Pz-LinkCard - Version 2.4.5.2

Version Description

XSSThanks tkusagaya on WordPress.org Fixed: Added escaping of display items to address XSS vulnerability.

Release Info

Developer	poporon
Plugin	Pz-LinkCard
Version	2.4.5.2
Comparing to
See all releases

Code changes from version 2.4.5.1 to 2.4.5.2

Files changed (3) hide show

lib/pz-linkcard-cacheman-list.php +50 -39
pz-linkcard.php +44 -34
readme.txt +12 -8

lib/pz-linkcard-cacheman-list.php CHANGED Viewed

	@@ -16,7 +16,7 @@
16
17	// キーワード
18	if ($param_keyword ) {
19	- $keyword = stripslashes($param_keyword );
20	} else {
21	$keyword = null;
22	}
	@@ -149,16 +149,15 @@
149	?>
150	<form id="posts-filter" action="" method="post">
151	<?php wp_nonce_field('pz_cacheman' ); ?>
152	- <input type="hidden" name="page" value="pz-linkcard-cache">
153	- <input type="hidden" name="~~paged~~" value="<?php echo $page_now; ?>">
154	-
155	<div class="pz-lkc-man-count-list">
156	<ul class="subsubsub">
157	- <li class="all"><a href="~~<?php echo~~ $this->cacheman_url~~; ?>&~~extraction=all&orderby=regist&order=desc" ~~<?php if~~ ($extraction == 'all' ) ~~echo~~ 'class="current"'; ~~?>><?php~~ _e('All', $this->text_domain ); ?> <span class="count"~~>(<?~~php echo $count_all; ~~?>)</~~span></a> \|</li>
158	- <li class="~~all~~"><a href="~~<?php echo~~ $this->cacheman_url~~; ?>&~~extraction=internal&orderby=regist&order=desc" ~~<?php if~~ ($extraction == 'internal' ) ~~echo~~ 'class="current"'; ~~?>><?php~~ _e('Internal'~~, $~~this->text_domain ); ?> <span class="count"~~>(<?~~php echo $count_internal; ~~?>)</~~span></a> \|</li>
159	- <li class="~~all~~"><a href="~~<?php echo~~ $this->cacheman_url~~; ?>&~~extraction=external&orderby=regist&order=desc" ~~<?php if~~ ($extraction == 'external' ) ~~echo~~ 'class="current"'; ~~?>><?php~~ _e('External'~~, $~~this->text_domain ); ?> <span class="count"~~>(<?~~php echo $count_external; ~~?>)</~~span></a> \|</li>
160	- <li class="~~all~~"><a href="~~<?php echo~~ $this->cacheman_url~~; ?>&~~extraction=modify&orderby=regist&order=desc" ~~<?php if~~ ($extraction == 'modify' ) ~~echo~~ 'class="current"'; ~~?>><?php~~ _e('Modify', $this->text_domain ); ?> <span class="count"~~>(<?~~php echo $count_modify; ~~?>)</~~span></a> \|</li>
161	- <li class="~~all~~"><a href="~~<?php echo~~ $this->cacheman_url~~; ?>&~~extraction=unlink&orderby=regist&order=desc" ~~<?php if~~ ($extraction == 'unlink' ) ~~echo~~ 'class="current"'; ~~?>><?php~~ _e('Unlink', $this->text_domain ); ?> <span class="count"~~>(<?~~php echo $count_unlink; ~~?>)</~~span></a></li>
162	</ul>
163	</div>
164
	@@ -210,7 +209,7 @@
210	<?php echo strPageButton('prev-page', $href, $page_now, $page_min); ?>
211
212	<span class="paging-input">
213	- <input ~~class~~="~~current-page~~" id="current-page-selector" ~~type~~="~~text~~" ~~name="paged"~~ value="<?php echo $page_now; ?>" size="2" aria-describedby="table-paging" />
214	/
215	<span class="total-pages"><?php echo $page_max; ?></span>
216	</span>
	@@ -229,43 +228,43 @@
229	<tr>
230	<td id="cb" class="pz-lkc-man-head-check manage-column column-cb check-column"><input id="cb-select-all-1" type="checkbox" /></td>
231	<th scope="col" class="pz-lkc-man-head-id">
232	- <?php echo strHeaderTitleWithSort('id', __('ID', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
