Changeset 2949021

Timestamp:

08/08/2023 02:51:12 AM (2 years ago)

Author:

grimmdude

Message:

4.5 - Address XSS vulnerability.

Location:

social-share-boost

Files:

• tags/4.5 (added)
• tags/4.5/common_lib.php (added)
• tags/4.5/css (added)
• tags/4.5/css/style.css (added)
• tags/4.5/func.php (added)
• tags/4.5/images (added)
• tags/4.5/images/fb.png (added)
• tags/4.5/images/gp.png (added)
• tags/4.5/images/insta.png (added)
• tags/4.5/images/linkd.png (added)
• tags/4.5/images/pin.png (added)
• tags/4.5/images/rss.png (added)
• tags/4.5/images/twtr.png (added)
• tags/4.5/images/vim.png (added)
• tags/4.5/images/yt.png (added)
• tags/4.5/js (added)
• tags/4.5/js/admin-js.js (added)
• tags/4.5/readme.txt (added)
• tags/4.5/screenshot-1.png (added)
• tags/4.5/screenshot-2.png (added)
• tags/4.5/screenshot-3.png (added)
• tags/4.5/screenshot-4.png (added)
• tags/4.5/social-share-boost.php (added)
• tags/4.5/ssb_widgets.php (added)
• trunk/common_lib.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/social-share-boost.php (modified) (1 diff)
• trunk/ssb_widgets.php (modified) (7 diffs)

social-share-boost/trunk/common_lib.php

@@ -100 +100 @@
                 $curval='';
                             $curval = stripslashes( $curval);
-                            $html.='<tr valign="top"><th scope="row"><label for="'.$field['id'].'">'.$field['title'].'</label></th><td>';
+                            $html.='<tr valign="top"><th scope="row"><label for="'.esc_attr($field['id']).'">'.esc_html($field['title']).'</label></th><td>';
 
                 switch($field['type'])
                 {
                     case 'textarea':
-                        $html.='<textarea style="width: 25em;" rows=4 id="'.$field['id'].'" name="'.$optn_val.'['.$field['id'].']" class="regular-text">'. $curval.'</textarea>';
+                        $html.='<textarea style="width: 25em;" rows=4 id="'.esc_attr($field['id']).'" name="'.$optn_val.'['.$field['id'].']" class="regular-text">'. esc_textarea($curval).'</textarea>';
                                     break;
                                 case 'text':
-                                    $html.='<input id="'.$field['id'].'" type="text" name="'.$optn_val.'['.$field['id'].']" value="'. $curval.'" class="regular-text" />';
+                                    $html.='<input id="'.$field['id'].'" type="text" name="'.$optn_val.'['.$field['id'].']" value="'. esc_attr($curval).'" class="regular-text" />';
                                     break;
                                 case 'checkbox':

social-share-boost/trunk/readme.txt

@@ -3 +3 @@
 Tags: social, share, share buttons, social boost, social share, facebook, twitter, google plus, sharing, SEO, addthis, sharethis
 Requires at least: 2.5
-Tested up to: 6.0
-Stable tag: 4.4
+Tested up to: 6.2
+Stable tag: 4.5
 License: GPLv2 or later
 
@@ -78 +78 @@
 == Changelog ==
 
+= 4.5 =
+* Address XSS vulnerability
 
 = 4.1 =

social-share-boost/trunk/social-share-boost.php

@@ -3 +3 @@
 Plugin URI: http://sumo.com/
 Description: Boost Your Social Sharing by automatically adding various social share tools above or below the posts, page and excerpts. This plug-in also provides the functionality to show the social tools using a simple shortcode.
-Version: 4.4
+Version: 4.5
 Author: Sumo
-Author URI: http://sumo.com/
+Author URI: https://sumo.com/
 License: GPLv2 or later
 */

