Changeset 3201393

Timestamp:

12/03/2024 07:20:48 AM (16 months ago)

Author:

gqevu6bsiz

Message:

1.24.1 2024-12-03

• Updated: For WordPress 6.7.
• Changed: How to get the wp version and offset seconds.
• Changed: Late include the JS and CSS on admin and frontend and login.
• Fixed: Escape and sanitize the some values.

Location:

my-wp/trunk

Files:

• controller/abstract.controller.toolbar.module.php (modified) (3 diffs)
• controller/modules/mywp.controller.module.admin.comments.php (modified) (1 diff)
• controller/modules/mywp.controller.module.admin.dashboard.php (modified) (3 diffs)
• controller/modules/mywp.controller.module.admin.general.php (modified) (5 diffs)
• controller/modules/mywp.controller.module.admin.post.edit.php (modified) (1 diff)
• controller/modules/mywp.controller.module.admin.posts.php (modified) (8 diffs)
• controller/modules/mywp.controller.module.admin.sidebar.php (modified) (4 diffs)
• controller/modules/mywp.controller.module.admin.terms.php (modified) (1 diff)
• controller/modules/mywp.controller.module.admin.uploads.php (modified) (1 diff)
• controller/modules/mywp.controller.module.admin.users.php (modified) (1 diff)
• controller/modules/mywp.controller.module.frontend.general.php (modified) (2 diffs)
• controller/modules/mywp.controller.module.login.general.php (modified) (8 diffs)
• core/class.helper.php (modified) (1 diff)
• developer/modules/mywp.developer.module.core.environment.php (modified) (2 diffs)
• mywp.php (modified) (3 diffs)
• post-type/modules/mywp.post-type.module.admin.sidebar.php (modified) (6 diffs)
• post-type/modules/mywp.post-type.module.admin.toolbar.php (modified) (6 diffs)
• post-type/modules/mywp.post-type.module.front.toolbar.php (modified) (6 diffs)
• post-type/modules/mywp.post-type.module.logger.php (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• setting/abstract.setting.columns.module.php (modified) (3 diffs)
• setting/abstract.setting.toolbar.module.php (modified) (4 diffs)
• setting/modules/mywp.setting.admin.comments.php (modified) (2 diffs)
• setting/modules/mywp.setting.admin.dashboard.php (modified) (1 diff)
• setting/modules/mywp.setting.admin.general.php (modified) (1 diff)
• setting/modules/mywp.setting.admin.post-edit.php (modified) (1 diff)
• setting/modules/mywp.setting.admin.posts.php (modified) (2 diffs)
• setting/modules/mywp.setting.admin.sidebar.php (modified) (4 diffs)
• setting/modules/mywp.setting.admin.terms.php (modified) (2 diffs)
• setting/modules/mywp.setting.admin.uploads.php (modified) (2 diffs)
• setting/modules/mywp.setting.admin.users.php (modified) (2 diffs)
• setting/modules/mywp.setting.debug.crons.php (modified) (2 diffs)
• setting/modules/mywp.setting.debug.datetime.php (modified) (1 diff)
• setting/modules/mywp.setting.debug.transients.php (modified) (3 diffs)
• setting/modules/mywp.setting.login.general.php (modified) (1 diff)
• setting/modules/mywp.setting.update.bulk-post-meta.php (modified) (4 diffs)

my-wp/trunk/controller/abstract.controller.toolbar.module.php

@@ -1108 +1108 @@
     } elseif( $item_type === 'custom' ) {
 
-      $item_meta['html'] = do_shortcode( $item->item_custom_html );
+      $item_meta['html'] = wp_kses_post( do_shortcode( $item->item_custom_html ) );
 
     }
@@ -1134 +1134 @@
     } else {
 
-      $title = sprintf( '<span class="%s">%s</span>' , esc_attr( $title_class ) , $item->item_link_title );
+      $title = sprintf( '<span class="%s">%s</span>' , esc_attr( $title_class ) , wp_kses_post( $item->item_link_title ) );
 
     }
@@ -1140 +1140 @@
     if( empty( $node_group ) ) {
 
-      $add_menu = array( 'id' => $node_id , 'title' => $title , 'parent' => $node_parent , 'href' => $item->item_link_url , 'meta' => $item_meta );
+      $add_menu = array( 'id' => $node_id , 'title' => wp_kses_post( $title ) , 'parent' => $node_parent , 'href' => $item->item_link_url , 'meta' => $item_meta );
 
       $wp_admin_bar->add_menu( $add_menu );

my-wp/trunk/controller/modules/mywp.controller.module.admin.comments.php

@@ -227 +227 @@
     }
 
+    $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+    $wp_kses_allowed_html['input'] = array(
+      'type' => 1,
+      'class' => 1,
+      'id' => 1,
+    );
+
     $columns = array();
 
     foreach( $setting_data['list_columns'] as $column_id => $column_setting ) {
 
-      $columns[ $column_id ] = $column_setting['title'];
+      $columns[ $column_id ] = wp_kses( $column_setting['title'] , $wp_kses_allowed_html );
 
