AddToAny Share Buttons - Version 1.8.0

Version Description

  • Switch to more recent WordPress functions (especially for loading plugin script assets)
  • Load the local JS file asynchronously by default
  • Update allowed HTML output for the floating bars
  • A centered horizontal floating bar now requires WordPress 5.5.0+ (or some custom CSS)
  • The addtoany_script_disabled hook now additionally disables the plugin's local JS & CSS
  • Additional input validation & sanitization in admin
  • Additional output escaping
Download this release

Release Info

Developer micropat
Plugin Icon 128x128 AddToAny Share Buttons
Version 1.8.0
Comparing to
See all releases

Code changes from version 1.7.48 to 1.8.0

Files changed (5) hide show
  1. README.txt +11 -2
  2. add-to-any.php +143 -134
  3. addtoany.admin.php +41 -49
  4. addtoany.compat.php +50 -0
  5. addtoany.widgets.php +8 -8
README.txt CHANGED
@@ -1,10 +1,10 @@
1
  === AddToAny Share Buttons ===
2
  Contributors: micropat, addtoany
3
  Tags: buttons, share, icons, social media, share buttons, sharing, share button, media, social, marketing, links, email, seo, woocommerce, google, linkedin, reddit, facebook, twitter, pinterest, whatsapp, instagram, youtube, share this, sharethis, feed
4
- Requires at least: 3.7
5
  Tested up to: 5.8
6
  Requires PHP: 5.6
7
- Stable tag: 1.7.48
8
 
9
  Share buttons for WordPress including the AddToAny sharing button, Facebook, Twitter, WhatsApp, Pinterest, Reddit, many more, and follow icons too.
10
 
@@ -346,6 +346,15 @@ Upload (or move) the `add-to-any` plugin directory into the `/wp-content/mu-plug
346
 
347
  == Changelog ==
348
 
 
 
 
 
 
 
 
 
 
349
  = 1.7.48 =
350
  * Escape a custom universal button's image URL
351
 
1
  === AddToAny Share Buttons ===
2
  Contributors: micropat, addtoany
3
  Tags: buttons, share, icons, social media, share buttons, sharing, share button, media, social, marketing, links, email, seo, woocommerce, google, linkedin, reddit, facebook, twitter, pinterest, whatsapp, instagram, youtube, share this, sharethis, feed
4
+ Requires at least: 4.5
5
  Tested up to: 5.8
6
  Requires PHP: 5.6
7
+ Stable tag: 1.8.0
8
 
9
  Share buttons for WordPress including the AddToAny sharing button, Facebook, Twitter, WhatsApp, Pinterest, Reddit, many more, and follow icons too.
10
 
346
 
347
  == Changelog ==
348
 
349
+ = 1.8.0 =
350
+ * Switch to more recent WordPress functions (especially for loading plugin script assets)
351
+ * Load the local JS file asynchronously by default
352
+ * Update allowed HTML output for the floating bars
353
+ * A centered horizontal floating bar now requires WordPress 5.5.0+ (or some custom CSS)
354
+ * The `addtoany_script_disabled` hook now additionally disables the plugin's local JS & CSS
355
+ * Additional input validation & sanitization in admin
356
+ * Additional output escaping
357
+
358
  = 1.7.48 =
359
  * Escape a custom universal button's image URL
360
 
add-to-any.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: AddToAny Share Buttons
4
  * Plugin URI: https://www.addtoany.com/
5
  * Description: Share buttons for your pages including AddToAny's universal sharing button, Facebook, Twitter, LinkedIn, Pinterest, WhatsApp and many more.
6
- * Version: 1.7.48
7
  * Author: AddToAny
8
  * Author URI: https://www.addtoany.com/
9
  * Text Domain: add-to-any
@@ -23,11 +23,7 @@ $A2A_locale = ! isset ( $A2A_locale ) ? '' : $A2A_locale;
23
  // Set plugin options.
24
  $A2A_SHARE_SAVE_options = get_option( 'addtoany_options', array() );
25
 
26
- // Require PHP 5.3 as a bare minimum for compatibility features that use anonymous functions (PHP 5.3+).
27
- if ( version_compare( phpversion(), '5.3.0', '>=' ) ) {
28
- include_once $A2A_SHARE_SAVE_plugin_dir . '/addtoany.compat.php';
29
- }
30
-
31
  include_once $A2A_SHARE_SAVE_plugin_dir . '/addtoany.services.php';
32
 
33
  function A2A_SHARE_SAVE_init() {
@@ -612,7 +608,7 @@ function ADDTOANY_FOLLOW_KIT( $args = array() ) {
612
  function ADDTOANY_SHARE_SAVE_FLOATING( $args = array() ) {
613
  $options = get_option( 'addtoany_options', array() );
614
 
615
- $floating_html_escaped = '';
616
 
617
  // Overridable by args below.
618
  $vertical_type = ( isset( $options['floating_vertical'] ) && 'none' != $options['floating_vertical']
@@ -704,7 +700,7 @@ function ADDTOANY_SHARE_SAVE_FLOATING( $args = array() ) {
704
  $vertical_args['kit_style'] .= 'background-color:transparent;';
705
  }
706
 
707
- $floating_html_escaped .= ADDTOANY_SHARE_SAVE_KIT( $vertical_args );
708
  }
709
 
710
  // Horizontal type?
@@ -751,143 +747,27 @@ function ADDTOANY_SHARE_SAVE_FLOATING( $args = array() ) {
751
  $horizontal_args['kit_style'] .= 'background-color:transparent;';
752
  }
753
 
754
- $floating_html_escaped .= ADDTOANY_SHARE_SAVE_KIT( $horizontal_args );
755
  }
756
  }
757
 
