Changeset 2679436
- Timestamp:
- 02/15/2022 09:04:54 PM (3 years ago)
- Location:
- mark-posts
- Files:
-
- 16 edited
- 1 copied
-
tags/2.0.1 (copied) (copied from mark-posts/trunk)
-
tags/2.0.1/CHANGELOG.md (modified) (1 diff)
-
tags/2.0.1/README.txt (modified) (2 diffs)
-
tags/2.0.1/admin/assets/js/markposts.js (modified) (1 diff)
-
tags/2.0.1/admin/views/admin.php (modified) (5 diffs)
-
tags/2.0.1/composer.json (modified) (1 diff)
-
tags/2.0.1/composer.lock (modified) (5 diffs)
-
tags/2.0.1/languages/mark-posts.pot (modified) (1 diff)
-
tags/2.0.1/mark-posts.php (modified) (2 diffs)
-
trunk/CHANGELOG.md (modified) (1 diff)
-
trunk/README.txt (modified) (2 diffs)
-
trunk/admin/assets/js/markposts.js (modified) (1 diff)
-
trunk/admin/views/admin.php (modified) (5 diffs)
-
trunk/composer.json (modified) (1 diff)
-
trunk/composer.lock (modified) (5 diffs)
-
trunk/languages/mark-posts.pot (modified) (1 diff)
-
trunk/mark-posts.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
mark-posts/tags/2.0.1/CHANGELOG.md
r2475923 r2679436 2 2 3 3 Notable changes and release notes of the Mark Posts WordPress plugin. 4 5 ## 2.0.1 6 * Fixes a possible XSS vulnerability. 7 Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability. 4 8 5 9 ## 2.0.0 -
mark-posts/tags/2.0.1/README.txt
r2475923 r2679436 3 3 Tags: mark posts, highlight, highlight posts, status, post status, overview, post overview, featured, custom posts, featured posts, post, posts 4 4 Requires at least: 3.7 5 Tested up to: 5. 6.15 Tested up to: 5.9 6 6 Requires PHP: 7.0 7 Stable tag: 2.0. 07 Stable tag: 2.0.1 8 8 License: GPLv2 or later 9 9 License URI: https://www.gnu.org/licenses/gpl-2.0.txt … … 94 94 == Changelog == 95 95 96 = 2.0.1 = 97 * Fixes a possible XSS vulnerability. 98 Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability. 99 96 100 = 2.0.0 = 97 101 * Breaking change: Markers are no longer public by default. -
mark-posts/tags/2.0.1/admin/assets/js/markposts.js
r915370 r2679436 44 44 var make_markers = $(this).val().split(","); // separate marker by comma 45 45 $(make_markers).each(function(e) { // push each new marker to array 46 markers.push('<span class="new-marker">'+make_markers[e]+'</span>'); 46 var marker = make_markers[e].replace(/(<([^>]+)>)/ig,""); // remove HTML from name (preview only) 47 markers.push('<span class="new-marker">'+marker+'</span>'); 47 48 }); 48 49 -
mark-posts/tags/2.0.1/admin/views/admin.php
r2374304 r2679436 129 129 } 130 130 foreach ($markers as $marker) { 131 $marker = trim( $marker);131 $marker = trim(sanitize_text_field($marker)); 132 132 $color = $default_colors[$i]; // define default color 133 133 wp_insert_term($marker, 'marker', [ … … 148 148 if (isset($_POST['markernames'])) { 149 149 foreach ($_POST['markernames'] as $markername) { 150 $marker = trim(sanitize_text_field($markername)); 150 151 wp_update_term($_POST['term_ids'][$i], 'marker', [ 151 'name' => $marker name,152 'slug' => sanitize_title($marker name),152 'name' => $marker, 153 'slug' => sanitize_title($marker), 153 154 'description' => $_POST['colors'][$i], 154 155 ]); … … 240 241 // Filter excluded post types. 241 242 if (!in_array($one_post_type, mark_posts_excluded_post_types())) { 242 echo '<p><input name="markertypes[]" type="checkbox" value="'. $one_post_type.'"';243 echo '<p><input name="markertypes[]" type="checkbox" value="'.esc_attr($one_post_type).'"'; 243 244 if (isset($option['mark_posts_posttypes'])) { 244 245 if (in_array($one_post_type, $option['mark_posts_posttypes'])) { … … 246 247 } 247 248 } 248 echo ' /> '. mark_posts_get_post_type_name($one_post_type).'