Plugin Directory

Changeset 2679436


Ignore:
Timestamp:
02/15/2022 09:04:54 PM (3 years ago)
Author:
hofmannsven
Message:

Update to version 2.0.1 from GitHub

Location:
mark-posts
Files:
16 edited
1 copied

Legend:

Unmodified
Added
Removed
  • mark-posts/tags/2.0.1/CHANGELOG.md

    r2475923 r2679436  
    22
    33Notable changes and release notes of the Mark Posts WordPress plugin.
     4
     5## 2.0.1
     6* Fixes a possible XSS vulnerability.
     7  Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability.
    48
    59## 2.0.0
  • mark-posts/tags/2.0.1/README.txt

    r2475923 r2679436  
    33Tags: mark posts, highlight, highlight posts, status, post status, overview, post overview, featured, custom posts, featured posts, post, posts
    44Requires at least: 3.7
    5 Tested up to: 5.6.1
     5Tested up to: 5.9
    66Requires PHP: 7.0
    7 Stable tag: 2.0.0
     7Stable tag: 2.0.1
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.txt
     
    9494== Changelog ==
    9595
     96= 2.0.1 =
     97* Fixes a possible XSS vulnerability.
     98  Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability.
     99
    96100= 2.0.0 =
    97101* Breaking change: Markers are no longer public by default.
  • mark-posts/tags/2.0.1/admin/assets/js/markposts.js

    r915370 r2679436  
    4444        var make_markers = $(this).val().split(","); // separate marker by comma
    4545        $(make_markers).each(function(e) { // push each new marker to array
    46             markers.push('<span class="new-marker">'+make_markers[e]+'</span>');
     46            var marker = make_markers[e].replace(/(<([^>]+)>)/ig,""); // remove HTML from name (preview only)
     47            markers.push('<span class="new-marker">'+marker+'</span>');
    4748        });
    4849
  • mark-posts/tags/2.0.1/admin/views/admin.php

    r2374304 r2679436  
    129129        }
    130130        foreach ($markers as $marker) {
    131             $marker = trim($marker);
     131            $marker = trim(sanitize_text_field($marker));
    132132            $color = $default_colors[$i]; // define default color
    133133            wp_insert_term($marker, 'marker', [
     
    148148        if (isset($_POST['markernames'])) {
    149149            foreach ($_POST['markernames'] as $markername) {
     150                $marker = trim(sanitize_text_field($markername));
    150151                wp_update_term($_POST['term_ids'][$i], 'marker', [
    151                     'name'        => $markername,
    152                     'slug'        => sanitize_title($markername),
     152                    'name'        => $marker,
     153                    'slug'        => sanitize_title($marker),
    153154                    'description' => $_POST['colors'][$i],
    154155                ]);
     
    240241        // Filter excluded post types.
    241242        if (!in_array($one_post_type, mark_posts_excluded_post_types())) {
    242             echo '<p><input name="markertypes[]" type="checkbox" value="'.$one_post_type.'"';
     243            echo '<p><input name="markertypes[]" type="checkbox" value="'.esc_attr($one_post_type).'"';
    243244            if (isset($option['mark_posts_posttypes'])) {
    244245                if (in_array($one_post_type, $option['mark_posts_posttypes'])) {
     
    246247                }
    247248            }
    248             echo ' /> '.mark_posts_get_post_type_name($one_post_type).'</p>';
     249            echo ' /> '.esc_html(mark_posts_get_post_type_name($one_post_type)).'</p>';
    249250        }
    250251    }
     
    306307            }
    307308
    308             echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'.$marker_term->name.'"></th>';
    309             echo '<td width="130"><input type="text" name="colors[]" value="'.$color.'" class="my-color-field" data-default-color="'.$color.'"/></td>';
    310             echo '<td><input type="checkbox" name="delete[]" id="delete_'.$marker_term->term_id.'" value="'.$marker_term->term_id.'"> <label for="delete_'.$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>';
    311             echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'.$marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>';
    312             echo '<input type="hidden" name="term_ids[]" value="'.$marker_term->term_id.'"/>';
     309            echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'.esc_html($marker_term->name).'"></th>';
     310            echo '<td width="130"><input type="text" name="colors[]" value="'.esc_attr($color).'" class="my-color-field" data-default-color="'.esc_attr($color).'"/></td>';
     311            echo '<td><input type="checkbox" name="delete[]" id="delete_'.(int)$marker_term->term_id.'" value="'.(int)$marker_term->term_id.'"> <label for="delete_'.(int)$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>';
     312            echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'.(int)$marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>';
     313            echo '<input type="hidden" name="term_ids[]" value="'.(int)$marker_term->term_id.'"/>';
    313314            $i++;
    314315        }
  • mark-posts/tags/2.0.1/composer.json

