Open external links in a new window

Version Description

2022-11-22
minor security fixes

Release Info

Developer	WebFactory
Plugin	Open external links in a new window
Version	1.44
Comparing to
See all releases

Code changes from version 1.43 to 1.44

Files changed (3) hide show

open-external-links-in-a-new-window.php +317 -15
readme.txt +5 -1
wf-flyout/wf-flyout.php +2 -2

open-external-links-in-a-new-window.php CHANGED Viewed

@@ -3,16 +3,16 @@
               Plugin Name: Open External Links in a New Window
               Plugin URI: https://wordpress.org/extend/plugins/open-external-links-in-a-new-window/
               Description: Opens all external links in a new window. XHTML Strict compliant and search engine optimized (SEO).
-            -
              Version: 1.43
               Author: WebFactory Ltd
               Author URI: https://www.webfactoryltd.com/
               Text Domain: open-external-links-in-a-new-window
               Requires at least: 4.0
               Requires PHP: 5.2
-            -
              Tested up to: 6.0
               License: GPL2
-            -
              Copyright 2015 - 2021  WebFactory Ltd (email: support@webfactoryltd.com)
               This program is free software; you can redistribute it and/or modify
               it under the terms of the GNU General Public License, version 2, as
@@ -51,8 +51,8 @@ function external_links_in_new_windows_client()
                   document.links = document.getElementsByTagName('a');
+                }
                 var change_link = false;
-            -
                var force = '".trim(get_option("external_links_in_new_windows_force", ''))."';
-            -
                var ignore = '".trim(get_option("external_links_in_new_windows_ignore", ''))."';
                 for (var t=0; t<document.links.length; t++) {
                   var all_links = document.links[t];
@@ -60,7 +60,7 @@ function external_links_in_new_windows_client()
                   if(document.links[t].hasAttribute('onClick') == false) {
                     // forced if the address starts with http (or also https), but does not link to the current domain
-            -
                    if(all_links.href.search(/^http/) != -1 && all_links.href.search('".$blogdomain['host']."') == -1 && all_links.href.search(/^#/) == -1) {
                       // console.log('Changed ' + all_links.href);
                       change_link = true;
+                    }
@@ -132,21 +132,21 @@ function external_links_in_new_windows_admin_menu() {
             function external_links_in_new_windows_admin_options_page() {
             ?>
               <div class="wrap">
-            -
              <h2><?php _e("Open External Links in a New Window", "open-external-links-in-a-new-window"); ?></h2>
               <p>
               <form method="post" action="options.php">
               <?php wp_nonce_field('update-options'); ?>
-            -
              <?php _e("By default, this plugins makes all external links (i.e. links that point outside the current host name) open in a new window/tab.","open-external-links-in-a-new-window"); ?><br />
-            -
              <?php _e("You can change this behavior by providing regular expressions that either forces or ignores whether the link should open in a new window.","open-external-links-in-a-new-window"); ?><br />
               <br />
-            -
              <?php _e("Force links to open in a new window if they match this JS regular expression:","open-external-links-in-a-new-window"); ?><br />
               <input class="regular-text code" name="external_links_in_new_windows_force" type="text" id="external_links_in_new_windows_force" value="<?php echo esc_attr(get_option('external_links_in_new_windows_force', '')); ?>" /><br /><br />
-            -
              <?php _e("Ignore links, and do not open them in a new window, if they match this JS regular expression: (even if they start with http:// or https://)","open-external-links-in-a-new-window"); ?><br />
               <input class="regular-text code" name="external_links_in_new_windows_ignore" type="text" id="external_links_in_new_windows_ignore" value="<?php echo esc_attr(get_option('external_links_in_new_windows_ignore', '')); ?>" /><br /><br />
             <p>Like the plugin? <a href="https://wordpress.org/support/plugin/open-external-links-in-a-new-window/reviews/#new-post" target="_blank">Please rate it ★★★★★.</a> Thank you!</p>
@@ -157,11 +157,11 @@ function external_links_in_new_windows_admin_options_page() {
               <p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="Save Changes"></p>
-            -
              <?php _e("The matches are prioritized in the following order:","open-external-links-in-a-new-window"); ?>
               <ol>
-            -
                <li><?php _e("Ignored, matching URLs","open-external-links-in-a-new-window"); ?></li>
-            -
                <li><?php _e("Forced, matching URLs","open-external-links-in-a-new-window"); ?></li>
-            -
                <li><?php _e("http:// or https://","open-external-links-in-a-new-window"); ?></li>
               </ol>
@@ -181,3 +181,305 @@ function external_links_in_new_windows_plugin_action_links( $links, $file ) {
+            }
             add_filter( 'plugin_action_links', 'external_links_in_new_windows_plugin_action_links', 10, 2 );


