Changeset 3393317

Timestamp:

11/11/2025 02:10:01 AM (5 weeks ago)

Author:

kurudrive

Message:

Update to version 9.112.2.0 from GitHub

Location:

vk-all-in-one-expansion-unit

Files:

• tags/9.112.2.0 (copied) (copied from vk-all-in-one-expansion-unit/trunk)
• tags/9.112.2.0/admin/class-veu-metabox.php (modified) (1 diff)
• tags/9.112.2.0/inc/add_menu_to_block_reuse.php (modified) (1 diff)
• tags/9.112.2.0/inc/call-to-action/package/block/index.php (modified) (2 diffs)
• tags/9.112.2.0/inc/call-to-action/package/class-vk-call-to-action.php (modified) (1 diff)
• tags/9.112.2.0/inc/css-customize/class-veu-metabox-css-customize.php (modified) (1 diff)
• tags/9.112.2.0/inc/css-customize/css-customize-single.php (modified) (3 diffs)
• tags/9.112.2.0/inc/promotion-alert/config.php (modified) (1 diff)
• tags/9.112.2.0/inc/promotion-alert/package/class-veu-promotion-alert-metabox.php (modified) (3 diffs)
• tags/9.112.2.0/inc/promotion-alert/package/class-veu-promotion-alert.php (modified) (6 diffs)
• tags/9.112.2.0/inc/wp-title/package/wp-title.php (modified) (1 diff)
• tags/9.112.2.0/readme.txt (modified) (1 diff)
• tags/9.112.2.0/vendor/composer/installed.php (modified) (2 diffs)
• tags/9.112.2.0/veu-packages.php (modified) (2 diffs)
• tags/9.112.2.0/vkExUnit.php (modified) (1 diff)
• trunk/admin/class-veu-metabox.php (modified) (1 diff)
• trunk/inc/add_menu_to_block_reuse.php (modified) (1 diff)
• trunk/inc/call-to-action/package/block/index.php (modified) (2 diffs)
• trunk/inc/call-to-action/package/class-vk-call-to-action.php (modified) (1 diff)
• trunk/inc/css-customize/class-veu-metabox-css-customize.php (modified) (1 diff)
• trunk/inc/css-customize/css-customize-single.php (modified) (3 diffs)
• trunk/inc/promotion-alert/config.php (modified) (1 diff)
• trunk/inc/promotion-alert/package/class-veu-promotion-alert-metabox.php (modified) (3 diffs)
• trunk/inc/promotion-alert/package/class-veu-promotion-alert.php (modified) (6 diffs)
• trunk/inc/wp-title/package/wp-title.php (modified) (1 diff)
• trunk/readme.txt (modified) (1 diff)
• trunk/vendor/composer/installed.php (modified) (2 diffs)
• trunk/veu-packages.php (modified) (2 diffs)
• trunk/vkExUnit.php (modified) (1 diff)

vk-all-in-one-expansion-unit/tags/9.112.2.0/admin/class-veu-metabox.php

@@ -172 +172 @@
 
         // nonce を確認し、値が書き換えられていれば、何もしない（CSRF対策）
-        if ( ! wp_verify_nonce( $noncename__value, wp_create_nonce( __FILE__ ) ) ) {
+        if ( ! wp_verify_nonce( $noncename__value, __FILE__ ) ) {
             return $post_id;
         }

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/add_menu_to_block_reuse.php

@@ -11 +11 @@
                 $position   = 20;
                 $menu_slug  = 'edit.php?post_type=wp_block';
-                $menu_title = __( 'Manage all reusable blocks', 'vk-all-in-one-expansion-unit' );
+                $menu_title = __( 'Patterns', 'vk-all-in-one-expansion-unit' );
 
                 while ( isset( $menu[ $position ] ) ) {

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/call-to-action/package/block/index.php

@@ -231 +231 @@
                         }
 
-                        $url   = get_post_meta( $cta_id, 'vkExUnit_cta_url', true );
+                        $url   = esc_url( get_post_meta( $cta_id, 'vkExUnit_cta_url', true ) );
                         $text  = get_post_meta( $cta_id, 'vkExUnit_cta_text', true );
                         $text  = preg_replace( '/\n/', '<br/>', $text );
@@ -282 +282 @@
 
                     // Display Edit Button.
-                    $url = get_edit_post_link( $cta_post->ID );
+                    $url = esc_url( get_edit_post_link( $cta_post->ID ) );
                     if ( $url ) {
                         $content .= '<div class="veu_adminEdit veu_adminEdit_cta"><a href="' . $url . '" class="btn btn-default" target="_blank">' . __( 'Edit CTA', 'vk-all-in-one-expansion-unit' ) . '</a></div>';

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/call-to-action/package/class-vk-call-to-action.php