</p>';249 echo ' /> '.esc_html(mark_posts_get_post_type_name($one_post_type)).'</p>'; 249 250 } 250 251 } … … 306 307 } 307 308 308 echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'. $marker_term->name.'"></th>';309 echo '<td width="130"><input type="text" name="colors[]" value="'. $color.'" class="my-color-field" data-default-color="'.$color.'"/></td>';310 echo '<td><input type="checkbox" name="delete[]" id="delete_'. $marker_term->term_id.'" value="'.$marker_term->term_id.'"> <label for="delete_'.$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>';311 echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'. $marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>';312 echo '<input type="hidden" name="term_ids[]" value="'. $marker_term->term_id.'"/>';309 echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'.esc_html($marker_term->name).'"></th>'; 310 echo '<td width="130"><input type="text" name="colors[]" value="'.esc_attr($color).'" class="my-color-field" data-default-color="'.esc_attr($color).'"/></td>'; 311 echo '<td><input type="checkbox" name="delete[]" id="delete_'.(int)$marker_term->term_id.'" value="'.(int)$marker_term->term_id.'"> <label for="delete_'.(int)$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>'; 312 echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'.(int)$marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>'; 313 echo '<input type="hidden" name="term_ids[]" value="'.(int)$marker_term->term_id.'"/>'; 313 314 $i++; 314 315 } -
mark-posts/tags/2.0.1/composer.json
r2475923 r2679436 31 31 }, 32 32 "require-dev": { 33 "roots/wordpress": "^5. 6"33 "roots/wordpress": "^5.8" 34 34 } 35 35 } -
mark-posts/tags/2.0.1/composer.lock
r2475923 r2679436 5 5 "This file is @generated automatically" 6 6 ], 7 "content-hash": " 5d6b30a3e46793ede02a9dbc1738e101",7 "content-hash": "9195402cb30fdef66a0de3191d70528c", 8 8 "packages": [], 9 9 "packages-dev": [ 10 10 { 11 11 "name": "roots/wordpress", 12 "version": "5. 6.1",12 "version": "5.8", 13 13 "source": { 14 14 "type": "git", 15 15 "url": "https://github.com/WordPress/WordPress.git", 16 "reference": "5. 6.1"16 "reference": "5.8" 17 17 }, 18 18 "dist": { 19 19 "type": "zip", 20 "url": "https://api.github.com/repos/WordPress/WordPress/zipball/ 5.6.1"20 "url": "https://api.github.com/repos/WordPress/WordPress/zipball/refs/tags/5.8" 21 21 }, 22 22 "require": { … … 42 42 "wordpress" 43 43 ], 44 "support": { 45 "docs": "https://developer.wordpress.org/", 46 "forum": "https://wordpress.org/support/", 47 "irc": "irc://irc.freenode.net/wordpress", 48 "issues": "https://core.trac.wordpress.org/", 49 "rss": "https://wordpress.org/news/feed/", 50 "source": "https://core.trac.wordpress.org/browser", 51 "wiki": "https://codex.wordpress.org/" 52 }, 44 53 "funding": [ 45 54 { … … 52 61 } 53 62 ], 54 "time": "2021-0 2-03T21:15:13+00:00"63 "time": "2021-07-20T16:24:55+00:00" 55 64 }, 56 65 { … … 109 118 "wordpress" 110 119 ], 120 "support": { 121 "issues": "https://github.com/roots/wordpress-core-installer/issues", 122 "source": "https://github.com/roots/wordpress-core-installer/tree/master" 123 }, 111 124 "funding": [ 112 125 { … … 131 144 }, 132 145 "platform-dev": [], 133 "plugin-api-version": " 1.1.0"146 "plugin-api-version": "2.0.0" 134 147 } -
mark-posts/tags/2.0.1/languages/mark-posts.pot
r2475923 r2679436 3 3 msgid "" 4 4 msgstr "" 5 "Project-Id-Version: Mark Posts 2.0. 0\n"5 "Project-Id-Version: Mark Posts 2.0.1\n" 6 6 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/mark-posts\n" 7 7 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" -
mark-posts/tags/2.0.1/mark-posts.php
