Changeset 3313464

Timestamp:

06/17/2025 06:34:22 PM (8 months ago)

Author:

dogrow

Message:

Security updated
Tested up to: 6.8.1

Location:

simple-baseball-scoreboard

Files:

• tags/2.0 (added)
• tags/2.0/js (added)
• tags/2.0/js/ytmr_simple_baseball_scoreboard.js (added)
• tags/2.0/readme.txt (added)
• tags/2.0/ytmr_simple_baseball_scoreboard.php (added)
• trunk/readme.txt (modified) (2 diffs)
• trunk/ytmr_simple_baseball_scoreboard.php (modified) (11 diffs)

simple-baseball-scoreboard/trunk/readme.txt

@@ -4 +4 @@
 Tags: baseball, score, scoreboard
 Requires at least: 4.8.1
-Tested up to: 6.4.2
-Stable tag: 1.3
+Tested up to: 6.8.1
+Stable tag: 2.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -34 +34 @@
 == ChangeLog ==
 
+= Version 2.0 =
+
+* Security update
+
 = Version 1.3 =
 

simple-baseball-scoreboard/trunk/ytmr_simple_baseball_scoreboard.php

@@ -2 +2 @@
 /*
 Plugin Name: Simple Baseball Score Board
-Plugin URI: https://php.dogrow.net/wordpressplugin/simple-baseball-scoreboard/
+Plugin URI: https://www.dogrow.net/php/wordpressplugin/simple-baseball-scoreboard/
 Description: Generate baseball scoreboard from shortcode
-Version: 1.3
+Version: 2.0
 Author: DOGROW.NET
-Author https://php.dogrow.net/
 License: GPL2
 */
@@ -32 +31 @@
     add_action('admin_head', array($this,'proc_output_css'), 9999);
     //------------------------------------------------------------------
-    add_shortcode('ytmr_bb_scoreboard', array($this, 'proc_shortcode'));
+    add_shortcode('bb_scoreboard', array($this, 'proc_shortcode'));
     add_filter('widget_text', 'do_shortcode');
     //------------------------------------------------------------------
@@ -73 +72 @@
   border-width: {$ary_set['border_line_width']['v']};
   border-style: solid;
-  margin: 3px; padding: 3px;
+  margin: 0.5rem; padding: 0.5rem;
+  width: fit-content;
 }
 div#YTMRBBScoreBoard table{
@@ -80 +80 @@
   margin:0 !important;
   padding:0 !important;
+  width: auto;
 }
 div#YTMRBBScoreBoard tr,
@@ -89 +90 @@
   text-align: center;
   line-height: 1.5;
-  padding: 4px;
+  padding: 0.15rem;
   color: {$ary_set['text_color']['v']};
+  white-space: nowrap;
 }
 div#YTMRBBScoreBoard div.inner{
-  padding: 4px 2px;
+  padding: 0.5rem;
   background-color: {$ary_set['box_color']['v']};
 }
@@ -102 +104 @@
   }
   //////////////////////////////////////////////////////////////////////
+  // args['fsize'] : text size [rem]
+  // args['tm1']  : team name #1
+  // args['tm2']  : team name #2
+  // args['scr1'] : score #1 , separator='/'  ex) 0/0/1/0/0/1
+  // args['scr2'] : score #2
   public function proc_shortcode( $args ){
-    return $this->sub_display_table($args);
-  }
-  //////////////////////////////////////////////////////////////////////
-  public function proc_create_menu() {
+    // --- Sanitize shortcode attributes ---------------------------------
+    $fsize = ( isset( $args['fsize'] ) && is_numeric( $args['fsize'] ) )
+           ? floatval( $args['fsize'] )
+           : '';
+    $tm1   = isset( $args['tm1'] ) ? $args['tm1'] : 'team1';
+    $tm2   = isset( $args['tm2'] ) ? $args['tm2'] : 'team2';
+
+    // Build style string safely
+    $size_css = ( $fsize !== '' ) ? 'font-size:' . $fsize . 'rem !important;' : '';
+    $table_class = 'tc_' . str_replace( '.', '_', isset( $args['fsize'] ) ? sanitize_key( $args['fsize'] ) : '' );
+
+    // Escape team names for HTML
+    $ary_tm = array( esc_html( $tm1 ), esc_html( $tm2 ) );
+
+    // Force score values to integers to avoid XSS
+    $scr1_raw = isset( $args['scr1'] ) ? explode( '/', $args['scr1'] ) : array();
+    $scr2_raw = isset( $args['scr2'] ) ? explode( '/', $args['scr2'] ) : array();
+    $ary_scr  = array( array_map( 'intval', $scr1_raw ), array_map( 'intval', $scr2_raw ) );
+
+    $nScr = max( count( $ary_scr[0] ), count( $ary_scr[1] ) );
+
+    // -------------------- Build Scoreboard HTML ------------------------
