Shortcodes Ultimate - Version 5.0.1

Version Description

Fixed: serious security vulnerability, which allows attacker to run any code using filter in meta, post, or user shortcodes. Thanks to Robert L Mathews.
Fixed: changed admin menu position (it was replacing 'Settings' menu on some installations)
Fixed: shortcodes prefix field now accepts special characters
Fixed: old bug when unwanted code parts was added with shortcode
Fixed: bug, where backslashes were removed from custom CSS code
Added: new attribute 'ID' for [button] shortcode
Added: new filter 'su/slides_query', which can be used to modify posts query for slider, carousel and custom_gallery shortcodes
Added: new filter 'su/assets/custom_css/template' to filter custom css output
Minor fixes

Release Info

Developer	gn_themes
Plugin	Shortcodes Ultimate
Version	5.0.1
Comparing to
See all releases

Code changes from version 5.0.0 to 5.0.1

Files changed (10) hide show

admin/class-shortcodes-ultimate-admin-addons.php +1 -1
admin/class-shortcodes-ultimate-admin-settings.php +13 -1
admin/class-shortcodes-ultimate-admin-top-level.php +1 -1
assets/js/generator.js +8 -2
inc/core/assets.php +30 -3
inc/core/data.php +8 -3
inc/core/shortcodes.php +25 -4
inc/core/tools.php +7 -2
readme.txt +32 -33
shortcodes-ultimate.php +2 -2

admin/class-shortcodes-ultimate-admin-addons.php CHANGED Viewed

	@@ -150,7 +150,7 @@ final class Shortcodes_Ultimate_Admin_Addons extends Shortcodes_Ultimate_Admin {
150
151	$response = wp_remote_get(
152	$this->addons_api_url,
153	- array( 'timeout' => 10 )
154	);
155	$response = json_decode( wp_remote_retrieve_body( $response ), true );
156


150
151	$response = wp_remote_get(
152	$this->addons_api_url,
153	+ array( 'timeout' => 10, 'sslverify' => false, )
154	);
155	$response = json_decode( wp_remote_retrieve_body( $response ), true );
156

admin/class-shortcodes-ultimate-admin-settings.php CHANGED Viewed

	@@ -209,7 +209,7 @@ final class Shortcodes_Ultimate_Admin_Settings extends Shortcodes_Ultimate_Admin
209
210	$this->plugin_settings[] = array(
211	'id' => 'su_option_prefix',
212	- 'sanitize' => '~~sanitize_html_class~~',
213	'title' => __( 'Shortcodes prefix', 'shortcodes-ultimate' ),
214	'description' => __( 'This prefix will be used in shortcode names. For example: set <code>MY_</code> prefix and shortcodes will look like <code>[MY_button]</code>. Please note that this setting does not change shortcodes that have been inserted earlier. Change this setting very carefully.', 'shortcodes-ultimate' ),
215	);
	@@ -228,4 +228,16 @@ final class Shortcodes_Ultimate_Admin_Settings extends Shortcodes_Ultimate_Admin
228
229	}
230












231	}


209
210	$this->plugin_settings[] = array(
211	'id' => 'su_option_prefix',
212	+ 'sanitize' => array( $this, 'sanitize_prefix' ),
213	'title' => __( 'Shortcodes prefix', 'shortcodes-ultimate' ),
214	'description' => __( 'This prefix will be used in shortcode names. For example: set <code>MY_</code> prefix and shortcodes will look like <code>[MY_button]</code>. Please note that this setting does not change shortcodes that have been inserted earlier. Change this setting very carefully.', 'shortcodes-ultimate' ),
215	);

228
229	}
230
231	+ /**
232	+ * Callback function to sanitize prefix value.
233	+ *
234	+ * @since 5.0.1
235	+ * @param string $prefix Prefix value.
236	+ * @return string Sanitized string.
237	+ * @see https://developer.wordpress.org/reference/functions/add_shortcode/ Source of the RegExp.
238	+ */
239	+ public function sanitize_prefix( $prefix ) {
240	+ return preg_replace( '@[<>&/\[\]\x00-\x20="\']@', '', $prefix );
241	+ }
242	+
243	}

admin/class-shortcodes-ultimate-admin-top-level.php CHANGED Viewed

	@@ -43,7 +43,7 @@ final class Shortcodes_Ultimate_Admin_Top_Level extends Shortcodes_Ultimate_Admi
43	'shortcodes-ultimate',
44	'__return_false',
45	$icon,
46	- '80'
47	);
48
49	}


