All in One SEO Pack - Version 3.6.2

Version Description

Download this release

Release Info

Developer benjaminprojas
Plugin Icon 128x128 All in One SEO Pack
Version 3.6.2
Comparing to
See all releases

Code changes from version 3.6.1 to 3.6.2

Files changed (7) hide show
  1. admin/aioseop_module_class.php +7 -2
  2. aioseop_class.php +15 -17
  3. all_in_one_seo_pack.php +1 -1
  4. inc/aioseop_functions.php +3 -2
  5. js/admin/aioseop-quickedit.js +16 -1
  6. modules/aioseop_opengraph.php +5 -0
  7. readme.txt +1 -1
admin/aioseop_module_class.php CHANGED
@@ -2340,6 +2340,11 @@ if ( ! class_exists( 'All_in_One_SEO_Pack_Module' ) ) {
2340
  }
2341
  $prefix = $this->get_prefix( $k );
2342
  $options = apply_filters( $prefix . 'filter_metabox_options', $options, $k, $post_id );
 
 
 
 
 
2343
  update_post_meta( $post_id, '_' . $prefix . $k, $options );
2344
  }
2345
  }
@@ -2530,7 +2535,7 @@ if ( ! class_exists( 'All_in_One_SEO_Pack_Module' ) ) {
2530
  break;
2531
  case 'textarea':
2532
  // #1363: prevent characters like ampersand in title and description (in social meta module) from getting changed to &
2533
- if ( in_array( $name, array( 'aiosp_opengraph_hometitle', 'aiosp_opengraph_description' ), true ) ) {
2534
  $value = htmlspecialchars_decode( $value, ENT_QUOTES );
2535
  }
2536
  $buf .= "<textarea name='$name' $attr>$value</textarea>";
@@ -2586,7 +2591,7 @@ if ( ! class_exists( 'All_in_One_SEO_Pack_Module' ) ) {
2586
  wp_enqueue_script( 'jquery-ui-datepicker' );
2587
  // fall through.
2588
  default:
2589
- $buf .= "<input name='" . esc_attr( $name ) . "' type='" . esc_attr( $options['type'] ) . "' " . wp_kses( $attr, wp_kses_allowed_html( 'data' ) ) . " value='" . esc_attr( $value ) . "' autocomplete='aioseop-" . time() . "'>\n";
2590
  }
2591
 
2592
  // TODO Maybe Change/Add a function for SEO character count.
2340
  }
2341
  $prefix = $this->get_prefix( $k );
2342
  $options = apply_filters( $prefix . 'filter_metabox_options', $options, $k, $post_id );
2343
+ foreach ( $options as $option ) {
2344
+ if ( is_string( $option ) ) {
2345
+ $option = esc_html( $option );
2346
+ }
2347
+ }
2348
  update_post_meta( $post_id, '_' . $prefix . $k, $options );
2349
  }
2350
  }
2535
  break;
2536
  case 'textarea':
2537
  // #1363: prevent characters like ampersand in title and description (in social meta module) from getting changed to &amp;
2538
+ if ( in_array( $name, array( 'aiosp_description', 'aiosp_opengraph_hometitle', 'aiosp_opengraph_description' ), true ) ) {
2539
  $value = htmlspecialchars_decode( $value, ENT_QUOTES );
2540
  }
2541
  $buf .= "<textarea name='$name' $attr>$value</textarea>";
2591
  wp_enqueue_script( 'jquery-ui-datepicker' );
2592
  // fall through.
2593
  default:
2594
+ $buf .= "<input name='" . esc_attr( $name ) . "' type='" . esc_attr( $options['type'] ) . "' " . wp_kses( $attr, wp_kses_allowed_html( 'data' ) ) . " value='" . htmlspecialchars_decode( $value ) . "' autocomplete='aioseop-" . time() . "'>\n";
2595
  }
2596
 