758
- if ( isset( $args['output_later'] ) && $args['output_later'] == true )
759
- return $floating_html_escaped;
760
- else
761
- echo $floating_html_escaped;
762
- }
763
-
764
-
765
- function A2A_SHARE_SAVE_head_script() {
766
- // Hook to disable script output.
767
- // Example: add_filter( 'addtoany_script_disabled', '__return_true' );
768
- $script_disabled = apply_filters( 'addtoany_script_disabled', false );
769
-
770
- if ( is_admin() || is_feed() || $script_disabled )
771
- return;
772
-
773
- if ( is_singular() ) {
774
- // Sharing disabled for this singular post?
775
- $sharing_disabled = get_post_meta( get_the_ID(), 'sharing_disabled', true );
776
- $sharing_disabled = apply_filters( 'addtoany_sharing_disabled', $sharing_disabled );
777
- }
778
-
779
- $options = get_option( 'addtoany_options', array() );
780
-
781
- // Use local cache?
782
- $cache = ! empty( $options['cache'] ) && '1' == $options['cache'] ? true : false;
783
- $upload_dir = wp_upload_dir();
784
- $cached_file = ! empty( $upload_dir['basedir'] ) && file_exists( $upload_dir['basedir'] . '/addtoany/page.js' ) ? $upload_dir['basedir'] . '/addtoany/page.js' : false;
785
- $querystring = '';
786
- // Is page.js actually cached?
787
- if ( $cache && $cached_file ) {
788
- // Is page.js recently cached, within 2 days (172800 seconds)?
789
- $modified_time = filemtime( $cached_file );
790
- $cache = $modified_time && time() - $modified_time < 172800 ? true : false;
791
- // If cache is recent
792
- if ( $cache ) {
793
- // Set a "ver" parameter's value to the file's modified time for cache management.
794
- $querystring = '?ver=' . $modified_time;
795
- } else {
796
- // Revert the cache option.
797
- A2A_SHARE_SAVE_revert_cache();
798
- }
799
  }
800
-
801
- // Set static server.
802
- $static_server = $cache ? $upload_dir['baseurl'] . '/addtoany' : 'https://static.addtoany.com/menu';
803
-
804
- // Icon colors.
805
- $icon_bg = ! empty( $options['icon_bg'] ) && in_array( $options['icon_bg'], array( 'custom', 'transparent' ) ) ? $options['icon_bg'] : false;
806
- $icon_bg_color = 'custom' === $icon_bg && ! empty( $options['icon_bg_color'] ) ? $options['icon_bg_color'] : '';
807
- $icon_bg_color = 'transparent' === $icon_bg ? 'transparent' : $icon_bg_color;
808
- $icon_fg = ! empty( $options['icon_fg'] ) && 'custom' === $options['icon_fg'] ? true : false;
809
- $icon_fg_color = $icon_fg && ! empty( $options['icon_fg_color'] ) ? ',' . $options['icon_fg_color'] : '';
810
- // Use "unset" keyword for background if only the foreground is set.
811
- $icon_bg_color = empty( $icon_bg_color ) && ! empty( $icon_fg_color ) ? 'unset' : $icon_bg_color;
812
- $icon_color = $icon_bg_color . $icon_fg_color;
813
-
814
- // Floating vertical relative to content.
815
- $floating_js_escaped = '';
816
- if (
817
- isset( $options['floating_vertical'] )
818
- && in_array( $options['floating_vertical'], array( 'left_attached', 'right_attached' ) )
819
- && ! empty( $options['floating_vertical_attached_to'] )
820
- && empty( $sharing_disabled )
821
- ) {
822
- // Top position.
823
- $floating_js_position = ( isset( $options['floating_vertical_position'] ) ) ? $options['floating_vertical_position'] . 'px' : '100px';
824
- // Left or right offset.
825
- $floating_js_offset = ( isset( $options['floating_vertical_offset'] ) ) ? $options['floating_vertical_offset'] . 'px' : '0px';
826
-
827
- // Style attribute (accepts "left" attached only).
828
- $floating_js_kit_style = 'left_attached' === $options['floating_vertical'] ? 'margin-left:' . $floating_js_offset . ';' : '';
829
- $floating_js_kit_style .= 'top:' . $floating_js_position . ';';
830
-
831
- $floating_js_escaped = "\n"
832
- . 'a2a_config.callbacks.push({'
833
- . 'ready: function(){'
834
- . 'var d=document;'
835
- . 'function a(){'
836
- . 'var c,e=d.createElement("div");'
837
- . 'e.innerHTML=' . wp_json_encode( ADDTOANY_SHARE_SAVE_FLOATING( array(
838
- 'output_later' => true,
839
- 'basic_html' => true,
840
- 'kit_style' => $floating_js_kit_style,
841
- 'vertical_type' => true,
842
- ) ) ) . ';'
843
- . 'c=d.querySelector(' . wp_json_encode( stripslashes( $options['floating_vertical_attached_to'] ) ) . ');'
844
- . 'if(c)c.appendChild(e.firstChild);'
845
- . 'a2a.init("page");'
846
- . '}'
847
- . 'if("loading"!==d.readyState)a();else d.addEventListener("DOMContentLoaded",a,false);'
848
- . '}'
849
- . '});';
850
  }
851
-
852
- // Enternal script call + initial JS + set-once variables.
853
- $additional_js = ( isset( $options['additional_js_variables'] ) ) ? $options['additional_js_variables'] : '';
854
- $script_configs_escaped = ( ( $cache ) ? "\n" . 'a2a_config.static_server=' . wp_json_encode( esc_url( $static_server ), JSON_UNESCAPED_SLASHES ) . ';' : '' )
855
- . ( $icon_color ? "\n" . 'a2a_config.icon_color="' . $icon_color . '";' : '' )
856
- . ( isset( $options['onclick'] ) && '1' == $options['onclick'] ? "\n" . 'a2a_config.onclick=1;' : '' )
857
- . ( $additional_js ? "\n" . stripslashes( $additional_js ) : '' );
858
-
859
- $javascript_header_escaped = "\n"
860
- . '<script data-cfasync="false">' . "\n"
861
- . 'window.a2a_config=window.a2a_config||{};'
862
- . 'a2a_config.callbacks=[];a2a_config.overlays=[];'
863
- . 'a2a_config.templates={};'
864
- . addtoany_menu_locale_escaped()
865
- . $floating_js_escaped
866
- . $script_configs_escaped
867
- . "\n"
868
- . '(function(d,s,a,b){'
869
- . 'a=d.createElement(s);'
870
- . 'b=d.getElementsByTagName(s)[0];'
871
- . 'a.async=1;'
872
- . 'a.src=' . wp_json_encode( esc_url( $static_server . '/page.js' . $querystring ), JSON_UNESCAPED_SLASHES ) . ';'
873
- . 'b.parentNode.insertBefore(a,b);'
874
- . '})(document,"script");'
875
- . "\n</script>\n";
876
-
877
- // Output escaped HTML. Arbitrary JavaScript is expected from users with the `unfiltered_html` capability.
878
- echo $javascript_header_escaped;
879
  }
880
 
881
- add_action( 'wp_head', 'A2A_SHARE_SAVE_head_script' );
882
-
883
  function A2A_SHARE_SAVE_footer_script() {
884
  if ( is_admin() || is_feed() )
885
  return;
886
 
887
- $floating_html_escaped = ADDTOANY_SHARE_SAVE_FLOATING( array( 'output_later' => true ) );
888
 
889
- // Output escaped HTML and avoid stripping positional styles with wp_kses*.
890
- echo $floating_html_escaped;
891
  }
892
 
893
  add_action( 'wp_footer', 'A2A_SHARE_SAVE_footer_script' );
@@ -1099,8 +979,10 @@ function A2A_SHARE_SAVE_stylesheet() {
1099
 
1100
  // If there is inline CSS
1101
  if ( 0 < strlen( $inline_css ) ) {
 
 
1102
  // Insert inline CSS.
1103
- wp_add_inline_style( 'addtoany', $inline_css );
1104
  }
1105
  }
1106
  }
@@ -1108,9 +990,136 @@ function A2A_SHARE_SAVE_stylesheet() {
1108
  add_action( 'wp_enqueue_scripts', 'A2A_SHARE_SAVE_stylesheet', 20 );
1109
 
1110
  function A2A_SHARE_SAVE_enqueue_script() {
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1111
  if ( wp_script_is( 'jquery', 'registered' ) ) {
1112
  wp_enqueue_script( 'addtoany', plugins_url('/addtoany.min.js', __FILE__ ), array( 'jquery' ), '1.1' );
 
 
1113
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1114
  }
1115
 
1116
  add_action( 'wp_enqueue_scripts', 'A2A_SHARE_SAVE_enqueue_script' );
3
  * Plugin Name: AddToAny Share Buttons
4
  * Plugin URI: https://www.addtoany.com/
5
  * Description: Share buttons for your pages including AddToAny's universal sharing button, Facebook, Twitter, LinkedIn, Pinterest, WhatsApp and many more.
6
+ * Version: 1.8.0
7
  * Author: AddToAny
8
  * Author URI: https://www.addtoany.com/
9
  * Text Domain: add-to-any
23
  // Set plugin options.
24
  $A2A_SHARE_SAVE_options = get_option( 'addtoany_options', array() );
25
 