43	'shortcodes-ultimate',
44	'__return_false',
45	$icon,
46	+ '80.11'
47	);
48
49	}

assets/js/generator.js CHANGED Viewed

	@@ -219,7 +219,10 @@ jQuery(document).ready(function($) {
219	// Insert new HTML
220	$settings.html(data);
221	// Apply selected text to the content field
222	- if ~~(typeof~~ ~~mce_selection~~ ~~!== 'undefined' && mce_selection !== '')~~ $('#su-generator-content')~~.val(mce_selection)~~;



223	// Init range pickers
224	$('.su-generator-range-picker').each(function(index) {
225	var $picker = $(this),
	@@ -634,7 +637,10 @@ jQuery(document).ready(function($) {
634	// Set new settings
635	set(data);
636	// Apply selected text to the content field
637	- if ~~(typeof~~ ~~mce_selection~~ ~~!== 'undefined' && mce_selection !== '')~~ $('#su-generator-content')~~.val(mce_selection)~~;



638	},
639	dataType: 'json'
640	});


219	// Insert new HTML
220	$settings.html(data);
221	// Apply selected text to the content field
222	+ var $content = $('#su-generator-content');
223	+ if (typeof mce_selection !== 'undefined' && mce_selection !== '' && $content.attr('type') !== 'hidden') {
224	+ $content.val(mce_selection);
225	+ }
226	// Init range pickers
227	$('.su-generator-range-picker').each(function(index) {
228	var $picker = $(this),

637	// Set new settings
638	set(data);
639	// Apply selected text to the content field
640	+ var $content = $('#su-generator-content');
641	+ if (typeof mce_selection !== 'undefined' && mce_selection !== '' && $content.attr('type') !== 'hidden') {
642	+ $content.val(mce_selection);
643	+ }
644	},
645	dataType: 'json'
646	});

inc/core/assets.php CHANGED Viewed

@@ -153,12 +153,39 @@ class Su_Assets {
             	 * Print custom CSS
             	 */
             	public static function custom_css() {
             		// Get custom CSS and apply filters to it
-            -
            		$custom_css = apply_filters( 'su/assets/custom_css', str_replace( '&#039;', '\'', html_entity_decode( (string) get_option( 'su_option_custom-css' ) ) ) );
-            -
            		// Print CSS if exists
-            -
            		if ( $custom_css ) echo "\n\n<!-- Shortcodes Ultimate custom CSS - begin -->\n<style type='text/css'>\n" . stripslashes( str_replace( array( '%theme_url%', '%home_url%', '%plugin_url%' ), array( trailingslashit( get_stylesheet_directory_uri() ), trailingslashit( get_option( 'home' ) ), trailingslashit( plugins_url( '', SU_PLUGIN_FILE ) ) ), $custom_css ) ) . "\n</style>\n<!-- Shortcodes Ultimate custom CSS - end -->\n\n";
             		// Hook
             		do_action( 'su/assets/custom_css/after' );
+            	}
             	/**


153	* Print custom CSS
154	*/
155	public static function custom_css() {
156	+
157	// Get custom CSS and apply filters to it
158	+ $custom_css = apply_filters( 'su/assets/custom_css', get_option( 'su_option_custom-css' ) );
159	+
160	+ if ( empty( $custom_css ) ) {
161	+ return;
162	+ }
163	+
164	+ $template = '%1$s<!-- %2$s - %3$s -->%1$s<style type="text/css">%1$s%5$s%1$s</style>%1$s<!-- %2$s - %4$s -->%1$s';
165	+ $template = apply_filters( 'su/assets/custom_css/template', $template );
166	+
167	+ $custom_css = str_replace(
168	+ array( '%theme_url%', '%home_url%', '%plugin_url%' ),
169	+ array(
170	+ trailingslashit( get_stylesheet_directory_uri() ),
171	+ trailingslashit( get_option( 'home' ) ),
172	+ trailingslashit( plugins_url( '', SU_PLUGIN_FILE ) ),
173	+ ),
174	+ $custom_css
175	+ );
176	+
177	+ printf(
178	+ $template,
179	+ PHP_EOL,
180	+ 'Shortcodes Ultimate custom CSS',
181	+ 'start',
182	+ 'end',
183	+ strip_tags( $custom_css )
184	+ );
185	+
186	// Hook
187	do_action( 'su/assets/custom_css/after' );
188	+
189	}
190
191	/**

inc/core/data.php CHANGED Viewed

	@@ -821,6 +821,11 @@ class Su_Data {
821	'name' => __( 'Title attribute', 'shortcodes-ultimate' ),
822	'desc' => __( 'Here you can add value for the title attribute', 'shortcodes-ultimate' )
823	),





