commit
c8f42c43b6
|
@ -1382,7 +1382,12 @@ class REST_Items_Controller extends REST_Controller {
|
|||
], 400);
|
||||
}
|
||||
$secret_key = get_option("tnc_option_recaptch_secret_key");
|
||||
$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR']));
|
||||
$api_url = "https://www.google.com/recaptcha/api/siteverify?secret=$secret_key&response=".$captcha_data."&remoteip=".$_SERVER['REMOTE_ADDR'];
|
||||
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$response = json_decode($body);
|
||||
|
||||
if ($response->success) {
|
||||
return true;
|
||||
} else {
|
||||
|
|
|
@ -103,53 +103,10 @@ class Media {
|
|||
* @return string the file path
|
||||
*/
|
||||
public function save_remote_file($url) {
|
||||
set_time_limit(0);
|
||||
|
||||
$filename = tempnam(sys_get_temp_dir(), basename($url));
|
||||
|
||||
# Open the file for writing...
|
||||
self::$file_handle = fopen($filename, 'w+');
|
||||
self::$file_name = $filename;
|
||||
|
||||
$callback = function ($ch, $str) {
|
||||
$len = fwrite(self::$file_handle, $str);
|
||||
return $len;
|
||||
};
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $url);
|
||||
curl_setopt($ch, CURLOPT_FILE, self::$file_handle);
|
||||
curl_setopt($ch, CURLOPT_HEADER, 0);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); # optional
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, -1); # optional: -1 = unlimited, 3600 = 1 hour
|
||||
curl_setopt($ch, CURLOPT_VERBOSE, false); # Set to true to see all the innards
|
||||
|
||||
# Only if you need to bypass SSL certificate validation
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
|
||||
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
||||
|
||||
# Assign a callback function to the CURL Write-Function
|
||||
curl_setopt($ch, CURLOPT_WRITEFUNCTION, $callback);
|
||||
|
||||
# Execute the download - note we DO NOT put the result into a variable!
|
||||
curl_exec($ch);
|
||||
if (curl_errno($ch)) {
|
||||
$error_msg = curl_error($ch);
|
||||
# Close CURL
|
||||
curl_close($ch);
|
||||
# Close the file pointer
|
||||
fclose(self::$file_handle);
|
||||
throw new \Exception( "[save_remote_file]:" . $error_msg);
|
||||
$filename = download_url($url, 900);
|
||||
if( is_wp_error($filename) ) {
|
||||
throw new \Exception( "[save_remote_file]:" . implode("\n", $filename->get_error_messages()));
|
||||
}
|
||||
|
||||
# Close CURL
|
||||
curl_close($ch);
|
||||
|
||||
# Close the file pointer
|
||||
fclose(self::$file_handle);
|
||||
|
||||
return $filename;
|
||||
}
|
||||
|
||||
|
|
|
@ -117,12 +117,12 @@ class Private_Files {
|
|||
|
||||
// regular ajax uploads via Admin Panel will send post_id
|
||||
if ( isset($_REQUEST['post_id']) && $_REQUEST['post_id'] ) {
|
||||
$post_id = $_REQUEST['post_id'];
|
||||
$post_id = sanitize_text_field($_REQUEST['post_id']);
|
||||
}
|
||||
|
||||
// API requests to media endpoint will send post
|
||||
if ( false === $post_id && isset($_REQUEST['post']) && is_numeric($_REQUEST['post']) ) {
|
||||
$post_id = $_REQUEST['post'];
|
||||
$post_id = sanitize_text_field($_REQUEST['post']);
|
||||
}
|
||||
|
||||
// tainacan internals, scripts and tests, will set this global
|
||||
|
@ -191,7 +191,7 @@ class Private_Files {
|
|||
$upload_dir = wp_get_upload_dir();
|
||||
$base_upload_url = preg_replace('/^https?:\/\//', '', $upload_dir['baseurl']);
|
||||
|
||||
$requested_uri = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
||||
$requested_uri = sanitize_text_field($_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']);
|
||||
|
||||
if ( strpos($requested_uri, $base_upload_url) === false ) {
|
||||
// Not uploads
|
||||
|
|
|
@ -564,7 +564,6 @@ class Item extends Entity {
|
|||
*/
|
||||
public function get_metadata_as_html($args = array()) {
|
||||
|
||||
$Tainacan_Item_Metadata = \Tainacan\Repositories\Item_Metadata::get_instance();
|
||||
$Tainacan_Metadata = \Tainacan\Repositories\Metadata::get_instance();
|
||||
|
||||
$return = '';
|
||||
|
@ -633,7 +632,7 @@ class Item extends Entity {
|
|||
|
||||
}
|
||||
|
||||
return $return;
|
||||
return wp_kses_tainacan($return);
|
||||
|
||||
}
|
||||
|
||||
|
@ -702,7 +701,7 @@ class Item extends Entity {
|
|||
}
|
||||
}
|
||||
|
||||
return $return;
|
||||
return wp_kses_tainacan($return);
|
||||
|
||||
}
|
||||
|
||||
|
@ -772,8 +771,7 @@ class Item extends Entity {
|
|||
|
||||
}
|
||||
|
||||
return apply_filters("tainacan-item-get-document-as-html", $output, $img_size, $this);
|
||||
|
||||
return apply_filters("tainacan-item-get-document-as-html", wp_kses_tainacan($output), $img_size, $this);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -806,8 +804,7 @@ class Item extends Entity {
|
|||
$output .= $embed;
|
||||
}
|
||||
}
|
||||
|
||||
return $output;
|
||||
return wp_kses_tainacan($output);
|
||||
|
||||
}
|
||||
|
||||
|
@ -841,7 +838,7 @@ class Item extends Entity {
|
|||
}
|
||||
}
|
||||
|
||||
return $link;
|
||||
return esc_url($link);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -312,7 +312,7 @@ class CSV extends Exporter {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="delimiter" maxlength="1" value="<?php echo $this->get_option('delimiter'); ?>">
|
||||
<input class="input" type="text" name="delimiter" maxlength="1" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
@ -334,7 +334,7 @@ class CSV extends Exporter {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="multivalued_delimiter" value="<?php echo $this->get_option('multivalued_delimiter'); ?>">
|
||||
<input class="input" type="text" name="multivalued_delimiter" value="<?php echo esc_attr($this->get_option('multivalued_delimiter')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ class Term_Exporter extends Exporter {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="delimiter" value="<?php echo $this->get_option('delimiter'); ?>">
|
||||
<input class="input" type="text" name="delimiter" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
@ -127,7 +127,7 @@ class Term_Exporter extends Exporter {
|
|||
$taxonomies = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' );
|
||||
foreach( $taxonomies as $taxonomie) {
|
||||
?>
|
||||
<option value="<?php echo $taxonomie->get_db_identifier();?>"><?php echo $taxonomie->get_name() ?> </option>
|
||||
<option value="<?php echo esc_attr($taxonomie->get_db_identifier());?>"><?php echo esc_attr($taxonomie->get_name()); ?> </option>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -148,7 +148,7 @@ class Exposers_Handler {
|
|||
