WPFront Notification Bar - Version 2.0.0

Version Description

  • Breaking change added. Please read this link before upgrading.
  • Breaking change: Message text no longer allow script tags.
  • If you have script tags in your message text, use 'wpfront_notification_bar_message' filter to set your message.
  • This change is needed as per 'WordPress Plugin Review Team'.
  • More XSS fixes.
Download this release

Release Info

Developer syammohanm
Plugin Icon 128x128 WPFront Notification Bar
Version 2.0.0
Comparing to
See all releases

Code changes from version 1.9.2 to 2.0.0

Files changed (6) hide show
  1. classes/class-wpfront-notification-bar.php +5 -1
  2. readme.txt +12 -2
  3. templates/custom-css-template.php +1 -1
  4. templates/notification-bar-template.php +4 -2
  5. templates/options-template.php +1 -1
  6. wpfront-notification-bar.php +1 -1
classes/class-wpfront-notification-bar.php CHANGED
@@ -35,7 +35,7 @@ if (!class_exists('WPFront_Notification_Bar')) {
35
  class WPFront_Notification_Bar {
36
 
37
  //Constants
38
- const VERSION = '1.9.2.07163';
39
  const OPTIONS_GROUP_NAME = 'wpfront-notification-bar-options-group';
40
  const OPTION_NAME = 'wpfront-notification-bar-options';
41
  const PLUGIN_SLUG = 'wpfront-notification-bar';
@@ -395,6 +395,8 @@ if (!class_exists('WPFront_Notification_Bar')) {
395
  protected function get_message_text() {
396
  $message = $this->options->message();
397
 
 
 
398
  $message = apply_filters('wpfront_notification_bar_message', $message);
399
 
400
  if ($this->options->message_process_shortcode()) {
@@ -407,6 +409,8 @@ if (!class_exists('WPFront_Notification_Bar')) {
407
  protected function get_button_text() {
408
  $text = $this->options->button_text();
409
 
 
 
410
  $text = apply_filters('wpfront_notification_bar_button_text', $text);
411
 
412
  if ($this->options->message_process_shortcode()) {
35
  class WPFront_Notification_Bar {
36
 
37
  //Constants
38
+ const VERSION = '2.0.0.07176';
39
  const OPTIONS_GROUP_NAME = 'wpfront-notification-bar-options-group';
40
  const OPTION_NAME = 'wpfront-notification-bar-options';
41
  const PLUGIN_SLUG = 'wpfront-notification-bar';
395
  protected function get_message_text() {
396
  $message = $this->options->message();
397
 
398
+ $message = preg_replace('/<script\b[^>]*>[\s\S]*?<\/script\b[^>]*>/i', '', $message);
399
+
400
  $message = apply_filters('wpfront_notification_bar_message', $message);
401
 
402
  if ($this->options->message_process_shortcode()) {
409
  protected function get_button_text() {
410
  $text = $this->options->button_text();
411
 
412
+ $text = preg_replace('/<script\b[^>]*>[\s\S]*?<\/script\b[^>]*>/i', '', $text);
413
+
414
  $text = apply_filters('wpfront_notification_bar_button_text', $text);
415
 
416
  if ($this->options->message_process_shortcode()) {
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: syammohanm
3
  Donate link: http://wpfront.com/donate/
4
  Tags: notification bar, wordpress notification bar, top bar, bottom bar, notification, bar, quick bar, fixed bar, sticky bar, message bar, message, floating bar, notice, sticky header, special offer, discount offer, offer, important, attention bar, highlight bar, popup bar, hellobar, heads up, heads up bar, headsup, headsupbar, popup, Toolbar
5
  Requires at least: 5.0
6
- Tested up to: 5.7
7
  Requires PHP: 7.0
8
- Stable tag: 1.9.2
9
  License: GPLv3
10
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
11
 
@@ -68,6 +68,13 @@ The new version(1.3) allows you to filter the bar based on user roles. In this c
68
 
69
  == Changelog ==
70
 
 
 
 
 
 
 
 
71
  = 1.9.2 =
72
  * XSS fix on the settings page.
73
 
@@ -153,6 +160,9 @@ The new version(1.3) allows you to filter the bar based on user roles. In this c
153
 
154
  == Upgrade Notice ==
155
 
 
 