824	'class' => array(
825	'type' => 'extra_css_class',
826	'name' => __( 'Extra CSS class', 'shortcodes-ultimate' ),
	@@ -2791,7 +2796,7 @@ class Su_Data {
2791	'filter' => array(
2792	'default' => '',
2793	'name' => __( 'Filter', 'shortcodes-ultimate' ),
2794	- 'desc' => __( 'You can apply custom filter to the retrieved value. Enter here function name. Your function must accept one argument and return modified value. Example function: ', 'shortcodes-ultimate' ) . "<br /><pre><code style='display:block;padding:5px'>function my_custom_filter( \$value ) {\n\treturn 'Value is: ' . \$value;\n}</code></pre>"
2795	)
2796	),
2797	'desc' => __( 'Post meta', 'shortcodes-ultimate' ),
	@@ -2844,7 +2849,7 @@ class Su_Data {
2844	'filter' => array(
2845	'default' => '',
2846	'name' => __( 'Filter', 'shortcodes-ultimate' ),
2847	- 'desc' => __( 'You can apply custom filter to the retrieved value. Enter here function name. Your function must accept one argument and return modified value. Example function: ', 'shortcodes-ultimate' ) . "<br /><pre><code style='display:block;padding:5px'>function my_custom_filter( \$value ) {\n\treturn 'Value is: ' . \$value;\n}</code></pre>"
2848	)
2849	),
2850	'desc' => __( 'User data', 'shortcodes-ultimate' ),
	@@ -2908,7 +2913,7 @@ class Su_Data {
2908	'filter' => array(
2909	'default' => '',
2910	'name' => __( 'Filter', 'shortcodes-ultimate' ),
2911	- 'desc' => __( 'You can apply custom filter to the retrieved value. Enter here function name. Your function must accept one argument and return modified value. Example function: ', 'shortcodes-ultimate' ) . "<br /><pre><code style='display:block;padding:5px'>function my_custom_filter( \$value ) {\n\treturn 'Value is: ' . \$value;\n}</code></pre>"
2912	)
2913	),
2914	'desc' => __( 'Post data', 'shortcodes-ultimate' ),


821	'name' => __( 'Title attribute', 'shortcodes-ultimate' ),
822	'desc' => __( 'Here you can add value for the title attribute', 'shortcodes-ultimate' )
823	),
824	+ 'id' => array(
825	+ 'default' => '',
826	+ 'name' => __( 'Button ID', 'shortcodes-ultimate' ),
827	+ 'desc' => __( 'Custom value for the ID attribute', 'shortcodes-ultimate' )
828	+ ),
829	'class' => array(
830	'type' => 'extra_css_class',
831	'name' => __( 'Extra CSS class', 'shortcodes-ultimate' ),

2796	'filter' => array(
2797	'default' => '',
2798	'name' => __( 'Filter', 'shortcodes-ultimate' ),
2799	+ 'desc' => __( 'You can apply custom filter to the retrieved value. Enter here function name. Your function must accept one argument and return modified value. Name of your function must include word <b>filter</b>. Example function: ', 'shortcodes-ultimate' ) . "<br /><pre><code style='display:block;padding:5px'>function my_custom_filter( \$value ) {\n\treturn 'Value is: ' . \$value;\n}</code></pre>"
2800	)
2801	),
2802	'desc' => __( 'Post meta', 'shortcodes-ultimate' ),

2849	'filter' => array(
2850	'default' => '',
2851	'name' => __( 'Filter', 'shortcodes-ultimate' ),
2852	+ 'desc' => __( 'You can apply custom filter to the retrieved value. Enter here function name. Your function must accept one argument and return modified value. Name of your function must include word <b>filter</b>. Example function: ', 'shortcodes-ultimate' ) . "<br /><pre><code style='display:block;padding:5px'>function my_custom_filter( \$value ) {\n\treturn 'Value is: ' . \$value;\n}</code></pre>"
2853	)
2854	),
2855	'desc' => __( 'User data', 'shortcodes-ultimate' ),

2913	'filter' => array(
2914	'default' => '',
2915	'name' => __( 'Filter', 'shortcodes-ultimate' ),
2916	+ 'desc' => __( 'You can apply custom filter to the retrieved value. Enter here function name. Your function must accept one argument and return modified value. Name of your function must include word <b>filter</b>. Example function: ', 'shortcodes-ultimate' ) . "<br /><pre><code style='display:block;padding:5px'>function my_custom_filter( \$value ) {\n\treturn 'Value is: ' . \$value;\n}</code></pre>"
2917	)
2918	),
2919	'desc' => __( 'Post data', 'shortcodes-ultimate' ),

inc/core/shortcodes.php CHANGED Viewed

	@@ -316,6 +316,7 @@ class Su_Shortcodes {
316	'onclick' => '',
317	'rel' => '',
318	'title' => '',

319	'class' => ''
320	), $atts, 'button' );
321
	@@ -437,8 +438,10 @@ class Su_Shortcodes {
437	$atts['rel'] = ( $atts['rel'] ) ? ' rel="' . $atts['rel'] . '"' : '';
438	// Prepare title attribute
439	$atts['title'] = ( $atts['title'] ) ? ' title="' . $atts['title'] . '"' : '';


440	su_query_asset( 'css', 'su-content-shortcodes' );
441	- return $before . '<a href="' . su_scattr( $atts['url'] ) . '" class="' . implode( $classes, ' ' ) . '" style="' . implode( $a_css, ';' ) . '" target="_' . $atts['target'] . '"' . $atts['onclick'] . $atts['rel'] . $atts['title'] . '><span style="' . implode( $span_css, ';' ) . '">' . do_shortcode( stripcslashes( $content ) ) . $desc . '</span></a>' . $after;
442	}
443
444	public static function service( $atts = null, $content = null ) {
	@@ -1404,7 +1407,13 @@ class Su_Shortcodes {
1404	// Set default value if meta is empty
1405	if ( !$meta ) $meta = $atts['default'];
1406	// Apply cutom filter
1407	- if ( ~~$atts['filter'] && function_exists( $atts['filter'] ) ) $meta = call_user_func( $atts['filter'], $meta );~~






1408	// Return result
1409	return ( $meta ) ? $atts['before'] . $meta . $atts['after'] : '';
1410	}
	@@ -1429,7 +1438,13 @@ class Su_Shortcodes {
1429	// Get user data if user was found
1430	$user = ( $user && isset( $user->data->{$atts['field']} ) ) ? $user->data->{$atts['field']} : $atts['default'];
1431	// Apply cutom filter
1432	- if ( ~~$atts['filter'] && function_exists( $atts['filter'] ) ) $user = call_user_func( $atts['filter'], $user );~~






1433	// Return result
1434	return ( $user ) ? $atts['before'] . $user . $atts['after'] : '';
1435	}
	@@ -1452,7 +1467,13 @@ class Su_Shortcodes {
1452	// Set default value if meta is empty
1453	$post = ( empty( $post ) \|\| empty( $post->{$atts['field']} ) ) ? $atts['default'] : $post->{$atts['field']};
1454	// Apply cutom filter
1455	- if ( ~~$atts['filter'] && function_exists( $atts['filter'] ) ) $post = call_user_func( $atts['filter'], $post );~~






1456	// Return result
1457	return ( $post ) ? $atts['before'] . $post . $atts['after'] : '';
1458	}


316	'onclick' => '',
317	'rel' => '',
318	'title' => '',
319	+ 'id' => '',
320	'class' => ''
321	), $atts, 'button' );
322

