Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3449868

Timestamp:

01/29/2026 05:32:55 PM (2 months ago)

Author:

sumanbiswas013

Message:

Plugin Security update

Location:

Files:

: 9 added
: 1 deleted
: 4 edited

Legend:

: Unmodified
: Added
: Removed

custom-top-bar/trunk/readme.txt

r3449021	r3449868
5	5	Requires at least: 3.0.1
6	6	Tested up to: 6.9
7		Stable tag: ~~5.5~~
	7	Stable tag: 2.1
8	8	License: GPLv2 or later
9	9	License URI: https://www.gnu.org/licenses/gpl-2.0.html

custom-top-bar/trunk/setting.php

-                      r1240039
+                      r3449868
+<?php if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly ?>
 <script>
 (function( $ ) {
 …
 if(isset($_POST['update_option_setting']))
+{
+    $enable_top_bar = sanitize_text_field($_POST['enable_top_bar']);
+    $fixed_top_bar = sanitize_text_field($_POST['fixed_top_bar']);
+    $display_contact_number = sanitize_text_field($_POST['display_contact_number']);
+    $display_email_address = sanitize_text_field($_POST['display_email_address']);
+    $top_bar_height = sanitize_text_field($_POST['top_bar_height']);
+    $top_bar_color = sanitize_text_field($_POST['top_bar_color']);
+    $contact_number = sanitize_text_field($_POST['contact_number']);
+    $contact_email = sanitize_text_field($_POST['contact_email']);
+    $text_color = sanitize_text_field($_POST['text_color']);
+    $show_admin_bar = sanitize_text_field($_POST['show_admin_bar']);
+    $button_text = sanitize_text_field($_POST['button_text']);
+    $acction_link = sanitize_text_field($_POST['acction_link']);
+    // Check nonce exists
+    $nonce_field = array_key_exists('cpt_form_nonce', $_POST) ? wp_unslash($_POST['cpt_form_nonce']) : '';
+    if ( ! isset( $nonce_field) || empty( $nonce_field ) ) {
+        wp_die( 'Nonce missing.' );
+    }
+    // Verify nonce
+    if ( ! wp_verify_nonce( $nonce_field, 'cpt_save_setting' ) ) {
+        wp_die( 'Nonce verification failed.' );
+    }
+    $enable_top_bar = array_key_exists('enable_top_bar', $_POST) ? sanitize_text_field(wp_unslash($_POST['enable_top_bar'])) : '';
+    $fixed_top_bar = array_key_exists('fixed_top_bar', $_POST) ? sanitize_text_field(wp_unslash($_POST['fixed_top_bar'])) : '';
+    $display_contact_number = array_key_exists('display_contact_number', $_POST) ? sanitize_text_field(wp_unslash($_POST['display_contact_number'])) : '';
+    $display_email_address = array_key_exists('display_email_address', $_POST) ? sanitize_text_field(wp_unslash($_POST['display_email_address'])) : '';
+    $top_bar_height = array_key_exists('top_bar_height', $_POST) ? sanitize_text_field(wp_unslash($_POST['top_bar_height'])) : '';
+    $top_bar_color = array_key_exists('top_bar_color', $_POST) ? sanitize_text_field(wp_unslash($_POST['top_bar_color'])) : '';
+    $contact_number = array_key_exists('contact_number', $_POST) ? sanitize_text_field(wp_unslash($_POST['contact_number'])) : '';
+    $contact_email = array_key_exists('contact_email', $_POST) ? sanitize_text_field(wp_unslash($_POST['contact_email'])) : '';
+    $text_color = array_key_exists('text_color', $_POST) ? sanitize_text_field(wp_unslash($_POST['text_color'])) : '';
+    $show_admin_bar = array_key_exists('show_admin_bar', $_POST) ? sanitize_text_field(wp_unslash($_POST['show_admin_bar'])) : '';
+    $button_text = array_key_exists('button_text', $_POST) ? sanitize_text_field(wp_unslash($_POST['button_text'])) : '';
+    $acction_link = array_key_exists('acction_link', $_POST) ? sanitize_text_field(wp_unslash($_POST['acction_link'])) : '';
     update_option('enable_top_bar',$enable_top_bar);
     update_option('fixed_top_bar',$fixed_top_bar);
 …
