Image Widget - Version 3.3.1

Version Description

  • Add minor security updates.
  • Update readme, thumbnails and other minor descriptors.
Download this release

Release Info

Developer peterchester
Plugin Icon 128x128 Image Widget
Version 3.3.1
Comparing to
See all releases

Code changes from version 3.3 to 3.3.1

Files changed (9) hide show
  1. image-widget-fix-browser-upload.js +0 -83
  2. image-widget.js +82 -1
  3. image-widget.php +28 -33
  4. readme.txt +9 -8
  5. screenshot-1.png +0 -0
  6. screenshot-2.png +0 -0
  7. screenshot-3.png +0 -0
  8. views/widget-admin.php +9 -0
  9. views/widget.php +15 -3
image-widget-fix-browser-upload.js DELETED
@@ -1,83 +0,0 @@
1
- jQuery(document).ready(function() {
2
-
3
- jQuery('form#image-form').submit(function(){
4
- var wp_ref = jQuery("input[name='_wp_http_referer']").val();
5
- // _wp_http_referer only contains the widget_sp_image if the
6
- // previous action was pressing the add image link in an Image Widget
7
- // https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Objects/String/indexOf
8
- if( wp_ref.indexOf('widget_sp_image') != -1 ) {
9
- var parsed_url = parse_url(wp_ref);
10
- var nw_action_url = jQuery('form#image-form').attr('action');
11
-
12
- // make sure the widget_sp_image is not part of the form action url
13
- // so we will add it to fix the context
14
- if( nw_action_url.indexOf('widget_sp_image') == -1 ) {
15
- nw_action_url = nw_action_url + '&' + parsed_url.query;
16
- jQuery('form#image-form').attr('action', nw_action_url);
17
- }
18
- }
19
- return true;
20
- });
21
- });
22
-
23
-
24
- /*
25
- * Thanks to http://github.com/kvz/phpjs/raw/master/functions/url/parse_url.js
26
- */
27
- function parse_url (str, component) {
28
- // http://kevin.vanzonneveld.net
29
- // + original by: Steven Levithan (http://blog.stevenlevithan.com)
30
- // + reimplemented by: Brett Zamir (http://brett-zamir.me)
31
- // + input by: Lorenzo Pisani
32
- // + input by: Tony
33
- // + improved by: Brett Zamir (http://brett-zamir.me)
34
- // % note: Based on http://stevenlevithan.com/demo/parseuri/js/assets/parseuri.js
35
- // % note: blog post at http://blog.stevenlevithan.com/archives/parseuri
36
- // % note: demo at http://stevenlevithan.com/demo/parseuri/js/assets/parseuri.js
37
- // % note: Does not replace invalid characters with '_' as in PHP, nor does it return false with
38
- // % note: a seriously malformed URL.
39
- // % note: Besides function name, is essentially the same as parseUri as well as our allowing
40
- // % note: an extra slash after the scheme/protocol (to allow file:/// as in PHP)
41
- // * example 1: parse_url('http://username:password@hostname/path?arg=value#anchor');
42
- // * returns 1: {scheme: 'http', host: 'hostname', user: 'username', pass: 'password', path: '/path', query: 'arg=value', fragment: 'anchor'}
43
- var key = ['source', 'scheme', 'authority', 'userInfo', 'user', 'pass', 'host', 'port',
44
- 'relative', 'path', 'directory', 'file', 'query', 'fragment'],
45
- ini = (this.php_js && this.php_js.ini) || {},
46
- mode = (ini['phpjs.parse_url.mode'] &&
47
- ini['phpjs.parse_url.mode'].local_value) || 'php',
48
- parser = {
49
- php: /^(?:([^:\/?#]+):)?(?:\/\/()(?:(?:()(?:([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?()(?:(()(?:(?:[^?#\/]*\/)*)()(?:[^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
50
- strict: /^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
51
- loose: /^(?:(?![^:@]+:[^:@\/]*@)([^:\/?#.]+):)?(?:\/\/\/?)?((?:(([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?)(((\/(?:[^?#](?![^?#\/]*\.[^?#\/.]+(?:[?#]|$)))*\/?)?([^?#\/]*))(?:\?([^#]*))?(?:#(.*))?)/ // Added one optional slash to post-scheme to catch file:/// (should restrict this)
52
- };
53
-
54
- var m = parser[mode].exec(str),
55
- uri = {},
56
- i = 14;
57
- while (i--) {
58
- if (m[i]) {
59
- uri[key[i]] = m[i];
60
- }
61
- }
62
-
63
- if (component) {
64
- return uri[component.replace('PHP_URL_', '').toLowerCase()];
65
- }
66
- if (mode !== 'php') {
67
- var name = (ini['phpjs.parse_url.queryKey'] &&
68
- ini['phpjs.parse_url.queryKey'].local_value) || 'queryKey';
69
- parser = /(?:^|&)([^&=]*)=?([^&]*)/g;
70
- uri[name] = {};
71
- uri[key[12]].replace(parser, function ($0, $1, $2) {
72
- if ($1) {uri[name][$1] = $2;}
73
- });
74
- }
75
- delete uri.source;
76
- return uri;
77
- }
78
-
79
-
80
-
81
-
82
- /* /wp-admin/media-upload.php?type=image&widget_id=widget_sp_image-11& */
83
-
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
image-widget.js CHANGED
@@ -114,4 +114,85 @@
114
  });
115
  });
116
 
