Changeset 2688648

Timestamp:

03/04/2022 05:04:28 AM (4 years ago)

Author:

buzztone

Message:

Fix security issues advised by WordPress Plugin Review Team

Location:

contact-form-7-skins

Files:

• tags/2.5.1/includes/style.php (modified) (5 diffs)
• tags/2.5.1/includes/tab.php (modified) (1 diff)
• tags/2.5.1/includes/template.php (modified) (1 diff)
• tags/2.5.1/index.php (modified) (1 diff)
• tags/2.5.1/readme.txt (modified) (1 diff)
• trunk/includes/style.php (modified) (5 diffs)
• trunk/includes/tab.php (modified) (1 diff)
• trunk/includes/template.php (modified) (1 diff)
• trunk/index.php (modified) (1 diff)
• trunk/readme.txt (modified) (1 diff)

contact-form-7-skins/tags/2.5.1/includes/style.php

@@ -227 +227 @@
                         echo '<div class="filters-group">';
                     }
-                    
-                    $feature_name = esc_html( $feature_name );
+
                     echo '<h4 class="feature-name">' . esc_attr( $feature_name ) . '</h4>';
                     echo '<ol class="feature-group">';
@@ -325 +324 @@
                         echo '<div class="filter-group">';
                     }
-                    $feature_name = esc_html( $feature_name );
-                    echo '<h4 class="feature-name">' . $feature_name . '</h4>';
+
+                    echo '<h4 class="feature-name">' . esc_attr( $feature_name ) . '</h4>';
                     echo '<ol class="feature-group">';
                     foreach ( $features as $feature => $feature_name ) {
@@ -399 +398 @@
                 $license = strpos( $style['path'], CF7SKINSPRO_PATH ) !== false ? 'pro' : $license;
             ?>
-            <div class="<?php echo $skin_class; ?>" data-name="<?php echo $key; ?>" data-date="<?php echo $date; ?>" data-license="<?php echo $license; ?>">
+            <div class="<?php echo esc_attr( $skin_class ); ?>" data-name="<?php echo esc_attr( $key ); ?>" data-date="<?php echo esc_attr( $date ); ?>" data-license="<?php echo esc_attr( $license ); ?>">
                 <div class="wrapper">
                     <h4 class="skin-name"><?php echo esc_attr( $style['details']['Style Name'] ); ?></h4>
@@ -408 +407 @@
                     </div>
                     <ul class="wp-clearfix skin-action">
-                        <li><a class="select<?php echo $class; ?> balloon" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.',$this->textdomain ); ?>" data-value="<?php $this->get_slug_name( $style ); ?>" href="#cf7s-style"><?php echo $select_text; ?></a></li>
+                        <li><a class="select<?php echo esc_attr( $class ); ?> balloon" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.',$this->textdomain ); ?>" data-value="<?php $this->get_slug_name( $style ); ?>" href="#cf7s-style"><?php echo esc_attr( $select_text ); ?></a></li>
                         <li><a class="detail balloon" title="<?php _e( 'Show detailed information about this Style - overview of the appearance and layout with description and usage details.' ,$this->textdomain ); ?>" href="#<?php $this->get_slug_name( $style ); ?>"><?php _e('Details', $this->textdomain ); ?></a></li>
                     </ul>
@@ -439 +438 @@
                     <ul class="wp-clearfix skin-action">
                         <li><a class="balloon view" data-value="<?php esc_attr( $this->get_slug_name( $style ) ); ?>" href="#cf7s-style" title="<?php _e( 'Use Expanded View to view Styles features - shows all form fields available in Contact Form 7.', $this->textdomain ); ?>"><?php _e('Expanded View', $this->textdomain ); ?></a></li>
-                        <li><a class="balloon select<?php echo $class; ?>" data-value="<?php esc_attr( $this->get_slug_name( $style ) ); ?>" href="#cf7s-style" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.', $this->textdomain ); ?>"><?php echo esc_attr( $select_text ); ?></a></li>
+                        <li><a class="balloon select<?php echo esc_attr( $class ); ?>" data-value="<?php esc_attr( $this->get_slug_name( $style ) ); ?>" href="#cf7s-style" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.', $this->textdomain ); ?>"><?php echo esc_attr( $select_text ); ?></a></li>
                         <li><a class="balloon close" href="#" title="<?php _e( 'Return to Style Gallery/Grid view.', $this->textdomain ); ?>"><?php _e('Close', $this->textdomain ); ?></a></li>
                     </ul>