233	</th>
234	<th scope="col" class="pz-lkc-man-head-url">
235	- <?php echo strHeaderTitleWithSort('url', __('URL', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
236	</th>
237	<th scope="col" class="pz-lkc-man-head-title">
238	- <?php echo strHeaderTitleWithSort('title', __('Title', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
239	</th>
240	<th scope="col" class="pz-lkc-man-head-excerpt">
241	- <?php echo strHeaderTitleWithSort('excerpt', __('Excerpt', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
242	</th>
243	<th scope="col" class="pz-lkc-man-head-charset pz-lkc-admin-only">
244	- <?php echo strHeaderTitleWithSort('charset', __('Charset', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
245	</th>
246	<th scope="col" class="pz-lkc-man-head-domain">
247	- <?php echo strHeaderTitleWithSort('domain', __('Domain', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
248	</th>
249	<th scope="col" class="pz-lkc-man-head-sns">
250	- <?php echo strHeaderTitleWithSort('sns_twitter', __('Tw', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ).'<br>'.strHeaderTitleWithSort('sns_facebook', __('fb', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ).'<br>'.strHeaderTitleWithSort('sns_hatena', __('B!', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ).'<br>'.strHeaderTitleWithSort('sns_pocket', __('Po', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
251	</th>
252	<th scope="col" class="pz-lkc-man-head-resist-time pz-lkc-admin-only">
253	- <?php echo strHeaderTitleWithSort('regist_time', __('Regist<br>date', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
254	</th>
255	<th scope="col" class="pz-lkc-man-head-update-time">
256	- <?php echo strHeaderTitleWithSort('update_time', __('Update<br>date', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
257	</th>
258	<th scope="col" class="pz-lkc-man-head-sns-time pz-lkc-admin-only">
259	- <?php echo strHeaderTitleWithSort('sns_time', __('SNS<br>check<br>date', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
260	</th>
261	<th scope="col" class="pz-lkc-man-head-alive-time pz-lkc-admin-only">
262	- <?php echo strHeaderTitleWithSort('alive_time', __('Alive<br>check<br>date', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
263	</th>
264	<th scope="col" class="pz-lkc-man-head-post-id">
265	- <?php echo strHeaderTitleWithSort('use_post_id1', __('Post ID', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
266	</th>
267	<th scope="col" class="pz-lkc-man-head-result-update">
268	- <?php echo strHeaderTitleWithSort('update_result', __('Result<br>code', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ).'<br>'.strHeaderTitleWithSort('alive_result', __('(last )', $this->text_domain ), $~~asc_chr, $desc_chr, $~~this->cacheman_url ); ?>
269	</th>
270	</tr>
271	</thead>
	@@ -306,22 +305,34 @@
306	} else {
307	$html_url .= '<a href="'.esc_url($url ).'" title="'.esc_url($url ).'" rel="external noopenner noreferrer" target="_blank">';
308	}
309	- $html_url .= ~~htmlspecialchars~~($this->pz_DecodeURL($url ) ).'</a>';
310
311	// タイトル
312	- $~~title~~ = $data->title;
313	- if ($~~data->regist_title~~ == ~~$data->title~~ ) {
314	- $~~html_title~~ = ~~htmlspecialchars~~($~~title~~ );
315	- } ~~else~~ {
316	- ~~$html_title = '<b>'.htmlspecialchars($title ).'</b>';~~






