iframe - Version 4.1

Version Description

  • 2015-08-11 =
  • removed onpageshow and onclick params. Reason: XSS vulnerability (thanks to dxw.com).
Download this release

Release Info

Developer webvitaly
Plugin Icon wp plugin iframe
Version 4.1
Comparing to
See all releases

Code changes from version 4.0 to 4.1

Files changed (2) hide show
  1. iframe.php +4 -3
  2. readme.txt +6 -3
iframe.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: iframe
4
Plugin URI: http://wordpress.org/plugins/iframe/
5
Description: [iframe src="http://www.youtube.com/embed/4qsGTXLnmKs" width="100%" height="500"] shortcode
6
- Version: 4.0
7
Author: webvitaly
8
Author URI: http://web-profile.com.ua/wordpress/plugins/
9
License: GPLv3
@@ -26,10 +26,11 @@ function iframe_unqprfx_embed_shortcode( $atts ) {
26
}
27
}
28
29
- $html = "\n".'<!-- iframe plugin v.4.0 wordpress.org/plugins/iframe/ -->'."\n";
30
$html .= '<iframe';
31
foreach( $atts as $attr => $value ) {
32
- if ( strtolower($attr) != 'same_height_as' AND strtolower($attr) != 'onload' ) { // remove some attributes
33
if ( $value != '' ) { // adding all attributes
34
$html .= ' ' . esc_attr( $attr ) . '="' . esc_attr( $value ) . '"';
35
} else { // adding empty attributes
3
Plugin Name: iframe
4
Plugin URI: http://wordpress.org/plugins/iframe/
5
Description: [iframe src="http://www.youtube.com/embed/4qsGTXLnmKs" width="100%" height="500"] shortcode
6
+ Version: 4.1
7
Author: webvitaly
8
Author URI: http://web-profile.com.ua/wordpress/plugins/
9
License: GPLv3
26
}
27
}
28
29
+ $html = "\n".'<!-- iframe plugin v.4.1 wordpress.org/plugins/iframe/ -->'."\n";
30
$html .= '<iframe';
31
foreach( $atts as $attr => $value ) {
32
+ if ( strtolower($attr) != 'same_height_as' AND strtolower($attr) != 'onload'
33
+ AND strtolower($attr) != 'onpageshow' AND strtolower($attr) != 'onclick') { // remove some attributes
34
if ( $value != '' ) { // adding all attributes
35
$html .= ' ' . esc_attr( $attr ) . '="' . esc_attr( $value ) . '"';
36
} else { // adding empty attributes
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://web-profile.com.ua/donate/
4
Tags: iframe, embed, youtube, vimeo, google-map, google-maps
5
Requires at least: 3.0
6
Tested up to: 4.4
7
- Stable tag: 4.0
8
License: GPLv3
9
License URI: http://www.gnu.org/licenses/gpl.html
10
@@ -59,10 +59,13 @@ If you need to embed content from YouTube, Vimeo, SlideShare, SoundCloud, Twitte
59
60
== Changelog ==
61
62
= 4.0 - 2015-08-09 =
63
- * removed get_params_from_url param. Reason: XSS vulnerability (thanks to [dxw.com](http://dxw.com/) ).
64
If you still need this feature you can [download iframe ver 3.0[(https://wordpress.org/plugins/iframe/developers/) and stick to it but keep in mind of XSS vulnerability.
65
- * removed onload param. Reason: XSS vulnerability (thanks to [dxw.com](http://dxw.com/) ).
66
* escaping attributes
67
68
= 3.0 - 2015-01-25 =
4
Tags: iframe, embed, youtube, vimeo, google-map, google-maps
5
Requires at least: 3.0
6
Tested up to: 4.4
7
+ Stable tag: 4.1
8
License: GPLv3
9
License URI: http://www.gnu.org/licenses/gpl.html
10
59
60
== Changelog ==
61
62
+ = 4.1 - 2015-08-11 =
63
+ * removed onpageshow and onclick params. Reason: XSS vulnerability (thanks to dxw.com).
64
+
65
= 4.0 - 2015-08-09 =
66
+ * removed get_params_from_url param. Reason: XSS vulnerability (thanks to dxw.com).
67
If you still need this feature you can [download iframe ver 3.0[(https://wordpress.org/plugins/iframe/developers/) and stick to it but keep in mind of XSS vulnerability.
68
+ * removed onload param. Reason: XSS vulnerability (thanks to dxw.com).
69
* escaping attributes
70
71
= 3.0 - 2015-01-25 =