Merge tag '0.18.9' into develop

release 0.18.10
This commit is contained in:
vnmedeiros 2022-05-24 11:36:31 -03:00
commit c8f42c43b6
21 changed files with 314 additions and 196 deletions

View File

@ -1382,7 +1382,12 @@ class REST_Items_Controller extends REST_Controller {
], 400); ], 400);
} }
$secret_key = get_option("tnc_option_recaptch_secret_key"); $secret_key = get_option("tnc_option_recaptch_secret_key");
$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR'])); $api_url = "https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR'];
$response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$response = json_decode($body);
if ($response->success) { if ($response->success) {
return true; return true;
} else { } else {

View File

@ -103,54 +103,11 @@ class Media {
* @return string the file path * @return string the file path
*/ */
public function save_remote_file($url) { public function save_remote_file($url) {
set_time_limit(0); $filename = download_url($url, 900);
if( is_wp_error($filename) ) {
$filename = tempnam(sys_get_temp_dir(), basename($url)); throw new \Exception( "[save_remote_file]:" . implode("\n", $filename->get_error_messages()));
}
# Open the file for writing... return $filename;
self::$file_handle = fopen($filename, 'w+');
self::$file_name = $filename;
$callback = function ($ch, $str) {
$len = fwrite(self::$file_handle, $str);
return $len;
};
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FILE, self::$file_handle);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); # optional
curl_setopt($ch, CURLOPT_TIMEOUT, -1); # optional: -1 = unlimited, 3600 = 1 hour
curl_setopt($ch, CURLOPT_VERBOSE, false); # Set to true to see all the innards
# Only if you need to bypass SSL certificate validation
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
# Assign a callback function to the CURL Write-Function
curl_setopt($ch, CURLOPT_WRITEFUNCTION, $callback);
# Execute the download - note we DO NOT put the result into a variable!
curl_exec($ch);
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
# Close CURL
curl_close($ch);
# Close the file pointer
fclose(self::$file_handle);
throw new \Exception( "[save_remote_file]:" . $error_msg);
}
# Close CURL
curl_close($ch);
# Close the file pointer
fclose(self::$file_handle);
return $filename;
} }

View File

@ -117,12 +117,12 @@ class Private_Files {
// regular ajax uploads via Admin Panel will send post_id // regular ajax uploads via Admin Panel will send post_id
if ( isset($_REQUEST['post_id']) && $_REQUEST['post_id'] ) { if ( isset($_REQUEST['post_id']) && $_REQUEST['post_id'] ) {
$post_id = $_REQUEST['post_id']; $post_id = sanitize_text_field($_REQUEST['post_id']);
} }
// API requests to media endpoint will send post // API requests to media endpoint will send post
if ( false === $post_id && isset($_REQUEST['post']) && is_numeric($_REQUEST['post']) ) { if ( false === $post_id && isset($_REQUEST['post']) && is_numeric($_REQUEST['post']) ) {
$post_id = $_REQUEST['post']; $post_id = sanitize_text_field($_REQUEST['post']);
} }
// tainacan internals, scripts and tests, will set this global // tainacan internals, scripts and tests, will set this global
@ -191,7 +191,7 @@ class Private_Files {
$upload_dir = wp_get_upload_dir(); $upload_dir = wp_get_upload_dir();
$base_upload_url = preg_replace('/^https?:\/\//', '', $upload_dir['baseurl']); $base_upload_url = preg_replace('/^https?:\/\//', '', $upload_dir['baseurl']);
$requested_uri = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $requested_uri = sanitize_text_field($_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
if ( strpos($requested_uri, $base_upload_url) === false ) { if ( strpos($requested_uri, $base_upload_url) === false ) {
// Not uploads // Not uploads

View File

@ -564,7 +564,6 @@ class Item extends Entity {
*/ */
public function get_metadata_as_html($args = array()) { public function get_metadata_as_html($args = array()) {
$Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance();
$Tainacan_Metadata = \Tainacan\Repositories\Metadata::get_instance(); $Tainacan_Metadata = \Tainacan\Repositories\Metadata::get_instance();
$return = ''; $return = '';
@ -633,7 +632,7 @@ class Item extends Entity {
} }
return $return; return wp_kses_tainacan($return);
} }
@ -702,7 +701,7 @@ class Item extends Entity {
} }
} }
return $return; return wp_kses_tainacan($return);
} }
@ -772,8 +771,7 @@ class Item extends Entity {
} }
return apply_filters("tainacan-item-get-document-as-html", $output, $img_size, $this); return apply_filters("tainacan-item-get-document-as-html", wp_kses_tainacan($output), $img_size, $this);
} }
/** /**
@ -806,8 +804,7 @@ class Item extends Entity {
$output .= $embed; $output .= $embed;
} }
} }
return wp_kses_tainacan($output);
return $output;
} }
@ -841,7 +838,7 @@ class Item extends Entity {
} }
} }
return $link; return esc_url($link);
} }
/** /**

View File

@ -312,7 +312,7 @@ class CSV extends Exporter {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="delimiter" maxlength="1" value="<?php echo $this->get_option('delimiter'); ?>"> <input class="input" type="text" name="delimiter" maxlength="1" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
</div> </div>
</div> </div>
@ -334,7 +334,7 @@ class CSV extends Exporter {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="multivalued_delimiter" value="<?php echo $this->get_option('multivalued_delimiter'); ?>"> <input class="input" type="text" name="multivalued_delimiter" value="<?php echo esc_attr($this->get_option('multivalued_delimiter')); ?>">
</div> </div>
</div> </div>

View File

@ -98,7 +98,7 @@ class Term_Exporter extends Exporter {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="delimiter" value="<?php echo $this->get_option('delimiter'); ?>"> <input class="input" type="text" name="delimiter" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
</div> </div>
</div> </div>
@ -127,7 +127,7 @@ class Term_Exporter extends Exporter {
$taxonomies = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' ); $taxonomies = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' );
foreach( $taxonomies as $taxonomie) { foreach( $taxonomies as $taxonomie) {
?> ?>
<option value="<?php echo $taxonomie->get_db_identifier();?>"><?php echo $taxonomie->get_name() ?> </option> <option value="<?php echo esc_attr($taxonomie->get_db_identifier());?>"><?php echo esc_attr($taxonomie->get_name()); ?> </option>
<?php <?php
} }
?> ?>

View File

@ -148,7 +148,7 @@ class Exposers_Handler {
$type_responde = $exposer->rest_request_after_callbacks($response, $handler, $request); $type_responde = $exposer->rest_request_after_callbacks($response, $handler, $request);
if(self::request_has_url_param($request)) { if(self::request_has_url_param($request)) {
header(implode('', $response->get_headers())); header(implode('', $response->get_headers()));
echo stripcslashes($response->get_data()); echo esc_attr(stripcslashes($response->get_data()));
exit(); exit();
} }
return $type_responde; return $type_responde;

