Changeset 2804020 for simplepress
- Timestamp:
- 10/25/2022 03:40:01 PM (2 years ago)
- Location:
- simplepress/trunk
- Files:
-
- 23 edited
-
admin/help/admin/tooltips/admin-permissions-tips-en.php (modified) (1 diff)
-
admin/library/ajax/spa-ajax-help.php (modified) (1 diff)
-
admin/library/spa-support.php (modified) (1 diff)
-
admin/library/spa-tab-support.php (modified) (1 diff)
-
admin/panel-components/ajax/spa-ajax-components.php (modified) (2 diffs)
-
admin/panel-forums/ajax/spa-ajax-forums.php (modified) (2 diffs)
-
admin/panel-plugins/ajax/spa-ajax-plugins-help.php (modified) (1 diff)
-
admin/panel-profiles/ajax/spa-ajax-profiles.php (modified) (2 diffs)
-
admin/panel-themes/forms/spa-themes-editor-form.php (modified) (1 diff)
-
admin/panel-themes/support/spa-themes-save.php (modified) (1 diff)
-
forum/resources/jscript/sp-forum.js (modified) (1 diff)
-
forum/resources/jscript/sp-forum.min.js (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
sp-api/sp-api-class-spcdisplayfilters.php (modified) (3 diffs)
-
sp-api/sp-api-class-spcfilters.php (modified) (1 diff)
-
sp-api/sp-api-class-spcsavefilters.php (modified) (3 diffs)
-
sp-api/sp-api-class-spcuser.php (modified) (1 diff)
-
sp-control.php (modified) (3 diffs)
-
sp-startup/admin/spa-admin-menu.php (modified) (2 diffs)
-
sp-startup/core/sp-core-support-functions.php (modified) (1 diff)
-
sp-startup/forum/sp-forum-framework.php (modified) (3 diffs)
-
sp-startup/install/sp-upgrade-support.php (modified) (1 diff)
-
sp-startup/install/sp-upgrade.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
simplepress/trunk/admin/help/admin/tooltips/admin-permissions-tips-en.php
r1972405 r2804020 43 43 $tooltips['can_use_smileys'] = $t.'Can use smileys in posts'; 44 44 $tooltips['can_use_iframes'] = $t.'Can use iframes in posts'; 45 $tooltips['can_use_object_tag'] = $t.'Can use the OBJECT and EMBED tags in posts'; 45 46 $tooltips['view_own_admin_posts'] = $t.'Can view only own posts and admin/mod posts'; 46 47 $tooltips['create_links'] = $t.'Can create links in posts'; -
simplepress/trunk/admin/library/ajax/spa-ajax-help.php
r2794238 r2804020 15 15 if (!isset($_GET['file'])) die(); 16 16 17 $file = SP()->filters->str($_GET['file']); 17 $file = SP()->filters->filename($_GET['file']); 18 19 if (empty($file)) die(); 20 18 21 $tag = SP()->filters->str($_GET['item']); 19 22 $tag = '['.$tag.']'; -
simplepress/trunk/admin/library/spa-support.php
r2794238 r2804020 528 528 SP()->auths->add('can_use_smileys', SP()->filters->esc_sql(SP()->primitives->admin_text_noesc('Can use smileys in posts')), 1, 0, 0, 0, 3, ''); 529 529 SP()->auths->add('can_use_iframes', SP()->filters->esc_sql(SP()->primitives->admin_text_noesc('Can use iframes in posts')), 1, 1, 0, 0, 3, SP()->primitives->admin_text('*** WARNING *** The use of iframes is dangerous. Allowing users to create iframes enables them to launch a potential security threat against your website. Enabling iframes requires your trust in your users. Turn on with care.')); 530 SP()->auths->add('can_use_object_tag', SP()->filters->esc_sql(SP()->primitives->admin_text_noesc('Can use OBJECT and EMBED tags in posts')), 1, 1, 0, 0, 3, SP()->primitives->admin_text('*** WARNING *** The use of the OBJECT and EMBEG tags is dangerous. Allowing users to embed objects enables them to launch a potential security threat against your website. Enabling the OBJECT and EMBED tags requires your trust in your users. Turn on with care.')); 530 531 SP()->auths->add('edit_own_topic_titles', SP()->filters->esc_sql(SP()->primitives->admin_text_noesc('Can edit own topic titles')), 1, 1, 0, 0, 4, ''); 531 532 SP()->auths->add('edit_any_topic_titles', SP()->filters->esc_sql(SP()->primitives->admin_text_noesc('Can edit any topic title')), 1, 1, 0, 0, 4, ''); -