3	Plugin Name: Open External Links in a New Window
4	Plugin URI: https://wordpress.org/extend/plugins/open-external-links-in-a-new-window/
5	Description: Opens all external links in a new window. XHTML Strict compliant and search engine optimized (SEO).
6	+ Version: 1.44
7	Author: WebFactory Ltd
8	Author URI: https://www.webfactoryltd.com/
9	Text Domain: open-external-links-in-a-new-window
10	Requires at least: 4.0
11	Requires PHP: 5.2
12	+ Tested up to: 6.1
13	License: GPL2
14
15	+ Copyright 2015 - 2022 WebFactory Ltd (email: support@webfactoryltd.com)
16
17	This program is free software; you can redistribute it and/or modify
18	it under the terms of the GNU General Public License, version 2, as

51	document.links = document.getElementsByTagName('a');
52	}
53	var change_link = false;
54	+ var force = '" . esc_attr(trim(get_option("external_links_in_new_windows_force", '')))."';
55	+ var ignore = '" . esc_attr(trim(get_option("external_links_in_new_windows_ignore", '')))."';
56
57	for (var t=0; t<document.links.length; t++) {
58	var all_links = document.links[t];

60
61	if(document.links[t].hasAttribute('onClick') == false) {
62	// forced if the address starts with http (or also https), but does not link to the current domain
63	+ if(all_links.href.search(/^http/) != -1 && all_links.href.search('" . esc_attr($blogdomain['host']) . "') == -1 && all_links.href.search(/^#/) == -1) {
64	// console.log('Changed ' + all_links.href);
65	change_link = true;
66	}

132	function external_links_in_new_windows_admin_options_page() {
133	?>
134	<div class="wrap">
135	+ <h2><?php esc_html_e("Open External Links in a New Window", "open-external-links-in-a-new-window"); ?></h2>
136	<p>
137	<form method="post" action="options.php">
138	<?php wp_nonce_field('update-options'); ?>
139
140	+ <?php esc_html_e("By default, this plugins makes all external links (i.e. links that point outside the current host name) open in a new window/tab.","open-external-links-in-a-new-window"); ?><br />
141
142	+ <?php esc_html_e("You can change this behavior by providing regular expressions that either forces or ignores whether the link should open in a new window.","open-external-links-in-a-new-window"); ?><br />
143	<br />
144
145
146	+ <?php esc_html_e("Force links to open in a new window if they match this JS regular expression:","open-external-links-in-a-new-window"); ?><br />
147	<input class="regular-text code" name="external_links_in_new_windows_force" type="text" id="external_links_in_new_windows_force" value="<?php echo esc_attr(get_option('external_links_in_new_windows_force', '')); ?>" /><br /><br />
148
149	+ <?php esc_html_e("Ignore links, and do not open them in a new window, if they match this JS regular expression: (even if they start with http:// or https://)","open-external-links-in-a-new-window"); ?><br />
150	<input class="regular-text code" name="external_links_in_new_windows_ignore" type="text" id="external_links_in_new_windows_ignore" value="<?php echo esc_attr(get_option('external_links_in_new_windows_ignore', '')); ?>" /><br /><br />
151
152	<p>Like the plugin? <a href="https://wordpress.org/support/plugin/open-external-links-in-a-new-window/reviews/#new-post" target="_blank">Please rate it ★★★★★.</a> Thank you!</p>