View File

@ -334,7 +334,7 @@ class CSV extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="multivalued_delimiter" value="<?php echo $this->get_option('multivalued_delimiter'); ?>"> <input class="input" type="text" name="multivalued_delimiter" value="<?php echo esc_attr($this->get_option('multivalued_delimiter')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -357,7 +357,7 @@ class CSV extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="enclosure" value="<?php echo $this->get_option('enclosure'); ?>"> <input class="input" type="text" name="enclosure" value="<?php echo esc_attr($this->get_option('enclosure')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -410,7 +410,7 @@ class CSV extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="escape_empty_value" value="<?php echo $this->get_option('escape_empty_value'); ?>"> <input class="input" type="text" name="escape_empty_value" value="<?php echo esc_attr($this->get_option('escape_empty_value')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -467,7 +467,7 @@ class CSV extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="server_path" value="<?php echo $this->get_option('server_path'); ?>"> <input class="input" type="text" name="server_path" value="<?php echo esc_attr($this->get_option('server_path')); ?>">
</div> </div>
<p class="help"> <p class="help">
<strong><?php _e('Importing attachments', 'tainacan'); ?>: </strong><?php echo nl2br(__('Check the documentation to learn how to set up your .csv file correctly for importing files <a href="https://tainacan.github.io/tainacan-wiki/#/importers?id=importador-csv-items">on this link.</a>', 'tainacan')); ?> <strong><?php _e('Importing attachments', 'tainacan'); ?>: </strong><?php echo nl2br(__('Check the documentation to learn how to set up your .csv file correctly for importing files <a href="https://tainacan.github.io/tainacan-wiki/#/importers?id=importador-csv-items">on this link.</a>', 'tainacan')); ?>

View File

@ -188,7 +188,9 @@ class Flickr_Importer extends Importer {
$this->add_log('url ' . $api_url); $this->add_log('url ' . $api_url);
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->photoset) ){ if( $json && isset($json->photoset) ){
return $json; return $json;
} }
@ -203,7 +205,10 @@ class Flickr_Importer extends Importer {
$this->add_log('url ' . $api_url); $this->add_log('url ' . $api_url);
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->photos) ){ if( $json && isset($json->photos) ){
return $json; return $json;
@ -218,7 +223,9 @@ class Flickr_Importer extends Importer {
$this->add_log('url ' . $api_url); $this->add_log('url ' . $api_url);
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->photo) ){ if( $json && isset($json->photo) ){
return $json; return $json;
@ -428,8 +435,9 @@ class Flickr_Importer extends Importer {
. $id . $this->format; . $id . $this->format;
$this->add_log('url ' . $api_url); $this->add_log('url ' . $api_url);
$response = wp_remote_get( $api_url );
$json = json_decode(file_get_contents($api_url)); $body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->photo) ){ if( $json && isset($json->photo) ){
return $json; return $json;

View File

@ -125,7 +125,7 @@ class Test_Importer extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="number" name="items_col_1" value="<?php echo $this->get_option('items_col_1'); ?>"> <input class="input" type="number" name="items_col_1" value="<?php echo esc_attr($this->get_option('items_col_1')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -149,7 +149,7 @@ class Test_Importer extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="number" name="additonal_metadata" value="<?php echo $this->get_option('additonal_metadata'); ?>"> <input class="input" type="number" name="additonal_metadata" value="<?php echo esc_attr($this->get_option('additonal_metadata')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -204,7 +204,7 @@ class Test_Importer extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="number" name="items_col_2" value="<?php echo $this->get_option('items_col_2'); ?>"> <input class="input" type="number" name="items_col_2" value="<?php echo esc_attr($this->get_option('items_col_2')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -266,7 +266,7 @@ class Test_Importer extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="keyword_images" value="<?php echo $this->get_option('keyword_images'); ?>"> <input class="input" type="text" name="keyword_images" value="<?php echo esc_attr($this->get_option('keyword_images')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -290,7 +290,7 @@ class Test_Importer extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="number" name="horizontal_image_size" value="<?php echo $this->get_option('horizontal_image_size'); ?>"> <input class="input" type="number" name="horizontal_image_size" value="<?php echo esc_attr($this->get_option('horizontal_image_size')); ?>">
</div> </div>
</div> </div>
@ -312,7 +312,7 @@ class Test_Importer extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="number" name="vertical_image_size" value="<?php echo $this->get_option('vertical_image_size'); ?>"> <input class="input" type="number" name="vertical_image_size" value="<?php echo esc_attr($this->get_option('vertical_image_size')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -649,8 +649,10 @@ class Test_Importer extends Importer {
$keyword = ( $this->get_option('keyword_images') ) ? $this->get_option('keyword_images') : ''; $keyword = ( $this->get_option('keyword_images') ) ? $this->get_option('keyword_images') : '';
$url = "https://loremflickr.com/$horizontal_size/$vertical_size/$keyword"; $url = "https://loremflickr.com/$horizontal_size/$vertical_size/$keyword";
$response = wp_remote_get( $url );
$content = wp_remote_retrieve_body( $response );
$id = $TainacanMedia->insert_attachment_from_blob(file_get_contents($url), time() . '.jpg', $inserted_item->get_id()); $id = $TainacanMedia->insert_attachment_from_blob($content, time() . '.jpg', $inserted_item->get_id());
if(!$id){ if(!$id){
$this->add_error_log('Error in imported URL ' . $url); $this->add_error_log('Error in imported URL ' . $url);

View File

@ -231,7 +231,9 @@ class Youtube_Importer extends Importer {
$api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&id=' $api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&id='
. $id . '&key=' . $api_key; . $id . '&key=' . $api_key;
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->items) ){ if( $json && isset($json->items) ){
$item = $json->items[0]; $item = $json->items[0];
@ -239,7 +241,9 @@ class Youtube_Importer extends Importer {
. $pageToken . '&maxResults=1&playlistId=' . $pageToken . '&maxResults=1&playlistId='
. $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key; . $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->items) ){ if( $json && isset($json->items) ){
return $json; return $json;
@ -251,8 +255,10 @@ class Youtube_Importer extends Importer {
case 'user': case 'user':
$api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&forUsername=' $api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&forUsername='
. $id . '&key=' . $api_key; . $id . '&key=' . $api_key;
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->items) ){ if( $json && isset($json->items) ){
$item = $json->items[0]; $item = $json->items[0];
@ -260,7 +266,9 @@ class Youtube_Importer extends Importer {
. $pageToken . '&maxResults=1&playlistId=' . $pageToken . '&maxResults=1&playlistId='
. $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key; . $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->items) ){ if( $json && isset($json->items) ){
return $json; return $json;
@ -274,7 +282,9 @@ class Youtube_Importer extends Importer {
. $pageToken . '&maxResults=1&playlistId=' . $pageToken . '&maxResults=1&playlistId='
. $id . '&key=' . $api_key; . $id . '&key=' . $api_key;
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->items) ){ if( $json && isset($json->items) ){
return $json; return $json;
@ -285,7 +295,9 @@ class Youtube_Importer extends Importer {
$api_url = 'https://www.googleapis.com/youtube/v3/videos?part=snippet%2CcontentDetails&maxResults=1&id=' $api_url = 'https://www.googleapis.com/youtube/v3/videos?part=snippet%2CcontentDetails&maxResults=1&id='
. $id . '&key=' . $api_key; . $id . '&key=' . $api_key;
$json = json_decode(file_get_contents($api_url)); $response = wp_remote_get( $api_url );
$body = wp_remote_retrieve_body( $response );
$json = json_decode($body);
if( $json && isset($json->items) ){ if( $json && isset($json->items) ){
return $json; return $json;
@ -399,7 +411,7 @@ class Youtube_Importer extends Importer {
</p> </p>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="api_id" value="<?php echo $this->get_option('api_id'); ?>"> <input class="input" type="text" name="api_id" value="<?php echo esc_attr($this->get_option('api_id')); ?>">
</div> </div>
</div> </div>
</div> </div>

