Version Description
- Fixed admin setting not being escaped when output.
Download this release
Release Info
| Developer | Benbodhi |
| Plugin |  SVG Support |
| Version | 2.3.20 |
| Comparing to | |
| See all releases | |
Code changes from version 2.3.19 to 2.3.20
- admin/admin-init.php +20 -3
- admin/svgs-settings-page.php +1 -1
- functions/attribute-control.php +1 -1
- functions/enqueue.php +3 -3
- readme.txt +9 -3
- svg-support.php +2 -2
admin/admin-init.php
CHANGED
|
@@ -46,12 +46,29 @@ function bodhi_svg_support_settings_page() {
|
|
| 46 |
|
| 47 |
}
|
| 48 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49 |
/**
|
| 50 |
* Register settings in the database
|
| 51 |
*/
|
| 52 |
function bodhi_svgs_register_settings() {
|
| 53 |
|
| 54 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 55 |
|
| 56 |
}
|
| 57 |
add_action( 'admin_init', 'bodhi_svgs_register_settings' );
|
|
@@ -88,7 +105,7 @@ function bodhi_svgs_specific_pages_settings() {
|
|
| 88 |
$screen = get_current_screen();
|
| 89 |
|
| 90 |
// check if we're on SVG Support settings page
|
| 91 |
-
if ( is_object($screen) && $screen->id == 'settings_page_svg-support' ) {
|
| 92 |
|
| 93 |
return true;
|
| 94 |
|
|
@@ -110,7 +127,7 @@ function bodhi_svgs_specific_pages_media_library() {
|
|
| 110 |
$screen = get_current_screen();
|
| 111 |
|
| 112 |
// check if we're on Media Library page
|
| 113 |
-
if ( is_object($screen) && $screen->id == 'upload' ) {
|
| 114 |
|
| 115 |
return true;
|
| 116 |
|
| 46 |
|
| 47 |
}
|
| 48 |
|
| 49 |
+
/**
|
| 50 |
+
* Sanitize class before saving
|
| 51 |
+
*/
|
| 52 |
+
|
| 53 |
+
function bodhi_sanitize_fields( $value ) {
|
| 54 |
+
|
| 55 |
+
$value['css_target'] = esc_attr( sanitize_text_field( $value['css_target'] ) );
|
| 56 |
+
|
| 57 |
+
return $value;
|
| 58 |
+
|
| 59 |
+
}
|
| 60 |
+
|
| 61 |
+
|
| 62 |
/**
|
| 63 |
* Register settings in the database
|
| 64 |
*/
|
| 65 |
function bodhi_svgs_register_settings() {
|
| 66 |
|
| 67 |
+
$args = array(
|
| 68 |
+
'sanitize_callback' => 'bodhi_sanitize_fields'
|
| 69 |
+
);
|
| 70 |
+
|
| 71 |
+
register_setting( 'bodhi_svgs_settings_group', 'bodhi_svgs_settings', $args );
|
| 72 |
|
| 73 |
}
|
| 74 |
add_action( 'admin_init', 'bodhi_svgs_register_settings' );
|
| 105 |
$screen = get_current_screen();
|
| 106 |
|
| 107 |
// check if we're on SVG Support settings page
|
| 108 |
+
if ( is_object( $screen ) && $screen->id == 'settings_page_svg-support' ) {
|
| 109 |
|
| 110 |
return true;
|
| 111 |
|
| 127 |
$screen = get_current_screen();
|
| 128 |
|
| 129 |
// check if we're on Media Library page
|
| 130 |
+
if ( is_object( $screen ) && $screen->id == 'upload' ) {
|
| 131 |
|
| 132 |
return true;
|
| 133 |
|
admin/svgs-settings-page.php
CHANGED
|
@@ -138,7 +138,7 @@
|
|
| 138 |
<label for="bodhi_svgs_settings[css_target]"><strong><?php _e( 'CSS Class to target', 'svg-support' ); ?></strong></label>
|
| 139 |
</th>
|
| 140 |
<td>
|
| 141 |
-
<input id="bodhi_svgs_settings[css_target]" class="all-options code" name="bodhi_svgs_settings[css_target]" type="text" value="<?php if( isset( $bodhi_svgs_options['css_target'] ) ) echo $bodhi_svgs_options['css_target']; ?>"><br /><small class="description"><?php _e( 'The default target class is <code>style-svg</code>. You can change it to your own class such as <code>my-class</code> by typing it here.<br />Leave blank to use the default class.', 'svg-support' ); ?></small>
