Plugin Directory

Changeset 2968965 for leaflet-map


Ignore:
Timestamp:
09/20/2023 02:39:32 AM (19 months ago)
Author:
bozdoz
Message:

v3.3.1 - security fixes to xss issues; bump leaflet to 1.9.4; fix !attribution; fix maxzoom tile layers; allow german umlauts

Location:
leaflet-map
Files:
14 edited
1 copied

Legend:

Unmodified
Added
Removed
  • leaflet-map/tags/3.3.1/class.leaflet-map.php

    r2871359 r2968965  
    2323     * @var string major minor patch version
    2424     */
    25     public static $leaflet_version = '1.9.3';
     25    public static $leaflet_version = '1.9.4';
    2626
    2727    /**
  • leaflet-map/tags/3.3.1/leaflet-map.php

    r2871359 r2968965  
    99 * Text Domain: leaflet-map
    1010 * Domain Path: /languages/
    11  * Version: 3.3.0
     11 * Version: 3.3.1
    1212 * License: GPL2
    1313 * Leaflet Map is free software: you can redistribute it and/or modify
     
    3030}
    3131
    32 define('LEAFLET_MAP__PLUGIN_VERSION', '3.3.0');
     32define('LEAFLET_MAP__PLUGIN_VERSION', '3.3.1');
    3333define('LEAFLET_MAP__PLUGIN_FILE', __FILE__);
    3434define('LEAFLET_MAP__PLUGIN_DIR', plugin_dir_path(__FILE__));
  • leaflet-map/tags/3.3.1/readme.txt

    r2871359 r2968965  
    77Tags: leaflet, map, mobile, javascript, openstreetmap, mapquest, interactive
    88Requires at least: 4.6
    9 Tested up to: 6.1.1
    10 Version: 3.3.0
    11 Stable tag: 3.3.0
     9Tested up to: 6.3.1
     10Version: 3.3.1
     11Stable tag: 3.3.1
    1212License: GPLv2
    1313License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    149149
    150150== Changelog ==
     151
     152= 3.3.1 =
     153* [Update] Default Leaflet map set at v1.9.4
     154* [Security] Escapes geojson popup properties to prevent XSS attacks
     155* [Bug] Updates "!attribution" or "attribution=0" attributes to actually remove attribution
     156* [Bug] Switches SANITIZE_FULL with SANITIZE to to allow "German umlauts"
     157* [Bug] Fixes some issues when a map's max zoom differs from a tile layer's max zoom
    151158
    152159= 3.3.0 =
     
    461468== Upgrade Notice ==
    462469
     470= 3.3.1 =
     471* Escapes geojson popup properties to prevent XSS attacks
     472
    463473= 3.2.0 =
    464474* Fixes error if geocoder fails to get a lat/lng
  • leaflet-map/tags/3.3.1/scripts/construct-leaflet-map.min.js

