Changeset 3320280

Timestamp:

07/01/2025 01:16:34 AM (9 months ago)

Author:

webangon

Message:

Sanitise wp_json_encode

Location:

the-pack-addon/trunk

Files:

• includes/helper-functions.php (modified) (1 diff)
• includes/widgets/element/accordion/index.php (modified) (1 diff)
• includes/widgets/element/accordion/view.php (modified) (1 diff)
• includes/widgets/element/auto-tab/view.php (modified) (1 diff)
• includes/widgets/element/card_slider/view.php (modified) (1 diff)
• includes/widgets/element/carousel_parallax/view.php (modified) (1 diff)
• includes/widgets/element/cliendgrid/view.php (modified) (1 diff)
• includes/widgets/element/contact_form/view.php (modified) (1 diff)
• includes/widgets/element/counter_circle/one.php (modified) (1 diff)
• includes/widgets/element/datecounter/view.php (modified) (1 diff)
• includes/widgets/element/gallery_carousel/view.php (modified) (1 diff)
• includes/widgets/element/gmap (deleted)
• includes/widgets/element/hover_background/view.php (modified) (1 diff)
• includes/widgets/element/image_grid_slider/view.php (modified) (1 diff)
• includes/widgets/element/imgbox_1/view.php (modified) (1 diff)
• includes/widgets/element/imgbox_4/view.php (modified) (1 diff)
• includes/widgets/element/imgslickcarousel/view.php (modified) (1 diff)
• includes/widgets/element/single_slider/view.php (modified) (1 diff)
• includes/widgets/element/slider_shop/view.php (modified) (1 diff)
• includes/widgets/element/slidercarousel/view.php (modified) (1 diff)
• includes/widgets/element/sliderparallax/view.php (modified) (1 diff)
• includes/widgets/element/syntax-highlight/view.php (modified) (1 diff)
• includes/widgets/element/team_1/view.php (modified) (1 diff)
• includes/widgets/element/team_2/view.php (modified) (1 diff)
• includes/widgets/element/testimonial_1/one.php (modified) (1 diff)
• includes/widgets/element/testimonial_1/two.php (modified) (1 diff)
• includes/widgets/element/testimonial_5/one.php (modified) (1 diff)
• includes/widgets/element/testimonial_5/three.php (modified) (1 diff)
• includes/widgets/element/testimonial_5/two.php (modified) (1 diff)
• includes/widgets/theme/full-slider/view.php (modified) (1 diff)
• includes/widgets/woocommerce/woo-product-design/view.php (modified) (1 diff)
• includes/widgets/woocommerce/woo-related-product/view.php (modified) (1 diff)
• index.php (modified) (1 diff)
• readme.txt (modified) (1 diff)

the-pack-addon/trunk/includes/helper-functions.php

@@ -175 +175 @@
     $btn = $text ? '<a ' . $link . ' class="tour-btn">' . $text . '</a>' : '';
 
-    return $btn;
+    return $btn; 
 }
 

the-pack-addon/trunk/includes/widgets/element/accordion/index.php

@@ -76 +76 @@
             'content',
             [
-                'type' => Controls_Manager::WYSIWYG,
+                'type' => Controls_Manager::TEXTAREA,
                 'label' => esc_html__('Content', 'the-pack-addon'),
                 'label_block' => true,

the-pack-addon/trunk/includes/widgets/element/accordion/view.php

@@ -32 +32 @@
 ?>
 
-<?php echo '<div class="xldacdn ' . esc_attr($cls . $settings['lfticn']) . '" data-xld =\'' . wp_json_encode($options) . '\'>'; ?>
+<?php echo '<div class="xldacdn ' . esc_attr($cls . $settings['lfticn']) . '" data-xld =\'' . wp_kses_post(wp_json_encode($options)) . '\'>'; ?>
 <ul class="accordion <?php echo esc_attr($id); ?>">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/auto-tab/view.php