simplepress/trunk/admin/library/spa-tab-support.php
r2378390 r2804020 440 440 function spa_paint_css_editor($label, $name, $value, $submessage='', $rows=10) { 441 441 if(floatval(get_bloginfo('version')) >= 4.9) { 442 error_log( 'blog version passed ok');443 442 spa_paint_code_editor('text/css', $label, $name, $value, $submessage, $rows); 444 443 } else { -
simplepress/trunk/admin/panel-components/ajax/spa-ajax-components.php
r1972405 r2804020 62 62 63 63 if ($action == 'delsmiley') { 64 $file = SP()->filters-> str($_GET['file']);64 $file = SP()->filters->filename($_GET['file']); 65 65 $path = SP_STORE_DIR.'/'.SP()->plugin->storage['smileys'].'/'.$file; 66 66 @unlink($path); … … 88 88 89 89 if ($action == 'delbadge') { 90 $file = SP()->filters-> str($_GET['file']);90 $file = SP()->filters->filename($_GET['file']); 91 91 $path = SP_STORE_DIR.'/'.SP()->plugin->storage['ranks'].'/'.$file; 92 92 @unlink($path); -
simplepress/trunk/admin/panel-forums/ajax/spa-ajax-forums.php
r1972405 r2804020 33 33 34 34 if ($action == 'delicon') { 35 $file = SP()->filters-> str($_GET['file']);35 $file = SP()->filters->filename($_GET['file']); 36 36 $path = SP_STORE_DIR.'/'.SP()->plugin->storage['custom-icons'].'/'.$file; 37 37 @unlink($path); … … 39 39 40 40 if ($action == 'delimage') { 41 $file = SP()->filters-> str($_GET['file']);41 $file = SP()->filters->filename($_GET['file']); 42 42 $path = SP_STORE_DIR.'/'.SP()->plugin->storage['forum-images'].'/'.$file; 43 43 @unlink($path); -
simplepress/trunk/admin/panel-plugins/ajax/spa-ajax-plugins-help.php
r1972405 r2804020 15 15 if (!isset($_GET['file'])) die(); 16 16 17 $file = SP()->filters-> str($_GET['file']);17 $file = SP()->filters->filename($_GET['file']); 18 18 19 19 # Formatting and Display of Help Panel -
simplepress/trunk/admin/panel-profiles/ajax/spa-ajax-profiles.php
r1972405 r2804020 19 19 20 20 if ($action == 'delavatar') { 21 $file = SP()->filters-> str($_GET['file']);21 $file = SP()->filters->filename($_GET['file']); 22 22 $path = SP_STORE_DIR.'/'.SP()->plugin->storage['avatar-pool'].'/'.$file; 23 23 @unlink($path); … … 26 26 27 27 if ($action == 'deldefault') { 28 $file = SP()->filters-> str($_GET['file']);28 $file = SP()->filters->filename($_GET['file']); 29 29 $path = SP_STORE_DIR.'/'.SP()->plugin->storage['avatars'].'/defaults/'.$file; 30 30 @unlink($path); -
simplepress/trunk/admin/panel-themes/forms/spa-themes-editor-form.php
r2215409 r2804020 14 14 15 15 $themedir = SPTHEMEBASEDIR.$curTheme['theme']; 16 $file = (isset($_GET['file'])) ? SP()->filters-> str($_GET['file']) : '';16 $file = (isset($_GET['file'])) ? SP()->filters->filename($_GET['file']) : ''; 17 17 $type = (isset($_GET['type'])) ? SP()->filters->str($_GET['type']) : 'style'; 18 18 if (empty($file)) { -
simplepress/trunk/admin/panel-themes/support/spa-themes-save.php
r2794238 r2804020 232 232 233 233 function spa_save_editor_data() { 234 235 # This function should only be called if a wp-config.php constant is defined. 236 # if it's not defined, bail immediately with an error. 237 if ( ( ! defined('SP_ALLOW_THEME_EDITOR') ) || (defined('SP_ALLOW_THEME_EDITOR') && ! SP_ALLOW_THEME_EDITOR)) { 238 $msg = SP()->primitives->admin_text('Security warning - you do not have permission to edit themes.'); 239 return $msg; 240 } 241 234 242 check_admin_referer('forum-adminform_theme-editor', 'forum-adminform_theme-editor'); 235 243 236 $file = SP()->filters-> str($_POST['file']);244 $file = SP()->filters->filename($_POST['file']); 237 245 $newcontent = stripslashes($_POST['spnewcontent']); 238 246 if (is_writeable($file)) { -
simplepress/trunk/forum/resources/jscript/sp-forum.js