117
- })(jQuery);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
114
  });
115
  });
116
 
117
+ })(jQuery);
118
+
119
+ /* Fix browser upload */
120
+
121
+ jQuery(document).ready(function() {
122
+
123
+ jQuery('form#image-form').submit(function(){
124
+ var wp_ref = jQuery("input[name='_wp_http_referer']").val();
125
+ // _wp_http_referer only contains the widget_sp_image if the
126
+ // previous action was pressing the add image link in an Image Widget
127
+ // https://developer.mozilla.org/en/Core_JavaScript_1.5_Reference/Objects/String/indexOf
128
+ if( wp_ref.indexOf('widget_sp_image') != -1 ) {
129
+ var parsed_url = parse_url(wp_ref);
130
+ var nw_action_url = jQuery('form#image-form').attr('action');
131
+
132
+ // make sure the widget_sp_image is not part of the form action url
133
+ // so we will add it to fix the context
134
+ if( nw_action_url.indexOf('widget_sp_image') == -1 ) {
135
+ nw_action_url = nw_action_url + '&' + parsed_url.query;
136
+ jQuery('form#image-form').attr('action', nw_action_url);
137
+ }
138
+ }
139
+ return true;
140
+ });
141
+ });
142
+
143
+
144
+ /*
145
+ * Thanks to http://github.com/kvz/phpjs/raw/master/functions/url/parse_url.js
146
+ */
147
+ function parse_url (str, component) {
148
+ // http://kevin.vanzonneveld.net
149
+ // + original by: Steven Levithan (http://blog.stevenlevithan.com)
150
+ // + reimplemented by: Brett Zamir (http://brett-zamir.me)
151
+ // + input by: Lorenzo Pisani
152
+ // + input by: Tony
153
+ // + improved by: Brett Zamir (http://brett-zamir.me)
154
+ // % note: Based on http://stevenlevithan.com/demo/parseuri/js/assets/parseuri.js
155
+ // % note: blog post at http://blog.stevenlevithan.com/archives/parseuri
156
+ // % note: demo at http://stevenlevithan.com/demo/parseuri/js/assets/parseuri.js
157
+ // % note: Does not replace invalid characters with '_' as in PHP, nor does it return false with
158
+ // % note: a seriously malformed URL.
159
+ // % note: Besides function name, is essentially the same as parseUri as well as our allowing
160
+ // % note: an extra slash after the scheme/protocol (to allow file:/// as in PHP)
161
+ // * example 1: parse_url('http://username:password@hostname/path?arg=value#anchor');
162
+ // * returns 1: {scheme: 'http', host: 'hostname', user: 'username', pass: 'password', path: '/path', query: 'arg=value', fragment: 'anchor'}
163
+ var key = ['source', 'scheme', 'authority', 'userInfo', 'user', 'pass', 'host', 'port',
164
+ 'relative', 'path', 'directory', 'file', 'query', 'fragment'],
165
+ ini = (this.php_js && this.php_js.ini) || {},
166
+ mode = (ini['phpjs.parse_url.mode'] &&
167
+ ini['phpjs.parse_url.mode'].local_value) || 'php',
168
+ parser = {
169
+ php: /^(?:([^:\/?#]+):)?(?:\/\/()(?:(?:()(?:([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?()(?:(()(?:(?:[^?#\/]*\/)*)()(?:[^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
170
+ strict: /^(?:([^:\/?#]+):)?(?:\/\/((?:(([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?((((?:[^?#\/]*\/)*)([^?#]*))(?:\?([^#]*))?(?:#(.*))?)/,
171
+ loose: /^(?:(?![^:@]+:[^:@\/]*@)([^:\/?#.]+):)?(?:\/\/\/?)?((?:(([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?)(((\/(?:[^?#](?![^?#\/]*\.[^?#\/.]+(?:[?#]|$)))*\/?)?([^?#\/]*))(?:\?([^#]*))?(?:#(.*))?)/ // Added one optional slash to post-scheme to catch file:/// (should restrict this)
172
+ };
173
+
174
+ var m = parser[mode].exec(str),
175
+ uri = {},
176
+ i = 14;
177
+ while (i--) {
178
+ if (m[i]) {
179
+ uri[key[i]] = m[i];
180
+ }
181
+ }
182
+
183
+ if (component) {
184
+ return uri[component.replace('PHP_URL_', '').toLowerCase()];
185
+ }
186
+ if (mode !== 'php') {
187
+ var name = (ini['phpjs.parse_url.queryKey'] &&
188
+ ini['phpjs.parse_url.queryKey'].local_value) || 'queryKey';
189
+ parser = /(?:^|&)([^&=]*)=?([^&]*)/g;
190
+ uri[name] = {};
191
+ uri[key[12]].replace(parser, function ($0, $1, $2) {
192
+ if ($1) {uri[name][$1] = $2;}
193
+ });
194
+ }
195
+ delete uri.source;
196
+ return uri;
197
+ }
198
+ /* /wp-admin/media-upload.php?type=image&widget_id=widget_sp_image-11& */
image-widget.php CHANGED
@@ -4,10 +4,14 @@ Plugin Name: Image Widget
4
  Plugin URI: http://wordpress.org/extend/plugins/image-widget/
5
  Description: Simple image widget that uses native Wordpress upload thickbox to add image widgets to your site.
6
  Author: Modern Tribe, Inc.
7
- Version: 3.3
8
- Author URI: http://tri.be/
9
  */
10
 
