v0.5.8.5 - Merge pull request #122 from JoryHogeveen/dev

v0.5.8.5

Author: JoryHogeveen

includes/class-form.php

@@ -559,17 +559,18 @@ public static function wrap_fieldset( $html, $args, $attr = array() ) {
 	 */
 	public static function get_option_prefixes( $args ) {
 		$settings = off_canvas_sidebars()->get_settings();
-		$key      = off_canvas_sidebars()->get_general_key();
+		$key      = esc_attr( off_canvas_sidebars()->get_general_key() );
 		if ( isset( $args['sidebar'] ) ) {
-			$prefix_name    = esc_attr( $key ) . '[sidebars][' . $args['sidebar'] . ']';
-			$prefix_value   = off_canvas_sidebars()->get_sidebars( $args['sidebar'] );
-			$prefix_id      = $key . '_sidebars_' . $args['sidebar'];
+			$sidebar        = esc_attr( $args['sidebar'] );
+			$prefix_name    = $key . '[sidebars][' . $sidebar . ']';
+			$prefix_value   = off_canvas_sidebars()->get_sidebars( $sidebar );
+			$prefix_id      = $key . '_sidebars_' . $sidebar;
 			$prefix_classes = array(
-				$key . '_sidebars_' . $args['sidebar'],
+				$key . '_sidebars_' . $sidebar,
 				$key . '_sidebars',
 			);
 		} else {
-			$prefix_name    = esc_attr( $key );
+			$prefix_name    = $key;
 			$prefix_value   = $settings;
 			$prefix_id      = $key;
 			$prefix_classes = array(

includes/class-page.php

@@ -201,7 +201,7 @@ public function get_request_tab() {
 	 * @param   string  $tab
 	 */
 	public function set_current_tab( $tab ) {
-		$this->tab = (string) $tab;
+		$this->tab = sanitize_title_with_dashes( (string) $tab );
 	}
 
 	/**
@@ -210,7 +210,7 @@ public function set_current_tab( $tab ) {
 	 * @param   string  $tab
 	 */
 	public function set_request_tab( $tab ) {
-		$this->request_tab = (string) $tab;
+		$this->request_tab = sanitize_title_with_dashes( (string) $tab );
 	}
 
 	/**
@@ -249,18 +249,18 @@ public function options_page() {
 	<div class="wrap">
 		<h1><?php esc_html_e( 'Off-Canvas Sidebars', OCS_DOMAIN ); ?></h1>
 		<?php $this->plugin_options_tabs(); ?>
-		<div class="<?php echo $this->plugin_key; ?> container">
+		<div class="<?php esc_attr_e( $this->plugin_key ); ?> container">
 
 			<?php $form_action = apply_filters( 'ocs_page_form_action', 'options.php' ); ?>
-			<form id="<?php echo $this->general_key; ?>" method="post" action="<?php echo $form_action; ?>" enctype="multipart/form-data">
+			<form id="<?php esc_attr_e( $this->general_key ); ?>" method="post" action="<?php esc_attr_e( $form_action ); ?>" enctype="multipart/form-data">
 
 				<?php settings_errors(); ?>
 
 				<?php if ( $do_submit ) { ?>
 				<p class="alignright"><?php submit_button( null, 'primary', 'submit', false ); ?></p>
 				<?php } ?>
 
-				<input id="ocs_tab" type="hidden" name="ocs_tab" value="<?php echo $this->tab; ?>" />
+				<input id="ocs_tab" type="hidden" name="ocs_tab" value="<?php esc_attr_e( $this->tab ); ?>" />
 
 				<?php do_action( 'ocs_page_form_before' ); ?>
 

off-canvas-sidebars.php

@@ -3,15 +3,15 @@
  * @author  Jory Hogeveen <[email protected]>
  * @package Off_Canvas_Sidebars
  * @since   0.1.0
- * @version 0.5.8.4
+ * @version 0.5.8.5
  * @licence GPL-2.0+
  * @link    https://github.com/JoryHogeveen/off-canvas-sidebars
  *
  * @wordpress-plugin
  * Plugin Name:       Off-Canvas Sidebars & Menus (Slidebars)
  * Description:       Add off-canvas sidebars using the Slidebars jQuery plugin
  * Plugin URI:        https://wordpress.org/plugins/off-canvas-sidebars/
- * Version:           0.5.8.4
+ * Version:           0.5.8.5
  * Author:            Jory Hogeveen
  * Author URI:        http://www.keraweb.nl
  * Text Domain:       off-canvas-sidebars
@@ -44,7 +44,7 @@
 
 if ( ! class_exists( 'OCS_Off_Canvas_Sidebars' ) && ! function_exists( 'off_canvas_sidebars' ) ) {
 
-	define( 'OCS_PLUGIN_VERSION', '0.5.8.4' );
+	define( 'OCS_PLUGIN_VERSION', '0.5.8.5' );
 	define( 'OCS_DOMAIN', 'off-canvas-sidebars' );
 	define( 'OCS_FILE', __FILE__ );
 	define( 'OCS_BASENAME', plugin_basename( OCS_FILE ) );

readme.txt

@@ -3,9 +3,9 @@ Contributors: keraweb
 Donate link: https://www.keraweb.nl/donate.php?for=off-canvas-sidebars
 Tags: off-canvas, menus, widgets, sidebars, slidebars, panels, jQuery, app, mobile, tablet, responsive, genesis
 Requires at least: 4.1
-Tested up to: 6.7
+Tested up to: 6.8
 Requires PHP: 5.2.4
-Stable tag: 0.5.8.4
+Stable tag: 0.5.8.5
 
 Add off-canvas sidebars (Slidebars) containing widgets, menus or other content using the Slidebars jQuery plugin.
 
@@ -91,6 +91,12 @@ For more advanced customisations either:
 
 == Changelog ==
 
+= 0.5.8.5 =
+
+*	**Hotfix:** Security fix (administrators only).
+
+Detailed info: [PR on GitHub](https://github.com/JoryHogeveen/off-canvas-sidebars/pull/122)
+
 = 0.5.8.4 =
 
 *	**Hotfix:** Security fix (registered users with edit capabilities only).