View File

@ -64,7 +64,7 @@ class ScriptTainacanOld {
define( 'WP_USE_THEMES', false ); define( 'WP_USE_THEMES', false );
define( 'SHORTINIT', false ); define( 'SHORTINIT', false );
require( dirname(__FILE__) . '/../../../../wp-blog-header.php' ); // require( dirname(__FILE__) . '/../../../../wp-blog-header.php' );
$old_tainacan = new \Tainacan\Importer\Old_Tainacan(); $old_tainacan = new \Tainacan\Importer\Old_Tainacan();
$id = $old_tainacan->get_id(); $id = $old_tainacan->get_id();

View File

@ -60,7 +60,7 @@ class Term_Importer extends Importer {
</div> </div>
</span> </span>
<div class="control is-clearfix"> <div class="control is-clearfix">
<input class="input" type="text" name="delimiter" value="<?php echo $this->get_option('delimiter'); ?>"> <input class="input" type="text" name="delimiter" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
</div> </div>
</div> </div>
</div> </div>
@ -93,7 +93,7 @@ class Term_Importer extends Importer {
$taxonomies = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' ); $taxonomies = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' );
foreach( $taxonomies as $taxonomie) { foreach( $taxonomies as $taxonomie) {
?> ?>
<option value="<?php echo $taxonomie->get_db_identifier();?>"><?php echo $taxonomie->get_name() ?> </option> <option value="<?php echo esc_attr($taxonomie->get_db_identifier());?>"><?php echo esc_attr($taxonomie->get_name()) ?> </option>
<?php <?php
} }
?> ?>
@ -101,7 +101,7 @@ class Term_Importer extends Importer {
</div> </div>
<input class="input new_taxonomy" type="text" name="new_taxonomy" value="<?php echo $this->get_option('new_taxonomy'); ?>" placeholder="<?php _e('New taxonomy name', 'tainacan'); ?>" > <input class="input new_taxonomy" type="text" name="new_taxonomy" value="<?php echo esc_attr($this->get_option('new_taxonomy')); ?>" placeholder="<?php _e('New taxonomy name', 'tainacan'); ?>" >
</div> </div>
</div> </div>

View File

@ -130,7 +130,6 @@
'timeout' => 0.01, 'timeout' => 0.01,
'blocking' => false, 'blocking' => false,
'body' => $this->data, 'body' => $this->data,
'cookies' => $_COOKIE,
'sslverify' => apply_filters( 'https_local_ssl_verify', false ), 'sslverify' => apply_filters( 'https_local_ssl_verify', false ),
); );
} }