     }

my-wp/trunk/controller/modules/mywp.controller.module.admin.dashboard.php

@@ -159 +159 @@
     foreach( $hide_meta_boxes as $meta_box_id ) {
 
-      printf( '.postbox#%s { height: 0; overflow: hidden; margin: 0; box-shadow: none; border: 0 none; }' , $meta_box_id );
+      printf( '.postbox#%s { height: 0; overflow: hidden; margin: 0; box-shadow: none; border: 0 none; }' , esc_attr( $meta_box_id ) );
 
     }
@@ -169 +169 @@
     foreach( $hide_meta_boxes as $meta_box_id ) {
 
-      printf( '$("#screen-options-wrap .metabox-prefs label[for=%s-hide]").css("display", "none");' , $meta_box_id );
+      printf( '$("#screen-options-wrap .metabox-prefs label[for=%s-hide]").css("display", "none");' , esc_attr( $meta_box_id ) );
 
     }
@@ -349 +349 @@
           }
 
-          $wp_meta_boxes['dashboard'][ $context ][ $priority ][ $meta_box_id ]['title'] = do_shortcode( $change_title_meta_boxes[ $meta_box_id ] );
+          $wp_meta_boxes['dashboard'][ $context ][ $priority ][ $meta_box_id ]['title'] = wp_kses_post( do_shortcode( $change_title_meta_boxes[ $meta_box_id ] ) );
 
         }

my-wp/trunk/controller/modules/mywp.controller.module.admin.general.php

@@ -111 +111 @@
     add_action( 'admin_enqueue_scripts' , array( __CLASS__ , 'admin_enqueue_scripts' ) );
 
-    add_action( 'admin_enqueue_scripts' , array( __CLASS__ , 'include_jc_css' ) );
+    add_action( 'admin_enqueue_scripts' , array( __CLASS__ , 'include_jc_css' ) , 9999 );
 
     add_action( 'admin_print_styles' , array( __CLASS__ , 'hide_screen_tabs' ) );
@@ -472 +472 @@
   public static function custom_footer_text() {
 
-    global $wp_version;
     global $post;
 
@@ -499 +498 @@
     add_filter( 'mywp_controller_admin_general_custom_footer_text' , 'prepend_attachment' );
 
-    if( version_compare( $wp_version , '5.7.0' , '>=' ) ) {
+    if( version_compare( MywpHelper::get_wp_version() , '5.7.0' , '>=' ) ) {
 
       add_filter( 'mywp_controller_admin_general_custom_footer_text' , 'wp_replace_insecure_home_url' );
@@ -507 +506 @@
     add_filter( 'mywp_controller_admin_general_custom_footer_text' , 'do_shortcode' , 11 );
 
-    if( version_compare( $wp_version , '5.5.0' , '>=' ) ) {
+    if( version_compare( MywpHelper::get_wp_version() , '5.5.0' , '>=' ) ) {
 
       add_filter( 'mywp_controller_admin_general_custom_footer_text' , 'wp_filter_content_tags' , 12 );
@@ -524 +523 @@
 
     <div id="mywp-custom-footer-text">
-      <?php echo $custom_footer_text; ?>
+      <?php echo wp_kses_post( $custom_footer_text ); ?>
     </div>
 

my-wp/trunk/controller/modules/mywp.controller.module.admin.post.edit.php

@@ -975 +975 @@
           }
 
-          $wp_meta_boxes[ self::$post_type ][ $context ][ $priority ][ $meta_box_id ]['title'] = do_shortcode( $change_title_meta_boxes[ $meta_box_id ] );
+          $wp_meta_boxes[ self::$post_type ][ $context ][ $priority ][ $meta_box_id ]['title'] = wp_kses_post( do_shortcode( $change_title_meta_boxes[ $meta_box_id ] ) );
 
         }

my-wp/trunk/controller/modules/mywp.controller.module.admin.posts.php

@@ -499 +499 @@
     }
 
+    $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+    $wp_kses_allowed_html['input'] = array(
+      'type' => 1,
+      'class' => 1,
+      'id' => 1,
+    );
+
     $columns = array();
 
     foreach( $setting_data['list_columns'] as $column_id => $column_setting ) {
 
-      $columns[ $column_id ] = do_shortcode( $column_setting['title'] );
+      $columns[ $column_id ] = wp_kses( do_shortcode( $column_setting['title'] ) , $wp_kses_allowed_html );
 
     }
@@ -545 +553 @@
     } elseif( $column_id === 'mywp_column_slug' ) {
 
-      echo sanitize_title( $post->post_name );
+      echo esc_html( $post->post_name );
 
     } elseif( $column_id === 'mywp_column_excerpt' ) {
@@ -969 +977 @@
   }
 
-  private static function get_post_statuses() {
+  private static function get_post_statuses( $post_type = false ) {
 
     global $wp_post_statuses;
@@ -975 +983 @@
     $post_statuses = array();
 
+    $post_type = MywpHelper::sanitize_text( $post_type );
+
+    if( empty( $post_type ) ) {
+
+      return $post_statuses;
+
+    }
+
     foreach( $wp_post_statuses as $post_status => $wp_post_status ) {
 
-      /*
-      if( ! in_array( $post_status , array( 'draft' , 'publish' , 'trash' , 'private' ) ) ) {
+      if( in_array( $post_status , array( 'auto-draft' ) ) ) {
 
         continue;
 