+    $html  = '<tr><td></td>';
+    for ( $i = 1; $i <= $nScr; $i++ ) {
+        $html .= '<td>' . $i . '</td>';
+    }
+    $html .= '<td>R</td></tr>';
+
+    foreach ( $ary_scr as $idx => $scr ) {
+        $html .= '<tr><td><div class="inner">' . $ary_tm[ $idx ] . '</div></td>';
+        for ( $i = 0; $i < $nScr; $i++ ) {
+            $val = isset( $scr[ $i ] ) ? intval( $scr[ $i ] ) : '';
+            $html .= '<td><div class="inner">' . $val . '</div></td>';
+        }
+        $html .= '<td><div class="inner">' . array_sum( $scr ) . '</div></td></tr>';
+    }
+
+    // ----------------------- Final Output ------------------------------
+    $str = <<<EOM
+<style type="text/css">
+div#YTMRBBScoreBoard .{$table_class} td{
+  {$size_css}
+}
+</style>
+<div id="YTMRBBScoreBoard"><table class="{$table_class}">{$html}</table></div>
+EOM;
+
+    return $str;
+}
+function proc_create_menu() {
     add_submenu_page('options-general.php', 'Simple BBScoreboard', 'Simple BBScoreboard', 'administrator', __FILE__, array($this, 'proc_display_settings_page'));
   }
@@ -131 +184 @@
     $ary_bw_sel = array('1px'=>'', '2px'=>'', '3px'=>'');
     $ary_bw_sel[$ary_set['border_line_width']['v']] = 'selected';
-    //------------------------------------------------------------------
-    $args = array('fsize'=>'1.2', 'width'=>'600px', 'tm1'=>'GreenSox', 'tm2'=>'Monkeys', 'scr1'=>'0/0/1/1/0/3/0', 'scr2'=>'1/0/0/2/2/1/X');
-    $html_scrboard = $this->sub_display_table($args);
-    //------------------------------------------------------------------
 echo <<< EOM
 <div class="wrap">
 <h2>Simple Baseball Scoreboard</h2>
 <h2>1. Usage</h2>
-<p>Short code : <span style="background:#fff;color:#00f;padding:3px 5px;font-size:1.2rem">[ytmr_bb_scoreboard]</span></p>
+<p>Short code : <span style="background:#fff;color:#00f;padding:3px 5px;font-size:1.2rem">[bb_scoreboard fsize=N tm1=NAME tm2=NAME scr1=RUN scr2=RUN]</span></p>
 <p>Parameters : <br />
 - fsize : font size [rem]<br />
@@ -146 +195 @@
 - scr1, scr2 : run of the inning (separator is "/")<br />
 </p>
-<p>sample : <span style="background:#fff;color:#00f;padding:3px 5px;font-size:1.2rem">[ytmr_bb_scoreboard fsize="1.2" width="600px" tm1="GreenSox" tm2="Monkeys" scr1="0/0/1/1/0/3/0" scr2="1/0/0/2/2/1/X"]</span></p>
-{$html_scrboard}
+<p>sample : <span style="background:#fff;color:#00f;padding:3px 5px;font-size:1.2rem">[bb_scoreboard fsize="1.2" tm1="GreenSox" tm2="Monkeys" scr1="0/0/1/1/0/3/0" scr2="1/0/0/2/2/1/X"]</span></p>
+
+<style type="text/css">
+div#YTMRBBScoreBoard td{
+  font-size: 1.2rem;
+</style>
+<div id="YTMRBBScoreBoard" style="width:30rem;max-width:100%">
+  <table style="width:100%">
+    <tr><td></td><td>1</td><td>2</td><td>3</td><td>4</td><td>5</td><td>6</td><td>7</td><td>R</td></tr>
+    <tr><td><div class="inner">GreenSox</div></td><td><div class="inner">0</div></td><td><div class="inner">0</div></td><td><div class="inner">1</div></td><td><div class="inner">1</div></td><td><div class="inner">0</div></td><td><div class="inner">3</div></td><td><div class="inner">0</div></td><td><div class="inner">5</div></td></tr>
+    <tr><td><div class="inner">Monkeys</div></td> <td><div class="inner">1</div></td><td><div class="inner">0</div></td><td><div class="inner">0</div></td><td><div class="inner">2</div></td><td><div class="inner">2</div></td><td><div class="inner">1</div></td><td><div class="inner">X</div></td><td><div class="inner">6</div></td></tr>
+  </table>
+</div>
+
 <h2 style="margin-top:2.5rem">2. Settings</h2>
 <form id="YTMRBBScoreBoard_form" method="post" action="options.php">
@@ -155 +216 @@
 echo <<< EOM
   <table class="form-table">
+    <tr>
+      <th>{$ary_set['border_line_color']['t']}</th>
+      <td>
+        <input type="color" name="{$this->m_option_name}[border_line_color][v]" value="{$ary_set['border_line_color']['v']}">
+      </td>
+    </tr>