social-share-boost/trunk/ssb_widgets.php

@@ -88 +88 @@
         $linkedin = esc_attr($instance['linkedin']);
         $scoopit = esc_attr($instance['scoopit']);
-        echo'<p><label for="'. $this->get_field_id('title').'">Title:</label><input class="widefat" id="'. $this->get_field_id('title').'" name="'. $this->get_field_name('title').'>" type="text" value="'. $title.'" /></p>';
-        echo'<p><label for="'. $this->get_field_id('url').'">Url to share(leave empty to use homeurl):</label><input class="widefat" id="'. $this->get_field_id('url').'" name="'. $this->get_field_name('url').'>" type="text" value="'. $url.'" /></p>';
-
-        echo'<p><label for="'. $this->get_field_id('fb_like').'">Facebook Like:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('fb_like').'" name="'. $this->get_field_name('fb_like').'>" type="checkbox" ';
+        echo'<p><label for="'. esc_attr($this->get_field_id('title')).'">Title:</label><input class="widefat" id="'. esc_attr($this->get_field_id('title')).'" name="'. esc_attr($this->get_field_name('title')).'>" type="text" value="'. esc_attr($title).'" /></p>';
+        echo'<p><label for="'. esc_attr($this->get_field_id('url')).'">Url to share(leave empty to use homeurl):</label><input class="widefat" id="'. esc_attr($this->get_field_id('url')).'" name="'. esc_attr($this->get_field_name('url')).'>" type="text" value="'. esc_attr($url).'" /></p>';
+
+        echo'<p><label for="'. esc_attr($this->get_field_id('fb_like')).'">Facebook Like:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('fb_like')).'" name="'. esc_attr($this->get_field_name('fb_like')).'>" type="checkbox" ';
         if ($fb_like)
             echo ' checked=checked ';
         echo'value="1" /></p>';
 
-           echo'<p><label for="'. $this->get_field_id('fb_share').'">Facebook Share:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('fb_share').'" name="'. $this->get_field_name('fb_share').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('fb_share')).'">Facebook Share:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('fb_share')).'" name="'. esc_attr($this->get_field_name('fb_share')).'>" type="checkbox" ';
         if ($fb_share)
             echo ' checked=checked ';
@@ -102 +102 @@
 
 
-           echo'<p><label for="'. $this->get_field_id('twtr').'">Tweeter:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('twtr').'" name="'. $this->get_field_name('twtr').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('twtr')).'">Tweeter:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('twtr')).'" name="'. esc_attr($this->get_field_name('twtr')).'>" type="checkbox" ';
         if ($twtr)
             echo ' checked=checked ';
         echo'value="1" /></p>';
 
-           echo'<p><label for="'. $this->get_field_id('gplus').'">Google Plus:</label> &nbsp;&nbsp; <input class="widefat" id="'. $this->get_field_id('gplus').'" name="'. $this->get_field_name('gplus').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('gplus')).'">Google Plus:</label> &nbsp;&nbsp; <input class="widefat" id="'. esc_attr($this->get_field_id('gplus')).'" name="'. esc_attr($this->get_field_name('gplus')).'>" type="checkbox" ';
         if ($gplus)
             echo ' checked=checked ';
         echo'value="1" /></p>';
 
-           echo'<p><label for="'. $this->get_field_id('pint').'">Pinterest:</label> &nbsp;&nbsp; <input class="widefat" id="'. $this->get_field_id('pint').'" name="'. $this->get_field_name('pint').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('pint')).'">Pinterest:</label> &nbsp;&nbsp; <input class="widefat" id="'. esc_attr($this->get_field_id('pint')).'" name="'. esc_attr($this->get_field_name('pint')).'>" type="checkbox" ';
         if ($pint)
             echo ' checked=checked ';
         echo'value="1" /></p>';
 
-           echo'<p><label for="'. $this->get_field_id('stmbl').'">Stumbleupon:</label> &nbsp;&nbsp; <input class="widefat" id="'. $this->get_field_id('stmbl').'" name="'. $this->get_field_name('stmbl').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('stmbl')).'">Stumbleupon:</label> &nbsp;&nbsp; <input class="widefat" id="'. esc_attr($this->get_field_id('stmbl')).'" name="'. esc_attr($this->get_field_name('stmbl')).'>" type="checkbox" ';
         if ($stmbl)
             echo ' checked=checked ';
         echo'value="1" /></p>';
 
-           echo'<p><label for="'. $this->get_field_id('tumblr').'">Tumblr:</label> &nbsp;&nbsp; <input class="widefat" id="'. $this->get_field_id('tumblr').'" name="'. $this->get_field_name('tumblr').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('tumblr')).'">Tumblr:</label> &nbsp;&nbsp; <input class="widefat" id="'. esc_attr($this->get_field_id('tumblr')).'" name="'. esc_attr($this->get_field_name('tumblr')).'>" type="checkbox" ';
         if ($tumblr)
             echo ' checked=checked ';
         echo'value="1" /></p>';
 