contact-form-7-skins/tags/2.5.1/includes/tab.php

@@ -244 +244 @@
                     <a class="nav-tab nav-tab-<?php echo esc_attr( $value['name'] ); ?>" href="#tab-<?php echo esc_attr( $value['name'] ); ?>">
                         <?php echo esc_attr( $value['label'] ); ?>
-                        <span class="help balloon-hover balloon" title="<?php echo $value['note']; ?>">!</span>
-                        <span class="help balloon-hover balloon" title="<?php echo $value['help']; ?>">?</span>
+                        <span class="help balloon-hover balloon" title="<?php echo esc_attr( $value['note'] ); ?>">!</span>
+                        <span class="help balloon-hover balloon" title="<?php echo esc_attr( $value['help'] ); ?>">?</span>
                     </a>
                 <?php endforeach; ?>

contact-form-7-skins/tags/2.5.1/includes/template.php

@@ -411 +411 @@
                     </div>
                     <ul class="wp-clearfix skin-action">
-                        <li><a class="select<?php echo $class; ?> balloon" title="<?php _e( 'Select to apply the Template to your form - appears in the form editing area, where you can edit your requirements.',$this->textdomain ); ?>" data-post="<?php echo esc_attr( $post ); ?>" data-locale="<?php echo esc_attr( $locale ); ?>" data-value="<?php esc_attr( $this->get_slug_name( $template ) ); ?>" href="#cf7s-template"><?php echo esc_attr( $select_text ); ?></a></li>
+                        <li><a class="select<?php echo esc_attr( $class ); ?> balloon" title="<?php _e( 'Select to apply the Template to your form - appears in the form editing area, where you can edit your requirements.',$this->textdomain ); ?>" data-post="<?php echo esc_attr( $post ); ?>" data-locale="<?php echo esc_attr( $locale ); ?>" data-value="<?php esc_attr( $this->get_slug_name( $template ) ); ?>" href="#cf7s-template"><?php echo esc_attr( $select_text ); ?></a></li>
                         <li><a class="detail balloon" title="<?php _e( 'Show detailed information about this Template, with layout, description and usage details.' ,$this->textdomain ); ?>" href="#tpl-<?php esc_attr( $this->get_slug_name( $template ) ); ?>-detail"><?php _e('Details', $this->textdomain ); ?></a></li>
                     </ul>

contact-form-7-skins/tags/2.5.1/index.php

@@ -1 +1 @@
 <?php
 /**
- * Plugin Name: Contact Form 7 Skins
+ * Plugin Name: Skins for Contact Form 7
  * Plugin URI:  http://cf7skins.com
  * Description: Adds drag & drop Visual Editor with Templates & Styles to Contact Form 7. Requires Contact Form 7.

contact-form-7-skins/tags/2.5.1/readme.txt

@@ -1 @@
-=== Contact Form 7 Skins ===
+=== Skins for Contact Form 7 ===
 Contributors: buzztone
 Tags: contact form 7, contact form 7 addon, contact form 7 style, contact form 7 theme, contact form

contact-form-7-skins/trunk/includes/style.php

@@ -227 +227 @@
                         echo '<div class="filters-group">';
                     }
-                    
-                    $feature_name = esc_html( $feature_name );
+
                     echo '<h4 class="feature-name">' . esc_attr( $feature_name ) . '</h4>';
                     echo '<ol class="feature-group">';
@@ -325 +324 @@
                         echo '<div class="filter-group">';
                     }
-                    $feature_name = esc_html( $feature_name );
-                    echo '<h4 class="feature-name">' . $feature_name . '</h4>';
+
+                    echo '<h4 class="feature-name">' . esc_attr( $feature_name ) . '</h4>';
                     echo '<ol class="feature-group">';
                     foreach ( $features as $feature => $feature_name ) {
@@ -399 +398 @@
                 $license = strpos( $style['path'], CF7SKINSPRO_PATH ) !== false ? 'pro' : $license;
             ?>
-            <div class="<?php echo $skin_class; ?>" data-name="<?php echo $key; ?>" data-date="<?php echo $date; ?>" data-license="<?php echo $license; ?>">
+            <div class="<?php echo esc_attr( $skin_class ); ?>" data-name="<?php echo esc_attr( $key ); ?>" data-date="<?php echo esc_attr( $date ); ?>" data-license="<?php echo esc_attr( $license ); ?>">
                 <div class="wrapper">
                     <h4 class="skin-name"><?php echo esc_attr( $style['details']['Style Name'] ); ?></h4>
@@ -408 +407 @@
                     </div>
                     <ul class="wp-clearfix skin-action">
-                        <li><a class="select<?php echo $class; ?> balloon" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.',$this->textdomain ); ?>" data-value="<?php $this->get_slug_name( $style ); ?>" href="#cf7s-style"><?php echo $select_text; ?></a></li>
+                        <li><a class="select<?php echo esc_attr( $class ); ?> balloon" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.',$this->textdomain ); ?>" data-value="<?php $this->get_slug_name( $style ); ?>" href="#cf7s-style"><?php echo esc_attr( $select_text ); ?></a></li>
                         <li><a class="detail balloon" title="<?php _e( 'Show detailed information about this Style - overview of the appearance and layout with description and usage details.' ,$this->textdomain ); ?>" href="#<?php $this->get_slug_name( $style ); ?>"><?php _e('Details', $this->textdomain ); ?></a></li>
                     </ul>
@@ -439 +438 @@
                     <ul class="wp-clearfix skin-action">
                         <li><a class="balloon view" data-value="<?php esc_attr( $this->get_slug_name( $style ) ); ?>" href="#cf7s-style" title="<?php _e( 'Use Expanded View to view Styles features - shows all form fields available in Contact Form 7.', $this->textdomain ); ?>"><?php _e('Expanded View', $this->textdomain ); ?></a></li>
-                        <li><a class="balloon select<?php echo $class; ?>" data-value="<?php esc_attr( $this->get_slug_name( $style ) ); ?>" href="#cf7s-style" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.', $this->textdomain ); ?>"><?php echo esc_attr( $select_text ); ?></a></li>
+                        <li><a class="balloon select<?php echo esc_attr( $class ); ?>" data-value="<?php esc_attr( $this->get_slug_name( $style ) ); ?>" href="#cf7s-style" title="<?php _e( 'Select to apply the Style to your form - is applied to your form once you Save.', $this->textdomain ); ?>"><?php echo esc_attr( $select_text ); ?></a></li>
                         <li><a class="balloon close" href="#" title="<?php _e( 'Return to Style Gallery/Grid view.', $this->textdomain ); ?>"><?php _e('Close', $this->textdomain ); ?></a></li>
                     </ul>

contact-form-7-skins/trunk/includes/tab.php

@@ -244 +244 @@
                     <a class="nav-tab nav-tab-<?php echo esc_attr( $value['name'] ); ?>" href="#tab-<?php echo esc_attr( $value['name'] ); ?>">
                         <?php echo esc_attr( $value['label'] ); ?>
-                        <span class="help balloon-hover balloon" title="<?php echo $value['note']; ?>">!</span>
-                        <span class="help balloon-hover balloon" title="<?php echo $value['help']; ?>">?</span>
+                        <span class="help balloon-hover balloon" title="<?php echo esc_attr( $value['note'] ); ?>">!</span>
+                        <span class="help balloon-hover balloon" title="<?php echo esc_attr( $value['help'] ); ?>">?</span>
                     </a>
                 <?php endforeach; ?>

contact-form-7-skins/trunk/includes/template.php

@@ -411 +411 @@
                     </div>
                     <ul class="wp-clearfix skin-action">
-                        <li><a class="select<?php echo $class; ?> balloon" title="<?php _e( 'Select to apply the Template to your form - appears in the form editing area, where you can edit your requirements.',$this->textdomain ); ?>" data-post="<?php echo esc_attr( $post ); ?>" data-locale="<?php echo esc_attr( $locale ); ?>" data-value="<?php esc_attr( $this->get_slug_name( $template ) ); ?>" href="#cf7s-template"><?php echo esc_attr( $select_text ); ?></a></li>
+                        <li><a class="select<?php echo esc_attr( $class ); ?> balloon" title="<?php _e( 'Select to apply the Template to your form - appears in the form editing area, where you can edit your requirements.',$this->textdomain ); ?>" data-post="<?php echo esc_attr( $post ); ?>" data-locale="<?php echo esc_attr( $locale ); ?>" data-value="<?php esc_attr( $this->get_slug_name( $template ) ); ?>" href="#cf7s-template"><?php echo esc_attr( $select_text ); ?></a></li>
                         <li><a class="detail balloon" title="<?php _e( 'Show detailed information about this Template, with layout, description and usage details.' ,$this->textdomain ); ?>" href="#tpl-<?php esc_attr( $this->get_slug_name( $template ) ); ?>-detail"><?php _e('Details', $this->textdomain ); ?></a></li>
                     </ul>

contact-form-7-skins/trunk/index.php

@@ -1 +1 @@
 <?php
 /**
- * Plugin Name: Contact Form 7 Skins
+ * Plugin Name: Skins for Contact Form 7
  * Plugin URI:  http://cf7skins.com
  * Description: Adds drag & drop Visual Editor with Templates & Styles to Contact Form 7. Requires Contact Form 7.

contact-form-7-skins/trunk/readme.txt

@@ -1 @@
-=== Contact Form 7 Skins ===
+=== Skins for Contact Form 7 ===
 Contributors: buzztone
 Tags: contact form 7, contact form 7 addon, contact form 7 style, contact form 7 theme, contact form