 
156
  = 1.9.2 =
157
  * XSS fix on the settings page.
158
 
3
  Donate link: http://wpfront.com/donate/
4
  Tags: notification bar, wordpress notification bar, top bar, bottom bar, notification, bar, quick bar, fixed bar, sticky bar, message bar, message, floating bar, notice, sticky header, special offer, discount offer, offer, important, attention bar, highlight bar, popup bar, hellobar, heads up, heads up bar, headsup, headsupbar, popup, Toolbar
5
  Requires at least: 5.0
6
+ Tested up to: 5.8
7
  Requires PHP: 7.0
8
+ Stable tag: 2.0.0
9
  License: GPLv3
10
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
11
 
68
 
69
  == Changelog ==
70
 
71
+ = 2.0.0 =
72
+ * Breaking change added. Please read [this link](https://wordpress.org/support/topic/v2-contain-breaking-changes/) before upgrading.
73
+ * Breaking change: Message text no longer allow script tags.
74
+ * If you have script tags in your message text, use 'wpfront_notification_bar_message' filter to set your message.
75
+ * This change is needed as per 'WordPress Plugin Review Team'.
76
+ * More XSS fixes.
77
+
78
  = 1.9.2 =
79
  * XSS fix on the settings page.
80
 
160
 
161
  == Upgrade Notice ==
162
 
163
+ = 2.0.0 =
164
+ * Please read change log before upgrading.
165
+
166
  = 1.9.2 =
167
  * XSS fix on the settings page.
168
 
templates/custom-css-template.php CHANGED
@@ -149,7 +149,7 @@ class WPFront_Notification_Bar_Custom_CSS_Template {
149
  }
150
 
151
  protected function custom_css() {
152
- echo $this->options->custom_css();
153
  }
154
 
155
  }
149
  }
150
 
151
  protected function custom_css() {
152
+ echo wp_strip_all_tags($this->options->custom_css(), true);
153
  }
154
 
155
  }
templates/notification-bar-template.php CHANGED
@@ -43,11 +43,13 @@ if (!$this->options->dynamic_css_use_url()) {
43
  ?>
44
 
45
 
46
- <?php if ($this->options->display_button() && $this->options->button_action() == 2) { ?>
 
 
47
  <script type="text/javascript">
48
  function wpfront_notification_bar_button_action_script() {
49
  try {
50
- <?php echo $this->options->button_action_javascript(); ?>
51
  } catch (err) {
52
  }
53
  }
43
  ?>
44
 
45
 
46
+ <?php if ($this->options->display_button() && $this->options->button_action() == 2) {
47
+ $js = preg_replace('/<\/script\b[^>]*>/i', '', $this->options->button_action_javascript()); ?>
48
+
49
  <script type="text/javascript">
50
  function wpfront_notification_bar_button_action_script() {
51
  try {
52
+ <?php echo $js; ?>
53
  } catch (err) {
54
  }
55
  }
templates/options-template.php CHANGED
@@ -280,7 +280,7 @@
280
  <td>
281
  <textarea rows="5" cols="75" name="<?php echo $this->options->message_name(); ?>"><?php echo esc_textarea($this->options->message()); ?></textarea>
282
  <br />
283
- <span class="description"><?php echo esc_html(__('[HTML tags are allowed. e.g. Add <br /> for break.]')); ?></span>
284
  </td>
285
  </tr>
286
  <tr>
280
  <td>
281
  <textarea rows="5" cols="75" name="<?php echo $this->options->message_name(); ?>"><?php echo esc_textarea($this->options->message()); ?></textarea>
282
  <br />
283
+ <span class="description"><?php echo esc_html(__('[HTML tags are allowed, except "<script>" tags. e.g. Add <br /> for break.]')); ?></span>
284
  </td>
285
  </tr>
286
  <tr>
wpfront-notification-bar.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: WPFront Notification Bar
4
  * Plugin URI: http://wpfront.com/notification-bar-plugin/
5
  * Description: Easily lets you create a bar on top or bottom to display a notification.
6
- * Version: 1.9.2.07163
7
  * Requires at least: 5.0
8
  * Requires PHP: 7.0
9
  * Author: Syam Mohan
3
  * Plugin Name: WPFront Notification Bar
4
  * Plugin URI: http://wpfront.com/notification-bar-plugin/
5
  * Description: Easily lets you create a bar on top or bottom to display a notification.
6
+ * Version: 2.0.0.07176
7
  * Requires at least: 5.0
8
  * Requires PHP: 7.0
9
  * Author: Syam Mohan