$type_responde = $exposer->rest_request_after_callbacks($response, $handler, $request);
|
||||
if(self::request_has_url_param($request)) {
|
||||
header(implode('', $response->get_headers()));
|
||||
echo stripcslashes($response->get_data());
|
||||
echo esc_attr(stripcslashes($response->get_data()));
|
||||
exit();
|
||||
}
|
||||
return $type_responde;
|
||||
|
|
|
@ -334,7 +334,7 @@ class CSV extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="multivalued_delimiter" value="<?php echo $this->get_option('multivalued_delimiter'); ?>">
|
||||
<input class="input" type="text" name="multivalued_delimiter" value="<?php echo esc_attr($this->get_option('multivalued_delimiter')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -357,7 +357,7 @@ class CSV extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="enclosure" value="<?php echo $this->get_option('enclosure'); ?>">
|
||||
<input class="input" type="text" name="enclosure" value="<?php echo esc_attr($this->get_option('enclosure')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -410,7 +410,7 @@ class CSV extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="escape_empty_value" value="<?php echo $this->get_option('escape_empty_value'); ?>">
|
||||
<input class="input" type="text" name="escape_empty_value" value="<?php echo esc_attr($this->get_option('escape_empty_value')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -467,7 +467,7 @@ class CSV extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="server_path" value="<?php echo $this->get_option('server_path'); ?>">
|
||||
<input class="input" type="text" name="server_path" value="<?php echo esc_attr($this->get_option('server_path')); ?>">
|
||||
</div>
|
||||
<p class="help">
|
||||
<strong><?php _e('Importing attachments', 'tainacan'); ?>: </strong><?php echo nl2br(__('Check the documentation to learn how to set up your .csv file correctly for importing files <a href="https://tainacan.github.io/tainacan-wiki/#/importers?id=importador-csv-items">on this link.</a>', 'tainacan')); ?>
|
||||
|
|
|
@ -188,7 +188,9 @@ class Flickr_Importer extends Importer {
|
|||
|
||||
$this->add_log('url ' . $api_url);
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
if( $json && isset($json->photoset) ){
|
||||
return $json;
|
||||
}
|
||||
|
@ -203,7 +205,10 @@ class Flickr_Importer extends Importer {
|
|||
|
||||
$this->add_log('url ' . $api_url);
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
|
||||
if( $json && isset($json->photos) ){
|
||||
return $json;
|
||||
|
||||
|
@ -218,7 +223,9 @@ class Flickr_Importer extends Importer {
|
|||
|
||||
$this->add_log('url ' . $api_url);
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
if( $json && isset($json->photo) ){
|
||||
return $json;
|
||||
|
||||
|
@ -428,8 +435,9 @@ class Flickr_Importer extends Importer {
|
|||
. $id . $this->format;
|
||||
|
||||
$this->add_log('url ' . $api_url);
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
if( $json && isset($json->photo) ){
|
||||
return $json;
|
||||
|
||||
|
|
|
@ -125,7 +125,7 @@ class Test_Importer extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="number" name="items_col_1" value="<?php echo $this->get_option('items_col_1'); ?>">
|
||||
<input class="input" type="number" name="items_col_1" value="<?php echo esc_attr($this->get_option('items_col_1')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -149,7 +149,7 @@ class Test_Importer extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="number" name="additonal_metadata" value="<?php echo $this->get_option('additonal_metadata'); ?>">
|
||||
<input class="input" type="number" name="additonal_metadata" value="<?php echo esc_attr($this->get_option('additonal_metadata')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -204,7 +204,7 @@ class Test_Importer extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="number" name="items_col_2" value="<?php echo $this->get_option('items_col_2'); ?>">
|
||||
<input class="input" type="number" name="items_col_2" value="<?php echo esc_attr($this->get_option('items_col_2')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -266,7 +266,7 @@ class Test_Importer extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="keyword_images" value="<?php echo $this->get_option('keyword_images'); ?>">
|
||||
<input class="input" type="text" name="keyword_images" value="<?php echo esc_attr($this->get_option('keyword_images')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -290,7 +290,7 @@ class Test_Importer extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="number" name="horizontal_image_size" value="<?php echo $this->get_option('horizontal_image_size'); ?>">
|
||||
<input class="input" type="number" name="horizontal_image_size" value="<?php echo esc_attr($this->get_option('horizontal_image_size')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
@ -312,7 +312,7 @@ class Test_Importer extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="number" name="vertical_image_size" value="<?php echo $this->get_option('vertical_image_size'); ?>">
|
||||
<input class="input" type="number" name="vertical_image_size" value="<?php echo esc_attr($this->get_option('vertical_image_size')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -649,8 +649,10 @@ class Test_Importer extends Importer {
|
|||
$keyword = ( $this->get_option('keyword_images') ) ? $this->get_option('keyword_images') : '';
|
||||
|
||||
$url = "https://loremflickr.com/$horizontal_size/$vertical_size/$keyword";
|
||||
$response = wp_remote_get( $url );
|
||||
$content = wp_remote_retrieve_body( $response );
|
||||
|
||||
$id = $TainacanMedia->insert_attachment_from_blob(file_get_contents($url), time() . '.jpg', $inserted_item->get_id());
|
||||
$id = $TainacanMedia->insert_attachment_from_blob($content, time() . '.jpg', $inserted_item->get_id());
|
||||
|
||||
if(!$id){
|
||||
$this->add_error_log('Error in imported URL ' . $url);
|
||||
|
|
|
@ -231,7 +231,9 @@ class Youtube_Importer extends Importer {
|
|||
$api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&id='
|
||||
. $id . '&key=' . $api_key;
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
if( $json && isset($json->items) ){
|
||||
$item = $json->items[0];
|
||||
|
||||
|
@ -239,7 +241,9 @@ class Youtube_Importer extends Importer {
|
|||
. $pageToken . '&maxResults=1&playlistId='
|
||||
. $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
|
||||
if( $json && isset($json->items) ){
|
||||
return $json;
|
||||
|
@ -252,7 +256,9 @@ class Youtube_Importer extends Importer {