317	}
318
319	// 抜粋文
320	- $~~excerpt~~ = $data->excerpt;
321	- if ($~~data->regist_excerpt~~ == ~~$data->excerpt~~ ) {
322	- $~~html_excerpt~~ = ~~htmlspecialchars~~($~~excerpt~~ );
323	- } ~~else~~ {
324	- ~~$html_excerpt = '<b>'.htmlspecialchars($excerpt ).'</b>';~~






325	}
326
327	// SNSカウント
	@@ -378,14 +389,14 @@
378	<td class="pz-lkc-man-body-id"><?php echo $data_id.$html_thumbnail; ?></td>
379	<td colspan="2">
380	<div class="pz-lkc-man-body-url"><?php echo $html_url; ?></div>
381	- <div class="pz-lkc-man-body-title"><span title="<?php echo $title; ?>"><?php echo $html_title; ?></span></div>
382	<div id="inline_<?php echo $data_id; ?>" class="pz-lkc-man-body-menu row-actions">
383	<a href="<?php echo wp_nonce_url($this->cacheman_url.'&extraction='.$extraction.'&orderby='.$orderby.'&order='.$order.'&paged='.$page_now.'&refine='.$refine.'&action=edit&id[0]='.$data_id, 'pz_cacheman' ); ?>"><?php _e('Edit',$this->text_domain ); ?></a> \|
384	<a href="<?php echo wp_nonce_url($this->cacheman_url.'&extraction='.$extraction.'&orderby='.$orderby.'&order='.$order.'&paged='.$page_now.'&refine='.$refine.'&action=renew&id[0]='.$data_id, 'pz_cacheman' ); ?>" onclick="return confirm(<?php echo "'".__('Are you sure?', $this->text_domain )."'"; ?> );"><?php _e('Renew',$this->text_domain ); ?></a> \|
385	<a href="<?php echo wp_nonce_url($this->cacheman_url.'&extraction='.$extraction.'&orderby='.$orderby.'&order='.$order.'&paged='.$page_now.'&refine='.$refine.'&action=delete&id[0]='.$data_id, 'pz_cacheman' ); ?>" onclick="return confirm(<?php echo "'".__('Are you sure?', $this->text_domain )."'"; ?> );"><?php _e('Delete',$this->text_domain ); ?></a>
386	</div>
387	</td>
388	- <td><div class="pz-lkc-man-body-excerpt" title="<?php echo $excerpt; ?>"><?php echo $html_excerpt; ?></div></td>
389	<td class="pz-lkc-man-body-charset pz-lkc-admin-only"><?php echo htmlspecialchars($data->charset ); ?></td>
390	<td>
391	<div class="pz-lkc-man-body-domain">
	@@ -419,7 +430,7 @@
419	<?php echo strPageButton('prev-page', $href, $page_now, $page_min); ?>
420
421	<span class="paging-input">
422	- <input ~~class~~="~~current-page~~" id="current-page-selector" ~~type~~="~~text~~" ~~name~~="~~paged~~" value="<?php echo $page_now; ?>" size="2" aria-describedby="table-paging" />
423	/
424	<span class="total-pages"><?php echo $page_max; ?></span>
425	</span>
	@@ -475,7 +486,7 @@
475	}
476
477	// ヘッダー表示（ソート用のボタン付）
478	- function strHeaderTitleWithSort($item, $text ~~,$asc_chr~~, $~~desc_chr, $~~cacheman_url ) {
479	$orderby = isset($_REQUEST['orderby'] ) ? $_REQUEST['orderby'] : null;
480	$order = isset($_REQUEST['order'] ) ? $_REQUEST['order'] : null;
481	$refine = isset($_REQUEST['refine'] ) ? $_REQUEST['refine'] : null;
	@@ -497,7 +508,7 @@
497	$mark = null;
498	$order = 'desc';
499	}
500	- return '<a href="'.$cacheman_url.'&extraction='.$extraction.'&orderby='.$item.'&order='.$order.'&refine='.$refine.'&keyword='.$keyword.'">'.$text.$mark.'</a>';
501	}
502
503	// HTTP結果コード


16
17	// キーワード
18	if ($param_keyword ) {
19	+ $keyword = stripslashes(esc_attr($param_keyword ) );
20	} else {
21	$keyword = null;
22	}

149	?>
150	<form id="posts-filter" action="" method="post">
151	<?php wp_nonce_field('pz_cacheman' ); ?>
152	+ <input type="hidden" name="page" value="pz-linkcard-cache">
153	+ <!-- input type="hidden" name="page_now" value="<?php echo $page_now; ?>" -->

154	<div class="pz-lkc-man-count-list">
155	<ul class="subsubsub">
156	+ <li class="all"> <?php echo '<a href="'.esc_url($this->cacheman_url.'&extraction=all&orderby=regist&order=desc' ).'"'.(($extraction === 'all' ) ? ' class="current"' : '' ).'>'.__('All', $this->text_domain ); ?> <span class="count"><?php echo esc_attr('('.number_format($count_all ).')' ); ?></span></a> \|</li>
157	+ <li class="internal"> <?php echo '<a href="'.esc_url($this->cacheman_url.'&extraction=internal&orderby=regist&order=desc' ).'"'.(($extraction === 'internal' ) ? ' class="current"' : '' ).'>'.__('Internal',$this->text_domain ); ?> <span class="count"><?php echo esc_attr('('.number_format($count_internal ).')' ); ?></span></a> \|</li>
158	+ <li class="external"> <?php echo '<a href="'.esc_url($this->cacheman_url.'&extraction=external&orderby=regist&order=desc' ).'"'.(($extraction === 'external' ) ? ' class="current"' : '' ).'>'.__('External',$this->text_domain ); ?> <span class="count"><?php echo esc_attr('('.number_format($count_external ).')' ); ?></span></a> \|</li>
159	+ <li class="modify"> <?php echo '<a href="'.esc_url($this->cacheman_url.'&extraction=modify&orderby=regist&order=desc' ).'"'.(($extraction === 'modify' ) ? ' class="current"' : '' ).'>'.__('Modify', $this->text_domain ); ?> <span class="count"><?php echo esc_attr('('.number_format($count_modify ).')' ); ?></span></a> \|</li>
160	+ <li class="unlink"> <?php echo '<a href="'.esc_url($this->cacheman_url.'&extraction=unlink&orderby=regist&order=desc' ).'"'.(($extraction === 'unlink' ) ? ' class="current"' : '' ).'>'.__('Unlink', $this->text_domain ); ?> <span class="count"><?php echo esc_attr('('.number_format($count_unlink ).')' ); ?></span></a></li>
161	</ul>
162	</div>
163