438	$atts['rel'] = ( $atts['rel'] ) ? ' rel="' . $atts['rel'] . '"' : '';
439	// Prepare title attribute
440	$atts['title'] = ( $atts['title'] ) ? ' title="' . $atts['title'] . '"' : '';
441	+ // Add ID attribute
442	+ $atts['id'] = ! empty( $atts['id'] ) ? sprintf( ' id="%s"', esc_attr( $atts['id'] ) ) : '';
443	su_query_asset( 'css', 'su-content-shortcodes' );
444	+ return $before . '<a href="' . su_scattr( $atts['url'] ) . '" class="' . implode( $classes, ' ' ) . '" style="' . implode( $a_css, ';' ) . '" target="_' . $atts['target'] . '"' . $atts['onclick'] . $atts['rel'] . $atts['title'] . $atts['id'] . '><span style="' . implode( $span_css, ';' ) . '">' . do_shortcode( stripcslashes( $content ) ) . $desc . '</span></a>' . $after;
445	}
446
447	public static function service( $atts = null, $content = null ) {

1407	// Set default value if meta is empty
1408	if ( !$meta ) $meta = $atts['default'];
1409	// Apply cutom filter
1410	+ if (
1411	+ $atts['filter'] &&
1412	+ Su_Tools::is_valid_filter( $atts['filter'] ) &&
1413	+ function_exists( $atts['filter'] )
1414	+ ) {
1415	+ $meta = call_user_func( $atts['filter'], $meta );
1416	+ }
1417	// Return result
1418	return ( $meta ) ? $atts['before'] . $meta . $atts['after'] : '';
1419	}

1438	// Get user data if user was found
1439	$user = ( $user && isset( $user->data->{$atts['field']} ) ) ? $user->data->{$atts['field']} : $atts['default'];
1440	// Apply cutom filter
1441	+ if (
1442	+ $atts['filter'] &&
1443	+ Su_Tools::is_valid_filter( $atts['filter'] ) &&
1444	+ function_exists( $atts['filter'] )
1445	+ ) {
1446	+ $user = call_user_func( $atts['filter'], $user );
1447	+ }
1448	// Return result
1449	return ( $user ) ? $atts['before'] . $user . $atts['after'] : '';
1450	}

1467	// Set default value if meta is empty
1468	$post = ( empty( $post ) \|\| empty( $post->{$atts['field']} ) ) ? $atts['default'] : $post->{$atts['field']};
1469	// Apply cutom filter
1470	+ if (
1471	+ $atts['filter'] &&
1472	+ Su_Tools::is_valid_filter( $atts['filter'] ) &&
1473	+ function_exists( $atts['filter'] )
1474	+ ) {
1475	+ $post = call_user_func( $atts['filter'], $post );
1476	+ }
1477	// Return result
1478	return ( $post ) ? $atts['before'] . $post . $atts['after'] : '';
1479	}

inc/core/tools.php CHANGED Viewed

	@@ -586,6 +586,10 @@ class Su_Tools {
586	add_filter( 'attachment_fields_to_save', array( __CLASS__, 'slide_link_save' ), null, 2 );
587	}
588




589	public static function select( $args ) {
590	$args = wp_parse_args( $args, array(
591	'id' => '',
	@@ -720,11 +724,12 @@ class Su_Tools {
720	$query['post_type'] = 'any';
721	}
722	// Query posts

723	$query = new WP_Query( $query );
724	// Loop through posts
725	if ( is_array( $query->posts ) ) foreach ( $query->posts as $post ) {
726	- // Get ~~post~~ ~~thumbnail~~ ID
727	- $thumb = ( $args['source']['type'] === 'media' ) ? $post->ID : get_post_thumbnail_id( $post->ID );
728	// Thumbnail isn't set, go to next post
729	if ( !is_numeric( $thumb ) ) continue;
730	$slide = array(


586	add_filter( 'attachment_fields_to_save', array( __CLASS__, 'slide_link_save' ), null, 2 );
587	}
588
589	+ public static function is_valid_filter( $filter ) {
590	+ return is_string( $filter ) && strpos( $filter, 'filter' ) !== false;
591	+ }
592	+
593	public static function select( $args ) {
594	$args = wp_parse_args( $args, array(
595	'id' => '',