|
|||
$api_url = 'https://www.googleapis.com/youtube/v3/channels?part=statistics,snippet,contentDetails&forUsername='
|
||||
. $id . '&key=' . $api_key;
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
if( $json && isset($json->items) ){
|
||||
$item = $json->items[0];
|
||||
|
||||
|
@ -260,7 +266,9 @@ class Youtube_Importer extends Importer {
|
|||
. $pageToken . '&maxResults=1&playlistId='
|
||||
. $item->contentDetails->relatedPlaylists->uploads . '&key=' . $api_key;
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
|
||||
if( $json && isset($json->items) ){
|
||||
return $json;
|
||||
|
@ -274,7 +282,9 @@ class Youtube_Importer extends Importer {
|
|||
. $pageToken . '&maxResults=1&playlistId='
|
||||
. $id . '&key=' . $api_key;
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
if( $json && isset($json->items) ){
|
||||
return $json;
|
||||
|
||||
|
@ -285,7 +295,9 @@ class Youtube_Importer extends Importer {
|
|||
$api_url = 'https://www.googleapis.com/youtube/v3/videos?part=snippet%2CcontentDetails&maxResults=1&id='
|
||||
. $id . '&key=' . $api_key;
|
||||
|
||||
$json = json_decode(file_get_contents($api_url));
|
||||
$response = wp_remote_get( $api_url );
|
||||
$body = wp_remote_retrieve_body( $response );
|
||||
$json = json_decode($body);
|
||||
if( $json && isset($json->items) ){
|
||||
return $json;
|
||||
|
||||
|
@ -399,7 +411,7 @@ class Youtube_Importer extends Importer {
|
|||
</p>
|
||||
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="api_id" value="<?php echo $this->get_option('api_id'); ?>">
|
||||
<input class="input" type="text" name="api_id" value="<?php echo esc_attr($this->get_option('api_id')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -64,7 +64,7 @@ class ScriptTainacanOld {
|
|||
|
||||
define( 'WP_USE_THEMES', false );
|
||||
define( 'SHORTINIT', false );
|
||||
require( dirname(__FILE__) . '/../../../../wp-blog-header.php' );
|
||||
// require( dirname(__FILE__) . '/../../../../wp-blog-header.php' );
|
||||
|
||||
$old_tainacan = new \Tainacan\Importer\Old_Tainacan();
|
||||
$id = $old_tainacan->get_id();
|
||||
|
|
|
@ -60,7 +60,7 @@ class Term_Importer extends Importer {
|
|||
</div>
|
||||
</span>
|
||||
<div class="control is-clearfix">
|
||||
<input class="input" type="text" name="delimiter" value="<?php echo $this->get_option('delimiter'); ?>">
|
||||
<input class="input" type="text" name="delimiter" value="<?php echo esc_attr($this->get_option('delimiter')); ?>">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -93,7 +93,7 @@ class Term_Importer extends Importer {
|
|||
$taxonomies = $Tainacan_Taxonomies->fetch( ['nopaging' => true], 'OBJECT' );
|
||||
foreach( $taxonomies as $taxonomie) {
|
||||
?>
|
||||
<option value="<?php echo $taxonomie->get_db_identifier();?>"><?php echo $taxonomie->get_name() ?> </option>
|
||||
<option value="<?php echo esc_attr($taxonomie->get_db_identifier());?>"><?php echo esc_attr($taxonomie->get_name()) ?> </option>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
@ -101,7 +101,7 @@ class Term_Importer extends Importer {
|
|||
|
||||
</div>
|
||||
|
||||
<input class="input new_taxonomy" type="text" name="new_taxonomy" value="<?php echo $this->get_option('new_taxonomy'); ?>" placeholder="<?php _e('New taxonomy name', 'tainacan'); ?>" >
|
||||
<input class="input new_taxonomy" type="text" name="new_taxonomy" value="<?php echo esc_attr($this->get_option('new_taxonomy')); ?>" placeholder="<?php _e('New taxonomy name', 'tainacan'); ?>" >
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -130,7 +130,6 @@
|
|||
'timeout' => 0.01,
|
||||
'blocking' => false,
|
||||
'body' => $this->data,
|
||||
'cookies' => $_COOKIE,
|
||||
'sslverify' => apply_filters( 'https_local_ssl_verify', false ),
|
||||
);
|
||||
}
|
||||
|
|
|
@ -362,8 +362,6 @@ class Theme_Helper {
|
|||
}
|
||||
|
||||
public function item_submission_shortcode($args) {
|
||||
global $TAINACAN_BASE_URL;
|
||||
|
||||
$props = ' ';
|
||||
|
||||
// Passes arguments to custom props
|
||||
|
@ -377,7 +375,36 @@ class Theme_Helper {
|
|||
|
||||
wp_enqueue_media();
|
||||
|
||||
return "<div data-module='item-submission-form' id='tainacan-item-submission-form' $props ></div>";
|
||||
$allowed_html = [
|
||||
'div' => [
|
||||
'id' => true,
|
||||
'data-module' => true,
|
||||
'collection-id' => true,
|
||||
'hide-file-modal-button' => true,
|
||||
'hide-text-modal-button' => true,
|
||||
'hide-link-modal-button' => true,
|
||||
'hide-thumbnail-section' => true,
|
||||
'hide-attachments-section' => true,
|
||||
'show-allow-comments-section' => true,
|
||||
'hide-collapses' => true,
|
||||
'hide-help-buttons' => true,
|
||||
'hide-metadata-types' => true,
|
||||
'help-info-bellow-label' => true,
|
||||
'document-section-label' => true,
|
||||
'thumbnail-section-label' => true,
|
||||
'attachments-section-label' => true,
|
||||
'metadata-section-label' => true,
|
||||
'sent-form-heading' => true,
|
||||
'sent-form-message' => true,
|
||||
'item-link-button-label' => true,
|
||||
'show-item-link-button' => true,
|
||||
'show-terms-agreement-checkbox' => true,
|
||||
'terms-agreement-message' => true,
|
||||
'enabled-metadata' => true,
|
||||
]
|
||||
];
|
||||
|
||||
return wp_kses("<div data-module='item-submission-form' id='tainacan-item-submission-form' $props ></div>", $allowed_html);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -489,7 +516,40 @@ class Theme_Helper {
|
|||
}
|
||||
}
|
||||
|
||||
return "<div data-module='faceted-search' id='tainacan-items-page' $props ></div>";
|
||||
$allowed_html = [
|
||||
'div' => [
|
||||
'id' => true,
|
||||
'data-module' => true,
|
||||
'collection-id' => true,
|
||||
'term-id' => true,
|
||||
'taxonomy' => true,
|
||||
'default-view-mode' => true,
|
||||
'is-forced-view-mode' => true,
|
||||
'enabled-view-modes' => true,
|
||||
'default-order' => true,
|
||||
'default-orderby' => true,
|
||||
'hide-filters' => true,
|
||||
'hide-hide-filters-button' => true,
|
||||
'hide-search' => true,
|
||||
'hide-advanced-search' => true,
|
||||
'hide-displayed-metadata-button' => true,
|
||||
'hide-sorting-area' => true,
|
||||
'hide-items-thumbnail' => true,
|
||||
'hide-sort-by-button' => true,
|
||||
'hide-exposers-button' => true,
|
||||
'hide-items-per-page-button' => true,
|
||||
'hide-go-to-page-button' => true,
|
||||
'hide-pagination-area' => true,
|
||||
'default-items-per-page' => true,
|
||||
'show-filters-button-inside-search-control' => true,
|
||||
'start-with-filters-hidden' => true,