View File

@ -362,8 +362,6 @@ class Theme_Helper {
} }
public function item_submission_shortcode($args) { public function item_submission_shortcode($args) {
global $TAINACAN_BASE_URL;
$props = ' '; $props = ' ';
// Passes arguments to custom props // Passes arguments to custom props
@ -377,7 +375,36 @@ class Theme_Helper {
wp_enqueue_media(); wp_enqueue_media();
return "<div data-module='item-submission-form' id='tainacan-item-submission-form' $props ></div>"; $allowed_html = [
'div' => [
'id' => true,
'data-module' => true,
'collection-id' => true,
'hide-file-modal-button' => true,
'hide-text-modal-button' => true,
'hide-link-modal-button' => true,
'hide-thumbnail-section' => true,
'hide-attachments-section' => true,
'show-allow-comments-section' => true,
'hide-collapses' => true,
'hide-help-buttons' => true,
'hide-metadata-types' => true,
'help-info-bellow-label' => true,
'document-section-label' => true,
'thumbnail-section-label' => true,
'attachments-section-label' => true,
'metadata-section-label' => true,
'sent-form-heading' => true,
'sent-form-message' => true,
'item-link-button-label' => true,
'show-item-link-button' => true,
'show-terms-agreement-checkbox' => true,
'terms-agreement-message' => true,
'enabled-metadata' => true,
]
];
return wp_kses("<div data-module='item-submission-form' id='tainacan-item-submission-form' $props ></div>", $allowed_html);
} }
/** /**
@ -489,7 +516,40 @@ class Theme_Helper {
} }
} }
return "<div data-module='faceted-search' id='tainacan-items-page' $props ></div>"; $allowed_html = [
'div' => [
'id' => true,
'data-module' => true,
'collection-id' => true,
'term-id' => true,
'taxonomy' => true,
'default-view-mode' => true,
'is-forced-view-mode' => true,
'enabled-view-modes' => true,
'default-order' => true,
'default-orderby' => true,
'hide-filters' => true,
'hide-hide-filters-button' => true,
'hide-search' => true,
'hide-advanced-search' => true,
'hide-displayed-metadata-button' => true,
'hide-sorting-area' => true,
'hide-items-thumbnail' => true,
'hide-sort-by-button' => true,
'hide-exposers-button' => true,
'hide-items-per-page-button' => true,
'hide-go-to-page-button' => true,
'hide-pagination-area' => true,
'default-items-per-page' => true,
'show-filters-button-inside-search-control' => true,
'start-with-filters-hidden' => true,
'filters-as-modal' => true,
'show-inline-view-mode-options' => true,
'show-fullscreen-with-view-modes' => true
]
];
return wp_kses("<div data-module='faceted-search' id='tainacan-items-page' $props ></div>", $allowed_html);
} }
function get_items_list_slug() { function get_items_list_slug() {
@ -680,7 +740,7 @@ class Theme_Helper {
$logo = get_template_directory_uri() . '/assets/images/social-logo.png'; $logo = get_template_directory_uri() . '/assets/images/social-logo.png';
$excerpt = get_bloginfo( 'description' ); $excerpt = get_bloginfo( 'description' );
$url_src = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; $url_src = esc_url((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
global $wp; global $wp;
if ( is_post_type_archive() ) { if ( is_post_type_archive() ) {
@ -749,13 +809,13 @@ class Theme_Helper {
?> ?>
<meta property="og:type" content="article"/> <meta property="og:type" content="article"/>
<meta property="og:title" content="<?php echo $title; ?>"/> <meta property="og:title" content="<?php echo esc_attr($title); ?>"/>
<meta property="og:site_name" content="<?php echo get_bloginfo(); ?>"/> <meta property="og:site_name" content="<?php echo esc_attr(get_bloginfo()); ?>"/>
<meta property="og:description" content="<?php echo $excerpt; ?>"/> <meta property="og:description" content="<?php echo esc_html($excerpt); ?>"/>
<meta property="og:url" content="<?php echo $url_src; ?>"/> <meta property="og:url" content="<?php echo esc_url($url_src); ?>"/>
<meta property="og:image" content="<?php echo $image['url']; ?>"/> <meta property="og:image" content="<?php echo esc_url($image['url']); ?>"/>
<meta property="og:image:width" content="<?php echo $image['width']; ?>"/> <meta property="og:image:width" content="<?php echo esc_attr($image['width']); ?>"/>
<meta property="og:image:height" content="<?php echo $image['height']; ?>"/> <meta property="og:image:height" content="<?php echo esc_attr($image['height']); ?>"/>
<?php } else { return; } // End if(). <?php } else { return; } // End if().
@ -895,14 +955,22 @@ class Theme_Helper {
unset($args['class_name']); unset($args['class_name']);
// Builds parameters to the html div rendered by Vue // Builds parameters to the html div rendered by Vue
$allowed_html = [
'div' => [
'data-module' => true,
'id' => true
]
];
foreach ($args as $key => $value) { foreach ($args as $key => $value) {
if (is_bool($value)) if (is_bool($value))
$value = $value ? 'true' : 'false'; $value = $value ? 'true' : 'false';
// Changes from PHP '_' notation to HTML '-' notation // Changes from PHP '_' notation to HTML '-' notation
$props .= (str_replace('_', '-', $key) . "='" . $value . "' "); $key_attr = str_replace('_', '-', $key);
$props .= "$key_attr='$value' ";
$allowed_html['div'][$key_attr] = true;
} }
return "<div data-module='carousel-items-list' id='tainacan-items-carousel-shortcode_" . uniqid() . "' $props ></div>"; return wp_kses( "<div data-module='carousel-items-list' id='tainacan-items-carousel-shortcode_" . uniqid() . "' $props ></div>", $allowed_html);
} }
/** /**
@ -970,15 +1038,24 @@ class Theme_Helper {
$args['class'] = $args['class_name'] . ' wp-block-tainacan-dynamic-items-list'; $args['class'] = $args['class_name'] . ' wp-block-tainacan-dynamic-items-list';
unset($args['class_name']); unset($args['class_name']);
// Builds parameters to the html div rendered by Vue
$allowed_html = [
'div' => [
'data-module' => true,
"id" => true
]
];
// Builds parameters to the html div rendered by Vue // Builds parameters to the html div rendered by Vue
foreach ($args as $key => $value) { foreach ($args as $key => $value) {
if (is_bool($value)) if (is_bool($value))
$value = $value ? 'true' : 'false'; $value = $value ? 'true' : 'false';
// Changes from PHP '_' notation to HTML '-' notation // Changes from PHP '_' notation to HTML '-' notation
$props .= (str_replace('_', '-', $key) . "='" . $value . "' "); $key_attr = str_replace('_', '-', $key);
$props .= "$key_attr='$value' ";
$allowed_html['div'][$key_attr] = true;
} }
return "<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>"; return wp_kses("<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>", $allowed_html);
} }
/** /**
@ -1000,9 +1077,6 @@ class Theme_Helper {
* @return string The HTML div to be used for rendering the related items vue component * @return string The HTML div to be used for rendering the related items vue component
*/ */
public function get_tainacan_related_items_list($args = []) { public function get_tainacan_related_items_list($args = []) {
global $TAINACAN_BASE_URL;
global $TAINACAN_VERSION;
$defaults = array( $defaults = array(
'class_name' => '', 'class_name' => '',
'collection_heading_class_name' => '', 'collection_heading_class_name' => '',
@ -1025,22 +1099,21 @@ class Theme_Helper {
return; return;
// Always pass the default class. We force passing the wp-block-tainacan-carousel-related-items because themes might have used it to style before the other layouts exist; // Always pass the default class. We force passing the wp-block-tainacan-carousel-related-items because themes might have used it to style before the other layouts exist;
$output = '<div data-module="related-items-list" class="' . $args['class_name'] . ' wp-block-tainacan-carousel-related-items wp-block-tainacan-related-items' . '">'; $output = '<div data-module="related-items-list" class="' . esc_attr($args['class_name']) . ' wp-block-tainacan-carousel-related-items wp-block-tainacan-related-items' . '">';
foreach($related_items as $collection_id => $related_group) { foreach($related_items as $collection_id => $related_group) {
if ( isset($related_group['items']) && isset($related_group['total_items']) && $related_group['total_items'] ) { if ( isset($related_group['items']) && isset($related_group['total_items']) && $related_group['total_items'] ) {
// Adds a heading with the collection name // Adds a heading with the collection name
$collection_heading = ''; $collection_heading = '';
if ( isset($related_group['collection_name']) ) { if ( isset($related_group['collection_name']) ) {
$collection_heading = '<' . $args['collection_heading_tag'] . ' class="' . $args['collection_heading_class_name'] . '">' . $related_group['collection_name'] . '</' . $args['collection_heading_tag'] . '>'; $collection_heading = wp_kses_post('<' . $args['collection_heading_tag'] . ' class="' . $args['collection_heading_class_name'] . '">' . $related_group['collection_name'] . '</' . $args['collection_heading_tag'] . '>');
} }
// Adds a paragraph with the metadata name // Adds a paragraph with the metadata name
$metadata_label = ''; $metadata_label = '';
if ( isset($related_group['metadata_name']) ) { if ( isset($related_group['metadata_name']) ) {
$metadata_label = '<' . $args['metadata_label_tag'] . ' class="' . $args['metadata_label_class_name'] . '">' . $related_group['metadata_name'] . '</' . $args['metadata_label_tag'] . '>'; $metadata_label = wp_kses_post('<' . $args['metadata_label_tag'] . ' class="' . $args['metadata_label_class_name'] . '">' . $related_group['metadata_name'] . '</' . $args['metadata_label_tag'] . '>');
} }
// Sets the carousel, from the items carousel template tag. // Sets the carousel, from the items carousel template tag.
@ -1069,6 +1142,10 @@ class Theme_Helper {
$output .= '<div class="wp-block-group"> $output .= '<div class="wp-block-group">
<div class="wp-block-group__inner-container">' . <div class="wp-block-group__inner-container">' .
/**
* Note to code reviewers: This lines doesn't need to be escaped.
* Functions get_tainacan_items_carousel() and get_tainacan_dynamic_items_list used here escape the return value.
*/
$collection_heading . $collection_heading .
$metadata_label . $metadata_label .
$items_list_div . $items_list_div .
@ -1076,7 +1153,7 @@ class Theme_Helper {
$related_group['total_items'] > 1 ? $related_group['total_items'] > 1 ?
'<div class="wp-block-buttons"> '<div class="wp-block-buttons">
<div class="wp-block-button"> <div class="wp-block-button">
<a class="wp-block-button__link" href="/' . $related_group['collection_slug'] . '?metaquery[0][key]=' . $related_group['metadata_id'] . '&metaquery[0][value][0]=' . $item->get_ID() . '&metaquery[0][compare]=IN"> <a class="wp-block-button__link" href="/' . esc_url($related_group['collection_slug']) . '?metaquery[0][key]=' . esc_attr($related_group['metadata_id']) . '&metaquery[0][value][0]=' . esc_attr($item->get_ID()) . '&metaquery[0][compare]=IN">
' . sprintf( __('View all %s related items', 'tainacan'), $related_group['total_items'] ) . ' ' . sprintf( __('View all %s related items', 'tainacan'), $related_group['total_items'] ) . '
</a> </a>
</div> </div>

