Post Grid - Version 2.1.2

Version Description

  • 2021-04-13 fix - security issue updated.
Download this release

Release Info

Developer pickplugins
Plugin Icon 128x128 Post Grid
Version 2.1.2
Comparing to
See all releases

Code changes from version 2.1.1 to 2.1.2

Files changed (8) hide show
  1. includes/classes/class-meta-boxes.php +3 -3
  2. includes/classes/class-settings-tabs.php +4 -1
  3. includes/menu/layout-editor.php +1 -1
  4. includes/menu/settings.php +1 -1
  5. includes/metabox-post-grid-hook.php +2 -2
  6. includes/post-grid-layout-elements.php +14 -0
  7. post-grid.php +2 -2
  8. readme.txt +5 -1
includes/classes/class-meta-boxes.php CHANGED
@@ -153,7 +153,7 @@ class post_grid_meta_boxs{
153
  if (!isset($_POST['post_grid_nonce_check_value']))
154
  return $post_id;
155
 
156
- $nonce = $_POST['post_grid_nonce_check_value'];
157
 
158
  // Verify that the nonce is valid.
159
  if (!wp_verify_nonce($nonce, 'post_grid_nonce_check'))
@@ -422,7 +422,7 @@ class post_grid_meta_boxs{
422
  if ( ! isset( $_POST['meta_boxes_post_grid_input_nonce'] ) )
423
  return $post_id;
424
 
425
- $nonce = $_POST['meta_boxes_post_grid_input_nonce'];
426
 
427
  // Verify that the nonce is valid.
428
  if ( ! wp_verify_nonce( $nonce, 'meta_boxes_post_grid_input' ) )
@@ -639,7 +639,7 @@ class post_grid_meta_boxs{
639
  if ( ! isset( $_POST['post_grid_post_settings_input_nonce'] ) )
640
  return $post_id;
641
 
642
- $nonce = $_POST['post_grid_post_settings_input_nonce'];
643
 
644
  // Verify that the nonce is valid.
645
  if ( ! wp_verify_nonce( $nonce, 'post_grid_post_settings_input' ) )
153
  if (!isset($_POST['post_grid_nonce_check_value']))
154
  return $post_id;
155
 
156
+ $nonce = sanitize_text_field($_POST['post_grid_nonce_check_value']);
157
 
158
  // Verify that the nonce is valid.
159
  if (!wp_verify_nonce($nonce, 'post_grid_nonce_check'))
422
  if ( ! isset( $_POST['meta_boxes_post_grid_input_nonce'] ) )
423
  return $post_id;
424
 
425
+ $nonce = sanitize_text_field($_POST['meta_boxes_post_grid_input_nonce']);
426
 
427
  // Verify that the nonce is valid.
428
  if ( ! wp_verify_nonce( $nonce, 'meta_boxes_post_grid_input' ) )
639
  if ( ! isset( $_POST['post_grid_post_settings_input_nonce'] ) )
640
  return $post_id;
641
 
642
+ $nonce = sanitize_text_field($_POST['post_grid_post_settings_input_nonce']);
643
 
644
  // Verify that the nonce is valid.
645
  if ( ! wp_verify_nonce( $nonce, 'post_grid_post_settings_input' ) )
includes/classes/class-settings-tabs.php CHANGED
@@ -38,8 +38,11 @@ class settings_tabs_field{
38
 
39
  wp_enqueue_script( 'jquery.lazy' );
40
 
 
 
 
 
41
 
42
- wp_enqueue_editor();
43
  }
44
 
45
  function field_template($option){
38
 
39
  wp_enqueue_script( 'jquery.lazy' );
40
 
41
+ if (function_exists('wp_enqueue_editor')) {
42
+ wp_enqueue_editor();
43
+ }
44
+
45
 
 
46
  }
47
 
48
  function field_template($option){
includes/menu/layout-editor.php CHANGED
@@ -25,7 +25,7 @@ if(empty($_POST['post_grid_hidden']))
25
  else
26
  {
27
 
28
- $nonce = $_POST['_wpnonce'];
29
 
30
  if(wp_verify_nonce( $nonce, 'nonce_layout_content' ) && $_POST['post_grid_hidden'] == 'Y') {
31
  //Form data sent
25
  else
26
  {
27
 