-           echo'<p><label for="'. $this->get_field_id('linkedin').'">LinkedIn:</label> &nbsp;&nbsp; <input class="widefat" id="'. $this->get_field_id('linkedin').'" name="'. $this->get_field_name('linkedin').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('linkedin')).'">LinkedIn:</label> &nbsp;&nbsp; <input class="widefat" id="'. esc_attr($this->get_field_id('linkedin')).'" name="'. esc_attr($this->get_field_name('linkedin')).'>" type="checkbox" ';
         if ($linkedin)
             echo ' checked=checked ';
         echo'value="1" /></p>';
-         echo'<p><label for="'. $this->get_field_id('scoopit').'">Scoop it:</label> &nbsp;&nbsp; <input class="widefat" id="'. $this->get_field_id('scoopit').'" name="'. $this->get_field_name('scoopit').'>" type="checkbox" ';
+         echo'<p><label for="'. esc_attr($this->get_field_id('scoopit')).'">Scoop it:</label> &nbsp;&nbsp; <input class="widefat" id="'. esc_attr($this->get_field_id('scoopit')).'" name="'. esc_attr($this->get_field_name('scoopit')).'>" type="checkbox" ';
         if ($scoopit)
             echo ' checked=checked ';
@@ -171 +171 @@
 
 
-        echo '<iframe src="//www.facebook.com/plugins/likebox.php?href='.urlencode($url).'&amp;width='.$width.'&amp;height='.$height.'&amp;colorscheme=';
+        echo '<iframe src="//www.facebook.com/plugins/likebox.php?href='.esc_attr(urlencode($url)).'&amp;width='.esc_attr($width).'&amp;height='.esc_attr($height).'&amp;colorscheme=';
 
         if(!$dark)
@@ -204 +204 @@
 
 
-          echo '&amp;appId=307091639398582" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:'.$width.'px; height:'.$height.'px;" allowTransparency="true"></iframe>';
+          echo '&amp;appId=307091639398582" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:'.esc_attr($width).'px; height:'.esc_attr($height).'px;" allowTransparency="true"></iframe>';
 
 
@@ -242 +242 @@
 
 
-        echo'<p><label for="'. $this->get_field_id('title').'">Title:</label><input class="widefat" id="'. $this->get_field_id('title').'" name="'. $this->get_field_name('title').'>" type="text" value="'. $title.'" /></p>';
-
-        echo'<p><label for="'. $this->get_field_id('url').'">FB page URL:</label><input class="widefat" id="'. $this->get_field_id('url').'" name="'. $this->get_field_name('url').'>" type="text" value="'. $url.'" /></p>';
-
- 
-
-
-        echo'<p><label for="'. $this->get_field_id('height').'">Like Box Height:</label><input class="widefat" id="'. $this->get_field_id('height').'" name="'. $this->get_field_name('height').'>" type="text" value="'. $height.'" /></p>';
-
-        echo'<p><label for="'. $this->get_field_id('width').'">Like Box Width:</label><input class="widefat" id="'. $this->get_field_id('width').'" name="'. $this->get_field_name('width').'>" type="text" value="'. $width.'" /></p>';
- 
-
-
-
-
-           echo'<p><label for="'. $this->get_field_id('faces').'">Show Faces:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('faces').'" name="'. $this->get_field_name('faces').'>" type="checkbox" ';
+        echo'<p><label for="'. esc_attr($this->get_field_id('title')).'">Title:</label><input class="widefat" id="'. esc_attr($this->get_field_id('title')).'" name="'. esc_attr($this->get_field_name('title')).'>" type="text" value="'. esc_attr($title).'" /></p>';
+
+        echo'<p><label for="'. esc_attr($this->get_field_id('url')).'">FB page URL:</label><input class="widefat" id="'. esc_attr($this->get_field_id('url')).'" name="'. esc_attr($this->get_field_name('url')).'>" type="text" value="'. esc_attr($url).'" /></p>';
+
+ 
+
+
+        echo'<p><label for="'. esc_attr($this->get_field_id('height')).'">Like Box Height:</label><input class="widefat" id="'. esc_attr($this->get_field_id('height')).'" name="'. esc_attr($this->get_field_name('height')).'>" type="text" value="'. esc_attr($height).'" /></p>';
+
+        echo'<p><label for="'. esc_attr($this->get_field_id('width')).'">Like Box Width:</label><input class="widefat" id="'. esc_attr($this->get_field_id('width')).'" name="'. esc_attr($this->get_field_name('width')).'>" type="text" value="'. esc_attr($width).'" /></p>';
+ 
+
+
+
+
+           echo'<p><label for="'. esc_attr($this->get_field_id('faces')).'">Show Faces:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('faces')).'" name="'. esc_attr($this->get_field_name('faces')).'>" type="checkbox" ';
         if ($faces)
             echo ' checked=checked ';
         echo'value="1" /></p>';
 