 
 
 
 
11
  // Load the widget on widgets_init
12
  function tribe_load_image_widget() {
13
  register_widget('Tribe_Image_Widget');
@@ -16,8 +20,6 @@ add_action('widgets_init', 'tribe_load_image_widget');
16
 
17
  /**
18
  * Tribe_Image_Widget class
19
- *
20
- * @author Shane & Peter, Inc. (Peter Chester)
21
  **/
22
  class Tribe_Image_Widget extends WP_Widget {
23
 
@@ -26,8 +28,7 @@ class Tribe_Image_Widget extends WP_Widget {
26
  /**
27
  * SP Image Widget constructor
28
  *
29
- * @return void
30
- * @author Shane & Peter, Inc. (Peter Chester)
31
  */
32
  function Tribe_Image_Widget() {
33
  $this->loadPluginTextDomain();
@@ -57,8 +58,7 @@ class Tribe_Image_Widget extends WP_Widget {
57
 
58
  function register_scripts_and_styles() {
59
  $dir = plugins_url('/', __FILE__);
60
- wp_register_script( 'tribe-image-widget', $dir . 'image-widget.js', array('thickbox'), false, true );
61
- wp_register_script( 'fix-browser-upload', $dir . 'image-widget-fix-browser-upload.js', array('jquery'), false, true );
62
  }
63
 
64
  function fix_async_upload_image() {
@@ -79,7 +79,7 @@ class Tribe_Image_Widget extends WP_Widget {
79
  * @param int $width desired width of image (optional)
80
  * @param int $height desired height of image (optional)
81
  * @return string URL
82
- * @author Shane & Peter, Inc. (Peter Chester)
83
  */
84
  function get_image_url( $id, $width=false, $height=false ) {
85
 