r2757478 r2804020 62 62 reason += "<strong>" + sp_forum_vars.iframe + "</strong><br />"; 63 63 } 64 if (thisPost.match('<object') && sp_platform_vars.checkiframe == 'yes') { 65 reason += "<strong>" + sp_forum_vars.object_tag + "</strong><br />"; 66 } 67 if (thisPost.match('<embed') && sp_platform_vars.checkiframe == 'yes') { 68 reason += "<strong>" + sp_forum_vars.embed_tag + "</strong><br />"; 69 } 64 70 65 71 if (sp_platform_vars.postvalue != undefined) { -
simplepress/trunk/forum/resources/jscript/sp-forum.min.js
r2757478 r2804020 62 62 reason += "<strong>" + sp_forum_vars.iframe + "</strong><br />"; 63 63 } 64 if (thisPost.match('<object') && sp_platform_vars.checkiframe == 'yes') { 65 reason += "<strong>" + sp_forum_vars.object_tag + "</strong><br />"; 66 } 67 if (thisPost.match('<embed') && sp_platform_vars.checkiframe == 'yes') { 68 reason += "<strong>" + sp_forum_vars.embed_tag + "</strong><br />"; 69 } 64 70 65 71 if (sp_platform_vars.postvalue != undefined) { -
simplepress/trunk/readme.txt
r2794238 r2804020 7 7 Tested up to: 6.1 8 8 Requires PHP: 7.0 9 Stable tag: 6.8. 09 Stable tag: 6.8.1 10 10 License: GPLv2 or later 11 11 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 323 323 == Changelog == 324 324 325 = 6.8.1 = 326 * Fix 327 * G00000: Various security related fixes. 328 325 329 = 6.8.0 = 326 330 * New -
simplepress/trunk/sp-api/sp-api-class-spcdisplayfilters.php
r2794238 r2804020 112 112 $content = $this->chars($content); 113 113 114 # 2: remove escape slashes114 # 2: Remove escape slashes 115 115 $content = $this->stripslashes($content); 116 117 # 3: Run it through the wp_kses_post function. 118 $content = wp_kses_post($content); 116 119 117 120 $content = apply_filters('sph_display_title_filter', $content, $original); … … 127 130 $content = $this->chars($content); 128 131 129 # 2: remove escape slashes132 # 2: Remove escape slashes 130 133 $content = $this->stripslashes($content); 134 135 # 3: Sanitize text field. 136 $content = sanitize_text_field($content); 131 137 132 138 $content = apply_filters('sph_display_name_filter', $content, $original); … … 142 148 $email = $this->chars($email); 143 149 144 # 2: remove escape slashes150 # 2: Remove escape slashes 145 151 $email = $this->stripslashes($email); 152 153 # 3: Run it through the native WP sanitize_email function. 154 # Warning: This function uses a smaller allowable character set than the set defined by RFC 5322. Some legal email addresses may be changed. 155 $email = sanitize_email($email); 146 156 147 157 $email = apply_filters('sph_display_email_filter', $email, $original); -
simplepress/trunk/sp-api/sp-api-class-spcfilters.php
r2794238 r2804020 53 53 $string = wp_kses($string, array()); 54 54 55 return $string; 56 } 57 58 public function filename($string) { 59 60 # 1. Remove slashes. 61 $string = str_replace ( '/' , "", $string); 62 63 #2. Remove backslashes (note use of double back-slash - str_replace needs it as an escape mechanism since back-slash has special meaning for it.) 64 $string = str_replace ( '\\' , "", $string); 65 66 #3. Run it through the wp file sanitization function to remove everything else 67 $string = sanitize_file_name($string); 68 55 69 return $string; 56 70 } -
simplepress/trunk/sp-api/sp-api-class-spcsavefilters.php
