Version Description
- fix / update security issue
- check with latest wordpress version 5.9.2
- fix security issue (Admin + Stored XSS)
Download this release
Release Info
| Developer | cybernetikz |
| Plugin |  Easy Social Icons |
| Version | 3.2.0 |
| Comparing to | |
| See all releases | |
Code changes from version 3.1.4 to 3.2.0
- easy-social-icons.php +86 -44
- readme.txt +7 -2
easy-social-icons.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Easy Social Icons
|
| 4 |
Plugin URI: http://www.cybernetikz.com
|
| 5 |
Description: You can upload your own social icon, set your social URL, choose weather you want to display vertical or horizontal. You can use the shortcode <strong>[cn-social-icon]</strong> in page/post, template tag for php file <strong><?php if ( function_exists('cn_social_icon') ) echo cn_social_icon(); ?></strong> also you can use the widget <strong>"Easy Social Icons"</strong> for sidebar.
|
| 6 |
-
Version: 3.
|
| 7 |
Author: cybernetikz
|
| 8 |
Author URI: http://www.cybernetikz.com
|
| 9 |
License: GPL2
|
|
@@ -225,14 +225,53 @@ function cnss_original_icon_color_fn($value) {
|
|
| 225 |
return $value==''?'0':$value;
|
| 226 |
}
|
| 227 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 228 |
function cnss_social_icon_option_fn() {
|
| 229 |
|
| 230 |
-
$cnss_width = get_option('cnss-width');
|
| 231 |
-
$cnss_height = get_option('cnss-height');
|
| 232 |
-
$cnss_margin = get_option('cnss-margin');
|
| 233 |
-
$cnss_rows = get_option('cnss-row-count');
|
| 234 |
-
$vorh = get_option('cnss-vertical-horizontal');
|
| 235 |
-
$text_align = get_option('cnss-text-align');
|
| 236 |
$social_profile_links = get_option('cnss-social-profile-links');
|
| 237 |
$social_profile_type = get_option('cnss-social-profile-type');
|
| 238 |
$icon_bg_color = get_option('cnss-icon-bg-color');
|
|
@@ -579,12 +618,12 @@ function cnss_process_post() {
|
|
| 579 |
$results = $wpdb->insert(
|
| 580 |
$table_name,
|
| 581 |
array(
|
| 582 |
-
'title' =>
|
| 583 |
-
'url' =>
|
| 584 |
'image_url' => sanitize_text_field($_POST['image_file']),
|
| 585 |
-
'sortorder' =>
|
| 586 |
'date_upload' => time(),
|
| 587 |
-
'target' =>
|
| 588 |
),
|
| 589 |
array(
|
| 590 |
'%s',
|
|
@@ -646,12 +685,12 @@ function cnss_process_post() {
|
|
| 646 |
$result3 = $wpdb->update(
|
| 647 |
$table_name,
|
| 648 |
array(
|
| 649 |
-
'title' =>
|
| 650 |
-
'url' =>
|
| 651 |
'image_url' => sanitize_text_field($_POST['image_file']),
|
| 652 |
-
'sortorder' =>
|
| 653 |
'date_upload' => time(),
|
| 654 |
-
'target' =>
|
| 655 |
),
|
| 656 |
array( 'id' => sanitize_text_field($_POST['id']) ),
|
| 657 |
array(
|
|
@@ -681,8 +720,8 @@ function cnss_process_post() {
|
|
| 681 |
function cnss_social_icon_sort_fn() {
|
| 682 |
global $wpdb,$cnssBaseURL;
|
| 683 |
|
| 684 |
-
$cnss_width = get_option('cnss-width');
|
| 685 |
-
$cnss_height = get_option('cnss-height');
|
| 686 |
|
| 687 |
$image_file_path = $cnssBaseURL;
|
| 688 |
$icons = cnss_get_all_icons();
|
|
@@ -773,16 +812,19 @@ function cnss_get_icon_html($url = '', $title = '', $width = '', $height = '', $
|
|
| 773 |
return '<span>Input source invalid.</span>';
|
| 774 |
}
|
| 775 |
|
| 776 |
-
$
|
| 777 |
-
$
|
|
|
|
| 778 |
$icon_output_html = '';
|
| 779 |
|
