Changeset 3454510

Timestamp:

02/05/2026 11:02:08 AM (7 weeks ago)

Author:

htplugins

Message:

Update to version 1.0.7 from GitHub

Location:

docus

Files:

• tags/1.0.7 (copied) (copied from docus/trunk)
• tags/1.0.7/.gitattributes (added)
• tags/1.0.7/.github (added)
• tags/1.0.7/.github/workflows (added)
• tags/1.0.7/.github/workflows/asset-readme.yml (added)
• tags/1.0.7/.github/workflows/deploy.yml (added)
• tags/1.0.7/.wordpress-org (added)
• tags/1.0.7/.wordpress-org/banner-772x250.jpg (added)
• tags/1.0.7/.wordpress-org/icon-128x128.jpg (added)
• tags/1.0.7/.wordpress-org/screenshot-1.png (added)
• tags/1.0.7/.wordpress-org/screenshot-2.png (added)
• tags/1.0.7/.wordpress-org/screenshot-3.png (added)
• tags/1.0.7/.wordpress-org/screenshot-4.png (added)
• tags/1.0.7/admin/Recommended_Plugins.php (modified) (8 diffs)
• tags/1.0.7/admin/assets/js/plugins_install_manager.js (modified) (2 diffs)
• tags/1.0.7/docus.php (modified) (1 diff)
• tags/1.0.7/includes/class.docus.php (modified) (1 diff)
• tags/1.0.7/includes/class.shortcode.php (modified) (2 diffs)
• tags/1.0.7/languages (deleted)
• trunk/.gitattributes (added)
• trunk/.github (added)
• trunk/.github/workflows (added)
• trunk/.github/workflows/asset-readme.yml (added)
• trunk/.github/workflows/deploy.yml (added)
• trunk/.wordpress-org (added)
• trunk/.wordpress-org/banner-772x250.jpg (added)
• trunk/.wordpress-org/icon-128x128.jpg (added)
• trunk/.wordpress-org/screenshot-1.png (added)
• trunk/.wordpress-org/screenshot-2.png (added)
• trunk/.wordpress-org/screenshot-3.png (added)
• trunk/.wordpress-org/screenshot-4.png (added)
• trunk/admin/Recommended_Plugins.php (modified) (8 diffs)
• trunk/admin/assets/js/plugins_install_manager.js (modified) (2 diffs)
• trunk/docus.php (modified) (1 diff)
• trunk/includes/class.docus.php (modified) (1 diff)
• trunk/includes/class.shortcode.php (modified) (2 diffs)
• trunk/languages (deleted)

docus/tags/1.0.7/admin/Recommended_Plugins.php

@@ -106 +106 @@
     public function enqueue_assets( $hook_suffix ) {
         if( $this->hook_suffix ){
-            if( $this->hook_suffix == $hook_suffix ){
-                wp_enqueue_script( 'htrp-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
+            if( $this->hook_suffix != $hook_suffix ){
+                return;
             }
-        } else {
-            wp_enqueue_script( 'htrp-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
-        }
-
-        /**
-        * Thickbox assest
-        */
-        add_thickbox();
+        }
+
+        wp_enqueue_script( 'docus-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
 
         /**
@@ -123 +118 @@
         $localize_vars['ajaxurl'] = admin_url('admin-ajax.php');
         $localize_vars['text_domain'] = sanitize_title_with_dashes( $this->text_domain );
+        $localize_vars['nonce'] = wp_create_nonce('docus_rp_nonce');
         $localize_vars['buttontxt'] = array(
             'buynow'     => esc_html__( 'Buy Now', $this->text_domain ),
@@ -130 +126 @@
             'active'     => esc_html__( 'Activated', $this->text_domain ),
         );
-        wp_localize_script( 'htrp-plugin-install-manager', 'htrp_params', $localize_vars );
+        wp_localize_script( 'docus-plugin-install-manager', 'htrp_params', $localize_vars );
 