@@ -91,10 +91,11 @@ class Tribe_Image_Widget extends WP_Widget {
91
  if ($width && $height) {
92
  $uploads = wp_upload_dir();
93
  $imgpath = $uploads['basedir'].'/'.$attachment['file'];
94
- error_log($imgpath);
 
 
95
  $image = image_resize( $imgpath, $width, $height );
96
  if ( $image && !is_wp_error( $image ) ) {
97
- error_log( is_wp_error($image) );
98
  $image = path_join( dirname($attachment_url), basename($image) );
99
  } else {
100
  $image = $attachment_url;
@@ -111,8 +112,7 @@ class Tribe_Image_Widget extends WP_Widget {
111
  /**
112
  * Test context to see if the uploader is being used for the image widget or for other regular uploads
113
  *
114
- * @return void
115
- * @author Shane & Peter, Inc. (Peter Chester)
116
  */
117
  function is_sp_widget_context() {
118
  if ( isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'],$this->id_base) !== false ) {
@@ -131,8 +131,7 @@ class Tribe_Image_Widget extends WP_Widget {
131
  * @param string $translated_text text that has already been translated (normally passed straight through)
132
  * @param string $source_text text as it is in the code
133
  * @param string $domain domain of the text
134
- * @return void
135
- * @author Shane & Peter, Inc. (Peter Chester)
136
  */
137
  function replace_text_in_thickbox($translated_text, $source_text, $domain) {
138
  if ( $this->is_sp_widget_context() ) {
@@ -154,7 +153,7 @@ class Tribe_Image_Widget extends WP_Widget {
154
  * @param string $url
155
  * @param array $size
156
  * @return string javascript array of attachment url and id or just the url
157
- * @author Shane & Peter, Inc. (Peter Chester)
158
  */
159
  function image_send_to_editor( $html, $id, $caption, $title, $align, $url, $size, $alt = '' ) {
160
  // Normally, media uploader return an HTML string (in this case, typically a complete image tag surrounded by a caption).
@@ -166,14 +165,14 @@ class Tribe_Image_Widget extends WP_Widget {
166
  <script type="text/javascript">
167
  // send image variables back to opener
168
  var win = window.dialogArguments || opener || parent || top;
169
- win.IW_html = '<?php echo addslashes($html) ?>';
170
- win.IW_img_id = '<?php echo $id ?>';
171
- win.IW_alt = '<?php echo addslashes($alt) ?>';
172
- win.IW_caption = '<?php echo addslashes($caption) ?>';
173
- win.IW_title = '<?php echo addslashes($title) ?>';
174
- win.IW_align = '<?php echo $align ?>';
175
- win.IW_url = '<?php echo $url ?>';
176
- win.IW_size = '<?php echo $size ?>';
177
  </script>
178
  <?php
179
  }
@@ -184,8 +183,7 @@ class Tribe_Image_Widget extends WP_Widget {
184
  * Remove from url tab until that functionality is added to widgets.
185
  *
186
  * @param array $tabs
187
- * @return void
188
- * @author Shane & Peter, Inc. (Peter Chester)
189
  */
190
  function media_upload_tabs($tabs) {
191
  if ( $this->is_sp_widget_context() ) {
@@ -200,8 +198,7 @@ class Tribe_Image_Widget extends WP_Widget {
200
  *
201
  * @param array $args
202
  * @param array $instance
203
- * @return void
204
- * @author Shane & Peter, Inc. (Peter Chester)
205
  */
206
  function widget( $args, $instance ) {
207
  extract( $args );
@@ -217,7 +214,7 @@ class Tribe_Image_Widget extends WP_Widget {
217
  * @param object $new_instance Widget Instance
218
  * @param object $old_instance Widget Instance
219
  * @return object
220
- * @author Shane & Peter, Inc. (Peter Chester)
221
  */
222
  function update( $new_instance, $old_instance ) {
223
  $instance = $old_instance;
@@ -248,8 +245,7 @@ class Tribe_Image_Widget extends WP_Widget {
248
  * Form UI
249
  *
250
  * @param object $instance Widget Instance
251
- * @return void
252
- * @author Shane & Peter, Inc. (Peter Chester)
253
  */
254
  function form( $instance ) {
255
 
