Changeset 3421916

Timestamp:

12/17/2025 12:54:14 PM (3 months ago)

Author:

feedspace

Message:

Update to version 1.0.6 - Fixed WordPress.org guideline violations (plugin name, superlative claims), security improvements (CSRF protection, input sanitization, XSS prevention)

Location:

feedspace/trunk

Files:

• build/js/widgets-block.js (modified) (1 diff)
• feedspace.php (modified) (2 diffs)
• includes/class-feedspace-admin.php (modified) (2 diffs)
• readme.txt (modified) (4 diffs)

feedspace/trunk/build/js/widgets-block.js

@@ -1 @@
-!function(){"use strict";var e=wp.blocks,t=wp.i18n,a=wp.blockEditor,s=wp.components,d=wp.element;(0,e.registerBlockType)("feedspace/widgets",{apiVersion:3,title:(0,t.__)("Feedspace Widget","feedspace"),description:(0,t.__)("Display any Feedspace widget using widget code.","feedspace"),category:"feedspace",icon:"embed-generic",keywords:[(0,t.__)("widget","feedspace"),(0,t.__)("feedspace","feedspace"),(0,t.__)("widget","feedspace"),(0,t.__)("reviews","feedspace")],supports:{html:!1,align:["wide","full"]},attributes:{widgetId:{type:"string",default:""},embedCode:{type:"string",default:""},align:{type:"string",default:"wide"},className:{type:"string",default:""}},edit:function({attributes:e,setAttributes:i}){const{widgetId:c,embedCode:l,align:n}=e,[r,p]=(0,d.useState)(""),[o,f]=(0,d.useState)(!1),[m,u]=(0,d.useState)(""),[g,w]=(0,d.useState)(!1),_=(0,a.useBlockProps)({className:`wp-block-feedspace-widgets align${n}`}),v=e=>{if(!e)return{valid:!1,error:""};const a=/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i.test(e),s=/^[a-zA-Z0-9._-]+$/.test(e)&&e.length>=8;return a||s?{valid:!0,error:""}:{valid:!1,error:(0,t.__)("Widget ID must be a valid UUID or alphanumeric string (8+ characters)","feedspace")}};return(0,d.useEffect)(()=>{if(c&&g)p(`<div class="feedspace-embed" data-id="${c}"></div>`);else if(l){const e=l.match(/<div[^>]*class="[^"]*feedspace-widget[^"]*"[^>]*data-id="([^"]*)"[^>]*>/);if(e){const t=e[1];p(`<div class="feedspace-widget" data-id="${t}"></div>`)}else p(l)}else p("")},[c,l,g]),(0,d.useEffect)(()=>{if(!document.querySelector('script[src*="js.feedspace.io"]')){const e=document.createElement("script");e.src=window.feedspace_admin&&window.feedspace_admin.widgetScriptUrl||window.feedspace_admin&&window.feedspace_admin.widgetScriptFallbackUrl||"https://js.feedspace.io/v1/embed/embed.min.js",e.type="text/javascript",e.async=!0,document.head.appendChild(e)}},[]),(0,d.useEffect)(()=>{if(c){const e=v(c);w(e.valid)}else if(l){const e=extractWidgetIdFromEmbedCode(l);if(e){const t=v(e);w(t.valid)}}},[]),React.createElement("div",_,React.createElement(a.InspectorControls,null,React.createElement(s.PanelBody,{title:(0,t.__)("Widget Settings","feedspace"),initialOpen:!0},React.createElement(s.TextControl,{label:(0,t.__)("Widget ID","feedspace"),value:c,onChange:e=>{i({widgetId:e}),u(""),f(!0),setTimeout(()=>{const t=v(e);w(t.valid),u(t.error),f(!1)},500)},help:(0,t.__)("Enter your Feedspace Widget ID directly (recommended)","feedspace"),placeholder:(0,t.__)("e.g., 12345678-1234-1234-1234-123456789abc","feedspace")}),o&&React.createElement("div",{className:"feedspace-validation-status"},React.createElement(s.Spinner,null),React.createElement("span",null,(0,t.__)("Validating...","feedspace"))),m&&React.createElement(s.Notice,{status:"error",isDismissible:!1},m),c&&g&&!o&&React.createElement(s.Notice,{status:"success",isDismissible:!1},(0,t.__)("Widget ID is valid!","feedspace")))),React.createElement("div",{className:"feedspace-widgets-preview"},r?React.createElement("div",{className:"feedspace-widget-preview",dangerouslySetInnerHTML:{__html:r}}):React.createElement("div",{className:"feedspace-widget-placeholder"},React.createElement("p",null,(0,t.__)("Feedspace Widget Preview","feedspace")),React.createElement("p",null,(0,t.__)("Enter a Widget ID to get started","feedspace")))))},save:function(){return null}})}();