| 780 |
if ( cnss_is_image_icon($url) ) {
|
|
|
|
| 781 |
$imgStyle = '';
|
| 782 |
$imgStyle .= ($margin == '') ? '' : 'margin:'.$margin.'px;';
|
| 783 |
$imgStyle .= ($width == $height) ? '' : 'height:'.$height.'px;';
|
| 784 |
$icon_output_html = '<img src="'.cnss_get_img_url($url).'" border="0" width="'.$width.'" height="'.$height.'" alt="'.$title.'" title="'.$title.'" style="'.$imgStyle.'" />';
|
| 785 |
} else {
|
|
|
|
| 786 |
$icon_output_html = '<i title="'.$title.'" style="font-size:'.$width.'px;" class="'.$url.'"></i>';
|
| 787 |
}
|
| 788 |
return $icon_output_html;
|
|
@@ -862,8 +904,8 @@ function cnss_social_icon_add_fn() {
|
|
| 862 |
"https://yahoo.com/" => "Yahoo"
|
| 863 |
);
|
| 864 |
|
| 865 |
-
$cnss_width = get_option('cnss-width');
|
| 866 |
-
$cnss_height = get_option('cnss-height');
|
| 867 |
$blank_img = "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7";
|
| 868 |
|
| 869 |
if (isset($_GET['mode'])) {
|
|
@@ -1049,8 +1091,8 @@ function cnss_social_icon_page_fn() {
|
|
| 1049 |
|
| 1050 |
global $wpdb,$cnssBaseURL;
|
| 1051 |
|
| 1052 |
-
$cnss_width = get_option('cnss-width');
|
| 1053 |
-
$cnss_height = get_option('cnss-height');
|
| 1054 |
|
| 1055 |
$image_file_path = $cnssBaseURL;
|
| 1056 |
$icons = cnss_get_all_icons();
|
|
@@ -1137,11 +1179,11 @@ function cnss_social_icon_page_fn() {
|
|
| 1137 |
|
| 1138 |
function cnss_social_icon_table() {
|
| 1139 |
|
| 1140 |
-
$cnss_width = get_option('cnss-width');
|
| 1141 |
-
$cnss_height = get_option('cnss-height');
|
| 1142 |
-
$cnss_margin = get_option('cnss-margin');
|
| 1143 |
-
$cnss_rows = get_option('cnss-row-count');
|
| 1144 |
-
$vorh = get_option('cnss-vertical-horizontal');
|
| 1145 |
|
| 1146 |
global $wpdb,$cnssBaseURL;
|
| 1147 |
$table_name = $wpdb->prefix . "cn_social_icon";
|
|
@@ -1209,12 +1251,12 @@ function cn_social_icon($attr = array(), $call_from_widget = NULL) {
|
|
| 1209 |
}
|
| 1210 |
}
|
| 1211 |
|
| 1212 |
-
$cnss_width = isset($attr['width'])?$attr['width']:get_option('cnss-width');
|
| 1213 |
-
$cnss_height = isset($attr['height'])?$attr['height']:get_option('cnss-height');
|
| 1214 |
-
$cnss_margin = isset($attr['margin'])?$attr['margin']:get_option('cnss-margin');
|
| 1215 |
-
$cnss_rows = get_option('cnss-row-count');
|
| 1216 |
-
$vorh = isset($attr['display'])?$attr['display']:get_option('cnss-vertical-horizontal');
|
| 1217 |
-
$text_align = isset($attr['alignment'])?$attr['alignment']:get_option('cnss-text-align');
|
| 1218 |
|
| 1219 |
// settings for font-awesome icons
|
| 1220 |
$icon_bg_color = cnss_get_option('cnss-icon-bg-color');
|
|
@@ -1276,8 +1318,8 @@ function cnss_social_icon_sc( $selected_icons_array = array() ) {
|
|
| 1276 |
|
| 1277 |
global $wpdb,$cnssBaseURL;
|
| 1278 |
|
| 1279 |
-
$cnss_width = get_option('cnss-width');
|
| 1280 |
-
$cnss_height = get_option('cnss-height');
|
| 1281 |
$image_file_path = $cnssBaseURL;
|
| 1282 |
|
| 1283 |
$icons = cnss_get_all_icons();
|
|
@@ -1343,12 +1385,12 @@ class Cnss_Widget extends WP_Widget {
|
|
| 1343 |
|
| 1344 |
public function form( $instance ) {
|
| 1345 |
|
| 1346 |
-
$cnss_width = get_option('cnss-width');
|
| 1347 |
-
$cnss_height = get_option('cnss-height');
|
| 1348 |
-
$cnss_margin = get_option('cnss-margin');