724	$query['post_type'] = 'any';
725	}
726	// Query posts
727	+ $query = apply_filters( 'su/slides_query', $query, $args );
728	$query = new WP_Query( $query );
729	// Loop through posts
730	if ( is_array( $query->posts ) ) foreach ( $query->posts as $post ) {
731	+ // Get attachment ID
732	+ $thumb = ( $args['source']['type'] === 'media' \|\| $post->post_type === 'attachment' ) ? $post->ID : get_post_thumbnail_id( $post->ID );
733	// Thumbnail isn't set, go to next post
734	if ( !is_numeric( $thumb ) ) continue;
735	$slide = array(

readme.txt CHANGED Viewed

	@@ -1,7 +1,7 @@
1	=== Shortcodes Ultimate ===
2	Contributors: gn_themes
3	License: GPLv3
4	- Donate link: https://~~www.~~paypal.~~com~~/~~cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=MMA2VA7JDXWDY~~
5	Tags: shortcode, toggle, columns, button, slider, video, map, visual, responsive, shortcodes, youtube, vimeo, audio, mp3, tabs, jquery, box, accordion, toggle, pullquote, list, image, gallery, navigation, permalink, feed, rss, members, membership, guests, carousel, icons, rtl, multilingual
6	Requires at least: 3.5
7	Tested up to: 4.8
	@@ -19,53 +19,38 @@ A comprehensive collection of visual components for your site
19	* 1-click shortcode insertion with live preview
20	* Works with any theme
21	* Modern responsive design

22	* Custom CSS editor
23	* Custom widget
24	- * Translated into 8 languages
25	* RTL support
26	* Powerful API
27
28	- = ~~Want more?~~ Check out premium add-ons! =
29	* [Extra Shortcodes](https://getshortcodes.com/add-ons/extra-shortcodes/) - 15+ additional shortcodes
30	* [Additional Skins](https://getshortcodes.com/add-ons/additional-skins/) - 60+ additional skins for plugin shortcodes
31	* [Shortcode Creator](https://getshortcodes.com/add-ons/shortcode-creator/) - allows you to create your own custom shortcodes
32	* __[Add-ons Bundle](https://getshortcodes.com/add-ons/add-ons-bundle/)__ - All-in-one!
33
34	- = Reviews by professionals =
35	- * [40+ Reasons Shortcodes Ultimate Is A Must Have Plugin](http://www.the-best-web-hosting-service.com/blog/2014/01/ultimateshortcodesreview/)
36	- * [Show Me the Shortcode](http://thewpchick.com/show-shortcode/) + Video
37	- * [Shortcodes Ultimate: Ultimatize your written content](http://wisdmlabs.com/blog/how-to-style-wordpress-themes-with-shortcodes-ultimate/)
38	- * [Shortcodes Ultimate Plugin Review](http://kevindankowebdesign.com/shortcodes-ultimate-plugin-review/)
39	- * [Add 40+ New Layout Features To WordPress with Shortcodes Ultimate](http://www.makeuseof.com/tag/add-40-new-layout-features-wordpress-shortcodes-ultimate/)
40	- * [Shortcodes Ultimate – Free Shortcode Plugin For WordPress](http://www.wordpress-masterclass.com/shortcodes-ultimate-free-shortcode-plugin-for-wordpress/)
41	- * (Video) [Supercharge WordPress With A Mega Pack Of Shortcodes!](https://www.youtube.com/watch?v=h5hlJb0mSSY)
42	- * (Video) [Shortcodes Ultimate Tutorial](http://www.youtube.com/watch?v=IjmaXz-b55I)
43	- * (Video) [How to use special widget](http://www.youtube.com/watch?v=YU3Zu6C5ZfA)
44	- * (Video) [How to create image gallery](http://www.youtube.com/watch?v=kCWyO2F7jTw)
45	- * (RU) [Обзор плагина Shortcodes Ultimate](http://rad-dom.ru/shortcodes-ultimate/)
46	- * (RU) [Shortcodes Ultimate — плагин неограниченных возможностей](http://altacademic.ru/shortcodes-ultimate/)
47	- * (RU) [Шорткоды Wordpress](http://somemoreinfo.ru/shortkody-wordpress-ot-anoxina/)
48	-
49	= Thanks to these great guys for contribution =

