iframe - Version 4.0

Version Description

  • 2015-08-09 =
  • removed get_params_from_url param. Reason: XSS vulnerability (thanks to dxw.com ). If you still need this feature you can [download iframe ver 3.0[(https://wordpress.org/plugins/iframe/developers/) and stick to it but keep in mind of XSS vulnerability.
  • removed onload param. Reason: XSS vulnerability (thanks to dxw.com ).
  • escaping attributes
Download this release

Release Info

Developer webvitaly
Plugin Icon wp plugin iframe
Version 4.0
Comparing to
See all releases

Code changes from version 3.0 to 4.0

Files changed (2) hide show
  1. iframe.php +8 -25
  2. readme.txt +8 -3
iframe.php CHANGED
@@ -3,14 +3,14 @@
3
  Plugin Name: iframe
4
  Plugin URI: http://wordpress.org/plugins/iframe/
5
  Description: [iframe src="http://www.youtube.com/embed/4qsGTXLnmKs" width="100%" height="500"] shortcode
6
- Version: 3.0
7
  Author: webvitaly
8
  Author URI: http://web-profile.com.ua/wordpress/plugins/
9
  License: GPLv3
10
  */
11
 
12
 
13
- function iframe_unqprfx_embed_shortcode( $atts, $content = null ) {
14
  $defaults = array(
15
  'src' => 'http://www.youtube.com/embed/4qsGTXLnmKs',
16
  'width' => '100%',
@@ -26,31 +26,14 @@ function iframe_unqprfx_embed_shortcode( $atts, $content = null ) {
26
  }
27
  }
28
 
29
- // get_params_from_url
30
- if ( isset( $atts["get_params_from_url"] ) && ( $atts["get_params_from_url"] == '1' || $atts["get_params_from_url"] == 1 ) ) {
31
- $encode_string = '';
32
- if ( $_GET != NULL ) {
33
- if ( strpos( $atts["src"], '?' ) ) { // if we already have '?' and GET params
34
- $encode_string = '&';
35
- } else {
36
- $encode_string = '?';
37
- }
38
- foreach( $_GET as $key => $value ) {
39
- $encode_string .= $key.'='.$value.'&';
40
- }
41
- }
42
- $encode_string = rtrim($encode_string, '&'); // remove last '&'
43
- $atts["src"] .= $encode_string;
44
- }
45
-
46
- $html = "\n".'<!-- iframe plugin v.3.0 wordpress.org/plugins/iframe/ -->'."\n";
47
  $html .= '<iframe';
48
  foreach( $atts as $attr => $value ) {
49
- if ( $attr != 'same_height_as' ) { // remove some attributes
50
  if ( $value != '' ) { // adding all attributes
51
- $html .= ' ' . $attr . '="' . $value . '"';
52
  } else { // adding empty attributes
53
- $html .= ' ' . $attr;
54
  }
55
  }
56
  }
@@ -61,8 +44,8 @@ function iframe_unqprfx_embed_shortcode( $atts, $content = null ) {
61
  <script>
62
  document.addEventListener("DOMContentLoaded", function(){
63
  var target_element, iframe_element;
64
- iframe_element = document.querySelector("iframe.' . $atts["class"] . '");
65
- target_element = document.querySelector("' . $atts["same_height_as"] . '");
66
  iframe_element.style.height = target_element.offsetHeight + "px";
67
  });
68
  </script>
3
  Plugin Name: iframe
4
  Plugin URI: http://wordpress.org/plugins/iframe/
5
  Description: [iframe src="http://www.youtube.com/embed/4qsGTXLnmKs" width="100%" height="500"] shortcode
6
+ Version: 4.0
7
  Author: webvitaly
8
  Author URI: http://web-profile.com.ua/wordpress/plugins/
9
  License: GPLv3
10
  */
11
 
12
 
13
+ function iframe_unqprfx_embed_shortcode( $atts ) {
14
  $defaults = array(
15
  'src' => 'http://www.youtube.com/embed/4qsGTXLnmKs',
16
  'width' => '100%',
26
  }
27
  }
28
 
