v0.5.8.2 - Merge pull request #119 from JoryHogeveen/dev

v0.5.8.2

Author: JoryHogeveen

includes/class-control-trigger.php

@@ -93,8 +93,9 @@ private function __construct() { }
 	 * @todo Refactor to enable above checks?
 	 *
 	 * @since   0.4.0
-	 * @since   0.5.0  Add icon options.
-	 * @since   0.5.1  Moved to this class and renamed from `do_control_trigger()`.
+	 * @since   0.5.0    Add icon options.
+	 * @since   0.5.1    Moved to this class and renamed from `do_control_trigger()`.
+	 * @since   0.5.8.2  Added escaping for passed attributes.
 	 * @static
 	 *
 	 * @param   string  $sidebar_id  Required.
@@ -121,9 +122,14 @@ public static function render( $sidebar_id, $args = array() ) {
 
 		$args = wp_parse_args( $args, $defaults );
 
-		$args['attr'] = off_canvas_sidebars_parse_attr_string( $args['attr'] );
+		$args['element'] = strtolower( $args['element'] );
+		$args['attr']    = off_canvas_sidebars_parse_attr_string( $args['attr'] );
+		$args['text']    = wp_kses_post( $args['text'] );
 
-		if ( in_array( $args['element'], self::$unsupported_elements, true ) ) {
+		if (
+			in_array( $args['element'], self::$unsupported_elements, true )
+			|| ! preg_match( '/^[\w]*$/', $args['element'] )
+		) {
 			return '<span class="error">' . esc_html__( 'This element is not supported for use as a button', OCS_DOMAIN ) . '</span>';
 		}
 

off-canvas-sidebars.php

@@ -3,15 +3,15 @@
  * @author  Jory Hogeveen <[email protected]>
  * @package Off_Canvas_Sidebars
  * @since   0.1.0
- * @version 0.5.8.1
+ * @version 0.5.8.2
  * @licence GPL-2.0+
  * @link    https://github.com/JoryHogeveen/off-canvas-sidebars
  *
  * @wordpress-plugin
  * Plugin Name:       Off-Canvas Sidebars & Menus (Slidebars)
  * Description:       Add off-canvas sidebars using the Slidebars jQuery plugin
  * Plugin URI:        https://wordpress.org/plugins/off-canvas-sidebars/
- * Version:           0.5.8.1
+ * Version:           0.5.8.2
  * Author:            Jory Hogeveen
  * Author URI:        http://www.keraweb.nl
  * Text Domain:       off-canvas-sidebars
@@ -44,7 +44,7 @@
 
 if ( ! class_exists( 'OCS_Off_Canvas_Sidebars' ) && ! function_exists( 'off_canvas_sidebars' ) ) {
 
-	define( 'OCS_PLUGIN_VERSION', '0.5.8.1' );
+	define( 'OCS_PLUGIN_VERSION', '0.5.8.2' );
 	define( 'OCS_DOMAIN', 'off-canvas-sidebars' );
 	define( 'OCS_FILE', __FILE__ );
 	define( 'OCS_BASENAME', plugin_basename( OCS_FILE ) );

readme.txt

@@ -3,9 +3,9 @@ Contributors: keraweb
 Donate link: https://www.keraweb.nl/donate.php?for=off-canvas-sidebars
 Tags: off-canvas, menus, widgets, sidebars, slidebars, panels, jQuery, app, mobile, tablet, responsive, genesis
 Requires at least: 4.1
-Tested up to: 6.3
+Tested up to: 6.4
 Requires PHP: 5.2.4
-Stable tag: 0.5.8.1
+Stable tag: 0.5.8.2
 
 Add off-canvas sidebars (Slidebars) containing widgets, menus or other content using the Slidebars jQuery plugin.
 
@@ -91,6 +91,12 @@ For more advanced customisations either:
 
 == Changelog ==
 
+= 0.5.8.2 =
+
+*	**Hotfix:** Security fix (contributor+ users only).
+
+Detailed info: [PR on GitHub](https://github.com/JoryHogeveen/off-canvas-sidebars/pull/119)
+
 = 0.5.8.1 =
 
 *	**Fix:** Incomplete merge of JS code.