Version Description
- 2015-08-11 =
- removed onpageshow and onclick params. Reason: XSS vulnerability (thanks to dxw.com).
Download this release
Release Info
| Developer | webvitaly |
| Plugin |  iframe |
| Version | 4.1 |
| Comparing to | |
| See all releases | |
Code changes from version 4.0 to 4.1
- iframe.php +4 -3
- readme.txt +6 -3
iframe.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: iframe
|
| 4 |
Plugin URI: http://wordpress.org/plugins/iframe/
|
| 5 |
Description: [iframe src="http://www.youtube.com/embed/4qsGTXLnmKs" width="100%" height="500"] shortcode
|
| 6 |
-
Version: 4.
|
| 7 |
Author: webvitaly
|
| 8 |
Author URI: http://web-profile.com.ua/wordpress/plugins/
|
| 9 |
License: GPLv3
|
|
@@ -26,10 +26,11 @@ function iframe_unqprfx_embed_shortcode( $atts ) {
|
|
| 26 |
}
|
| 27 |
}
|
| 28 |
|
| 29 |
-
$html = "\n".'<!-- iframe plugin v.4.
|
| 30 |
$html .= '<iframe';
|
| 31 |
foreach( $atts as $attr => $value ) {
|
| 32 |
-
if ( strtolower($attr) != 'same_height_as' AND strtolower($attr) != 'onload'
|
|
|
|
| 33 |
if ( $value != '' ) { // adding all attributes
|
| 34 |
$html .= ' ' . esc_attr( $attr ) . '="' . esc_attr( $value ) . '"';
|
| 35 |
} else { // adding empty attributes
|
| 3 |
Plugin Name: iframe
|
| 4 |
Plugin URI: http://wordpress.org/plugins/iframe/
|
| 5 |
Description: [iframe src="http://www.youtube.com/embed/4qsGTXLnmKs" width="100%" height="500"] shortcode
|
| 6 |
+
Version: 4.1
|
| 7 |
Author: webvitaly
|
| 8 |
Author URI: http://web-profile.com.ua/wordpress/plugins/
|
| 9 |
License: GPLv3
|
| 26 |
}
|
| 27 |
}
|
| 28 |
|
| 29 |
+
$html = "\n".'<!-- iframe plugin v.4.1 wordpress.org/plugins/iframe/ -->'."\n";
|
| 30 |
$html .= '<iframe';
|
| 31 |
foreach( $atts as $attr => $value ) {
|
| 32 |
+
if ( strtolower($attr) != 'same_height_as' AND strtolower($attr) != 'onload'
|
| 33 |
+
AND strtolower($attr) != 'onpageshow' AND strtolower($attr) != 'onclick') { // remove some attributes
|
| 34 |
if ( $value != '' ) { // adding all attributes
|
| 35 |
$html .= ' ' . esc_attr( $attr ) . '="' . esc_attr( $value ) . '"';
|
| 36 |
} else { // adding empty attributes
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: http://web-profile.com.ua/donate/
|
|
| 4 |
Tags: iframe, embed, youtube, vimeo, google-map, google-maps
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 4.4
|
| 7 |
-
Stable tag: 4.
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl.html
|
| 10 |
|
|
@@ -59,10 +59,13 @@ If you need to embed content from YouTube, Vimeo, SlideShare, SoundCloud, Twitte
|
|
| 59 |
|
| 60 |
== Changelog ==
|
| 61 |
|
|
|
|
|
|
|
|
|
|
| 62 |
= 4.0 - 2015-08-09 =
|
| 63 |
-
* removed get_params_from_url param. Reason: XSS vulnerability (thanks to
|
| 64 |
If you still need this feature you can [download iframe ver 3.0[(https://wordpress.org/plugins/iframe/developers/) and stick to it but keep in mind of XSS vulnerability.
|
| 65 |
-
* removed onload param. Reason: XSS vulnerability (thanks to
|
| 66 |
* escaping attributes
|
| 67 |
|
| 68 |
= 3.0 - 2015-01-25 =
|
| 4 |
Tags: iframe, embed, youtube, vimeo, google-map, google-maps
|
| 5 |
Requires at least: 3.0
|
| 6 |
Tested up to: 4.4
|
| 7 |
+
Stable tag: 4.1
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl.html
|
| 10 |
|
| 59 |
|
| 60 |
== Changelog ==
|
| 61 |
|
| 62 |
+
= 4.1 - 2015-08-11 =
|
| 63 |
+
* removed onpageshow and onclick params. Reason: XSS vulnerability (thanks to dxw.com).
|
| 64 |
+
|
| 65 |
= 4.0 - 2015-08-09 =
|
| 66 |
+
* removed get_params_from_url param. Reason: XSS vulnerability (thanks to dxw.com).
|
| 67 |
If you still need this feature you can [download iframe ver 3.0[(https://wordpress.org/plugins/iframe/developers/) and stick to it but keep in mind of XSS vulnerability.
|
| 68 |
+
* removed onload param. Reason: XSS vulnerability (thanks to dxw.com).
|
| 69 |
* escaping attributes
|
| 70 |
|
| 71 |
= 3.0 - 2015-01-25 =
|