    r2871359 r2968965  
    1 !function(){var t=window.WPLeafletMapPlugin;if(window.WPLeafletMapPlugin=new function(){function t(t){try{t()}catch(t){console.log("-- version --","v3.3.0"),console.error(t)}}this.VERSION="v3.3.0";var n=!1,i=[];this.push=function(r){n?t(r):i.push(r)},this.unshift=function(r){n?t(r):i.unshift(r)},this.init=function(){n=!0;for(var r=0,e=i.length;r<e;r++)t(i[r])},this.createMap=function(t){var n=document.getElementsByClassName("WPLeafletMap")[this.maps.length],i=L.map(n,t);return t.fitBounds&&(i._shouldFitBounds=!0),t.attribution&&function(t,n){if(!t)return;for(var i=t.split(";"),r=L.control.attribution({prefix:!1}).addTo(n),e=0,o=i.length;e<o;e++){var a=(s=i[e]).trim?s.trim():s.replace(/^\s+|\s+$/gm,"");r.addAttribution(a)}var s}(t.attribution,i),this.maps.push(i),i},this.createImageMap=function(t){var n=this.createMap(t);return n.is_image_map=!0,this.images.push(n),n},this.getCurrentMap=function(){return this.maps[this.maps.length-1]},this.getCurrentGroup=function(){var t=this.maps.length;return this.markergroups[t]||(this.markergroups[t]=this.newMarkerGroup(this.maps[t-1])),this.markergroups[t]},this.getCurrentMarkerGroup=this.getCurrentGroup,this.getGroup=function(t){return(new L.FeatureGroup).addTo(t)},this.newMarkerGroup=function(t){var n=this.getGroup(t);return n.timeout=null,t._shouldFitBounds&&n.on("layeradd",(function(i){i.layer instanceof L.FeatureGroup&&i.layer.on("ready",(function(){t.fitBounds(n.getBounds())})),window.clearTimeout(this.timeout),this.timeout=window.setTimeout((function(){try{t.fitBounds(n.getBounds())}catch(t){}}),100)}),n),n},this.propsToTable=function(t){var n,i=[];for(n in t)Object.prototype.hasOwnProperty.call(t,n)&&i.push(n);for(var r="<table>",e=0,o=(i=i.sort()).length;e<o;e++){var a=i[e];r+="<tr><td>"+a+"</td>",r+="<td>"+t[a]+"</td></tr>"}return r+="</table>"};var r=this.unescape=function(t){var n=document.createElement("div");return n.innerHTML=t,n.innerText||t},e=/\{ *(.*?) *\}/g;this.template=function(t,n){return null==n?t:t.replace(e,(function(t,i){var e=function(t){for(var n=t.split(" | "),i={},r=n.shift(),e=0,o=n.length;e<o;e++){var a=n[e].split(": "),s=a.shift(),u=a.join(": ")||!0;i[s]=u}return i.key=r,i}(i),a=function(t,n){for(var i=function(t){if(null==t)return[];for(var n=t.split(o),i=[],r=0,e=n.length;r<e;r++)""!==n[r]&&i.push(n[r]);return i}(r(n)),e=t,a=0,s=i.length;a<s;a++)if(!(e=e[i[a]]))return;return e}(n,e.key);return null==a?e.default||t:a}))};var o=/[.‘’'“”"\[\]]+/g;function a(t,n){"undefined"!=typeof L&&void 0!==L[t]?n():setTimeout((function(){a(t,n)}),100)}this.waitForSVG=function(t){a("SVGIcon",t)},this.waitForAjax=function(t){a("AjaxGeoJSON",t)},this.createScale=function(t){L.control.scale(t).addTo(this.getCurrentMap())},this.getIconOptions=function(t){for(var n,i=t||{},r=["iconSize","iconAnchor","shadowSize","shadowAnchor","popupAnchor","tooltipAnchor"],e=L.Icon.Default.prototype.options,o=0,a=r.length;o<a;o++){var s=r[o],u=i[s];if(u){for(var h=u.split(","),c=0,l=h.length;c<l;c++)h[c]=Number(h[c]);i[s]=h}}return i.popupAnchor||(i.popupAnchor=((n=(n=i.iconSize||e.iconSize).slice())[0]=0,n[1]*=-1,n[1]-=3,n)),i.iconUrl&&(i.icon=new L.Icon(i)),i},this.maps=[],this.images=[],this.markergroups={},this.markers=[],this.lines=[],this.polygons=[],this.circles=[],this.geojsons=[],this.overlays=[]},t){for(var n=0,i=t.length;n<i;n++)window.WPLeafletMapPlugin.push(t[n]);for(var r in t.splice(0),t)t.hasOwnProperty(r)&&(window.WPLeafletMapPlugin[r]=t[r])}window.addEventListener?window.addEventListener("load",window.WPLeafletMapPlugin.init,!1):window.attachEvent&&window.attachEvent("onload",window.WPLeafletMapPlugin.init)}();
     1!function(){var t=window.WPLeafletMapPlugin;if(window.WPLeafletMapPlugin=new function(){function t(t){try{t()}catch(t){console.log("-- version --","v3.3.1"),console.error(t)}}this.VERSION="v3.3.1";var n=!1,i=[];this.push=function(r){n?t(r):i.push(r)},this.unshift=function(r){n?t(r):i.unshift(r)},this.init=function(){n=!0;for(var r=0,e=i.length;r<e;r++)t(i[r])},this.createMap=function(t){var n=document.getElementsByClassName("WPLeafletMap")[this.maps.length],i=L.map(n,t);return t.fitBounds&&(i._shouldFitBounds=!0),t.attribution&&function(t,n){if(!t)return;for(var i=t.split(";"),r=L.control.attribution({prefix:!1}).addTo(n),e=0,o=i.length;e<o;e++){var a=(s=i[e]).trim?s.trim():s.replace(/^\s+|\s+$/gm,"");r.addAttribution(a)}var s}(t.attribution,i),this.maps.push(i),i},this.createImageMap=function(t){var n=this.createMap(t);return n.is_image_map=!0,this.images.push(n),n},this.getCurrentMap=function(){return this.maps[this.maps.length-1]},this.getCurrentGroup=function(){var t=this.maps.length;return this.markergroups[t]||(this.markergroups[t]=this.newMarkerGroup(this.maps[t-1])),this.markergroups[t]},this.getCurrentMarkerGroup=this.getCurrentGroup,this.getGroup=function(t){return(new L.FeatureGroup).addTo(t)},this.newMarkerGroup=function(t){var n=this.getGroup(t);return n.timeout=null,t._shouldFitBounds&&n.on("layeradd",(function(i){i.layer instanceof L.FeatureGroup&&i.layer.on("ready",(function(){t.fitBounds(n.getBounds())})),window.clearTimeout(this.timeout),this.timeout=window.setTimeout((function(){try{t.fitBounds(n.getBounds())}catch(t){}}),100)}),n),n},this.propsToTable=function(t){var n,i=[];for(n in t)Object.prototype.hasOwnProperty.call(t,n)&&i.push(n);for(var r="<table>",e=0,o=(i=i.sort()).length;e<o;e++){var a=i[e];r+="<tr><td>"+a+"</td>",r+="<td>"+t[a]+"</td></tr>"}return r+="</table>"};var r=this.unescape=function(t){var n=document.createElement("div");return n.innerHTML=t,n.innerText||t},e=/\{ *(.*?) *\}/g;this.template=function(t,n){return null==n?t:t.replace(e,(function(t,i){var e=function(t){for(var n=t.split(" | "),i={},r=n.shift(),e=0,o=n.length;e<o;e++){var a=n[e].split(": "),s=a.shift(),u=a.join(": ")||!0;i[s]=u}return i.key=r,i}(i),a=function(t,n){for(var i=function(t){if(null==t)return[];for(var n=t.split(o),i=[],r=0,e=n.length;r<e;r++)""!==n[r]&&i.push(n[r]);return i}(r(n)),e=t,a=0,s=i.length;a<s;a++)if(!(e=e[i[a]]))return;return e}(n,e.key);return null==a?e.default||t:a}))};var o=/[.‘’'“”"\[\]]+/g;function a(t,n){"undefined"!=typeof L&&void 0!==L[t]?n():setTimeout((function(){a(t,n)}),100)}this.waitForSVG=function(t){a("SVGIcon",t)},this.waitForAjax=function(t){a("AjaxGeoJSON",t)},this.createScale=function(t){L.control.scale(t).addTo(this.getCurrentMap())},this.getIconOptions=function(t){for(var n,i=t||{},r=["iconSize","iconAnchor","shadowSize","shadowAnchor","popupAnchor","tooltipAnchor"],e=L.Icon.Default.prototype.options,o=0,a=r.length;o<a;o++){var s=r[o],u=i[s];if(u){for(var h=u.split(","),c=0,l=h.length;c<l;c++)h[c]=Number(h[c]);i[s]=h}}return i.popupAnchor||(i.popupAnchor=((n=(n=i.iconSize||e.iconSize).slice())[0]=0,n[1]*=-1,n[1]-=3,n)),i.iconUrl&&(i.icon=new L.Icon(i)),i},this.maps=[],this.images=[],this.markergroups={},this.markers=[],this.lines=[],this.polygons=[],this.circles=[],this.geojsons=[],this.overlays=[]},t){for(var n=0,i=t.length;n<i;n++)window.WPLeafletMapPlugin.push(t[n]);for(var r in t.splice(0),t)t.hasOwnProperty(r)&&(window.WPLeafletMapPlugin[r]=t[r])}window.addEventListener?window.addEventListener("load",window.WPLeafletMapPlugin.init,!1):window.attachEvent&&window.attachEvent("onload",window.WPLeafletMapPlugin.init)}();
  • leaflet-map/tags/3.3.1/shortcodes/class.geojson-shortcode.php

