Plugin Directory


Ignore:
Timestamp:
03/05/2024 08:15:07 AM (14 months ago)
Author:
DylanAuty
Message:
  • Added a required include for the Page class which causes issues in some installations
  • Added additional danger zone tool supports
  • Added processing context supports for improved operational context tracking
  • Added additional settings API supports
  • Added ability to set Google Maps API param "loading=async" from the settings area. This will become default in the future (beta)
  • Added ability to defer load all JavaScript assets within the plugin (beta) (Atlas Novus)
  • Fixed issue where 'wpgmza_google_api_status' would be localized multiple times
  • Fixed issue where Marker instance would throw fatal error if missing marker was accessed via the REST API
  • Fixed issue where "&" symbols would show up endoded in marker editor, for other key fields
  • Fixed issue where "prevent other API's" option would always run in admin, affecting other mapping plugins
  • Fixed issue where Meta Box map location editor would not load when plugin was activated, see above
  • Fixed issue where Authenticated Stored Cross-Site Scripting (XSS) could be stored/served using the Custom CSS block. Thanks to Marco Wotschka & Akbar Kustirama (Wordfence)
  • Fixed issue where Authenticated Stored Cross-Site Scripting (XSS) could be stored/served using the map shortcode classname attribute. Thanks to Richard Telleng (Wordfence)
  • Improved autoloader to account for issues in some installations
  • Improved shortcode attribute security by escaping attributes further, based on recent security reports
File:
1 edited

Legend:

Unmodified
Added
Removed
  • wp-google-maps/trunk/includes/class.shortcodes.php

    r2833422 r3045434  
    141141
    142142            if(!empty($attributes->classname)){
    143                 $classes[] = $attributes->classname;
     143                $classes[] = esc_attr($attributes->classname);
    144144            }
    145145
     
    161161                "style" => $this->prepareInlineAttributes($styles, ";", ":", ""),
    162162                "data-map-id" => $id,
    163                 "data-maps-engine" => $wpgmza->settings->engine,
    164                 "data-build-engine" => $wpgmza->internalEngine->getEngine(),
     163                "data-maps-engine" => esc_attr($wpgmza->settings->engine),
     164                "data-build-engine" => esc_attr($wpgmza->internalEngine->getEngine()),
    165165                "data-shortcode-attributes" => $this->prepareJsonAttribute("data-shortcode-attributes", $attributes),
    166166                "data-settings" => $this->prepareJsonAttribute('data-settings', $map->getDataSettingsObject()),
     
    229229                if($wpgmza->settings->engine == 'google-maps'){
    230230                    // TODO: Why is this not handled by the API loader?
    231                     wp_enqueue_script('wpgmza_canvas_layer_options', WPGMZA_PLUGIN_DIR_URL . 'lib/CanvasLayerOptions.js', array('wpgmza_api_call'));
    232                     wp_enqueue_script('wpgmza_canvas_layer', WPGMZA_PLUGIN_DIR_URL . 'lib/CanvasLayer.js', array('wpgmza_api_call'));
     231
     232                    $scriptArgs = apply_filters('wpgmza-get-scripts-arguments', array());
     233
     234                    wp_enqueue_script('wpgmza_canvas_layer_options', WPGMZA_PLUGIN_DIR_URL . 'lib/CanvasLayerOptions.js', array('wpgmza_api_call'), false, $scriptArgs);
     235                    wp_enqueue_script('wpgmza_canvas_layer', WPGMZA_PLUGIN_DIR_URL . 'lib/CanvasLayer.js', array('wpgmza_api_call'), false, $scriptArgs);
    233236                }
    234237            }
     
    297300                if(!empty($attributes->url)){
    298301                    $container->setAttribute('data-map-id', $id);
    299                     $container->setAttribute('data-url', sanitize_url($attributes->url));
     302                    $container->setAttribute('data-url', esc_url($attributes->url));
    300303
    301304                    /* Probably separated, send over the settings */
     
    304307                               
    305308                if(!empty($attributes->classname)){
    306                     $container->addClass($attributes->classname);
     309                    $container->addClass( esc_attr($attributes->classname) );
    307310                }
    308311
Note: See TracChangeset for help on using the changeset viewer.