209	<?php echo strPageButton('prev-page', $href, $page_now, $page_min); ?>
210
211	<span class="paging-input">
212	+ <input type="text" name="paged" id="current-page-selector" class="current-page" value="<?php echo $page_now; ?>" size="2" aria-describedby="table-paging" />
213	/
214	<span class="total-pages"><?php echo $page_max; ?></span>
215	</span>

228	<tr>
229	<td id="cb" class="pz-lkc-man-head-check manage-column column-cb check-column"><input id="cb-select-all-1" type="checkbox" /></td>
230	<th scope="col" class="pz-lkc-man-head-id">
231	+ <?php echo strHeaderTitleWithSort('id', __('ID', $this->text_domain ), $this->cacheman_url ); ?>
232	</th>
233	<th scope="col" class="pz-lkc-man-head-url">
234	+ <?php echo strHeaderTitleWithSort('url', __('URL', $this->text_domain ), $this->cacheman_url ); ?>
235	</th>
236	<th scope="col" class="pz-lkc-man-head-title">
237	+ <?php echo strHeaderTitleWithSort('title', __('Title', $this->text_domain ), $this->cacheman_url ); ?>
238	</th>
239	<th scope="col" class="pz-lkc-man-head-excerpt">
240	+ <?php echo strHeaderTitleWithSort('excerpt', __('Excerpt', $this->text_domain ), $this->cacheman_url ); ?>
241	</th>
242	<th scope="col" class="pz-lkc-man-head-charset pz-lkc-admin-only">
243	+ <?php echo strHeaderTitleWithSort('charset', __('Charset', $this->text_domain ), $this->cacheman_url ); ?>
244	</th>
245	<th scope="col" class="pz-lkc-man-head-domain">
246	+ <?php echo strHeaderTitleWithSort('domain', __('Domain', $this->text_domain ), $this->cacheman_url ); ?>
247	</th>
248	<th scope="col" class="pz-lkc-man-head-sns">
249	+ <?php echo strHeaderTitleWithSort('sns_twitter', __('Tw', $this->text_domain ), $this->cacheman_url ).'<br>'.strHeaderTitleWithSort('sns_facebook', __('fb', $this->text_domain ), $this->cacheman_url ).'<br>'.strHeaderTitleWithSort('sns_hatena', __('B!', $this->text_domain ), $this->cacheman_url ).'<br>'.strHeaderTitleWithSort('sns_pocket', __('Po', $this->text_domain ), $this->cacheman_url ); ?>
250	</th>
251	<th scope="col" class="pz-lkc-man-head-resist-time pz-lkc-admin-only">
252	+ <?php echo strHeaderTitleWithSort('regist_time', __('Regist<br>date', $this->text_domain ), $this->cacheman_url ); ?>
253	</th>
254	<th scope="col" class="pz-lkc-man-head-update-time">
255	+ <?php echo strHeaderTitleWithSort('update_time', __('Update<br>date', $this->text_domain ), $this->cacheman_url ); ?>
256	</th>
257	<th scope="col" class="pz-lkc-man-head-sns-time pz-lkc-admin-only">
258	+ <?php echo strHeaderTitleWithSort('sns_time', __('SNS<br>check<br>date', $this->text_domain ), $this->cacheman_url ); ?>
259	</th>
260	<th scope="col" class="pz-lkc-man-head-alive-time pz-lkc-admin-only">
261	+ <?php echo strHeaderTitleWithSort('alive_time', __('Alive<br>check<br>date', $this->text_domain ), $this->cacheman_url ); ?>
262	</th>
263	<th scope="col" class="pz-lkc-man-head-post-id">
264	+ <?php echo strHeaderTitleWithSort('use_post_id1', __('Post ID', $this->text_domain ), $this->cacheman_url ); ?>
265	</th>
266	<th scope="col" class="pz-lkc-man-head-result-update">
267	+ <?php echo strHeaderTitleWithSort('update_result', __('Result<br>code', $this->text_domain ), $this->cacheman_url ).'<br>'.strHeaderTitleWithSort('alive_result', __('(last )', $this->text_domain ), $this->cacheman_url ); ?>
268	</th>
269	</tr>
270	</thead>