2597
  // TODO Maybe Change/Add a function for SEO character count.
aioseop_class.php CHANGED
@@ -229,8 +229,6 @@ class All_in_One_SEO_Pack extends All_in_One_SEO_Pack_Module {
229
  $blog_name = esc_attr( get_bloginfo( 'name' ) );
230
  parent::__construct();
231
 
232
- $this->checkIfLicensed();
233
-
234
  $this->default_options = array(
235
  'license_key' => array(
236
  /* translators: This is a setting where users can enter their license code for All in One SEO Pack Pro. */
@@ -4213,6 +4211,7 @@ class All_in_One_SEO_Pack extends All_in_One_SEO_Pack_Module {
4213
  if ( current_user_can( 'update_plugins' ) ) {
4214
  add_action( 'admin_notices', array( $aioseop_update_checker, 'key_warning' ) );
4215
  }
 
4216
  add_action( 'after_plugin_row_' . AIOSEOP_PLUGIN_BASENAME, array( $aioseop_update_checker, 'add_plugin_row' ) );
4217
  }
4218
  } else {
@@ -5106,6 +5105,10 @@ class All_in_One_SEO_Pack extends All_in_One_SEO_Pack_Module {
5106
 
5107
  foreach ( $optlist as $optionName ) {
5108
  $value = isset( $_POST[ "aiosp_$optionName" ] ) ? $_POST[ "aiosp_$optionName" ] : '';
 
 
 
 
5109
  update_post_meta( $id, "_aioseop_$optionName", $value );
5110
  }
5111
  }
@@ -5396,6 +5399,10 @@ class All_in_One_SEO_Pack extends All_in_One_SEO_Pack_Module {
5396
 
5397
  foreach ( $optlist as $optionName ) {
5398
  $value = isset( $_POST[ "aiosp_$optionName" ] ) ? $_POST[ "aiosp_$optionName" ] : '';
 
 
 
 
5399
  update_term_meta( $id, "_aioseop_$optionName", $value );
5400
  }
5401
  }
@@ -5635,19 +5642,6 @@ class All_in_One_SEO_Pack extends All_in_One_SEO_Pack_Module {
5635
  }
5636
  // Decode entities.
5637
  $value = $this->html_entity_decode( $value );
5638
- $value = preg_replace(
5639
- array(
5640
- '#<a.*?>([^>]*)</a>#i', // Remove link but keep anchor text.
5641
- '@(https?://([-\w\.]+[-\w])+(:\d+)?(/([\w/_\.#-]*(\?\S+)?[^\.\s])?)?)@', // Remove URLs.
5642
- ),
5643
- array(
5644
- '$1', // Replacement link's anchor text.
5645
- '', // Replacement URLs.
5646
- ),
5647
- $value
5648
- );
5649
- // Strip html.
5650
- $value = wp_strip_all_tags( $value );
5651
  // External trim.
5652
  $value = trim( $value );
5653
  // Internal whitespace trim.
@@ -5803,9 +5797,13 @@ class All_in_One_SEO_Pack extends All_in_One_SEO_Pack_Module {
5803
  *
5804
  * @return void
5805
  */
5806
- private function checkIfLicensed() {
5807
  global $aioseop_options;
5808
- if ( ! $aioseop_options['aiosp_license_key'] ) {
 
 
 
 
5809
  if ( isset( $aioseop_options['addons'] ) ) {
5810
  $aioseop_options['addons'] = '';
5811
  }
229
  $blog_name = esc_attr( get_bloginfo( 'name' ) );
230
  parent::__construct();
231
 
 
 
232
  $this->default_options = array(
233
  'license_key' => array(
234
  /* translators: This is a setting where users can enter their license code for All in One SEO Pack Pro. */
4211
  if ( current_user_can( 'update_plugins' ) ) {
4212
  add_action( 'admin_notices', array( $aioseop_update_checker, 'key_warning' ) );
4213
  }
4214
+ add_action( 'admin_init', array( $this, 'checkIfLicensed' ) );
4215
  add_action( 'after_plugin_row_' . AIOSEOP_PLUGIN_BASENAME, array( $aioseop_update_checker, 'add_plugin_row' ) );
4216
  }
4217
  } else {
5105
 