+    <tr>
+      <th>{$ary_set['text_color']['t']}</th>
+      <td>
+        <input type="color" name="{$this->m_option_name}[text_color][v]" value="{$ary_set['text_color']['v']}">
+      </td>
+    </tr>
+    <tr>
+      <th>{$ary_set['box_color']['t']}</th>
+      <td>
+        <input type="color" name="{$this->m_option_name}[box_color][v]" value="{$ary_set['box_color']['v']}">
+      </td>
+    </tr>
+    <tr>
+      <th>{$ary_set['background_color']['t']}</th>
+      <td>
+        <input type="color" name="{$this->m_option_name}[background_color][v]" value="{$ary_set['background_color']['v']}">
+      </td>
+    </tr>
     <tr>
       <th>{$ary_set['border_line_width']['t']}</th>
@@ -165 +250 @@
       </td>
     </tr>
-    <tr>
-      <th>{$ary_set['border_line_color']['t']}</th>
-      <td>
-        <input type="color" name="{$this->m_option_name}[border_line_color][v]" value="{$ary_set['border_line_color']['v']}">
-      </td>
-    </tr>
-    <tr>
-      <th>{$ary_set['background_color']['t']}</th>
-      <td>
-        <input type="color" name="{$this->m_option_name}[background_color][v]" value="{$ary_set['background_color']['v']}">
-      </td>
-    </tr>
-    <tr>
-      <th>{$ary_set['box_color']['t']}</th>
-      <td>
-        <input type="color" name="{$this->m_option_name}[box_color][v]" value="{$ary_set['box_color']['v']}">
-      </td>
-    </tr>
-    <tr>
-      <th>{$ary_set['text_color']['t']}</th>
-      <td>
-        <input type="color" name="{$this->m_option_name}[text_color][v]" value="{$ary_set['text_color']['v']}">
-      </td>
-    </tr>
   </table>
 EOM;
@@ -197 +258 @@
 EOM;
   }
-  //////////////////////////////////////////////////////////////////////
-  // args['fsize'] : text size [rem]
-  // args['width'] : whole width
-  // args['tm1']  : team name #1
-  // args['tm2']  : team name #2
-  // args['scr1'] : score #1 , separator='/'  ex) 0/0/1/0/0/1
-  // args['scr2'] : score #2
-  public function sub_display_table($args){
-    $fsize = (isset($args['fsize']))? $args['fsize'] : '1';
-    $tm1   = (isset($args['tm1']))? $args['tm1'] : 'team1';
-    $tm2   = (isset($args['tm2']))? $args['tm2'] : 'team2';
-    $width = (isset($args['width']))? $args['width'] : '100%';
-    //------------------------------------------------------------------
-    $html = "";
-    $size = 'font-size:'.$fsize.'rem !important;';
-    $table_class = 'tc_'.str_replace('.','_',$args['fsize']);
-    //------------------------------------------------------------------
-    $ary_tm = array();
-    $ary_tm[] = $tm1;
-    $ary_tm[] = $tm2;
-    //------------------------------------------------------------------
-    $ary_scr = array();
-    $ary_scr[] = explode('/', $args['scr1']);
-    $ary_scr[] = explode('/', $args['scr2']);
-    $nScr = max(count($ary_scr[0]), count($ary_scr[1]));
-    //------------------------------------------------------------------
-    // display innings
-    $html .= '<tr><td></td>';
-    for($i=1 ; $i <= $nScr ; $i++){
-      $html .= '<td>'.$i.'</td>';
-    }
-    $html .= '<td>R</td></tr>';
-    //------------------------------------------------------------------
-    // display score
-    foreach($ary_scr as $idx => $scr){
-      $html .= '<tr><td><div class="inner">'.$ary_tm[$idx].'</div></td>';
-      for($i=0 ; $i < $nScr ; $i++){
-        $html .= '<td><div class="inner">'.$scr[$i].'</div></td>';
-      }
-      $html .= '<td><div class="inner">'.array_sum($scr).'</div></td></tr>';
-    }
-    //------------------------------------------------------------------
-return <<< EOM
-<style type="text/css">
-div#YTMRBBScoreBoard{
-  max-width: 100% !important;
-}
-div#YTMRBBScoreBoard .{$table_class} td{
-  {$size}
-}
-</style>
-<div id="YTMRBBScoreBoard" style="width: {$width} !important"><table class="{$table_class}" style="width:100%">{$html}</table></div>
-EOM;
-  }
 }     // end of class
 ?>