Merge pull request #33 from circuscode/develop

Version 0.19
circuscode · Apr 25, 2024 · 6b9d74f · 6b9d74f
2 parents 9fa8f64 + b6cc96b
commit 6b9d74f
Show file tree

Hide file tree

Showing 11 changed files with 28 additions and 12 deletions.
diff --git a/hdfys_display.php b/hdfys_display.php
@@ -32,7 +32,7 @@ function hdfys() {
 		$line=hdfys_get_anything();
 
 		// Output
-		echo "<p class='admin-hdfys'>".$line."</p>";
+		echo "<p class='admin-hdfys'>".esc_html($line)."</p>";
 	}
 }
 add_action( 'admin_notices', 'hdfys' );

diff --git a/hdfys_gutenberg.php b/hdfys_gutenberg.php
@@ -34,7 +34,7 @@ function hdfys_gutenberg_block() {
 	$gutenberg_line = hdfys_get_anything();
 
 	// Add HTML Markup
-	$gutenberg_output = '<p class="hdfys gutenberg-block">'. $gutenberg_line .'</p>';
+	$gutenberg_output = '<p class="hdfys gutenberg-block">'.esc_html($gutenberg_line).'</p>';
 
 	// Process Filter
 	$gutenberg_output=apply_filters( 'hdfys_output_filter', $gutenberg_output );

diff --git a/hdfys_installation.php b/hdfys_installation.php
@@ -26,7 +26,7 @@ function hdfys_activate () {
 	/* Initialize Settings */
 	add_option('hdfys_activated',"1");
 	add_option('hdfys_song',"");
-	add_option('hdfys_version', "18");
+	add_option('hdfys_version', "19");
 	add_option('widget_hdfys_widget');
 	add_option('hdfys_admin_lyric',"1");
 	add_option('hdfys_text_updated',"0");

diff --git a/hdfys_settings.php b/hdfys_settings.php
@@ -53,7 +53,7 @@ function hdfys_options() {
  */
 
 function hdfys_options_display_songtext() {
-	echo '<textarea style="width:600px;height:400px;" class="regular-text" type="text" name="hdfys_song" id="hdfys_song">'. get_option('hdfys_song') .'</textarea>';
+	echo '<textarea style="width:600px;height:400px;" class="regular-text" type="text" name="hdfys_song" id="hdfys_song">'.esc_textarea( get_option('hdfys_song')) .'</textarea>';
 }
 
 /**

diff --git a/hdfys_shortcode.php b/hdfys_shortcode.php
@@ -25,7 +25,7 @@
 
 function hdfys_shortcode() {
 	$shortcode_line=hdfys_get_anything();
-	$hdfys_shortcode_output= '<p class="hdfys shortcode">'. $shortcode_line .'</p>';
+	$hdfys_shortcode_output= '<p class="hdfys shortcode">'.esc_html($shortcode_line).'</p>';
 	$hdfys_shortcode_output=apply_filters( 'hdfys_output_filter', $hdfys_shortcode_output );
 	return $hdfys_shortcode_output;
 }

diff --git a/hdfys_templatetag.php b/hdfys_templatetag.php
@@ -21,7 +21,7 @@
 
 function hello_dolly_for_your_song() {
 	$hdfys_template_tag_line = hdfys_get_anything();
-	$hdfys_template_tag_output='<div class="hdfys templatetag">'. $hdfys_template_tag_line .'</div>';
+	$hdfys_template_tag_output='<div class="hdfys templatetag">'. esc_html($hdfys_template_tag_line) .'</div>';
 	$hdfys_template_tag_output=apply_filters( 'hdfys_output_filter', $hdfys_template_tag_output );
 	echo $hdfys_template_tag_output;
 }

diff --git a/hdfys_update.php b/hdfys_update.php
@@ -77,6 +77,10 @@ function hdfys_update () {
 if($hdfys_previous_version==17) {
 update_option('hdfys_version','18');
 }
+/* Update Process Version 0.19 */
+if($hdfys_previous_version==18) {
+update_option('hdfys_version','19');
+}
 
 }
 add_action( 'plugins_loaded', 'hdfys_update' );

diff --git a/hdfys_widget.php b/hdfys_widget.php
@@ -39,9 +39,9 @@ public function widget( $args, $instance ) {
 		echo '<aside class="widget hdfys">';
 		echo '<h3 class="widget-title hdfys">';
 			if ( ! empty( $title ) )
-				echo $title;
+				echo esc_html($title);
 		echo '</h3>';
-		echo '<p class="widget-hdfys">'.$widget_line.'</p>';
+		echo '<p class="widget-hdfys">'.esc_html($widget_line).'</p>';
 		echo '</aside>';
 	}
 

diff --git a/hellodollyforyoursong.php b/hellodollyforyoursong.php
@@ -4,7 +4,7 @@
 Plugin Name:  Hello Dolly For Your Song
 Plugin URI:   https://www.unmus.de/wordpress-plugin-hello-dolly-for-your-song/
 Description:  This simple plugin shows a random line of any text in your blog.
-Version:	  0.18
+Version:	  0.19
 Author:       Marco Hitschler
 Author URI:   https://www.unmus.de/
 License:      GPL3

diff --git a/readme.md b/readme.md
@@ -153,6 +153,11 @@ This project is licensed under the GPL3 License.
 
 ## Changelog
 
+### 0.19
+
+* april 2024
+* Security: Echo Escaping added
+
 ### 0.18
 
 * april 2023
@@ -269,4 +274,4 @@ This project is licensed under the GPL3 License.
 ### 0.1
 
 * 3 may 2013
-* Running version
+* Running version
diff --git a/readme.txt b/readme.txt
@@ -3,8 +3,8 @@ Contributors: unmus, jordansilaen
 Tags: hello world, love, random, learning wordpress, admin
 Requires at least: 5.2
 Requires PHP: 7.0
-Tested up to: 6.2
-Stable tag: 0.18
+Tested up to: 6.5.2
+Stable tag: 0.19
 License: GPLv3 or later
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 
@@ -101,6 +101,10 @@ Several admin pages like settings are excluded, because some plugins do not use
 
 == Changelog ==
 
+= 0.19 =
+* april 2024
+* Security: Echo Escaping added
+
 = 0.18 =
 * april 2023
 * Bugfix: LastChar is blank
@@ -203,6 +207,9 @@ Several admin pages like settings are excluded, because some plugins do not use
 
 == Upgrade Notice ==
 
+= 0.19 =
+This version is a security release (no new features, but more secure code).
+
 = 0.18 =
 This version is a maintenance release (no new features, but bugfixes).