         <div id="post-body" class="metabox-holder columns-2">
         <form method="post">
+            <?php wp_nonce_field( 'cpt_save_setting', 'cpt_form_nonce' ); ?>
             <table class="widefat">
                 <tr>
 …
                 <tr>
                     <td class="row-title"><label for="top_bar_height">Top Bar Height : </label></td>
                     <td><input type="text" name="top_bar_height" id="top_bar_height" value="<?php echo $top_bar_height; ?>"  />  <span>( in px) </span></td>
+                    <td><input type="text" name="top_bar_height" id="top_bar_height" value="<?php echo esc_html($top_bar_height); ?>"  />  <span>( in px) </span></td>
                 </tr>
                 <tr class="alternate">
                     <td class="row-title"><label for="top_bar_color">Top Bar Background Color :</label></td>
                     <td><input type="text" name="top_bar_color" id="top_bar_color" value="<?php echo $top_bar_color; ?>"  />  </td>
+                    <td><input type="text" name="top_bar_color" id="top_bar_color" value="<?php echo esc_html($top_bar_color); ?>"  />  </td>
                 </tr>
                 <tr>
                     <td class="row-title"><label for="text_color">Text color : </label></td>
                     <td><input type="text" name="text_color" id="text_color" value="<?php echo $text_color; ?>"  /></td>
+                    <td><input type="text" name="text_color" id="text_color" value="<?php echo esc_html($text_color); ?>"  /></td>
                 </tr>
                 <tr class="alternate">
 …
                 <tr>
                     <td class="row-title"><label for="contact_number">Contact Number : </label></td>
                     <td><input type="text" name="contact_number" id="contact_number" value="<?php echo $contact_number; ?>"  /></td>
+                    <td><input type="text" name="contact_number" id="contact_number" value="<?php echo esc_html($contact_number); ?>"  /></td>
                 </tr>
                 <tr class="alternate">
                     <td class="row-title"><label for="contact_email">Email Address :</label></td>
                     <td><input type="text" name="contact_email" id="contact_email" value="<?php echo $contact_email; ?>"  /></td>
+                    <td><input type="text" name="contact_email" id="contact_email" value="<?php echo esc_html($contact_email); ?>"  /></td>
                 </tr>
                 <tr>
                     <td class="row-title"><label for="button_text">Button Text : </label></td>
                     <td><input type="text" name="button_text" id="button_text" value="<?php echo $button_text; ?>"  /></td>
+                    <td><input type="text" name="button_text" id="button_text" value="<?php echo esc_html($button_text); ?>"  /></td>
                 </tr>
                 <tr class="alternate">
                     <td class="row-title"><label for="acction_link">Link :</label></td>
                     <td><input type="text" name="acction_link" id="acction_link" value="<?php echo $acction_link; ?>"  /></td>
+                    <td><input type="text" name="acction_link" id="acction_link" value="<?php echo esc_html($acction_link); ?>"  /></td>
                 </tr>
                 <tr>
                     <td class="row-title">&nbsp;</td>
                     <td><input class="button-primary" type="submit" name="update_option_setting" value="<?php _e( 'Save' ); ?>" /></td>
+                    <td><input class="button-primary" type="submit" name="update_option_setting" value="<?php esc_attr_e( 'Save', 'custom-top-bar' ); ?>" /></td>
                 </tr>
             </table>