@@ -196 +196 @@
                 // カスタムフィールドの保存.
                 foreach ( $custom_fields as $custom_field_name => $custom_field_options ) {
+                    $data = '';
                     if ( isset( $_POST[ $custom_field_name ] ) ) {
-                        if ( ! empty( $custom_field_name['escape_type'] ) ) {
-                            if ( is_array( $custom_field_name['escape_type'] ) ) {
+                        if ( ! empty( $custom_field_options['escape_type'] ) ) {
+                            if ( is_array( $custom_field_options['escape_type'] ) ) {
                                 // エスケープ処理が複数ある場合
                                 $data = $_POST[ $custom_field_name ];
-                                foreach ( $custom_field_name['escape_type'] as $escape ) {
+                                foreach ( $custom_field_options['escape_type'] as $escape ) {
                                     $data = call_user_func( $escape, $data );
                                 }
                             } else {
                                 // エスケープ処理が一つの場合
-                                $data = call_user_func( $custom_field_name['escape_type'], $_POST[ $custom_field_name ] );
+                                $data = call_user_func( $custom_field_options['escape_type'], $_POST[ $custom_field_name ] );
                             }
                         } else {
+                            // エスケープ処理が無い場合
                             $data = $_POST[ $custom_field_name ];
                         }

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/css-customize/class-veu-metabox-css-customize.php

@@ -29 +29 @@
         $form = '';
 
-        $form .= '<textarea name="' . esc_attr( $this->args['cf_name'] ) . '" id="' . esc_attr( $this->args['cf_name'] ) . '" rows="5" cols="30" style="width:100%;">' . wp_kses_post( $cf_value ) . '</textarea>';
+        $form .= '<textarea name="' . esc_attr( $this->args['cf_name'] ) . '" id="' . esc_attr( $this->args['cf_name'] ) . '" rows="5" cols="30" style="width:100%;">' . esc_textarea( $cf_value ) . '</textarea>';
 
         return $form;
+    }
+
+    /**
+     * Override parent save to sanitize CSS payloads before persisting.
+     *
+     * @param int $post_id Current post ID.
+     * @return int
+     */
+    public function save_custom_field( $post_id ) {
+
+        if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
+            return $post_id;
+        }
+
+        $nonce_key   = 'noncename__' . $this->args['cf_name'];
+        $nonce_value = isset( $_POST[ $nonce_key ] ) ? $_POST[ $nonce_key ] : null;
+
+        if ( ! wp_verify_nonce( $nonce_value, __FILE__ ) ) {
+            return $post_id;
+        }
+
+        delete_post_meta( $post_id, $this->args['cf_name'] );
+
+        if ( empty( $_POST[ $this->args['cf_name'] ] ) ) {
+            return $post_id;
+        }
+
+        $raw_css       = wp_unslash( $_POST[ $this->args['cf_name'] ] );
+        $sanitized_css = veu_sanitize_custom_css_input( $raw_css );
+        if ( '' !== $sanitized_css ) {
+            add_post_meta( $post_id, $this->args['cf_name'], $sanitized_css );
+        }
+
+        return $post_id;
     }
 } // class VEU_Metabox_CSS_Customize {

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/css-customize/css-customize-single.php

@@ -8 +8 @@
 }
 add_action( 'after_setup_theme', 'veu_css_customize_single_load', 11 );
+
+if ( ! function_exists( 'veu_sanitize_custom_css_input' ) ) {
+    /**
+     * Basic sanitization for the Custom CSS meta field.
+     * Removes HTML tags while keeping CSS-specific characters intact.
+     *
+     * @param string $css Raw CSS provided by editors.
+     * @return string Sanitized CSS string.
+     */
+    function veu_sanitize_custom_css_input( $css ) {
+        if ( ! is_string( $css ) ) {
+            return '';
+        }
+
+        $css = wp_check_invalid_utf8( $css );
+        $css = html_entity_decode( $css, ENT_QUOTES | ENT_HTML5 );
+        $css = wp_strip_all_tags( $css, false );
+        $css = preg_replace( '/<\/?style[^>]*>/i', '', $css );
+        $css = trim( $css );
+
+        return $css;
+    }
+}
 
 /**
@@ -29 +52 @@
             $css = veu_get_the_custom_css_single( $post );
             if ( $css ) {
-                // HTMLエンティティをデコードし、HTMLタグとその内容を削除
-                $css = html_entity_decode( $css, ENT_QUOTES | ENT_HTML5 );
-                echo '<style type="text/css">/* ' . esc_html( veu_get_short_name() ) . ' CSS Customize Single */' . $css . '</style>';
+                $css = veu_sanitize_custom_css_input( $css );
+                if ( $css ) {
+                    echo '<style type="text/css">/* ' . esc_html( veu_get_short_name() ) . ' CSS Customize Single */' . $css . '</style>';
+                }
             }
         }
@@ -40 +64 @@
     $css_customize = get_post_meta( $post->ID, '_veu_custom_css', true );
     if ( $css_customize ) {
+        $css_customize = veu_sanitize_custom_css_input( $css_customize );
         // Delete br
         $css_customize = str_replace( PHP_EOL, '', $css_customize );

