Plugin Directory


Ignore:
Location:
slideshow-gallery/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • slideshow-gallery/trunk/readme.txt

    r3098970 r3100785  
    55Requires at least: 3.1
    66Tested up to: 6.5.4
    7 Stable tag: 1.8.1
     7Stable tag: 1.8.2
    88
    99Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website
     
    187187== Changelog ==
    188188
     189= 1.8.2 =
     190* FIX: Vulnerability SQL injection on shortcode gallery.
     191
    189192= 1.8.1 =
    190193* FIX: Saving slides and galleries that are multilingual don't save the title and description.
  • slideshow-gallery/trunk/slideshow-gallery-plugin.php

    r3098970 r3100785  
    55class GalleryPlugin extends GalleryCheckinit {
    66
    7     var $version = '1.8.1';
     7    var $version = '1.8.2';
    88    var $plugin_name;
    99    var $plugin_base;
  • slideshow-gallery/trunk/slideshow-gallery.php

    r3098970 r3100785  
    77Author URI: https://tribulant.com
    88Description: Feature content in a JavaScript powered slideshow gallery showcase on your WordPress website. The slideshow is flexible and all aspects can easily be configured. Embedding or hardcoding the slideshow gallery is a breeze. See the <a href="https://tribulant.com/docs/wordpress-slideshow-gallery/1758/" target="_blank">online documentation</a> for instructions on using and embedding slideshow galleries. Upgrade to the premium version to remove all limitations.
    9 Version: 1.8.1
     9Version: 1.8.2
    1010License: GNU General Public License v2 or later
    1111License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    504504                   
    505505            $s = shortcode_atts($defaults, $atts);
     506
     507           
     508            // Sanitize each element in the $s array
     509            foreach ($s as $key => $value) {
     510                if (is_numeric($value)) {
     511                    $s[$key] = intval($value); // For integers
     512                } elseif (is_array($value)) {
     513                    $s[$key] = array_map('sanitize_text_field', $value); // For arrays
     514                } else {
     515                    $s[$key] = sanitize_text_field($value); // For strings
     516                }
     517            }
     518           
     519            // Additional validation based on the context
     520            if (!in_array($s['orderf'], ['id', 'date', 'name', 'type', 'created'], true)) {
     521                $s['orderf'] = 'created'; // Default fallback
     522            }
     523
     524            if (!in_array(strtoupper($s['orderd']), ['ASC', 'DESC'], true)) {
     525                $s['orderd'] = 'DESC'; // Default fallback
     526            }
     527
     528
    506529            extract($s);
    507530           
Note: See TracChangeset for help on using the changeset viewer.