28
+ $nonce = sanitize_text_field($_POST['_wpnonce']);
29
 
30
  if(wp_verify_nonce( $nonce, 'nonce_layout_content' ) && $_POST['post_grid_hidden'] == 'Y') {
31
  //Form data sent
includes/menu/settings.php CHANGED
@@ -2,7 +2,7 @@
2
  if ( ! defined('ABSPATH')) exit; // if direct access
3
 
4
 
5
- $current_tab = isset($_REQUEST['tab']) ? $_REQUEST['tab'] : 'general';
6
 
7
  $post_grid_settings_tab = array();
8
 
2
  if ( ! defined('ABSPATH')) exit; // if direct access
3
 
4
 
5
+ $current_tab = isset($_REQUEST['tab']) ? sanitize_text_field($_REQUEST['tab']) : 'general';
6
 
7
  $post_grid_settings_tab = array();
8
 
includes/metabox-post-grid-hook.php CHANGED
@@ -1961,8 +1961,8 @@ function post_grid_update_taxonomies_terms_by_posttypes(){
1961
  //if(current_user_can('manage_options')){
1962
 
1963
 
1964
- $post_types = isset($_POST['post_types']) ? $_POST['post_types']: array();
1965
- $grid_id = isset($_POST['grid_id']) ? $_POST['grid_id']: '';
1966
 
1967
 
1968
  $post_grid_meta_options = get_post_meta($grid_id, 'post_grid_meta_options', true);
1961
  //if(current_user_can('manage_options')){
1962
 
1963
 
1964
+ $post_types = isset($_POST['post_types']) ? stripslashes_deep($_POST['post_types']): array();
1965
+ $grid_id = isset($_POST['grid_id']) ? sanitize_text_field($_POST['grid_id']): '';
1966
 
1967
 
1968
  $post_grid_meta_options = get_post_meta($grid_id, 'post_grid_meta_options', true);
includes/post-grid-layout-elements.php CHANGED
@@ -798,6 +798,7 @@ function post_grid_layout_element_title($args){
798
  $layout_id = isset($args['layout_id']) ? $args['layout_id'] : '';
799
 
800
  $post_link = get_permalink($post_id);
 
801
 
802
  $post = get_post( $post_id );
803
  $title = isset( $post->post_title ) ? $post->post_title : '';
@@ -1163,6 +1164,7 @@ function post_grid_layout_element_title_link($args){
1163
 
1164
  $title = get_the_title($post_id);
1165
  $post_link = get_permalink($post_id);
 
1166
 
1167
  $link_to = isset($element['link_to']) ? $element['link_to'] : 'post_link';
1168
  $link_target = isset($element['link_target']) ? $element['link_target'] : '';
@@ -1744,6 +1746,8 @@ function post_grid_layout_element_excerpt($args){
1744
 
1745
 
1746
  $post_link = get_permalink($post_id);
 
 
1747
  $excerpt_source = !empty($element['excerpt_source']) ? $element['excerpt_source'] : 'excerpt_content';
1748
 
1749
  $link_target = isset($element['link_target']) ? $element['link_target'] : '';
@@ -2128,6 +2132,7 @@ function post_grid_layout_element_excerpt_read_more($args){
2128
 
2129
 
2130
  $post_link = get_permalink($post_id);
 
2131
 
2132
  $excerpt_source = !empty($element['excerpt_source']) ? $element['excerpt_source'] : 'excerpt_content';
2133
 
@@ -2483,6 +2488,7 @@ function post_grid_layout_element_read_more($args){
2483
  if(empty($post_id)) return;
2484
 
2485
  $post_link = get_permalink($post_id);
 
2486
 
2487
 
2488
  $custom_class = isset($element['custom_class']) ? $element['custom_class'] : '';
@@ -3317,6 +3323,7 @@ function post_grid_layout_element_thumb($args){
3317
 
3318
 
3319
  $post_link = get_permalink($post_id);
 
3320
 
3321
 
3322
 
@@ -3683,6 +3690,7 @@ function post_grid_layout_element_thumb_link($args){
3683
 
3684
 
3685
  $post_link = get_permalink($post_id);
 