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/promotion-alert/config.php

@@ -1 +1 @@
 <?php
 /**
- * VEU Promotion Alert Setting
+ * VEU Promotion Disclosure Setting
  */
 

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/promotion-alert/package/class-veu-promotion-alert-metabox.php

@@ -1 +1 @@
 <?php
 /**
- * VEU Metabox Promotion Alert
+ * VEU Metabox Promotion Disclosure
  */
 
@@ -16 +16 @@
             'slug'     => 'veu_display_promotion_alert',
             'cf_name'  => 'veu_display_promotion_alert',
-            'title'    => __( 'Promotion Alert Setting', 'vk-all-in-one-expansion-unit' ),
+            'title'    => __( 'Promotion Disclosure Setting', 'vk-all-in-one-expansion-unit' ),
             'priority' => 1,
         );
@@ -37 +37 @@
 
         $form .= '<div class="veu_promotion-alert-meta-fields">';
-        $form .= '<h4>' . __( 'Promotion Alert Setting', 'vk-all-in-one-expansion-unit' ) . '</h4>';
+        $form .= '<h4>' . __( 'Promotion Disclosure Setting', 'vk-all-in-one-expansion-unit' ) . '</h4>';
         $form .= '<select name="veu_display_promotion_alert">';
         $form .= '<option value="common" ' . selected( $cf_value, 'common', false ) . '>' . __( 'Apply common settings', 'vk-all-in-one-expansion-unit' ) . '</option>';

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/promotion-alert/package/class-veu-promotion-alert.php

@@ -1 +1 @@
 <?php
 /**
- * VEU Promotion Alert
+ * VEU Promotion Disclosure
  */
 
@@ -202 +202 @@
     public static function option_init() {
         vkExUnit_register_setting(
-            __( 'Promotion Alert', 'vk-all-in-one-expansion-unit' ),           // tab label.
+            __( 'Promotion Disclosure', 'vk-all-in-one-expansion-unit' ),           // tab label.
             'vkExUnit_PA',                         // name attr
             array( __CLASS__, 'sanitize_setting' ),      // sanitaise function name
@@ -271 +271 @@
         $options = self::get_options();
         ?>
-        <h3><?php _e( 'Promotion Alert', 'vk-all-in-one-expansion-unit' ); ?></h3>
+        <h3><?php _e( 'Promotion Disclosure', 'vk-all-in-one-expansion-unit' ); ?></h3>
         <div id="vkExUnit_PA" class="sectionBox">
             <P>
-            <?php _e( 'If the article contains advertisements, it\'s necessary to provide a clear notation for general consumers to recognize.', 'vk-all-in-one-expansion-unit' ); ?>
+            <?php _e( 'If the article contains advertisements, it\'s necessary to provide a clear disclosure for general consumers to recognize.', 'vk-all-in-one-expansion-unit' ); ?>
             <br>
             <?php _e( 'By inputting here, you can automatically insert it at the beginning of the article.', 'vk-all-in-one-expansion-unit' ); ?>
@@ -280 +280 @@
             <table class="form-table">
                 <tr>
-                    <th><?php _e( 'Alert Text', 'vk-all-in-one-expansion-unit' ); ?></th>
+                    <th><?php _e( 'Disclosure Text', 'vk-all-in-one-expansion-unit' ); ?></th>
                     <td>
                         <p>
@@ -294 +294 @@
                 </tr>
                 <tr>
-                    <th><?php _e( 'Custom Alert Content', 'vk-all-in-one-expansion-unit' ); ?></th>
+                    <th><?php _e( 'Custom Disclosure Content', 'vk-all-in-one-expansion-unit' ); ?></th>
                     <td>
                         <textarea name="vkExUnit_PA[alert-content]" style="width:100%;" rows="10"><?php echo $options['alert-content']; ?></textarea>
                         <ul>
-                            <li><?php _e( 'If there is any input in "Custom Alert Content", "Alert Text" will not be displayed and will be overwritten by the content entered in "Custom Alert Content".', 'vk-all-in-one-expansion-unit' ); ?></li>
+                            <li><?php _e( 'If there is any input in "Custom Disclosure Content", "Disclosure Text" will not be displayed and will be overwritten by the content entered in "Custom Disclosure Content".', 'vk-all-in-one-expansion-unit' ); ?></li>
                             <li><?php _e( 'You can insert HTML tags here. This is designed to be used by pasting content created in the Block Editor.', 'vk-all-in-one-expansion-unit' ); ?></li>
                         </ul>
@@ -324 +324 @@
                 <table class="form-table">
                 <tr>
-                    <th><?php _e( 'Alert Hook ( Optional )', 'vk-all-in-one-expansion-unit' ); ?></th>
+                    <th><?php _e( 'Disclosure Hook ( Optional )', 'vk-all-in-one-expansion-unit' ); ?></th>
                     <td>
                         <p><?php _e( 'By default, it is output at the top of the content.', 'vk-all-in-one-expansion-unit' ); ?><br><?php _e( 'If you want to change the location of any action hook, enter the action hook name.', 'vk-all-in-one-expansion-unit' ); ?><br><?php _e( 'Ex) lightning_entry_body_prepend', 'vk-all-in-one-expansion-unit' ); ?></p>