    r2863840 r2968965  
    121121var fitbounds = <?php echo $fitbounds ? '1' : '0'; ?>;
    122122var circleMarker = <?php echo $circleMarker ? '1' : '0'; ?>;
    123 var popup_text = window.WPLeafletMapPlugin.unescape("<?php echo $popup_text; ?>");
    124 var popup_property = "<?php echo $popup_property; ?>";
     123var popup_text = window.WPLeafletMapPlugin.unescape("<?php echo esc_js(
     124  $popup_text
     125); ?>");
     126var popup_property = "<?php echo esc_js($popup_property); ?>";
    125127var group = window.WPLeafletMapPlugin.getCurrentGroup();
    126128var markerOptions = window.WPLeafletMapPlugin.getIconOptions(<?php echo $options; ?>);
  • leaflet-map/tags/3.3.1/shortcodes/class.map-shortcode.php

    r2863840 r2968965  
    33 * Map Shortcode
    44 *
    5  * Displays map with [leaflet-map ...atts] 
     5 * Displays map with [leaflet-map ...atts]
    66 *
    77 * JavaScript equivalent : L.map("id");
    8  * 
     8 *
    99 * @category Shortcode
    1010 * @author   Benjamin J DeLong <ben@bozdoz.com>
     
    1414if (!defined('ABSPATH')) {
    1515    exit;
    16 } 
     16}
    1717
    1818require_once LEAFLET_MAP__PLUGIN_DIR . 'shortcodes/class.shortcode.php';
     
    3434
    3535    /**
    36      * Enqueue Scripts and Styles for Leaflet 
    37      * 
     36     * Enqueue Scripts and Styles for Leaflet
     37     *
    3838     * @return null
    3939     */
     
    4848        }
    4949
    50         // enqueue user-defined scripts 
     50        // enqueue user-defined scripts
    5151        // ! will fire for each map
    5252        do_action('leaflet_map_enqueue');
     
    5656     * Merge shortcode options with default options
    5757     *
    58      * @param array|string $atts    key value pairs from shortcode 
    59      * 
     58     * @param array|string $atts    key value pairs from shortcode
     59     *
    6060     * @return array new atts, which is actually an array
    6161     */
     
    6767        $settings = Leaflet_Map_Plugin_Settings::init();
    6868
    69         $atts['zoom'] = array_key_exists('zoom', $atts) ? 
     69        $atts['zoom'] = array_key_exists('zoom', $atts) ?
    7070            $zoom : $settings->get('default_zoom');
    71         $atts['height'] = empty($height) ? 
     71        $atts['height'] = empty($height) ?
    7272            $settings->get('default_height') : $height;
    7373        $atts['width'] = empty($width) ? $settings->get('default_width') : $width;
    74         $atts['zoomcontrol'] = isset($zoomControl) 
     74        $atts['zoomcontrol'] = isset($zoomControl)
    7575            ? $zoomControl
    76             : (array_key_exists('zoomcontrol', $atts) 
    77                 ? $zoomcontrol 
     76            : (array_key_exists('zoomcontrol', $atts)
     77                ? $zoomcontrol
    7878                : $settings->get('show_zoom_controls'));
    79         $atts['min_zoom'] = array_key_exists('min_zoom', $atts) ? 
     79        $atts['min_zoom'] = array_key_exists('min_zoom', $atts) ?
    8080            $min_zoom : $settings->get('default_min_zoom');
    81         $atts['max_zoom'] = empty($max_zoom) ? 
     81        $atts['max_zoom'] = empty($max_zoom) ?
    8282            $settings->get('default_max_zoom') : $max_zoom;
    8383        $atts['scrollwheel'] = isset($scrollWheelZoom)
    8484            ? $scrollWheelZoom
    85             : (array_key_exists('scrollwheel', $atts) 
    86                 ? $scrollwheel 
     85            : (array_key_exists('scrollwheel', $atts)
     86                ? $scrollwheel
    8787                : $settings->get('scroll_wheel_zoom'));
    88         $atts['doubleclickzoom'] = array_key_exists('doubleclickzoom', $atts) ? 
     88        $atts['doubleclickzoom'] = array_key_exists('doubleclickzoom', $atts) ?
    8989            $doubleclickzoom : $settings->get('double_click_zoom');
    90        
     90
    9191        // @deprecated backwards-compatible fit_markers
    92         $atts['fit_markers'] = array_key_exists('fit_markers', $atts) ? 
     92        $atts['fit_markers'] = array_key_exists('fit_markers', $atts) ?
    9393            $fit_markers : $settings->get('fit_markers');
    9494
    9595        // fitbounds is what it should be called @since v2.12.0
    96         $atts['fitbounds'] = array_key_exists('fitbounds', $atts) ? 
     96        $atts['fitbounds'] = array_key_exists('fitbounds', $atts) ?
    9797            $fitbounds : $atts['fit_markers'];
    9898
    9999        /* allow percent, but add px for ints */
    100100        $atts['height'] .= is_numeric($atts['height']) ? 'px' : '';
    101         $atts['width'] .= is_numeric($atts['width']) ? 'px' : '';   
    102 
    103         /* 
    104         need to allow 0 or empty for removal of attribution 
     101        $atts['width'] .= is_numeric($atts['width']) ? 'px' : '';
     102
     103        /*
     104        need to allow 0 or empty for removal of attribution
    105105        */
    106106        if (!array_key_exists('attribution', $atts)) {
     
    114114                ? $closePopupOnClick
    115115                : (isset($closepopuponclick)
    116                     ? $closepopuponclick 
     116                    ? $closepopuponclick
    117117                    : null),
    118             'trackResize' => isset($trackResize) 
     118            'trackResize' => isset($trackResize)
    119119                ? $trackResize
    120                 : (isset($trackresize) 
    121                     ? $trackresize 
     120                : (isset($trackresize)
     121                    ? $trackresize
    122122                    : null),
    123             'boxZoom' => isset($boxzoom) 
    124                 ? $boxzoom 
     123            'boxZoom' => isset($boxzoom)
     124                ? $boxzoom
    125125                : (isset($boxZoom)
    126126                    ? $boxZoom
     