View File

@ -3,6 +3,7 @@
use \Tainacan\Entities; use \Tainacan\Entities;
use \Tainacan\Repositories; use \Tainacan\Repositories;
/** /**
* To be used inside The Loop * To be used inside The Loop
* *
@ -126,7 +127,7 @@ function tainacan_the_item_document_download_link($item_id = 0) {
if (!$link || $item->get_document_type() == 'text' || $item->get_document_type() == 'url') if (!$link || $item->get_document_type() == 'text' || $item->get_document_type() == 'url')
return; return;
return '<a name="' . __('Download the item document', 'tainacan') . '" download="'. $link . '" href="' . $link . '">' . __('Download', 'tainacan') . '</a>'; return '<a name="' . __('Download the item document', 'tainacan') . '" download="'. esc_url($link) . '" href="' . esc_url($link) . '">' . __('Download', 'tainacan') . '</a>';
} }
@ -137,7 +138,7 @@ function tainacan_the_item_attachment_download_link($attachment_id) {
$link = wp_get_attachment_url($attachment_id); $link = wp_get_attachment_url($attachment_id);
return '<a name="' . __('Download the item attachment', 'tainacan') . '" download="'. $link . '" href="' . $link . '">' . __('Download', 'tainacan') . '</a>'; return '<a name="' . __('Download the item attachment', 'tainacan') . '" download="'. esc_url($link) . '" href="' . esc_url($link) . '">' . __('Download', 'tainacan') . '</a>';
} }
function tainacan_the_document() { function tainacan_the_document() {
@ -212,7 +213,7 @@ function tainacan_get_the_collection_name() {
if ( $collection ) { if ( $collection ) {
$name = $collection->get_name(); $name = $collection->get_name();
} }
return apply_filters('tainacan-get-collection-name', $name, $collection); return apply_filters('tainacan-get-collection-name', esc_html($name), $collection);
} }
/** /**
@ -234,7 +235,7 @@ function tainacan_get_adjacent_items() {
* @return void * @return void
*/ */
function tainacan_the_collection_name() { function tainacan_the_collection_name() {
echo tainacan_get_the_collection_name(); echo esc_html(tainacan_get_the_collection_name());
} }
/** /**
@ -248,7 +249,7 @@ function tainacan_get_the_collection_description() {
if ( $collection ) { if ( $collection ) {
$description = $collection->get_description(); $description = $collection->get_description();
} }
return apply_filters('tainacan-get-collection-description', $description, $collection); return apply_filters('tainacan-get-collection-description', esc_html($description), $collection);
} }
/** /**
@ -257,7 +258,7 @@ function tainacan_get_the_collection_description() {
* @return void * @return void
*/ */
function tainacan_the_collection_description() { function tainacan_the_collection_description() {
echo tainacan_get_the_collection_description(); echo esc_html(tainacan_get_the_collection_description());
} }
/** /**
@ -344,9 +345,34 @@ function tainacan_get_the_media_component(
$args['media_main_id'] = $media_id . '-main'; $args['media_main_id'] = $media_id . '-main';
$args['media_thumbs_id'] = $media_id . '-thumbs'; $args['media_thumbs_id'] = $media_id . '-thumbs';
$args['media_id'] = $media_id; $args['media_id'] = $media_id;
ob_start();
if (!function_exists('tainacan_get_default_allowed_styles')) {
function tainacan_get_default_allowed_styles ( $styles ) {
$styles[] = 'display';
$styles[] = 'position';
$styles[] = 'visibility';
return $styles;
}
}
$allowed_html = array(
'svg' => array(
'xmlns' => true,
'fill' => true,
'viewbox' => true,
'role' => true,
'aria-hidden' => true,
'focusable' => true,
'width' => true,
'height' => true,
),
'path' => array(
'd' => true,
'fill' => true,
)
);
add_filter( 'safe_style_css', 'tainacan_get_default_allowed_styles');
ob_start();
if ( $args['has_media_main'] || $args['has_media_thumbs'] ) : if ( $args['has_media_main'] || $args['has_media_thumbs'] ) :
wp_enqueue_style( 'tainacan-media-component', $TAINACAN_BASE_URL . '/assets/css/tainacan-gutenberg-block-item-gallery.css', array(), TAINACAN_VERSION); wp_enqueue_style( 'tainacan-media-component', $TAINACAN_BASE_URL . '/assets/css/tainacan-gutenberg-block-item-gallery.css', array(), TAINACAN_VERSION);
@ -359,39 +385,41 @@ function tainacan_get_the_media_component(
tainacan_plugin = {}; tainacan_plugin = {};
} }
tainacan_plugin.tainacan_media_components = (typeof tainacan_plugin.tainacan_media_components != "undefined") ? tainacan_plugin.tainacan_media_components : {}; tainacan_plugin.tainacan_media_components = (typeof tainacan_plugin.tainacan_media_components != "undefined") ? tainacan_plugin.tainacan_media_components : {};
tainacan_plugin.tainacan_media_components['<?php echo $args['media_id'] ?>'] = <?php echo json_encode($args) ?>; tainacan_plugin.tainacan_media_components['<?php echo esc_attr($args['media_id']) ?>'] = <?php echo json_encode($args) ?>;
</script> </script>
<div id="<?php echo $media_id ?>" <?php echo $args['wrapper_attributes']; ?> data-module='item-gallery'> <div id="<?php echo esc_attr($media_id) ?>" <?php echo esc_attr($args['wrapper_attributes']); ?> data-module='item-gallery'>
<?php if ( $args['has_media_main'] ) : ?> <?php if ( $args['has_media_main'] ) : ?>
<!-- Slider main container --> <!-- Slider main container -->
<?php echo $args['before_main_div'] ?> <?php echo wp_kses_post($args['before_main_div']) ?>
<div id="<?php echo $args['media_main_id'] ?>" class="tainacan-media-component__swiper-main swiper <?php echo $args['class_main_div'] ?>"> <div id="<?php echo esc_attr($args['media_main_id']) ?>" class="tainacan-media-component__swiper-main swiper <?php echo esc_attr($args['class_main_div']) ?>">
<!-- Additional required wrapper --> <!-- Additional required wrapper -->
<?php echo $args['before_main_ul'] ?> <?php echo wp_kses_post($args['before_main_ul']) ?>
<ul class="swiper-wrapper <?php echo $args['class_main_ul'] ?>"> <ul class="swiper-wrapper <?php echo esc_attr($args['class_main_ul']) ?>">
<?php foreach($media_items_main as $media_item) { ?> <?php foreach($media_items_main as $media_item) { ?>
<li class="swiper-slide <?php echo $args['class_main_li'] ?>"> <li class="swiper-slide <?php echo esc_attr($args['class_main_li']) ?>">
<?php echo $media_item ?> <?php
echo wp_kses_tainacan($media_item);
?>
</li> </li>
<?php }; ?> <?php }; ?>
</ul> </ul>
<?php echo $args['before_main_ul'] ?> <?php echo wp_kses_post($args['before_main_ul']) ?>
<?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['pagination']) ) : ?> <?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['pagination']) ) : ?>
<!-- If we need pagination --> <!-- If we need pagination -->