|
| 142 |
</td>
|
| 143 |
</tr>
|
| 144 |
|
| 138 |
<label for="bodhi_svgs_settings[css_target]"><strong><?php _e( 'CSS Class to target', 'svg-support' ); ?></strong></label>
|
| 139 |
</th>
|
| 140 |
<td>
|
| 141 |
+
<input id="bodhi_svgs_settings[css_target]" class="all-options code" name="bodhi_svgs_settings[css_target]" type="text" value="<?php if( isset( $bodhi_svgs_options['css_target'] ) ) echo esc_attr($bodhi_svgs_options['css_target']); ?>"><br /><small class="description"><?php _e( 'The default target class is <code>style-svg</code>. You can change it to your own class such as <code>my-class</code> by typing it here.<br />Leave blank to use the default class.', 'svg-support' ); ?></small>
|
| 142 |
</td>
|
| 143 |
</tr>
|
| 144 |
|
functions/attribute-control.php
CHANGED
|
@@ -34,7 +34,7 @@ if ( bodhi_svgs_advanced_mode() ) {
|
|
| 34 |
if ( strpos( $html, '.svg' ) !== FALSE ) {
|
| 35 |
|
| 36 |
// strip html for svg files
|
| 37 |
-
$html = preg_replace( '/(width|height|title|alt|class)=".*"\s/', 'class="' . $class . '"', $html )
|
| 38 |
|
| 39 |
} else {
|
| 40 |
|
| 34 |
if ( strpos( $html, '.svg' ) !== FALSE ) {
|
| 35 |
|
| 36 |
// strip html for svg files
|
| 37 |
+
$html = preg_replace( '/(width|height|title|alt|class)=".*"\s/', 'class="' . esc_attr($class) . '"', $html );
|
| 38 |
|
| 39 |
} else {
|
| 40 |
|
functions/enqueue.php
CHANGED
|
@@ -78,8 +78,8 @@ function bodhi_svgs_inline() {
|
|
| 78 |
|
| 79 |
// use custom class if set
|
| 80 |
$css_target_array = array(
|
| 81 |
-
'Bodhi' => 'img.'. $bodhi_svgs_options['css_target'],
|
| 82 |
-
'ForceInlineSVG' => $bodhi_svgs_options['css_target']
|
| 83 |
);
|
| 84 |
|
| 85 |
} else {
|
|
@@ -99,7 +99,7 @@ function bodhi_svgs_inline() {
|
|
| 99 |
|
| 100 |
// if custom target is set, use that, otherwise use default
|
| 101 |
if ( ! empty( $bodhi_svgs_options['css_target'] ) ) {
|
| 102 |
-
$css_target = 'img.'. $bodhi_svgs_options['css_target'];
|
| 103 |
} else {
|
| 104 |
$css_target = 'img.style-svg';
|
| 105 |
}
|
| 78 |
|
| 79 |
// use custom class if set
|
| 80 |
$css_target_array = array(
|
| 81 |
+
'Bodhi' => 'img.'. esc_attr($bodhi_svgs_options['css_target']),
|
| 82 |
+
'ForceInlineSVG' => esc_attr($bodhi_svgs_options['css_target'])
|
| 83 |
);
|
| 84 |
|
| 85 |
} else {
|
| 99 |
|
| 100 |
// if custom target is set, use that, otherwise use default
|
| 101 |
if ( ! empty( $bodhi_svgs_options['css_target'] ) ) {
|
| 102 |
+
$css_target = 'img.'. esc_attr($bodhi_svgs_options['css_target']);
|
| 103 |
} else {
|
| 104 |
$css_target = 'img.style-svg';
|
| 105 |
}
|
readme.txt
CHANGED
|
@@ -1,11 +1,11 @@
|
|
| 1 |
=== SVG Support ===
|
| 2 |
Contributors: Benbodhi
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=Z9R7JERS82EQQ
|
| 4 |
-
Tags: svg, vector, safesvg, css, style, mime, mime type, embed, img, inline, animation, animate, js
|
| 5 |
Requires at least: 4.8
|
| 6 |
-
Tested up to: 5.
|
| 7 |
Requires PHP: 5.2
|
| 8 |
-
Stable tag: 2.3.