|
||||
'filters-as-modal' => true,
|
||||
'show-inline-view-mode-options' => true,
|
||||
'show-fullscreen-with-view-modes' => true
|
||||
]
|
||||
];
|
||||
|
||||
return wp_kses("<div data-module='faceted-search' id='tainacan-items-page' $props ></div>", $allowed_html);
|
||||
}
|
||||
|
||||
function get_items_list_slug() {
|
||||
|
@ -680,7 +740,7 @@ class Theme_Helper {
|
|||
|
||||
$logo = get_template_directory_uri() . '/assets/images/social-logo.png';
|
||||
$excerpt = get_bloginfo( 'description' );
|
||||
$url_src = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
|
||||
$url_src = esc_url((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
|
||||
global $wp;
|
||||
|
||||
if ( is_post_type_archive() ) {
|
||||
|
@ -749,13 +809,13 @@ class Theme_Helper {
|
|||
|
||||
?>
|
||||
<meta property="og:type" content="article"/>
|
||||
<meta property="og:title" content="<?php echo $title; ?>"/>
|
||||
<meta property="og:site_name" content="<?php echo get_bloginfo(); ?>"/>
|
||||
<meta property="og:description" content="<?php echo $excerpt; ?>"/>
|
||||
<meta property="og:url" content="<?php echo $url_src; ?>"/>
|
||||
<meta property="og:image" content="<?php echo $image['url']; ?>"/>
|
||||
<meta property="og:image:width" content="<?php echo $image['width']; ?>"/>
|
||||
<meta property="og:image:height" content="<?php echo $image['height']; ?>"/>
|
||||
<meta property="og:title" content="<?php echo esc_attr($title); ?>"/>
|
||||
<meta property="og:site_name" content="<?php echo esc_attr(get_bloginfo()); ?>"/>
|
||||
<meta property="og:description" content="<?php echo esc_html($excerpt); ?>"/>
|
||||
<meta property="og:url" content="<?php echo esc_url($url_src); ?>"/>
|
||||
<meta property="og:image" content="<?php echo esc_url($image['url']); ?>"/>
|
||||
<meta property="og:image:width" content="<?php echo esc_attr($image['width']); ?>"/>
|
||||
<meta property="og:image:height" content="<?php echo esc_attr($image['height']); ?>"/>
|
||||
|
||||
|
||||
<?php } else { return; } // End if().
|
||||
|
@ -895,14 +955,22 @@ class Theme_Helper {
|
|||
unset($args['class_name']);
|
||||
|
||||
// Builds parameters to the html div rendered by Vue
|
||||
$allowed_html = [
|
||||
'div' => [
|
||||
'data-module' => true,
|
||||
'id' => true
|
||||
]
|
||||
];
|
||||
foreach ($args as $key => $value) {
|
||||
if (is_bool($value))
|
||||
$value = $value ? 'true' : 'false';
|
||||
// Changes from PHP '_' notation to HTML '-' notation
|
||||
$props .= (str_replace('_', '-', $key) . "='" . $value . "' ");
|
||||
$key_attr = str_replace('_', '-', $key);
|
||||
$props .= "$key_attr='$value' ";
|
||||
$allowed_html['div'][$key_attr] = true;
|
||||
}
|
||||
|
||||
return "<div data-module='carousel-items-list' id='tainacan-items-carousel-shortcode_" . uniqid() . "' $props ></div>";
|
||||
return wp_kses( "<div data-module='carousel-items-list' id='tainacan-items-carousel-shortcode_" . uniqid() . "' $props ></div>", $allowed_html);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -970,15 +1038,24 @@ class Theme_Helper {
|
|||
$args['class'] = $args['class_name'] . ' wp-block-tainacan-dynamic-items-list';
|
||||
unset($args['class_name']);
|
||||
|
||||
// Builds parameters to the html div rendered by Vue
|
||||
$allowed_html = [
|
||||
'div' => [
|
||||
'data-module' => true,
|
||||
"id" => true
|
||||
]
|
||||
];
|
||||
// Builds parameters to the html div rendered by Vue
|
||||
foreach ($args as $key => $value) {
|
||||
if (is_bool($value))
|
||||
$value = $value ? 'true' : 'false';
|
||||
// Changes from PHP '_' notation to HTML '-' notation
|
||||
$props .= (str_replace('_', '-', $key) . "='" . $value . "' ");
|
||||
$key_attr = str_replace('_', '-', $key);
|
||||
$props .= "$key_attr='$value' ";
|
||||
$allowed_html['div'][$key_attr] = true;
|
||||
}
|
||||
|
||||
return "<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>";
|
||||
return wp_kses("<div data-module='dynamic-items-list' id='tainacan-dynamic-items-list-shortcode_" . uniqid(). "' $props ></div>", $allowed_html);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1000,9 +1077,6 @@ class Theme_Helper {
|
|||
* @return string The HTML div to be used for rendering the related items vue component
|
||||
*/
|
||||
public function get_tainacan_related_items_list($args = []) {
|
||||
global $TAINACAN_BASE_URL;
|
||||
global $TAINACAN_VERSION;
|
||||
|
||||
$defaults = array(
|
||||
'class_name' => '',
|
||||
'collection_heading_class_name' => '',
|
||||
|
@ -1025,22 +1099,21 @@ class Theme_Helper {
|
|||
return;
|
||||
|
||||
// Always pass the default class. We force passing the wp-block-tainacan-carousel-related-items because themes might have used it to style before the other layouts exist;
|
||||
$output = '<div data-module="related-items-list" class="' . $args['class_name'] . ' wp-block-tainacan-carousel-related-items wp-block-tainacan-related-items' . '">';
|
||||
$output = '<div data-module="related-items-list" class="' . esc_attr($args['class_name']) . ' wp-block-tainacan-carousel-related-items wp-block-tainacan-related-items' . '">';
|
||||
|
||||
foreach($related_items as $collection_id => $related_group) {
|
||||
|
||||
if ( isset($related_group['items']) && isset($related_group['total_items']) && $related_group['total_items'] ) {
|
||||
|
||||
// Adds a heading with the collection name
|
||||
$collection_heading = '';
|
||||
if ( isset($related_group['collection_name']) ) {
|
||||
$collection_heading = '<' . $args['collection_heading_tag'] . ' class="' . $args['collection_heading_class_name'] . '">' . $related_group['collection_name'] . '</' . $args['collection_heading_tag'] . '>';
|
||||
$collection_heading = wp_kses_post('<' . $args['collection_heading_tag'] . ' class="' . $args['collection_heading_class_name'] . '">' . $related_group['collection_name'] . '</' . $args['collection_heading_tag'] . '>');
|
||||
}
|
||||
|
||||
// Adds a paragraph with the metadata name
|
||||
$metadata_label = '';
|
||||
if ( isset($related_group['metadata_name']) ) {
|
||||
$metadata_label = '<' . $args['metadata_label_tag'] . ' class="' . $args['metadata_label_class_name'] . '">' . $related_group['metadata_name'] . '</' . $args['metadata_label_tag'] . '>';
|
||||
$metadata_label = wp_kses_post('<' . $args['metadata_label_tag'] . ' class="' . $args['metadata_label_class_name'] . '">' . $related_group['metadata_name'] . '</' . $args['metadata_label_tag'] . '>');
|
||||
}
|
||||
|
||||
// Sets the carousel, from the items carousel template tag.