       }
-      */
 
       $post_statuses[ $post_status ] = $wp_post_status->label;
@@ -989 +1003 @@
     }
 
+    $post_statuses = apply_filters( 'mywp_controller_admin_posts_get_post_statuses' , $post_statuses , $post_type );
+
+    $post_statuses = apply_filters( 'mywp_controller_admin_posts_get_post_statuses-' . $post_type , $post_statuses );
+
     return $post_statuses;
 
@@ -1031 +1049 @@
       $post_status = MywpHelper::sanitize_text( $custom_search_filter_requests['mywp_custom_search_post_status'] );
 
-      $post_statuses = self::get_post_statuses();
+      $post_statuses = self::get_post_statuses( self::$post_type );
 
       if( ! empty( $post_statuses[ $post_status ] ) ) {
@@ -1132 +1150 @@
           'field' => 'term_id',
           'terms' => $term_ids,
-          'operator' => 'AND',
+          'operator' => 'IN',
         );
 
@@ -1182 +1200 @@
     );
 
-    $post_statuses = self::get_post_statuses();
+    $post_statuses = self::get_post_statuses( self::$post_type );
 
     $custom_search_filter_fields['mywp_custom_search_post_status']['choices'] = $post_statuses;

my-wp/trunk/controller/modules/mywp.controller.module.admin.sidebar.php

@@ -1003 +1003 @@
     if( $item_type === 'custom' ) {
 
-      echo do_shortcode( $item->item_custom_html );
+      echo wp_kses_post( do_shortcode( $item->item_custom_html ) );
 
     } elseif( $item_type === 'separator' ) {
@@ -1083 +1083 @@
       } elseif( ! empty( $icon_class ) or ! empty( $icon_style ) or ! empty( $icon_id ) ) {
 
-        printf( '<div class="wp-menu-image mywp-sidebar-item-icon %s" id="%s" style="%s">%s</div>'  , esc_attr( $icon_class ) , esc_attr( $icon_id ) , $icon_style , $icon_title );
+        printf( '<div class="wp-menu-image mywp-sidebar-item-icon %s" id="%s" style="%s">%s</div>'  , esc_attr( $icon_class ) , esc_attr( $icon_id ) , esc_attr( $icon_style ) , wp_kses_post( $icon_title ) );
 
       } else {
@@ -1091 +1091 @@
       }
 
-      printf( '<div class="wp-menu-name mywp-sidebar-name">%s</div>' , $item->item_link_title );
+      printf( '<div class="wp-menu-name mywp-sidebar-name">%s</div>' , wp_kses_post( $item->item_link_title ) );
 
       echo '</a>';
@@ -1101 +1101 @@
         echo '<ul class="wp-submenu wp-submenu-wrap mywp-sidebar-item-childs">';
 
-        printf( '<li class="wp-submenu-head" aria-hidden="true">%s</li>' , $item->item_link_title );
+        printf( '<li class="wp-submenu-head" aria-hidden="true">%s</li>' , wp_kses_post( $item->item_link_title ) );
 
         foreach( $child_items as $child_item ) {

my-wp/trunk/controller/modules/mywp.controller.module.admin.terms.php

@@ -330 +330 @@
     }
 
+    $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+    $wp_kses_allowed_html['input'] = array(
+      'type' => 1,
+      'class' => 1,
+      'id' => 1,
+    );
+
     $columns = array();
 
     foreach( $setting_data['list_columns'] as $column_id => $column_setting ) {
 
-      $columns[ $column_id ] = do_shortcode( $column_setting['title'] );
+      $columns[ $column_id ] = wp_kses( do_shortcode( $column_setting['title'] ) , $wp_kses_allowed_html );
 
     }

my-wp/trunk/controller/modules/mywp.controller.module.admin.uploads.php

@@ -367 +367 @@
     }
 
+    $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+    $wp_kses_allowed_html['input'] = array(
+      'type' => 1,
+      'class' => 1,
+      'id' => 1,
+    );
+
     $columns = array();
 
     foreach( $setting_data['list_columns'] as $column_id => $column_setting ) {
 
-      $columns[ $column_id ] = $column_setting['title'];
+      $columns[ $column_id ] = wp_kses( $column_setting['title'] , $wp_kses_allowed_html );
 
     }

my-wp/trunk/controller/modules/mywp.controller.module.admin.users.php

@@ -236 +236 @@
     }
 
+    $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+    $wp_kses_allowed_html['input'] = array(
+      'type' => 1,
+      'class' => 1,
+      'id' => 1,
+    );
+
     $columns = array();
 
     foreach( $setting_data['list_columns'] as $column_id => $column_setting ) {
 
-      $columns[ $column_id ] = $column_setting['title'];
+      $columns[ $column_id ] = wp_kses( $column_setting['title'] , $wp_kses_allowed_html );
 
     }

my-wp/trunk/controller/modules/mywp.controller.module.frontend.general.php

@@ -103 +103 @@
     add_action( 'wp_head' , array( __CLASS__ , 'wp_head' ) );
 
-    add_action( 'wp_enqueue_scripts' , array( __CLASS__ , 'wp_enqueue_scripts' ) );
+    add_action( 'wp_enqueue_scripts' , array( __CLASS__ , 'include_jc_css' ) , 9999 );
 
