Merge pull request #33 from circuscode/develop

Version 0.19

Author: circuscode

hdfys_display.php

@@ -32,7 +32,7 @@ function hdfys() {
 		$line=hdfys_get_anything();
 
 		// Output
-		echo "<p class='admin-hdfys'>".$line."</p>";
+		echo "<p class='admin-hdfys'>".esc_html($line)."</p>";
 	}
 }
 add_action( 'admin_notices', 'hdfys' );

hdfys_gutenberg.php

@@ -34,7 +34,7 @@ function hdfys_gutenberg_block() {
 	$gutenberg_line = hdfys_get_anything();
 
 	// Add HTML Markup
-	$gutenberg_output = '<p class="hdfys gutenberg-block">'. $gutenberg_line .'</p>';
+	$gutenberg_output = '<p class="hdfys gutenberg-block">'.esc_html($gutenberg_line).'</p>';
 
 	// Process Filter
 	$gutenberg_output=apply_filters( 'hdfys_output_filter', $gutenberg_output );

hdfys_installation.php

@@ -26,7 +26,7 @@ function hdfys_activate () {
 	/* Initialize Settings */
 	add_option('hdfys_activated',"1");
 	add_option('hdfys_song',"");
-	add_option('hdfys_version', "18");
+	add_option('hdfys_version', "19");
 	add_option('widget_hdfys_widget');
 	add_option('hdfys_admin_lyric',"1");
 	add_option('hdfys_text_updated',"0");

hdfys_settings.php

@@ -53,7 +53,7 @@ function hdfys_options() {
  */
 
 function hdfys_options_display_songtext() {
-	echo '<textarea style="width:600px;height:400px;" class="regular-text" type="text" name="hdfys_song" id="hdfys_song">'. get_option('hdfys_song') .'</textarea>';
+	echo '<textarea style="width:600px;height:400px;" class="regular-text" type="text" name="hdfys_song" id="hdfys_song">'.esc_textarea( get_option('hdfys_song')) .'</textarea>';
 }
 
 /**

hdfys_shortcode.php

@@ -25,7 +25,7 @@
 
 function hdfys_shortcode() {
 	$shortcode_line=hdfys_get_anything();
-	$hdfys_shortcode_output= '<p class="hdfys shortcode">'. $shortcode_line .'</p>';
+	$hdfys_shortcode_output= '<p class="hdfys shortcode">'.esc_html($shortcode_line).'</p>';
 	$hdfys_shortcode_output=apply_filters( 'hdfys_output_filter', $hdfys_shortcode_output );
 	return $hdfys_shortcode_output;
 }

hdfys_templatetag.php

@@ -21,7 +21,7 @@
 
 function hello_dolly_for_your_song() {
 	$hdfys_template_tag_line = hdfys_get_anything();
-	$hdfys_template_tag_output='<div class="hdfys templatetag">'. $hdfys_template_tag_line .'</div>';
+	$hdfys_template_tag_output='<div class="hdfys templatetag">'. esc_html($hdfys_template_tag_line) .'</div>';
 	$hdfys_template_tag_output=apply_filters( 'hdfys_output_filter', $hdfys_template_tag_output );
 	echo $hdfys_template_tag_output;
 }

hdfys_update.php

@@ -77,6 +77,10 @@ function hdfys_update () {
 if($hdfys_previous_version==17) {
 update_option('hdfys_version','18');
 }
+/* Update Process Version 0.19 */
+if($hdfys_previous_version==18) {
+update_option('hdfys_version','19');
+}
 
 }
 add_action( 'plugins_loaded', 'hdfys_update' );

hdfys_widget.php

@@ -39,9 +39,9 @@ public function widget( $args, $instance ) {
 		echo '<aside class="widget hdfys">';
 		echo '<h3 class="widget-title hdfys">';
 			if ( ! empty( $title ) )
-				echo $title;
+				echo esc_html($title);
 		echo '</h3>';
-		echo '<p class="widget-hdfys">'.$widget_line.'</p>';
+		echo '<p class="widget-hdfys">'.esc_html($widget_line).'</p>';
 		echo '</aside>';
 	}
 

hellodollyforyoursong.php

@@ -4,7 +4,7 @@
 Plugin Name:  Hello Dolly For Your Song
 Plugin URI:   https://www.unmus.de/wordpress-plugin-hello-dolly-for-your-song/
 Description:  This simple plugin shows a random line of any text in your blog.
-Version:	  0.18
+Version:	  0.19
 Author:       Marco Hitschler
 Author URI:   https://www.unmus.de/
 License:      GPL3

readme.md

@@ -153,6 +153,11 @@ This project is licensed under the GPL3 License.
 
 ## Changelog
 
+### 0.19
+
+* april 2024
+* Security: Echo Escaping added
+
 ### 0.18
 
 * april 2023
@@ -269,4 +274,4 @@ This project is licensed under the GPL3 License.
 ### 0.1
 
 * 3 may 2013
-* Running version
+* Running version