vk-all-in-one-expansion-unit/tags/9.112.2.0/inc/wp-title/package/wp-title.php

@@ -44 +44 @@
             $options = vkExUnit_get_wp_title_options();
             if ( empty( $options['extend_frontTitle'] ) ) {
-                $title = get_bloginfo( 'name' ) . $sep . get_bloginfo( 'description' );
+                $description = get_bloginfo( 'description' );
+                $title       = get_bloginfo( 'name' );
+                if ( ! empty( $description ) ) {
+                    $title .= $sep . $description;
+                }
             } else {
                 $title = $options['extend_frontTitle'];

vk-all-in-one-expansion-unit/tags/9.112.2.0/readme.txt

@@ -82 +82 @@
 == Changelog ==
 
+= 9.112.2 =
+[ Specification Change ][ Add Reusable block menu ] Change menu name "Manage all reusable blocks" -> "Patterns"
+[ Specification Change ][ Promotion Alert ] Change UI labels from "Promotion Alert" to "Promotion Disclosure" for better accuracy of functionality description.
+[ Bug Fix ] Fix CTA / Custom CSS XSS.
+[ Bug Fix ][ Title Tag ] Prevent the separator from appearing on the front page when the site description is empty.
+
 = 9.112.1 =
 [ Bug Fix ][ Default Thumbnail ] Fix issue where default thumbnail appears in media library list view.

vk-all-in-one-expansion-unit/tags/9.112.2.0/vendor/composer/installed.php

@@ -2 +2 @@
     'root' => array(
         'name' => 'vektor-inc/vk-all-in-one-expansion-unit',
-        'pretty_version' => '9.112.1.1',
-        'version' => '9.112.1.1',
-        'reference' => '3bcb4b718ff74b8e1ce17886c2e4093b139ee5fe',
+        'pretty_version' => '9.112.2.0',
+        'version' => '9.112.2.0',
+        'reference' => '1971b26f7fb04a8d80222d09806b2a9cde75dbc8',
         'type' => 'project',
         'install_path' => __DIR__ . '/../../',
@@ -30 +30 @@
         ),
         'vektor-inc/vk-all-in-one-expansion-unit' => array(
-            'pretty_version' => '9.112.1.1',
-            'version' => '9.112.1.1',
-            'reference' => '3bcb4b718ff74b8e1ce17886c2e4093b139ee5fe',
+            'pretty_version' => '9.112.2.0',
+            'version' => '9.112.2.0',
+            'reference' => '1971b26f7fb04a8d80222d09806b2a9cde75dbc8',
             'type' => 'project',
             'install_path' => __DIR__ . '/../../',

vk-all-in-one-expansion-unit/tags/9.112.2.0/veu-packages.php

@@ -233 +233 @@
     $required_packages[] = array(
         'name'        => 'addReusableBlockMenu',
-        'title'       => __( 'Add Reusable block menu', 'vk-all-in-one-expansion-unit' ) . $deprecated,
-        'description' => __( 'Add Manage all reusable blocks menu to admin menu.', 'vk-all-in-one-expansion-unit' ),
+        'title'       => __( 'Add Patterns menu', 'vk-all-in-one-expansion-unit' ) . $deprecated,
+        'description' => __( 'Add Patterns menu to admin menu.', 'vk-all-in-one-expansion-unit' ),
         'default'     => false,
         'include'     => 'add_menu_to_block_reuse.php',
@@ -352 +352 @@
 
