get_thumbnail_sizes());
             register_block_type('glgu/product-category', array(
@@ -228 +228 @@
     background: var(--category-filter-text-indicator, #000);
     -webkit-border-radius: 50%; -moz-border-radius: 50%; border-radius: 50%; }
+@media only screen and (max-width: 768px){
+    .glgu-category-filter{ flex-wrap: wrap; }
+    .glgu-category-filter .glgu-slide-bar{ display: none; }
+}
 
 /* product category */
@@ -326 +330 @@
                 array(
                     'value' => 'full', 
-                    'label' => esc_html__('full size', 'goodlayers-core')
+                    'label' => esc_html__('full size', 'goodlayers-blocks')
 
                 )

goodlayers-blocks/trunk/readme.txt

@@ -2 +2 @@
 Tags: blocks, accordion, group, social, responsive
 Requires at least: 6.0
-Tested up to: 6.0
+Tested up to: 6.7
 Requires PHP: 7.0
-Stable tag: 1.0.1
+Stable tag: 1.0.3
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html

goodlayers-blocks/trunk/util.php

@@ -41 +41 @@
     if( !function_exists('glgu_current_year_shortcode') ){
         function glgu_current_year_shortcode($atts, $content = ''){
-            return date('Y');
+            return current_time('Y');
         }
     }
@@ -64 +64 @@
             $ret = array();
             if( !empty($with_all) ){
-                $ret[$cat] = esc_html__('All', 'goodlayers-core'); 
+                $ret[$cat] = esc_html__('All', 'goodlayers-blocks'); 
             }