+!function(){"use strict";var e=wp.blocks,t=wp.i18n,a=wp.blockEditor,s=wp.components,d=wp.element;(0,e.registerBlockType)("feedspace/widgets",{apiVersion:3,title:(0,t.__)("Feedspace Widget","feedspace"),description:(0,t.__)("Display any Feedspace widget using widget code.","feedspace"),category:"feedspace",icon:"embed-generic",keywords:[(0,t.__)("widget","feedspace"),(0,t.__)("feedspace","feedspace"),(0,t.__)("widget","feedspace"),(0,t.__)("reviews","feedspace")],supports:{html:!1,align:["wide","full"]},attributes:{widgetId:{type:"string",default:""},embedCode:{type:"string",default:""},align:{type:"string",default:"wide"},className:{type:"string",default:""}},edit:function({attributes:e,setAttributes:c}){const{widgetId:i,embedCode:n,align:l}=e,[r,p]=(0,d.useState)(""),[o,f]=(0,d.useState)(!1),[m,u]=(0,d.useState)(""),[g,w]=(0,d.useState)(!1),_=(0,a.useBlockProps)({className:`wp-block-feedspace-widgets align${l}`}),v=e=>{if(!e)return{valid:!1,error:""};const a=/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i.test(e),s=/^[a-zA-Z0-9._-]+$/.test(e)&&e.length>=8;return a||s?{valid:!0,error:""}:{valid:!1,error:(0,t.__)("Widget ID must be a valid UUID or alphanumeric string (8+ characters)","feedspace")}},E=e=>{const t={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#039;"};return e.replace(/[&<>"']/g,e=>t[e])};return(0,d.useEffect)(()=>{if(i&&g){const e=E(i);p(`<div class="feedspace-embed" data-id="${e}"></div>`)}else if(n){const e=n.match(/<div[^>]*class="[^"]*feedspace-widget[^"]*"[^>]*data-id="([^"]*)"[^>]*>/);if(e){const t=e[1],a=E(t);p(`<div class="feedspace-widget" data-id="${a}"></div>`)}else p("")}else p("")},[i,n,g]),(0,d.useEffect)(()=>{if(!document.querySelector('script[src*="js.feedspace.io"]')){const e=document.createElement("script");e.src=window.feedspace_admin&&window.feedspace_admin.widgetScriptUrl||window.feedspace_admin&&window.feedspace_admin.widgetScriptFallbackUrl||"https://js.feedspace.io/v1/embed/embed.min.js",e.type="text/javascript",e.async=!0,document.head.appendChild(e)}},[]),(0,d.useEffect)(()=>{if(i){const e=v(i);w(e.valid)}else if(n){const e=extractWidgetIdFromEmbedCode(n);if(e){const t=v(e);w(t.valid)}}},[]),React.createElement("div",_,React.createElement(a.InspectorControls,null,React.createElement(s.PanelBody,{title:(0,t.__)("Widget Settings","feedspace"),initialOpen:!0},React.createElement(s.TextControl,{label:(0,t.__)("Widget ID","feedspace"),value:i,onChange:e=>{c({widgetId:e}),u(""),f(!0),setTimeout(()=>{const t=v(e);w(t.valid),u(t.error),f(!1)},500)},help:(0,t.__)("Enter your Feedspace Widget ID directly (recommended)","feedspace"),placeholder:(0,t.__)("e.g., 12345678-1234-1234-1234-123456789abc","feedspace")}),o&&React.createElement("div",{className:"feedspace-validation-status"},React.createElement(s.Spinner,null),React.createElement("span",null,(0,t.__)("Validating...","feedspace"))),m&&React.createElement(s.Notice,{status:"error",isDismissible:!1},m),i&&g&&!o&&React.createElement(s.Notice,{status:"success",isDismissible:!1},(0,t.__)("Widget ID is valid!","feedspace")))),React.createElement("div",{className:"feedspace-widgets-preview"},r?React.createElement("div",{className:"feedspace-widget-preview",dangerouslySetInnerHTML:{__html:r}}):React.createElement("div",{className:"feedspace-widget-placeholder"},React.createElement("p",null,(0,t.__)("Feedspace Widget Preview","feedspace")),React.createElement("p",null,(0,t.__)("Enter a Widget ID to get started","feedspace")))))},save:function(){return null}})}();
 //# sourceMappingURL=widgets-block.js.map