157	<p class="submit"><input type="submit" name="submit" id="submit" class="button button-primary" value="Save Changes"></p>
158
159
160	+ <?php esc_html_e("The matches are prioritized in the following order:","open-external-links-in-a-new-window"); ?>
161	<ol>
162	+ <li><?php esc_html_e("Ignored, matching URLs","open-external-links-in-a-new-window"); ?></li>
163	+ <li><?php esc_html_e("Forced, matching URLs","open-external-links-in-a-new-window"); ?></li>
164	+ <li><?php esc_html_e("http:// or https://","open-external-links-in-a-new-window"); ?></li>
165	</ol>
166
167

181	}
182
183	add_filter( 'plugin_action_links', 'external_links_in_new_windows_plugin_action_links', 10, 2 );
184	+
185	+ function external_links_in_new_windows_wp_kses_wf($html)
186	+ {
187	+ add_filter('safe_style_css', function ($styles) {
188	+ $styles_wf = array(
189	+ 'text-align',
190	+ 'margin',
191	+ 'color',
192	+ 'float',
193	+ 'border',
194	+ 'background',
195	+ 'background-color',
196	+ 'border-bottom',
197	+ 'border-bottom-color',
198	+ 'border-bottom-style',
199	+ 'border-bottom-width',
200	+ 'border-collapse',
201	+ 'border-color',
202	+ 'border-left',
203	+ 'border-left-color',
204	+ 'border-left-style',
205	+ 'border-left-width',
206	+ 'border-right',
207	+ 'border-right-color',
208	+ 'border-right-style',
209	+ 'border-right-width',
210	+ 'border-spacing',
211	+ 'border-style',
212	+ 'border-top',
213	+ 'border-top-color',
214	+ 'border-top-style',
215	+ 'border-top-width',
216	+ 'border-width',
217	+ 'caption-side',
218	+ 'clear',
219	+ 'cursor',
220	+ 'direction',
221	+ 'font',
222	+ 'font-family',
223	+ 'font-size',
224	+ 'font-style',
225	+ 'font-variant',
226	+ 'font-weight',
227	+ 'height',
228	+ 'letter-spacing',
229	+ 'line-height',
230	+ 'margin-bottom',
231	+ 'margin-left',
232	+ 'margin-right',
233	+ 'margin-top',
234	+ 'overflow',
235	+ 'padding',
236	+ 'padding-bottom',
237	+ 'padding-left',
238	+ 'padding-right',
239	+ 'padding-top',
240	+ 'text-decoration',
241	+ 'text-indent',
242	+ 'vertical-align',
243	+ 'width',
244	+ 'display',
245	+ );
246	+
247	+ foreach ($styles_wf as $style_wf) {
248	+ $styles[] = $style_wf;
249	+ }
250	+ return $styles;
251	+ });
252	+
253	+ $allowed_tags = wp_kses_allowed_html('post');
254	+ $allowed_tags['input'] = array(
255	+ 'type' => true,
256	+ 'style' => true,
257	+ 'class' => true,
258	+ 'id' => true,
259	+ 'checked' => true,
260	+ 'disabled' => true,
261	+ 'name' => true,
262	+ 'size' => true,
263	+ 'placeholder' => true,
264	+ 'value' => true,
265	+ 'data-*' => true,
266	+ 'size' => true,
267	+ 'disabled' => true
268	+ );
269	+
270	+ $allowed_tags['textarea'] = array(
271	+ 'type' => true,
272	+ 'style' => true,
273	+ 'class' => true,
274	+ 'id' => true,
275	+ 'checked' => true,
276	+ 'disabled' => true,
277	+ 'name' => true,
278	+ 'size' => true,
279	+ 'placeholder' => true,
280	+ 'value' => true,
281	+ 'data-*' => true,
282	+ 'cols' => true,
283	+ 'rows' => true,
284	+ 'disabled' => true,
285	+ 'autocomplete' => true
286	+ );
287	+
288	+ $allowed_tags['select'] = array(
289	+ 'type' => true,
290	+ 'style' => true,
291	+ 'class' => true,
292	+ 'id' => true,
293	+ 'checked' => true,
294	+ 'disabled' => true,
295	+ 'name' => true,
296	+ 'size' => true,
297	+ 'placeholder' => true,
298	+ 'value' => true,
299	+ 'data-*' => true,
300	+ 'multiple' => true,
301	+ 'disabled' => true
302	+ );
303	+
304	+ $allowed_tags['option'] = array(
305	+ 'type' => true,
306	+ 'style' => true,
307	+ 'class' => true,
308	+ 'id' => true,
309	+ 'checked' => true,
310	+ 'disabled' => true,
311	+ 'name' => true,
312	+ 'size' => true,
313	+ 'placeholder' => true,
314	+ 'value' => true,
315	+ 'selected' => true,
316	+ 'data-*' => true