|
||||
|
@ -1069,6 +1142,10 @@ class Theme_Helper {
|
|||
|
||||
$output .= '<div class="wp-block-group">
|
||||
<div class="wp-block-group__inner-container">' .
|
||||
/**
|
||||
* Note to code reviewers: This lines doesn't need to be escaped.
|
||||
* Functions get_tainacan_items_carousel() and get_tainacan_dynamic_items_list used here escape the return value.
|
||||
*/
|
||||
$collection_heading .
|
||||
$metadata_label .
|
||||
$items_list_div .
|
||||
|
@ -1076,7 +1153,7 @@ class Theme_Helper {
|
|||
$related_group['total_items'] > 1 ?
|
||||
'<div class="wp-block-buttons">
|
||||
<div class="wp-block-button">
|
||||
<a class="wp-block-button__link" href="/' . $related_group['collection_slug'] . '?metaquery[0][key]=' . $related_group['metadata_id'] . '&metaquery[0][value][0]=' . $item->get_ID() . '&metaquery[0][compare]=IN">
|
||||
<a class="wp-block-button__link" href="/' . esc_url($related_group['collection_slug']) . '?metaquery[0][key]=' . esc_attr($related_group['metadata_id']) . '&metaquery[0][value][0]=' . esc_attr($item->get_ID()) . '&metaquery[0][compare]=IN">
|
||||
' . sprintf( __('View all %s related items', 'tainacan'), $related_group['total_items'] ) . '
|
||||
</a>
|
||||
</div>
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
use \Tainacan\Entities;
|
||||
use \Tainacan\Repositories;
|
||||
|
||||
|
||||
/**
|
||||
* To be used inside The Loop
|
||||
*
|
||||
|
@ -126,7 +127,7 @@ function tainacan_the_item_document_download_link($item_id = 0) {
|
|||
if (!$link || $item->get_document_type() == 'text' || $item->get_document_type() == 'url')
|
||||
return;
|
||||
|
||||
return '<a name="' . __('Download the item document', 'tainacan') . '" download="'. $link . '" href="' . $link . '">' . __('Download', 'tainacan') . '</a>';
|
||||
return '<a name="' . __('Download the item document', 'tainacan') . '" download="'. esc_url($link) . '" href="' . esc_url($link) . '">' . __('Download', 'tainacan') . '</a>';
|
||||
}
|
||||
|
||||
|
||||
|
@ -137,7 +138,7 @@ function tainacan_the_item_attachment_download_link($attachment_id) {
|
|||
|
||||
$link = wp_get_attachment_url($attachment_id);
|
||||
|
||||
return '<a name="' . __('Download the item attachment', 'tainacan') . '" download="'. $link . '" href="' . $link . '">' . __('Download', 'tainacan') . '</a>';
|
||||
return '<a name="' . __('Download the item attachment', 'tainacan') . '" download="'. esc_url($link) . '" href="' . esc_url($link) . '">' . __('Download', 'tainacan') . '</a>';
|
||||
}
|
||||
|
||||
function tainacan_the_document() {
|
||||
|
@ -212,7 +213,7 @@ function tainacan_get_the_collection_name() {
|
|||
if ( $collection ) {
|
||||
$name = $collection->get_name();
|
||||
}
|
||||
return apply_filters('tainacan-get-collection-name', $name, $collection);
|
||||
return apply_filters('tainacan-get-collection-name', esc_html($name), $collection);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -234,7 +235,7 @@ function tainacan_get_adjacent_items() {
|
|||
* @return void
|
||||
*/
|
||||
function tainacan_the_collection_name() {
|
||||
echo tainacan_get_the_collection_name();
|
||||
echo esc_html(tainacan_get_the_collection_name());
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -248,7 +249,7 @@ function tainacan_get_the_collection_description() {
|
|||
if ( $collection ) {
|
||||
$description = $collection->get_description();
|
||||
}
|
||||
return apply_filters('tainacan-get-collection-description', $description, $collection);
|
||||
return apply_filters('tainacan-get-collection-description', esc_html($description), $collection);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -257,7 +258,7 @@ function tainacan_get_the_collection_description() {
|
|||
* @return void
|
||||
*/
|
||||
function tainacan_the_collection_description() {
|
||||
echo tainacan_get_the_collection_description();
|
||||
echo esc_html(tainacan_get_the_collection_description());
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -345,8 +346,33 @@ function tainacan_get_the_media_component(
|
|||
$args['media_thumbs_id'] = $media_id . '-thumbs';
|
||||
$args['media_id'] = $media_id;
|
||||
|
||||
ob_start();
|
||||
if (!function_exists('tainacan_get_default_allowed_styles')) {
|
||||
function tainacan_get_default_allowed_styles ( $styles ) {
|
||||
$styles[] = 'display';
|
||||
$styles[] = 'position';
|
||||
$styles[] = 'visibility';
|
||||
return $styles;
|
||||
}
|
||||
}
|
||||
$allowed_html = array(
|
||||
'svg' => array(
|
||||
'xmlns' => true,
|
||||
'fill' => true,
|
||||
'viewbox' => true,
|
||||
'role' => true,
|
||||
'aria-hidden' => true,
|
||||
'focusable' => true,
|
||||
'width' => true,
|
||||
'height' => true,
|
||||
),
|
||||
'path' => array(
|
||||
'd' => true,
|
||||
'fill' => true,
|
||||
)
|
||||
);
|
||||
add_filter( 'safe_style_css', 'tainacan_get_default_allowed_styles');
|
||||
|
||||
ob_start();
|
||||
if ( $args['has_media_main'] || $args['has_media_thumbs'] ) :
|
||||
|
||||
wp_enqueue_style( 'tainacan-media-component', $TAINACAN_BASE_URL . '/assets/css/tainacan-gutenberg-block-item-gallery.css', array(), TAINACAN_VERSION);
|
||||
|
@ -359,39 +385,41 @@ function tainacan_get_the_media_component(
|
|||
tainacan_plugin = {};
|
||||
}
|
||||
tainacan_plugin.tainacan_media_components = (typeof tainacan_plugin.tainacan_media_components != "undefined") ? tainacan_plugin.tainacan_media_components : {};
|
||||
tainacan_plugin.tainacan_media_components['<?php echo $args['media_id'] ?>'] = <?php echo json_encode($args) ?>;
|
||||
tainacan_plugin.tainacan_media_components['<?php echo esc_attr($args['media_id']) ?>'] = <?php echo json_encode($args) ?>;
|
||||
</script>
|
||||
|
||||
<div id="<?php echo $media_id ?>" <?php echo $args['wrapper_attributes']; ?> data-module='item-gallery'>
|
||||
|
||||
<div id="<?php echo esc_attr($media_id) ?>" <?php echo esc_attr($args['wrapper_attributes']); ?> data-module='item-gallery'>