5106
  foreach ( $optlist as $optionName ) {
5107
  $value = isset( $_POST[ "aiosp_$optionName" ] ) ? $_POST[ "aiosp_$optionName" ] : '';
5108
+
5109
+ if ( is_string( $value) ) {
5110
+ $value = esc_html( $value );
5111
+ }
5112
  update_post_meta( $id, "_aioseop_$optionName", $value );
5113
  }
5114
  }
5399
 
5400
  foreach ( $optlist as $optionName ) {
5401
  $value = isset( $_POST[ "aiosp_$optionName" ] ) ? $_POST[ "aiosp_$optionName" ] : '';
5402
+
5403
+ if ( is_string( $value) ) {
5404
+ $value = esc_html( $value );
5405
+ }
5406
  update_term_meta( $id, "_aioseop_$optionName", $value );
5407
  }
5408
  }
5642
  }
5643
  // Decode entities.
5644
  $value = $this->html_entity_decode( $value );
 
 
 
 
 
 
 
 
 
 
 
 
 
5645
  // External trim.
5646
  $value = trim( $value );
5647
  // Internal whitespace trim.
5797
  *
5798
  * @return void
5799
  */
5800
+ public function checkIfLicensed() {
5801
  global $aioseop_options;
5802
+ if ( ! isset( $aioseop_options['aiosp_license_key'] ) ) {
5803
+ return;
5804
+ }
5805
+
5806
+ if ( empty( $aioseop_options['aiosp_license_key'] ) ) {
5807
  if ( isset( $aioseop_options['addons'] ) ) {
5808
  $aioseop_options['addons'] = '';
5809
  }
all_in_one_seo_pack.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: All In One SEO Pack
4
  Plugin URI: https://semperplugins.com/all-in-one-seo-pack-pro-version/
5
  Description: Out-of-the-box SEO for WordPress. Features like XML Sitemaps, SEO for custom post types, SEO for blogs or business sites, SEO for ecommerce sites, and much more. More than 50 million downloads since 2007.
6
- Version: 3.6.1
7
  Author: All in One SEO Team
8
  Author URI: https://semperplugins.com/all-in-one-seo-pack-pro-version/
9
  Text Domain: all-in-one-seo-pack
3
  Plugin Name: All In One SEO Pack
4
  Plugin URI: https://semperplugins.com/all-in-one-seo-pack-pro-version/
5
  Description: Out-of-the-box SEO for WordPress. Features like XML Sitemaps, SEO for custom post types, SEO for blogs or business sites, SEO for ecommerce sites, and much more. More than 50 million downloads since 2007.
6
+ Version: 3.6.2
7
  Author: All in One SEO Team
8
  Author URI: https://semperplugins.com/all-in-one-seo-pack-pro-version/
9
  Text Domain: all-in-one-seo-pack
inc/aioseop_functions.php CHANGED
@@ -840,11 +840,12 @@ if ( ! function_exists( 'render_seo_column' ) ) {
840
  }
841
  }
842
 
 
843
  if ( empty( $value ) ) {
844
  $value = sprintf( '<strong>%s</strong>', sprintf( __( 'No value', 'all-in-one-seo-pack' ), str_replace( '_', ' ', $name ) ) );
845
  }
846
 
847
- $span = "<span id='aioseop_{$column_name}_{$post_id}_value'>" . trim( $value ) . '</span>';
848
  $nonce = wp_create_nonce( "aioseop_meta_{$column_name}_{$post_id}" );
849
 
850
  ?>
@@ -920,7 +921,7 @@ if ( ! function_exists( 'aioseop_ajax_save_meta' ) ) {
920
  }
921
  }
922
 