    144144        // filter out nulls
    145145        $map_options = $this->LM->filter_null($map_options);
    146        
     146
    147147        // custom field for moving to JavaScript
    148148        $map_options['fitBounds'] = $atts['fitbounds'];
     
    171171        // custom field for moving to javascript
    172172        // filter out any unwanted HTML tags (including img)
    173         $map_options['attribution'] = wp_kses_post($atts['attribution']);
    174        
     173        if ($atts['attribution'] !== 0) {
     174            $map_options['attribution'] = wp_kses_post($atts['attribution']);
     175        }
     176
    175177        // wrap as JSON
    176178        $atts['map_options'] = json_encode($map_options);
     
    180182        foreach($map_options as $key=>$val) {
    181183            $original_value = isset($atts[$key]) ? $atts[$key] : null;
    182            
     184
    183185            $liquid = $this->LM->liquid($original_value);
    184186
     
    197199            'accessToken' => empty($accesstoken) ? $settings->get('accesstoken') : $accesstoken,
    198200            'zoomOffset' => empty($zoomoffset) ? $settings->get('zoomoffset') : $zoomoffset,
    199             'noWrap' => filter_var(empty($nowrap) ? $settings->get('tile_no_wrap') : $nowrap, FILTER_VALIDATE_BOOLEAN)
    200         );
    201        
     201            'noWrap' => filter_var(empty($nowrap) ? $settings->get('tile_no_wrap') : $nowrap, FILTER_VALIDATE_BOOLEAN),
     202            'maxZoom' => $atts['maxZoom']
     203        );
     204
     205
    202206        $tile_layer_options = $this->LM->filter_empty_string($tile_layer_options);
    203207        $tile_layer_options = $this->LM->filter_null($tile_layer_options);
     
    218222
    219223        $atts = $this->LM->sanitize_inclusive($atts, $validations);
    220        
     224
    221225        return $atts;
    222226    }
     
    224228    /**
    225229     * Get the div tag for the map to instantiate
    226      * 
     230     *
    227231     * @param string $height
    228232     * @param string $width
    229      * 
     233     *
    230234     * @return string HTML div element
    231235     */
     
    234238        ob_start();
    235239        ?>
    236 <div class="leaflet-map WPLeafletMap" style="height:<?php 
     240<div class="leaflet-map WPLeafletMap" style="height:<?php
    237241    echo htmlspecialchars($height);
    238 ?>; width:<?php 
     242?>; width:<?php
    239243    echo htmlspecialchars($width);
    240244?>;"></div><?php
     
    244248    /**
    245249     * Get script for shortcode
    246      * 
     250     *
    247251     * @param array  $atts    sometimes this is null
    248252     * @param string $content anything within a shortcode
    249      * 
     253     *
    250254     * @return string HTML
    251255     */
     
    267271        $lat = isset($lat) ? $lat : $settings->get('default_lat');
    268272        $lng = isset($lng) ? $lng : $settings->get('default_lng');
    269        
     273
    270274        // validate lat/lng
    271275        $lat = $this->LM->filter_float($lat);
     
    280284            $tileurl = empty($tileurl) ? $settings->get('map_tile_url') : $tileurl;
    281285        }
    282        
     286
    283287        $detect_retina = empty($detect_retina) ? $settings->get('detect_retina') : $detect_retina;
    284288
     
    286290
    287291        /* should be iterated for multiple maps */
    288         ob_start(); 
     292        ob_start();
    289293        ?>/*<script>*/
    290294var baseUrl = atob('<?php echo base64_encode(filter_var($tileurl, FILTER_SANITIZE_URL)); ?>');
    291 var base = (!baseUrl && window.MQ) ? 
    292     window.MQ.mapLayer() : L.tileLayer(baseUrl, 
     295var base = (!baseUrl && window.MQ) ?
     296    window.MQ.mapLayer() : L.tileLayer(baseUrl,
    293297        L.Util.extend({}, {
    294298            detectRetina: <?php echo $detect_retina ? '1' : '0'; ?>,
    295         }, 
     299        },
    296300        <?php echo $tile_layer_options; ?>
    297301        )
     
    300304        layers: [base],
    301305        attributionControl: false
    302     }, 
    303     <?php echo $map_options; ?>, 
     306    },
     307    <?php echo $map_options; ?>,
    304308    <?php echo $raw_map_options; ?>
    305309);
    306 window.WPLeafletMapPlugin.createMap(options).setView(<?php 
    307     echo '[' . $lat . ',' . $lng . '],' . $zoom; 
     310window.WPLeafletMapPlugin.createMap(options).setView(<?php
     311    echo '[' . $lat . ',' . $lng . '],' . $zoom;
    308312?>);<?php
    309313
  • leaflet-map/tags/3.3.1/shortcodes/class.marker-shortcode.php

    r2863840 r2968965  
    44 *
    55 * Use with [leaflet-marker ...]
    6  * 
     6 *
    77 * @category Shortcode
    88 * @author   Benjamin J DeLong <ben@bozdoz.com>
     
    2323    /**
    2424     * Get Script for Shortcode
    25      * 
     25     *
    2626     * @param string $atts    could be an array
    2727     * @param string $content optional
    28      * 
     28     *
    2929     * @return null
    3030     */
     
    8787        $args = array(
    8888            'draggable' => FILTER_VALIDATE_BOOLEAN,
    89             'title' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
     89            'title' => FILTER_SANITIZE_SPECIAL_CHARS,
    9090            'alt' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
    9191            'zIndexOffset' => FILTER_VALIDATE_INT,
     
    113113var marker_options = window.WPLeafletMapPlugin.getIconOptions(<?php echo $options; ?>);
    114114var marker = <?php echo $default_marker; ?>(
    115     [<?php echo $lat . ',' . $lng; ?>], 
     115    [<?php echo $lat . ',' . $lng; ?>],
    116116    marker_options
    117117);
     