<div class="swiper-pagination swiper-pagination_<?php echo $args['media_main_id'] ?>"></div> <div class="swiper-pagination swiper-pagination_<?php echo esc_attr($args['media_main_id']) ?>"></div>
<?php endif; ?> <?php endif; ?>
<?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['navigation']) ) : ?> <?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['navigation']) ) : ?>
<!-- If we need navigation buttons --> <!-- If we need navigation buttons -->
<div class="swiper-button-prev swiper-navigation-prev_<?php echo $args['media_main_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>"> <div class="swiper-button-prev swiper-navigation-prev_<?php echo esc_attr($args['media_main_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
<?php if ( $args['swiper_arrows_as_svg'] ): ?> <?php if ( $args['swiper_arrows_as_svg'] ): ?>
<?php if ( $args['swiper_arrow_prev_custom_svg'] ): ?> <?php if ( $args['swiper_arrow_prev_custom_svg'] ): ?>
<?php echo $args['swiper_arrow_prev_custom_svg']; ?> <?php echo wp_kses($args['swiper_arrow_prev_custom_svg'], $allowed_html); ?>
<?php else: ?> <?php else: ?>
<svg width="var(--swiper-navigation-size)" height="var(--swiper-navigation-size)" viewBox="0 0 24 24"> <svg width="var(--swiper-navigation-size)" height="var(--swiper-navigation-size)" viewBox="0 0 24 24">
<path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"/> <path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"/>
@ -400,10 +428,10 @@ function tainacan_get_the_media_component(
<?php endif; ?> <?php endif; ?>
<?php endif; ?> <?php endif; ?>
</div> </div>
<div class="swiper-button-next swiper-navigation-next_<?php echo $args['media_main_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>"> <div class="swiper-button-next swiper-navigation-next_<?php echo esc_attr($args['media_main_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
<?php if ( $args['swiper_arrows_as_svg'] ): ?> <?php if ( $args['swiper_arrows_as_svg'] ): ?>
<?php if ( $args['swiper_arrow_next_custom_svg'] ): ?> <?php if ( $args['swiper_arrow_next_custom_svg'] ): ?>
<?php echo $args['swiper_arrow_next_custom_svg']; ?> <?php echo wp_kses($args['swiper_arrow_next_custom_svg'], $allowed_html); ?>
<?php else: ?> <?php else: ?>
<svg width="42" height="42" viewBox="0 0 24 24"> <svg width="42" height="42" viewBox="0 0 24 24">
<path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/> <path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/>
@ -412,39 +440,42 @@ function tainacan_get_the_media_component(
<?php endif; ?> <?php endif; ?>
<?php endif; ?> <?php endif; ?>
</div> </div>
<?php endif; ?> <?php endif; ?>
</div> </div>
<?php echo $args['after_main_div'] ?> <?php echo wp_kses_post($args['after_main_div']) ?>
<?php endif; ?> <?php endif; ?>
<?php if ( $args['has_media_thumbs'] ) : ?> <?php if ( $args['has_media_thumbs'] ) : ?>
<!-- Slider thumbs container --> <!-- Slider thumbs container -->
<?php echo $args['before_thumbs_div'] ?> <?php echo wp_kses_post($args['before_thumbs_div']) ?>
<div id="<?php echo $args['media_thumbs_id'] ?>" class="tainacan-media-component__swiper-thumbs swiper <?php echo $args['class_thumbs_div'] ?>"> <div id="<?php echo esc_attr($args['media_thumbs_id']) ?>" class="tainacan-media-component__swiper-thumbs swiper <?php echo esc_attr($args['class_thumbs_div']) ?>">
<!-- Additional required wrapper --> <!-- Additional required wrapper -->
<?php echo $args['before_thumbs_ul'] ?> <?php echo wp_kses_post($args['before_thumbs_ul']) ?>
<ul class="swiper-wrapper <?php echo $args['class_thumbs_ul'] ?>"> <ul class="swiper-wrapper <?php echo esc_attr($args['class_thumbs_ul']) ?>">
<?php foreach($media_items_thumbs as $media_item) { ?> <?php foreach($media_items_thumbs as $media_item) { ?>
<li class="swiper-slide <?php echo $args['class_thumbs_li'] ?>"> <li class="swiper-slide <?php echo esc_attr($args['class_thumbs_li']) ?>">
<?php echo $media_item ?> <?php echo wp_kses_tainacan($media_item); ?>
</li> </li>
<?php }; ?> <?php }; ?>
</ul> </ul>
<?php echo $args['before_thumbs_ul'] ?> <?php echo wp_kses_post($args['before_thumbs_ul']) ?>
<?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['pagination']) ) : ?> <?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['pagination']) ) : ?>
<!-- If we need pagination --> <!-- If we need pagination -->
<div class="swiper-paginations swiper-pagination_<?php echo $args['media_thumbs_id'] ?>"></div> <div class="swiper-paginations swiper-pagination_<?php echo esc_attr($args['media_thumbs_id']) ?>"></div>
<?php endif; ?> <?php endif; ?>
<?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['navigation']) ) : ?> <?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['navigation']) ) : ?>
<!-- If we need navigation buttons --> <!-- If we need navigation buttons -->
<div class="swiper-button-prev swiper-navigation-prev_<?php echo $args['media_thumbs_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
<div class="swiper-button-prev swiper-navigation-prev_<?php echo esc_attr($args['media_thumbs_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
<?php if ( $args['swiper_arrows_as_svg'] ): ?> <?php if ( $args['swiper_arrows_as_svg'] ): ?>
<?php if ( $args['swiper_arrow_prev_custom_svg'] ): ?> <?php if ( $args['swiper_arrow_prev_custom_svg'] ): ?>
<?php echo $args['swiper_arrow_prev_custom_svg']; ?> <?php echo wp_kses($args['swiper_arrow_prev_custom_svg'], $allowed_html); ?>
<?php else: ?> <?php else: ?>
<svg width="var(--swiper-navigation-size)" height="var(--swiper-navigation-size)" viewBox="0 0 24 24"> <svg width="var(--swiper-navigation-size)" height="var(--swiper-navigation-size)" viewBox="0 0 24 24">
<path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"/> <path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"/>
@ -453,10 +484,10 @@ function tainacan_get_the_media_component(
<?php endif; ?> <?php endif; ?>
<?php endif; ?> <?php endif; ?>
</div> </div>
<div class="swiper-button-next swiper-navigation-next_<?php echo $args['media_thumbs_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>"> <div class="swiper-button-next swiper-navigation-next_<?php echo esc_attr($args['media_thumbs_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
<?php if ( $args['swiper_arrows_as_svg'] ): ?> <?php if ( $args['swiper_arrows_as_svg'] ): ?>
<?php if ( $args['swiper_arrow_next_custom_svg'] ): ?> <?php if ( $args['swiper_arrow_next_custom_svg'] ): ?>
<?php echo $args['swiper_arrow_next_custom_svg']; ?> <?php echo wp_kses($args['swiper_arrow_next_custom_svg'], $allowed_html); ?>
<?php else: ?> <?php else: ?>