@@ -26 +26 @@
 ?>
 
-<?php echo '<div class="the-pack-sync auto-tab" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="the-pack-sync auto-tab" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
     <div class="swiper swiper-sync">
         <div class="swiper-wrapper">

the-pack-addon/trunk/includes/widgets/element/card_slider/view.php

@@ -8 +8 @@
 
 <div class="blog-slider">
-    <?php echo '<div class="blog-slider__wrp swiper-wrapper" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+    <?php echo '<div class="blog-slider__wrp swiper-wrapper" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>
     <?php echo $this->content($settings['items'], $settings['img_size']); ?>

the-pack-addon/trunk/includes/widgets/element/carousel_parallax/view.php

@@ -23 +23 @@
 ?>
 
-<?php echo '<div class="swiper-container parallax-carousel" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="swiper-container parallax-carousel" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
 <div class="swiper-wrapper">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/cliendgrid/view.php

@@ -34 +34 @@
     $arrow = $settings['arrow'] ? '<div class="tp-arrow">' . $previkn . $nextikn . '</div>' : '';
 
-    echo '<div class="swiper-container tpswiper clientslide" data-xld =\'' . wp_json_encode($slider_options) . '\'>
+    echo '<div class="swiper-container tpswiper clientslide" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>
                 <div class="swiper-wrapper tb-clientwrap1">';?>
                     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?> 

the-pack-addon/trunk/includes/widgets/element/contact_form/view.php

@@ -39 +39 @@
 ?>
 
-<?php echo '<form class="tp-contact-wrap ' . esc_attr($icon_pos) . '" data-xld =\'' . wp_json_encode($options) . '\' novalidate>'; ?>
+<?php echo '<form class="tp-contact-wrap ' . esc_attr($icon_pos) . '" data-xld =\'' . wp_kses_post(wp_json_encode($options)) . '\' novalidate>'; ?>
 <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>
 <?php echo $content; ?>

the-pack-addon/trunk/includes/widgets/element/counter_circle/one.php

@@ -14 +14 @@
 $desc = $settings['desc'] ? '<p class="desc">' . $settings['desc'] . '</p>' : '';
 $out = '
-        <div data-options=\'' . wp_json_encode($options) . '\' data-size="' . esc_attr($settings['num']['size']) . '" data-prefix="' . esc_attr($settings['pre']) . '" class="client_counterup ' . esc_attr($settings['tmpl']) . '">
+        <div data-options=\'' . wp_kses_post(wp_json_encode($options)) . '\' data-size="' . esc_attr($settings['num']['size']) . '" data-prefix="' . esc_attr($settings['pre']) . '" class="client_counterup ' . esc_attr($settings['tmpl']) . '">
             <div class="counter_up">
                 ' . $pre . '

the-pack-addon/trunk/includes/widgets/element/datecounter/view.php

@@ -8 +8 @@
     'sec' => esc_attr($settings['secl'])
 ];
-echo '<div class="countdown ' . esc_attr($settings['tmpl']) . '" data-xld =\'' . wp_json_encode($data) . '\'></div>';
+echo '<div class="countdown ' . esc_attr($settings['tmpl']) . '" data-xld =\'' . wp_kses_post(wp_json_encode($data)) . '\'></div>';

the-pack-addon/trunk/includes/widgets/element/gallery_carousel/view.php

@@ -16 +16 @@
 
 ?>
-<?php echo '<div class="swiper-container tp-gallery-slider tpswiper ' .esc_attr($center) . '" data-thop =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="swiper-container tp-gallery-slider tpswiper ' .esc_attr($center) . '" data-thop =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
 <div class="swiper-wrapper">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/hover_background/view.php

@@ -38 +38 @@
     ';
 }
-echo '<div class="bari_assex_slider" data-xld =\'' . wp_json_encode($slider_options) . '\'><div class="flex-equal assex-wrap">';
+echo '<div class="bari_assex_slider" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'><div class="flex-equal assex-wrap">';
 //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped
 echo thepack_build_html($out);

the-pack-addon/trunk/includes/widgets/element/image_grid_slider/view.php

@@ -29 +29 @@
     $nav = $settings['nav'] ? '<div class="tp-arrow">' . $previkn . $nextikn . '</div>' : '';
     $dot = $settings['dot'] ? '<div class="swiper-pagination"></div>' : '';
-    echo '<div class="swiper-container tpswiper tp-img-grid-slider" data-xld =\'' . wp_json_encode($slider_options) . '\'>
+    echo '<div class="swiper-container tpswiper tp-img-grid-slider" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>
             <div class="swiper-wrapper">';?>
             <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/imgbox_1/view.php