    143143window.WPLeafletMapPlugin.markers.push( marker );
    144144        <?php
    145        
     145
    146146        $script = ob_get_clean();
    147147
  • leaflet-map/trunk/class.leaflet-map.php

    r2871359 r2968965  
    2323     * @var string major minor patch version
    2424     */
    25     public static $leaflet_version = '1.9.3';
     25    public static $leaflet_version = '1.9.4';
    2626
    2727    /**
  • leaflet-map/trunk/leaflet-map.php

    r2871359 r2968965  
    99 * Text Domain: leaflet-map
    1010 * Domain Path: /languages/
    11  * Version: 3.3.0
     11 * Version: 3.3.1
    1212 * License: GPL2
    1313 * Leaflet Map is free software: you can redistribute it and/or modify
     
    3030}
    3131
    32 define('LEAFLET_MAP__PLUGIN_VERSION', '3.3.0');
     32define('LEAFLET_MAP__PLUGIN_VERSION', '3.3.1');
    3333define('LEAFLET_MAP__PLUGIN_FILE', __FILE__);
    3434define('LEAFLET_MAP__PLUGIN_DIR', plugin_dir_path(__FILE__));
  • leaflet-map/trunk/readme.txt

    r2871359 r2968965  
    77Tags: leaflet, map, mobile, javascript, openstreetmap, mapquest, interactive
    88Requires at least: 4.6
    9 Tested up to: 6.1.1
    10 Version: 3.3.0
    11 Stable tag: 3.3.0
     9Tested up to: 6.3.1
     10Version: 3.3.1
     11Stable tag: 3.3.1
    1212License: GPLv2
    1313License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    149149
    150150== Changelog ==
     151
     152= 3.3.1 =
     153* [Update] Default Leaflet map set at v1.9.4
     154* [Security] Escapes geojson popup properties to prevent XSS attacks
     155* [Bug] Updates "!attribution" or "attribution=0" attributes to actually remove attribution
     156* [Bug] Switches SANITIZE_FULL with SANITIZE to to allow "German umlauts"
     157* [Bug] Fixes some issues when a map's max zoom differs from a tile layer's max zoom
    151158
    152159= 3.3.0 =
     
    461468== Upgrade Notice ==
    462469
     470= 3.3.1 =
     471* Escapes geojson popup properties to prevent XSS attacks
     472
    463473= 3.2.0 =
    464474* Fixes error if geocoder fails to get a lat/lng
  • leaflet-map/trunk/scripts/construct-leaflet-map.min.js

