Merge pull request #144 from brainstormforce/security-audit-fixes

Version 1.6.9 EPS-677

README.md

@@ -4,7 +4,7 @@
 **Tags:** schema markup, structured data, rich snippets, schema.org, Microdata, schema  
 **Requires at least:** 3.7  
 **Tested up to:** 6.6  
-**Stable tag:** 1.6.8  
+**Stable tag:** 1.6.9  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 Boost CTR. Improve SEO & Rankings. Supports most of the content type. Works perfectly with Google, Bing, Yahoo & Facebook.
@@ -80,6 +80,9 @@ Review, Event, People, Product, Recipe, Software Application, Video, Articles et
 
 ## Changelog ##
 
+### 1.6.9 ###
+- Improvement: Improved plugin codebase for better security.
+
 ### 1.6.8 ###
 - Fixed - Ratings not visible on single product pages with Divi theme.
 

composer.json

@@ -21,5 +21,10 @@
         "post-update-cmd": "vendor/bin/cghooks update",
         "format": "phpcbf --standard=phpcs.xml.dist",
         "lint": "phpcs --standard=phpcs.xml.dist"
+    },
+    "config": {
+        "allow-plugins": {
+            "dealerdirect/phpcodesniffer-composer-installer": true
+        }
     }
 }

index.php

@@ -5,7 +5,7 @@
  * Author: Brainstorm Force
  * Author URI: https://www.brainstormforce.com
  * Description: Welcome to the Schema - All In One Schema Rich Snippets! You can now easily add schema markup on various * pages and posts of your website. Implement schema types such as Review, Events, Recipes, Article, Products, Services * *etc.
- * Version: 1.6.8
+ * Version: 1.6.9
  * Text Domain: rich-snippets
  * License: GPL2
  *
@@ -68,7 +68,7 @@ public function define_constants() {
 			define( 'AIOSRS_PRO_BASE', plugin_basename( AIOSRS_PRO_FILE ) );
 			define( 'AIOSRS_PRO_DIR', plugin_dir_path( AIOSRS_PRO_FILE ) );
 			define( 'AIOSRS_PRO_URI', plugins_url( '/', AIOSRS_PRO_FILE ) );
-			define( 'AIOSRS_PRO_VER', '1.6.8' );
+			define( 'AIOSRS_PRO_VER', '1.6.9' );
 		}
 
 		/**
@@ -314,7 +314,8 @@ public function submit_request() {
 			$headers  = 'MIME-Version: 1.0' . "\r\n";
 			$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
 			$headers .= 'From:' . $name . '<' . $from . '>' . "\r\n";
-			echo mail( $to, $subject, $html, $headers ) ? esc_html_e( 'Thank you!', 'all-in-one-schemaorg-rich-snippets' ) : esc_html_e( 'Something went wrong!', 'all-in-one-schemaorg-rich-snippets' );
+			$result   = wp_mail( $to, $subject, wp_kses_post( $html ), $headers );
+			echo $result ? esc_html_e( 'Thank you!', 'all-in-one-schemaorg-rich-snippets' ) : esc_html_e( 'Something went wrong!', 'all-in-one-schemaorg-rich-snippets' );
 
 			die();
 		}

js/cmb.js

@@ -68,14 +68,14 @@
                 $('#' + formfield + '_id').val("");
             });
 
-            $('.bsf_upload_button').live('click', function () {
+            $('.bsf_upload_button').on('click', function () {
                 var buttonLabel;
                 formfield = $(this).prev('input').attr('name');
                 buttonLabel = 'Use as ' + $('label[for=' + formfield + ']').text();
                 tb_show('', 'media-upload.php?post_id=' + $('#post_ID').val() + '&type=file&bsf_force_send=true&bsf_send_label=' + buttonLabel + '&TB_iframe=true&bsf_file_upload_nonce=' + bsf_ajax_data.ajax_nonce );
                 return false;
             });
-            $('.bsf_remove_file_button').live('click', function () {
+            $('.bsf_remove_file_button').on('click', function () {
                 formfield = $(this).attr('rel');
                 $('input#' + formfield).val('');
                 $('input#' + formfield + '_id').val('');

js/jquery.js

@@ -2212,7 +2212,6 @@ if ( !jQuery.support.optSelected ) {
 		get: function( elem ) {
 			var parent = elem.parentNode;
 			if ( parent ) {
-				parent.selectedIndex;
 				// Make sure that it also works with optgroups, see #5701
 				if ( parent.parentNode ) {
 					parent.parentNode.selectedIndex;
@@ -4694,7 +4693,7 @@ jQuery.fn.extend({
 			len = this.length;
 		if ( typeof selector !== "string" ) {
 			self = this;
-			return this.pushStack( jQuery( selector ).filter(function() {
+			return this.pushStack( jQuery( selector ).filter(() => {
 				for ( i = 0; i < len; i++ ) {
 					if ( jQuery.contains( self[ i ], this ) ) {
 						return true;
@@ -4976,7 +4975,7 @@ jQuery.fn.extend({
 			if ( this[0].parentNode ) {
 				wrap.insertBefore( this[0] );
 			}
-			wrap.map(function() {
+			wrap.map(() => {
 				var elem = this;
 				while ( elem.firstChild && elem.firstChild.nodeType === 1 ) {
 					elem = elem.firstChild;
@@ -5195,7 +5194,7 @@ jQuery.fn.extend({
 				if ( hasScripts ) {
 					doc = scripts[ scripts.length - 1 ].ownerDocument;
 					// Reenable scripts
-					jQuery.map( scripts, restoreScript );
+					var mappedScripts = jQuery.map( scripts, restoreScript );
 					// Evaluate executable scripts on first document insertion
 					for ( i = 0; i < hasScripts; i++ ) {
 						node = scripts[ i ];
@@ -5737,7 +5736,7 @@ jQuery.extend({
 				type = "number";
 			}
 			// Make sure that NaN and null values aren't set. See: #7116
-			if ( value == null || type === "number" && isNaN( value ) ) {
+			if ( value == null || type === "number" && Number.isNaN( value ) ) {
 				return;
 			}
 			// If a number was passed in, add 'px' to the (except for certain CSS properties)
@@ -6135,19 +6134,19 @@ jQuery.fn.extend({
 		return jQuery.param( this.serializeArray() );
 	},
 	serializeArray: function() {
-		return this.map(function(){
+		return this.map((i, elem) => {
 			// Can add propHook for "elements" to filter or add form elements
 			var elements = jQuery.prop( this, "elements" );
 			return elements ? jQuery.makeArray( elements ) : this;
 		})
-		.filter(function(){
+		.filter(() => {
 			var type = this.type;
 			// Use .is(":disabled") so that fieldset[disabled] works
 			return this.name && !jQuery( this ).is( ":disabled" ) &&
 				rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) &&
 				( this.checked || !manipulation_rcheckableType.test( type ) );
 		})
-		.map(function( i, elem ){
+		.map((i, elem) => {
 			var val = jQuery( this ).val();
 			return val == null ?
 				null :

js/toggle.js

@@ -6,12 +6,11 @@ jQuery(document).ready(function() {
 	else
 		expand_default(selected);
 	jQuery(window).on('load',function () {
-		if(item_type == "none")
+		if(item_type == "none" || (selected != "1" && item_type != "none")) {
 			item_hidden();
-		else if(selected != "1" && item_type != "none")
-			item_hidden();
-		else
+		} else {
 			item_expand_default(item_type);
+		}
 	});
 
 //Function to hide all the snippet blocks