@@ -29 +29 @@
     $nav = $settings['nav'] ? '<div class="tp-arrow">' . $previkn . $nextikn . '</div>' : '';
     $dot = $settings['dot'] ? '<div class="swiper-pagination"></div>' : '';
-    echo '<div class="swiper-container tpswiper tb-imgbox1" data-thop =\'' . wp_json_encode($slider_options) . '\'>
+    echo '<div class="swiper-container tpswiper tb-imgbox1" data-thop =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>
             <div class="swiper-wrapper">';?>
                 <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/imgbox_4/view.php

@@ -55 +55 @@
 
 if ($settings['disp'] == 'slider') {
-    echo '<div class="imgbx4carou swiper-container tpswiper" data-thop =\'' . wp_json_encode($slider_options) . '\'>
+    echo '<div class="imgbx4carou swiper-container tpswiper" data-thop =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>
                 <div class="swiper-wrapper">';?>
                     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/imgslickcarousel/view.php

@@ -28 +28 @@
 ?>
 
-<?php echo '<div class="xldslickcarousel ' . esc_attr($settings['tmpl']) . '" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="xldslickcarousel ' . esc_attr($settings['tmpl']) . '" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
 <div class='single-item'>
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/single_slider/view.php

@@ -23 +23 @@
 }
 
-echo '<div data-xld =\'' . wp_json_encode($slider_options) . '\' class="tpsingle-slide ' . esc_attr($settings['pagityp']) . ' ' . esc_attr($settings['arrowtyp']) . '">';
+echo '<div data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\' class="tpsingle-slide ' . esc_attr($settings['pagityp']) . ' ' . esc_attr($settings['arrowtyp']) . '">';
 ?>
 <div class="swiper-container gallery-top">

the-pack-addon/trunk/includes/widgets/element/slider_shop/view.php

@@ -25 +25 @@
 <div class="tb-shopslide">
 <!-- slides-->
-<?php echo '<div class="swiper-container main-slider ' . esc_attr($settings['tmpl']) . ' tpswiper" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="swiper-container main-slider ' . esc_attr($settings['tmpl']) . ' tpswiper" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
     <div class="swiper-wrapper">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/slidercarousel/view.php

@@ -23 +23 @@
 
 <div class="folio-carousel1">
-    <?php echo '<div class="swiper-container tpswiper ' . esc_attr($settings['tmpl']) . '" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+    <?php echo '<div class="swiper-container tpswiper ' . esc_attr($settings['tmpl']) . '" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
     <div class="swiper-wrapper">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/sliderparallax/view.php

@@ -35 +35 @@
 }
 
-echo '<div class="tp-main-slider ' . esc_attr($settings['trnsl']) . '" data-xld =\'' . wp_json_encode($slider_options) . '\'>';
+echo '<div class="tp-main-slider ' . esc_attr($settings['trnsl']) . '" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>';
 ?>
 <div class="swiper-container">

the-pack-addon/trunk/includes/widgets/element/syntax-highlight/view.php

@@ -3 +3 @@
   'source' => ('yes' === $settings['source']),
 ];
-echo '<div class="tp-syntax-highlight" data-xld =\'' . wp_json_encode($options) . '\'>';
+echo '<div class="tp-syntax-highlight" data-xld =\'' . wp_kses_post(wp_json_encode($options)) . '\'>';
 ?>
   <pre class="code" data-language="<?php echo esc_attr($settings['lang']);?>">

the-pack-addon/trunk/includes/widgets/element/team_1/view.php

@@ -3 +3 @@
 
 if ($settings['disp'] == 'slider') {
-    echo '<div class="swiper tpswiper team1carou" data-xld =\'' . wp_json_encode($swiper_opt['settings']) . '\'>
+    echo '<div class="swiper tpswiper team1carou" data-xld =\'' . wp_kses_post(wp_json_encode($swiper_opt['settings'])) . '\'>
                 <div class="swiper-wrapper">';?>
                     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/team_2/view.php