    r2475923 r2679436  
    3131  },
    3232  "require-dev": {
    33     "roots/wordpress": "^5.6"
     33    "roots/wordpress": "^5.8"
    3434  }
    3535}
  • mark-posts/tags/2.0.1/composer.lock

    r2475923 r2679436  
    55        "This file is @generated automatically"
    66    ],
    7     "content-hash": "5d6b30a3e46793ede02a9dbc1738e101",
     7    "content-hash": "9195402cb30fdef66a0de3191d70528c",
    88    "packages": [],
    99    "packages-dev": [
    1010        {
    1111            "name": "roots/wordpress",
    12             "version": "5.6.1",
     12            "version": "5.8",
    1313            "source": {
    1414                "type": "git",
    1515                "url": "https://github.com/WordPress/WordPress.git",
    16                 "reference": "5.6.1"
     16                "reference": "5.8"
    1717            },
    1818            "dist": {
    1919                "type": "zip",
    20                 "url": "https://api.github.com/repos/WordPress/WordPress/zipball/5.6.1"
     20                "url": "https://api.github.com/repos/WordPress/WordPress/zipball/refs/tags/5.8"
    2121            },
    2222            "require": {
     
    4242                "wordpress"
    4343            ],
     44            "support": {
     45                "docs": "https://developer.wordpress.org/",
     46                "forum": "https://wordpress.org/support/",
     47                "irc": "irc://irc.freenode.net/wordpress",
     48                "issues": "https://core.trac.wordpress.org/",
     49                "rss": "https://wordpress.org/news/feed/",
     50                "source": "https://core.trac.wordpress.org/browser",
     51                "wiki": "https://codex.wordpress.org/"
     52            },
    4453            "funding": [
    4554                {
     
    5261                }
    5362            ],
    54             "time": "2021-02-03T21:15:13+00:00"
     63            "time": "2021-07-20T16:24:55+00:00"
    5564        },
    5665        {
     
    109118                "wordpress"
    110119            ],
     120            "support": {
     121                "issues": "https://github.com/roots/wordpress-core-installer/issues",
     122                "source": "https://github.com/roots/wordpress-core-installer/tree/master"
     123            },
    111124            "funding": [
    112125                {
     
    131144    },
    132145    "platform-dev": [],
    133     "plugin-api-version": "1.1.0"
     146    "plugin-api-version": "2.0.0"
    134147}
  • mark-posts/tags/2.0.1/languages/mark-posts.pot

    r2475923 r2679436  
    33msgid ""
    44msgstr ""
    5 "Project-Id-Version: Mark Posts 2.0.0\n"
     5"Project-Id-Version: Mark Posts 2.0.1\n"
    66"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/mark-posts\n"
    77"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
  • mark-posts/tags/2.0.1/mark-posts.php

    r2475923 r2679436  
    44 * Description:     Mark and highlight posts, pages and posts of custom post types within the posts overview.
    55 * Plugin URI:      https://wordpress.org/plugins/mark-posts
    6  * Version:         2.0.0
     6 * Version:         2.0.1
    77 * Author:          Michael Schoenrock, Sven Hofmann
    88 * Author URI:      https://www.halloecho.de
     
