WordPress.org
Get WordPress

Plugin Directory

source: nokia-mapsplaces/trunk/nokia-mapsplaces.php @ 841883

Last change on this file since 841883 was 841883, checked in by radek.adamczyk, 11 years ago

fixing href sec. issue. Place is is extracted instead of passing the full url which can be compromised
File size: 4.5 KB
Line 
1<?php
2/** This file is part of Nokia Maps Places Wordpress plugin
3
4Copyright (c) 2011 Nokia Corporation and/or its subsidiary(-ies).*
5All rights reserved.
6
7Contact:  Nokia Corporation radoslaw.adamczyk@nokia.com
8
9You may use this file under the terms of the BSD license as follows:
10
11Redistribution and use in source and binary forms, with or without modification,
12are permitted provided that the following conditions are met:
13* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
14* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
15* Neither the name of Nokia Corporation and its Subsidiary(-ies) nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
16
17THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18*/
19
20/*
21  Plugin Name: Nokia Maps Places
22  Plugin URI: http://wordpress.org/extend/plugins/nokia-mapsplaces/
23  Description: With this plugin you are able to add a places and addresses into a post or a page.
24  Version: 1.6.6
25  Author: Nokia Corporation
26  Author Email: radoslaw.adamczyk@nokia.com
27  License: BSD License
28 */
29
30include_once (dirname(__FILE__) . '/widget.php');
31
32
33/**
34 * get_nokiaplaces_url
35 *
36 * @package Nokia Places Plugin
37 * Get plugin_url > used in tinymce.php
38 *
39 */
40function nokiaplaces_url($path = '') {
41    global $wp_version;
42    if (version_compare($wp_version, '2.8', '<')) { // Using WordPress 2.7
43        $folder = dirname(plugin_basename(__FILE__));
44        if ('.' != $folder)
45            $path = path_join(ltrim($folder, '/'), $path);
46
47        return plugins_url($path);
48    }
49    return plugins_url($path, __FILE__);
50}
51
52include_once (dirname(__FILE__) . '/tinymce/tinymce.php');
53
54/**
55 * allow_iframe
56 *
57 * Allows iframe in editor
58 *
59 */
60function add_iframe($initArray) {
61    $initArray['extended_valid_elements'] = "iframe[id|frameborder|height|scrolling|src|width]";
62    return $initArray;
63}
64
65add_filter('tiny_mce_before_init', 'add_iframe');
66
67/**
68 *
69 * @package Nokia Places Plugin
70 * Register Nokia places shortcode and the way extracting it
71 *
72 */
73// [nokia-maps template="template" place="placeId"]
74//or [nokia-maps template="template" place_data="jsonObject"]
75function nokia_place_shortcode($atts, $c) {
76    $map = array(
77        'placeid' => '',
78        'place_data_params' => '',
79        'template' => '',
80        'sizes' => '',
81        'display_options' => '',
82                 'tiletype' => '',
83                 'zoomlevel' => '',
84                 'latitude' => '',
85                 'longitude' => '',
86                 'title' => ''
87   );
88
89    if(isset($atts['place_data_params'])){
90        for($i = 1; $i <= $atts['place_data_params']; $i++){
91            $map['place_data_'.$i] = '';
92        }
93    }
94
95        //extract place identifier from the url
96        preg_match('([\w\d]{8}-[\w\d]{32}[;context=\w\d]*)', $atts['href'], $matches);
97        $atts['placeid'] = $matches[0];
98        unset($atts['href']);
99
100    $atts = shortcode_atts($map, $atts);
101    $str = http_build_query($atts);
102    preg_match("#height':\s?'(\d+)'#", $atts['sizes'], $size);
103
104    return create_nokia_places_post($str, $size[1]);
105}
106
107add_shortcode('nokia-maps', 'nokia_place_shortcode');
108
109/**
110 * insert_nokiaplace
111 *
112 * @package Nokia Places Plugin
113 * Insert nokia places basic place
114 *
115 */
116function create_nokia_places_post($query, $height) {
117    //Replace shortcode with div+js core
118    $frame_id = md5($query);
119    return "<iframe id='places_api_view{$frame_id}' frameborder='no' scrolling='no' height='{$height}' width='100%' src='".get_option('siteurl')."/wp-content/plugins/nokia-mapsplaces/page/place.html?{$query}&amp;iframeid={$frame_id}'>IFRAMES not supported</iframe>";
120}
121
122
123
124?>
Note: See TracBrowser for help on using the repository browser.