r2475923 r2679436 4 4 * Description: Mark and highlight posts, pages and posts of custom post types within the posts overview. 5 5 * Plugin URI: https://wordpress.org/plugins/mark-posts 6 * Version: 2.0. 06 * Version: 2.0.1 7 7 * Author: Michael Schoenrock, Sven Hofmann 8 8 * Author URI: https://www.halloecho.de … … 29 29 */ 30 30 if (!defined('WP_MARK_POSTS_VERSION')) { 31 define('WP_MARK_POSTS_VERSION', '2.0. 0');31 define('WP_MARK_POSTS_VERSION', '2.0.1'); 32 32 } 33 33 -
mark-posts/trunk/CHANGELOG.md
r2475923 r2679436 2 2 3 3 Notable changes and release notes of the Mark Posts WordPress plugin. 4 5 ## 2.0.1 6 * Fixes a possible XSS vulnerability. 7 Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability. 4 8 5 9 ## 2.0.0 -
mark-posts/trunk/README.txt
r2475923 r2679436 3 3 Tags: mark posts, highlight, highlight posts, status, post status, overview, post overview, featured, custom posts, featured posts, post, posts 4 4 Requires at least: 3.7 5 Tested up to: 5. 6.15 Tested up to: 5.9 6 6 Requires PHP: 7.0 7 Stable tag: 2.0. 07 Stable tag: 2.0.1 8 8 License: GPLv2 or later 9 9 License URI: https://www.gnu.org/licenses/gpl-2.0.txt … … 94 94 == Changelog == 95 95 96 = 2.0.1 = 97 * Fixes a possible XSS vulnerability. 98 Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability. 99 96 100 = 2.0.0 = 97 101 * Breaking change: Markers are no longer public by default. -
mark-posts/trunk/admin/assets/js/markposts.js
r915370 r2679436 44 44 var make_markers = $(this).val().split(","); // separate marker by comma 45 45 $(make_markers).each(function(e) { // push each new marker to array 46 markers.push('<span class="new-marker">'+make_markers[e]+'</span>'); 46 var marker = make_markers[e].replace(/(<([^>]+)>)/ig,""); // remove HTML from name (preview only) 47 markers.push('<span class="new-marker">'+marker+'</span>'); 47 48 }); 48 49 -
mark-posts/trunk/admin/views/admin.php
r2374304 r2679436 129 129 } 130 130 foreach ($markers as $marker) { 131 $marker = trim( $marker);131 $marker = trim(sanitize_text_field($marker)); 132 132 $color = $default_colors[$i]; // define default color 133 133 wp_insert_term($marker, 'marker', [ … … 148 148 if (isset($_POST['markernames'])) { 149 149 foreach ($_POST['markernames'] as $markername) { 150 $marker = trim(sanitize_text_field($markername)); 150 151 wp_update_term($_POST['term_ids'][$i], 'marker', [ 151 'name' => $marker name,152 'slug' => sanitize_title($marker name),152 'name' => $marker, 153 'slug' => sanitize_title($marker), 153 154 'description' => $_POST['colors'][$i], 154 155 ]); … … 240 241 // Filter excluded post types. 241 242 if (!in_array($one_post_type, mark_posts_excluded_post_types())) { 242 echo '<p><input name="markertypes[]" type="checkbox" value="'. $one_post_type.'"';243 echo '<p><input name="markertypes[]" type="checkbox" value="'.esc_attr($one_post_type).'"'; 243 244 if (isset($option['mark_posts_posttypes'])) { 244 245 if (in_array($one_post_type, $option['mark_posts_posttypes'])) { … … 246 247 } 247 248 } 248 echo ' /> '. mark_posts_get_post_type_name($one_post_type).'</p>';249 echo ' /> '.esc_html(mark_posts_get_post_type_name($one_post_type)).'</p>'; 249 250 } 250 251 } … … 306 307 } 307 308 308 echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'. $marker_term->name.'"></th>';309 echo '<td width="130"><input type="text" name="colors[]" value="'. $color.'" class="my-color-field" data-default-color="'.$color.'"/></td>';310 echo '<td><input type="checkbox" name="delete[]" id="delete_'. $marker_term->term_id.'" value="'.$marker_term->term_id.'"> <label for="delete_'.