Version Description
- Added the WordPress filter 'wp_kses_allowed_html' to allow IFRAME content to be inserted into slide content, which is required to insert YouTube & Vimeo IFRAMEs.
Download this release
Release Info
| Developer | simonpedge |
| Plugin |  Slide Anything – Responsive Content / HTML Slider and Carousel |
| Version | 2.3.45 |
| Comparing to | |
| See all releases | |
Code changes from version 2.3.44 to 2.3.45
- php/slide-anything-admin.php +27 -0
- readme.txt +7 -1
- slide-anything.php +2 -1
php/slide-anything-admin.php
CHANGED
|
@@ -3342,4 +3342,31 @@ function sa_preview_page_template($template) {
|
|
| 3342 |
}
|
| 3343 |
return $template;
|
| 3344 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3345 |
?>
|
| 3342 |
}
|
| 3343 |
return $template;
|
| 3344 |
}
|
| 3345 |
+
|
| 3346 |
+
|
| 3347 |
+
// ### FILTER TO ALLOW IFRAMES WITHIN SLIDE CONTENT ###
|
| 3348 |
+
function slides_allow_iframes_filter($allowedposttags) {
|
| 3349 |
+
// Only change for users who can publish posts
|
| 3350 |
+
if ( !current_user_can( 'publish_posts' ) ) return $allowedposttags;
|
| 3351 |
+
|
| 3352 |
+
// Allow iframes and the following attributes
|
| 3353 |
+
$allowedposttags['iframe'] = array(
|
| 3354 |
+
'align' => true,
|
| 3355 |
+
'width' => true,
|
| 3356 |
+
'height' => true,
|
| 3357 |
+
'frameborder' => true,
|
| 3358 |
+
'name' => true,
|
| 3359 |
+
'src' => true,
|
| 3360 |
+
'title' => true,
|
| 3361 |
+
'allow' => true,
|
| 3362 |
+
'allowfullscreen' => true,
|
| 3363 |
+
'id' => true,
|
| 3364 |
+
'class' => true,
|
| 3365 |
+
'style' => true,
|
| 3366 |
+
'scrolling' => true,
|
| 3367 |
+
'marginwidth' => true,
|
| 3368 |
+
'marginheight' => true,
|
| 3369 |
+
);
|
| 3370 |
+
return $allowedposttags;
|
| 3371 |
+
}
|
| 3372 |
?>
|
readme.txt
CHANGED
|
@@ -98,6 +98,9 @@ Adding a SLIDE ANYTHING slider using the WordPress 5.0 'Block Editor' is pretty
|
|
| 98 |
|
| 99 |
== Changelog ==
|
| 100 |
|
|
|
|
|
|
|
|
|
|
| 101 |
= 2.3.44 =
|
| 102 |
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
| 103 |
|
|
@@ -757,4 +760,7 @@ Adding a SLIDE ANYTHING slider using the WordPress 5.0 'Block Editor' is pretty
|
|
| 757 |
* Fixed a code syntax error in the security fix I did in release 2.3.41 (oops!)
|
| 758 |
|
| 759 |
= 2.3.44 =
|
| 760 |
-
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
|
|
|
|
|
|
|
|
| 98 |
|
| 99 |
== Changelog ==
|
| 100 |
|
| 101 |
+
= 2.3.45 =
|
| 102 |
+
* Added the WordPress filter 'wp_kses_allowed_html' to allow IFRAME content to be inserted into slide content, which is required to insert YouTube & Vimeo IFRAMEs.
|
| 103 |
+
|
| 104 |
= 2.3.44 =
|
| 105 |
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
| 106 |
|
| 760 |
* Fixed a code syntax error in the security fix I did in release 2.3.41 (oops!)
|
| 761 |
|
| 762 |
= 2.3.44 =
|
| 763 |
+
* Another security fix. WPScan notified me of a potential security vunerability where high privilege users (with a role of 'Editor' and above) could perform Cross-Site Scripting attacks by inserting malicious scripts within slide content. Fixed by using 'wp_kses_post()' function to sanitise slide content before updating sliders.
|
| 764 |
+
|
| 765 |
+
= 2.3.45 =
|
| 766 |
+
* Added the WordPress filter 'wp_kses_allowed_html' to allow IFRAME content to be inserted into slide content, which is required to insert YouTube & Vimeo IFRAMEs.
|
slide-anything.php
CHANGED
|
@@ -4,7 +4,7 @@
|
|
| 4 |
* Plugin URI: https://wordpress.org/plugins/slide-anything/
|
| 5 |
* Description: Slide Anything allows you to create a carousel/slider where the content for each slide can be anything you want - images, text, HTML, and even shortcodes. This plugin uses the Owl Carousel jQuery plugin, and lets you create beautiful, touch enabled, responsive carousels and sliders.
|
| 6 |
* Author: Simon Edge
|
| 7 |
-
* Version: 2.3.
|
| 8 |
* License: GPLv2 or later
|
| 9 |
*/
|
| 10 |
|
|
@@ -33,6 +33,7 @@ if (!get_option('sa-disable-tinymce-button')) {
|
|
| 33 |
}
|
| 34 |
add_action('admin_menu', 'extra_sa_menu_pages');
|
| 35 |
add_filter('template_include', 'sa_preview_page_template');
|
|
|
|
| 36 |
|
| 37 |
// SLIDE ANYTHING 2.0 UPGRADE NOTICE
|
| 38 |
add_action('admin_notices', 'version_20_upgrade_notice');
|
| 4 |
* Plugin URI: https://wordpress.org/plugins/slide-anything/
|
| 5 |
* Description: Slide Anything allows you to create a carousel/slider where the content for each slide can be anything you want - images, text, HTML, and even shortcodes. This plugin uses the Owl Carousel jQuery plugin, and lets you create beautiful, touch enabled, responsive carousels and sliders.
|
| 6 |
* Author: Simon Edge
|
| 7 |
+
* Version: 2.3.45
|
| 8 |
* License: GPLv2 or later
|
| 9 |
*/
|
| 10 |
|
| 33 |
}
|
| 34 |
add_action('admin_menu', 'extra_sa_menu_pages');
|
| 35 |
add_filter('template_include', 'sa_preview_page_template');
|
| 36 |
+
add_filter('wp_kses_allowed_html', 'slides_allow_iframes_filter');
|
| 37 |
|
| 38 |
// SLIDE ANYTHING 2.0 UPGRADE NOTICE
|
| 39 |
add_action('admin_notices', 'version_20_upgrade_notice');
|