317	+ );
318	+ $allowed_tags['optgroup'] = array(
319	+ 'type' => true,
320	+ 'style' => true,
321	+ 'class' => true,
322	+ 'id' => true,
323	+ 'checked' => true,
324	+ 'disabled' => true,
325	+ 'name' => true,
326	+ 'size' => true,
327	+ 'placeholder' => true,
328	+ 'value' => true,
329	+ 'selected' => true,
330	+ 'data-*' => true,
331	+ 'label' => true
332	+ );
333	+
334	+ $allowed_tags['a'] = array(
335	+ 'href' => true,
336	+ 'data-*' => true,
337	+ 'class' => true,
338	+ 'style' => true,
339	+ 'id' => true,
340	+ 'target' => true,
341	+ 'data-*' => true,
342	+ 'role' => true,
343	+ 'aria-controls' => true,
344	+ 'aria-selected' => true,
345	+ 'disabled' => true
346	+ );
347	+
348	+ $allowed_tags['div'] = array(
349	+ 'style' => true,
350	+ 'class' => true,
351	+ 'id' => true,
352	+ 'data-*' => true,
353	+ 'role' => true,
354	+ 'aria-labelledby' => true,
355	+ 'value' => true,
356	+ 'aria-modal' => true,
357	+ 'tabindex' => true
358	+ );
359	+
360	+ $allowed_tags['li'] = array(
361	+ 'style' => true,
362	+ 'class' => true,
363	+ 'id' => true,
364	+ 'data-*' => true,
365	+ 'role' => true,
366	+ 'aria-labelledby' => true,
367	+ 'value' => true,
368	+ 'aria-modal' => true,
369	+ 'tabindex' => true
370	+ );
371	+
372	+ $allowed_tags['span'] = array(
373	+ 'style' => true,
374	+ 'class' => true,
375	+ 'id' => true,
376	+ 'data-*' => true,
377	+ 'aria-hidden' => true
378	+ );
379	+
380	+ $allowed_tags['style'] = array(
381	+ 'class' => true,
382	+ 'id' => true,
383	+ 'type' => true
384	+ );
385	+
386	+ $allowed_tags['fieldset'] = array(
387	+ 'class' => true,
388	+ 'id' => true,
389	+ 'type' => true
390	+ );
391	+
392	+ $allowed_tags['link'] = array(
393	+ 'class' => true,
394	+ 'id' => true,
395	+ 'type' => true,
396	+ 'rel' => true,
397	+ 'href' => true,
398	+ 'media' => true
399	+ );
400	+
401	+ $allowed_tags['form'] = array(
402	+ 'style' => true,
403	+ 'class' => true,
404	+ 'id' => true,
405	+ 'method' => true,
406	+ 'action' => true,
407	+ 'data-*' => true
408	+ );
409	+
410	+ $allowed_tags['script'] = array(
411	+ 'class' => true,
412	+ 'id' => true,
413	+ 'type' => true,
414	+ 'src' => true
415	+ );
416	+
417	+ echo wp_kses($html, $allowed_tags);
418	+
419	+ add_filter('safe_style_css', function ($styles) {
420	+ $styles_wf = array(
421	+ 'text-align',
422	+ 'margin',
423	+ 'color',
424	+ 'float',
425	+ 'border',
426	+ 'background',
427	+ 'background-color',
428	+ 'border-bottom',
429	+ 'border-bottom-color',
430	+ 'border-bottom-style',
431	+ 'border-bottom-width',
432	+ 'border-collapse',
433	+ 'border-color',
434	+ 'border-left',
435	+ 'border-left-color',
436	+ 'border-left-style',
437	+ 'border-left-width',
438	+ 'border-right',
439	+ 'border-right-color',
440	+ 'border-right-style',
441	+ 'border-right-width',
442	+ 'border-spacing',
443	+ 'border-style',
444	+ 'border-top',
445	+ 'border-top-color',
446	+ 'border-top-style',
447	+ 'border-top-width',
448	+ 'border-width',
449	+ 'caption-side',
450	+ 'clear',
451	+ 'cursor',
452	+ 'direction',
453	+ 'font',
454	+ 'font-family',
455	+ 'font-size',
456	+ 'font-style',
457	+ 'font-variant',
458	+ 'font-weight',
459	+ 'height',
460	+ 'letter-spacing',
461	+ 'line-height',
462	+ 'margin-bottom',
463	+ 'margin-left',
464	+ 'margin-right',
465	+ 'margin-top',
466	+ 'overflow',
467	+ 'padding',
468	+ 'padding-bottom',
469	+ 'padding-left',
470	+ 'padding-right',
471	+ 'padding-top',
472	+ 'text-decoration',
473	+ 'text-indent',
474	+ 'vertical-align',
475	+ 'width'
476	+ );
477	+
478	+ foreach ($styles_wf as $style_wf) {
479	+ if (($key = array_search($style_wf, $styles)) !== false) {
480	+ unset($styles[$key]);
481	+ }
482	+ }
483	+ return $styles;
484	+ });
485	+ }