    r2871359 r2968965  
    1 !function(){var t=window.WPLeafletMapPlugin;if(window.WPLeafletMapPlugin=new function(){function t(t){try{t()}catch(t){console.log("-- version --","v3.3.0"),console.error(t)}}this.VERSION="v3.3.0";var n=!1,i=[];this.push=function(r){n?t(r):i.push(r)},this.unshift=function(r){n?t(r):i.unshift(r)},this.init=function(){n=!0;for(var r=0,e=i.length;r<e;r++)t(i[r])},this.createMap=function(t){var n=document.getElementsByClassName("WPLeafletMap")[this.maps.length],i=L.map(n,t);return t.fitBounds&&(i._shouldFitBounds=!0),t.attribution&&function(t,n){if(!t)return;for(var i=t.split(";"),r=L.control.attribution({prefix:!1}).addTo(n),e=0,o=i.length;e<o;e++){var a=(s=i[e]).trim?s.trim():s.replace(/^\s+|\s+$/gm,"");r.addAttribution(a)}var s}(t.attribution,i),this.maps.push(i),i},this.createImageMap=function(t){var n=this.createMap(t);return n.is_image_map=!0,this.images.push(n),n},this.getCurrentMap=function(){return this.maps[this.maps.length-1]},this.getCurrentGroup=function(){var t=this.maps.length;return this.markergroups[t]||(this.markergroups[t]=this.newMarkerGroup(this.maps[t-1])),this.markergroups[t]},this.getCurrentMarkerGroup=this.getCurrentGroup,this.getGroup=function(t){return(new L.FeatureGroup).addTo(t)},this.newMarkerGroup=function(t){var n=this.getGroup(t);return n.timeout=null,t._shouldFitBounds&&n.on("layeradd",(function(i){i.layer instanceof L.FeatureGroup&&i.layer.on("ready",(function(){t.fitBounds(n.getBounds())})),window.clearTimeout(this.timeout),this.timeout=window.setTimeout((function(){try{t.fitBounds(n.getBounds())}catch(t){}}),100)}),n),n},this.propsToTable=function(t){var n,i=[];for(n in t)Object.prototype.hasOwnProperty.call(t,n)&&i.push(n);for(var r="<table>",e=0,o=(i=i.sort()).length;e<o;e++){var a=i[e];r+="<tr><td>"+a+"</td>",r+="<td>"+t[a]+"</td></tr>"}return r+="</table>"};var r=this.unescape=function(t){var n=document.createElement("div");return n.innerHTML=t,n.innerText||t},e=/\{ *(.*?) *\}/g;this.template=function(t,n){return null==n?t:t.replace(e,(function(t,i){var e=function(t){for(var n=t.split(" | "),i={},r=n.shift(),e=0,o=n.length;e<o;e++){var a=n[e].split(": "),s=a.shift(),u=a.join(": ")||!0;i[s]=u}return i.key=r,i}(i),a=function(t,n){for(var i=function(t){if(null==t)return[];for(var n=t.split(o),i=[],r=0,e=n.length;r<e;r++)""!==n[r]&&i.push(n[r]);return i}(r(n)),e=t,a=0,s=i.length;a<s;a++)if(!(e=e[i[a]]))return;return e}(n,e.key);return null==a?e.default||t:a}))};var o=/[.‘’'“”"\[\]]+/g;function a(t,n){"undefined"!=typeof L&&void 0!==L[t]?n():setTimeout((function(){a(t,n)}),100)}this.waitForSVG=function(t){a("SVGIcon",t)},this.waitForAjax=function(t){a("AjaxGeoJSON",t)},this.createScale=function(t){L.control.scale(t).addTo(this.getCurrentMap())},this.getIconOptions=function(t){for(var n,i=t||{},r=["iconSize","iconAnchor","shadowSize","shadowAnchor","popupAnchor","tooltipAnchor"],e=L.Icon.Default.prototype.options,o=0,a=r.length;o<a;o++){var s=r[o],u=i[s];if(u){for(var h=u.split(","),c=0,l=h.length;c<l;c++)h[c]=Number(h[c]);i[s]=h}}return i.popupAnchor||(i.popupAnchor=((n=(n=i.iconSize||e.iconSize).slice())[0]=0,n[1]*=-1,n[1]-=3,n)),i.iconUrl&&(i.icon=new L.Icon(i)),i},this.maps=[],this.images=[],this.markergroups={},this.markers=[],this.lines=[],this.polygons=[],this.circles=[],this.geojsons=[],this.overlays=[]},t){for(var n=0,i=t.length;n<i;n++)window.WPLeafletMapPlugin.push(t[n]);for(var r in t.splice(0),t)t.hasOwnProperty(r)&&(window.WPLeafletMapPlugin[r]=t[r])}window.addEventListener?window.addEventListener("load",window.WPLeafletMapPlugin.init,!1):window.attachEvent&&window.attachEvent("onload",window.WPLeafletMapPlugin.init)}();
     1!function(){var t=window.WPLeafletMapPlugin;if(window.WPLeafletMapPlugin=new function(){function t(t){try{t()}catch(t){console.log("-- version --","v3.3.1"),console.error(t)}}this.VERSION="v3.3.1";var n=!1,i=[];this.push=function(r){n?t(r):i.push(r)},this.unshift=function(r){n?t(r):i.unshift(r)},this.init=function(){n=!0;for(var r=0,e=i.length;r<e;r++)t(i[r])},this.createMap=function(t){var n=document.getElementsByClassName("WPLeafletMap")[this.maps.length],i=L.map(n,t);return t.fitBounds&&(i._shouldFitBounds=!0),t.attribution&&function(t,n){if(!t)return;for(var i=t.split(";"),r=L.control.attribution({prefix:!1}).addTo(n),e=0,o=i.length;e<o;e++){var a=(s=i[e]).trim?s.trim():s.replace(/^\s+|\s+$/gm,"");r.addAttribution(a)}var s}(t.attribution,i),this.maps.push(i),i},this.createImageMap=function(t){var n=this.createMap(t);return n.is_image_map=!0,this.images.push(n),n},this.getCurrentMap=function(){return this.maps[this.maps.length-1]},this.getCurrentGroup=function(){var t=this.maps.length;return this.markergroups[t]||(this.markergroups[t]=this.newMarkerGroup(this.maps[t-1])),this.markergroups[t]},this.getCurrentMarkerGroup=this.getCurrentGroup,this.getGroup=function(t){return(new L.FeatureGroup).addTo(t)},this.newMarkerGroup=function(t){var n=this.getGroup(t);return n.timeout=null,t._shouldFitBounds&&n.on("layeradd",(function(i){i.layer instanceof L.FeatureGroup&&i.layer.on("ready",(function(){t.fitBounds(n.getBounds())})),window.clearTimeout(this.timeout),this.timeout=window.setTimeout((function(){try{t.fitBounds(n.getBounds())}catch(t){}}),100)}),n),n},this.propsToTable=function(t){var n,i=[];for(n in t)Object.prototype.hasOwnProperty.call(t,n)&&i.push(n);for(var r="<table>",e=0,o=(i=i.sort()).length;e<o;e++){var a=i[e];r+="<tr><td>"+a+"</td>",r+="<td>"+t[a]+"</td></tr>"}return r+="</table>"};var r=this.unescape=function(t){var n=document.createElement("div");return n.innerHTML=t,n.innerText||t},e=/\{ *(.*?) *\}/g;this.template=function(t,n){return null==n?t:t.replace(e,(function(t,i){var e=function(t){for(var n=t.split(" | "),i={},r=n.shift(),e=0,o=n.length;e<o;e++){var a=n[e].split(": "),s=a.shift(),u=a.join(": ")||!0;i[s]=u}return i.key=r,i}(i),a=function(t,n){for(var i=function(t){if(null==t)return[];for(var n=t.split(o),i=[],r=0,e=n.length;r<e;r++)""!==n[r]&&i.push(n[r]);return i}(r(n)),e=t,a=0,s=i.length;a<s;a++)if(!(e=e[i[a]]))return;return e}(n,e.key);return null==a?e.default||t:a}))};var o=/[.‘’'“”"\[\]]+/g;function a(t,n){"undefined"!=typeof L&&void 0!==L[t]?n():setTimeout((function(){a(t,n)}),100)}this.waitForSVG=function(t){a("SVGIcon",t)},this.waitForAjax=function(t){a("AjaxGeoJSON",t)},this.createScale=function(t){L.control.scale(t).addTo(this.getCurrentMap())},this.getIconOptions=function(t){for(var n,i=t||{},r=["iconSize","iconAnchor","shadowSize","shadowAnchor","popupAnchor","tooltipAnchor"],e=L.Icon.Default.prototype.options,o=0,a=r.length;o<a;o++){var s=r[o],u=i[s];if(u){for(var h=u.split(","),c=0,l=h.length;c<l;c++)h[c]=Number(h[c]);i[s]=h}}return i.popupAnchor||(i.popupAnchor=((n=(n=i.iconSize||e.iconSize).slice())[0]=0,n[1]*=-1,n[1]-=3,n)),i.iconUrl&&(i.icon=new L.Icon(i)),i},this.maps=[],this.images=[],this.markergroups={},this.markers=[],this.lines=[],this.polygons=[],this.circles=[],this.geojsons=[],this.overlays=[]},t){for(var n=0,i=t.length;n<i;n++)window.WPLeafletMapPlugin.push(t[n]);for(var r in t.splice(0),t)t.hasOwnProperty(r)&&(window.WPLeafletMapPlugin[r]=t[r])}window.addEventListener?window.addEventListener("load",window.WPLeafletMapPlugin.init,!1):window.attachEvent&&window.attachEvent("onload",window.WPLeafletMapPlugin.init)}();
  • leaflet-map/trunk/shortcodes/class.geojson-shortcode.php