29
+ $html = "\n".'<!-- iframe plugin v.4.0 wordpress.org/plugins/iframe/ -->'."\n";
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
30
  $html .= '<iframe';
31
  foreach( $atts as $attr => $value ) {
32
+ if ( strtolower($attr) != 'same_height_as' AND strtolower($attr) != 'onload' ) { // remove some attributes
33
  if ( $value != '' ) { // adding all attributes
34
+ $html .= ' ' . esc_attr( $attr ) . '="' . esc_attr( $value ) . '"';
35
  } else { // adding empty attributes
36
+ $html .= ' ' . esc_attr( $attr );
37
  }
38
  }
39
  }
44
  <script>
45
  document.addEventListener("DOMContentLoaded", function(){
46
  var target_element, iframe_element;
47
+ iframe_element = document.querySelector("iframe.' . esc_attr( $atts["class"] ) . '");
48
+ target_element = document.querySelector("' . esc_attr( $atts["same_height_as"] ) . '");
49
  iframe_element.style.height = target_element.offsetHeight + "px";
50
  });
51
  </script>
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: webvitaly
3
  Donate link: http://web-profile.com.ua/donate/
4
  Tags: iframe, embed, youtube, vimeo, google-map, google-maps
5
  Requires at least: 3.0
6
- Tested up to: 4.1
7
- Stable tag: 3.0
8
  License: GPLv3
9
  License URI: http://www.gnu.org/licenses/gpl.html
10
 
@@ -50,7 +50,6 @@ If you need to embed content from YouTube, Vimeo, SlideShare, SoundCloud, Twitte
50
  * **class** - allows to add the class of the iframe: `[iframe class="custom_class"]`; by default class="iframe-class";
51
  * **style** - allows to add the css styles of the iframe: `[iframe style="margin-left:-30px;"]`; removed by default;
52
  * **same_height_as** - allows to set the height of iframe same as target element: `[iframe same_height_as="div.sidebar"]`, `[iframe same_height_as="div#content"]`, `[iframe same_height_as="body"]`, `[iframe same_height_as="html"]`; removed by default;
53
- * **get_params_from_url** - allows to add GET params from url to the src of iframe; Example: page url - `site.com/?prm1=11`, shortcode - `[iframe src="embed.com" get_params_from_url="1"]`, iframe src - `embed.com?prm1=11` (disabled by default);
54
  * **any_other_param** - allows to add new parameter of the iframe `[iframe any_other_param="any_value"]`;
55
  * **any_other_empty_param** - allows to add new empty parameter of the iframe (like "allowfullscreen" on youtube) `[iframe any_other_empty_param=""]`;
56
 
@@ -60,6 +59,12 @@ If you need to embed content from YouTube, Vimeo, SlideShare, SoundCloud, Twitte
60
 
61
  == Changelog ==
62
 
 
 
 
 
 
 
63
  = 3.0 - 2015-01-25 =
64
  * removed same_height_as="content", same_height_as="window", same_height_as="document" features because it was not working properly
65
  * rewrote the javascript-code using pure JavaScript and without jQuery - no need to load jQuery for every site using iframe plugin
3
  Donate link: http://web-profile.com.ua/donate/
4
  Tags: iframe, embed, youtube, vimeo, google-map, google-maps
5
  Requires at least: 3.0
6
+ Tested up to: 4.4
7
+ Stable tag: 4.0
8
  License: GPLv3
9
  License URI: http://www.gnu.org/licenses/gpl.html
10
 
50
  * **class** - allows to add the class of the iframe: `[iframe class="custom_class"]`; by default class="iframe-class";
51
  * **style** - allows to add the css styles of the iframe: `[iframe style="margin-left:-30px;"]`; removed by default;
52
  * **same_height_as** - allows to set the height of iframe same as target element: `[iframe same_height_as="div.sidebar"]`, `[iframe same_height_as="div#content"]`, `[iframe same_height_as="body"]`, `[iframe same_height_as="html"]`; removed by default;
 
53
  * **any_other_param** - allows to add new parameter of the iframe `[iframe any_other_param="any_value"]`;
54
  * **any_other_empty_param** - allows to add new empty parameter of the iframe (like "allowfullscreen" on youtube) `[iframe any_other_empty_param=""]`;
55
 
59
 
60
  == Changelog ==
61
 
62
+ = 4.0 - 2015-08-09 =
63
+ * removed get_params_from_url param. Reason: XSS vulnerability (thanks to [dxw.com](http://dxw.com/) ).
64
+ If you still need this feature you can [download iframe ver 3.0[(https://wordpress.org/plugins/iframe/developers/) and stick to it but keep in mind of XSS vulnerability.
65
+ * removed onload param. Reason: XSS vulnerability (thanks to [dxw.com](http://dxw.com/) ).
66
+ * escaping attributes
67
+
68
  = 3.0 - 2015-01-25 =
69
  * removed same_height_as="content", same_height_as="window", same_height_as="document" features because it was not working properly
70
  * rewrote the javascript-code using pure JavaScript and without jQuery - no need to load jQuery for every site using iframe plugin