923
- update_post_meta( $post_id, $key, $value );
924
  }
925
  }
926
 
840
  }
841
  }
842
 
843
+ $value = esc_html( trim( $value ) );
844
  if ( empty( $value ) ) {
845
  $value = sprintf( '<strong>%s</strong>', sprintf( __( 'No value', 'all-in-one-seo-pack' ), str_replace( '_', ' ', $name ) ) );
846
  }
847
 
848
+ $span = "<span id='aioseop_{$column_name}_{$post_id}_value'>" . $value . '</span>';
849
  $nonce = wp_create_nonce( "aioseop_meta_{$column_name}_{$post_id}" );
850
 
851
  ?>
921
  }
922
  }
923
 
924
+ update_post_meta( $post_id, $key, esc_html( $value ) );
925
  }
926
  }
927
 
js/admin/aioseop-quickedit.js CHANGED
@@ -72,6 +72,8 @@ var aioseopQuickEdit;
72
  * @param Object previousElements The initial column elements (dashicon + span).
73
  */
74
  handle_post_meta: function(postId, value, columnName, nonce, previousElements) {
 
 
75
  let field = $(`div#aioseop_${columnName}_${postId}`);
76
 
77
  let message = document.createElement('span');
@@ -124,7 +126,20 @@ var aioseopQuickEdit;
124
  });
125
  });
126
  });
127
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
128
  }
129
 
130
  })(jQuery);
72
  * @param Object previousElements The initial column elements (dashicon + span).
73
  */
74
  handle_post_meta: function(postId, value, columnName, nonce, previousElements) {
75
+ value = aioseopQuickEdit.sanitize(value);
76
+
77
  let field = $(`div#aioseop_${columnName}_${postId}`);
78
 
79
  let message = document.createElement('span');
126
  });
127
  });
128
  });
129
+ },
130
+
131
+ sanitize: function (string) {
132
+ const map = {
133
+ '&': '&amp;',
134
+ '<': '&lt;',
135
+ '>': '&gt;',
136
+ '"': '&quot;',
137
+ "'": '&#x27;',
138
+ "/": '&#x2F;',
139
+ };
140
+ const reg = /[&<>"'/]/ig;
141
+ return string.replace(reg, (match)=>(map[match]));
142
+ }
143
  }
144
 
145
  })(jQuery);
modules/aioseop_opengraph.php CHANGED
@@ -2004,6 +2004,11 @@ if ( ! class_exists( 'All_in_One_SEO_Pack_Opengraph' ) ) {
2004
  if ( $update ) {
2005
  $prefix = $this->get_prefix( $k );
2006
  $options = apply_filters( $prefix . 'filter_term_metabox_options', $options, $k, $term_id );
 
 
 
 
 
2007
  update_term_meta( $term_id, '_' . $prefix . $k, $options );
2008
  }
2009
  }
2004
  if ( $update ) {
2005
  $prefix = $this->get_prefix( $k );
2006
  $options = apply_filters( $prefix . 'filter_term_metabox_options', $options, $k, $term_id );
2007
+ foreach ( $options as $option ) {
2008
+ if ( is_string( $option ) ) {
2009
+ $option = esc_html( $option );
2010
+ }
2011
+ }
2012
  update_term_meta( $term_id, '_' . $prefix . $k, $options );
2013
  }
2014
  }
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: semperplugins, smub, benjaminprojas
3
  Tags: SEO, Google Search Console, XML Sitemap, meta description, meta title, noindex
4
  Requires at least: 4.9
5
  Tested up to: 5.4.2
6
- Stable tag: 3.6.1
7
  License: GPLv2 or later
8
  Requires PHP: 5.2.4
9
 
3
  Tags: SEO, Google Search Console, XML Sitemap, meta description, meta title, noindex
4
  Requires at least: 4.9
5
  Tested up to: 5.4.2
6
+ Stable tag: 3.6.2
7
  License: GPLv2 or later
8
  Requires PHP: 5.2.4
9