26
+ include_once $A2A_SHARE_SAVE_plugin_dir . '/addtoany.compat.php';
 
 
 
 
27
  include_once $A2A_SHARE_SAVE_plugin_dir . '/addtoany.services.php';
28
 
29
  function A2A_SHARE_SAVE_init() {
608
  function ADDTOANY_SHARE_SAVE_FLOATING( $args = array() ) {
609
  $options = get_option( 'addtoany_options', array() );
610
 
611
+ $floating_html = '';
612
 
613
  // Overridable by args below.
614
  $vertical_type = ( isset( $options['floating_vertical'] ) && 'none' != $options['floating_vertical']
700
  $vertical_args['kit_style'] .= 'background-color:transparent;';
701
  }
702
 
703
+ $floating_html .= ADDTOANY_SHARE_SAVE_KIT( $vertical_args );
704
  }
705
 
706
  // Horizontal type?
747
  $horizontal_args['kit_style'] .= 'background-color:transparent;';
748
  }
749
 
750
+ $floating_html .= ADDTOANY_SHARE_SAVE_KIT( $horizontal_args );
751
  }
752
  }
753
 
754
+ if ( isset( $args['output_later'] ) && $args['output_later'] == true ) {
755
+ return $floating_html;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
756
  }
757
+ else {
758
+ // Output escaped HTML without stripping out positional styles as wp_kses* does.
759
+ echo addtoany_kses( $floating_html );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
760
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
761
  }
762
 
 
 
763
  function A2A_SHARE_SAVE_footer_script() {
764
  if ( is_admin() || is_feed() )
765
  return;
766
 
767
+ $floating_html = ADDTOANY_SHARE_SAVE_FLOATING( array( 'output_later' => true ) );
768
 
769
+ // Output escaped HTML without stripping out positional styles as wp_kses* does.
770
+ echo addtoany_kses( $floating_html );
771
  }
772
 
773
  add_action( 'wp_footer', 'A2A_SHARE_SAVE_footer_script' );
979
 
980
  // If there is inline CSS
981
  if ( 0 < strlen( $inline_css ) ) {
982
+ // Strip any HTML tags.
983
+ $inline_css = strip_tags( $inline_css );
984
  // Insert inline CSS.
985
+ wp_add_inline_style( 'addtoany', $inline_css );
986
  }
987
  }
988
  }
990
  add_action( 'wp_enqueue_scripts', 'A2A_SHARE_SAVE_stylesheet', 20 );
991
 
992
  function A2A_SHARE_SAVE_enqueue_script() {
993
+ // Hook to disable script output.
994
+ // Example: add_filter( 'addtoany_script_disabled', '__return_true' );
995
+ $script_disabled = apply_filters( 'addtoany_script_disabled', false );
996
+
997
+ if ( is_admin() || is_feed() || $script_disabled )
998
+ return;
999
+
1000
+ if ( is_singular() ) {
1001
+ // Sharing disabled for this singular post?
1002
+ $sharing_disabled = get_post_meta( get_the_ID(), 'sharing_disabled', true );
1003
+ $sharing_disabled = apply_filters( 'addtoany_sharing_disabled', $sharing_disabled );
1004
+ }
1005
+
1006
+ $options = get_option( 'addtoany_options', array() );
1007
+
1008
+ // Use local cache?
1009
+ $cache = ! empty( $options['cache'] ) && '1' == $options['cache'] ? true : false;
1010
+ $upload_dir = wp_upload_dir();
1011
+ $cached_file = ! empty( $upload_dir['basedir'] ) && file_exists( $upload_dir['basedir'] . '/addtoany/page.js' ) ? $upload_dir['basedir'] . '/addtoany/page.js' : false;
1012
+ $querystring = '';
1013
+ // Is page.js actually cached?
1014
+ if ( $cache && $cached_file ) {
1015
+ // Is page.js recently cached, within 2 days (172800 seconds)?
1016
+ $modified_time = filemtime( $cached_file );
1017
+ $cache = $modified_time && time() - $modified_time < 172800 ? true : false;
1018
+ // If cache is recent
1019
+ if ( $cache ) {
1020
+ // Set a "ver" parameter's value to the file's modified time for cache management.
1021
+ $querystring = '?ver=' . $modified_time;
1022
+ } else {
1023
+ // Revert the cache option.
1024
+ A2A_SHARE_SAVE_revert_cache();
1025
+ }
1026
+ }
1027
+
1028
+ // Set static server.
1029
+ $static_server = $cache ? $upload_dir['baseurl'] . '/addtoany' : 'https://static.addtoany.com/menu';
1030
+
1031
+ // Icon colors.
1032
+ $icon_bg = ! empty( $options['icon_bg'] ) && in_array( $options['icon_bg'], array( 'custom', 'transparent' ) ) ? $options['icon_bg'] : false;
1033
+ $icon_bg_color = 'custom' === $icon_bg && ! empty( $options['icon_bg_color'] ) ? $options['icon_bg_color'] : '';
1034
+ $icon_bg_color = 'transparent' === $icon_bg ? 'transparent' : $icon_bg_color;
1035
+ $icon_fg = ! empty( $options['icon_fg'] ) && 'custom' === $options['icon_fg'] ? true : false;
1036
+ $icon_fg_color = $icon_fg && ! empty( $options['icon_fg_color'] ) ? ',' . $options['icon_fg_color'] : '';
1037
+ // Use "unset" keyword for background if only the foreground is set.
1038
+ $icon_bg_color = empty( $icon_bg_color ) && ! empty( $icon_fg_color ) ? 'unset' : $icon_bg_color;
1039
+ $icon_color = $icon_bg_color . $icon_fg_color;
1040
+
1041
+ // Floating vertical relative to content.
1042
+ $floating_js_escaped = '';
1043
+ if (
1044
+ isset( $options['floating_vertical'] )
1045
+ && in_array( $options['floating_vertical'], array( 'left_attached', 'right_attached' ) )
1046
+ && ! empty( $options['floating_vertical_attached_to'] )
1047
+ && empty( $sharing_disabled )
1048
+ ) {
1049
+ // Top position.
1050
+ $floating_js_position = ( isset( $options['floating_vertical_position'] ) ) ? $options['floating_vertical_position'] . 'px' : '100px';
1051
+ // Left or right offset.
1052
+ $floating_js_offset = ( isset( $options['floating_vertical_offset'] ) ) ? $options['floating_vertical_offset'] . 'px' : '0px';
1053
+
1054
+ // Style attribute (accepts "left" attached only).
1055
+ $floating_js_kit_style = 'left_attached' === $options['floating_vertical'] ? 'margin-left:' . $floating_js_offset . ';' : '';
1056
+ $floating_js_kit_style .= 'top:' . $floating_js_position . ';';
1057
+
1058
+ $floating_js_escaped = "\n"
1059
+ . 'a2a_config.callbacks.push({'
1060
+ . 'ready: function(){'
1061
+ . 'var d=document;'
1062
+ . 'function a(){'
1063
+ . 'var c,e=d.createElement("div");'
1064
+ . 'e.innerHTML=' . wp_json_encode( ADDTOANY_SHARE_SAVE_FLOATING( array(
1065
+ 'output_later' => true,
1066
+ 'basic_html' => true,
1067
+ 'kit_style' => $floating_js_kit_style,
1068
+ 'vertical_type' => true,
1069
+ ) ) ) . ';'
1070
+ . 'c=d.querySelector(' . wp_json_encode( stripslashes( $options['floating_vertical_attached_to'] ) ) . ');'
1071
+ . 'if(c)c.appendChild(e.firstChild);'
1072
+ . 'a2a.init("page");'
1073
+ . '}'
1074
+ . 'if("loading"!==d.readyState)a();else d.addEventListener("DOMContentLoaded",a,false);'
1075
+ . '}'
1076
+ . '});';
1077
+ }
1078
+
1079
+ // Enternal script call + initial JS + set-once variables.
1080
+ $additional_js = ( isset( $options['additional_js_variables'] ) ) ? $options['additional_js_variables'] : '';
1081
+ $script_configs_escaped = ( ( $cache ) ? "\n" . 'a2a_config.static_server=' . wp_json_encode( esc_url( $static_server ), JSON_UNESCAPED_SLASHES ) . ';' : '' )
1082
+ . ( $icon_color ? "\n" . 'a2a_config.icon_color="' . $icon_color . '";' : '' )
1083
+ . ( isset( $options['onclick'] ) && '1' == $options['onclick'] ? "\n" . 'a2a_config.onclick=1;' : '' )
1084
+ . ( $additional_js ? "\n" . stripslashes( $additional_js ) : '' );
1085
+
1086
+ $inline_javascript = "\n"
1087
+ . 'window.a2a_config=window.a2a_config||{};'
1088
+ . 'a2a_config.callbacks=[];a2a_config.overlays=[];'
1089
+ . 'a2a_config.templates={};'
1090
+ . addtoany_menu_locale_escaped()
1091
+ . $floating_js_escaped
1092
+ . $script_configs_escaped
1093
+ . "\n"
1094
+ . '(function(d,s,a,b){'
1095
+ . 'a=d.createElement(s);'
1096
+ . 'b=d.getElementsByTagName(s)[0];'
1097
+ . 'a.async=1;'
1098
+ . 'a.src=' . wp_json_encode( esc_url( $static_server . '/page.js' . $querystring ), JSON_UNESCAPED_SLASHES ) . ';'
1099
+ . 'b.parentNode.insertBefore(a,b);'
1100
+ . '})(document,"script");'
1101
+ . "\n";
1102
+
1103
+ // Require an `addtoany` script to be queued because wp_add_inline_script() below requires a queued script.
1104
  if ( wp_script_is( 'jquery', 'registered' ) ) {
1105
  wp_enqueue_script( 'addtoany', plugins_url('/addtoany.min.js', __FILE__ ), array( 'jquery' ), '1.1' );
1106
+ } else {
1107
+ wp_enqueue_script( 'addtoany', '', array(), null );
1108
  }
1109
+
1110
+ // Add inline JavaScript. Arbitrary JavaScript is expected from users with the `unfiltered_html` capability.
1111
+ wp_add_inline_script( 'addtoany', $inline_javascript );
1112
+
1113
+ // Adjust script tag attributes.
1114
+ add_filter( 'script_loader_tag', function ( $tag, $handle, $src ) {
1115
+ if ( 'addtoany' === $handle ) {
1116
+ // Add async attribute to the script tag with the src attribute.
1117
+ $tag = preg_replace( '/<script src/', '<script async src', $tag, 1 );
1118
+ // Add data-cfasync="false" attribute to the inline script tag.
1119
+ $tag = preg_replace( '/<script id=\'addtoany-js-/', '<script data-cfasync="false" id=\'addtoany-js-', $tag, 1 );
1120
+ }
1121
+ return $tag;
1122
+ }, 10, 3 );
1123
  }
1124
 