r1995259 r2804020 96 96 $original = $content; 97 97 98 # 1: strip mb4 chars if unsuppo frted98 # 1: strip mb4 chars if unsupported 99 99 $content = $this->utf8mb4($content, $table, $column); 100 100 … … 118 118 $original = $content; 119 119 120 #1: Remo be control chars120 #1: Remove control chars 121 121 $content = $this->nocontrolchars($content); 122 122 … … 597 597 598 598 $allowedforumprotocols = apply_filters('sph_allowed_protocols', array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'clsid', 'data')); 599 $allowedforumtags = array('address' => array('class' => true), 'a' => array('class' => true, 'href' => true, 'id' => true, 'title' => true, 'rel' => true, 'rev' => true, 'name' => true, 'target' => true, 'style' => true), 'abbr' => array('class' => true, 'title' => true), 'acronym' => array('title' => true, 'class' => true), 'article' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'aside' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'audio' => array('autoplay' => true, 'class' => true, 'controls' => true, 'id' => true, 'loop' => true, 'muted' => true, 'poster' => true, 'preload' => true, 'src' => true, 'style' => true), 'b' => array('class' => true), 'big' => array('class' => true), 'blockquote' => array('id' => true, 'cite' => true, 'class' => true, 'lang' => true, 'xml:lang' => true, 'style' => true), 'br' => array('class' => true), 'caption' => array('align' => true, 'class' => true), 'cite' => array('class' => true, 'dir' => true, 'lang' => true, 'title' => true), 'code' => array('class' => true, 'style' => true), 'dd' => array('class' => true), 'del' => array('datetime' => true), 'details' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'open' => true, 'style' => true, 'xml:lang' => true), 'div' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'dl' => array('class' => true), 'dt' => array('class' => true), 'em' => array('class' => true), 'embed' => array('height' => true, 'name' => true, 'pallette' => true, 'src' => true, 'type' => true, 'width' => true), 'figure' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'figcaption' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'font' => array('color' => true, 'face' => true, 'size' => true), 'footer' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'header' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'hgroup' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'h1' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 'h2' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 'h3' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 'h4' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 'h5' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 'h6' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 'hr' => array('align' => true, 'class' => true, 'noshade' => true, 'size' => true, 'width' => true), 'i' => array('class' => true), 'img' => array('alt' => true, 'title' => true, 'align' => true, 'border' => true, 'class' => true, 'height' => true, 'hspace' => true, 'longdesc' => true, 'vspace' => true, 'src' => true, 'style' => true, 'width' => true, 'data-upload' => true, 'data-width' => true, 'data-height' => true), 'ins' => array('datetime' => true, 'cite' => true), 'kbd' => array('class' => true), 'label' => array('for' => true), 'legend' => array('align' => true), 'li' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 'menu' => array('class' => true, 'style' => true, 'type' => true), 'nav' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'object' => array('classid' => true, 'codebase' => true, 'codetype' => true, 'data' => true, 'declare' => true, 'height' => true, 'name' => true, 'param' => true, 'standby' => true, 'type' => true, 'usemap' => true, 'width' => true), 'param' => array('id' => true, 'name' => true, 'type' => true, 'value' => true, 'valuetype' => true), 'p' => array('class' => true, 'align' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'pre' => array('class' => true, 'style' => true, 'width' => true), 'q' => array('cite' => true), 's' => array('class' => true), 'section' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'small' => array('class' => true), 'source' => array('class' => true, 