|
| 1349 |
-
$cnss_rows = get_option('cnss-row-count');
|
| 1350 |
-
$vorh = get_option('cnss-vertical-horizontal');
|
| 1351 |
-
$text_align = get_option('cnss-text-align');
|
| 1352 |
|
| 1353 |
if ( isset( $instance[ 'title' ] ) ) {
|
| 1354 |
$title = $instance[ 'title' ];
|
|
@@ -1415,8 +1457,8 @@ class Cnss_Widget extends WP_Widget {
|
|
| 1415 |
|
| 1416 |
global $wpdb,$cnssBaseURL;
|
| 1417 |
|
| 1418 |
-
$cnss_width = get_option('cnss-width');
|
| 1419 |
-
$cnss_height = get_option('cnss-height');
|
| 1420 |
$image_file_path = $cnssBaseURL;
|
| 1421 |
|
| 1422 |
$icons = cnss_get_all_icons();
|
| 3 |
Plugin Name: Easy Social Icons
|
| 4 |
Plugin URI: http://www.cybernetikz.com
|
| 5 |
Description: You can upload your own social icon, set your social URL, choose weather you want to display vertical or horizontal. You can use the shortcode <strong>[cn-social-icon]</strong> in page/post, template tag for php file <strong><?php if ( function_exists('cn_social_icon') ) echo cn_social_icon(); ?></strong> also you can use the widget <strong>"Easy Social Icons"</strong> for sidebar.
|
| 6 |
+
Version: 3.2.0
|
| 7 |
Author: cybernetikz
|
| 8 |
Author URI: http://www.cybernetikz.com
|
| 9 |
License: GPL2
|
| 225 |
return $value==''?'0':$value;
|
| 226 |
}
|
| 227 |
|
| 228 |
+
function jsEscape($str) {
|
| 229 |
+
$output = '';
|
| 230 |
+
$str = str_split($str);
|
| 231 |
+
for($i=0;$i<count($str);$i++) {
|
| 232 |
+
$chrNum = ord($str[$i]);
|
| 233 |
+
$chr = $str[$i];
|
| 234 |
+
if($chrNum === 226) {
|
| 235 |
+
if(isset($str[$i+1]) && ord($str[$i+1]) === 128) {
|
| 236 |
+
if(isset($str[$i+2]) && ord($str[$i+2]) === 168) {
|
| 237 |
+
$output .= '\u2028';
|
| 238 |
+
$i += 2;
|
| 239 |
+
continue;
|
| 240 |
+
}
|
| 241 |
+
if(isset($str[$i+2]) && ord($str[$i+2]) === 169) {
|
| 242 |
+
$output .= '\u2029';
|
| 243 |
+
$i += 2;
|
| 244 |
+
continue;
|
| 245 |
+
}
|
| 246 |
+
}
|
| 247 |
+
}
|
| 248 |
+
switch($chr) {
|
| 249 |
+
case "'":
|
| 250 |
+
case '"':
|
| 251 |
+
case "\n";
|
| 252 |
+
case "\r";
|
| 253 |
+
case "&";
|
| 254 |
+
case "\\";
|
| 255 |
+
case "<":
|
| 256 |
+
case ">":
|
| 257 |
+
$output .= sprintf("\\u%04x", $chrNum);
|
| 258 |
+
break;
|
| 259 |
+
default:
|
| 260 |
+
$output .= $str[$i];
|
| 261 |
+
break;
|
| 262 |
+
}
|
| 263 |
+
}
|
| 264 |
+
return $output;
|
| 265 |
+
}
|
| 266 |
+
|
| 267 |
function cnss_social_icon_option_fn() {
|
| 268 |
|
| 269 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 270 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 271 |
+
$cnss_margin = esc_attr(get_option('cnss-margin'));
|
| 272 |
+
$cnss_rows = esc_attr(get_option('cnss-row-count'));
|
| 273 |
+
$vorh = esc_attr(get_option('cnss-vertical-horizontal'));
|
| 274 |
+
$text_align = esc_attr(get_option('cnss-text-align'));
|
| 275 |
$social_profile_links = get_option('cnss-social-profile-links');
|
| 276 |
$social_profile_type = get_option('cnss-social-profile-type');
|
| 277 |
$icon_bg_color = get_option('cnss-icon-bg-color');
|
| 618 |
$results = $wpdb->insert(
|
| 619 |
$table_name,
|
| 620 |
array(
|
| 621 |
+
'title' => sanitize_title($_POST['title']),
|
| 622 |
+
'url' => esc_url_raw($_POST['url']),
|
| 623 |
'image_url' => sanitize_text_field($_POST['image_file']),