1125
  add_action( 'wp_enqueue_scripts', 'A2A_SHARE_SAVE_enqueue_script' );
addtoany.admin.php CHANGED
@@ -108,9 +108,6 @@ function A2A_SHARE_SAVE_enqueue_pointer_script_style( $hook_suffix ) {
108
  add_action( 'admin_enqueue_scripts', 'A2A_SHARE_SAVE_enqueue_pointer_script_style' );
109
 
110
  function A2A_SHARE_SAVE_pointer_print_scripts() {
111
- $pointer_content_settings_safe = '<h3>AddToAny Sharing Settings</h3>';
112
- $pointer_content_settings_safe .= '<p>To customize your AddToAny share buttons, click &quot;AddToAny&quot; in the Settings menu.</p>';
113
-
114
  // Get array list of dismissed pointers for current user and convert it to array
115
  $dismissed_pointers = explode( ',', get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) );
116
  ?>
@@ -119,7 +116,7 @@ function A2A_SHARE_SAVE_pointer_print_scripts() {
119
  <?php if ( ! in_array( 'addtoany_settings_pointer', $dismissed_pointers ) ) : ?>
120
  jQuery(document).ready( function($) {
121
  $('#menu-settings').pointer({
122
- content: '<?php echo $pointer_content_settings_safe; ?>',
123
  position: {
124
  edge: 'left', // arrow direction
125
  align: 'center' // vertical alignment
@@ -191,30 +188,30 @@ function _a2a_disabled_attr() {
191
  }
192
  }
193
 
194
- function _a2a_valid_hex_color( $value ) {
195
  if ( preg_match( '/^#[a-f0-9]{6}$/i', $value ) ) {
196
- return true;
197
  }
198
 
199
- return false;
200
  }
201
 
202
- function _a2a_valid_content_position_selection( $value ) {
203
- return in_array( $value, array('top', 'bottom', 'both') ) ? true : false;
204
  }
205
 
206
- function _a2a_valid_floating_bg_color_selection( $value ) {
207
- return in_array( $value, array( 'transparent', 'custom' ) ) ? true : false;
208
  }
209
 
210
- function _a2a_valid_icon_color_selection( $value, $bg_or_fg ) {
211
  if ( 'bg' === $bg_or_fg ) {
212
  $valid_selections = array('original', 'custom', 'transparent');
213
  } elseif ( 'fg' === $bg_or_fg ) {
214
  $valid_selections = array('original', 'custom');
215
  }
216
 
217
- return in_array( $value, $valid_selections ) ? true : false;
218
  }
219
 
220
  function A2A_SHARE_SAVE_options_page() {
@@ -295,8 +292,8 @@ function A2A_SHARE_SAVE_options_page() {
295
  is_numeric( $_POST['A2A_SHARE_SAVE_floating_horizontal_icon_size'] )
296
  ) ? $_POST['A2A_SHARE_SAVE_floating_horizontal_icon_size'] : '32';
297
 
298
- $new_options['floating_horizontal_bg'] = _a2a_valid_floating_bg_color_selection( $_POST['A2A_SHARE_SAVE_floating_horizontal_bg'] ) ? $_POST['A2A_SHARE_SAVE_floating_horizontal_bg'] : 'transparent';
299
- $new_options['floating_horizontal_bg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_floating_horizontal_bg_color'] ) ? $_POST['A2A_SHARE_SAVE_floating_horizontal_bg_color'] : '#ffffff';
300
 
301
  $new_options['floating_vertical_position'] = (
302
  isset( $_POST['A2A_SHARE_SAVE_floating_vertical_position'] ) &&
@@ -347,13 +344,13 @@ function A2A_SHARE_SAVE_options_page() {
347
  is_numeric( $_POST['A2A_SHARE_SAVE_floating_vertical_icon_size'] )
348
  ) ? $_POST['A2A_SHARE_SAVE_floating_vertical_icon_size'] : '32';
349
 