305	} else {
306	$html_url .= '<a href="'.esc_url($url ).'" title="'.esc_url($url ).'" rel="external noopenner noreferrer" target="_blank">';
307	}
308	+ $html_url .= esc_url($this->pz_DecodeURL($url ) ).'</a>';
309
310	// タイトル
311	+ if ($str = $data->title ) { // 代入しながら判定
312	+ if ($str = strip_tags($str ) ) { // HTMLタグ除去
313	+ if ($str = esc_html($str ) ) { // HTMLエスケープ
314	+ $str = mb_strimwidth($str, 0, 200 , '...' ); // 200文字にする
315	+ }
316	+ }
317	+ }
318	+ $title = $str;
319	+ $html_title = $str;
320	+ if ($data->title <> $data->regist_title ) {
321	+ $html_title = '<b>'.$html_title.'</b>';
322	}
323
324	// 抜粋文
325	+ if ($str = $data->excerpt ) { // 代入しながら判定
326	+ if ($str = strip_tags($str ) ) { // HTMLタグ除去
327	+ if ($str = esc_html($str ) ) { // HTMLエスケープ
328	+ $str = mb_strimwidth($str, 0, 500 , '...' ); // 500文字にする
329	+ }
330	+ }
331	+ }
332	+ $excerpt = $str;
333	+ $html_excerpt = $str;
334	+ if ($data->excerpt <> $data->regist_excerpt ) {
335	+ $html_excerpt = '<b>'.$html_excerpt.'</b>';
336	}
337
338	// SNSカウント

389	<td class="pz-lkc-man-body-id"><?php echo $data_id.$html_thumbnail; ?></td>
390	<td colspan="2">
391	<div class="pz-lkc-man-body-url"><?php echo $html_url; ?></div>
392	+ <div class="pz-lkc-man-body-title"><span title="<?php echo esc_attr($title ); ?>"><?php echo $html_title; ?></span></div>
393	<div id="inline_<?php echo $data_id; ?>" class="pz-lkc-man-body-menu row-actions">
394	<a href="<?php echo wp_nonce_url($this->cacheman_url.'&extraction='.$extraction.'&orderby='.$orderby.'&order='.$order.'&paged='.$page_now.'&refine='.$refine.'&action=edit&id[0]='.$data_id, 'pz_cacheman' ); ?>"><?php _e('Edit',$this->text_domain ); ?></a> \|
395	<a href="<?php echo wp_nonce_url($this->cacheman_url.'&extraction='.$extraction.'&orderby='.$orderby.'&order='.$order.'&paged='.$page_now.'&refine='.$refine.'&action=renew&id[0]='.$data_id, 'pz_cacheman' ); ?>" onclick="return confirm(<?php echo "'".__('Are you sure?', $this->text_domain )."'"; ?> );"><?php _e('Renew',$this->text_domain ); ?></a> \|
396	<a href="<?php echo wp_nonce_url($this->cacheman_url.'&extraction='.$extraction.'&orderby='.$orderby.'&order='.$order.'&paged='.$page_now.'&refine='.$refine.'&action=delete&id[0]='.$data_id, 'pz_cacheman' ); ?>" onclick="return confirm(<?php echo "'".__('Are you sure?', $this->text_domain )."'"; ?> );"><?php _e('Delete',$this->text_domain ); ?></a>
397	</div>
398	</td>
399	+ <td><div class="pz-lkc-man-body-excerpt" title="<?php echo esc_attr($excerpt); ?>"><?php echo $html_excerpt; ?></div></td>
400	<td class="pz-lkc-man-body-charset pz-lkc-admin-only"><?php echo htmlspecialchars($data->charset ); ?></td>
401	<td>
402	<div class="pz-lkc-man-body-domain">

430	<?php echo strPageButton('prev-page', $href, $page_now, $page_min); ?>
431
432	<span class="paging-input">
433	+ <input type="text" id="current-page-selector" name="paged" class="current-page" value="<?php echo $page_now; ?>" size="2" aria-describedby="table-paging" />
434	/
435	<span class="total-pages"><?php echo $page_max; ?></span>
436	</span>

486	}
487
488	// ヘッダー表示（ソート用のボタン付）
489	+ function strHeaderTitleWithSort($item, $text, $cacheman_url ) {
490	$orderby = isset($_REQUEST['orderby'] ) ? $_REQUEST['orderby'] : null;
491	$order = isset($_REQUEST['order'] ) ? $_REQUEST['order'] : null;
492	$refine = isset($_REQUEST['refine'] ) ? $_REQUEST['refine'] : null;

508	$mark = null;
509	$order = 'desc';
510	}
511	+ return '<a href="'.esc_url($cacheman_url.'&extraction='.$extraction.'&orderby='.$item.'&order='.$order.'&refine='.$refine.'&keyword='.$keyword ).'">'.$text.$mark.'</a>';
512	}
513
514	// HTTP結果コード