     /*
-        Promotion Alert
+        Promotion Disclosure
     */
     $required_packages[] = array(
         'name'        => 'promotion_alert',
-        'title'       => __( 'Promotion Alert', 'vk-all-in-one-expansion-unit' ),
-        'description' => __( 'If the article contains advertisements, it\'s essential to have a notation that general consumers can recognize.', 'vk-all-in-one-expansion-unit' ) . '<br>' . __( 'Using this feature, you can automatically insert the content set in ExUnit > Main Settings into the post.', 'vk-all-in-one-expansion-unit' ),
+        'title'       => __( 'Promotion Disclosure', 'vk-all-in-one-expansion-unit' ),
+        'description' => __( 'If the article contains advertisements, it\'s essential to have a disclosure that general consumers can recognize.', 'vk-all-in-one-expansion-unit' ) . '<br>' . __( 'Using this feature, you can automatically insert the content set in ExUnit > Main Settings into the post.', 'vk-all-in-one-expansion-unit' ),
         'attr'        => array(
             array(

vk-all-in-one-expansion-unit/tags/9.112.2.0/vkExUnit.php

@@ -4 +4 @@
  * Plugin URI: https://ex-unit.nagoya
  * Description: This plug-in is an integrated plug-in with a variety of features that make it powerful your web site. Many features can be stopped individually. Example Facebook Page Plugin,Social Bookmarks,Print OG Tags,Print Twitter Card Tags,Print Google Analytics tag,New post widget,Insert Related Posts and more!
- * Version: 9.112.1.1
+ * Version: 9.112.2.0
  * Requires PHP: 7.4
  * Requires at least: 6.5

vk-all-in-one-expansion-unit/trunk/admin/class-veu-metabox.php

@@ -172 +172 @@
 
         // nonce を確認し、値が書き換えられていれば、何もしない（CSRF対策）
-        if ( ! wp_verify_nonce( $noncename__value, wp_create_nonce( __FILE__ ) ) ) {
+        if ( ! wp_verify_nonce( $noncename__value, __FILE__ ) ) {
             return $post_id;
         }

vk-all-in-one-expansion-unit/trunk/inc/add_menu_to_block_reuse.php

@@ -11 +11 @@
                 $position   = 20;
                 $menu_slug  = 'edit.php?post_type=wp_block';
-                $menu_title = __( 'Manage all reusable blocks', 'vk-all-in-one-expansion-unit' );
+                $menu_title = __( 'Patterns', 'vk-all-in-one-expansion-unit' );
 
                 while ( isset( $menu[ $position ] ) ) {

vk-all-in-one-expansion-unit/trunk/inc/call-to-action/package/block/index.php

@@ -231 +231 @@
                         }
 
-                        $url   = get_post_meta( $cta_id, 'vkExUnit_cta_url', true );
+                        $url   = esc_url( get_post_meta( $cta_id, 'vkExUnit_cta_url', true ) );
                         $text  = get_post_meta( $cta_id, 'vkExUnit_cta_text', true );
                         $text  = preg_replace( '/\n/', '<br/>', $text );
@@ -282 +282 @@
 
                     // Display Edit Button.
-                    $url = get_edit_post_link( $cta_post->ID );
+                    $url = esc_url( get_edit_post_link( $cta_post->ID ) );
                     if ( $url ) {
                         $content .= '<div class="veu_adminEdit veu_adminEdit_cta"><a href="' . $url . '" class="btn btn-default" target="_blank">' . __( 'Edit CTA', 'vk-all-in-one-expansion-unit' ) . '</a></div>';

vk-all-in-one-expansion-unit/trunk/inc/call-to-action/package/class-vk-call-to-action.php

@@ -196 +196 @@
                 // カスタムフィールドの保存.
                 foreach ( $custom_fields as $custom_field_name => $custom_field_options ) {
+                    $data = '';
                     if ( isset( $_POST[ $custom_field_name ] ) ) {
-                        if ( ! empty( $custom_field_name['escape_type'] ) ) {
-                            if ( is_array( $custom_field_name['escape_type'] ) ) {
+                        if ( ! empty( $custom_field_options['escape_type'] ) ) {
+                            if ( is_array( $custom_field_options['escape_type'] ) ) {
                                 // エスケープ処理が複数ある場合
                                 $data = $_POST[ $custom_field_name ];
-                                foreach ( $custom_field_name['escape_type'] as $escape ) {
+                                foreach ( $custom_field_options['escape_type'] as $escape ) {
                                     $data = call_user_func( $escape, $data );
                                 }
                             } else {
                                 // エスケープ処理が一つの場合
-                                $data = call_user_func( $custom_field_name['escape_type'], $_POST[ $custom_field_name ] );
+                                $data = call_user_func( $custom_field_options['escape_type'], $_POST[ $custom_field_name ] );
                             }
                         } else {
+                            // エスケープ処理が無い場合
                             $data = $_POST[ $custom_field_name ];
                         }

vk-all-in-one-expansion-unit/trunk/inc/css-customize/class-veu-metabox-css-customize.php

@@ -29 +29 @@
         $form = '';
 