350
- $new_options['floating_vertical_bg'] = _a2a_valid_floating_bg_color_selection( $_POST['A2A_SHARE_SAVE_floating_vertical_bg'] ) ? $_POST['A2A_SHARE_SAVE_floating_vertical_bg'] : 'transparent';
351
- $new_options['floating_vertical_bg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_floating_vertical_bg_color'] ) ? $_POST['A2A_SHARE_SAVE_floating_vertical_bg_color'] : '#ffffff';
352
 
353
  } else {
354
  // Standard options screen
355
 
356
- $new_options['position'] = ( _a2a_valid_content_position_selection( $_POST['A2A_SHARE_SAVE_position'] ) ) ? $_POST['A2A_SHARE_SAVE_position'] : 'bottom';
357
  $new_options['display_in_posts_on_front_page'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_posts_on_front_page'] ) && $_POST['A2A_SHARE_SAVE_display_in_posts_on_front_page'] == '1' ) ? '1' : '-1';
358
  $new_options['display_in_posts_on_archive_pages'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_posts_on_archive_pages'] ) && $_POST['A2A_SHARE_SAVE_display_in_posts_on_archive_pages'] == '1' ) ? '1' : '-1';
359
  $new_options['display_in_excerpts'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_excerpts'] ) && $_POST['A2A_SHARE_SAVE_display_in_excerpts'] == '1' ) ? '1' : '-1';
@@ -363,14 +360,14 @@ function A2A_SHARE_SAVE_options_page() {
363
  $new_options['display_in_feed'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_feed'] ) && $_POST['A2A_SHARE_SAVE_display_in_feed'] == '1' ) ? '1' : '-1';
364
  $new_options['onclick'] = ( isset( $_POST['A2A_SHARE_SAVE_onclick'] ) && $_POST['A2A_SHARE_SAVE_onclick'] == '1' ) ? '1' : '-1';
365
  $new_options['icon_size'] = ( ! empty( $_POST['A2A_SHARE_SAVE_icon_size'] ) && is_numeric( $_POST['A2A_SHARE_SAVE_icon_size'] ) ) ? $_POST['A2A_SHARE_SAVE_icon_size'] : '32';
366
- $new_options['icon_bg'] = _a2a_valid_icon_color_selection( $_POST['A2A_SHARE_SAVE_icon_bg'], 'bg' ) ? $_POST['A2A_SHARE_SAVE_icon_bg'] : 'original';
367
- $new_options['icon_bg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_icon_bg_color'] ) ? $_POST['A2A_SHARE_SAVE_icon_bg_color'] : '#2a2a2a';
368
- $new_options['icon_fg'] = _a2a_valid_icon_color_selection( $_POST['A2A_SHARE_SAVE_icon_fg'], 'fg' ) ? $_POST['A2A_SHARE_SAVE_icon_fg'] : 'original';
369
- $new_options['icon_fg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_icon_fg_color'] ) ? $_POST['A2A_SHARE_SAVE_icon_fg_color'] : '#ffffff';
370
  $new_options['button'] = ( isset( $_POST['A2A_SHARE_SAVE_button'] ) ) ? sanitize_text_field( $_POST['A2A_SHARE_SAVE_button'] ) : '';
371
  $new_options['button_custom'] = ( isset( $_POST['A2A_SHARE_SAVE_button_custom'] ) ) ? sanitize_text_field( $_POST['A2A_SHARE_SAVE_button_custom'] ) : '';
372
  $new_options['button_show_count'] = ( isset( $_POST['A2A_SHARE_SAVE_button_show_count'] ) && $_POST['A2A_SHARE_SAVE_button_show_count'] == '1' ) ? '1' : '-1';
373
- $new_options['header'] = ( isset( $_POST['A2A_SHARE_SAVE_header'] ) && current_user_can( 'unfiltered_html' ) ) ? $_POST['A2A_SHARE_SAVE_header'] : '';
374
  $new_options['additional_js_variables'] = ( isset( $_POST['A2A_SHARE_SAVE_additional_js_variables'] ) && current_user_can( 'unfiltered_html' ) ) ? trim( $_POST['A2A_SHARE_SAVE_additional_js_variables'] ) : '';
375
  $new_options['additional_css'] = ( isset( $_POST['A2A_SHARE_SAVE_additional_css'] ) && current_user_can( 'unfiltered_html' ) ) ? trim( $_POST['A2A_SHARE_SAVE_additional_css'] ) : '';
376
  $new_options['custom_icons'] = ( isset( $_POST['A2A_SHARE_SAVE_custom_icons'] ) && $_POST['A2A_SHARE_SAVE_custom_icons'] == 'url' ) ? 'url' : '-1';
@@ -516,10 +513,9 @@ function A2A_SHARE_SAVE_options_page() {
516
  if ( ! isset( $site['icon'] ) )
517
  $site['icon'] = 'default';
518
 
519
- $special_service_class_attr_safe = ( in_array( $service_safe_name, array( 'pinterest', 'reddit', 'tumblr', ) ) )
520
- ? ' class="addtoany_special_service"' : '';
521
  ?>
522
- <li data-addtoany-icon-name="<?php echo esc_attr( $site['icon'] ); ?>"<?php echo $special_service_class_attr_safe; ?> id="a2a_wp_<?php echo esc_attr( $service_safe_name ); ?>" title="<?php echo esc_attr( $site['name'] ); ?>">
523
  <img src="<?php echo esc_attr( isset( $site['icon_url'] ) ? $site['icon_url'] : $A2A_SHARE_SAVE_plugin_url.'/icons/'.$site['icon'].'.svg' ); ?>" width="<?php echo isset( $site['icon_width'] ) ? esc_attr( $site['icon_width'] ) : '24'; ?>" height="<?php echo isset( $site['icon_height'] ) ? esc_attr( $site['icon_height'] ) : '24'; ?>"<?php if ( isset( $site['color'] ) ) : ?> style="background-color:#<?php echo esc_attr( $site['color'] ); endif; ?>"><?php echo esc_html( $site['name'] ); ?>
524
  </li>
525
  <?php
@@ -655,7 +651,7 @@ function A2A_SHARE_SAVE_options_page() {
655
  ?>
656
  <br/>
657
  <label>
658
- <input name="A2A_SHARE_SAVE_display_in_cpt_<?php echo $placement_name; ?>" type="checkbox"<?php if ( ! isset( $options['display_in_cpt_' . $placement_name] ) || $options['display_in_cpt_' . $placement_name] != '-1' ) echo ' checked="checked"'; ?> value="1"/>
659
  <?php printf(
660
  /* translators: 1: Position in content 2: Name of the custom post type */
661
  __( 'Display at the %1$s of %2$s', 'add-to-any' ),
@@ -1107,7 +1103,7 @@ function A2A_SHARE_SAVE_admin_head() {
1107
  $admin_services_saved = isset( $_POST['A2A_SHARE_SAVE_active_services'] ) && isset( $_POST['Submit'] );
1108
 
1109
  if ( $admin_services_saved ) {
1110
- $active_services = isset( $_POST['A2A_SHARE_SAVE_active_services'] ) ? (array) $_POST['A2A_SHARE_SAVE_active_services'] : array();
1111
  } elseif ( ! $admin_services_saved && isset( $options['active_services'] ) ) {
1112
  $active_services = $options['active_services'];
1113
  } else {
@@ -1115,17 +1111,12 @@ function A2A_SHARE_SAVE_admin_head() {
1115
  $active_services = array( 'facebook', 'twitter', 'email' );
1116
  }
1117
 