|
| 624 |
+
'sortorder' => sanitize_sql_orderby($_POST['sortorder']),
|
| 625 |
'date_upload' => time(),
|
| 626 |
+
'target' => sanitize_sql_orderby($_POST['target']),
|
| 627 |
),
|
| 628 |
array(
|
| 629 |
'%s',
|
| 685 |
$result3 = $wpdb->update(
|
| 686 |
$table_name,
|
| 687 |
array(
|
| 688 |
+
'title' => sanitize_title($_POST['title']),
|
| 689 |
+
'url' => esc_url_raw($_POST['url']),
|
| 690 |
'image_url' => sanitize_text_field($_POST['image_file']),
|
| 691 |
+
'sortorder' => sanitize_sql_orderby($_POST['sortorder']),
|
| 692 |
'date_upload' => time(),
|
| 693 |
+
'target' => sanitize_sql_orderby($_POST['target']),
|
| 694 |
),
|
| 695 |
array( 'id' => sanitize_text_field($_POST['id']) ),
|
| 696 |
array(
|
| 720 |
function cnss_social_icon_sort_fn() {
|
| 721 |
global $wpdb,$cnssBaseURL;
|
| 722 |
|
| 723 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 724 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 725 |
|
| 726 |
$image_file_path = $cnssBaseURL;
|
| 727 |
$icons = cnss_get_all_icons();
|
| 812 |
return '<span>Input source invalid.</span>';
|
| 813 |
}
|
| 814 |
|
| 815 |
+
$title = esc_attr($title);
|
| 816 |
+
$width = ($width=='') ? esc_attr(get_option('cnss-width')) : $width;
|
| 817 |
+
$height = ($height=='') ? esc_attr(get_option('cnss-height')) : $height;
|
| 818 |
$icon_output_html = '';
|
| 819 |
|
| 820 |
if ( cnss_is_image_icon($url) ) {
|
| 821 |
+
$url = esc_url($url);
|
| 822 |
$imgStyle = '';
|
| 823 |
$imgStyle .= ($margin == '') ? '' : 'margin:'.$margin.'px;';
|
| 824 |
$imgStyle .= ($width == $height) ? '' : 'height:'.$height.'px;';
|
| 825 |
$icon_output_html = '<img src="'.cnss_get_img_url($url).'" border="0" width="'.$width.'" height="'.$height.'" alt="'.$title.'" title="'.$title.'" style="'.$imgStyle.'" />';
|
| 826 |
} else {
|
| 827 |
+
$url = esc_attr($url);
|
| 828 |
$icon_output_html = '<i title="'.$title.'" style="font-size:'.$width.'px;" class="'.$url.'"></i>';
|
| 829 |
}
|
| 830 |
return $icon_output_html;
|
| 904 |
"https://yahoo.com/" => "Yahoo"
|
| 905 |
);
|
| 906 |
|
| 907 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 908 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 909 |
$blank_img = "data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7";
|
| 910 |
|
| 911 |
if (isset($_GET['mode'])) {
|
| 1091 |
|
| 1092 |
global $wpdb,$cnssBaseURL;
|
| 1093 |
|
| 1094 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 1095 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 1096 |
|
| 1097 |
$image_file_path = $cnssBaseURL;
|
| 1098 |
$icons = cnss_get_all_icons();
|
| 1179 |
|
| 1180 |
function cnss_social_icon_table() {
|
| 1181 |
|
| 1182 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 1183 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 1184 |
+
$cnss_margin = esc_attr(get_option('cnss-margin'));
|
| 1185 |
+
$cnss_rows = esc_attr(get_option('cnss-row-count'));
|
| 1186 |
+
$vorh = esc_attr(get_option('cnss-vertical-horizontal'));
|
| 1187 |
|
| 1188 |
global $wpdb,$cnssBaseURL;
|
| 1189 |
$table_name = $wpdb->prefix . "cn_social_icon";
|
| 1251 |
}
|
| 1252 |
}
|
| 1253 |
|
| 1254 |
+
$cnss_width = isset($attr['width'])?$attr['width']:esc_attr(get_option('cnss-width'));
|
| 1255 |
+
