diff --git a/.gitignore b/.gitignore index a0e3f08..67257d1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +.ds_store .vscode .sass-cache node_modules/ diff --git a/includes/class.media.php b/includes/class.media.php index f4e47a2..4e9451f 100644 --- a/includes/class.media.php +++ b/includes/class.media.php @@ -202,7 +202,7 @@ function upload_url($url, $type = null) { if ( count($tb) ) $url = add_query_arg($tb, $url); } - return $url; + return sanitize_url( $url ); } /** @@ -263,7 +263,7 @@ function upload_media() { /* Send image data to main post edit form and close popup */ //Get Attachment ID $args = new stdClass(); - $args->id = $this->util->array_key_first( $_POST[ $this->var_setmedia ] ); + $args->id = esc_attr( $this->util->array_key_first( $_POST[ $this->var_setmedia ] ) ); //Make sure post is valid if ( wp_attachment_is_image($args->id) ) { $p = $this->get_request_props(); @@ -311,7 +311,7 @@ function upload_media() { //Display default UI //Determine media type - $type = ( isset($_REQUEST['type']) ) ? $_REQUEST['type'] : $this->var_type; + $type = ( isset($_REQUEST['type']) ) ? esc_attr( $_REQUEST['type'] ) : $this->var_type; //Determine UI to use (disk or URL upload) $upload_form = ( isset($_GET['tab']) && 'type_url' == $_GET['tab'] ) ? 'media_upload_type_url_form' : 'media_upload_type_form'; //Load UI diff --git a/includes/class.utilities.php b/includes/class.utilities.php index feefa77..b7d06bc 100644 --- a/includes/class.utilities.php +++ b/includes/class.utilities.php @@ -75,7 +75,7 @@ function is_admin_management_page() { && ( $this->is_file('edit.php') || ( $this->is_file('admin.php') && isset($_GET['page']) - && strpos($_GET['page'], 'cnr') === 0 ) + && strpos($_GET['page'], 'fvrt') === 0 ) ) ); } @@ -213,11 +213,12 @@ function get_action($default = null) { $action = ''; //Check if action is set in URL - if ( isset($_GET['action']) ) - $action = $_GET['action']; + if ( isset($_GET['action']) ) { + $action = esc_attr( $_GET['action'] ); + } //Otherwise, Determine action based on plugin plugin admin page suffix elseif ( isset($_GET['page']) && ($pos = strrpos($_GET['page'], '-')) && $pos !== false && ( $pos != count($_GET['page']) - 1 ) ) - $action = trim(substr($_GET['page'], $pos + 1), '-_'); + $action = trim( esc_attr( substr( $_GET['page'], $pos + 1 ) ), '-_'); //Determine action for core admin pages if ( ! isset($_GET['page']) || empty($action) ) { @@ -682,7 +683,7 @@ class FVRT_Debug { /* Constructor */ - function CNR_Debug() { + function FVRT_Debug() { $this->__construct(); } @@ -765,7 +766,7 @@ function timer_show($name = 'default', $format = 'Elapsed time: %s') { * Retrieve current function name * @param string|array $properties (optional) Properties to retrieve for current function * @return string|array Current function properties. Default: function name. Will return array if multiple properties are requested - * @see CNR_Debug::backtrace + * @see FVRT_Debug::backtrace */ function get_current($properties = 'function') { return $this->backtrace($properties, 1, 2); @@ -775,7 +776,7 @@ function get_current($properties = 'function') { * Retrieves calling function name * @param string|array $properties (optional) Properties to retrieve for caller * @return string|array Calling function properties. Default: function name. Will return array if multiple properties are requested - * @see CNR_Debug::backtrace + * @see FVRT_Debug::backtrace */ function get_caller($properties = 'function') { return $this->backtrace($properties, 1, 3); diff --git a/js/admin.js b/js/admin.js index 6aca990..39fa10c 100644 --- a/js/admin.js +++ b/js/admin.js @@ -43,7 +43,7 @@ if ( typeof(fvrt) != 'object' ) fvrt.setupActions = function() { //Get remove links on page var t = this; - $(this.buildSelector('item', 'remove')).live('click', function() { + $(this.buildSelector('item', 'remove')).on('click', function() { t.removeItem(this); return false; }); diff --git a/main.php b/main.php index 2d06816..6189f9e 100644 --- a/main.php +++ b/main.php @@ -3,7 +3,7 @@ Plugin Name: Favicon Rotator Plugin URI: http://archetyped.com/tools/favicon-rotator/ Description: Easily set site favicon and even rotate through multiple icons -Version: 1.2.9 +Version: 1.2.11 Author: Archetyped Author URI: http://archetyped.com Text Domain: favicon-rotator diff --git a/model.php b/model.php index dd1fdca..deb3640 100644 --- a/model.php +++ b/model.php @@ -339,7 +339,7 @@ function save_icons($icons = null, $type = null) { foreach ( $this->get_icon_type_names() as $itype ) { $field = $field_base . $itype; if ( isset($_POST[$field]) ) { - $icons[$itype] = explode(',', $_POST[$field]); + $icons[$itype] = explode( ',', esc_attr( $_POST[$field] ) ); } } } diff --git a/readme.txt b/readme.txt index d1f93fc..ca21527 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: Archetyped Donate link: http://mycharitywater.org/archetyped-2012-fall Tags: favicon,icon,template,theme,customization,simple,media,touch,ios,android Requires at least: 5.4 -Tested up to: 5.5 +Tested up to: 6.4 Stable tag: trunk Easily set site favicon and even rotate through multiple icons @@ -51,6 +51,14 @@ No upgrade notices == Changelog == += 1.2.11 = +* Optimize: WordPress 6.4 Compatibility +* Optimize: Data validation/formatting +* Optimize: Internal code cleanup + += 1.2.10 = +* Optimize: WordPress 5.6 Compatibility + = 1.2.9 = * Optimize: WordPress 5.5 Compatibility