<svg width="42" height="42" viewBox="0 0 24 24"> <svg width="42" height="42" viewBox="0 0 24 24">
<path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/> <path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/>
@ -471,15 +502,13 @@ function tainacan_get_the_media_component(
<div class="swiper-start-border"></div> <div class="swiper-start-border"></div>
<div class="swiper-end-border"></div> <div class="swiper-end-border"></div>
</div> </div>
<?php echo $args['after_thumbs_div'] ?> <?php echo wp_kses_post($args['after_thumbs_div']) ?>
<?php endif; ?> <?php endif; ?>
</div> </div>
<?php endif; ?> <!-- End of if ($args['has_media_main'] || $args['has_media_thumbs'] ) -->
<?php <?php
endif; // <!-- End of if ($args['has_media_main'] || $args['has_media_thumbs'] ) -->
remove_filter( 'safe_style_css', 'tainacan_get_default_allowed_styles');
$content = ob_get_contents(); $content = ob_get_contents();
ob_end_clean(); ob_end_clean();
@ -528,49 +557,51 @@ function tainacan_get_the_media_component_slide( $args = array() ) {
ob_start(); ob_start();
?> ?>
<?php echo $args['before_slide_content'] ?> <?php echo wp_kses_post($args['before_slide_content']) ?>
<div class="swiper-slide-content <?php echo $args['class_slide_content'] ?>"> <div class="swiper-slide-content <?php echo esc_attr($args['class_slide_content']) ?>">
<?php if ( isset($args['media_content']) && !empty($args['media_content']) && $args['media_content'] !== false ) :?> <?php if ( isset($args['media_content']) && !empty($args['media_content']) && $args['media_content'] !== false ) :?>
<?php echo $args['media_content'] ?> <?php echo wp_kses_tainacan($args['media_content']) ?>
<?php else: ?> <?php else: ?>
<img src="<?php echo tainacan_get_the_mime_type_icon($args['media_type']) ?>" alt="<?php echo ( !empty($args['media_title']) ? $args['media_title'] : __('File', 'tainacan') ) ?>" > <img src="<?php echo esc_url(tainacan_get_the_mime_type_icon($args['media_type'])) ?>" alt="<?php echo ( !empty($args['media_title']) ? esc_attr($args['media_title']) : __('File', 'tainacan') ) ?>" >
<?php endif; ?> <?php endif; ?>
<?php echo $args['before_slide_metadata'] ?> <?php echo wp_kses_post($args['before_slide_metadata']); ?>
<?php if ( !empty($args['media_title']) || !empty($args['description']) || !empty($args['media_caption']) ) : ?> <?php if ( !empty($args['media_title']) || !empty($args['description']) || !empty($args['media_caption']) ) : ?>
<div class="swiper-slide-metadata <?php echo $args['class_slide_metadata'] ?>"> <div class="swiper-slide-metadata <?php echo wp_kses_post($args['class_slide_metadata']); ?>">
<?php if ( !empty($args['media_caption']) ) :?> <?php if ( !empty($args['media_caption']) ) :?>
<span class="swiper-slide-metadata__caption"> <span class="swiper-slide-metadata__caption">
<?php echo $args['media_caption'] ?> <?php echo wp_kses_post($args['media_caption']); ?>
<br> <br>
</span> </span>
<?php endif; ?> <?php endif; ?>
<?php if ( !empty($args['media_title']) ) :?> <?php if ( !empty($args['media_title']) ) :?>
<span class="swiper-slide-metadata__name"> <span class="swiper-slide-metadata__name">
<?php echo $args['media_title'] ?> <?php echo wp_kses_post($args['media_title']); ?>
</span> </span>
<?php endif; ?> <?php endif; ?>
<br> <br>
<?php if ( !empty($args['media_description']) ) :?> <?php if ( !empty($args['media_description']) ) :?>
<span class="swiper-slide-metadata__description"> <span class="swiper-slide-metadata__description">
<?php echo $args['media_description'] ?> <?php echo wp_kses_post($args['media_description']); ?>
</span> </span>
<?php endif; ?> <?php endif; ?>
</div> </div>
<?php endif; ?> <?php endif; ?>
<?php if ( !empty($args['media_content_full']) ) : ?> <?php if ( !empty($args['media_content_full']) ) : ?>
<div class="media-full-content" style="display: none; position: absolute; visibility: hidden;"><?php echo $args['media_content_full'] ?></div> <div class="media-full-content" style="display: none; position: absolute; visibility: hidden;">
<?php echo wp_kses_tainacan($args['media_content_full']) ?>
</div>
<?php endif; ?> <?php endif; ?>
<?php echo $args['after_slide_metadata'] ?> <?php echo wp_kses_post($args['after_slide_metadata']) ?>
</div> </div>
<?php echo $args['after_slide_content'] ?> <?php echo wp_kses_post($args['after_slide_content']) ?>
<?php <?php
@ -592,7 +623,7 @@ function tainacan_get_the_collection_url() {
if ( $collection ) { if ( $collection ) {
$url = $collection->get_url(); $url = $collection->get_url();
} }
return apply_filters('tainacan-get-collection-url', $url, $collection); return apply_filters('tainacan-get-collection-url', esc_url($url), $collection);
} }
@ -602,7 +633,7 @@ function tainacan_get_the_collection_url() {
* @return void * @return void
*/ */
function tainacan_the_collection_url() { function tainacan_the_collection_url() {
echo tainacan_get_the_collection_url(); echo esc_url(tainacan_get_the_collection_url());
} }
@ -726,7 +757,7 @@ function tainacan_get_the_term_name() {
if ( $term ) { if ( $term ) {
$name = $term->name; $name = $term->name;
} }
return apply_filters('tainacan-get-term-name', $name, $term); return apply_filters('tainacan-get-term-name', esc_html($name), $term);
} }
/** /**
@ -735,7 +766,7 @@ function tainacan_get_the_term_name() {
* @return void * @return void
*/ */
function tainacan_the_term_name() { function tainacan_the_term_name() {
echo tainacan_get_the_term_name(); echo esc_html(tainacan_get_the_term_name());
} }
/** /**
@ -749,7 +780,7 @@ function tainacan_get_the_term_description() {
if ( $term ) { if ( $term ) {
$description = $term->description; $description = $term->description;
} }
return apply_filters('tainacan-get-term-description', $description, $term); return apply_filters('tainacan-get-term-description', esc_html($description), $term);
} }
/** /**
@ -758,7 +789,7 @@ function tainacan_get_the_term_description() {
* @return void * @return void
*/ */
function tainacan_the_term_description() { function tainacan_the_term_description() {
echo tainacan_get_the_term_description(); echo esc_html(tainacan_get_the_term_description());
} }
/** /**
@ -861,9 +892,9 @@ function tainacan_the_item_edit_link( $text = null, $before = '', $after = '', $
$text = __( 'Edit this item', 'tainacan' ); $text = __( 'Edit this item', 'tainacan' );
} }
$link = '<a class="' . esc_attr( $class ) . '" href="' . esc_url( $url ) . '">' . $text . '</a>'; $link = '<a class="' . esc_attr($class) . '" href="' . esc_url( $url ) . '">' . $text . '</a>';
echo $before . $link . $after; echo wp_kses_post($before . $link . $after);
} }
/** /**