   }
@@ -411 +411 @@
   }
 
-  public static function wp_enqueue_scripts() {
+  public static function include_jc_css() {
 
     if( ! self::is_do_function( __FUNCTION__ ) ) {

my-wp/trunk/controller/modules/mywp.controller.module.login.general.php

@@ -45 +45 @@
   public static function mywp_wp_loaded() {
 
-    global $wp_version;
-
     if( is_admin() ) {
 
@@ -59 +57 @@
     }
 
-    add_action( 'login_enqueue_scripts' , array( __CLASS__ , 'include_css' ) );
+    add_action( 'login_enqueue_scripts' , array( __CLASS__ , 'include_css' ) , 9999 );
 
     add_action( 'wp_print_scripts' , array( __CLASS__ , 'input_css' ) );
@@ -69 +67 @@
     add_filter( 'login_headerurl' , array( __CLASS__ , 'logo_link_url' ) );
 
-    if( version_compare( $wp_version , '5.2.0' , '>=' ) ) {
+    if( version_compare( MywpHelper::get_wp_version() , '5.2.0' , '>=' ) ) {
 
       add_filter( 'login_headertext' , array( __CLASS__ , 'logo_title' ) );
@@ -163 +161 @@
     if( ! empty( $logo_image_path ) ) {
 
-      printf( '.login h1 a { background-image: url(%s); }' , esc_attr( $logo_image_path ) );
+      printf( '.login h1 a, .login .wp-login-logo a { background-image: url(%s); }' , esc_attr( $logo_image_path ) );
 
     }
@@ -271 +269 @@
   public static function custom_footer_text() {
 
-    global $wp_version;
     global $post;
 
@@ -298 +295 @@
     add_filter( 'mywp_controller_login_general_custom_footer_text' , 'prepend_attachment' );
 
-    if( version_compare( $wp_version , '5.7.0' , '>=' ) ) {
+    if( version_compare( MywpHelper::get_wp_version() , '5.7.0' , '>=' ) ) {
 
       add_filter( 'mywp_controller_login_general_custom_footer_text' , 'wp_replace_insecure_home_url' );
@@ -306 +303 @@
     add_filter( 'mywp_controller_login_general_custom_footer_text' , 'do_shortcode' , 11 );
 
-    if( version_compare( $wp_version , '5.5.0' , '>=' ) ) {
+    if( version_compare( MywpHelper::get_wp_version() , '5.5.0' , '>=' ) ) {
 
       add_filter( 'mywp_controller_login_general_custom_footer_text' , 'wp_filter_content_tags' , 12 );
@@ -317 +314 @@
 
     <div id="mywp-custom-footer-text">
-      <?php echo $custom_footer_text; ?>
+      <?php echo wp_kses_post( $custom_footer_text ); ?>
     </div>
 

my-wp/trunk/core/class.helper.php

@@ -257 +257 @@
   }
 
+  public static function get_gmt_offset_seconds() {
+
+    $gmt_offset = (float) get_option( 'gmt_offset' );
+
+    $gmt_offset_seconds = (int) ( $gmt_offset * HOUR_IN_SECONDS );
+
+    return $gmt_offset_seconds;
+
+  }
+
+  public static function get_wp_version() {
+
+    global $wp_version;
+
+    if( function_exists( 'wp_get_wp_version' ) ) {
+
+      $version = wp_get_wp_version();
+
+    } else {
+
+      $version = $wp_version;
+
+    }
+
+    return $wp_version;
+
+  }
+
   public static function sanitize_text( $value ) {
 

my-wp/trunk/developer/modules/mywp.developer.module.core.environment.php

@@ -30 +30 @@
   protected static function get_debug_lists() {
 
-    global $wp_version;
-
     $debug_lists = array();
 
@@ -59 +57 @@
     }
 
-    $debug_lists['$wp_version'] = $wp_version;
+    $debug_lists['wp_version'] = MywpHelper::get_wp_version();
     $debug_lists['is_multisite()'] = is_multisite();
     $debug_lists['PHP_VERSION'] = PHP_VERSION;

my-wp/trunk/mywp.php

@@ -4 +4 @@
 Plugin URI: https://mywpcustomize.com/
 Description: My WP is powerful admin and frontend customize and debug and extendable plugin.
-Version: 1.24.0
+Version: 1.24.1
 Author: gqevu6bsiz
 Author URI: https://mywpcustomize.com/
@@ -43 +43 @@
 
     define( 'MYWP_NAME' , 'My WP' );
-    define( 'MYWP_VERSION' , '1.24.0' );
+    define( 'MYWP_VERSION' , '1.24.1' );
     define( 'MYWP_PLUGIN_FILE' , __FILE__ );
     define( 'MYWP_PLUGIN_BASENAME' , plugin_basename( MYWP_PLUGIN_FILE ) );
@@ -83 +83 @@
   private static function do_action() {
 
-    global $wp_version;
-
-    $wp_compare = version_compare( $wp_version , MYWP_REQUIRED_WP_VERSION , '>=' );
+    $wp_compare = version_compare( MywpHelper::get_wp_version() , MYWP_REQUIRED_WP_VERSION , '>=' );
 
     if( ! $wp_compare ) {

my-wp/trunk/post-type/modules/mywp.post-type.module.admin.sidebar.php

@@ -95 +95 @@
       if( $mywp_post->menu_order ) {
 
-        echo $mywp_post->menu_order;
+        echo esc_html( $mywp_post->menu_order );
 