pz-linkcard.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Pz-LinkCard
4	Plugin URI: http://poporon.poponet.jp/pz-linkcard
5	Description: リンクをカード形式で表示します。
6	- Version: 2.4.5.1
7	Author: Poporon
8	Author URI: http://poporon.poponet.jp
9	Text Domain: pz-linkcard
	@@ -16,7 +16,7 @@ class class_pz_linkcard {
16	// 設定値
17	protected $defaults =
18	array(
19	- 'plugin-version' => '2.4.5.1',
20	'plugin-name' => 'Pz-LinkCard',
21	'plugin-abbreviation' => 'Pz-LkC',
22	'plugin-path' => '/pz-linkcard',
	@@ -233,8 +233,8 @@ class class_pz_linkcard {
233	$this->upload_dir_path = $wp_upload_dir['basedir'].'/'.$this->slug.'/'; // アップロードディレクトリのパス
234	$this->upload_dir_url = $wp_upload_dir['baseurl'].'/'.$this->slug.'/'; // アップロードディレクトリのURL
235	$this->suppression = false; // 出力抑制（header出力前かどうか）
236	- $this->settings_url = './options-general.php?page=pz-linkcard-settings'; // Pzカード設定のURL
237	- $this->cacheman_url = './tools.php?page=pz-linkcard-cacheman'; // Pzカード管理のURL
238
239	// オプション取得
240	$result = $this->pz_GetOption();
	@@ -747,13 +747,15 @@ class class_pz_linkcard {
747	}
748
749	// タイトル整形
750	- if ($str = $title ) { // 代入しながら判定
751	- if ($str = ~~esc_html~~($str ) ) { // HTML~~エスケープ~~
752	- if ($str = ~~str_replace~~(~~array("\r", "\n"), '',~~ $str ) ) { // ~~改行を除去~~
753	- if (~~$this->options[~~'~~trim-title~~'] ) {
754	- ~~$str =~~ ~~mb_strimwidth~~($~~str, 0, $~~this->options['trim-title'] , ~~'...' );~~
755	- } ~~else~~ {
756	- ~~$str = mb_strimwidth($str,~~ 0, ~~500 , '...' );~~


757	}
758	}
759	}
	@@ -764,15 +766,17 @@ class class_pz_linkcard {
764	if (!$this->options['display-excerpt'] ) {
765	$excerpt = null;
766	} else {
767	- if ($str = $excerpt ) { // 代入しながら判定
768	- if ($str = ~~esc_html~~($str ) ) { // HTML~~エスケープ~~
769	- if ($str = ~~str_replace~~(~~array("\r", "\n"), '',~~ $str ) ) { // ~~改行を除去~~
770	- if ($str = ~~preg_replace~~(~~'/<!--more-->.+/is'~~, '', $str ) ) { // ~~moreタグ以降削除~~
771	- if ($str = preg_replace('~~/\[[^]]*\]/~~', '', $str ) ) { // ~~ショートコードすべて除去~~
772	- if (~~$this->options~~['~~trim-excerpt~~'] ) {
773	- ~~$str~~ ~~= mb_strimwidth~~($~~str, 0, $~~this->options['trim-excerpt'] , ~~'...' );~~
774	- } ~~else~~ {
775	- ~~$str = mb_strimwidth($str,~~ 0, ~~800 ); // 800文字制限~~


776	}
777	}
778	}
	@@ -1626,27 +1630,31 @@ class class_pz_linkcard {
1626	}
1627
1628	// タイトル整形
1629	- if ($str = $title ) {
1630	- if ($str = ~~esc_html~~($str ) ) { // HTML~~エスケープ~~
1631	- if ($str = ~~str_replace~~(~~array("\r", "\n"), '',~~ $str ) ) { // ~~改行を除去~~
1632	- $str = ~~mb_strimwidth~~(~~$str~~, 0, ~~500~~ ); // ~~500文字制限~~


1633	}
1634	}
1635	- $title = $str;
1636	}
1637
1638	// 抜粋文整形
1639	- if ($str = $excerpt ) {
1640	- if ($str = ~~esc_html~~($str ) ) { // HTML~~エスケープ~~
1641	- if ($str = ~~str_replace~~(~~array("\r", "\n"), '',~~ $str ) ) { // ~~改行を除去~~
1642	- if ($str = ~~preg_replace~~(~~'/<!--more-->.+/is'~~, '', $str ) ) { // ~~moreタグ以降削除~~
1643	- if ($str = preg_replace('~~/\[[^]]*\]/~~', '', $str ) ) { // ~~ショートコードすべて除去 strip_shortcodes()~~
1644	- $str = ~~mb_strimwidth~~(~~$str~~, 0, ~~800~~ ); // ~~800文字制限~~


1645	}
1646	}
1647	}
1648	}
1649	- $excerpt = $str;
1650	}
1651
1652	// データセット
	@@ -2135,8 +2143,10 @@ class class_pz_linkcard {
2135	private function pz_GetOption() {
2136	// オプション値を取得
2137	$this->options = get_option('Pz_LinkCard_options', $this->defaults );
2138	- ~~if (!$this->options ) {~~
2139	- ~~return false;~~