-        $form .= '<textarea name="' . esc_attr( $this->args['cf_name'] ) . '" id="' . esc_attr( $this->args['cf_name'] ) . '" rows="5" cols="30" style="width:100%;">' . wp_kses_post( $cf_value ) . '</textarea>';
+        $form .= '<textarea name="' . esc_attr( $this->args['cf_name'] ) . '" id="' . esc_attr( $this->args['cf_name'] ) . '" rows="5" cols="30" style="width:100%;">' . esc_textarea( $cf_value ) . '</textarea>';
 
         return $form;
+    }
+
+    /**
+     * Override parent save to sanitize CSS payloads before persisting.
+     *
+     * @param int $post_id Current post ID.
+     * @return int
+     */
+    public function save_custom_field( $post_id ) {
+
+        if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
+            return $post_id;
+        }
+
+        $nonce_key   = 'noncename__' . $this->args['cf_name'];
+        $nonce_value = isset( $_POST[ $nonce_key ] ) ? $_POST[ $nonce_key ] : null;
+
+        if ( ! wp_verify_nonce( $nonce_value, __FILE__ ) ) {
+            return $post_id;
+        }
+
+        delete_post_meta( $post_id, $this->args['cf_name'] );
+
+        if ( empty( $_POST[ $this->args['cf_name'] ] ) ) {
+            return $post_id;
+        }
+
+        $raw_css       = wp_unslash( $_POST[ $this->args['cf_name'] ] );
+        $sanitized_css = veu_sanitize_custom_css_input( $raw_css );
+        if ( '' !== $sanitized_css ) {
+            add_post_meta( $post_id, $this->args['cf_name'], $sanitized_css );
+        }
+
+        return $post_id;
     }
 } // class VEU_Metabox_CSS_Customize {

vk-all-in-one-expansion-unit/trunk/inc/css-customize/css-customize-single.php

@@ -8 +8 @@
 }
 add_action( 'after_setup_theme', 'veu_css_customize_single_load', 11 );
+
+if ( ! function_exists( 'veu_sanitize_custom_css_input' ) ) {
+    /**
+     * Basic sanitization for the Custom CSS meta field.
+     * Removes HTML tags while keeping CSS-specific characters intact.
+     *
+     * @param string $css Raw CSS provided by editors.
+     * @return string Sanitized CSS string.
+     */
+    function veu_sanitize_custom_css_input( $css ) {
+        if ( ! is_string( $css ) ) {
+            return '';
+        }
+
+        $css = wp_check_invalid_utf8( $css );
+        $css = html_entity_decode( $css, ENT_QUOTES | ENT_HTML5 );
+        $css = wp_strip_all_tags( $css, false );
+        $css = preg_replace( '/<\/?style[^>]*>/i', '', $css );
+        $css = trim( $css );
+
+        return $css;
+    }
+}
 
 /**
@@ -29 +52 @@
             $css = veu_get_the_custom_css_single( $post );
             if ( $css ) {
-                // HTMLエンティティをデコードし、HTMLタグとその内容を削除
-                $css = html_entity_decode( $css, ENT_QUOTES | ENT_HTML5 );
-                echo '<style type="text/css">/* ' . esc_html( veu_get_short_name() ) . ' CSS Customize Single */' . $css . '</style>';
+                $css = veu_sanitize_custom_css_input( $css );
+                if ( $css ) {
+                    echo '<style type="text/css">/* ' . esc_html( veu_get_short_name() ) . ' CSS Customize Single */' . $css . '</style>';
+                }
             }
         }
@@ -40 +64 @@
     $css_customize = get_post_meta( $post->ID, '_veu_custom_css', true );
     if ( $css_customize ) {
+        $css_customize = veu_sanitize_custom_css_input( $css_customize );
         // Delete br
         $css_customize = str_replace( PHP_EOL, '', $css_customize );

vk-all-in-one-expansion-unit/trunk/inc/promotion-alert/config.php

@@ -1 +1 @@
 <?php
 /**
- * VEU Promotion Alert Setting
+ * VEU Promotion Disclosure Setting
  */
 

vk-all-in-one-expansion-unit/trunk/inc/promotion-alert/package/class-veu-promotion-alert-metabox.php

@@ -1 +1 @@
 <?php
 /**
- * VEU Metabox Promotion Alert
+ * VEU Metabox Promotion Disclosure
  */
 
@@ -16 +16 @@
             'slug'     => 'veu_display_promotion_alert',
             'cf_name'  => 'veu_display_promotion_alert',
-            'title'    => __( 'Promotion Alert Setting', 'vk-all-in-one-expansion-unit' ),
+            'title'    => __( 'Promotion Disclosure Setting', 'vk-all-in-one-expansion-unit' ),
             'priority' => 1,
         );
@@ -37 +37 @@
 