1118
- $active_services_last = end($active_services);
1119
- if($admin_services_saved)
1120
- $active_services_last = substr($active_services_last, 7); // Remove a2a_wp_
1121
- $active_services_quoted_escaped = '';
1122
- $counters_enabled_js = '';
1123
  foreach ($active_services as $service) {
1124
  if ( $admin_services_saved )
1125
  $service = substr( $service, 7 ); // Remove a2a_wp_
1126
- $active_services_quoted_escaped .= json_encode( $service );
1127
- if ( $service != $active_services_last )
1128
- $active_services_quoted_escaped .= ',';
1129
 
1130
  // AddToAny counter enabled?
1131
  if ( in_array( $service, array( 'pinterest', 'reddit', 'tumblr', ) ) ) {
@@ -1135,38 +1126,39 @@ function A2A_SHARE_SAVE_admin_head() {
1135
  && isset( $options['special_' . $service . '_options']['show_count'] )
1136
  && $options['special_' . $service . '_options']['show_count'] == '1'
1137
  ) {
1138
- $counters_enabled_js .= 'service_options.' . $service . ' = {show_count: 1};';
1139
  }
1140
  }
1141
  }
1142
  ?>
1143
- var services = [<?php echo $active_services_quoted_escaped; ?>],
1144
- service_options = {};
1145
 
1146
- <?php
1147
- // Special service options (enabled counters) if any
1148
- echo $counters_enabled_js;
1149
 
1150
- echo 'service_options.facebook_like = {};';
1151
  if ( isset( $_POST['addtoany_facebook_like_verb'] ) && $_POST['addtoany_facebook_like_verb'] == 'recommend'
1152
  || ! isset( $_POST['addtoany_facebook_like_verb'] )
1153
  && isset( $options['special_facebook_like_options'] ) && isset( $options['special_facebook_like_options']['verb'] )
1154
- && $options['special_facebook_like_options']['verb'] == 'recommend' ) {
1155
- ?>service_options.facebook_like.verb = 'recommend';<?php
 
1156
  }
1157
  if ( isset( $_POST['addtoany_facebook_like_show_count'] ) && $_POST['addtoany_facebook_like_show_count'] == '1'
1158
  || ! isset( $_POST['addtoany_facebook_like_show_count'] )
1159
  && isset( $options['special_facebook_like_options'] ) && isset( $options['special_facebook_like_options']['show_count'] )
1160
- && $options['special_facebook_like_options']['show_count'] == '1' ) {
1161
- ?>service_options.facebook_like.show_count = 1;<?php
 
1162
  }
1163
  if ( isset( $_POST['addtoany_pinterest_pin_show_count'] ) && $_POST['addtoany_pinterest_pin_show_count'] == '1'
1164
  || ! isset( $_POST['addtoany_pinterest_pin_show_count'] )
1165
  && isset( $options['special_pinterest_pin_options'] ) && isset( $options['special_pinterest_pin_options']['show_count'] )
1166
- && $options['special_pinterest_pin_options']['show_count'] == '1' ) {
1167
- ?>service_options.pinterest_pin = {show_count: 1};<?php
 
1168
  }
1169
  ?>
 
 
1170
 
1171
  jQuery.each(services, function(i, val) {
1172
  try {
108
  add_action( 'admin_enqueue_scripts', 'A2A_SHARE_SAVE_enqueue_pointer_script_style' );
109
 
110
  function A2A_SHARE_SAVE_pointer_print_scripts() {
 
 
 
111
  // Get array list of dismissed pointers for current user and convert it to array
112
  $dismissed_pointers = explode( ',', get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) );
113
  ?>
116
  <?php if ( ! in_array( 'addtoany_settings_pointer', $dismissed_pointers ) ) : ?>
117
  jQuery(document).ready( function($) {
118
  $('#menu-settings').pointer({
119
+ content: '<h3>AddToAny Sharing Settings</h3><p>To customize your AddToAny share buttons, click &quot;AddToAny&quot; in the Settings menu.</p>',
120
  position: {
121
  edge: 'left', // arrow direction
122
  align: 'center' // vertical alignment
188
  }
189
  }
190
 
191
+ function _a2a_valid_hex_color( $value, $default ) {
192
  if ( preg_match( '/^#[a-f0-9]{6}$/i', $value ) ) {
193
+ return $value;
194
  }
195
 
196
+ return $default;
197
  }
198
 
199
+ function _a2a_valid_content_position_selection( $value, $default ) {
200
+ return in_array( $value, array('top', 'bottom', 'both') ) ? $value : $default;
201
  }
202
 
203
+ function _a2a_valid_floating_bg_color_selection( $value, $default ) {
204
+ return in_array( $value, array( 'transparent', 'custom' ) ) ? $value : $default;
205
  }
206
 
207
+ function _a2a_valid_icon_color_selection( $bg_or_fg, $value, $default ) {
208
  if ( 'bg' === $bg_or_fg ) {
209
  $valid_selections = array('original', 'custom', 'transparent');
210
  } elseif ( 'fg' === $bg_or_fg ) {
211
  $valid_selections = array('original', 'custom');
212
  }
213
 
214
+ return in_array( $value, $valid_selections ) ? $value : $default;
215
  }
216
 
217
  function A2A_SHARE_SAVE_options_page() {
292
  is_numeric( $_POST['A2A_SHARE_SAVE_floating_horizontal_icon_size'] )
293
  ) ? $_POST['A2A_SHARE_SAVE_floating_horizontal_icon_size'] : '32';
294
 
295
+ $new_options['floating_horizontal_bg'] = _a2a_valid_floating_bg_color_selection( $_POST['A2A_SHARE_SAVE_floating_horizontal_bg'], 'transparent' );
296
+ $new_options['floating_horizontal_bg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_floating_horizontal_bg_color'], '#ffffff' );
297
 
298
  $new_options['floating_vertical_position'] = (
299
  isset( $_POST['A2A_SHARE_SAVE_floating_vertical_position'] ) &&
344
  is_numeric( $_POST['A2A_SHARE_SAVE_floating_vertical_icon_size'] )
345
  ) ? $_POST['A2A_SHARE_SAVE_floating_vertical_icon_size'] : '32';
346
 
347
+ $new_options['floating_vertical_bg'] = _a2a_valid_floating_bg_color_selection( $_POST['A2A_SHARE_SAVE_floating_vertical_bg'], 'transparent' );
348
+ $new_options['floating_vertical_bg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_floating_vertical_bg_color'], '#ffffff' );
349
 