@@ -271,8 +267,7 @@ class Tribe_Image_Widget extends WP_Widget {
271
  /**
272
  * Admin header css
273
  *
274
- * @return void
275
- * @author Shane & Peter, Inc. (Peter Chester)
276
  */
277
  function admin_head() {
278
  ?>
4
  Plugin URI: http://wordpress.org/extend/plugins/image-widget/
5
  Description: Simple image widget that uses native Wordpress upload thickbox to add image widgets to your site.
6
  Author: Modern Tribe, Inc.
7
+ Version: 3.3.1
8
+ Author URI: http://tri.be
9
  */
10
 
11
+ // Block direct requests
12
+ if ( !defined('ABSPATH') )
13
+ die('-1');
14
+
15
  // Load the widget on widgets_init
16
  function tribe_load_image_widget() {
17
  register_widget('Tribe_Image_Widget');
20
 
21
  /**
22
  * Tribe_Image_Widget class
 
 
23
  **/
24
  class Tribe_Image_Widget extends WP_Widget {
25
 
28
  /**
29
  * SP Image Widget constructor
30
  *
31
+ * @author Modern Tribe, Inc. (Peter Chester)
 
32
  */
33
  function Tribe_Image_Widget() {
34
  $this->loadPluginTextDomain();
58
 
59
  function register_scripts_and_styles() {
60
  $dir = plugins_url('/', __FILE__);
61
+ wp_register_script( 'tribe-image-widget', $dir . 'image-widget.js', array('jquery','thickbox'), false, true );
 
62
  }
63
 
64
  function fix_async_upload_image() {
79
  * @param int $width desired width of image (optional)
80
  * @param int $height desired height of image (optional)
81
  * @return string URL
82
+ * @author Modern Tribe, Inc. (Peter Chester)
83
  */
84
  function get_image_url( $id, $width=false, $height=false ) {
85
 
91
  if ($width && $height) {
92
  $uploads = wp_upload_dir();
93
  $imgpath = $uploads['basedir'].'/'.$attachment['file'];
94
+ if (WP_DEBUG) {
95
+ error_log(__CLASS__.'->'.__FUNCTION__.'() $imgpath = '.$imgpath);
96
+ }
97
  $image = image_resize( $imgpath, $width, $height );
98
  if ( $image && !is_wp_error( $image ) ) {
 
99
  $image = path_join( dirname($attachment_url), basename($image) );
100
  } else {
101
  $image = $attachment_url;
112
  /**
113
  * Test context to see if the uploader is being used for the image widget or for other regular uploads
114
  *
115
+ * @author Modern Tribe, Inc. (Peter Chester)
 
116
  */
117
  function is_sp_widget_context() {
118
  if ( isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'],$this->id_base) !== false ) {
131
  * @param string $translated_text text that has already been translated (normally passed straight through)
132
  * @param string $source_text text as it is in the code
133
  * @param string $domain domain of the text
134
+ * @author Modern Tribe, Inc. (Peter Chester)
 
135
  */
136
  function replace_text_in_thickbox($translated_text, $source_text, $domain) {
137
  if ( $this->is_sp_widget_context() ) {
153
  * @param string $url
154
  * @param array $size
155
  * @return string javascript array of attachment url and id or just the url
156
+ * @author Modern Tribe, Inc. (Peter Chester)
157
  */
158
  function image_send_to_editor( $html, $id, $caption, $title, $align, $url, $size, $alt = '' ) {
159
  // Normally, media uploader return an HTML string (in this case, typically a complete image tag surrounded by a caption).
165
  <script type="text/javascript">
166
  // send image variables back to opener
167
  var win = window.dialogArguments || opener || parent || top;
168
+ win.IW_html = '<?php echo addslashes($html); ?>';
169
+ win.IW_img_id = '<?php echo $id; ?>';
170
+ win.IW_alt = '<?php echo addslashes($alt); ?>';
171
+ win.IW_caption = '<?php echo addslashes($caption); ?>';
172
+ win.IW_title = '<?php echo addslashes($title); ?>';
173
+ win.IW_align = '<?php echo esc_attr($align); ?>';
174
+ win.IW_url = '<?php echo esc_url($url); ?>';
175
+ win.IW_size = '<?php echo esc_attr($size); ?>';
176
  </script>
177
  <?php
178
  }
183
  * Remove from url tab until that functionality is added to widgets.
184
  *
185
  * @param array $tabs
186
+ * @author Modern Tribe, Inc. (Peter Chester)
 