2140	}
2141
2142	// キーが無かったらデフォルト値をセットして保存する


3	Plugin Name: Pz-LinkCard
4	Plugin URI: http://poporon.poponet.jp/pz-linkcard
5	Description: リンクをカード形式で表示します。
6	+ Version: 2.4.5.2
7	Author: Poporon
8	Author URI: http://poporon.poponet.jp
9	Text Domain: pz-linkcard

16	// 設定値
17	protected $defaults =
18	array(
19	+ 'plugin-version' => '2.4.5.2',
20	'plugin-name' => 'Pz-LinkCard',
21	'plugin-abbreviation' => 'Pz-LkC',
22	'plugin-path' => '/pz-linkcard',

233	$this->upload_dir_path = $wp_upload_dir['basedir'].'/'.$this->slug.'/'; // アップロードディレクトリのパス
234	$this->upload_dir_url = $wp_upload_dir['baseurl'].'/'.$this->slug.'/'; // アップロードディレクトリのURL
235	$this->suppression = false; // 出力抑制（header出力前かどうか）
236	+ $this->settings_url = admin_url('/options-general.php?page=pz-linkcard-settings' ); // Pzカード設定のURL
237	+ $this->cacheman_url = admin_url('/tools.php?page=pz-linkcard-cacheman' ); // Pzカード管理のURL
238
239	// オプション取得
240	$result = $this->pz_GetOption();

747	}
748
749	// タイトル整形
750	+ if ($str = $title ) { // 代入しながら判定
751	+ if ($str = strip_tags($str ) ) { // HTMLタグ除去
752	+ if ($str = esc_html($str ) ) { // HTMLエスケープ
753	+ if ($str = str_replace(array("\r", "\n"), '', $str ) ) { // 改行を除去
754	+ if ($this->options['trim-title'] ) {
755	+ $str = mb_strimwidth($str, 0, $this->options['trim-title'] , '...' );
756	+ } else {
757	+ $str = mb_strimwidth($str, 0, 200 , '...' );
758	+ }
759	}
760	}
761	}

766	if (!$this->options['display-excerpt'] ) {
767	$excerpt = null;
768	} else {
769	+ if ($str = $excerpt ) { // 代入しながら判定
770	+ if ($str = strip_tags($str ) ) { // HTMLタグ除去
771	+ if ($str = esc_html($str ) ) { // HTMLエスケープ
772	+ if ($str = str_replace(array("\r", "\n"), '', $str ) ) { // 改行を除去
773	+ if ($str = preg_replace('/<!--more-->.+/is', '', $str ) ) { // moreタグ以降削除
774	+ if ($str = preg_replace('/\[[^]]*\]/', '', $str ) ) { // ショートコードすべて除去
775	+ if ($this->options['trim-excerpt'] ) {
776	+ $str = mb_strimwidth($str, 0, $this->options['trim-excerpt'] , '...' );
777	+ } else {
778	+ $str = mb_strimwidth($str, 0, 500, '...' ); // 800文字制限
779	+ }
780	}
781	}
782	}

1630	}
1631
1632	// タイトル整形
1633	+ if ($str = $title ) { // 代入しながら判定
1634	+ if ($str = strip_tags($str ) ) { // HTMLタグ除去
1635	+ if ($str = esc_html($str ) ) { // HTMLエスケープ
1636	+ if ($str = str_replace(array("\r", "\n"), '', $str ) ) { // 改行を除去
1637	+ $str = mb_strimwidth($str, 0, 200, '...' ); // 200文字制限
1638	+ }
1639	}
1640	}
1641	+ $title = $str;
1642	}
1643
1644	// 抜粋文整形
1645	+ if ($str = $excerpt ) { // 代入しながら判定
1646	+ if ($str = strip_tags($str ) ) { // HTMLタグ除去
1647	+ if ($str = esc_html($str ) ) { // HTMLエスケープ
1648	+ if ($str = str_replace(array("\r", "\n"), '', $str ) ) { // 改行を除去
1649	+ if ($str = preg_replace('/<!--more-->.+/is', '', $str ) ) { // moreタグ以降削除
1650	+ if ($str = preg_replace('/\[[^]]*\]/', '', $str ) ) { // ショートコードすべて除去
1651	+ $str = mb_strimwidth($str, 0, 500, '...' ); // 500文字制限
1652	+ }
1653	}
1654	}
1655	}
1656	}
1657	+ $excerpt = $str;
1658	}
1659
1660	// データセット

2143	private function pz_GetOption() {
2144	// オプション値を取得
2145	$this->options = get_option('Pz_LinkCard_options', $this->defaults );
2146	+
2147	+ // パラメーターの読み込み失敗
2148	+ if (!is_array($this->options ) \|\| !$this->options ) {
2149	+ $this->options = $this->defaults;
2150	}
2151
2152	// キーが無かったらデフォルト値をセットして保存する

readme.txt CHANGED Viewed

	@@ -151,6 +151,10 @@ Ver.2.1.2から200px四方に変更、Ver.2.4.1から自由に指定できるよ
151
152	== Changelog ==
153




