Strong Testimonials - Version 2.40.1

Version Description

Download this release

Release Info

Developer machothemes
Plugin Icon 128x128 Strong Testimonials
Version 2.40.1
Comparing to
See all releases

Code changes from version 2.40.0 to 2.40.1

Files changed (4) hide show
  1. admin/class-strong-testimonials-post-editor.php +17 -3
  2. changelog.txt +3 -0
  3. readme.txt +2 -2
  4. strong-testimonials.php +2 -2
admin/class-strong-testimonials-post-editor.php CHANGED
@@ -164,7 +164,7 @@ class Strong_Testimonials_Post_Editor {
164
  printf(
165
  '<textarea id="%1$s" name="custom[%1$s]" class="custom-input">%2$s</textarea>',
166
  esc_attr( $field['name'] ),
167
- esc_attr( $post->{$field['name']} )
168
  );
169
  }
170
 
@@ -281,6 +281,8 @@ class Strong_Testimonials_Post_Editor {
281
  return;
282
  }
283
 
 
 
284
  $custom = $_POST['custom'];
285
 
286
  $custom_fields = wpmtst_get_custom_fields();
@@ -300,6 +302,7 @@ class Strong_Testimonials_Post_Editor {
300
  // Similar to wpmtst_ajax_edit_rating() in admin-ajax.php.
301
  foreach ( $custom as $key => $value ) {
302
  $action = 'update';
 
303
 
304
  if ( isset( $custom_fields[ $key ] ) ) {
305
  if ( 'rating' == $custom_fields[ $key ]['input_type'] && !$value ) {
@@ -307,13 +310,24 @@ class Strong_Testimonials_Post_Editor {
307
  }
308
  }
309
 
 
 
 
 
 
 
 
 
 
 
 
310
  if ( 'update' == $action ) {
311
  // empty values replace existing values
312
- update_post_meta( $_POST['post_ID'], $key, stripslashes( $value ) );
313
  }
314
  else {
315
  // delete value; e.g. zero rating
316
- delete_post_meta( $_POST['post_ID'], $key );
317
  }
318
  }
319
  }
164
  printf(
165
  '<textarea id="%1$s" name="custom[%1$s]" class="custom-input">%2$s</textarea>',
166
  esc_attr( $field['name'] ),
167
+ wp_kses_post( $post->{$field['name']} )
168
  );
169
  }
170
 
281
  return;
282
  }
283
 
284
+ $post_id = absint( $_POST['post_ID'] );
285
+
286
  $custom = $_POST['custom'];
287
 
288
  $custom_fields = wpmtst_get_custom_fields();
302
  // Similar to wpmtst_ajax_edit_rating() in admin-ajax.php.
303
  foreach ( $custom as $key => $value ) {
304
  $action = 'update';
305
+ $sanitized_value = '';
306
 
307
  if ( isset( $custom_fields[ $key ] ) ) {
308
  if ( 'rating' == $custom_fields[ $key ]['input_type'] && !$value ) {
310
  }
311
  }
312
 
313
+ // Data Sanitization
314
+ if ( 'text' == $custom_fields[ $key ]['input_type'] ) {
315
+ $sanitized_value = wp_filter_post_kses( $value );
316
+ }elseif ( 'email' == $custom_fields[ $key ]['input_type'] ) {
317
+ $sanitized_value = sanitize_email( $value );
318
+ }elseif ( 'url' == $custom_fields[ $key ]['input_type'] ) {
319
+ $sanitized_value = sanitize_text_field( $value );
320
+ }else{
321
+ $sanitized_value = sanitize_text_field( $value );
322
+ }
323
+
324
  if ( 'update' == $action ) {
325
  // empty values replace existing values
326
+ update_post_meta( $post_id, $key, $sanitized_value );
327
  }
328
  else {
329
  // delete value; e.g. zero rating
330
+ delete_post_meta( $post_id, $key );
331
  }
332
  }
333
  }
changelog.txt CHANGED
@@ -1,3 +1,6 @@
 
 
 
1
  = 2.40.0 - Oct. 16, 2019 =
2
  * improved compatibility with Strong Testimonials: Importer extension
3
 
1
+ = 2.40.1 - Jan. 25, 2020 =
2
+ * improved data sanitization
3
+
4
  = 2.40.0 - Oct. 16, 2019 =
5
  * improved compatibility with Strong Testimonials: Importer extension
6
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: testimonials, testimonial slider, testimonial form, star ratings
4
  Requires at least: 4.6
5
  Requires PHP: 5.6
6
  Tested up to: 5.2
7
- Stable tag: 2.40.0
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
@@ -38,7 +38,7 @@ https://www.youtube.com/watch?v=3nyvRvoxMxY
38
  > * Priority email support
39
  > * Support and updates for 12 months.
40
  >
41
- >**[Learn more about Strong Testimonials - Paid version .](https://wp-modula.com/pricing?utm_source=wordpress.org&utm_medium=web&utm_campaign=lite)**
42
 
43
  ### Style
44
 
4
  Requires at least: 4.6
5
  Requires PHP: 5.6
6
  Tested up to: 5.2
7
+ Stable tag: 2.40.1
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
38
  > * Priority email support
39
  > * Support and updates for 12 months.
40
  >
41
+ >**[Learn more about Strong Testimonials - Paid version .](https://strongtestimonials.com/pricing?utm_source=wordpress.org&utm_medium=web&utm_campaign=lite)**
42
 
43
  ### Style
44
 
strong-testimonials.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: Collect and display your testimonials or reviews.
6
  * Author: MachoThemes
7
  * Author URI: https://www.machothemes.com/
8
- * Version: 2.40.0
9
  * Text Domain: strong-testimonials
10
  * Domain Path: /languages
11
  * Requires: 4.6 or higher
@@ -44,7 +44,7 @@ if ( ! defined( 'ABSPATH' ) ) {
44
  exit;
45
  }
46
 
47
- define( 'WPMTST_VERSION', '2.40.0' );
48
  define( 'WPMTST_PLUGIN', plugin_basename( __FILE__ ) ); // strong-testimonials/strong-testimonials.php
49
  define( 'WPMTST', dirname( WPMTST_PLUGIN ) ); // strong-testimonials
50
  defined( 'WPMTST_STORE_URL' ) || define( 'WPMTST_STORE_URL', 'https://strongtestimonials.com' );
5
  * Description: Collect and display your testimonials or reviews.
6
  * Author: MachoThemes
7
  * Author URI: https://www.machothemes.com/
8
+ * Version: 2.40.1
9
  * Text Domain: strong-testimonials
10
  * Domain Path: /languages
11
  * Requires: 4.6 or higher
44
  exit;
45
  }
46
 
47
+ define( 'WPMTST_VERSION', '2.40.1' );
48
  define( 'WPMTST_PLUGIN', plugin_basename( __FILE__ ) ); // strong-testimonials/strong-testimonials.php
49
  define( 'WPMTST', dirname( WPMTST_PLUGIN ) ); // strong-testimonials
50
  defined( 'WPMTST_STORE_URL' ) || define( 'WPMTST_STORE_URL', 'https://strongtestimonials.com' );