custom-top-bar/trunk/top-bar.php

-                      r3449021
+                      r3449868
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
 /*
 Plugin Name: Custom top bar
 …
 Description: You can easily customize page top bar with background color,contact number social links and a custom buttom
 Author: Suman Biswas
+Version: 2.0.3.1
+Version: 2.1
+Text Domain: custom-top-bar
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 add_action( 'add_meta_boxes', 'ctb_social_post_meta_box' );
 add_action( 'save_post', 'ctb_save_social_link_meta_vale',10,3 );
-add_action('do_meta_boxes', 'ctb_change_image_box');
 add_action('admin_head-post-new.php','ctb_change_thumbnail_html');
 add_action('admin_head-post.php','ctb_change_thumbnail_html');
 add_action('admin_menu', 'ctb_register_fallback_page');
 add_action('admin_enqueue_scripts', 'ctb_include_Colorpicker');
+define( 'CTB_JS_CSS_VER', 2.1 );
 function ctb_include_styles()
+{
     wp_enqueue_style( 'style', plugins_url( 'css/bar.css', __FILE__ ));
+    wp_enqueue_style( 'style', plugins_url( 'css/bar.css', __FILE__ ),array(), CTB_JS_CSS_VER, 'all' );
+}
 …
         array(
             'labels' => array(
                 'name' => __( 'Top Bar Section' ),
                 'singular_name' => __( 'Social Link' ),
                 'add_new' => __( 'Add New Social Link' ),
                 'add_new_item' => __( 'Add New Social Link' ),
                 'edit' => __( 'Edit' ),
                 'edit_item' => __( 'Edit Social Link' ),
                 'new_item' => __( 'New Social Link' ),
                 'view' => __( 'View Social Link' ),
                 'view_item' => __( 'View Social Link' ),
                 'search_items' => __( 'Search Social Link' ),
                 'not_found' => __( 'No Social Link found' ),
                 'not_found_in_trash' => __( 'No Social Link found in Trash' ),
                 'parent' => __( 'Parent Social Link' ),
+                'name' => __( 'Top Bar Section', 'custom-top-bar' ),
+                'singular_name' => __( 'Social Link', 'custom-top-bar' ),
+                'add_new' => __( 'Add New Social Link', 'custom-top-bar' ),
+                'add_new_item' => __( 'Add New Social Link', 'custom-top-bar' ),
+                'edit' => __( 'Edit', 'custom-top-bar' ),
+                'edit_item' => __( 'Edit Social Link', 'custom-top-bar' ),
+                'new_item' => __( 'New Social Link', 'custom-top-bar' ),
+                'view' => __( 'View Social Link', 'custom-top-bar' ),
+                'view_item' => __( 'View Social Link', 'custom-top-bar' ),
+                'search_items' => __( 'Search Social Link', 'custom-top-bar' ),
+                'not_found' => __( 'No Social Link found', 'custom-top-bar' ),
+                'not_found_in_trash' => __( 'No Social Link found in Trash', 'custom-top-bar' ),
+                'parent' => __( 'Parent Social Link', 'custom-top-bar' ),
             ),
             'public' => true,
 …
 function ctb_social_post_meta_box()
+{
     add_meta_box( 'ctb_slug', __( 'Social Link', 'ctb_code_domain' ),'ctb_inner_custom','social-post');
+    add_meta_box( 'ctb_slug', __( 'Social Link', 'custom-top-bar' ),'ctb_inner_custom','social-post');
+}
 …
             <tr>
                 <td>Link : </td>
                 <td><input type="text" name="social_link" id="social_link" value="<?php echo $social_link; ?>" style="width:350px;"  /></td>
+                <td><input type="text" name="social_link" id="social_link" value="<?php echo esc_url($social_link); ?>" style="width:350px;"  /></td>
             </tr>
         </table>
 …
 function ctb_save_social_link_meta_vale($postID,$post,$update)
+{
-    global $devices;
     if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
         return;
     if ( 'social-post' == $post->post_type ) {
         $code = sanitize_text_field( $_POST['social_link'] );
+        $code = array_key_exists('social_link', $_POST) ? sanitize_text_field( wp_unslash($_POST['social_link'] ) ) : '';
         update_post_meta($postID, 'social_link', $code);
+    }
 …
+}
-function ctb_change_image_box()
+{
-    remove_meta_box( 'postimagediv', 'social-post', 'side' );
-    add_meta_box('ct_postimagediv', __('Social Icon'), 'post_thumbnail_meta_box', 'social-post', 'normal', 'high');
+}
 function ctb_change_thumbnail_html( $content ) {
     if ('social-post' == $GLOBALS['post_type'])
       add_filter('admin_post_thumbnail_html',ctb_do_thumb);
+      add_filter('admin_post_thumbnail_html','ctb_do_thumb');
+}
 function ctb_do_thumb($content){
      return str_replace(__('Set featured image'), __('Social Icon'),$content);
+     return str_replace(__('Set featured image','custom-top-bar'), __('Social Icon','custom-top-bar'),$content);
+}