       }
@@ -103 +103 @@
       if( $mywp_post->ID ) {
 
-        echo $mywp_post->ID;
+        echo esc_html( $mywp_post->ID );
 
       }
@@ -111 +111 @@
       if( $mywp_post->item_parent ) {
 
-        echo $mywp_post->item_parent;
+        echo esc_html( $mywp_post->item_parent );
 
       }
@@ -119 +119 @@
       if( $mywp_post->item_type ) {
 
-        echo $mywp_post->item_type;
+        echo esc_html( $mywp_post->item_type );
 
       }
@@ -127 +127 @@
       if( $mywp_post->item_link_title ) {
 
-        echo $mywp_post->item_link_title;
+        echo esc_html( $mywp_post->item_link_title );
 
       }
@@ -133 +133 @@
     } elseif( $column_name === 'info' ) {
 
-      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , print_r( $mywp_post , true ) );
+      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , esc_textarea( print_r( $mywp_post , true ) ) );
 
     }

my-wp/trunk/post-type/modules/mywp.post-type.module.admin.toolbar.php

@@ -95 +95 @@
       if( $mywp_post->menu_order ) {
 
-        echo $mywp_post->menu_order;
+        echo esc_html( $mywp_post->menu_order );
 
       }
@@ -103 +103 @@
       if( $mywp_post->ID ) {
 
-        echo $mywp_post->ID;
+        echo esc_html( $mywp_post->ID );
 
       }
@@ -111 +111 @@
       if( $mywp_post->item_parent ) {
 
-        echo $mywp_post->item_parent;
+        echo esc_html( $mywp_post->item_parent );
 
       }
@@ -119 +119 @@
       if( $mywp_post->item_type ) {
 
-        echo $mywp_post->item_type;
+        echo esc_html( $mywp_post->item_type );
 
       }
@@ -127 +127 @@
       if( $mywp_post->item_link_title ) {
 
-        echo $mywp_post->item_link_title;
+        echo esc_html( $mywp_post->item_link_title );
 
       }
@@ -133 +133 @@
     } elseif( $column_name === 'info' ) {
 
-      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , print_r( $mywp_post , true ) );
+      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , esc_textarea( print_r( $mywp_post , true ) ) );
 
     }

my-wp/trunk/post-type/modules/mywp.post-type.module.front.toolbar.php

@@ -95 +95 @@
       if( $mywp_post->menu_order ) {
 
-        echo $mywp_post->menu_order;
+        echo esc_html( $mywp_post->menu_order );
 
       }
@@ -103 +103 @@
       if( $mywp_post->ID ) {
 
-        echo $mywp_post->ID;
+        echo esc_html( $mywp_post->ID );
 
       }
@@ -111 +111 @@
       if( $mywp_post->item_parent ) {
 
-        echo $mywp_post->item_parent;
+        echo esc_html( $mywp_post->item_parent );
 
       }
@@ -119 +119 @@
       if( $mywp_post->item_type ) {
 
-        echo $mywp_post->item_type;
+        echo esc_html( $mywp_post->item_type );
 
       }
@@ -133 +133 @@
         }
 
-        echo $mywp_post->item_link_title;
+        echo esc_html( $mywp_post->item_link_title );
 
       }
@@ -139 +139 @@
     } elseif( $column_name === 'info' ) {
 
-      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , print_r( $mywp_post , true ) );
+      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , esc_textarea( print_r( $mywp_post , true ) ) );
 
     }

my-wp/trunk/post-type/modules/mywp.post-type.module.logger.php

@@ -146 +146 @@
     } elseif( $column_name === 'log' ) {
 
-      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , print_r( $mywp_post->log , true ) );
+      printf( '<textarea class="large-text" readonly="readonly">%s</textarea>' , esc_textarea( print_r( $mywp_post->log , true ) ) );
 
     }

my-wp/trunk/readme.txt

@@ -3 +3 @@
 Tags: admin, frontend, debug, sidebar, toolbar
 Requires at least: 4.7
-Tested up to: 6.6
+Tested up to: 6.7
 Requires PHP: 5.6
-Stable tag: 1.24.0
+Stable tag: 1.24.1
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -93 +93 @@
 == Changelog ==
 
+= 1.24.1 2024-12-03 =
+* Updated: For WordPress 6.7.
+* Changed: How to get the wp version and offset seconds.
+* Changed: Late include the JS and CSS on admin and frontend and login.
+* Fixed: Escape and sanitize the some values.
+
 = 1.24.0 2024-08-06 =
 * Added: Deprecated list columns on Posts, Comments, Users, Uploads, Terms.

my-wp/trunk/setting/abstract.setting.columns.module.php

@@ -517 +517 @@
     }
 
+    $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+    $wp_kses_allowed_html['input'] = array(
+      'type' => 1,
+      'class' => 1,
+      'id' => 1,
+    );
+
     ?>
 
@@ -529 +537 @@
           <?php if( ! empty( $column['title'] ) ) : ?>
 
-            <?php echo strip_shortcodes( $column['title'] ); ?>
+            <?php echo wp_kses( strip_shortcodes( $column['title'] ) , $wp_kses_allowed_html ); ?>
 