350
  } else {
351
  // Standard options screen
352
 
353
+ $new_options['position'] = _a2a_valid_content_position_selection( $_POST['A2A_SHARE_SAVE_position'], 'bottom' );
354
  $new_options['display_in_posts_on_front_page'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_posts_on_front_page'] ) && $_POST['A2A_SHARE_SAVE_display_in_posts_on_front_page'] == '1' ) ? '1' : '-1';
355
  $new_options['display_in_posts_on_archive_pages'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_posts_on_archive_pages'] ) && $_POST['A2A_SHARE_SAVE_display_in_posts_on_archive_pages'] == '1' ) ? '1' : '-1';
356
  $new_options['display_in_excerpts'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_excerpts'] ) && $_POST['A2A_SHARE_SAVE_display_in_excerpts'] == '1' ) ? '1' : '-1';
360
  $new_options['display_in_feed'] = ( isset( $_POST['A2A_SHARE_SAVE_display_in_feed'] ) && $_POST['A2A_SHARE_SAVE_display_in_feed'] == '1' ) ? '1' : '-1';
361
  $new_options['onclick'] = ( isset( $_POST['A2A_SHARE_SAVE_onclick'] ) && $_POST['A2A_SHARE_SAVE_onclick'] == '1' ) ? '1' : '-1';
362
  $new_options['icon_size'] = ( ! empty( $_POST['A2A_SHARE_SAVE_icon_size'] ) && is_numeric( $_POST['A2A_SHARE_SAVE_icon_size'] ) ) ? $_POST['A2A_SHARE_SAVE_icon_size'] : '32';
363
+ $new_options['icon_bg'] = _a2a_valid_icon_color_selection( 'bg', $_POST['A2A_SHARE_SAVE_icon_bg'], 'original' );
364
+ $new_options['icon_bg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_icon_bg_color'], '#2a2a2a' );
365
+ $new_options['icon_fg'] = _a2a_valid_icon_color_selection( 'fg', $_POST['A2A_SHARE_SAVE_icon_fg'], 'original' );
366
+ $new_options['icon_fg_color'] = _a2a_valid_hex_color( $_POST['A2A_SHARE_SAVE_icon_fg_color'], '#ffffff' );
367
  $new_options['button'] = ( isset( $_POST['A2A_SHARE_SAVE_button'] ) ) ? sanitize_text_field( $_POST['A2A_SHARE_SAVE_button'] ) : '';
368
  $new_options['button_custom'] = ( isset( $_POST['A2A_SHARE_SAVE_button_custom'] ) ) ? sanitize_text_field( $_POST['A2A_SHARE_SAVE_button_custom'] ) : '';
369
  $new_options['button_show_count'] = ( isset( $_POST['A2A_SHARE_SAVE_button_show_count'] ) && $_POST['A2A_SHARE_SAVE_button_show_count'] == '1' ) ? '1' : '-1';
370
+ $new_options['header'] = ( isset( $_POST['A2A_SHARE_SAVE_header'] ) && current_user_can( 'unfiltered_html' ) ) ? wp_kses_post( $_POST['A2A_SHARE_SAVE_header'] ) : '';
371
  $new_options['additional_js_variables'] = ( isset( $_POST['A2A_SHARE_SAVE_additional_js_variables'] ) && current_user_can( 'unfiltered_html' ) ) ? trim( $_POST['A2A_SHARE_SAVE_additional_js_variables'] ) : '';
372
  $new_options['additional_css'] = ( isset( $_POST['A2A_SHARE_SAVE_additional_css'] ) && current_user_can( 'unfiltered_html' ) ) ? trim( $_POST['A2A_SHARE_SAVE_additional_css'] ) : '';
373
  $new_options['custom_icons'] = ( isset( $_POST['A2A_SHARE_SAVE_custom_icons'] ) && $_POST['A2A_SHARE_SAVE_custom_icons'] == 'url' ) ? 'url' : '-1';
513
  if ( ! isset( $site['icon'] ) )
514
  $site['icon'] = 'default';
515
 
516
+ $is_special_service = in_array( $service_safe_name, array( 'pinterest', 'reddit', 'tumblr', ) );
 
517
  ?>
518
+ <li data-addtoany-icon-name="<?php echo esc_attr( $site['icon'] ); ?>"<?php if ( $is_special_service ) echo ' class="addtoany_special_service"'; ?> id="a2a_wp_<?php echo esc_attr( $service_safe_name ); ?>" title="<?php echo esc_attr( $site['name'] ); ?>">
519
  <img src="<?php echo esc_attr( isset( $site['icon_url'] ) ? $site['icon_url'] : $A2A_SHARE_SAVE_plugin_url.'/icons/'.$site['icon'].'.svg' ); ?>" width="<?php echo isset( $site['icon_width'] ) ? esc_attr( $site['icon_width'] ) : '24'; ?>" height="<?php echo isset( $site['icon_height'] ) ? esc_attr( $site['icon_height'] ) : '24'; ?>"<?php if ( isset( $site['color'] ) ) : ?> style="background-color:#<?php echo esc_attr( $site['color'] ); endif; ?>"><?php echo esc_html( $site['name'] ); ?>
520
  </li>
521
  <?php
651
  ?>
652
  <br/>
653
  <label>
654
+ <input name="A2A_SHARE_SAVE_display_in_cpt_<?php echo esc_attr( $placement_name ); ?>" type="checkbox"<?php if ( ! isset( $options['display_in_cpt_' . $placement_name] ) || $options['display_in_cpt_' . $placement_name] != '-1' ) echo ' checked="checked"'; ?> value="1"/>
655
  <?php printf(
656
  /* translators: 1: Position in content 2: Name of the custom post type */
657
  __( 'Display at the %1$s of %2$s', 'add-to-any' ),
1103
  $admin_services_saved = isset( $_POST['A2A_SHARE_SAVE_active_services'] ) && isset( $_POST['Submit'] );
1104
 
1105
  if ( $admin_services_saved ) {
1106
+ $active_services = isset( $_POST['A2A_SHARE_SAVE_active_services'] ) ? array_map( 'sanitize_text_field', $_POST['A2A_SHARE_SAVE_active_services'] ) : array();
1107
  } elseif ( ! $admin_services_saved && isset( $options['active_services'] ) ) {
1108
  $active_services = $options['active_services'];
1109
  } else {
1111
  $active_services = array( 'facebook', 'twitter', 'email' );
1112
  }
1113
 
1114
+ $active_services_for_js = array();
1115
+ $service_options_for_js = array();
 
 
 
1116
  foreach ($active_services as $service) {
1117
  if ( $admin_services_saved )
1118
  $service = substr( $service, 7 ); // Remove a2a_wp_
1119
+ $active_services_for_js[] = $service;
 
 
1120
 
1121
  // AddToAny counter enabled?
1122
  if ( in_array( $service, array( 'pinterest', 'reddit', 'tumblr', ) ) ) {
1126
  && isset( $options['special_' . $service . '_options']['show_count'] )
1127
  && $options['special_' . $service . '_options']['show_count'] == '1'
1128
  ) {
1129
+ $service_options_for_js[$service]['show_count'] = 1;
1130
  }
1131
  }
1132
  }
1133
  ?>
 
 
1134
 
1135
+ var services = <?php echo wp_json_encode( $active_services_for_js ); ?>;
 
 
1136
 
1137
+ <?php
1138
  if ( isset( $_POST['addtoany_facebook_like_verb'] ) && $_POST['addtoany_facebook_like_verb'] == 'recommend'
1139
  || ! isset( $_POST['addtoany_facebook_like_verb'] )
1140
  && isset( $options['special_facebook_like_options'] ) && isset( $options['special_facebook_like_options']['verb'] )
1141
+ && $options['special_facebook_like_options']['verb'] == 'recommend'
1142
+ ) {
1143
+ $service_options_for_js['facebook_like']['verb'] = 'recommend';
1144
  }
1145
  if ( isset( $_POST['addtoany_facebook_like_show_count'] ) && $_POST['addtoany_facebook_like_show_count'] == '1'
1146
  || ! isset( $_POST['addtoany_facebook_like_show_count'] )
1147
  && isset( $options['special_facebook_like_options'] ) && isset( $options['special_facebook_like_options']['show_count'] )
1148
+ && $options['special_facebook_like_options']['show_count'] == '1'
1149
+ ){
1150
+ $service_options_for_js['facebook_like']['show_count'] = 1;
1151
  }
1152
  if ( isset( $_POST['addtoany_pinterest_pin_show_count'] ) && $_POST['addtoany_pinterest_pin_show_count'] == '1'
1153
  || ! isset( $_POST['addtoany_pinterest_pin_show_count'] )
1154
  && isset( $options['special_pinterest_pin_options'] ) && isset( $options['special_pinterest_pin_options']['show_count'] )
1155
+ && $options['special_pinterest_pin_options']['show_count'] == '1'
1156
+ ) {
1157
+ $service_options_for_js['pinterest_pin']['show_count'] = 1;
1158
  }
1159
  ?>
1160
+
1161
+ var service_options = <?php echo wp_json_encode( $service_options_for_js ); ?>;
1162
 