@@ -19 +19 @@
 
 if ($settings['disp'] == 'slider') {
-    echo '<div class="tbteam2 hascarou ' . esc_attr($settings['styl']) . '" data-xld =\'' . wp_json_encode($slider_options) . '\'>
+    echo '<div class="tbteam2 hascarou ' . esc_attr($settings['styl']) . '" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>
                 <div class="swiper-wrapper">';?>
                     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/testimonial_1/one.php

@@ -33 +33 @@
 ?> 
 
-<?php echo '<div class="swiper testimonial-1 tpswiper" data-xld =\'' . wp_json_encode($swiper_opt['settings']) . '\'>'; ?>
+<?php echo '<div class="swiper testimonial-1 tpswiper" data-xld =\'' . wp_kses_post(wp_json_encode($swiper_opt['settings'])) . '\'>'; ?>
 <div class="swiper-wrapper">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/testimonial_1/two.php

@@ -34 +34 @@
 ?>
 
-<?php echo '<div class="swiper testimonial-1 tpswiper style-2" data-xld =\'' . wp_json_encode($swiper_opt['settings']) . '\'>'; ?>
+<?php echo '<div class="swiper testimonial-1 tpswiper style-2" data-xld =\'' . wp_kses_post(wp_json_encode($swiper_opt['settings'])) . '\'>'; ?>
 <div class="swiper-wrapper">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/testimonial_5/one.php

@@ -31 +31 @@
 ?>
 
-<?php echo '<div class="testi5-container" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="testi5-container" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
 <div style="display:none" class="testi5wrap style-one">
   <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/testimonial_5/three.php

@@ -28 +28 @@
 ?>
 
-<?php echo '<div class="testi5-container" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="testi5-container" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
 <div style="display:none" class="testi5wrap style-three">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/element/testimonial_5/two.php

@@ -27 +27 @@
 ?>
 
-<?php echo '<div class="testi5-container" data-xld =\'' . wp_json_encode($slider_options) . '\'>'; ?>
+<?php echo '<div class="testi5-container" data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\'>'; ?>
 <div style="display:none" class="testi5wrap style-two">
     <?php //phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped ?>

the-pack-addon/trunk/includes/widgets/theme/full-slider/view.php

@@ -51 +51 @@
 
 <div class="thepack-slider-four thepack-swiper swiper">
-  <?php echo '<div class="swiper-wrapper" data-slick =\''.wp_json_encode($slider_options).'\'>';?>
+  <?php echo '<div class="swiper-wrapper" data-slick =\''.wp_kses_post(wp_json_encode($slider_options)).'\'>';?>
       <?php if ($loop->have_posts()) : ?>
               <?php while ($loop->have_posts()) : $loop->the_post();

the-pack-addon/trunk/includes/widgets/woocommerce/woo-product-design/view.php

@@ -29 +29 @@
 
    if ($wp_query->have_posts()) {
-       echo '<div data-xld =\'' . wp_json_encode($slider_options) . '\' class="' . esc_attr($parent_cls) . '">';
+       echo '<div data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\' class="' . esc_attr($parent_cls) . '">';
        echo '<div class="' . esc_attr($main_cls) . '">';
        if ( wc_get_loop_prop( 'total' ) ) {

the-pack-addon/trunk/includes/widgets/woocommerce/woo-related-product/view.php

@@ -31 +31 @@
 $wp_query = new \WP_Query( ['post__in' => $id,'post_type' => 'any'] );
 if ($wp_query->have_posts()){
-    echo '<div data-xld =\'' . wp_json_encode($slider_options) . '\' class="' . esc_attr($parent_cls) . '">';
+    echo '<div data-xld =\'' . wp_kses_post(wp_json_encode($slider_options)) . '\' class="' . esc_attr($parent_cls) . '">';
     echo '<div class="' . esc_attr($main_cls) . '">';    
     while ( $wp_query->have_posts() ) {

the-pack-addon/trunk/index.php

@@ -8 +8 @@
 License: GPLv3 or later
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
-Version: 2.1.4
+Version: 2.1.5
 Text Domain: the-pack-addon
 Domain Path: /languages/

the-pack-addon/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 5.0
 Tested up to: 6.8
-Stable tag: 2.1.4
+Stable tag: 2.1.5
 Requires PHP: 7.0
 License: GPLv3 or later