3686
 
3687
 
3688
 
@@ -4027,6 +4035,8 @@ function post_grid_layout_element_post_date($args){
4027
 
4028
 
4029
  $post_link = get_permalink($post_id);
 
 
4030
  $post_date = get_the_date($date_format, $post_id);
4031
 
4032
  $post_date = sprintf($wrapper_html,$post_date);
@@ -4341,6 +4351,7 @@ function post_grid_layout_element_author($args){
4341
  $wrapper_html = !empty($element['wrapper_html']) ? $element['wrapper_html'] : '%s';
4342
 
4343
  $post_link = get_permalink($post_id);
 
4344
 
4345
  $post = get_post($post_id);
4346
  $post_author = isset($post->post_author) ? $post->post_author : '';
@@ -4666,6 +4677,8 @@ function post_grid_layout_element_author_link($args){
4666
  $wrapper_html = !empty($element['wrapper_html']) ? $element['wrapper_html'] : '%s';
4667
 
4668
  $post_link = get_permalink($post_id);
 
 
4669
  $post_author = get_the_author();
4670
 
4671
  $post_author = sprintf($wrapper_html, $post_author);
@@ -5900,6 +5913,7 @@ function post_grid_layout_element_share_button($args){
5900
 
5901
  $post_title = get_the_title($post_id);
5902
  $post_link = get_permalink($post_id);
 
5903
 
5904
  $share_button_html = '';
5905
 
798
  $layout_id = isset($args['layout_id']) ? $args['layout_id'] : '';
799
 
800
  $post_link = get_permalink($post_id);
801
+ $post_link = apply_filters('post_grid_layout_element_title_permalink', $post_link, $args);
802
 
803
  $post = get_post( $post_id );
804
  $title = isset( $post->post_title ) ? $post->post_title : '';
1164
 
1165
  $title = get_the_title($post_id);
1166
  $post_link = get_permalink($post_id);
1167
+ $post_link = apply_filters('post_grid_layout_element_title_link_permalink', $post_link, $args);
1168
 
1169
  $link_to = isset($element['link_to']) ? $element['link_to'] : 'post_link';
1170
  $link_target = isset($element['link_target']) ? $element['link_target'] : '';
1746
 
1747
 
1748
  $post_link = get_permalink($post_id);
1749
+ $post_link = apply_filters('post_grid_layout_element_excerpt_permalink', $post_link, $args);
1750
+
1751
  $excerpt_source = !empty($element['excerpt_source']) ? $element['excerpt_source'] : 'excerpt_content';
1752
 
1753
  $link_target = isset($element['link_target']) ? $element['link_target'] : '';
2132
 
2133
 
2134
  $post_link = get_permalink($post_id);
2135
+ $post_link = apply_filters('post_grid_layout_element_excerpt_read_more_permalink', $post_link, $args);
2136
 
2137
  $excerpt_source = !empty($element['excerpt_source']) ? $element['excerpt_source'] : 'excerpt_content';
2138
 
2488
  if(empty($post_id)) return;
2489
 
2490
  $post_link = get_permalink($post_id);
2491
+ $post_link = apply_filters('post_grid_layout_element_read_more_permalink', $post_link, $args);
2492
 
2493
 
2494
  $custom_class = isset($element['custom_class']) ? $element['custom_class'] : '';
3323
 
3324
 
3325
  $post_link = get_permalink($post_id);
3326
+ $post_link = apply_filters('post_grid_layout_element_thumb_permalink', $post_link, $args);
3327
 
3328
 
3329
 
3690
 
3691
 
3692
  $post_link = get_permalink($post_id);
3693
+ $post_link = apply_filters('post_grid_layout_element_thumb_link_permalink', $post_link, $args);
3694
 
3695
 
3696
 
4035
 
4036
 
4037
  $post_link = get_permalink($post_id);
4038
+ $post_link = apply_filters('post_grid_layout_element_post_date_permalink', $post_link, $args);
4039
+
4040
  $post_date = get_the_date($date_format, $post_id);
4041
 