1163
  jQuery.each(services, function(i, val) {
1164
  try {
addtoany.compat.php CHANGED
@@ -1,4 +1,54 @@
1
  <?php
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
 
3
  /**
4
  * Load theme compatibility functions.
1
  <?php
2
+
3
+ /**
4
+ * Strips out disallowed HTML using wp_kses_post() while temporarily allowing some additional CSS in a style attribute.
5
+ */
6
+ function addtoany_kses( $string ) {
7
+ /**
8
+ * Temporarily allow specific CSS properties in a `style` attribute.
9
+ * @since WordPress 2.8.1
10
+ */
11
+ add_filter( 'safe_style_css', 'addtoany_kses_allow_css_properties' );
12
+
13
+ /**
14
+ * Temporarily allow specific CSS declarations in a `style` attribute.
15
+ * @since WordPress 5.5.0
16
+ */
17
+ add_filter( 'safecss_filter_attr_allow_css', 'addtoany_kses_allow_css_declarations', 10, 2 );
18
+
19
+ // Strip out any disallowed HTML.
20
+ $string = wp_kses_post( $string );
21
+
22
+ // Revert kses filters to originals.
23
+ remove_filter( 'safe_style_css', 'allow_css_properties' );
24
+ remove_filter( 'safecss_filter_attr_allow_css', 'addtoany_kses_allow_css_declarations', 10, 2 );
25
+
26
+ return $string;
27
+ }
28
+
29
+ /**
30
+ * Allows some additional CSS properties in a `style` attribute.
31
+ */
32
+ function addtoany_kses_allow_css_properties( $props ) {
33
+ $props[] = 'bottom';
34
+ $props[] = 'left';
35
+ $props[] = 'right';
36
+ $props[] = 'top';
37
+ $props[] = 'transform';
38
+ return $props;
39
+ }
40
+
41
+ /**
42
+ * Allows additional CSS declarations for specific properties in a `style` attribute.
43
+ */
44
+ function addtoany_kses_allow_css_declarations( $allow_css, $css_test_string ) {
45
+ $parts = explode( ':', $css_test_string, 2 );
46
+ if ( 'transform' === $parts[0] ) {
47
+ // Allow translateX or translateY with a percentage value.
48
+ return ! ! preg_match( '/^translate[X|Y]\(-?\d{1,6}%\)$/', trim( $parts[1] ) );
49
+ }
50
+ return $allow_css;
51
+ }
52
 
53
  /**
54
  * Load theme compatibility functions.
addtoany.widgets.php CHANGED
@@ -81,8 +81,8 @@ class A2A_SHARE_SAVE_Widget extends WP_Widget {
81
  $title = isset( $instance ) && ! empty( $instance['title'] ) ? __( $instance['title'] ) : '';
82
  ?>
83
  <p>
84
- <label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
85
- <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php esc_attr_e( $title ); ?>" />
86
  </p>
87
  <p>
88
  <a href="options-general.php?page=addtoany"><?php _e('AddToAny Settings', 'add-to-any'); ?>...</a>
@@ -207,12 +207,12 @@ class A2A_Follow_Widget extends WP_Widget {
207
 
208
  ?>
209
  <p>
210
- <label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
211
- <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php esc_attr_e( $title ); ?>" />
212
  </p>
213
  <p>
214
- <label for="<?php echo $this->get_field_id( 'icon_size' ); ?>"><?php _e( 'Icon Size:', 'add-to-any' ); ?></label>
215
- <input class="widefat" id="<?php echo $this->get_field_id( 'icon_size' ); ?>" name="<?php echo $this->get_field_name( 'icon_size' ); ?>" type="number" max="300" min="10" maxlength="3" step="2" oninput="if(this.value.length > 3) this.value=this.value.slice(0, 3)" placeholder="32" value="<?php esc_attr_e( $icon_size ); ?>">
216
  <small>Pixels</small>
217
  </p>
218
  <?php foreach ( $services as $code => $service ) :
@@ -221,8 +221,8 @@ class A2A_Follow_Widget extends WP_Widget {
221
  $label_text = 'feed' == $code ? sprintf( __('%s URL:'), $service['name'] ) : sprintf( __('%s ID:'), $service['name'] );
222
  ?>
223
  <p>
224
- <label for="<?php echo $this->get_field_id( $code_id ); ?>"><?php echo $label_text; ?></label>
225
- <input class="widefat" id="<?php echo $this->get_field_id( $code_id ); ?>" name="<?php echo $this->get_field_name( $code_id ); ?>" type="text" value="<?php esc_attr_e( $id_value ); ?>">
226
  <br>
227
  <small><?php echo wp_kses_post( str_replace( '${id}', '<u>ID</u>', $service['href'] ) ); ?></small>
228
  </p>
81
  $title = isset( $instance ) && ! empty( $instance['title'] ) ? __( $instance['title'] ) : '';
82
  ?>
83
  <p>
84
+ <label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Title:' ); ?></label>
85
+ <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" />
86
  </p>
87
  <p>
88
  <a href="options-general.php?page=addtoany"><?php _e('AddToAny Settings', 'add-to-any'); ?>...</a>
207
 
208
  ?>
209
  <p>
210
+ <label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Title:' ); ?></label>
211
+ <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" />
212
  </p>
213
  <p>
214
+ <label for="<?php echo esc_attr( $this->get_field_id( 'icon_size' ) ); ?>"><?php _e( 'Icon Size:', 'add-to-any' ); ?></label>
215
+ <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'icon_size' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'icon_size' ) ); ?>" type="number" max="300" min="10" maxlength="3" step="2" oninput="if(this.value.length > 3) this.value=this.value.slice(0, 3)" placeholder="32" value="<?php echo esc_attr( $icon_size ); ?>">
216
  <small>Pixels</small>
217
  </p>
218
  <?php foreach ( $services as $code => $service ) :
221
  $label_text = 'feed' == $code ? sprintf( __('%s URL:'), $service['name'] ) : sprintf( __('%s ID:'), $service['name'] );
222
  ?>
223
  <p>
224
+ <label for="<?php echo esc_attr( $this->get_field_id( $code_id ) ); ?>"><?php echo esc_attr( $label_text ); ?></label>
225
+ <input class="widefat" id="<?php echo esc_attr( $this->get_field_id( $code_id ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( $code_id ) ); ?>" type="text" value="<?php echo esc_attr( $id_value ); ?>">
226
  <br>
227
  <small><?php echo wp_kses_post( str_replace( '${id}', '<u>ID</u>', $service['href'] ) ); ?></small>
228
  </p>