'id' => true, 'media' => true, 'src' => true, 'style' => true, 'type' => true), 'span' => array('class' => true, 'dir' => true, 'align' => true, 'lang' => true, 'style' => true, 'title' => true, 'xml:lang' => true, 'id' => true), 'strike' => array('class' => true), 'strong' => array('class' => true), 'sub' => array('class' => true), 'summary' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 'sup' => array('class' => true), 'table' => array('align' => true, 'bgcolor' => true, 'border' => true, 'cellpadding' => true, 'cellspacing' => true, 'class' => true, 'dir' => true, 'id' => true, 'rules' => true, 'style' => true, 'summary' => true, 'width' => true), 'tbody' => array('align' => true, 'char' => true, 'charoff' => true, 'valign' => true), 'td' => array('abbr' => true, 'align' => true, 'axis' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'class' => true, 'colspan' => true, 'dir' => true, 'headers' => true, 'height' => true, 'nowrap' => true, 'rowspan' => true, 'scope' => true, 'style' => true, 'valign' => true, 'width' => true), 'tfoot' => array('align' => true, 'char' => true, 'class' => true, 'charoff' => true, 'valign' => true), 'th' => array('abbr' => true, 'align' => true, 'axis' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'class' => true, 'colspan' => true, 'headers' => true, 'height' => true, 'nowrap' => true, 'rowspan' => true, 'scope' => true, 'valign' => true, 'width' => true), 'thead' => array('align' => true, 'char' => true, 'charoff' => true, 'class' => true, 'valign' => true), 'title' => array('class' => true), 'tr' => array('align' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'class' => true, 'style' => true, 'valign' => true), 'tt' => array('class' => true), 'u' => array('class' => true), 'ul' => array('class' => true, 'style' => true, 'type' => true), 'ol' => array('class' => true, 'start' => true, 'style' => true, 'type' => true), 'var' => array('class' => true), 'video' => array('autoplay' => true, 'class' => true, 'controls' => true, 'height' => true, 'id' => true, 'loop' => true, 'muted' => true, 'poster' => true, 'preload' => true, 'src' => true, 'style' => true, 'width' => true)); 599 $allowedforumtags = array('address' => array('class' => true), 600 'a' => array('class' => true, 'href' => true, 'id' => true, 'title' => true, 'rel' => true, 'rev' => true, 'name' => true, 'target' => true, 'style' => true), 601 'abbr' => array('class' => true, 'title' => true), 602 'acronym' => array('title' => true, 'class' => true), 603 'article' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 604 'aside' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 605 'audio' => array('autoplay' => true, 'class' => true, 'controls' => true, 'id' => true, 'loop' => true, 'muted' => true, 'poster' => true, 'preload' => true, 'src' => true, 'style' => true), 606 'b' => array('class' => true), 607 'big' => array('class' => true), 608 'blockquote' => array('id' => true, 'cite' => true, 'class' => true, 'lang' => true, 'xml:lang' => true, 'style' => true), 609 'br' => array('class' => true), 610 'caption' => array('align' => true, 'class' => true), 611 'cite' => array('class' => true, 'dir' => true, 'lang' => true, 'title' => true), 612 'code' => array('class' => true, 'style' => true), 'dd' => array('class' => true), 613 'del' => array('datetime' => true), 614 'details' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'open' => true, 'style' => true, 'xml:lang' => true), 615 'div' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 616 'dl' => array('class' => true), 617 'dt' => array('class' => true), 618 'em' => array('class' => true), 619 'figure' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 620 'figcaption' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 621 'font' => array('color' => true, 'face' => true, 'size' => true), 622 'footer' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 623 'header' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 624 'hgroup' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 625 'h1' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 626 'h2' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 627 'h3' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 628 'h4' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 629 'h5' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 630 'h6' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 631 'hr' => array('align' => true, 'class' => true, 'noshade' => true, 'size' => true, 'width' => true), 632 'i' => array('class' => true), 633 'img' => array('alt' => true, 'title' => true, 'align' => true, 'border' => true, 'class' => true, 'height' => true, 'hspace' => true, 'longdesc' => true, 'vspace' => true, 'src' => true, 'style' => true, 'width' => true, 'data-upload' => true, 'data-width' => true, 'data-height' => true), 634 'ins' => array('datetime' => true, 'cite' => true), 635 'kbd' => array('class' => true), 636 'label' => array('for' => true), 637 'legend' => array('align' => true), 638 'li' => array('align' => true, 'class' => true, 'id' => true, 'style' => true), 639 'menu' => array('class' => true, 'style' => true, 'type' => true), 640 'nav' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 641 'param' => array('id' => true, 'name' => true, 'type' => true, 'value' => true, 'valuetype' => true), 642 'p' => array('class' => true, 'align' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 643 'pre' => array('class' => true, 'style' => true, 'width' => true), 'q' => array('cite' => true), 644 's' => array('class' => true), 645 'section' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 646 'small' => array('class' => true), 647 'source' => array('class' => true, 'id' => true, 'media' => true, 'src' => true, 'style' => true, 'type' => true), 648 'span' => array('class' => true, 'dir' => true, 'align' => true, 'lang' => true, 'style' => true, 'title' => true, 'xml:lang' => true, 'id' => true), 649 'strike' => array('class' => true), 650 'strong' => array('class' => true), 651 'sub' => array('class' => true), 652 'summary' => array('align' => true, 'class' => true, 'dir' => true, 'lang' => true, 'style' => true, 'xml:lang' => true), 653 'sup' => array('class' => true), 654 'table' => array('align' => true, 'bgcolor' => true, 'border' => true, 'cellpadding' => true, 'cellspacing' => true, 'class' => true, 'dir' => true, 'id' => true, 'rules' => true, 'style' => true, 'summary' => true, 'width' => true), 655 'tbody' => array('align' => true, 'char' => true, 'charoff' => true, 'valign' => true), 656 'td' => array('abbr' => true, 'align' => true, 'axis' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'class' => true, 'colspan' => true, 'dir' => true, 'headers' => true, 'height' => true, 'nowrap' => true, 'rowspan' => true, 'scope' => true, 'style' => true, 'valign' => true, 'width' => true), 657 'tfoot' => array('align' => true, 'char' => true, 'class' => true, 'charoff' => true, 'valign' => true), 658 'th' => array('abbr' => true, 'align' => true, 'axis' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'class' => true, 'colspan' => true, 'headers' => true, 'height' => true, 'nowrap' => true, 'rowspan' => true, 'scope' => true, 'valign' => true, 'width' => true), 659 'thead' => array('align' => true, 'char' => true, 'charoff' => true, 'class' => true, 'valign' => true), 660 'title' => array('class' => true), 661 'tr' => array('align' => true, 'bgcolor' => true, 