187
  */
188
  function media_upload_tabs($tabs) {
189
  if ( $this->is_sp_widget_context() ) {
198
  *
199
  * @param array $args
200
  * @param array $instance
201
+ * @author Modern Tribe, Inc. (Peter Chester)
 
202
  */
203
  function widget( $args, $instance ) {
204
  extract( $args );
214
  * @param object $new_instance Widget Instance
215
  * @param object $old_instance Widget Instance
216
  * @return object
217
+ * @author Modern Tribe, Inc. (Peter Chester)
218
  */
219
  function update( $new_instance, $old_instance ) {
220
  $instance = $old_instance;
245
  * Form UI
246
  *
247
  * @param object $instance Widget Instance
248
+ * @author Modern Tribe, Inc. (Peter Chester)
 
249
  */
250
  function form( $instance ) {
251
 
267
  /**
268
  * Admin header css
269
  *
270
+ * @author Modern Tribe, Inc. (Peter Chester)
 
271
  */
272
  function admin_head() {
273
  ?>
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
  === Image Widget ===
2
- Contributors: moderntribe, peterchester, mattwiebe, Produced by Modern Tribe, Inc.
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4BSPTNFFY6AL6
4
  Tags: widget, image, ad, banner, simple, upload, sidebar, admin, thickbox, resize
5
  Requires at least: 3.0
6
- Tested up to: 3.3
7
- Stable tag: 3.3
8
 
9
  == Description ==
10
 
@@ -25,16 +25,12 @@ This plugin is actively supported and we will do our best to help you. In return
25
  1. Help Out. If you see a question on the forum you can help with or have a great idea and want to code it up and submit a patch, that would be just plain awesome and we will shower your with praise. Might even be a good way to get to know us and lead to some paid work if you freelance. Also, we are happy to post translations if you provide them.
26
  1. Donate - if this is generating enough revenue to support our time it makes all the difference in the world
27
  https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4BSPTNFFY6AL6
 
28
 
29
  == Installation ==
30
 
31
  = Install =
32
 
33
- 1. Unzip the `image-widget.zip` file.
34
- 1. Upload the the `image-widget` folder (not just the files in it!) to your `wp-contents/plugins` folder. If you're using FTP, use 'binary' mode.
35
-
36
- = Activate =
37
-
38
  1. In your WordPress administration, go to the Plugins page
39
  1. Activate the Image Widget plugin and a subpage for the plugin will appear
40
  in your Manage menu.
@@ -68,6 +64,11 @@ function my_template_filter($template) {
68
 
69
  == Changelog ==
70
 
 
 
 
 
 
71
  = 3.3 =
72
 
73
  * Fix to allow the widget to work in the non-async (browser) uploader. Props Bjorn Wijers
1
  === Image Widget ===
2
+ Contributors: ModernTribe, peterchester, mattwiebe, Produced by Modern Tribe, Inc.
3
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4BSPTNFFY6AL6
4
  Tags: widget, image, ad, banner, simple, upload, sidebar, admin, thickbox, resize
5
  Requires at least: 3.0
6
+ Tested up to: 3.3.1
7
+ Stable tag: 3.3.1
8
 
9
  == Description ==
10
 
25
  1. Help Out. If you see a question on the forum you can help with or have a great idea and want to code it up and submit a patch, that would be just plain awesome and we will shower your with praise. Might even be a good way to get to know us and lead to some paid work if you freelance. Also, we are happy to post translations if you provide them.
26
  1. Donate - if this is generating enough revenue to support our time it makes all the difference in the world
27
  https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4BSPTNFFY6AL6
28
+ 1. Support us by buying our Premium plugins. In particular, check out our Events Calendar Pro http://tri.be/wordpress-events-calendar-pro/
29
 