$cnss_height = isset($attr['height'])?$attr['height']:esc_attr(get_option('cnss-height'));
|
| 1256 |
+
$cnss_margin = isset($attr['margin'])?$attr['margin']:esc_attr(get_option('cnss-margin'));
|
| 1257 |
+
$cnss_rows = esc_attr(get_option('cnss-row-count'));
|
| 1258 |
+
$vorh = isset($attr['display'])?$attr['display']:esc_attr(get_option('cnss-vertical-horizontal'));
|
| 1259 |
+
$text_align = isset($attr['alignment'])?$attr['alignment']:esc_attr(get_option('cnss-text-align'));
|
| 1260 |
|
| 1261 |
// settings for font-awesome icons
|
| 1262 |
$icon_bg_color = cnss_get_option('cnss-icon-bg-color');
|
| 1318 |
|
| 1319 |
global $wpdb,$cnssBaseURL;
|
| 1320 |
|
| 1321 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 1322 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 1323 |
$image_file_path = $cnssBaseURL;
|
| 1324 |
|
| 1325 |
$icons = cnss_get_all_icons();
|
| 1385 |
|
| 1386 |
public function form( $instance ) {
|
| 1387 |
|
| 1388 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 1389 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 1390 |
+
$cnss_margin = esc_attr(get_option('cnss-margin'));
|
| 1391 |
+
$cnss_rows = esc_attr(get_option('cnss-row-count'));
|
| 1392 |
+
$vorh = esc_attr(get_option('cnss-vertical-horizontal'));
|
| 1393 |
+
$text_align = esc_attr(get_option('cnss-text-align'));
|
| 1394 |
|
| 1395 |
if ( isset( $instance[ 'title' ] ) ) {
|
| 1396 |
$title = $instance[ 'title' ];
|
| 1457 |
|
| 1458 |
global $wpdb,$cnssBaseURL;
|
| 1459 |
|
| 1460 |
+
$cnss_width = esc_attr(get_option('cnss-width'));
|
| 1461 |
+
$cnss_height = esc_attr(get_option('cnss-height'));
|
| 1462 |
$image_file_path = $cnssBaseURL;
|
| 1463 |
|
| 1464 |
$icons = cnss_get_all_icons();
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: cybernetikz
|
|
| 3 |
Donate link:
|
| 4 |
Tags: easy social icons, easy social icon, social icons, social share, follow us, custom social icons, social media icons
|
| 5 |
Requires at least: 3.5
|
| 6 |
-
Tested up to: 5.9.
|
| 7 |
-
Stable tag: 3.
|
| 8 |
|
| 9 |
Upload your own social media icons or choose from font-awesome. Use widget|shortcode to place icons anywhere(sidebar, header, footer, page) in theme.
|
| 10 |
|
|
@@ -76,6 +76,11 @@ If you are using wordpress version lower than 3.5 please use Easy social Icon ve
|
|
| 76 |
|
| 77 |
== Changelog ==
|
| 78 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
= 3.1.4 =
|
| 80 |
* fix/update security issue
|
| 81 |
* check with latest wordpress version 5.9.1
|
| 3 |
Donate link:
|
| 4 |
Tags: easy social icons, easy social icon, social icons, social share, follow us, custom social icons, social media icons
|
| 5 |
Requires at least: 3.5
|
| 6 |
+
Tested up to: 5.9.2
|
| 7 |
+
Stable tag: 3.2.0
|
| 8 |
|
| 9 |
Upload your own social media icons or choose from font-awesome. Use widget|shortcode to place icons anywhere(sidebar, header, footer, page) in theme.
|
| 10 |
|
| 76 |
|
| 77 |
== Changelog ==
|
| 78 |
|
| 79 |
+
= 3.2.0 =
|
| 80 |
+
* fix / update security issue
|
| 81 |
+
* check with latest wordpress version 5.9.2
|
| 82 |
+
* fix security issue (Admin + Stored XSS)
|
| 83 |
+
|
| 84 |
= 3.1.4 =
|
| 85 |
* fix/update security issue
|
| 86 |
* check with latest wordpress version 5.9.1
|
