Code Embed - Version 2.0.2

Version Description

Enhancement: Fixed minor XSS vulnerability (kindly reported by Mozilla)
Enhancement: Shows README appropriate to the current installed version, instead of the latest

Files changed (5) hide show

includes/ace-filter.php CHANGED Viewed

	@@ -78,6 +78,9 @@ function ace_filter( $content ) {
78	// Get the custom field data and replace in the post
79
80	$search = $options[ 'opening_ident' ] . $options[ 'keyword_ident' ] . $suffix . $options[ 'closing_ident' ];



81
82	// Get the meta for the current post
83	$post_meta = get_post_meta( $post -> ID, $options[ 'keyword_ident' ].$suffix, false );
	@@ -87,6 +90,8 @@ function ace_filter( $content ) {
87	// No meta found, so look for it elsewhere
88	$html = ace_get_embed_code( $options[ 'keyword_ident' ], $suffix );
89	}


90
91	// Build the string to search for
92


78	// Get the custom field data and replace in the post
79
80	$search = $options[ 'opening_ident' ] . $options[ 'keyword_ident' ] . $suffix . $options[ 'closing_ident' ];
81	+
82	+
83	+ ///////////////////////// Place the following section in a seperate routine - can be shared with new SEO functions
84
85	// Get the meta for the current post
86	$post_meta = get_post_meta( $post -> ID, $options[ 'keyword_ident' ].$suffix, false );

90	// No meta found, so look for it elsewhere
91	$html = ace_get_embed_code( $options[ 'keyword_ident' ], $suffix );
92	}
93	+
94	+ /////////////////////////////
95
96	// Build the string to search for
97

includes/ace-readme.php CHANGED Viewed

	@@ -18,7 +18,7 @@ if ( !function_exists( 'wp_readme_parser' ) ) {
18	echo '<p>You shouldn\'t be able to see this but I guess that odd things can happen!<p>';
19	echo '<p>To display the README you must install the <a href="http://wordpress.org/extend/plugins/wp-readme-parser/">README Parser plugin</a>.</p>';
20	} else {
21	- echo wp_readme_parser( array( 'exclude' => 'meta,upgrade notice,screenshots,support,changelog,links,installation,licence,reviews & mentions', 'ignore' => 'For help with this plugin,,for more information and advanced options ' ), '~~Simple~~ ~~Embed~~ ~~Code~~' );
22	}
23	?>
24	</div>


18	echo '<p>You shouldn\'t be able to see this but I guess that odd things can happen!<p>';
19	echo '<p>To display the README you must install the <a href="http://wordpress.org/extend/plugins/wp-readme-parser/">README Parser plugin</a>.</p>';
20	} else {
21	+ echo wp_readme_parser( array( 'exclude' => 'meta,upgrade notice,screenshots,support,changelog,links,installation,licence,reviews & mentions', 'ignore' => 'For help with this plugin,,for more information and advanced options ' ), 'http://plugins.svn.wordpress.org/simple-embed-code/tags/' . artiss_code_embed_version . '/readme.txt' );
22	}
23	?>
24	</div>

includes/ace-search.php CHANGED Viewed

	@@ -25,10 +25,10 @@ if ( !ace_contextual_help_type() ) {
25	<?php
26	// Get the suffix - either from the submitted field or via the URL line
27	if ( isset ( $_GET[ 'suffix' ] ) ) {
28	- $suffix = $_GET[ 'suffix' ];
29	} else {
30	if ( ( !empty( $_POST ) ) && ( check_admin_referer( 'code-embed-search' , 'code_embed_search_nonce' ) ) ) {
31	- $suffix = $_POST[ 'ace_suffix' ];
32	} else {
33	$suffix = '';
34	}
	@@ -73,7 +73,7 @@ if ( $suffix != '' ) {
73	$post_id = $meta_data -> ID;
74
75	// Switch background colours as the code changes
76	-
77	if ( $html != $prev_html ) { if ( $color == $color1 ) { $color = $color2; } else { $color = $color1; } }
78
79	echo "<tr style=\"background-color: #" . $color . "\">\n";


25	<?php
26	// Get the suffix - either from the submitted field or via the URL line
27	if ( isset ( $_GET[ 'suffix' ] ) ) {
28	+ $suffix = htmlspecialchars( $_GET[ 'suffix' ] );
29	} else {
30	if ( ( !empty( $_POST ) ) && ( check_admin_referer( 'code-embed-search' , 'code_embed_search_nonce' ) ) ) {
31	+ $suffix = htmlspecialchars( $_POST[ 'ace_suffix' ] );
32	} else {
33	$suffix = '';
34	}