     }
@@ -221 +217 @@
                                     $description  = strip_tags( $prepare_plugin[$data['slug']]['description'] );
                                     $author_name  = wp_kses( $prepare_plugin[$data['slug']]['author'], $this->plugins_allowedtags );
-                                    $details_link = self_admin_url('plugin-install.php?tab=plugin-information&plugin=' . $plugin['slug'] .'&TB_iframe=true&width=772&height=577');
-                                    $target       = '_self';
-                                    $modal_class  = 'class="thickbox open-plugin-details-modal"';
+                                    $details_link = 'https://wordpress.org/plugins/' . $plugin['slug'] . '/';
+                                    $target       = '_blank';
 
                                 }else{
@@ -235 +230 @@
                                     $button_classes = 'button button-primary';
                                     $target         = '_blank';
-                                    $modal_class    = '';
                                 }
 
@@ -263 +257 @@
                                             <div class="name column-name" style="margin-right: 0;">
                                                 <h3>
-                                                    <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>" <?php echo $modal_class; ?>>
+                                                    <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>">
                                                         <?php echo esc_html( $title ) ?>
                                                         <img src="<?php echo esc_url( $image_url ) ?>" class="plugin-icon" alt="<?php echo esc_attr( $title ) ?>">
@@ -289 +283 @@
                                                     }else{
                                                 ?>
-                                                    <button class="<?php echo $button_classes; ?>" data-pluginopt='<?php echo wp_json_encode( $data ); ?>'><?php echo $button_text; ?></button>
+                                                    <button class="<?php echo esc_attr($button_classes); ?>" data-pluginopt='<?php echo wp_json_encode( $data ); ?>'><?php echo esc_html($button_text); ?></button>
                                                     
                                                 <?php } ?>
                                             </div>
                                             <div class="column-downloaded">
-                                                <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>" <?php echo $modal_class; ?>><?php echo esc_html__('More Details', $this->text_domain) ?></a>
+                                                <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>"><?php echo esc_html__('More Details', $this->text_domain) ?></a>
                                                 <span class="downloaded-count">
                                                     <?php
@@ -391 +385 @@
     public function plugin_activation() {
 
+        check_ajax_referer('docus_rp_nonce', 'nonce');
+
         if ( ! current_user_can( 'install_plugins' ) || ! isset( $_POST['location'] ) || ! $_POST['location'] ) {
             wp_send_json_error(

docus/tags/1.0.7/admin/assets/js/plugins_install_manager.js

@@ -93 +93 @@
                         action   : htrp_params.text_domain+'_ajax_plugin_activation',
                         location : $plugindata['location'],
+                        nonce   : htrp_params.nonce,
                     },
                 } ).done( function( result ) {
@@ -132 +133 @@
                     action   : htrp_params.text_domain+'_ajax_plugin_activation',
                     location : $plugindata['location'],
+                    nonce   : htrp_params.nonce,
                 },
             }).done( function( response ) {

docus/tags/1.0.7/docus.php

@@ -5 +5 @@
  * Author:      HasThemes
  * Author URI:  https://hasthemes.com/
- * Version:     1.0.6
+ * Version:     1.0.7
  * Text Domain: docus
  * Domain Path: /languages

docus/tags/1.0.7/includes/class.docus.php

@@ -26 +26 @@
     function __construct()
     {
-        add_action( 'init', array( $this, 'i18n') );
-        add_action( 'plugins_loaded', array( $this, 'init' ) );
+        add_action( 'init', array( $this, 'i18n'), 1 );
+        add_action( 'init', array( $this, 'init' ), 10 );
         add_action( 'wp_enqueue_scripts', array( $this, 'docus_assets_enqueue' ) );
         register_activation_hook(DOCUS_PL_ROOT, array( $this, 'docus_deactivate_pro_version' ));

docus/tags/1.0.7/includes/class.shortcode.php

@@ -42 +42 @@
         $list_attributes = shortcode_atts($default, $attributes);
 
-        $api_data = json_encode(
+        // Sanitize user-supplied attributes to prevent XSS
+        $key = sanitize_text_field( $list_attributes['key'] );
+        $channelid = sanitize_text_field( $list_attributes['channelid'] );
+        $limit = absint( $list_attributes['limit'] );
+
+        $api_data = wp_json_encode(
             array(
-                "api_key"       => $list_attributes['key'],
-                "channel_id"    => $list_attributes['channelid'],
+                "api_key"       => $key,
+                "channel_id"    => $channelid,
                 "layout_style"  => docus_get_option('page_layout_style',''),
-                "video_limit"   => $list_attributes['limit'],
+                "video_limit"   => $limit,
             )
         );
@@ -53 +58 @@
         ob_start();
         ?>
-        <div class="htyt-channel-area" id="<?php echo 'key-'.$list_attributes['key'].'-'.$list_attributes['channelid']; ?>">
-            <div class="htyt-channel-top-area" data-apidata='<?php echo $api_data; ?>'>
+        <div class="htyt-channel-area" id="<?php echo 'key-' . esc_attr( $key ) . '-' . esc_attr( $channelid ); ?>">
+            <div class="htyt-channel-top-area" data-apidata='<?php echo esc_attr($api_data); ?>'>
                 <div class="htyt-container">
                     <div class="htyt-channel-info-wrapper">

docus/trunk/admin/Recommended_Plugins.php

@@ -106 +106 @@
     public function enqueue_assets( $hook_suffix ) {
         if( $this->hook_suffix ){
-            if( $this->hook_suffix == $hook_suffix ){
-                wp_enqueue_script( 'htrp-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
+            if( $this->hook_suffix != $hook_suffix ){
+                return;
             }
-        } else {
-            wp_enqueue_script( 'htrp-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
-        }
-
-        /**
-        * Thickbox assest
-        */
-        add_thickbox();
+        }
+
+        wp_enqueue_script( 'docus-plugin-install-manager', $this->assets_url . '/js/plugins_install_manager.js', array('jquery','wp-util', 'updates'), '1.0.0', true );
 
         /**
@@ -123 +118 @@
         $localize_vars['ajaxurl'] = admin_url('admin-ajax.php');
         $localize_vars['text_domain'] = sanitize_title_with_dashes( $this->text_domain );
+        $localize_vars['nonce'] = wp_create_nonce('docus_rp_nonce');
         $localize_vars['buttontxt'] = array(
             'buynow'     => esc_html__( 'Buy Now', $this->text_domain ),
@@ -130 +126 @@
             'active'     => esc_html__( 'Activated', $this->text_domain ),
         );
-        wp_localize_script( 'htrp-plugin-install-manager', 'htrp_params', $localize_vars );
+        wp_localize_script( 'docus-plugin-install-manager', 'htrp_params', $localize_vars );
 
     }
@@ -221 +217 @@
                                     $description  = strip_tags( $prepare_plugin[$data['slug']]['description'] );
                                     $author_name  = wp_kses( $prepare_plugin[$data['slug']]['author'], $this->plugins_allowedtags );
-                                    $details_link = self_admin_url('plugin-install.php?tab=plugin-information&plugin=' . $plugin['slug'] .'&TB_iframe=true&width=772&height=577');
-                                    $target       = '_self';
-                                    $modal_class  = 'class="thickbox open-plugin-details-modal"';
+                                    $details_link = 'https://wordpress.org/plugins/' . $plugin['slug'] . '/';
+                                    $target       = '_blank';
 
                                 }else{
@@ -235 +230 @@
                                     $button_classes = 'button button-primary';
                                     $target         = '_blank';
-                                    $modal_class    = '';
                                 }
 
@@ -263 +257 @@
                                             <div class="name column-name" style="margin-right: 0;">
                                                 <h3>
-                                                    <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>" <?php echo $modal_class; ?>>
+                                                    <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>">
                                                         <?php echo esc_html( $title ) ?>
                                                         <img src="<?php echo esc_url( $image_url ) ?>" class="plugin-icon" alt="<?php echo esc_attr( $title ) ?>">
@@ -289 +283 @@
                                                     }else{
                                                 ?>
-                                                    <button class="<?php echo $button_classes; ?>" data-pluginopt='<?php echo wp_json_encode( $data ); ?>'><?php echo $button_text; ?></button>
+                                                    <button class="<?php echo esc_attr($button_classes); ?>" data-pluginopt='<?php echo wp_json_encode( $data ); ?>'><?php echo esc_html($button_text); ?></button>
                                                     