         $form .= '<div class="veu_promotion-alert-meta-fields">';
-        $form .= '<h4>' . __( 'Promotion Alert Setting', 'vk-all-in-one-expansion-unit' ) . '</h4>';
+        $form .= '<h4>' . __( 'Promotion Disclosure Setting', 'vk-all-in-one-expansion-unit' ) . '</h4>';
         $form .= '<select name="veu_display_promotion_alert">';
         $form .= '<option value="common" ' . selected( $cf_value, 'common', false ) . '>' . __( 'Apply common settings', 'vk-all-in-one-expansion-unit' ) . '</option>';

vk-all-in-one-expansion-unit/trunk/inc/promotion-alert/package/class-veu-promotion-alert.php

@@ -1 +1 @@
 <?php
 /**
- * VEU Promotion Alert
+ * VEU Promotion Disclosure
  */
 
@@ -202 +202 @@
     public static function option_init() {
         vkExUnit_register_setting(
-            __( 'Promotion Alert', 'vk-all-in-one-expansion-unit' ),           // tab label.
+            __( 'Promotion Disclosure', 'vk-all-in-one-expansion-unit' ),           // tab label.
             'vkExUnit_PA',                         // name attr
             array( __CLASS__, 'sanitize_setting' ),      // sanitaise function name
@@ -271 +271 @@
         $options = self::get_options();
         ?>
-        <h3><?php _e( 'Promotion Alert', 'vk-all-in-one-expansion-unit' ); ?></h3>
+        <h3><?php _e( 'Promotion Disclosure', 'vk-all-in-one-expansion-unit' ); ?></h3>
         <div id="vkExUnit_PA" class="sectionBox">
             <P>
-            <?php _e( 'If the article contains advertisements, it\'s necessary to provide a clear notation for general consumers to recognize.', 'vk-all-in-one-expansion-unit' ); ?>
+            <?php _e( 'If the article contains advertisements, it\'s necessary to provide a clear disclosure for general consumers to recognize.', 'vk-all-in-one-expansion-unit' ); ?>
             <br>
             <?php _e( 'By inputting here, you can automatically insert it at the beginning of the article.', 'vk-all-in-one-expansion-unit' ); ?>
@@ -280 +280 @@
             <table class="form-table">
                 <tr>
-                    <th><?php _e( 'Alert Text', 'vk-all-in-one-expansion-unit' ); ?></th>
+                    <th><?php _e( 'Disclosure Text', 'vk-all-in-one-expansion-unit' ); ?></th>
                     <td>
                         <p>
@@ -294 +294 @@
                 </tr>
                 <tr>
-                    <th><?php _e( 'Custom Alert Content', 'vk-all-in-one-expansion-unit' ); ?></th>
+                    <th><?php _e( 'Custom Disclosure Content', 'vk-all-in-one-expansion-unit' ); ?></th>
                     <td>
                         <textarea name="vkExUnit_PA[alert-content]" style="width:100%;" rows="10"><?php echo $options['alert-content']; ?></textarea>
                         <ul>
-                            <li><?php _e( 'If there is any input in "Custom Alert Content", "Alert Text" will not be displayed and will be overwritten by the content entered in "Custom Alert Content".', 'vk-all-in-one-expansion-unit' ); ?></li>
+                            <li><?php _e( 'If there is any input in "Custom Disclosure Content", "Disclosure Text" will not be displayed and will be overwritten by the content entered in "Custom Disclosure Content".', 'vk-all-in-one-expansion-unit' ); ?></li>
                             <li><?php _e( 'You can insert HTML tags here. This is designed to be used by pasting content created in the Block Editor.', 'vk-all-in-one-expansion-unit' ); ?></li>
                         </ul>
@@ -324 +324 @@
                 <table class="form-table">
                 <tr>
-                    <th><?php _e( 'Alert Hook ( Optional )', 'vk-all-in-one-expansion-unit' ); ?></th>
+                    <th><?php _e( 'Disclosure Hook ( Optional )', 'vk-all-in-one-expansion-unit' ); ?></th>
                     <td>
                         <p><?php _e( 'By default, it is output at the top of the content.', 'vk-all-in-one-expansion-unit' ); ?><br><?php _e( 'If you want to change the location of any action hook, enter the action hook name.', 'vk-all-in-one-expansion-unit' ); ?><br><?php _e( 'Ex) lightning_entry_body_prepend', 'vk-all-in-one-expansion-unit' ); ?></p>