73	$post_id = $meta_data -> ID;
74
75	// Switch background colours as the code changes
76	+
77	if ( $html != $prev_html ) { if ( $color == $color1 ) { $color = $color2; } else { $color = $color1; } }
78
79	echo "<tr style=\"background-color: #" . $color . "\">\n";

readme.txt CHANGED Viewed

	@@ -1,16 +1,15 @@
1	=== Artiss Code Embed ===
2	- Contributors: ~~dartiss~~
3	- Donate link: http://artiss.co.uk/donate
4	Tags: artiss, embed, code, html, javascript, script, simple, video, xhtml, youtube
5	Requires at least: 2.0
6	- Tested up to: 3.3.1
7	- Stable tag: 2.0.1
8
9	Artiss Code Embed (formally Simple Code Embed) provides a very easy and efficient way to embed code (JavaScript and HTML) in your posts and pages.
10
11	== Description ==
12
13	- Artiss Code Embed (formally Simple Code Embed) allows you to embed code - JavaScript and HTML primarily - in a post. This is incredibly useful for embedding video, etc, when required. It cannot be used for server side code, such as PHP.
14
15	Features include..
16
	@@ -167,6 +166,10 @@ Please note, however, that the minimum for WordPress is now PHP 5.2.4. Even thou
167
168	== Changelog ==
169




170	= 2.0.1 =
171	* Enhancement: Removed restriction on embed code length
172
	@@ -221,6 +224,9 @@ versions of this plugin
221
222	== Upgrade Notice ==
223



224	= 2.0.1 =
225	* Upgrade to remove embed code length restriction
226


1	=== Artiss Code Embed ===
2	+ Contributors: DarkDesigns

3	Tags: artiss, embed, code, html, javascript, script, simple, video, xhtml, youtube
4	Requires at least: 2.0
5	+ Tested up to: 3.4.1
6	+ Stable tag: 2.0.2
7
8	Artiss Code Embed (formally Simple Code Embed) provides a very easy and efficient way to embed code (JavaScript and HTML) in your posts and pages.
9
10	== Description ==
11
12	+ Artiss Code Embed (formally Simple Code Embed) allows you to embed code - JavaScript and HTML primarily - in a post. This is incredibly useful for embedding video, etc, when required and is used, amongst other, by Mozilla. It cannot be used for server side code, such as PHP.
13
14	Features include..
15

166
167	== Changelog ==
168
169	+ = 2.0.2 =
170	+ * Enhancement: Fixed [minor XSS vulnerability](https://bugzilla.mozilla.org/show_bug.cgi?id=771315 "Bug 771315 - WP Plugin Simple-embed-Code - Fix XSS Before Adding to Hacks Blog") (kindly reported by Mozilla)
171	+ * Enhancement: Shows README appropriate to the current installed version, instead of the latest
172	+
173	= 2.0.1 =
174	* Enhancement: Removed restriction on embed code length
175

224
225	== Upgrade Notice ==
226
227	+ = 2.0.2 =
228	+ * Upgrade to fix a [minor XSS vulnerability](https://bugzilla.mozilla.org/show_bug.cgi?id=771315 "Bug 771315 - WP Plugin Simple-embed-Code - Fix XSS Before Adding to Hacks Blog")
229	+
230	= 2.0.1 =
231	* Upgrade to remove embed code length restriction
232

simple-code-embed.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Artiss Code Embed
4	Plugin URI: http://www.artiss.co.uk/code-embed
5	Description: Allows you to embed code into your posts & pages
6	- Version: 2.0.1
7	Author: David Artiss
8	Author URI: http://www.artiss.co.uk
9	*/
	@@ -17,7 +17,7 @@ Author URI: http://www.artiss.co.uk
17	* @since 1.6
18	*/
19
20	- define( 'artiss_code_embed_version', '2.0.1' );
21
22	function ace_load_plugin_textdomain() {
23	load_plugin_textdomain( 'simple-embed-code', false, 'simple-embed-code/languages' );


3	Plugin Name: Artiss Code Embed
4	Plugin URI: http://www.artiss.co.uk/code-embed
5	Description: Allows you to embed code into your posts & pages
6	+ Version: 2.0.2
7	Author: David Artiss
8	Author URI: http://www.artiss.co.uk
9	*/

17	* @since 1.6
18	*/
19
20	+ define( 'artiss_code_embed_version', '2.0.2' );
21
22	function ace_load_plugin_textdomain() {
23	load_plugin_textdomain( 'simple-embed-code', false, 'simple-embed-code/languages' );