$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>';311 echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'. $marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>';312 echo '<input type="hidden" name="term_ids[]" value="'. $marker_term->term_id.'"/>';309 echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'.esc_html($marker_term->name).'"></th>'; 310 echo '<td width="130"><input type="text" name="colors[]" value="'.esc_attr($color).'" class="my-color-field" data-default-color="'.esc_attr($color).'"/></td>'; 311 echo '<td><input type="checkbox" name="delete[]" id="delete_'.(int)$marker_term->term_id.'" value="'.(int)$marker_term->term_id.'"> <label for="delete_'.(int)$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>'; 312 echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'.(int)$marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>'; 313 echo '<input type="hidden" name="term_ids[]" value="'.(int)$marker_term->term_id.'"/>'; 313 314 $i++; 314 315 } -
mark-posts/trunk/composer.json
r2475923 r2679436 31 31 }, 32 32 "require-dev": { 33 "roots/wordpress": "^5. 6"33 "roots/wordpress": "^5.8" 34 34 } 35 35 } -
mark-posts/trunk/composer.lock
r2475923 r2679436 5 5 "This file is @generated automatically" 6 6 ], 7 "content-hash": " 5d6b30a3e46793ede02a9dbc1738e101",7 "content-hash": "9195402cb30fdef66a0de3191d70528c", 8 8 "packages": [], 9 9 "packages-dev": [ 10 10 { 11 11 "name": "roots/wordpress", 12 "version": "5. 6.1",12 "version": "5.8", 13 13 "source": { 14 14 "type": "git", 15 15 "url": "https://github.com/WordPress/WordPress.git", 16 "reference": "5. 6.1"16 "reference": "5.8" 17 17 }, 18 18 "dist": { 19 19 "type": "zip", 20 "url": "https://api.github.com/repos/WordPress/WordPress/zipball/ 5.6.1"20 "url": "https://api.github.com/repos/WordPress/WordPress/zipball/refs/tags/5.8" 21 21 }, 22 22 "require": { … … 42 42 "wordpress" 43 43 ], 44 "support": { 45 "docs": "https://developer.wordpress.org/", 46 "forum": "https://wordpress.org/support/", 47 "irc": "irc://irc.freenode.net/wordpress", 48 "issues": "https://core.trac.wordpress.org/", 49 "rss": "https://wordpress.org/news/feed/", 50 "source": "https://core.trac.wordpress.org/browser", 51 "wiki": "https://codex.wordpress.org/" 52 }, 44 53 "funding": [ 45 54 { … … 52 61 } 53 62 ], 54 "time": "2021-0 2-03T21:15:13+00:00"63 "time": "2021-07-20T16:24:55+00:00" 55 64 }, 56 65 { … … 109 118 "wordpress" 110 119 ], 120 "support": { 121 "issues": "https://github.com/roots/wordpress-core-installer/issues", 122 "source": "https://github.com/roots/wordpress-core-installer/tree/master" 123 }, 111 124 "funding": [ 112 125 { … … 131 144 }, 132 145 "platform-dev": [], 133 "plugin-api-version": " 1.1.0"146 "plugin-api-version": "2.0.0" 134 147 } -
mark-posts/trunk/languages/mark-posts.pot
r2475923 r2679436 3 3 msgid "" 4 4 msgstr "" 5 "Project-Id-Version: Mark Posts 2.0. 0\n"5 "Project-Id-Version: Mark Posts 2.0.1\n" 6 6 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/mark-posts\n" 7 7 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" -
mark-posts/trunk/mark-posts.php
r2475923 r2679436 4 4 * Description: Mark and highlight posts, pages and posts of custom post types within the posts overview. 5 5 * Plugin URI: https://wordpress.org/plugins/mark-posts 6 * Version: 2.0. 06 * Version: 2.0.1 7 7 * Author: Michael Schoenrock, Sven Hofmann 8 8 * Author URI: https://www.halloecho.de … … 29 29 */ 30 30 if (!defined('WP_MARK_POSTS_VERSION')) { 31 define('WP_MARK_POSTS_VERSION', '2.0. 0');31 define('WP_MARK_POSTS_VERSION', '2.0.1'); 32 32 } 33 33
Note: See TracChangeset
for help on using the changeset viewer.