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: links, external links, target blank, new window, new tab, target new, blan
4	Requires at least: 4.0
5	Requires PHP: 5.2
6	Tested up to: 6.1
7	- Stable tag: 1.43
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -47,6 +47,10 @@ Kristian Risager Larsen - <a href="http://kezze.dk">kezze.dk</a>
47
48
49	== Changelog ==




50	= 1.43 =
51	* 2022-05-06
52	* security fix reported by Automattic


4	Requires at least: 4.0
5	Requires PHP: 5.2
6	Tested up to: 6.1
7	+ Stable tag: 1.44
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

47
48
49	== Changelog ==
50	+ = 1.44 =
51	+ * 2022-11-22
52	+ * minor security fixes
53	+
54	= 1.43 =
55	* 2022-05-06
56	* security fix reported by Automattic

wf-flyout/wf-flyout.php CHANGED Viewed

	@@ -112,7 +112,7 @@ if (false == class_exists('wf_flyout')) {
112	$out .= $this->config['custom_css'];
113	$out .= '</style>';
114
115	- ~~echo~~ $out;
116	} // admin_head
117
118
	@@ -161,7 +161,7 @@ if (false == class_exists('wf_flyout')) {
161
162	$out .= '</div>'; // #wf-flyout
163
164	- ~~echo~~ $out;
165	} // admin_footer
166	} // wf_flyout
167	} // if class exists


112	$out .= $this->config['custom_css'];
113	$out .= '</style>';
114
115	+ external_links_in_new_windows_wp_kses_wf($out);
116	} // admin_head
117
118

161
162	$out .= '</div>'; // #wf-flyout
163
164	+ external_links_in_new_windows_wp_kses_wf($out);
165	} // admin_footer
166	} // wf_flyout
167	} // if class exists

Open external links in a new window - Version 1.44

Version Description

Release Info

Code changes from version 1.43 to 1.44