View File

@ -2,9 +2,9 @@
Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, r-guimaraes, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, r-guimaraes, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi
Tags: museums, libraries, archives, GLAM, collections, repository Tags: museums, libraries, archives, GLAM, collections, repository
Requires at least: 5.0 Requires at least: 5.0
Tested up to: 5.9 Tested up to: 6.0
Requires PHP: 5.6 Requires PHP: 5.6
Stable tag: 0.18.8 Stable tag: 0.18.10
License: GPLv2 or later License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-3.0.html License URI: http://www.gnu.org/licenses/gpl-3.0.html

View File

@ -4,17 +4,17 @@ Plugin Name: Tainacan
Plugin URI: https://tainacan.org/ Plugin URI: https://tainacan.org/
Description: Open source, powerful and flexible repository platform for WordPress. Manage and publish you digital collections as easily as publishing a post to your blog, while having all the tools of a professional repository platform. Description: Open source, powerful and flexible repository platform for WordPress. Manage and publish you digital collections as easily as publishing a post to your blog, while having all the tools of a professional repository platform.
Author: Tainacan.org Author: Tainacan.org
Version: 0.18.8 Version: 0.18.10
Requires at least: 5.0 Requires at least: 5.0
Tested up to: 5.9 Tested up to: 6.0
Requires PHP: 5.6 Requires PHP: 5.6
Stable tag: 0.18.8 Stable tag: 0.18.10
Text Domain: tainacan Text Domain: tainacan
License: GPLv2 or later License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-3.0.html License URI: http://www.gnu.org/licenses/gpl-3.0.html
*/ */
const TAINACAN_VERSION = '0.18.8'; const TAINACAN_VERSION = '0.18.10';
defined( 'ABSPATH' ) or die( 'No script kiddies please!' ); defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
$TAINACAN_BASE_URL = plugins_url('', __FILE__); $TAINACAN_BASE_URL = plugins_url('', __FILE__);
@ -122,4 +122,28 @@ function tainacan_add_admin_bar_items ( WP_Admin_Bar $admin_bar ) {
} }
} }
} }
add_action( 'admin_bar_menu', 'tainacan_add_admin_bar_items', 500 ); add_action( 'admin_bar_menu', 'tainacan_add_admin_bar_items', 500 );
function wp_kses_tainacan($content, $context='tainacan_content') {
$allowed_html = wp_kses_allowed_html($context);
return wp_kses($content, $allowed_html);
}
add_filter('wp_kses_allowed_html', function($allowedposttags, $context) {
switch ( $context ) {
case 'tainacan_content':
$post_allowed_html = wp_kses_allowed_html('post');
return array_merge(
$post_allowed_html,
['iframe' => array(
'src' => true,
'height' => true,
'width' => true,
'frameborder' => true,
'allowfullscreen' => true,
)]
);
default:
return $allowedposttags;
}
}, 10, 2);

View File

@ -235,10 +235,10 @@ class Compound extends Metadata_Type {
?> ?>
<div class="tainacan-metadatum"> <div class="tainacan-metadatum">
<h4 class="label"> <h4 class="label">
<?php echo $meta->get_metadatum()->get_name(); ?> <?php echo esc_html($meta->get_metadatum()->get_name()); ?>
</h4> </h4>
<p> <p>
<?php echo $meta->get_value_as_html(); ?> <?php echo wp_kses_post($meta->get_value_as_html()); ?>
</p> </p>
</div> </div>
<?php <?php

View File

@ -320,7 +320,13 @@ class Relationship extends Metadata_Type {
<div class="tainacan-relationship-metadatum-header"> <div class="tainacan-relationship-metadatum-header">
<?php echo ($should_display_thumbnail ? $this->get_item_thumbnail($thumbnail_id, $item) : ''); ?> <?php echo ($should_display_thumbnail ? $this->get_item_thumbnail($thumbnail_id, $item) : ''); ?>
<h4 class="label"> <h4 class="label">
<?php echo $value_link; ?> <?php
/**
* Note to code reviewers: This lines doesn't need to be escaped.
* The variable $value_link is escaped.
*/
echo $value_link;
?>
</h4> </h4>
</div> </div>
<?php <?php
@ -328,10 +334,10 @@ class Relationship extends Metadata_Type {
?> ?>
<div class="tainacan-metadatum"> <div class="tainacan-metadatum">
<h5 class="label"> <h5 class="label">
<?php echo $meta->get_metadatum()->get_name(); ?> <?php echo esc_html($meta->get_metadatum()->get_name()); ?>
</h5> </h5>
<p> <p>
<?php echo ($value_link === false ? $meta->get_value_as_html() : $value_link); ?> <?php echo wp_kses_post(($value_link === false ? $meta->get_value_as_html() : $value_link)); ?>
</p> </p>
</div> </div>
<?php <?php

View File

@ -403,9 +403,9 @@ class Admin {
function ajax_sample_permalink(){ function ajax_sample_permalink(){
$id = $_POST['post_id']; $id = sanitize_text_field($_POST['post_id']);
$title = $_POST['new_title']; $title = sanitize_text_field($_POST['new_title']);
$name = $_POST['new_slug']; $name = sanitize_text_field($_POST['new_slug']);
$post = get_post( $id ); $post = get_post( $id );
if ( ! $post ) if ( ! $post )