    r2863840 r2968965  
    121121var fitbounds = <?php echo $fitbounds ? '1' : '0'; ?>;
    122122var circleMarker = <?php echo $circleMarker ? '1' : '0'; ?>;
    123 var popup_text = window.WPLeafletMapPlugin.unescape("<?php echo $popup_text; ?>");
    124 var popup_property = "<?php echo $popup_property; ?>";
     123var popup_text = window.WPLeafletMapPlugin.unescape("<?php echo esc_js(
     124  $popup_text
     125); ?>");
     126var popup_property = "<?php echo esc_js($popup_property); ?>";
    125127var group = window.WPLeafletMapPlugin.getCurrentGroup();
    126128var markerOptions = window.WPLeafletMapPlugin.getIconOptions(<?php echo $options; ?>);
  • leaflet-map/trunk/shortcodes/class.map-shortcode.php

    r2863840 r2968965  
    33 * Map Shortcode
    44 *
    5  * Displays map with [leaflet-map ...atts] 
     5 * Displays map with [leaflet-map ...atts]
    66 *
    77 * JavaScript equivalent : L.map("id");
    8  * 
     8 *
    99 * @category Shortcode
    1010 * @author   Benjamin J DeLong <ben@bozdoz.com>
     
    1414if (!defined('ABSPATH')) {
    1515    exit;
    16 } 
     16}
    1717
    1818require_once LEAFLET_MAP__PLUGIN_DIR . 'shortcodes/class.shortcode.php';
     
    3434
    3535    /**
    36      * Enqueue Scripts and Styles for Leaflet 
    37      * 
     36     * Enqueue Scripts and Styles for Leaflet
     37     *
    3838     * @return null
    3939     */
     
    4848        }
    4949
    50         // enqueue user-defined scripts 
     50        // enqueue user-defined scripts
    5151        // ! will fire for each map
    5252        do_action('leaflet_map_enqueue');
     
    5656     * Merge shortcode options with default options
    5757     *
    58      * @param array|string $atts    key value pairs from shortcode 
    59      * 
     58     * @param array|string $atts    key value pairs from shortcode
     59     *
    6060     * @return array new atts, which is actually an array
    6161     */
     
    6767        $settings = Leaflet_Map_Plugin_Settings::init();
    6868
    69         $atts['zoom'] = array_key_exists('zoom', $atts) ? 
     69        $atts['zoom'] = array_key_exists('zoom', $atts) ?
    7070            $zoom : $settings->get('default_zoom');
    71         $atts['height'] = empty($height) ? 
     71        $atts['height'] = empty($height) ?
    7272            $settings->get('default_height') : $height;
    7373        $atts['width'] = empty($width) ? $settings->get('default_width') : $width;
    74         $atts['zoomcontrol'] = isset($zoomControl) 
     74        $atts['zoomcontrol'] = isset($zoomControl)
    7575            ? $zoomControl
    76             : (array_key_exists('zoomcontrol', $atts) 
    77                 ? $zoomcontrol 
     76            : (array_key_exists('zoomcontrol', $atts)
     77                ? $zoomcontrol
    7878                : $settings->get('show_zoom_controls'));
    79         $atts['min_zoom'] = array_key_exists('min_zoom', $atts) ? 
     79        $atts['min_zoom'] = array_key_exists('min_zoom', $atts) ?
    8080            $min_zoom : $settings->get('default_min_zoom');
    81         $atts['max_zoom'] = empty($max_zoom) ? 
     81        $atts['max_zoom'] = empty($max_zoom) ?
    8282            $settings->get('default_max_zoom') : $max_zoom;
    8383        $atts['scrollwheel'] = isset($scrollWheelZoom)
    8484            ? $scrollWheelZoom
    85             : (array_key_exists('scrollwheel', $atts) 
    86                 ? $scrollwheel 
     85            : (array_key_exists('scrollwheel', $atts)
     86                ? $scrollwheel
    8787                : $settings->get('scroll_wheel_zoom'));
    88         $atts['doubleclickzoom'] = array_key_exists('doubleclickzoom', $atts) ? 
     88        $atts['doubleclickzoom'] = array_key_exists('doubleclickzoom', $atts) ?
    8989            $doubleclickzoom : $settings->get('double_click_zoom');
    90        
     90
    9191        // @deprecated backwards-compatible fit_markers
    92         $atts['fit_markers'] = array_key_exists('fit_markers', $atts) ? 
     92        $atts['fit_markers'] = array_key_exists('fit_markers', $atts) ?
    9393            $fit_markers : $settings->get('fit_markers');
    9494
    9595        // fitbounds is what it should be called @since v2.12.0
    96         $atts['fitbounds'] = array_key_exists('fitbounds', $atts) ? 
     96        $atts['fitbounds'] = array_key_exists('fitbounds', $atts) ?
    9797            $fitbounds : $atts['fit_markers'];
    9898
    9999        /* allow percent, but add px for ints */
    100100        $atts['height'] .= is_numeric($atts['height']) ? 'px' : '';
    101         $atts['width'] .= is_numeric($atts['width']) ? 'px' : '';   
    102 
    103         /* 
    104         need to allow 0 or empty for removal of attribution 
     101        $atts['width'] .= is_numeric($atts['width']) ? 'px' : '';
     102
     103        /*
     104        need to allow 0 or empty for removal of attribution
    105105        */
    106106        if (!array_key_exists('attribution', $atts)) {
     
    114114                ? $closePopupOnClick
    115115                : (isset($closepopuponclick)
    116                     ? $closepopuponclick 
     116                    ? $closepopuponclick
    117117                    : null),
    118             'trackResize' => isset($trackResize) 
     118            'trackResize' => isset($trackResize)
    119119                ? $trackResize
    120                 : (isset($trackresize) 
    121                     ? $trackresize 
     120                : (isset($trackresize)
     121                    ? $trackresize
    122122                    : null),
    123             'boxZoom' => isset($boxzoom) 
    124                 ? $boxzoom 
     123            'boxZoom' => isset($boxzoom)
     124                ? $boxzoom
    125125                : (isset($boxZoom)
    126126                    ? $boxZoom
     