154	= 2.4.5.1 =
155	* 内部リンクの投稿日・更新日が表示されるように修正。（Thanks A-Jin）
156	Fixed: Fixed internal links not displaying posted and updated dates.
	@@ -176,8 +180,8 @@ Ver.2.1.2から200px四方に変更、Ver.2.4.1から自由に指定できるよ
176	Compatible with PHP 8.0.
177	* PHP 8.1 での動作確認。（WordPress本体や他のプラグインでエラーが出る状態です）
178	Compatible with PHP 8.1.
179	- * ~~タイトルと抜粋文のエスケープ処理を修正。~~
180	- Fixed: ~~Fixed~~ escaping of ~~"Title"~~ ~~and~~ ~~"Excerpt"~~.
181	* リンクカードのHTMLの"noopener"の表記ミスを修正。（Thanks @jh4vaj on Twitter）
182	Fixed: Corrected a spelling error in "noopener".
183	* カード情報のエクスポート時、改行が入らないように修正。
	@@ -192,12 +196,12 @@ Ver.2.1.2から200px四方に変更、Ver.2.4.1から自由に指定できるよ
192	Compatible with WordPress 5.8.
193	* WordPress 5.8.1 での動作確認。
194	Compatible with WordPress 5.8.1.
195	- * ~~カード管理画面の一覧画面に表示される文字列にエスケープ処理を追加。~~
196	- ~~Added~~: Added ~~escape~~ ~~sequence~~ to ~~the~~ ~~character~~ ~~string~~ ~~displayed~~ ~~on the list of the card management screen~~.
197	- * ~~カード管理画面の編集画面に表示される文字列にエスケープ処理を追加。~~
198	- ~~Added~~: Added ~~escape~~ ~~sequence~~ to ~~the~~ ~~character~~ ~~string~~ ~~displayed~~ ~~on the editor of the card management screen~~.
199	- * ~~リンクカードを表示する際の文字列にエスケープ処理を追加。~~
200	- ~~Added~~: Added ~~escape~~ ~~sequence~~ to ~~the~~ ~~character~~ ~~string~~ ~~when~~ ~~displaying the link-card~~.
201
202	= 2.4.4.3 =
203	* 設定画面の「エディタ」タブの「テキストリンク行を変換」を有効にした場合、行の始めから終わりまでAタグで囲われている場合、画像等があっても変換してしまう不具合を修正。（Thanks @magemagemaaage）


151
152	== Changelog ==
153
154	+ = 2.4.5.2 =
155	+ * カード管理画面のエスケープ処理を追加。（XSS脆弱性の対応）（Thanks tkusagaya on WordPress.org）
156	+ Fixed: Added escaping of display items to address XSS vulnerability.
157	+
158	= 2.4.5.1 =
159	* 内部リンクの投稿日・更新日が表示されるように修正。（Thanks A-Jin）
160	Fixed: Fixed internal links not displaying posted and updated dates.

180	Compatible with PHP 8.0.
181	* PHP 8.1 での動作確認。（WordPress本体や他のプラグインでエラーが出る状態です）
182	Compatible with PHP 8.1.
183	+ * リンクカードのタイトルと抜粋文のエスケープ処理を追加。（XSS脆弱性の対応）
184	+ Fixed: Added escaping of display items to address XSS vulnerability.
185	* リンクカードのHTMLの"noopener"の表記ミスを修正。（Thanks @jh4vaj on Twitter）
186	Fixed: Corrected a spelling error in "noopener".
187	* カード情報のエクスポート時、改行が入らないように修正。

196	Compatible with WordPress 5.8.
197	* WordPress 5.8.1 での動作確認。
198	Compatible with WordPress 5.8.1.
199	+ * カード管理画面の一覧画面に表示される文字列にエスケープ処理を追加。（XSS脆弱性の対応）
200	+ Fixed: Added escaping of display items to address XSS vulnerability.
201	+ * カード管理画面の編集画面に表示される文字列にエスケープ処理を追加。（XSS脆弱性の対応）
202	+ Fixed: Added escaping of display items to address XSS vulnerability.
203	+ * リンクカードを表示する際の文字列にエスケープ処理を追加。（XSS脆弱性の対応）
204	+ Fixed: Added escaping of display items to address XSS vulnerability.
205
206	= 2.4.4.3 =
207	* 設定画面の「エディタ」タブの「テキストリンク行を変換」を有効にした場合、行の始めから終わりまでAタグで囲われている場合、画像等があっても変換してしまう不具合を修正。（Thanks @magemagemaaage）