Escaping / Update Process

circuscode · circuscode · commit fbd00eafa7dc · 2025-06-08T00:55:12.000+02:00
diff --git a/readme.md b/readme.md
@@ -279,6 +279,7 @@ This project is licensed under the GPL3 License.
 * Feature: Toot Content Filter
 * Feature: Date Filter
 * Feature: Image Filter
+* Security: Better Output Escaping
 
 ### 0.4 "Cassie Lang"
 
diff --git a/tootpress.php b/tootpress.php
@@ -3,7 +3,7 @@
 /*
 Plugin Name:  TootPress
 Description:  TootPress copies your Toots from Mastodon to WordPress.
-Version:	  0.4
+Version:	  0.5
 Author:       Marco Hitschler
 Author URI:   https://www.unmus.de/
 License:      GPL3
diff --git a/tootpress_blog.php b/tootpress_blog.php
@@ -31,13 +31,13 @@ function tootpress_paint_toot( $mastodon_id, $date, $content, $media , $instance
 	$toot_html='';
 
 	// Toot ID as HTML Comment
-	$toot_html.='<!-- Toot ID '.$mastodon_id.'-->';
+	$toot_html.='<!-- Toot ID '.esc_html($mastodon_id).'-->';
 
 	// Toot Start
 	$toot_html.='<div class="tootpress-toot"/>';
 
 	// Toot Elephant
-	$toot_html.=tootpress_paint_elephant( $instance, $account, $mastodon_id,$backlink);
+	$toot_html.=tootpress_paint_elephant( $instance, $account, $mastodon_id, $backlink);
 
 	// Toot Date
 	$toot_html.=tootpress_paint_date($date);
diff --git a/tootpress_healthy.php b/tootpress_healthy.php
@@ -127,7 +127,7 @@ function tootpress_healthy_check() {
 	// Required to build the backlinks
 	$mastodon_account_name=tootpress_get_mastodon_account_name();
 	if ($mastodon_account_name) {
-		$output.='Mastodon Account Name has been retrieved: @'.$mastodon_account_name;
+		$output.='Mastodon Account Name has been retrieved: @'.esc_html($mastodon_account_name);
   	} else {
 		$output.='<span class="tootpress-healtycheck-warning">&nbsp;Warning:&nbsp;</span> Mastodon Account Name could not be retrieved.';
   	}
diff --git a/tootpress_update.php b/tootpress_update.php
@@ -42,6 +42,16 @@ function tootpress_update() {
 		}
 		add_option('tootpress_rewrite_update','0');
 	}
+
+	/* Update Process Version 0.4 */
+	if($tootpress_previous_version==4) {
+		update_option('tootpress_plugin_version', "5");
+	}
+
+	/* Update Process Version 0.5 */
+	if($tootpress_previous_version==5) {
+		update_option('tootpress_plugin_version', "6");
+	}
 	
 }
 add_action( 'plugins_loaded', 'tootpress_update' );

Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ function tootpress_healthy_check() {`
`127`	`127`	`// Required to build the backlinks`
`128`	`128`	`$mastodon_account_name=tootpress_get_mastodon_account_name();`
`129`	`129`	`if ($mastodon_account_name) {`
`130`		`- $output.='Mastodon Account Name has been retrieved: @'.$mastodon_account_name;`
	`130`	`+ $output.='Mastodon Account Name has been retrieved: @'.esc_html($mastodon_account_name);`
`131`	`131`	`} else {`
`132`	`132`	`$output.='<span class="tootpress-healtycheck-warning"> Warning: </span> Mastodon Account Name could not be retrieved.';`
`133`	`133`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,16 @@ function tootpress_update() {`
`42`	`42`	`}`
`43`	`43`	`add_option('tootpress_rewrite_update','0');`
`44`	`44`	`}`
	`45`	`+`
	`46`	`+ /* Update Process Version 0.4 */`
	`47`	`+ if($tootpress_previous_version==4) {`
	`48`	`+ update_option('tootpress_plugin_version', "5");`
	`49`	`+ }`
	`50`	`+`
	`51`	`+ /* Update Process Version 0.5 */`
	`52`	`+ if($tootpress_previous_version==5) {`
	`53`	`+ update_option('tootpress_plugin_version', "6");`
	`54`	`+ }`
`45`	`55`
`46`	`56`	`}`
`47`	`57`	`add_action( 'plugins_loaded', 'tootpress_update' );`