4042
  $post_date = sprintf($wrapper_html,$post_date);
4351
  $wrapper_html = !empty($element['wrapper_html']) ? $element['wrapper_html'] : '%s';
4352
 
4353
  $post_link = get_permalink($post_id);
4354
+ $post_link = apply_filters('post_grid_layout_element_author_permalink', $post_link, $args);
4355
 
4356
  $post = get_post($post_id);
4357
  $post_author = isset($post->post_author) ? $post->post_author : '';
4677
  $wrapper_html = !empty($element['wrapper_html']) ? $element['wrapper_html'] : '%s';
4678
 
4679
  $post_link = get_permalink($post_id);
4680
+ $post_link = apply_filters('post_grid_layout_element_author_link_permalink', $post_link, $args);
4681
+
4682
  $post_author = get_the_author();
4683
 
4684
  $post_author = sprintf($wrapper_html, $post_author);
5913
 
5914
  $post_title = get_the_title($post_id);
5915
  $post_link = get_permalink($post_id);
5916
+ $post_link = apply_filters('post_grid_layout_element_share_button_permalink', $post_link, $args);
5917
 
5918
  $share_button_html = '';
5919
 
post-grid.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Post Grid by PickPlugins
4
  Plugin URI: https://www.pickplugins.com/item/post-grid-create-awesome-grid-from-any-post-type-for-wordpress/
5
  Description: Awesome post grid for query post from any post type and display on grid.
6
- Version: 2.1.1
7
  Author: PickPlugins
8
  Author URI: https://www.pickplugins.com/
9
  License: GPLv2 or later
@@ -21,7 +21,7 @@ if( !class_exists( 'PostGrid' )){
21
  define('post_grid_plugin_dir', plugin_dir_path(__FILE__));
22
  define('post_grid_plugin_basename', plugin_basename(__FILE__));
23
  define('post_grid_plugin_name', 'Post Grid');
24
- define('post_grid_version', '2.1.1');
25
  define('post_grid_server_url', 'https://www.pickplugins.com/demo/post-grid/');
26
 
27
 
3
  Plugin Name: Post Grid by PickPlugins
4
  Plugin URI: https://www.pickplugins.com/item/post-grid-create-awesome-grid-from-any-post-type-for-wordpress/
5
  Description: Awesome post grid for query post from any post type and display on grid.
6
+ Version: 2.1.2
7
  Author: PickPlugins
8
  Author URI: https://www.pickplugins.com/
9
  License: GPLv2 or later
21
  define('post_grid_plugin_dir', plugin_dir_path(__FILE__));
22
  define('post_grid_plugin_basename', plugin_basename(__FILE__));
23
  define('post_grid_plugin_name', 'Post Grid');
24
+ define('post_grid_version', '2.1.2');
25
  define('post_grid_server_url', 'https://www.pickplugins.com/demo/post-grid/');
26
 
27
 
readme.txt CHANGED
@@ -4,7 +4,7 @@
4
  Tags: post grid, grid, custom post grid, post type grid, grid display, category filter, custom post, filter, filtering, grid, layout, list, masonry, post, post filter, post layout, taxonomy, taxonomy filter,
5
  Requires at least: 3.8
6
  Tested up to: 5.7
7
- Stable tag: 2.1.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -222,6 +222,10 @@ then paste this shortcode anywhere in your page to display grid<br />
222
 
223
  == Changelog ==
224
 
 
 
 
 
225
  = 2.1.1 =
226
  * 2021-02-22 add - lazy load issue fixed.
227
  * 2021-02-22 add - lazy load image alt text added
4
  Tags: post grid, grid, custom post grid, post type grid, grid display, category filter, custom post, filter, filtering, grid, layout, list, masonry, post, post filter, post layout, taxonomy, taxonomy filter,
5
  Requires at least: 3.8
6
  Tested up to: 5.7
7
+ Stable tag: 2.1.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
222
 
223
  == Changelog ==
224
 
225
+
226
+ = 2.1.2 =
227
+ * 2021-04-13 fix - security issue updated.
228
+
229
  = 2.1.1 =
230
  * 2021-02-22 add - lazy load issue fixed.
231
  * 2021-02-22 add - lazy load image alt text added