vk-all-in-one-expansion-unit/trunk/inc/wp-title/package/wp-title.php

@@ -44 +44 @@
             $options = vkExUnit_get_wp_title_options();
             if ( empty( $options['extend_frontTitle'] ) ) {
-                $title = get_bloginfo( 'name' ) . $sep . get_bloginfo( 'description' );
+                $description = get_bloginfo( 'description' );
+                $title       = get_bloginfo( 'name' );
+                if ( ! empty( $description ) ) {
+                    $title .= $sep . $description;
+                }
             } else {
                 $title = $options['extend_frontTitle'];

vk-all-in-one-expansion-unit/trunk/readme.txt

@@ -82 +82 @@
 == Changelog ==
 
+= 9.112.2 =
+[ Specification Change ][ Add Reusable block menu ] Change menu name "Manage all reusable blocks" -> "Patterns"
+[ Specification Change ][ Promotion Alert ] Change UI labels from "Promotion Alert" to "Promotion Disclosure" for better accuracy of functionality description.
+[ Bug Fix ] Fix CTA / Custom CSS XSS.
+[ Bug Fix ][ Title Tag ] Prevent the separator from appearing on the front page when the site description is empty.
+
 = 9.112.1 =
 [ Bug Fix ][ Default Thumbnail ] Fix issue where default thumbnail appears in media library list view.

vk-all-in-one-expansion-unit/trunk/vendor/composer/installed.php

@@ -2 +2 @@
     'root' => array(
         'name' => 'vektor-inc/vk-all-in-one-expansion-unit',
-        'pretty_version' => '9.112.1.1',
-        'version' => '9.112.1.1',
-        'reference' => '3bcb4b718ff74b8e1ce17886c2e4093b139ee5fe',
+        'pretty_version' => '9.112.2.0',
+        'version' => '9.112.2.0',
+        'reference' => '1971b26f7fb04a8d80222d09806b2a9cde75dbc8',
         'type' => 'project',
         'install_path' => __DIR__ . '/../../',
@@ -30 +30 @@
         ),
         'vektor-inc/vk-all-in-one-expansion-unit' => array(
-            'pretty_version' => '9.112.1.1',
-            'version' => '9.112.1.1',
-            'reference' => '3bcb4b718ff74b8e1ce17886c2e4093b139ee5fe',
+            'pretty_version' => '9.112.2.0',
+            'version' => '9.112.2.0',
+            'reference' => '1971b26f7fb04a8d80222d09806b2a9cde75dbc8',
             'type' => 'project',
             'install_path' => __DIR__ . '/../../',

vk-all-in-one-expansion-unit/trunk/veu-packages.php

@@ -233 +233 @@
     $required_packages[] = array(
         'name'        => 'addReusableBlockMenu',
-        'title'       => __( 'Add Reusable block menu', 'vk-all-in-one-expansion-unit' ) . $deprecated,
-        'description' => __( 'Add Manage all reusable blocks menu to admin menu.', 'vk-all-in-one-expansion-unit' ),
+        'title'       => __( 'Add Patterns menu', 'vk-all-in-one-expansion-unit' ) . $deprecated,
+        'description' => __( 'Add Patterns menu to admin menu.', 'vk-all-in-one-expansion-unit' ),
         'default'     => false,
         'include'     => 'add_menu_to_block_reuse.php',
@@ -352 +352 @@
 
     /*
-        Promotion Alert
+        Promotion Disclosure
     */
     $required_packages[] = array(
         'name'        => 'promotion_alert',
-        'title'       => __( 'Promotion Alert', 'vk-all-in-one-expansion-unit' ),
-        'description' => __( 'If the article contains advertisements, it\'s essential to have a notation that general consumers can recognize.', 'vk-all-in-one-expansion-unit' ) . '<br>' . __( 'Using this feature, you can automatically insert the content set in ExUnit > Main Settings into the post.', 'vk-all-in-one-expansion-unit' ),
+        'title'       => __( 'Promotion Disclosure', 'vk-all-in-one-expansion-unit' ),
+        'description' => __( 'If the article contains advertisements, it\'s essential to have a disclosure that general consumers can recognize.', 'vk-all-in-one-expansion-unit' ) . '<br>' . __( 'Using this feature, you can automatically insert the content set in ExUnit > Main Settings into the post.', 'vk-all-in-one-expansion-unit' ),
         'attr'        => array(
             array(

vk-all-in-one-expansion-unit/trunk/vkExUnit.php

@@ -4 +4 @@
  * Plugin URI: https://ex-unit.nagoya
  * Description: This plug-in is an integrated plug-in with a variety of features that make it powerful your web site. Many features can be stopped individually. Example Facebook Page Plugin,Social Bookmarks,Print OG Tags,Print Twitter Card Tags,Print Google Analytics tag,New post widget,Insert Related Posts and more!
- * Version: 9.112.1.1
+ * Version: 9.112.2.0
  * Requires PHP: 7.4
  * Requires at least: 6.5