    2929 */
    3030if (!defined('WP_MARK_POSTS_VERSION')) {
    31     define('WP_MARK_POSTS_VERSION', '2.0.0');
     31    define('WP_MARK_POSTS_VERSION', '2.0.1');
    3232}
    3333
  • mark-posts/trunk/CHANGELOG.md

    r2475923 r2679436  
    22
    33Notable changes and release notes of the Mark Posts WordPress plugin.
     4
     5## 2.0.1
     6* Fixes a possible XSS vulnerability.
     7  Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability.
    48
    59## 2.0.0
  • mark-posts/trunk/README.txt

    r2475923 r2679436  
    33Tags: mark posts, highlight, highlight posts, status, post status, overview, post overview, featured, custom posts, featured posts, post, posts
    44Requires at least: 3.7
    5 Tested up to: 5.6.1
     5Tested up to: 5.9
    66Requires PHP: 7.0
    7 Stable tag: 2.0.0
     7Stable tag: 2.0.1
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.txt
     
    9494== Changelog ==
    9595
     96= 2.0.1 =
     97* Fixes a possible XSS vulnerability.
     98  Thanks @fuzzyap1 for discovering and responsibly disclosing this vulnerability.
     99
    96100= 2.0.0 =
    97101* Breaking change: Markers are no longer public by default.
  • mark-posts/trunk/admin/assets/js/markposts.js

    r915370 r2679436  
    4444        var make_markers = $(this).val().split(","); // separate marker by comma
    4545        $(make_markers).each(function(e) { // push each new marker to array
    46             markers.push('<span class="new-marker">'+make_markers[e]+'</span>');
     46            var marker = make_markers[e].replace(/(<([^>]+)>)/ig,""); // remove HTML from name (preview only)
     47            markers.push('<span class="new-marker">'+marker+'</span>');
    4748        });
    4849
  • mark-posts/trunk/admin/views/admin.php

    r2374304 r2679436  
    129129        }
    130130        foreach ($markers as $marker) {
    131             $marker = trim($marker);
     131            $marker = trim(sanitize_text_field($marker));
    132132            $color = $default_colors[$i]; // define default color
    133133            wp_insert_term($marker, 'marker', [
     
    148148        if (isset($_POST['markernames'])) {
    149149            foreach ($_POST['markernames'] as $markername) {
     150                $marker = trim(sanitize_text_field($markername));
    150151                wp_update_term($_POST['term_ids'][$i], 'marker', [
    151                     'name'        => $markername,
    152                     'slug'        => sanitize_title($markername),
     152                    'name'        => $marker,
     153                    'slug'        => sanitize_title($marker),
    153154                    'description' => $_POST['colors'][$i],
    154155                ]);
     
    240241        // Filter excluded post types.
    241242        if (!in_array($one_post_type, mark_posts_excluded_post_types())) {
    242             echo '<p><input name="markertypes[]" type="checkbox" value="'.$one_post_type.'"';
     243            echo '<p><input name="markertypes[]" type="checkbox" value="'.esc_attr($one_post_type).'"';
    243244            if (isset($option['mark_posts_posttypes'])) {
    244245                if (in_array($one_post_type, $option['mark_posts_posttypes'])) {
     
    246247                }
    247248            }
    248             echo ' /> '.mark_posts_get_post_type_name($one_post_type).'</p>';
     249            echo ' /> '.esc_html(mark_posts_get_post_type_name($one_post_type)).'</p>';
    249250        }
    250251    }
     
    306307            }
    307308
    308             echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'.$marker_term->name.'"></th>';
    309             echo '<td width="130"><input type="text" name="colors[]" value="'.$color.'" class="my-color-field" data-default-color="'.$color.'"/></td>';
    310             echo '<td><input type="checkbox" name="delete[]" id="delete_'.$marker_term->term_id.'" value="'.$marker_term->term_id.'"> <label for="delete_'.$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>';
    311             echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'.$marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>';
    312             echo '<input type="hidden" name="term_ids[]" value="'.$marker_term->term_id.'"/>';
     309            echo '<tr valign="top"><th scope="row"><input type="text" name="markernames[]" value="'.esc_html($marker_term->name).'"></th>';
     310            echo '<td width="130"><input type="text" name="colors[]" value="'.esc_attr($color).'" class="my-color-field" data-default-color="'.esc_attr($color).'"/></td>';
     311            echo '<td><input type="checkbox" name="delete[]" id="delete_'.(int)$marker_term->term_id.'" value="'.(int)$marker_term->term_id.'"> <label for="delete_'.(int)$marker_term->term_id.'">'.__('delete', 'mark-posts').'?</label>';
     312            echo '<a href="javascript:void(0);" class="mark-posts-initial" data-confirm-msg="'.__('Do you really want to mark all posts with this marker? Note: This will override all your previous set markers. This will only effect the enabled post types.', 'mark-posts').'" data-term-id="'.(int)$marker_term->term_id.'">'.__('Mark all posts with this marker', 'mark-posts').'</a></td>';
     313            echo '<input type="hidden" name="term_ids[]" value="'.(int)$marker_term->term_id.'"/>';
    313314            $i++;
    314315        }
  • mark-posts/trunk/composer.json