    144144        // filter out nulls
    145145        $map_options = $this->LM->filter_null($map_options);
    146        
     146
    147147        // custom field for moving to JavaScript
    148148        $map_options['fitBounds'] = $atts['fitbounds'];
     
    171171        // custom field for moving to javascript
    172172        // filter out any unwanted HTML tags (including img)
    173         $map_options['attribution'] = wp_kses_post($atts['attribution']);
    174        
     173        if ($atts['attribution'] !== 0) {
     174            $map_options['attribution'] = wp_kses_post($atts['attribution']);
     175        }
     176
    175177        // wrap as JSON
    176178        $atts['map_options'] = json_encode($map_options);
     
    180182        foreach($map_options as $key=>$val) {
    181183            $original_value = isset($atts[$key]) ? $atts[$key] : null;
    182            
     184
    183185            $liquid = $this->LM->liquid($original_value);
    184186
     
    197199            'accessToken' => empty($accesstoken) ? $settings->get('accesstoken') : $accesstoken,
    198200            'zoomOffset' => empty($zoomoffset) ? $settings->get('zoomoffset') : $zoomoffset,
    199             'noWrap' => filter_var(empty($nowrap) ? $settings->get('tile_no_wrap') : $nowrap, FILTER_VALIDATE_BOOLEAN)
    200         );
    201        
     201            'noWrap' => filter_var(empty($nowrap) ? $settings->get('tile_no_wrap') : $nowrap, FILTER_VALIDATE_BOOLEAN),
     202            'maxZoom' => $atts['maxZoom']
     203        );
     204
     205
    202206        $tile_layer_options = $this->LM->filter_empty_string($tile_layer_options);
    203207        $tile_layer_options = $this->LM->filter_null($tile_layer_options);
     
    218222
    219223        $atts = $this->LM->sanitize_inclusive($atts, $validations);
    220        
     224
    221225        return $atts;
    222226    }
     
    224228    /**
    225229     * Get the div tag for the map to instantiate
    226      * 
     230     *
    227231     * @param string $height
    228232     * @param string $width
    229      * 
     233     *
    230234     * @return string HTML div element
    231235     */
     
    234238        ob_start();
    235239        ?>
    236 <div class="leaflet-map WPLeafletMap" style="height:<?php 
     240<div class="leaflet-map WPLeafletMap" style="height:<?php
    237241    echo htmlspecialchars($height);
    238 ?>; width:<?php 
     242?>; width:<?php
    239243    echo htmlspecialchars($width);
    240244?>;"></div><?php
     
    244248    /**
    245249     * Get script for shortcode
    246      * 
     250     *
    247251     * @param array  $atts    sometimes this is null
    248252     * @param string $content anything within a shortcode
    249      * 
     253     *
    250254     * @return string HTML
    251255     */
     
    267271        $lat = isset($lat) ? $lat : $settings->get('default_lat');
    268272        $lng = isset($lng) ? $lng : $settings->get('default_lng');
    269        
     273
    270274        // validate lat/lng
    271275        $lat = $this->LM->filter_float($lat);
     
    280284            $tileurl = empty($tileurl) ? $settings->get('map_tile_url') : $tileurl;
    281285        }
    282        
     286
    283287        $detect_retina = empty($detect_retina) ? $settings->get('detect_retina') : $detect_retina;
    284288
     
    286290
    287291        /* should be iterated for multiple maps */
    288         ob_start(); 
     292        ob_start();
    289293        ?>/*<script>*/
    290294var baseUrl = atob('<?php echo base64_encode(filter_var($tileurl, FILTER_SANITIZE_URL)); ?>');
    291 var base = (!baseUrl && window.MQ) ? 
    292     window.MQ.mapLayer() : L.tileLayer(baseUrl, 
     295var base = (!baseUrl && window.MQ) ?
     296    window.MQ.mapLayer() : L.tileLayer(baseUrl,
    293297        L.Util.extend({}, {
    294298            detectRetina: <?php echo $detect_retina ? '1' : '0'; ?>,
    295         }, 
     299        },
    296300        <?php echo $tile_layer_options; ?>
    297301        )
     
    300304        layers: [base],
    301305        attributionControl: false
    302     }, 
    303     <?php echo $map_options; ?>, 
     306    },
     307    <?php echo $map_options; ?>,
    304308    <?php echo $raw_map_options; ?>
    305309);
    306 window.WPLeafletMapPlugin.createMap(options).setView(<?php 
    307     echo '[' . $lat . ',' . $lng . '],' . $zoom; 
     310window.WPLeafletMapPlugin.createMap(options).setView(<?php
     311    echo '[' . $lat . ',' . $lng . '],' . $zoom;
    308312?>);<?php
    309313
  • leaflet-map/trunk/shortcodes/class.marker-shortcode.php

    r2863840 r2968965  
    44 *
    55 * Use with [leaflet-marker ...]
    6  * 
     6 *
    77 * @category Shortcode
    88 * @author   Benjamin J DeLong <ben@bozdoz.com>
     
    2323    /**
    2424     * Get Script for Shortcode
    25      * 
     25     *
    2626     * @param string $atts    could be an array
    2727     * @param string $content optional
    28      * 
     28     *
    2929     * @return null
    3030     */
     
    8787        $args = array(
    8888            'draggable' => FILTER_VALIDATE_BOOLEAN,
    89             'title' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
     89            'title' => FILTER_SANITIZE_SPECIAL_CHARS,
    9090            'alt' => FILTER_SANITIZE_FULL_SPECIAL_CHARS,
    9191            'zIndexOffset' => FILTER_VALIDATE_INT,
     
    113113var marker_options = window.WPLeafletMapPlugin.getIconOptions(<?php echo $options; ?>);
    114114var marker = <?php echo $default_marker; ?>(
    115     [<?php echo $lat . ',' . $lng; ?>], 
     115    [<?php echo $lat . ',' . $lng; ?>],
    116116    marker_options
    117117);
     
    143143window.WPLeafletMapPlugin.markers.push( marker );
    144144        <?php
    145        
     145
    146146        $script = ob_get_clean();
    147147
Note: See TracChangeset for help on using the changeset viewer.