feedspace/trunk/feedspace.php

@@ -9 +9 @@
  *
  * @wordpress-plugin
- * Plugin Name:       Feedspace: Best Testimonials & Reviews Widget for WordPress Sites
+ * Plugin Name:       Feedspace Review Widgets
  * Plugin URI:        https://feedspace.io/
  * Description:       Embed Feedspace widgets using widget IDs with a modern, user-friendly interface.
- * Version:           1.0.5
+ * Version:           1.0.6
  * Requires at least: 5.0
  * Requires PHP:      7.0
@@ -30 +30 @@
 
 // Define plugin constants.
-define( 'FEEDSPACE_VERSION', '1.0.5' );
+define( 'FEEDSPACE_VERSION', '1.0.6' );
 define( 'FEEDSPACE_PLUGIN_FILE', __FILE__ );
 define( 'FEEDSPACE_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );

feedspace/trunk/includes/class-feedspace-admin.php

@@ -235 +235 @@
     public function ajax_save_advanced_settings() {
         // Verify nonce
-        if ( ! wp_verify_nonce( $_POST['nonce'], 'feedspace_admin_nonce' ) ) {
+        if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'feedspace_admin_nonce' ) ) {
             wp_die( esc_html__( 'Security check failed.', 'feedspace' ) );
         }
@@ -245 +245 @@
 
         // Save preserve settings option
-        $preserve_settings = isset( $_POST['preserve_settings'] ) ? (bool) $_POST['preserve_settings'] : false;
+        $preserve_settings = isset( $_POST['preserve_settings'] ) ? (bool) sanitize_text_field( wp_unslash( $_POST['preserve_settings'] ) ) : false;
         update_option( Feedspace_Constants::OPTION_PRESERVE_SETTINGS, $preserve_settings );
 

feedspace/trunk/readme.txt

@@ -1 @@
-=== Feedspace: Best Testimonials & Reviews Widget for WordPress Sites ===
+=== Feedspace Review Widgets ===
 Contributors: feedspace
 Tags: testimonials, reviews, widgets
@@ -5 +5 @@
 Tested up to: 6.8
 Requires PHP: 7.0
-Stable tag: 1.0.5
+Stable tag: 1.0.6
 License: GPL-2.0-or-later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -29 +29 @@
 ✔ Customize layouts, colors, and styles without coding
 ✔ Show reviewer names, roles, photos, and star ratings
-✔ Works with Elementor, Gutenberg, and all major page builders
+✔ Works with Elementor, Gutenberg, and popular page builders
 ✔ Suitable for any type of website, including SaaS, agencies, and eCommerce
 
@@ -41 +41 @@
 ✔ Easy Customization
 ✔ Import & Sync Easily
-✔ Best SEO & Performance
+✔ Excellent SEO & Performance
 ✔ Smooth Integration