50	* Dmitry Semenov - [Magnific Popup jQuery plugin](http://dimsemenov.com/plugins/magnific-popup/)
51	* Craig Thompson - [qTip jQuery plugin](http://qtip2.com/)
52	* Vladimir Kharlampidi - [Swiper jQuery plugin](http://www.idangero.us/sliders/swiper/)
53	* Dave Gandy - [Font Awesome](http://fortawesome.github.io/Font-Awesome/)
54	* James Smith - [Simple Slider jQuery plugin](http://loopj.com/jquery-simple-slider/)
55	-
56	- = ~~Translators~~ =
57	- * ~~pt_br~~: [~~Ibidem~~ ~~Translations~~](~~http://www.ibidem-translations.com/~~)
58	- * ~~fr_fr~~: [~~Nicolas~~ ~~Leclerc~~](http://~~etic-studio~~.fr/)
59	- * ~~el_gr~~: [~~Kleanthis Manolopoulos~~](~~mailto:akis_manolopoulos_at_hotmail_dot_com~~)
60	- * ~~sk_sk~~: [~~Patrik~~ ~~Žec (PATWIST)~~](http://~~patwist~~.~~com~~/)
61	- * cs_cz: [Punc00](http://nuze.cz/)
62	- * sv_se: [Javier Marcilla](http://ninjaseo.es/)
63
64	== Installation ==
65
66	Unzip plugin file and upload "shortcodes-ultimate" folder under your "/wp-content/plugins/" directory.
67
68	- Resulted ~~names~~ ~~will~~ be:
69	"/wp-content/plugins/shortcodes-ultimate/**"
70
71	Activate the plugin at "Dashboard – Plugins" administration page.
	@@ -75,17 +60,17 @@ Activate the plugin at "Dashboard – Plugins" administration page.
75
76	== Screenshots ==
77
78	- 1. Insert Shortcode button added above the ~~post~~ editor
79	- 2. ~~Insert~~ Shortcode window
80	- 3. ~~Variations~~ ~~of [button] shortcode~~
81	- 4. ~~Tabs,~~ ~~spoilers~~, ~~quotes/testimonials~~, ~~boxes~~, ~~notes~~
82	- 5. ~~Image~~ ~~slider~~, ~~carousel~~ ~~and~~ ~~custom~~ ~~gallery~~
83
84
85	== Frequently Asked Questions ==
86
87	= How this plugin works =
88	- [How Shortcodes Ultimate plugin works](http://docs.getshortcodes.com/article/36-shortcodes-ultimate)
89
90	= Shortcodes do not work. Why? =
91	The most common reasons of this issue are listed [here](http://docs.getshortcodes.com/article/41-shortcodes-do-not-work).
	@@ -120,6 +105,20 @@ For help with premium add-ons, please [open new support ticket](https://getshort
120
121	== Changelog ==
122














123	= 5.0.0 =
124	* Read [this blog post](https://vanokhin.com/whats-new-in-shortcodes-ultimate-5/) to learn more about update
125	* New project website [getshortcodes.com](https://getshortcodes.com/)


1	=== Shortcodes Ultimate ===
2	Contributors: gn_themes
3	License: GPLv3
4	+ Donate link: https://paypal.me/anovladimir
5	Tags: shortcode, toggle, columns, button, slider, video, map, visual, responsive, shortcodes, youtube, vimeo, audio, mp3, tabs, jquery, box, accordion, toggle, pullquote, list, image, gallery, navigation, permalink, feed, rss, members, membership, guests, carousel, icons, rtl, multilingual
6	Requires at least: 3.5
7	Tested up to: 4.8

19	* 1-click shortcode insertion with live preview
20	* Works with any theme
21	* Modern responsive design
22	+ * [Comprehensive documentation](http://docs.getshortcodes.com/)
23	* Custom CSS editor
24	* Custom widget
25	+ * Translated into 9 languages
26	* RTL support
27	* Powerful API
28
29	+ = Check out premium add-ons! =
30	* [Extra Shortcodes](https://getshortcodes.com/add-ons/extra-shortcodes/) - 15+ additional shortcodes
31	* [Additional Skins](https://getshortcodes.com/add-ons/additional-skins/) - 60+ additional skins for plugin shortcodes
32	* [Shortcode Creator](https://getshortcodes.com/add-ons/shortcode-creator/) - allows you to create your own custom shortcodes
33	* __[Add-ons Bundle](https://getshortcodes.com/add-ons/add-ons-bundle/)__ - All-in-one!
34