|
||||
<?php if ( $args['has_media_main'] ) : ?>
|
||||
|
||||
<!-- Slider main container -->
|
||||
<?php echo $args['before_main_div'] ?>
|
||||
<div id="<?php echo $args['media_main_id'] ?>" class="tainacan-media-component__swiper-main swiper <?php echo $args['class_main_div'] ?>">
|
||||
<?php echo wp_kses_post($args['before_main_div']) ?>
|
||||
<div id="<?php echo esc_attr($args['media_main_id']) ?>" class="tainacan-media-component__swiper-main swiper <?php echo esc_attr($args['class_main_div']) ?>">
|
||||
|
||||
<!-- Additional required wrapper -->
|
||||
<?php echo $args['before_main_ul'] ?>
|
||||
<ul class="swiper-wrapper <?php echo $args['class_main_ul'] ?>">
|
||||
<?php echo wp_kses_post($args['before_main_ul']) ?>
|
||||
<ul class="swiper-wrapper <?php echo esc_attr($args['class_main_ul']) ?>">
|
||||
<?php foreach($media_items_main as $media_item) { ?>
|
||||
<li class="swiper-slide <?php echo $args['class_main_li'] ?>">
|
||||
<?php echo $media_item ?>
|
||||
<li class="swiper-slide <?php echo esc_attr($args['class_main_li']) ?>">
|
||||
<?php
|
||||
echo wp_kses_tainacan($media_item);
|
||||
?>
|
||||
</li>
|
||||
<?php }; ?>
|
||||
</ul>
|
||||
<?php echo $args['before_main_ul'] ?>
|
||||
<?php echo wp_kses_post($args['before_main_ul']) ?>
|
||||
|
||||
<?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['pagination']) ) : ?>
|
||||
<!-- If we need pagination -->
|
||||
<div class="swiper-pagination swiper-pagination_<?php echo $args['media_main_id'] ?>"></div>
|
||||
<div class="swiper-pagination swiper-pagination_<?php echo esc_attr($args['media_main_id']) ?>"></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ( $args['swiper_main_options'] && isset($args['swiper_main_options']['navigation']) ) : ?>
|
||||
|
||||
<!-- If we need navigation buttons -->
|
||||
<div class="swiper-button-prev swiper-navigation-prev_<?php echo $args['media_main_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
<div class="swiper-button-prev swiper-navigation-prev_<?php echo esc_attr($args['media_main_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
<?php if ( $args['swiper_arrows_as_svg'] ): ?>
|
||||
<?php if ( $args['swiper_arrow_prev_custom_svg'] ): ?>
|
||||
<?php echo $args['swiper_arrow_prev_custom_svg']; ?>
|
||||
<?php echo wp_kses($args['swiper_arrow_prev_custom_svg'], $allowed_html); ?>
|
||||
<?php else: ?>
|
||||
<svg width="var(--swiper-navigation-size)" height="var(--swiper-navigation-size)" viewBox="0 0 24 24">
|
||||
<path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"/>
|
||||
|
@ -400,10 +428,10 @@ function tainacan_get_the_media_component(
|
|||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<div class="swiper-button-next swiper-navigation-next_<?php echo $args['media_main_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
<div class="swiper-button-next swiper-navigation-next_<?php echo esc_attr($args['media_main_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
<?php if ( $args['swiper_arrows_as_svg'] ): ?>
|
||||
<?php if ( $args['swiper_arrow_next_custom_svg'] ): ?>
|
||||
<?php echo $args['swiper_arrow_next_custom_svg']; ?>
|
||||
<?php echo wp_kses($args['swiper_arrow_next_custom_svg'], $allowed_html); ?>
|
||||
<?php else: ?>
|
||||
<svg width="42" height="42" viewBox="0 0 24 24">
|
||||
<path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/>
|
||||
|
@ -412,39 +440,42 @@ function tainacan_get_the_media_component(
|
|||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php echo $args['after_main_div'] ?>
|
||||
<?php echo wp_kses_post($args['after_main_div']) ?>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ( $args['has_media_thumbs'] ) : ?>
|
||||
|
||||
<!-- Slider thumbs container -->
|
||||
<?php echo $args['before_thumbs_div'] ?>
|
||||
<div id="<?php echo $args['media_thumbs_id'] ?>" class="tainacan-media-component__swiper-thumbs swiper <?php echo $args['class_thumbs_div'] ?>">
|
||||
<?php echo wp_kses_post($args['before_thumbs_div']) ?>
|
||||
<div id="<?php echo esc_attr($args['media_thumbs_id']) ?>" class="tainacan-media-component__swiper-thumbs swiper <?php echo esc_attr($args['class_thumbs_div']) ?>">
|
||||
|
||||
<!-- Additional required wrapper -->
|
||||
<?php echo $args['before_thumbs_ul'] ?>
|
||||
<ul class="swiper-wrapper <?php echo $args['class_thumbs_ul'] ?>">
|
||||
<?php echo wp_kses_post($args['before_thumbs_ul']) ?>
|
||||
<ul class="swiper-wrapper <?php echo esc_attr($args['class_thumbs_ul']) ?>">
|
||||
<?php foreach($media_items_thumbs as $media_item) { ?>
|
||||
<li class="swiper-slide <?php echo $args['class_thumbs_li'] ?>">
|
||||
<?php echo $media_item ?>
|
||||
<li class="swiper-slide <?php echo esc_attr($args['class_thumbs_li']) ?>">
|
||||
<?php echo wp_kses_tainacan($media_item); ?>
|
||||
</li>
|
||||
<?php }; ?>
|
||||
</ul>
|
||||
<?php echo $args['before_thumbs_ul'] ?>
|
||||
<?php echo wp_kses_post($args['before_thumbs_ul']) ?>
|
||||
|
||||
<?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['pagination']) ) : ?>
|
||||
<!-- If we need pagination -->
|
||||
<div class="swiper-paginations swiper-pagination_<?php echo $args['media_thumbs_id'] ?>"></div>
|
||||
<div class="swiper-paginations swiper-pagination_<?php echo esc_attr($args['media_thumbs_id']) ?>"></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ( $args['swiper_thumbs_options'] && isset($args['swiper_thumbs_options']['navigation']) ) : ?>
|
||||
<!-- If we need navigation buttons -->
|
||||
<div class="swiper-button-prev swiper-navigation-prev_<?php echo $args['media_thumbs_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
|
||||
<div class="swiper-button-prev swiper-navigation-prev_<?php echo esc_attr($args['media_thumbs_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
<?php if ( $args['swiper_arrows_as_svg'] ): ?>