-           echo'<p><label for="'. $this->get_field_id('feed').'">Show Posts:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('feed').'" name="'. $this->get_field_name('feed').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('feed')).'">Show Posts:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('feed')).'" name="'. esc_attr($this->get_field_name('feed')).'>" type="checkbox" ';
         if ($feed)
             echo ' checked=checked ';
         echo'value="1" /></p>';
-           echo'<p><label for="'. $this->get_field_id('header').'">Hide Box Header:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('header').'" name="'. $this->get_field_name('header').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('header')).'">Hide Box Header:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('header')).'" name="'. esc_attr($this->get_field_name('header')).'>" type="checkbox" ';
         if ($header)
             echo ' checked=checked ';
         echo'value="1" /></p>';
-           echo'<p><label for="'. $this->get_field_id('border').'">Hide Box Border:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('border').'" name="'. $this->get_field_name('border').'>" type="checkbox" ';
+           echo'<p><label for="'. esc_attr($this->get_field_id('border')).'">Hide Box Border:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('border')).'" name="'. esc_attr($this->get_field_name('border')).'>" type="checkbox" ';
         if ($border)
             echo ' checked=checked ';
-        echo'value="1" /></p>';    echo'<p><label for="'. $this->get_field_id('dark').'">Use Dark Theme:</label> &nbsp;&nbsp;<input class="widefat" id="'. $this->get_field_id('dark').'" name="'. $this->get_field_name('dark').'>" type="checkbox" ';
+        echo'value="1" /></p>';    echo'<p><label for="'. esc_attr($this->get_field_id('dark')).'">Use Dark Theme:</label> &nbsp;&nbsp;<input class="widefat" id="'. esc_attr($this->get_field_id('dark')).'" name="'. esc_attr($this->get_field_name('dark')).'>" type="checkbox" ';
         if ($dark)
             echo ' checked=checked ';
@@ -315 +315 @@
             if($value!="")
             {
-                echo '<li><a href="'.$value.'" target="_blank"><img src="'.plugins_url('images/'.$key.'.png', __FILE__).'" /></li>';
+                echo '<li><a href="'.esc_attr($value).'" target="_blank"><img src="'.esc_attr(plugins_url('images/'.$key.'.png', __FILE__)).'" /></li>';
             }
         }
@@ -353 +353 @@
         $ico_r['linkd_url'] = array('LinkedIn',esc_attr($instance['linkd_url']));  
 
-        echo'<p><label for="'. $this->get_field_id('title').'">Title:</label><input class="widefat" id="'. $this->get_field_id('title').'" name="'. $this->get_field_name('title').'>" type="text" value="'. $title.'" /></p>';
+        echo'<p><label for="'. $this->get_field_id('title').'">Title:</label><input class="widefat" id="'. esc_attr($this->get_field_id('title')).'" name="'. esc_attr($this->get_field_name('title')).'>" type="text" value="'. esc_attr($title).'" /></p>';
 
 
         foreach ($ico_r as $key => $value)
         {
-            echo'<p><label for="'. $this->get_field_id($key).'">'.$value[0].' Profile URL:</label><input class="widefat" id="'. $this->get_field_id($key).'" name="'. $this->get_field_name($key).'>" type="text" value="'. $value[1].'" /></p>';
+            echo'<p><label for="'. esc_attr($this->get_field_id($key)).'">'.esc_attr($value[0]).' Profile URL:</label><input class="widefat" id="'. esc_attr($this->get_field_id($key)).'" name="'. esc_attr($this->get_field_name($key)).'>" type="text" value="'. esc_attr($value[1]).'" /></p>';
         }
     }