           <?php endif; ?>
@@ -539 +547 @@
           <?php if( ! empty( $column['default_title'] ) ) : ?>
 
-            (<?php echo esc_attr( $column['default_title'] ); ?>)
+            (<?php echo esc_html( $column['default_title'] ); ?>)
 
           <?php endif; ?>

my-wp/trunk/setting/abstract.setting.toolbar.module.php

@@ -444 +444 @@
       } elseif( in_array( $meta_key , array( 'item_link_title' , 'item_custom_html' , 'item_icon_title' ) ) ) {
 
-        $meta_value = wp_unslash( $meta_value );
+        $meta_value = wp_unslash( wp_kses_post( $meta_value ) );
 
       } elseif( in_array( $meta_key , array( 'item_location' ) ) ) {
@@ -2765 +2765 @@
     } elseif( $field_name === 'item_custom_html' ) {
 
-      printf( '<textarea class="item_custom_html large-text" placeholder="%s">%s</textarea>' , esc_attr( '<div class="" style="">Custom HTML</div>...' ) , $value );
+      printf( '<textarea class="item_custom_html large-text" placeholder="%s">%s</textarea>' , esc_attr( '<div class="" style="">Custom HTML</div>...' ) , esc_textarea( wp_kses_post( $value ) ) );
 
     } elseif( $field_name === 'item_li_class' ) {
@@ -2789 +2789 @@
       }
 
-      printf( '<input type="text" class="item_link_title large-text" value="%s" placeholder="%s" />' , esc_attr( $value ) , esc_attr( $default_title ) );
+      printf( '<input type="text" class="item_link_title large-text" value="%s" placeholder="%s" />' , esc_attr( wp_kses_post( $value ) ) , esc_attr( $default_title ) );
 
     } elseif( $field_name === 'item_link_attr' ) {
@@ -2814 +2814 @@
     } elseif( $field_name === 'item_icon_title' ) {
 
-      printf( '<input type="text" class="item_icon_title large-text" value="%s" placeholder="%s" />' , esc_attr( $value ) , esc_attr( 'Icon Html' ) );
+      printf( '<input type="text" class="item_icon_title large-text" value="%s" placeholder="%s" />' , esc_attr( wp_kses_post( $value ) ) , esc_attr( 'Icon Html' ) );
 
     } elseif( $field_name === 'item_meta' ) {

my-wp/trunk/setting/modules/mywp.setting.admin.comments.php

@@ -497 +497 @@
     if( ! empty( $formatted_data['list_columns'] ) ) {
 
+      $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+      $wp_kses_allowed_html['input'] = array(
+        'type' => 1,
+        'class' => 1,
+        'id' => 1,
+      );
+
       foreach( $formatted_data['list_columns'] as $list_column_id => $list_column_setting ) {
 
@@ -511 +519 @@
         if( ! empty( $list_column_setting['title'] ) ) {
 
-          $new_list_column_setting['title'] = wp_unslash( $list_column_setting['title'] );
+          $new_list_column_setting['title'] = wp_unslash( wp_kses( $list_column_setting['title'] , $wp_kses_allowed_html ) );
 
         }

my-wp/trunk/setting/modules/mywp.setting.admin.dashboard.php

@@ -120 +120 @@
         if( ! empty( $meta_box_setting['title'] ) ) {
 
-          $new_meta_box_setting['title'] = wp_unslash( $meta_box_setting['title'] );
+          $new_meta_box_setting['title'] = wp_unslash( wp_kses_post( $meta_box_setting['title'] ) );
 
         }

my-wp/trunk/setting/modules/mywp.setting.admin.general.php

@@ -308 +308 @@
     if( ! empty( $formatted_data['custom_footer_text'] ) ) {
 
-      $new_formatted_data['custom_footer_text'] = wp_unslash( $formatted_data['custom_footer_text'] );
+      $new_formatted_data['custom_footer_text'] = wp_unslash( wp_kses_post( $formatted_data['custom_footer_text'] ) );
 
     }

my-wp/trunk/setting/modules/mywp.setting.admin.post-edit.php

@@ -500 +500 @@
         if( ! empty( $meta_box_setting['title'] ) ) {
 
-          $new_meta_box_setting['title'] = wp_unslash( $meta_box_setting['title'] );
+          $new_meta_box_setting['title'] = wp_unslash( wp_kses_post( $meta_box_setting['title'] ) );
 
         }

my-wp/trunk/setting/modules/mywp.setting.admin.posts.php

@@ -829 +829 @@
     if( ! empty( $formatted_data['list_columns'] ) ) {
 
+      $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+      $wp_kses_allowed_html['input'] = array(
+        'type' => 1,
+        'class' => 1,
+        'id' => 1,
+      );
+
       foreach( $formatted_data['list_columns'] as $list_column_id => $list_column_setting ) {
 
@@ -843 +851 @@
         if( ! empty( $list_column_setting['title'] ) ) {
 
-          $new_list_column_setting['title'] = wp_unslash( $list_column_setting['title'] );
+          $new_list_column_setting['title'] = wp_unslash( wp_kses( $list_column_setting['title'] , $wp_kses_allowed_html ) );
 
         }

my-wp/trunk/setting/modules/mywp.setting.admin.sidebar.php

@@ -421 +421 @@
       } elseif( in_array( $meta_key , array( 'item_link_title' , 'item_custom_html' , 'item_icon_title' ) ) ) {
 
-        $meta_value = wp_unslash( $meta_value );
+        $meta_value = wp_unslash( wp_kses_post( $meta_value ) );
 
       } else {
@@ -2505 +2505 @@
     } elseif( $field_name === 'item_custom_html' ) {
 
-      printf( '<textarea class="item_custom_html large-text" placeholder="%s">%s</textarea>' , esc_attr( '<div class="" style="">Custom HTML</div>...' ) , $value );
+      printf( '<textarea class="item_custom_html large-text" placeholder="%s">%s</textarea>' , esc_attr( '<div class="" style="">Custom HTML</div>...' ) , esc_textarea( wp_kses_post( $value ) ) );
 
     } elseif( $field_name === 'item_li_class' ) {
@@ -2537 +2537 @@
       }
 
-      printf( '<input type="text" class="item_link_title large-text" value="%s" placeholder="%s" />' , esc_attr( $value ) , esc_attr( $default_title ) );
+      printf( '<input type="text" class="item_link_title large-text" value="%s" placeholder="%s" />' , esc_attr( wp_kses_post( $value ) ) , esc_attr( $default_title ) );
 
     } elseif( $field_name === 'item_link_attr' ) {
@@ -2562 +2562 @@
     } elseif( $field_name === 'item_icon_title' ) {
 
-      printf( '<input type="text" class="item_icon_title large-text" value="%s" placeholder="%s" />' , esc_attr( $value ) , esc_attr( 'Icon Html' ) );
+      printf( '<input type="text" class="item_icon_title large-text" value="%s" placeholder="%s" />' , esc_attr( wp_kses_post( $value ) ) , esc_attr( 'Icon Html' ) );
 
     } else {

my-wp/trunk/setting/modules/mywp.setting.admin.terms.php

@@ -623 +623 @@
     if( ! empty( $formatted_data['list_columns'] ) ) {
 
+      $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+      $wp_kses_allowed_html['input'] = array(
+        'type' => 1,
+        'class' => 1,
+        'id' => 1,
+      );
+
       foreach( $formatted_data['list_columns'] as $list_column_id => $list_column_setting ) {
 
@@ -637 +645 @@
         if( ! empty( $list_column_setting['title'] ) ) {
 
-          $new_list_column_setting['title'] = wp_unslash( $list_column_setting['title'] );
+          $new_list_column_setting['title'] = wp_unslash( wp_kses( $list_column_setting['title'] , $wp_kses_allowed_html ) );
 
         }

my-wp/trunk/setting/modules/mywp.setting.admin.uploads.php

@@ -546 +546 @@
     if( ! empty( $formatted_data['list_columns'] ) ) {
 
+      $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+      $wp_kses_allowed_html['input'] = array(
+        'type' => 1,
+        'class' => 1,
+        'id' => 1,
+      );
+
       foreach( $formatted_data['list_columns'] as $list_column_id => $list_column_setting ) {
 
@@ -560 +568 @@
         if( ! empty( $list_column_setting['title'] ) ) {
 
-          $new_list_column_setting['title'] = wp_unslash( $list_column_setting['title'] );
+          $new_list_column_setting['title'] = wp_unslash( wp_kses( $list_column_setting['title'] , $wp_kses_allowed_html ) );
 
         }

my-wp/trunk/setting/modules/mywp.setting.admin.users.php

@@ -528 +528 @@
     if( ! empty( $formatted_data['list_columns'] ) ) {
 
+      $wp_kses_allowed_html = wp_kses_allowed_html( 'post' );
+
+      $wp_kses_allowed_html['input'] = array(
+        'type' => 1,
+        'class' => 1,
+        'id' => 1,
+      );
+
       foreach( $formatted_data['list_columns'] as $list_column_id => $list_column_setting ) {
 
@@ -542 +550 @@
         if( ! empty( $list_column_setting['title'] ) ) {
 
-          $new_list_column_setting['title'] = wp_unslash( $list_column_setting['title'] );
+          $new_list_column_setting['title'] = wp_unslash( wp_kses( $list_column_setting['title'] , $wp_kses_allowed_html ) );
 
         }

my-wp/trunk/setting/modules/mywp.setting.debug.crons.php

@@ -50 +50 @@
 
     $timezone_format = _x( 'Y-m-d H:i:s' , 'timezone date format' );
-    $offset = get_option( 'gmt_offset' ) * HOUR_IN_SECONDS;
     $timezone = get_option( 'timezone_string' );
 
@@ -67 +66 @@
           <tr>
             <th>
-              <?php echo key( $cron ); ?>
+              <?php echo esc_html( key( $cron ) ); ?>
             </th>
             <td>
-              <p><?php echo date( $timezone_format , $timestamp + $offset ); ?> (<?php echo $timezone; ?>)</p>
+              <p><?php echo date( $timezone_format , $timestamp + MywpHelper::get_gmt_offset_seconds() ); ?> (<?php echo $timezone; ?>)</p>
               <input type="text" readonly="readonly" class="large-text" value="<?php echo esc_attr( $timestamp ); ?>" /><br />
               <?php _e( 'RAW' ); ?>: <?php echo date( $timezone_format , $timestamp ); ?> (<?php _e( 'UTC' ); ?>)
             </td>
             <td>
-              <textarea readonly="readonly" class="large-text" style="height: 160px;"><?php print_r( $cron ); ?></textarea>
+              <textarea readonly="readonly" class="large-text" style="height: 160px;"><?php echo esc_textarea( print_r( $cron , true ) ); ?></textarea>
             </td>
           </tr>

my-wp/trunk/setting/modules/mywp.setting.debug.datetime.php

@@ -74 +74 @@
         <tr>
           <th>date( "Y-m-d H:i:s" , time() + ( get_option( "gmt_offset" ) * HOUR_IN_SECONDS ) )</th>
-          <td><?php echo date( "Y-m-d H:i:s" , time() + ( get_option( "gmt_offset" ) * HOUR_IN_SECONDS ) ); ?></td>
+          <td><?php echo date( "Y-m-d H:i:s" , time() + MywpHelper::get_gmt_offset_seconds() ); ?></td>
         </tr>
         <tr>

my-wp/trunk/setting/modules/mywp.setting.debug.transients.php

@@ -200 +200 @@
 
     $timezone_format = _x( 'Y-m-d H:i:s' , 'timezone date format' );
-    $offset = get_option( 'gmt_offset' ) * HOUR_IN_SECONDS;
     $timezone = get_option( 'timezone_string' );
 
@@ -232 +231 @@
             <td>
               <?php if( ! empty( $transient['timeout'] ) ) : ?>
-                <p><?php echo date( $timezone_format , $transient['timeout']['value'] + $offset ); ?> (<?php echo $timezone; ?>)</p>
+                <p><?php echo date( $timezone_format , $transient['timeout']['value'] + MywpHelper::get_gmt_offset_seconds() ); ?> (<?php echo $timezone; ?>)</p>
                 <input type="text" readonly="readonly" class="large-text" value="<?php echo esc_attr( $transient['timeout']['value'] ); ?>" /><br />
               <?php else : ?>
@@ -245 +244 @@
             </td>
             <td>
-              <textarea readonly="readonly" class="large-text" style="height: 160px;"><?php print_r( maybe_unserialize( $transient['value'] ) ); ?></textarea>
+              <textarea readonly="readonly" class="large-text" style="height: 160px;"><?php echo esc_textarea( print_r( maybe_unserialize( $transient['value'] ) , true ) ); ?></textarea>
             </td>
           </tr>

my-wp/trunk/setting/modules/mywp.setting.login.general.php

@@ -206 +206 @@
     if( ! empty( $formatted_data['custom_footer_text'] ) ) {
 
-      $new_formatted_data['custom_footer_text'] = wp_unslash( $formatted_data['custom_footer_text'] );
+      $new_formatted_data['custom_footer_text'] = wp_unslash( wp_kses_post( $formatted_data['custom_footer_text'] ) );
 
     }

my-wp/trunk/setting/modules/mywp.setting.update.bulk-post-meta.php

@@ -962 +962 @@
                 <input type="checkbox" class="update-bulk-post-meta-select-post-id" value="<?php echo esc_attr( $post_id ); ?>" />
               </th>
-              <td class="id"><?php echo $post_id; ?></td>
-              <td class="type"><?php echo strip_tags( $post->post_type ); ?></td>
-              <td class="status"><?php echo strip_tags( $post->post_status ); ?></td>
-              <td class="title"><?php echo strip_tags( $post->post_title ); ?></td>
-              <td class="metas"><textarea readonly class="large-text"><?php print_r( get_post_meta( $post_id ) ); ?></textarea></td>
+              <td class="id"><?php echo esc_html( $post_id ); ?></td>
+              <td class="type"><?php echo esc_html( $post->post_type ); ?></td>
+              <td class="status"><?php echo esc_html( $post->post_status ); ?></td>
+              <td class="title"><?php echo esc_html( $post->post_title ); ?></td>
+              <td class="metas"><textarea readonly class="large-text"><?php echo esc_textarea( print_r( get_post_meta( $post_id ) , true ) ); ?></textarea></td>
             </tr>
 
@@ -1020 +1020 @@
           <td class="from-meta">
             <?php if( is_array( $from_meta_value ) or is_object( $from_meta_value ) ) : ?>
-              <textarea class="large-text" readonly="readonly"><?php print_r( $from_meta_value ); ?></textarea>
+              <textarea class="large-text" readonly="readonly"><?php echo esc_textarea( print_r( $from_meta_value , true ) ); ?></textarea>
             <?php else : ?>
               <?php echo esc_html( $from_meta_value ); ?>
@@ -1030 +1030 @@
           <td class="to-meta">
             <?php if( is_array( $bulk_meta_value_unserialize ) or is_object( $bulk_meta_value_unserialize ) ) : ?>
-              <textarea class="large-text" readonly="readonly"><?php print_r( $bulk_meta_value_unserialize ); ?></textarea>
+              <textarea class="large-text" readonly="readonly"><?php echo esc_textarea( print_r( $bulk_meta_value_unserialize , true ) ); ?></textarea>
             <?php else : ?>
               <?php echo esc_html( $bulk_meta_value ); ?>
@@ -1045 +1045 @@
   }
 
-
 }