|
||||
<?php if ( $args['swiper_arrow_prev_custom_svg'] ): ?>
|
||||
<?php echo $args['swiper_arrow_prev_custom_svg']; ?>
|
||||
<?php echo wp_kses($args['swiper_arrow_prev_custom_svg'], $allowed_html); ?>
|
||||
|
||||
<?php else: ?>
|
||||
<svg width="var(--swiper-navigation-size)" height="var(--swiper-navigation-size)" viewBox="0 0 24 24">
|
||||
<path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"/>
|
||||
|
@ -453,10 +484,10 @@ function tainacan_get_the_media_component(
|
|||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<div class="swiper-button-next swiper-navigation-next_<?php echo $args['media_thumbs_id'] ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
<div class="swiper-button-next swiper-navigation-next_<?php echo esc_attr($args['media_thumbs_id']) ?> <?php echo ($args['swiper_arrows_as_svg'] ? 'swiper-button-has-svg' : '' ) ?>">
|
||||
<?php if ( $args['swiper_arrows_as_svg'] ): ?>
|
||||
<?php if ( $args['swiper_arrow_next_custom_svg'] ): ?>
|
||||
<?php echo $args['swiper_arrow_next_custom_svg']; ?>
|
||||
<?php echo wp_kses($args['swiper_arrow_next_custom_svg'], $allowed_html); ?>
|
||||
<?php else: ?>
|
||||
<svg width="42" height="42" viewBox="0 0 24 24">
|
||||
<path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"/>
|
||||
|
@ -471,15 +502,13 @@ function tainacan_get_the_media_component(
|
|||
<div class="swiper-start-border"></div>
|
||||
<div class="swiper-end-border"></div>
|
||||
</div>
|
||||
<?php echo $args['after_thumbs_div'] ?>
|
||||
<?php echo wp_kses_post($args['after_thumbs_div']) ?>
|
||||
<?php endif; ?>
|
||||
|
||||
</div>
|
||||
|
||||
<?php endif; ?> <!-- End of if ($args['has_media_main'] || $args['has_media_thumbs'] ) -->
|
||||
|
||||
<?php
|
||||
|
||||
endif; // <!-- End of if ($args['has_media_main'] || $args['has_media_thumbs'] ) -->
|
||||
remove_filter( 'safe_style_css', 'tainacan_get_default_allowed_styles');
|
||||
$content = ob_get_contents();
|
||||
ob_end_clean();
|
||||
|
||||
|
@ -528,49 +557,51 @@ function tainacan_get_the_media_component_slide( $args = array() ) {
|
|||
ob_start();
|
||||
|
||||
?>
|
||||
<?php echo $args['before_slide_content'] ?>
|
||||
<?php echo wp_kses_post($args['before_slide_content']) ?>
|
||||
|
||||
<div class="swiper-slide-content <?php echo $args['class_slide_content'] ?>">
|
||||
<div class="swiper-slide-content <?php echo esc_attr($args['class_slide_content']) ?>">
|
||||
|
||||
<?php if ( isset($args['media_content']) && !empty($args['media_content']) && $args['media_content'] !== false ) :?>
|
||||
<?php echo $args['media_content'] ?>
|
||||
<?php echo wp_kses_tainacan($args['media_content']) ?>
|
||||
<?php else: ?>
|
||||
<img src="<?php echo tainacan_get_the_mime_type_icon($args['media_type']) ?>" alt="<?php echo ( !empty($args['media_title']) ? $args['media_title'] : __('File', 'tainacan') ) ?>" >
|
||||
<img src="<?php echo esc_url(tainacan_get_the_mime_type_icon($args['media_type'])) ?>" alt="<?php echo ( !empty($args['media_title']) ? esc_attr($args['media_title']) : __('File', 'tainacan') ) ?>" >
|
||||
<?php endif; ?>
|
||||
|
||||
<?php echo $args['before_slide_metadata'] ?>
|
||||
<?php echo wp_kses_post($args['before_slide_metadata']); ?>
|
||||
|
||||
<?php if ( !empty($args['media_title']) || !empty($args['description']) || !empty($args['media_caption']) ) : ?>
|
||||
<div class="swiper-slide-metadata <?php echo $args['class_slide_metadata'] ?>">
|
||||
<div class="swiper-slide-metadata <?php echo wp_kses_post($args['class_slide_metadata']); ?>">
|
||||
<?php if ( !empty($args['media_caption']) ) :?>
|
||||
<span class="swiper-slide-metadata__caption">
|
||||
<?php echo $args['media_caption'] ?>
|
||||
<?php echo wp_kses_post($args['media_caption']); ?>
|
||||
<br>
|
||||
</span>
|
||||
<?php endif; ?>
|
||||
<?php if ( !empty($args['media_title']) ) :?>
|
||||
<span class="swiper-slide-metadata__name">
|
||||
<?php echo $args['media_title'] ?>
|
||||
<?php echo wp_kses_post($args['media_title']); ?>
|
||||
</span>
|
||||
<?php endif; ?>
|
||||
<br>
|
||||
<?php if ( !empty($args['media_description']) ) :?>
|
||||
<span class="swiper-slide-metadata__description">
|
||||
<?php echo $args['media_description'] ?>
|
||||
<?php echo wp_kses_post($args['media_description']); ?>
|
||||
</span>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ( !empty($args['media_content_full']) ) : ?>
|
||||
<div class="media-full-content" style="display: none; position: absolute; visibility: hidden;"><?php echo $args['media_content_full'] ?></div>
|
||||
<div class="media-full-content" style="display: none; position: absolute; visibility: hidden;">
|
||||
<?php echo wp_kses_tainacan($args['media_content_full']) ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php echo $args['after_slide_metadata'] ?>
|
||||
<?php echo wp_kses_post($args['after_slide_metadata']) ?>
|
||||
|
||||
</div>
|
||||
|
||||
<?php echo $args['after_slide_content'] ?>
|
||||
<?php echo wp_kses_post($args['after_slide_content']) ?>
|
||||
|
||||
<?php
|
||||
|
||||
|
@ -592,7 +623,7 @@ function tainacan_get_the_collection_url() {
|
|||
if ( $collection ) {
|
||||
$url = $collection->get_url();
|
||||
}
|
||||
return apply_filters('tainacan-get-collection-url', $url, $collection);
|
||||
return apply_filters('tainacan-get-collection-url', esc_url($url), $collection);
|
||||
}
|
||||
|
||||
|
||||
|
@ -602,7 +633,7 @@ function tainacan_get_the_collection_url() {
|
|||
* @return void
|
||||
*/
|
||||
function tainacan_the_collection_url() {
|
||||
echo tainacan_get_the_collection_url();
|
||||
echo esc_url(tainacan_get_the_collection_url());
|
||||
}
|
||||
|
||||
|
||||
|
@ -726,7 +757,7 @@ function tainacan_get_the_term_name() {
|
|||
if ( $term ) {
|
||||
$name = $term->name;
|
||||
}
|
||||
return apply_filters('tainacan-get-term-name', $name, $term);