30
  == Installation ==
31
 
32
  = Install =
33
 
 
 
 
 
 
34
  1. In your WordPress administration, go to the Plugins page
35
  1. Activate the Image Widget plugin and a subpage for the plugin will appear
36
  in your Manage menu.
64
 
65
  == Changelog ==
66
 
67
+ = 3.3.1 =
68
+
69
+ * Add minor security updates.
70
+ * Update readme, thumbnails and other minor descriptors.
71
+
72
  = 3.3 =
73
 
74
  * Fix to allow the widget to work in the non-async (browser) uploader. Props Bjorn Wijers
screenshot-1.png CHANGED
Binary file
screenshot-2.png CHANGED
Binary file
screenshot-3.png CHANGED
Binary file
views/widget-admin.php CHANGED
@@ -1,3 +1,12 @@
 
 
 
 
 
 
 
 
 
1
  <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:', $this->pluginDomain); ?></label>
2
  <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr(strip_tags($instance['title'])); ?>" /></p>
3
 
1
+ <?php
2
+ /**
3
+ * Widget admin template
4
+ */
5
+
6
+ // Block direct requests
7
+ if ( !defined('ABSPATH') )
8
+ die('-1');
9
+ ?>
10
  <p><label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:', $this->pluginDomain); ?></label>
11
  <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr(strip_tags($instance['title'])); ?>" /></p>
12
 
views/widget.php CHANGED
@@ -1,12 +1,21 @@
1
  <?php
 
 
 
 
 
 
 
 
 
2
  echo $before_widget;
3
- if ( !empty( $title ) ) { echo $before_title . $title . $after_title; }
4
  if ( !empty( $image ) ) {
5
  if ( $link ) {
6
- echo '<a class="'.$this->widget_options['classname'].'-image-link" href="'.$link.'" target="'.$linktarget.'">';
7
  }
8
  if ( $imageurl ) {
9
- echo "<img src=\"{$imageurl}\" style=\"";
10
  if ( !empty( $width ) && is_numeric( $width ) ) {
11
  echo "max-width: {$width}px;";
12
  }
@@ -15,11 +24,14 @@ if ( !empty( $image ) ) {
15
  }
16
  echo "\"";
17
  if ( !empty( $align ) && $align != 'none' ) {
 
18
  echo " class=\"align{$align}\"";
19
  }
20
  if ( !empty( $alt ) ) {
 
21
  echo " alt=\"{$alt}\"";
22
  } else {
 
23
  echo " alt=\"{$title}\"";
24
  }
25
  echo " />";
1
  <?php
2
+ /**
3
+ * Widget template. This template can be overriden using the "sp_template_image-widget_widget.php" filter.
4
+ * See the readme.txt file for more info.
5
+ */
6
+
7
+ // Block direct requests
8
+ if ( !defined('ABSPATH') )
9
+ die('-1');
10
+
11
  echo $before_widget;
12
+ if ( !empty( $title ) ) { echo $before_title . esc_attr($title) . $after_title; }
13
  if ( !empty( $image ) ) {
14
  if ( $link ) {
15
+ echo '<a class="'.$this->widget_options['classname'].'-image-link" href="'.esc_url($link).'" target="'.esc_attr($linktarget).'">';
16
  }
17
  if ( $imageurl ) {
18
+ echo '<img src="'.esc_url($imageurl).'" style="';
19
  if ( !empty( $width ) && is_numeric( $width ) ) {
20
  echo "max-width: {$width}px;";
21
  }
24
  }
25
  echo "\"";
26
  if ( !empty( $align ) && $align != 'none' ) {
27
+ $align = esc_attr($align);
28
  echo " class=\"align{$align}\"";
29
  }
30
  if ( !empty( $alt ) ) {
31
+ $alt = esc_attr($alt);
32
  echo " alt=\"{$alt}\"";
33
  } else {
34
+ $title = esc_attr($title);
35
  echo " alt=\"{$title}\"";
36
  }
37
  echo " />";