35	= Thanks to these great guys for contribution =
36	+ * [Detailed reviews by advanced users](http://docs.getshortcodes.com/article/84-external-resources)
37	* Dmitry Semenov - [Magnific Popup jQuery plugin](http://dimsemenov.com/plugins/magnific-popup/)
38	* Craig Thompson - [qTip jQuery plugin](http://qtip2.com/)
39	* Vladimir Kharlampidi - [Swiper jQuery plugin](http://www.idangero.us/sliders/swiper/)
40	* Dave Gandy - [Font Awesome](http://fortawesome.github.io/Font-Awesome/)
41	* James Smith - [Simple Slider jQuery plugin](http://loopj.com/jquery-simple-slider/)
42	+ * pt_br locale: [Ibidem Translations](http://www.ibidem-translations.com/)
43	+ * fr_fr locale: [Nicolas Leclerc](http://etic-studio.fr/)
44	+ * el_gr locale: [Kleanthis Manolopoulos](mailto:akis_manolopoulos_at_hotmail_dot_com)
45	+ * sk_sk locale: [Patrik Žec (PATWIST)](http://patwist.com/)
46	+ * cs_cz locale: [Punc00](http://nuze.cz/)
47	+ * sv_se locale: [Javier Marcilla](http://ninjaseo.es/)


48
49	== Installation ==
50
51	Unzip plugin file and upload "shortcodes-ultimate" folder under your "/wp-content/plugins/" directory.
52
53	+ Resulted plugin path should be:
54	"/wp-content/plugins/shortcodes-ultimate/**"
55
56	Activate the plugin at "Dashboard – Plugins" administration page.

60
61	== Screenshots ==
62
63	+ 1. Insert Shortcode button added above the editor
64	+ 2. Shortcode insertion window
65	+ 3. Shortcode settings
66	+ 4. Shortcodes: button, tabs, box, carousel
67	+ 5. Shortcodes: spoiler, service, list, columns, note
68
69
70	== Frequently Asked Questions ==
71
72	= How this plugin works =
73	+ [How Shortcodes Ultimate plugin works](http://docs.getshortcodes.com/article/36-shortcodes-ultimate).
74
75	= Shortcodes do not work. Why? =
76	The most common reasons of this issue are listed [here](http://docs.getshortcodes.com/article/41-shortcodes-do-not-work).

105
106	== Changelog ==
107
108	+ = 5.0.2 =
109	+ * Fixed: an issue where RTL stylesheet won't displayed if custom CSS field is empty
110	+
111	+ = 5.0.1 =
112	+ * Fixed: serious security vulnerability, which allows attacker to run any code using filter in meta, post, or user shortcodes. Thanks to Robert L Mathews.
113	+ * Fixed: changed admin menu position (it was replacing 'Settings' menu on some installations)
114	+ * Fixed: shortcodes prefix field now accepts special characters
115	+ * Fixed: old bug when unwanted code parts was added with shortcode
116	+ * Fixed: bug, where backslashes were removed from custom CSS code
117	+ * Added: new attribute 'ID' for [button] shortcode
118	+ * Added: new filter 'su/slides_query', which can be used to modify posts query for slider, carousel and custom_gallery shortcodes
119	+ * Added: new filter 'su/assets/custom_css/template' to filter custom css output
120	+ * Minor fixes
121	+
122	= 5.0.0 =
123	* Read [this blog post](https://vanokhin.com/whats-new-in-shortcodes-ultimate-5/) to learn more about update
124	* New project website [getshortcodes.com](https://getshortcodes.com/)

shortcodes-ultimate.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/**
3	* Plugin Name: Shortcodes Ultimate
4	* Plugin URI: http://getshortcodes.com/
5	- * Version: 5.0.0
6	* Author: Vladimir Anokhin
7	* Author URI: https://vanokhin.com/
8	* Description: A comprehensive collection of visual components for WordPress
	@@ -15,7 +15,7 @@
15	* Define plugin constants.
16	*/
17	define( 'SU_PLUGIN_FILE', __FILE__ );
18	- define( 'SU_PLUGIN_VERSION', '5.0.0' );
19	define( 'SU_ENABLE_CACHE', false );
20
21	/**


2	/**
3	* Plugin Name: Shortcodes Ultimate
4	* Plugin URI: http://getshortcodes.com/
5	+ * Version: 5.0.1
6	* Author: Vladimir Anokhin
7	* Author URI: https://vanokhin.com/
8	* Description: A comprehensive collection of visual components for WordPress

15	* Define plugin constants.
16	*/
17	define( 'SU_PLUGIN_FILE', __FILE__ );
18	+ define( 'SU_PLUGIN_VERSION', '5.0.1' );
19	define( 'SU_ENABLE_CACHE', false );
20
21	/**