Forget About Shortcode Buttons - Version 1.1.2

Version Description

  • Security Update - XSS patch
Download this release

Release Info

Developer DesignsAndCode
Plugin Icon wp plugin Forget About Shortcode Buttons
Version 1.1.2
Comparing to
See all releases

Code changes from version 1.1.1 to 1.1.2

Files changed (3) hide show
  1. assets/js/fasc-buttons/popup.php +7 -2
  2. forget-about-shortcode-buttons.php +4 -7
  3. readme.txt +4 -1
assets/js/fasc-buttons/popup.php CHANGED
@@ -5,7 +5,7 @@
5
  $insert_text = "Insert";
6
  if(isset($_GET['ver']))
7
  {
8
- $fasc_plugin_ver = $_GET['ver'];
9
  }
10
  else
11
  {
@@ -22,6 +22,11 @@
22
  $insert_text = "Update";
23
  }
24
  }
 
 
 
 
 
25
  ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
26
  <html xmlns="http://www.w3.org/1999/xhtml">
27
  <head>
@@ -35,7 +40,7 @@
35
  <link rel="stylesheet" href="popup.css?ver=<?php echo $fasc_plugin_ver; ?>">
36
  <script type="text/javascript">
37
  var source = "<?php echo $source; ?>";
38
- var ajax_url = "<?php echo $_GET['ajaxurl']; ?>";
39
  </script>
40
  <script type="text/javascript" src="popup.min.js?ver=<?php echo $fasc_plugin_ver; ?>"></script>
41
  </head>
5
  $insert_text = "Insert";
6
  if(isset($_GET['ver']))
7
  {
8
+ $fasc_plugin_ver = htmlspecialchars($_GET['ver']);
9
  }
10
  else
11
  {
22
  $insert_text = "Update";
23
  }
24
  }
25
+
26
+ $ajax_url = urldecode($_GET['ajaxurl']);
27
+ $ajax_url = filter_var($ajax_url, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED);
28
+
29
+
30
  ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
31
  <html xmlns="http://www.w3.org/1999/xhtml">
32
  <head>
40
  <link rel="stylesheet" href="popup.css?ver=<?php echo $fasc_plugin_ver; ?>">
41
  <script type="text/javascript">
42
  var source = "<?php echo $source; ?>";
43
+ var ajax_url = "<?php echo $ajax_url; ?>";
44
  </script>
45
  <script type="text/javascript" src="popup.min.js?ver=<?php echo $fasc_plugin_ver; ?>"></script>
46
  </head>
forget-about-shortcode-buttons.php CHANGED
@@ -6,7 +6,7 @@ Description: A visual way to add CSS buttons in the post editor screen.
6
  Author: Designs & Code
7
  Author URI: http://www.designsandcode.com/
8
  License: GPL v3
9
- Version: 1.1.1
10
  Text Domain: fascbuttons
11
  */
12
 
@@ -14,7 +14,7 @@ Text Domain: fascbuttons
14
  * Set up Plugin Globals
15
  */
16
  if (!defined('FASC_BUTTONS_VERSION_NUM'))
17
- define('FASC_BUTTONS_VERSION_NUM', '1.1.1');
18
 
19
  if (!defined('PLUGIN_SLUG'))
20
  define('PLUGIN_SLUG', 'fasc-buttons');
@@ -95,7 +95,6 @@ if ( ! class_exists( 'FascButtons' ) )
95
  //$buttons = get_user_meta(get_current_user_id(), 'fasc-buttons', true); //get existing buttons
96
  $buttons = get_option('fasc-buttons'); //get existing buttons
97
 
98
- //var_dump($buttons);
99
  if(!is_array($buttons))
100
  {
101
  $buttons = array();
@@ -105,7 +104,7 @@ if ( ! class_exists( 'FascButtons' ) )
105
  if($button_html!="")
106
  {
107
 
108
- $button_html = stripslashes($button_html);
109
 
110
  $button_number = count($buttons)+1;
111
 
@@ -174,7 +173,7 @@ if ( ! class_exists( 'FascButtons' ) )
174
 
175
  $renameIndex = (int)$_GET['index'];
176
 
177
- $name = $_GET['name'];
178
  $buttons[$renameIndex]['name'] = $name;
179
 
180
  $newButtons = array_reverse($buttons);
@@ -191,8 +190,6 @@ if ( ! class_exists( 'FascButtons' ) )
191
  echo json_encode($msg);
192
  }
193
 
194
- //var_dump($_GET);
195
- //delete_user_meta(get_current_user_id(), 'fasc-buttons');
196
  exit;
197
  }
198
 
6
  Author: Designs & Code
7
  Author URI: http://www.designsandcode.com/
8
  License: GPL v3
9
+ Version: 1.1.2
10
  Text Domain: fascbuttons
11
  */
12
 
14
  * Set up Plugin Globals
15
  */
16
  if (!defined('FASC_BUTTONS_VERSION_NUM'))
17
+ define('FASC_BUTTONS_VERSION_NUM', '1.1.2');
18
 
19
  if (!defined('PLUGIN_SLUG'))
20
  define('PLUGIN_SLUG', 'fasc-buttons');
95
  //$buttons = get_user_meta(get_current_user_id(), 'fasc-buttons', true); //get existing buttons
96
  $buttons = get_option('fasc-buttons'); //get existing buttons
97
 
 
98
  if(!is_array($buttons))
99
  {
100
  $buttons = array();
104
  if($button_html!="")
105
  {
106
 
107
+ $button_html = stripslashes(wp_filter_post_kses($button_html));
108
 
109
  $button_number = count($buttons)+1;
110
 
173
 
174
  $renameIndex = (int)$_GET['index'];
175
 
176
+ $name = esc_attr($_GET['name']);
177
  $buttons[$renameIndex]['name'] = $name;
178
 
179
  $newButtons = array_reverse($buttons);
190
  echo json_encode($msg);
191
  }
192
 
 
 
193
  exit;
194
  }
195
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=ZAHPN
4
  Tags: css, button, shortcode, edit, visual editor, buttons, wysiwyg, post editor, tinymce, shortcodes, button editor
5
  Requires at least: 3.9
6
  Tested up to: 4.4
7
- Stable tag: 1.1.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -31,6 +31,9 @@ Ask me some questions!
31
 
32
  == Changelog ==
33
 
 
 
 
34
  = 1.1.1 =
35
  * Fix - "Insert button" icon added for custom post types
36
  * Tested up to WP 4.4
4
  Tags: css, button, shortcode, edit, visual editor, buttons, wysiwyg, post editor, tinymce, shortcodes, button editor
5
  Requires at least: 3.9
6
  Tested up to: 4.4
7
+ Stable tag: 1.1.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
31
 
32
  == Changelog ==
33
 
34
+ = 1.1.2 =
35
+ * Security Update - XSS patch
36
+
37
  = 1.1.1 =
38
  * Fix - "Insert button" icon added for custom post types
39
  * Tested up to WP 4.4