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
|
@@ -140,6 +140,9 @@ You need to add the mime type for svg and svgz to: "MLA Settings > Media Library
|
|
| 140 |
|
| 141 |
== Changelog ==
|
| 142 |
|
|
|
|
|
|
|
|
|
|
| 143 |
= 2.3.19 =
|
| 144 |
* Fixed PHP Warning from localize_script in functions/enqueue.php.
|
| 145 |
* Added a check for SRC attribute in js/svgs-inline.js.
|
|
@@ -318,6 +321,9 @@ You need to add the mime type for svg and svgz to: "MLA Settings > Media Library
|
|
| 318 |
|
| 319 |
== Upgrade Notice ==
|
| 320 |
|
|
|
|
|
|
|
|
|
|
| 321 |
= 2.3.19 =
|
| 322 |
Quick update to address PHP warnings from localize_script and to add a SRC check.
|
| 323 |
|
| 1 |
=== SVG Support ===
|
| 2 |
Contributors: Benbodhi
|
| 3 |
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=Z9R7JERS82EQQ
|
| 4 |
+
Tags: svg, vector, safesvg, safe svg, css, style, mime, mime type, embed, img, inline, animation, animate, js
|
| 5 |
Requires at least: 4.8
|
| 6 |
+
Tested up to: 5.9-RC1-52446
|
| 7 |
Requires PHP: 5.2
|
| 8 |
+
Stable tag: 2.3.20
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
| 140 |
|
| 141 |
== Changelog ==
|
| 142 |
|
| 143 |
+
= 2.3.20 =
|
| 144 |
+
* Fixed admin setting not being escaped when output.
|
| 145 |
+
|
| 146 |
= 2.3.19 =
|
| 147 |
* Fixed PHP Warning from localize_script in functions/enqueue.php.
|
| 148 |
* Added a check for SRC attribute in js/svgs-inline.js.
|
| 321 |
|
| 322 |
== Upgrade Notice ==
|
| 323 |
|
| 324 |
+
= 2.3.20 =
|
| 325 |
+
Added more security.
|
| 326 |
+
|
| 327 |
= 2.3.19 =
|
| 328 |
Quick update to address PHP warnings from localize_script and to add a SRC check.
|
| 329 |
|
svg-support.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: SVG Support
|
| 4 |
Plugin URI: http://wordpress.org/plugins/svg-support/
|
| 5 |
Description: Upload SVG files to the Media Library and render SVG files inline for direct styling/animation of an SVG's internal elements using CSS/JS.
|
| 6 |
-
Version: 2.3.
|
| 7 |
Author: Benbodhi
|
| 8 |
Author URI: https://benbodhi.com
|
| 9 |
Text Domain: svg-support
|
|
@@ -22,7 +22,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
| 22 |
/**
|
| 23 |
* Global variables
|
| 24 |
*/
|
| 25 |
-
$svgs_plugin_version = '2.3.
|
| 26 |
$plugin_file = plugin_basename(__FILE__); // plugin file for reference
|
| 27 |
define( 'BODHI_SVGS_PLUGIN_PATH', plugin_dir_path( __FILE__ ) ); // define the absolute plugin path for includes
|
| 28 |
define( 'BODHI_SVGS_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); // define the plugin url for use in enqueue
|
| 3 |
Plugin Name: SVG Support
|
| 4 |
Plugin URI: http://wordpress.org/plugins/svg-support/
|
| 5 |
Description: Upload SVG files to the Media Library and render SVG files inline for direct styling/animation of an SVG's internal elements using CSS/JS.
|
| 6 |
+
Version: 2.3.20
|
| 7 |
Author: Benbodhi
|
| 8 |
Author URI: https://benbodhi.com
|
| 9 |
Text Domain: svg-support
|
| 22 |
/**
|
| 23 |
* Global variables
|
| 24 |
*/
|
| 25 |
+
$svgs_plugin_version = '2.3.20'; // for use on admin pages
|
| 26 |
$plugin_file = plugin_basename(__FILE__); // plugin file for reference
|
| 27 |
define( 'BODHI_SVGS_PLUGIN_PATH', plugin_dir_path( __FILE__ ) ); // define the absolute plugin path for includes
|
| 28 |
define( 'BODHI_SVGS_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); // define the plugin url for use in enqueue
|