custom-top-bar/trunk/top_bar.php

-                      r1240039
+                      r3449868
 <?php
+if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
 $enable_top_bar = get_option('enable_top_bar');
 $fixed_top_bar = get_option('fixed_top_bar');
 …
 <?php if($enable_top_bar) { ?>
 <div id="page">
 <div id="header"  style=" <?php if($fixed_top_bar == 1 ) { ?> position:fixed; <?php } ?> <?php echo 'height:'.$top_bar_height.'px;'; ?> <?php echo 'background:'.$top_bar_color; ?> " >
+<div id="header"  style=" <?php if($fixed_top_bar == 1 ) { ?> position:fixed; <?php } ?> <?php echo 'height:'.esc_html($top_bar_height).'px;'; ?> <?php echo 'background:'.esc_html($top_bar_color); ?> " >
     <div class="wrapper">
       <div class="col-lf-1">
         <span class="txt" style=" margin-top:<?php echo $textMargin;?>%; color: <?php echo $text_color; ?>">
+        <span class="txt" style=" margin-top:<?php echo esc_html($textMargin);?>%; color: <?php echo esc_html($text_color); ?>">
         <?php if($display_contact_number) { ?>
         <?php echo $contact_number; ?>
+        <?php echo esc_html($contact_number); ?>
         <?php } ?>
         </span>
         <?php if($display_email_address && $display_contact_number) {?>
         <span class="txt" style=" margin-top:<?php echo $textMargin;?>%;">|</span>
+        <span class="txt" style=" margin-top:<?php echo esc_html($textMargin);?>%;">|</span>
         <?php } ?>
         <span class="txt" style=" margin-top:<?php echo $textMargin;?>%;color: <?php echo $text_color; ?>">
+        <span class="txt" style=" margin-top:<?php echo esc_html($textMargin);?>%;color: <?php echo esc_html($text_color); ?>">
         <?php if($display_email_address) { ?>
         <a href="mailto:<?php echo $contact_email; ?>" style="color: <?php echo $text_color; ?>"><?php echo $contact_email; ?></a>
+        <a href="mailto:<?php echo esc_html($contact_email); ?>" style="color: <?php echo esc_html($text_color); ?>"><?php echo esc_html($contact_email); ?></a>
         <?php } ?>
         </span>
 …
             while($theQuery->have_posts()){
             $theQuery->the_post();
             $src = wp_get_attachment_image_src( get_post_thumbnail_id(get_the_ID()),'social_image_medium');
             $social_link = get_post_meta( get_the_ID(), $key = 'social_link', $single = true );
+                  $src = wp_get_attachment_image_src( get_post_thumbnail_id(get_the_ID()),'social_image_medium');
+                  $social_link = get_post_meta( get_the_ID(), $key = 'social_link', $single = true );
         ?>
         <a href="<?php echo $social_link; ?>" target="_blank"><img src="<?php echo $src[0];?>" alt="" title="<?php echo get_the_title(); ?>" /></a>
         <?php } } wp_reset_query(); ?>
+        <a href="<?php echo esc_url($social_link); ?>" target="_blank"><img src="<?php echo esc_html($src[0]);?>" alt="" title="<?php echo esc_html(get_the_title()); ?>" /></a>
+        <?php } } wp_reset_postdata(); ?>
       </div>
+      <a href="<?php echo $acction_link; ?>" class="btn"><?php echo $button_text; ?></a>
+      <?php if($button_text !='' && $acction_link !='') { ?>
+        <a href="<?php echo esc_url($acction_link); ?>" class="btn"><?php echo esc_html($button_text); ?></a>
+      <?php } ?>
     </div>
   </div>

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: