1 |
commit: 10a9ee4edcef60c2189085d8ebd2cc0d31b62126 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 2 03:17:02 2019 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 2 03:17:02 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/blogs-gentoo.git/commit/?id=10a9ee4e |
7 |
|
8 |
Update easy-table 1.8 |
9 |
|
10 |
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> |
11 |
|
12 |
plugins/easy-table/easy-table.php | 56 ++++++++++----------------------------- |
13 |
plugins/easy-table/readme.txt | 12 ++++++--- |
14 |
2 files changed, 23 insertions(+), 45 deletions(-) |
15 |
|
16 |
diff --git a/plugins/easy-table/easy-table.php b/plugins/easy-table/easy-table.php |
17 |
index 4bfe285..1ade56f 100644 |
18 |
--- a/plugins/easy-table/easy-table.php |
19 |
+++ b/plugins/easy-table/easy-table.php |
20 |
@@ -4,7 +4,7 @@ Plugin Name: Easy Table |
21 |
Plugin URI: http://takien.com/ |
22 |
Description: Create table in post, page, or widget in easy way. |
23 |
Author: Takien |
24 |
-Version: 1.6 |
25 |
+Version: 1.8 |
26 |
Author URI: http://takien.com/ |
27 |
*/ |
28 |
|
29 |
@@ -106,7 +106,7 @@ function __construct(){ |
30 |
private function easy_table_base($return){ |
31 |
$easy_table_base = Array( |
32 |
'name' => 'Easy Table', |
33 |
- 'version' => '1.6', |
34 |
+ 'version' => '1.8', |
35 |
'plugin-domain' => 'easy-table' |
36 |
); |
37 |
return $easy_table_base[$return]; |
38 |
@@ -570,23 +570,24 @@ function themes(){ |
39 |
} |
40 |
return $themes; |
41 |
} |
42 |
-function theme_content() { |
43 |
- if(!isset($_GET['edit'])) { |
44 |
- return false; |
45 |
- } |
46 |
- $theme = $_GET['edit']; |
47 |
- $dir = plugin_dir_path(__FILE__).'themes/'; |
48 |
- if(is_writable($dir.$theme.'/style.css')) { |
49 |
- return file_get_contents($dir.$theme.'/style.css'); |
50 |
- } |
51 |
-} |
52 |
+ |
53 |
/** |
54 |
* Register plugin setting |
55 |
+* @since: 1.7 add sanitize_callback |
56 |
*/ |
57 |
function easy_table_register_setting() { |
58 |
- register_setting('easy_table_option_field', 'easy_table_plugin_option'); |
59 |
+ $args = array('sanitize_callback'=> array(&$this,'easy_table_sanitize_callback')); |
60 |
+ register_setting('easy_table_option_field', 'easy_table_plugin_option', $args); |
61 |
} |
62 |
|
63 |
+/** |
64 |
+* Add sanitize_callback to register_setting to filter the options value |
65 |
+* @since: 1.7 |
66 |
+*/ |
67 |
+ |
68 |
+function easy_table_sanitize_callback ( $value ) { |
69 |
+ return filter_var( $value,FILTER_CALLBACK, array("options"=>"strip_tags")); |
70 |
+} |
71 |
/** |
72 |
* Render form |
73 |
* @param array |
74 |
@@ -1085,35 +1086,6 @@ col4,col5,col6 |
75 |
|
76 |
</div> |
77 |
<div class="clear"></div> |
78 |
-<?php elseif($_GET['gettab'] == 'themes') : ?> |
79 |
- <h3><?php _e('Easy Table theme editor');?></h3> |
80 |
- |
81 |
- <div class="row"> |
82 |
- <div class="columns nine"> |
83 |
- <textarea name="" id="easy-table-theme-editor"><?php echo esc_textarea($this->theme_content());?></textarea> |
84 |
- <input type="submit" class="button primary" value="Save"/> |
85 |
- </div> |
86 |
- <div class="columns three"> |
87 |
- <ul> |
88 |
- <?php |
89 |
- foreach($this->themes() as $theme) { |
90 |
- echo ' |
91 |
- <li><a href="#">'.$theme.'</a> |
92 |
- <a href="options-general.php?page=easy-table&gettab=themes&edit='.$theme.'">edit</a> |
93 |
- <a href="&edit-theme=1&clone=1#">clone</a> |
94 |
- <a href="#">delete</a> |
95 |
- <a href="#">preview</a> |
96 |
- </li>'; |
97 |
- } |
98 |
- ?> |
99 |
- </ul> |
100 |
- <form action=""> |
101 |
- New theme: <br/> |
102 |
- <input type="text" value="" placeholder="Theme name" name="themename"/> |
103 |
- <input type="submit" value="Create"/> |
104 |
- </form> |
105 |
- </div> |
106 |
- </div> |
107 |
|
108 |
<?php elseif($_GET['gettab'] == 'support') : ?> |
109 |
<p>To ask question, please visit this plugin support on WordPress.org</p> |
110 |
|
111 |
diff --git a/plugins/easy-table/readme.txt b/plugins/easy-table/readme.txt |
112 |
index 4e09bf5..96036d6 100644 |
113 |
--- a/plugins/easy-table/readme.txt |
114 |
+++ b/plugins/easy-table/readme.txt |
115 |
@@ -2,9 +2,9 @@ |
116 |
Contributors: takien |
117 |
Donate link: http://takien.com/donate |
118 |
Tags: table,csv,csv-to-table,post,excel,csv file,widget,tablesorter |
119 |
-Requires at least: 3.0 |
120 |
-Tested up to: 4.4.1 |
121 |
-Stable tag: 1.6 |
122 |
+Requires at least: 4.0 |
123 |
+Tested up to: 4.9.8 |
124 |
+Stable tag: 1.8 |
125 |
License: GPLv2 or later |
126 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html |
127 |
|
128 |
@@ -248,6 +248,12 @@ No |
129 |
|
130 |
== Changelog == |
131 |
|
132 |
+= 1.8 = |
133 |
+* Remove unused and unsafe code that made this plugin taken down from repository. |
134 |
+ |
135 |
+= 1.7 = |
136 |
+* Add filter to the option values to prevent security issues (Vulnerability reported by Manuel Garcia Cardenas) |
137 |
+ |
138 |
= 1.6 = |
139 |
* Added: exclude_row, exclude_col argument. Useful to hide sort of rows or columns from your data. |
140 |
* Added: sslverify=false to wp_remote_get $args |