summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2019-01-01 22:17:02 -0500
committerAnthony G. Basile <blueness@gentoo.org>2019-01-01 22:17:02 -0500
commit10a9ee4edcef60c2189085d8ebd2cc0d31b62126 (patch)
treec071bcb2e0ab19a56518a960dd4ced92bc00b897
parentUpdate twentyfourteen 2.4 (diff)
downloadblogs-gentoo-10a9ee4edcef60c2189085d8ebd2cc0d31b62126.tar.gz
blogs-gentoo-10a9ee4edcef60c2189085d8ebd2cc0d31b62126.tar.bz2
blogs-gentoo-10a9ee4edcef60c2189085d8ebd2cc0d31b62126.zip
Update easy-table 1.8
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
-rw-r--r--plugins/easy-table/easy-table.php56
-rw-r--r--plugins/easy-table/readme.txt12
2 files changed, 23 insertions, 45 deletions
diff --git a/plugins/easy-table/easy-table.php b/plugins/easy-table/easy-table.php
index 4bfe2854..1ade56fc 100644
--- a/plugins/easy-table/easy-table.php
+++ b/plugins/easy-table/easy-table.php
@@ -4,7 +4,7 @@ Plugin Name: Easy Table
Plugin URI: http://takien.com/
Description: Create table in post, page, or widget in easy way.
Author: Takien
-Version: 1.6
+Version: 1.8
Author URI: http://takien.com/
*/
@@ -106,7 +106,7 @@ function __construct(){
private function easy_table_base($return){
$easy_table_base = Array(
'name' => 'Easy Table',
- 'version' => '1.6',
+ 'version' => '1.8',
'plugin-domain' => 'easy-table'
);
return $easy_table_base[$return];
@@ -570,23 +570,24 @@ function themes(){
}
return $themes;
}
-function theme_content() {
- if(!isset($_GET['edit'])) {
- return false;
- }
- $theme = $_GET['edit'];
- $dir = plugin_dir_path(__FILE__).'themes/';
- if(is_writable($dir.$theme.'/style.css')) {
- return file_get_contents($dir.$theme.'/style.css');
- }
-}
+
/**
* Register plugin setting
+* @since: 1.7 add sanitize_callback
*/
function easy_table_register_setting() {
- register_setting('easy_table_option_field', 'easy_table_plugin_option');
+ $args = array('sanitize_callback'=> array(&$this,'easy_table_sanitize_callback'));
+ register_setting('easy_table_option_field', 'easy_table_plugin_option', $args);
}
+/**
+* Add sanitize_callback to register_setting to filter the options value
+* @since: 1.7
+*/
+
+function easy_table_sanitize_callback ( $value ) {
+ return filter_var( $value,FILTER_CALLBACK, array("options"=>"strip_tags"));
+}
/**
* Render form
* @param array
@@ -1085,35 +1086,6 @@ col4,col5,col6
</div>
<div class="clear"></div>
-<?php elseif($_GET['gettab'] == 'themes') : ?>
- <h3><?php _e('Easy Table theme editor');?></h3>
-
- <div class="row">
- <div class="columns nine">
- <textarea name="" id="easy-table-theme-editor"><?php echo esc_textarea($this->theme_content());?></textarea>
- <input type="submit" class="button primary" value="Save"/>
- </div>
- <div class="columns three">
- <ul>
- <?php
- foreach($this->themes() as $theme) {
- echo '
- <li><a href="#">'.$theme.'</a>
- <a href="options-general.php?page=easy-table&gettab=themes&edit='.$theme.'">edit</a>
- <a href="&edit-theme=1&clone=1#">clone</a>
- <a href="#">delete</a>
- <a href="#">preview</a>
- </li>';
- }
- ?>
- </ul>
- <form action="">
- New theme: <br/>
- <input type="text" value="" placeholder="Theme name" name="themename"/>
- <input type="submit" value="Create"/>
- </form>
- </div>
- </div>
<?php elseif($_GET['gettab'] == 'support') : ?>
<p>To ask question, please visit this plugin support on WordPress.org</p>
diff --git a/plugins/easy-table/readme.txt b/plugins/easy-table/readme.txt
index 4e09bf50..96036d6e 100644
--- a/plugins/easy-table/readme.txt
+++ b/plugins/easy-table/readme.txt
@@ -2,9 +2,9 @@
Contributors: takien
Donate link: http://takien.com/donate
Tags: table,csv,csv-to-table,post,excel,csv file,widget,tablesorter
-Requires at least: 3.0
-Tested up to: 4.4.1
-Stable tag: 1.6
+Requires at least: 4.0
+Tested up to: 4.9.8
+Stable tag: 1.8
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -248,6 +248,12 @@ No
== Changelog ==
+= 1.8 =
+* Remove unused and unsafe code that made this plugin taken down from repository.
+
+= 1.7 =
+* Add filter to the option values to prevent security issues (Vulnerability reported by Manuel Garcia Cardenas)
+
= 1.6 =
* Added: exclude_row, exclude_col argument. Useful to hide sort of rows or columns from your data.
* Added: sslverify=false to wp_remote_get $args