    r2475923 r2679436  
    3131  },
    3232  "require-dev": {
    33     "roots/wordpress": "^5.6"
     33    "roots/wordpress": "^5.8"
    3434  }
    3535}
  • mark-posts/trunk/composer.lock

    r2475923 r2679436  
    55        "This file is @generated automatically"
    66    ],
    7     "content-hash": "5d6b30a3e46793ede02a9dbc1738e101",
     7    "content-hash": "9195402cb30fdef66a0de3191d70528c",
    88    "packages": [],
    99    "packages-dev": [
    1010        {
    1111            "name": "roots/wordpress",
    12             "version": "5.6.1",
     12            "version": "5.8",
    1313            "source": {
    1414                "type": "git",
    1515                "url": "https://github.com/WordPress/WordPress.git",
    16                 "reference": "5.6.1"
     16                "reference": "5.8"
    1717            },
    1818            "dist": {
    1919                "type": "zip",
    20                 "url": "https://api.github.com/repos/WordPress/WordPress/zipball/5.6.1"
     20                "url": "https://api.github.com/repos/WordPress/WordPress/zipball/refs/tags/5.8"
    2121            },
    2222            "require": {
     
    4242                "wordpress"
    4343            ],
     44            "support": {
     45                "docs": "https://developer.wordpress.org/",
     46                "forum": "https://wordpress.org/support/",
     47                "irc": "irc://irc.freenode.net/wordpress",
     48                "issues": "https://core.trac.wordpress.org/",
     49                "rss": "https://wordpress.org/news/feed/",
     50                "source": "https://core.trac.wordpress.org/browser",
     51                "wiki": "https://codex.wordpress.org/"
     52            },
    4453            "funding": [
    4554                {
     
    5261                }
    5362            ],
    54             "time": "2021-02-03T21:15:13+00:00"
     63            "time": "2021-07-20T16:24:55+00:00"
    5564        },
    5665        {
     
    109118                "wordpress"
    110119            ],
     120            "support": {
     121                "issues": "https://github.com/roots/wordpress-core-installer/issues",
     122                "source": "https://github.com/roots/wordpress-core-installer/tree/master"
     123            },
    111124            "funding": [
    112125                {
     
    131144    },
    132145    "platform-dev": [],
    133     "plugin-api-version": "1.1.0"
     146    "plugin-api-version": "2.0.0"
    134147}
  • mark-posts/trunk/languages/mark-posts.pot

    r2475923 r2679436  
    33msgid ""
    44msgstr ""
    5 "Project-Id-Version: Mark Posts 2.0.0\n"
     5"Project-Id-Version: Mark Posts 2.0.1\n"
    66"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/mark-posts\n"
    77"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
  • mark-posts/trunk/mark-posts.php

    r2475923 r2679436  
    44 * Description:     Mark and highlight posts, pages and posts of custom post types within the posts overview.
    55 * Plugin URI:      https://wordpress.org/plugins/mark-posts
    6  * Version:         2.0.0
     6 * Version:         2.0.1
    77 * Author:          Michael Schoenrock, Sven Hofmann
    88 * Author URI:      https://www.halloecho.de
     
    2929 */
    3030if (!defined('WP_MARK_POSTS_VERSION')) {
    31     define('WP_MARK_POSTS_VERSION', '2.0.0');
     31    define('WP_MARK_POSTS_VERSION', '2.0.1');
    3232}
    3333
Note: See TracChangeset for help on using the changeset viewer.