'char' => true, 'charoff' => true, 'class' => true, 'style' => true, 'valign' => true), 662 'tt' => array('class' => true), 663 'u' => array('class' => true), 664 'ul' => array('class' => true, 'style' => true, 'type' => true), 665 'ol' => array('class' => true, 'start' => true, 'style' => true, 'type' => true), 666 'var' => array('class' => true), 667 'video' => array('autoplay' => true, 'class' => true, 'controls' => true, 'height' => true, 'id' => true, 'loop' => true, 'muted' => true, 'poster' => true, 'preload' => true, 'src' => true, 'style' => true, 'width' => true) 668 ); 600 669 601 670 $target = (isset(SP()->rewrites->pageData['forumid'])) ? SP()->rewrites->pageData['forumid'] : 'global'; 671 602 672 if (isset(SP()->user->thisUser) && SP()->auths->get('can_use_iframes', $target, SP()->user->thisUser->ID)) { 603 673 $allowedforumtags['iframe'] = array('width' => true, 'height' => true, 'frameborder' => true, 'src' => true, 'marginwidth' => true, 'marginheight' => true); 604 674 } 675 if (isset(SP()->user->thisUser) && SP()->auths->get('can_use_object_tag', $target, SP()->user->thisUser->ID)) { 676 $allowedforumtags['object'] = array('classid' => true, 'codebase' => true, 'codetype' => true, 'data' => true, 'declare' => true, 'height' => true, 'name' => true, 'param' => true, 'standby' => true, 'type' => true, 'usemap' => true, 'width' => true); 677 $allowedforumtags['embed'] = array('height' => true, 'name' => true, 'pallette' => true, 'src' => true, 'type' => true, 'width' => true); 678 } 605 679 606 680 $allowedforumtags = apply_filters('sph_kses_allowed_tags', $allowedforumtags); -
simplepress/trunk/sp-api/sp-api-class-spcuser.php
r2450100 r2804020 408 408 $sfmemberopts = SP()->options->get('sfmemberopts'); 409 409 if (isset($_COOKIE['sforum_'.COOKIEHASH]) && $sfmemberopts['sfcheckformember']) { 410 # Yes it is - a user not logged in 411 $username = $_COOKIE['sforum_'.COOKIEHASH]; 412 410 # Yes it is - a user not logged in. So grab the user name but sanitize it in case its used for anything other than a display. 411 $username = SP()->displayFilters->name($_COOKIE['sforum_'.COOKIEHASH]); 413 412 return $username; 414 413 } -
simplepress/trunk/sp-control.php
r2794238 r2804020 10 10 * Plugin Name: Simple:Press 11 11 * Plugin URI: https://simple-press.com 12 * Version: 6.8. 012 * Version: 6.8.1 13 13 * Description: The most versatile and feature-rich forums plugin for WordPress 14 14 * Author: The Simple:Press Team … … 341 341 # version and system control constants 342 342 define('SPPLUGNAME', 'Simple:Press'); 343 define('SPVERSION', '6.8. 0');343 define('SPVERSION', '6.8.1'); 344 344 345 345 # Define a variable that can be used for versioning scripts - required to force multisite to use different version numbers for each site. … … 358 358 } 359 359 360 define('SPBUILD', 1587 7);361 define('SPSILENT', 158 65);360 define('SPBUILD', 15878); 361 define('SPSILENT', 15878); 362 362 define('SPRELEASE', 'Release'); 363 363 -
simplepress/trunk/sp-startup/admin/spa-admin-menu.php
r2794238 r2804020 374 374 'tablet' => 'sfreloadtablist')); 375 375 if (!is_multisite() || is_super_admin()) { 376 $forms[SP()->primitives->admin_text('Theme Editor')] = array( 377 'editor' => 'sfreloadttedit'); 376 # Only allow the theme editor if defined in the wp-config.php file. 377 # Note that allowing this option allows the admin to write to ANY file in the wp installation folder. 378 # And, if the web server or php configuration is insecure, potentially write to any file on the server. 379 if (defined('SP_ALLOW_THEME_EDITOR') && SP_ALLOW_THEME_EDITOR) { 380 $forms[SP()->primitives->admin_text('Theme Editor')] = array( 381 'editor' => 'sfreloadttedit'); 382 } 378 383 $forms[SP()->primitives->admin_text('Custom CSS')] = array( 379 384 'css' => 'sfreloadcss'); … … 390 395 } 391 396 if (spa_saas_check()) { 392 unset($forms[SP()->primitives->admin_text('Theme Editor')]); 397 # The theme editor menu option is only allowed sometimes so check to make sure it's even in the array before attempting to unset it. 398 if (isset($forms[SP()->primitives->admin_text('Theme Editor')])) { 399 unset($forms[SP()->primitives->admin_text('Theme Editor')]); 400 } 393 401 } 394 402 if (spa_saas_check()) { -
