Version Description
- Added the WordPress filter 'wp_kses_allowed_html' to allow IFRAME content to be inserted into slide content, which is required to insert YouTube & Vimeo IFRAMEs.
Download this release
Release Info
Developer | simonpedge |
Plugin | Slide Anything – Responsive Content / HTML Slider and Carousel |
Version | 2.3.45 |
Comparing to | |
See all releases |
Code changes from version 2.3.44 to 2.3.45
- php/slide-anything-admin.php +27 -0
- readme.txt +7 -1
- slide-anything.php +2 -1
php/slide-anything-admin.php
CHANGED
@@ -3342,4 +3342,31 @@ function sa_preview_page_template($template) {
|
|
3342 |
}
|
3343 |
return $template;
|
3344 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3345 |
?>
|
3342 |
}
|
3343 |
return $template;
|
3344 |
}
|
3345 |
+
|
3346 |
+
|
3347 |
+
// ### FILTER TO ALLOW IFRAMES WITHIN SLIDE CONTENT ###
|
3348 |
+
function slides_allow_iframes_filter($allowedposttags) {
|
3349 |
+
// Only change for users who can publish posts
|
3350 |
+
if ( !current_user_can( 'publish_posts' ) ) return $allowedposttags;
|
3351 |
+
|
3352 |
+
// Allow iframes and the following attributes
|
3353 |
+
$allowedposttags['iframe'] = array(
|
3354 |
+
'align' => true,
|
3355 |
+
'width' => true,
|
3356 |
+
'height' => true,
|
3357 |
+
'frameborder' => true,
|
3358 |
+
'name' => true,
|
3359 |
+
'src' => true,
|
3360 |
+
'title' => true,
|
3361 |
+
'allow' => true,
|
3362 |
+
'allowfullscreen' => true,
|
3363 |
+
'id' => true,
|
3364 |
+
'class' => true,
|
3365 |
+
'style' => true,
|
3366 |
+
'scrolling' => true,
|
3367 |
+
'marginwidth' => true,
|
3368 |
+
'marginheight' => true,
|
3369 |
+
);
|
3370 |
+
return $allowedposttags;
|
3371 |
+
}
|
3372 |
?>
|
readme.txt
CHANGED
@@ -98,6 +98,9 @@ Adding a SLIDE ANYTHING slider using the WordPress 5.0 'Block Editor' is pretty
|
|
98 |
|
99 |
== Changelog ==
|
100 |
|
|
|
|
|
|
|
101 |
= 2.3.44 =
|
102 |
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
103 |
|
@@ -757,4 +760,7 @@ Adding a SLIDE ANYTHING slider using the WordPress 5.0 'Block Editor' is pretty
|
|
757 |
* Fixed a code syntax error in the security fix I did in release 2.3.41 (oops!)
|
758 |
|
759 |
= 2.3.44 =
|
760 |
-
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
|
|
|
|
|
98 |
|
99 |
== Changelog ==
|
100 |
|
101 |
+
= 2.3.45 =
|
102 |
+
* Added the WordPress filter 'wp_kses_allowed_html' to allow IFRAME content to be inserted into slide content, which is required to insert YouTube & Vimeo IFRAMEs.
|
103 |
+
|
104 |
= 2.3.44 =
|
105 |
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
106 |
|
760 |
* Fixed a code syntax error in the security fix I did in release 2.3.41 (oops!)
|
761 |
|
762 |
= 2.3.44 =
|
763 |
+
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
764 |
+
|
765 |
+
= 2.3.45 =
|
766 |
+
* Added the WordPress filter 'wp_kses_allowed_html' to allow IFRAME content to be inserted into slide content, which is required to insert YouTube & Vimeo IFRAMEs.
|
slide-anything.php
CHANGED
@@ -4,7 +4,7 @@
|
|
4 |
* Plugin URI: https://wordpress.org/plugins/slide-anything/
|
5 |
* Description: Slide Anything allows you to create a carousel/slider where the content for each slide can be anything you want - images, text, HTML, and even shortcodes. This plugin uses the Owl Carousel jQuery plugin, and lets you create beautiful, touch enabled, responsive carousels and sliders.
|
6 |
* Author: Simon Edge
|
7 |
-
* Version: 2.3.
|
8 |
* License: GPLv2 or later
|
9 |
*/
|
10 |
|
@@ -33,6 +33,7 @@ if (!get_option('sa-disable-tinymce-button')) {
|
|
33 |
}
|
34 |
add_action('admin_menu', 'extra_sa_menu_pages');
|
35 |
add_filter('template_include', 'sa_preview_page_template');
|
|
|
36 |
|
37 |
// SLIDE ANYTHING 2.0 UPGRADE NOTICE
|
38 |
add_action('admin_notices', 'version_20_upgrade_notice');
|
4 |
* Plugin URI: https://wordpress.org/plugins/slide-anything/
|
5 |
* Description: Slide Anything allows you to create a carousel/slider where the content for each slide can be anything you want - images, text, HTML, and even shortcodes. This plugin uses the Owl Carousel jQuery plugin, and lets you create beautiful, touch enabled, responsive carousels and sliders.
|
6 |
* Author: Simon Edge
|
7 |
+
* Version: 2.3.45
|
8 |
* License: GPLv2 or later
|
9 |
*/
|
10 |
|
33 |
}
|
34 |
add_action('admin_menu', 'extra_sa_menu_pages');
|
35 |
add_filter('template_include', 'sa_preview_page_template');
|
36 |
+
add_filter('wp_kses_allowed_html', 'slides_allow_iframes_filter');
|
37 |
|
38 |
// SLIDE ANYTHING 2.0 UPGRADE NOTICE
|
39 |
add_action('admin_notices', 'version_20_upgrade_notice');
|