                                                 <?php } ?>
                                             </div>
                                             <div class="column-downloaded">
-                                                <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>" <?php echo $modal_class; ?>><?php echo esc_html__('More Details', $this->text_domain) ?></a>
+                                                <a href="<?php echo esc_url( $details_link ) ?>" target="<?php echo esc_attr( $target ) ?>"><?php echo esc_html__('More Details', $this->text_domain) ?></a>
                                                 <span class="downloaded-count">
                                                     <?php
@@ -391 +385 @@
     public function plugin_activation() {
 
+        check_ajax_referer('docus_rp_nonce', 'nonce');
+
         if ( ! current_user_can( 'install_plugins' ) || ! isset( $_POST['location'] ) || ! $_POST['location'] ) {
             wp_send_json_error(

docus/trunk/admin/assets/js/plugins_install_manager.js

@@ -93 +93 @@
                         action   : htrp_params.text_domain+'_ajax_plugin_activation',
                         location : $plugindata['location'],
+                        nonce   : htrp_params.nonce,
                     },
                 } ).done( function( result ) {
@@ -132 +133 @@
                     action   : htrp_params.text_domain+'_ajax_plugin_activation',
                     location : $plugindata['location'],
+                    nonce   : htrp_params.nonce,
                 },
             }).done( function( response ) {

docus/trunk/docus.php

@@ -5 +5 @@
  * Author:      HasThemes
  * Author URI:  https://hasthemes.com/
- * Version:     1.0.6
+ * Version:     1.0.7
  * Text Domain: docus
  * Domain Path: /languages

docus/trunk/includes/class.docus.php

@@ -26 +26 @@
     function __construct()
     {
-        add_action( 'init', array( $this, 'i18n') );
-        add_action( 'plugins_loaded', array( $this, 'init' ) );
+        add_action( 'init', array( $this, 'i18n'), 1 );
+        add_action( 'init', array( $this, 'init' ), 10 );
         add_action( 'wp_enqueue_scripts', array( $this, 'docus_assets_enqueue' ) );
         register_activation_hook(DOCUS_PL_ROOT, array( $this, 'docus_deactivate_pro_version' ));

docus/trunk/includes/class.shortcode.php

@@ -42 +42 @@
         $list_attributes = shortcode_atts($default, $attributes);
 
-        $api_data = json_encode(
+        // Sanitize user-supplied attributes to prevent XSS
+        $key = sanitize_text_field( $list_attributes['key'] );
+        $channelid = sanitize_text_field( $list_attributes['channelid'] );
+        $limit = absint( $list_attributes['limit'] );
+
+        $api_data = wp_json_encode(
             array(
-                "api_key"       => $list_attributes['key'],
-                "channel_id"    => $list_attributes['channelid'],
+                "api_key"       => $key,
+                "channel_id"    => $channelid,
                 "layout_style"  => docus_get_option('page_layout_style',''),
-                "video_limit"   => $list_attributes['limit'],
+                "video_limit"   => $limit,
             )
         );
@@ -53 +58 @@
         ob_start();
         ?>
-        <div class="htyt-channel-area" id="<?php echo 'key-'.$list_attributes['key'].'-'.$list_attributes['channelid']; ?>">
-            <div class="htyt-channel-top-area" data-apidata='<?php echo $api_data; ?>'>
+        <div class="htyt-channel-area" id="<?php echo 'key-' . esc_attr( $key ) . '-' . esc_attr( $channelid ); ?>">
+            <div class="htyt-channel-top-area" data-apidata='<?php echo esc_attr($api_data); ?>'>
                 <div class="htyt-container">
                     <div class="htyt-channel-info-wrapper">