simplepress/trunk/sp-startup/core/sp-core-support-functions.php
r2794238 r2804020 57 57 # first check that an uograde is actually necessary or whether we can do it silently 58 58 if (SP()->options->get('sfforceupgrade') == false && $current_build >= SPSILENT) { 59 # we can do it s liently...59 # we can do it silently... 60 60 require_once SP_PLUGIN_DIR.'/sp-startup/install/sp-upgrade-support.php'; 61 61 require_once SP_PLUGIN_DIR.'/sp-startup/install/sp-install-support.php'; -
simplepress/trunk/sp-startup/forum/sp-forum-framework.php
r2215409 r2804020 20 20 function sp_load_forum_scripts() { 21 21 # Older themes (Unified) define a constant SP_MOBILE_THEME now being deprecated. 22 # if this constant exists (custom Un fied theme) swap for theme cap registration22 # if this constant exists (custom Unified theme) swap for theme cap registration 23 23 if (defined('SP_MOBILE_THEME') && SP_MOBILE_THEME) add_theme_support('sp-theme-responsive'); 24 24 … … 62 62 'rejected' => SP()->primitives->front_text('This post is rejected because it contains embedded formatting, probably pasted in form MS Word or other WYSIWYG editor'), 63 63 'iframe' => SP()->primitives->front_text('This post contains an iframe which are disallowed'), 64 'object_tag' => SP()->primitives->front_text('This post contains an OBJECT tag which are disallowed'), 65 'embed_tag' => SP()->primitives->front_text('This post contains an EMBED tag which are disallowed'), 64 66 'savingpost' => SP()->primitives->front_text('Saving post'), 65 67 'nosearch' => SP()->primitives->front_text('No search text entered'), … … 107 109 do_action('sph_print_plugin_scripts', $footer); 108 110 109 # either enqueue the combines js script cache (checks for u dpates first) )or enqueue individual scripts111 # either enqueue the combines js script cache (checks for updates first) )or enqueue individual scripts 110 112 $combine_js = SP()->options->get('combinejs'); 111 113 if ($combine_js) { # use compressed scripts -
simplepress/trunk/sp-startup/install/sp-upgrade-support.php
r1972405 r2804020 123 123 sp_log_event(SPRELEASE, SPVERSION, SPBUILD, 0); 124 124 125 # and some final cleanu op tasks125 # and some final cleanup tasks 126 126 SP()->auths->reset_cache(); 127 127 -
simplepress/trunk/sp-startup/install/sp-upgrade.php
r2794238 r2804020 486 486 } 487 487 488 # Start of Upgrade Routines - 6.8.1 ============================================================ 489 $section = 15878; 490 if ($build < $section) { 491 492 // Add new AUTHS. 493 SP()->auths->add('can_use_object_tag', SP()->filters->esc_sql(SP()->primitives->admin_text_noesc('Can use OBJECT and EMBED tags in posts')), 1, 1, 0, 0, 3, SP()->primitives->admin_text('*** WARNING *** The use of the OBJECT and EMBEG tags is dangerous. Allowing users to embed objects enables them to launch a potential security threat against your website. Enabling the OBJECT and EMBED tags requires your trust in your users. Turn on with care.')); 494 sp_response($section); 495 } 496 488 497 # ****** IMPORTANT: THE FINAL $section values MUST be the same as the SPBUILD constant 489 498 # ****** for the Upgrade to complete correctly
Note: See TracChangeset
for help on using the changeset viewer.