|
||||
return apply_filters('tainacan-get-term-name', esc_html($name), $term);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -735,7 +766,7 @@ function tainacan_get_the_term_name() {
|
|||
* @return void
|
||||
*/
|
||||
function tainacan_the_term_name() {
|
||||
echo tainacan_get_the_term_name();
|
||||
echo esc_html(tainacan_get_the_term_name());
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -749,7 +780,7 @@ function tainacan_get_the_term_description() {
|
|||
if ( $term ) {
|
||||
$description = $term->description;
|
||||
}
|
||||
return apply_filters('tainacan-get-term-description', $description, $term);
|
||||
return apply_filters('tainacan-get-term-description', esc_html($description), $term);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -758,7 +789,7 @@ function tainacan_get_the_term_description() {
|
|||
* @return void
|
||||
*/
|
||||
function tainacan_the_term_description() {
|
||||
echo tainacan_get_the_term_description();
|
||||
echo esc_html(tainacan_get_the_term_description());
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -863,7 +894,7 @@ function tainacan_the_item_edit_link( $text = null, $before = '', $after = '', $
|
|||
|
||||
$link = '<a class="' . esc_attr($class) . '" href="' . esc_url( $url ) . '">' . $text . '</a>';
|
||||
|
||||
echo $before . $link . $after;
|
||||
echo wp_kses_post($before . $link . $after);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -2,9 +2,9 @@
|
|||
Contributors: andrebenedito, daltonmartins, fabianobn, jacsonp, leogermani, weryques, wetah, eduardohumberto, ravipassos, jessicafpx, marinagiolo, omarceloavila, vnmedeiros, tainacan, r-guimaraes, suelanesilva, ccaio, alanargomes, ateneagarcia123, rodrigo0freire, clarandreozzi
|
||||
Tags: museums, libraries, archives, GLAM, collections, repository
|
||||
Requires at least: 5.0
|
||||
Tested up to: 5.9
|
||||
Tested up to: 6.0
|
||||
Requires PHP: 5.6
|
||||
Stable tag: 0.18.8
|
||||
Stable tag: 0.18.10
|
||||
License: GPLv2 or later
|
||||
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
||||
|
||||
|
|
|
@ -4,17 +4,17 @@ Plugin Name: Tainacan
|
|||
Plugin URI: https://tainacan.org/
|
||||
Description: Open source, powerful and flexible repository platform for WordPress. Manage and publish you digital collections as easily as publishing a post to your blog, while having all the tools of a professional repository platform.
|
||||
Author: Tainacan.org
|
||||
Version: 0.18.8
|
||||
Version: 0.18.10
|
||||
Requires at least: 5.0
|
||||
Tested up to: 5.9
|
||||
Tested up to: 6.0
|
||||
Requires PHP: 5.6
|
||||
Stable tag: 0.18.8
|
||||
Stable tag: 0.18.10
|
||||
Text Domain: tainacan
|
||||
License: GPLv2 or later
|
||||
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
||||
*/
|
||||
|
||||
const TAINACAN_VERSION = '0.18.8';
|
||||
const TAINACAN_VERSION = '0.18.10';
|
||||
|
||||
defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
|
||||
$TAINACAN_BASE_URL = plugins_url('', __FILE__);
|
||||
|
@ -123,3 +123,27 @@ function tainacan_add_admin_bar_items ( WP_Admin_Bar $admin_bar ) {
|
|||
}
|
||||
}
|
||||
add_action( 'admin_bar_menu', 'tainacan_add_admin_bar_items', 500 );
|
||||
|
||||
function wp_kses_tainacan($content, $context='tainacan_content') {
|
||||
$allowed_html = wp_kses_allowed_html($context);
|
||||
return wp_kses($content, $allowed_html);
|
||||
}
|
||||
|
||||
add_filter('wp_kses_allowed_html', function($allowedposttags, $context) {
|
||||
switch ( $context ) {
|
||||
case 'tainacan_content':
|
||||
$post_allowed_html = wp_kses_allowed_html('post');
|
||||
return array_merge(
|
||||
$post_allowed_html,
|
||||
['iframe' => array(
|
||||
'src' => true,
|
||||
'height' => true,
|
||||
'width' => true,
|
||||
'frameborder' => true,
|
||||
'allowfullscreen' => true,
|
||||
)]
|
||||
);
|
||||
default:
|
||||
return $allowedposttags;
|
||||
}
|
||||
}, 10, 2);
|
|
@ -235,10 +235,10 @@ class Compound extends Metadata_Type {
|
|||
?>
|
||||
<div class="tainacan-metadatum">
|
||||
<h4 class="label">
|
||||
<?php echo $meta->get_metadatum()->get_name(); ?>
|
||||
<?php echo esc_html($meta->get_metadatum()->get_name()); ?>
|
||||
</h4>
|
||||
<p>
|
||||
<?php echo $meta->get_value_as_html(); ?>
|
||||
<?php echo wp_kses_post($meta->get_value_as_html()); ?>
|
||||
</p>
|
||||
</div>
|
||||
<?php
|
||||
|
|
|
@ -320,7 +320,13 @@ class Relationship extends Metadata_Type {
|
|||
<div class="tainacan-relationship-metadatum-header">
|
||||
<?php echo ($should_display_thumbnail ? $this->get_item_thumbnail($thumbnail_id, $item) : ''); ?>
|
||||
<h4 class="label">
|
||||
<?php echo $value_link; ?>
|
||||
<?php
|
||||
/**
|
||||
* Note to code reviewers: This lines doesn't need to be escaped.
|
||||
* The variable $value_link is escaped.
|
||||
*/
|
||||
echo $value_link;
|
||||
?>
|
||||
</h4>
|
||||
</div>
|
||||
<?php
|
||||
|
@ -328,10 +334,10 @@ class Relationship extends Metadata_Type {
|
|||
?>
|
||||
<div class="tainacan-metadatum">
|
||||
<h5 class="label">
|
||||
<?php echo $meta->get_metadatum()->get_name(); ?>
|
||||
<?php echo esc_html($meta->get_metadatum()->get_name()); ?>
|
||||
</h5>
|
||||
<p>
|
||||
<?php echo ($value_link === false ? $meta->get_value_as_html() : $value_link); ?>
|
||||
<?php echo wp_kses_post(($value_link === false ? $meta->get_value_as_html() : $value_link)); ?>
|
||||
</p>
|
||||
</div>
|
||||
<?php
|
||||
|
|
|
@ -403,9 +403,9 @@ class Admin {
|
|||
|
||||
function ajax_sample_permalink(){
|
||||
|
||||
$id = $_POST['post_id'];
|
||||
$title = $_POST['new_title'];
|
||||
$name = $_POST['new_slug'];
|
||||
$id = sanitize_text_field($_POST['post_id']);
|
||||
$title = sanitize_text_field($_POST['new_title']);
|
||||
$name = sanitize_text_field($_POST['new_slug']);
|
||||
|
||||
$post = get_post( $id );
|
||||
if ( ! $post )
|
||||
|
|
Loading…
Reference in New Issue