commit: 10a9ee4edcef60c2189085d8ebd2cc0d31b62126 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Wed Jan 2 03:17:02 2019 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Wed Jan 2 03:17:02 2019 +0000 URL: https://gitweb.gentoo.org/proj/blogs-gentoo.git/commit/?id=10a9ee4e
Update easy-table 1.8 Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> plugins/easy-table/easy-table.php | 56 ++++++++++----------------------------- plugins/easy-table/readme.txt | 12 ++++++--- 2 files changed, 23 insertions(+), 45 deletions(-) diff --git a/plugins/easy-table/easy-table.php b/plugins/easy-table/easy-table.php index 4bfe285..1ade56f 100644 --- a/plugins/easy-table/easy-table.php +++ b/plugins/easy-table/easy-table.php @@ -4,7 +4,7 @@ Plugin Name: Easy Table Plugin URI: http://takien.com/ Description: Create table in post, page, or widget in easy way. Author: Takien -Version: 1.6 +Version: 1.8 Author URI: http://takien.com/ */ @@ -106,7 +106,7 @@ function __construct(){ private function easy_table_base($return){ $easy_table_base = Array( 'name' => 'Easy Table', - 'version' => '1.6', + 'version' => '1.8', 'plugin-domain' => 'easy-table' ); return $easy_table_base[$return]; @@ -570,23 +570,24 @@ function themes(){ } return $themes; } -function theme_content() { - if(!isset($_GET['edit'])) { - return false; - } - $theme = $_GET['edit']; - $dir = plugin_dir_path(__FILE__).'themes/'; - if(is_writable($dir.$theme.'/style.css')) { - return file_get_contents($dir.$theme.'/style.css'); - } -} + /** * Register plugin setting +* @since: 1.7 add sanitize_callback */ function easy_table_register_setting() { - register_setting('easy_table_option_field', 'easy_table_plugin_option'); + $args = array('sanitize_callback'=> array(&$this,'easy_table_sanitize_callback')); + register_setting('easy_table_option_field', 'easy_table_plugin_option', $args); } +/** +* Add sanitize_callback to register_setting to filter the options value +* @since: 1.7 +*/ + +function easy_table_sanitize_callback ( $value ) { + return filter_var( $value,FILTER_CALLBACK, array("options"=>"strip_tags")); +} /** * Render form * @param array @@ -1085,35 +1086,6 @@ col4,col5,col6 </div> <div class="clear"></div> -<?php elseif($_GET['gettab'] == 'themes') : ?> - <h3><?php _e('Easy Table theme editor');?></h3> - - <div class="row"> - <div class="columns nine"> - <textarea name="" id="easy-table-theme-editor"><?php echo esc_textarea($this->theme_content());?></textarea> - <input type="submit" class="button primary" value="Save"/> - </div> - <div class="columns three"> - <ul> - <?php - foreach($this->themes() as $theme) { - echo ' - <li><a href="#">'.$theme.'</a> - <a href="options-general.php?page=easy-table&gettab=themes&edit='.$theme.'">edit</a> - <a href="&edit-theme=1&clone=1#">clone</a> - <a href="#">delete</a> - <a href="#">preview</a> - </li>'; - } - ?> - </ul> - <form action=""> - New theme: <br/> - <input type="text" value="" placeholder="Theme name" name="themename"/> - <input type="submit" value="Create"/> - </form> - </div> - </div> <?php elseif($_GET['gettab'] == 'support') : ?> <p>To ask question, please visit this plugin support on WordPress.org</p> diff --git a/plugins/easy-table/readme.txt b/plugins/easy-table/readme.txt index 4e09bf5..96036d6 100644 --- a/plugins/easy-table/readme.txt +++ b/plugins/easy-table/readme.txt @@ -2,9 +2,9 @@ Contributors: takien Donate link: http://takien.com/donate Tags: table,csv,csv-to-table,post,excel,csv file,widget,tablesorter -Requires at least: 3.0 -Tested up to: 4.4.1 -Stable tag: 1.6 +Requires at least: 4.0 +Tested up to: 4.9.8 +Stable tag: 1.8 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -248,6 +248,12 @@ No == Changelog == += 1.8 = +* Remove unused and unsafe code that made this plugin taken down from repository. + += 1.7 = +* Add filter to the option values to prevent security issues (Vulnerability reported by Manuel Garcia Cardenas) + = 1.6 = * Added: exclude_row, exclude_col argument. Useful to hide sort of rows or columns from your data. * Added: sslverify=false to wp_remote_get $args
