Merge pull request #25 from brainstormforce/sanitisation

EPS-612: Improved codebase
brainstormforce · Jul 12, 2024 · 904c6eb · 904c6eb
2 parents e7519a8 + ae1803a
commit 904c6eb
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 84 deletions.
diff --git a/expandable-row-for-beaver-builder.php b/expandable-row-for-beaver-builder.php
@@ -3,7 +3,7 @@
  * Plugin Name: Expandable Row for Beaver Builder
  * Plugin URI: https://www.brainstormforce.com
  * Description: Toggle any row with this plugin in Beaver Builder
- * Version: 1.1.2
+ * Version: 1.1.3
  * Author: Pratik Chaskar
  * Author URI: https://pratikchaskar.com
  * License: GNU General Public License v3.0

diff --git a/expandable-row/backend-row.php b/expandable-row/backend-row.php
@@ -2,57 +2,57 @@
 <div class="bb-er-row">
 
 	<?php if( $rows->settings->er_icon_position == 'top' ): ?>
-	 	<?php if( $rows->settings->er_img_type == 'icon' ): ?>
-	 		<div>
-	 			<i class="bber-icon <?php echo $rows->settings->er_bc_icon; ?>"></i>
-	 		</div>
-	 	<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
-	 		<div class="bber-image">
-	 			<img src="<?php echo $rows->settings->er_bc_image_src; ?>" />
-	 		</div>
-	 	<?php endif ?>
+		<?php if( $rows->settings->er_img_type == 'icon' ): ?>
+			<div>
+				<i class="bber-icon <?php echo esc_attr( $rows->settings->er_bc_icon ); ?>"></i>
+			</div>
+		<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
+			<div class="bber-image">
+				<img src="<?php echo esc_url( $rows->settings->er_bc_image_src ); ?>" />
+			</div>
+		<?php endif ?>
 	<?php endif ?>
 
 	<div class="bb-er-title-section">
 		<?php if( $rows->settings->er_icon_position == 'left' ): ?>
-	 		<?php if( $rows->settings->er_img_type == 'icon' ): ?>
-	 			<span>
-	 				<i class="bber-icon <?php echo $rows->settings->er_bc_icon; ?>"></i>
-	 			</span>
-	 		<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
-	 			<span class="bber-image">
-	 				<img src="<?php echo $rows->settings->er_bc_image_src; ?>" />
-	 			</span>
-	 		<?php endif ?>
+			<?php if( $rows->settings->er_img_type == 'icon' ): ?>
+				<span>
+					<i class="bber-icon <?php echo esc_attr( $rows->settings->er_bc_icon ); ?>"></i>
+				</span>
+			<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
+				<span class="bber-image">
+					<img src="<?php echo esc_url( $rows->settings->er_bc_image_src ); ?>" />
+				</span>
+			<?php endif ?>
 		<?php endif ?>
 
 		<span class="bb-er-title">
-			<?php echo htmlspecialchars($rows->settings->er_bc_title); ?>
+			<?php echo htmlspecialchars( $rows->settings->er_bc_title ); ?>
 		</span>
 
 		<?php if( $rows->settings->er_icon_position == 'right' ): ?>
-	 		<?php if( $rows->settings->er_img_type == 'icon' ): ?>
-	 			<span>
-	 				<i class="bber-icon <?php echo $rows->settings->er_bc_icon; ?>"></i>
-	 			</span>
-	 		<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
-	 			<span class="bber-image">
-	 				<img src="<?php echo $rows->settings->er_bc_image_src; ?>" />
-	 			</span>
-	 		<?php endif ?>
+			<?php if( $rows->settings->er_img_type == 'icon' ): ?>
+				<span>
+					<i class="bber-icon <?php echo esc_attr( $rows->settings->er_bc_icon ); ?>"></i>
+				</span>
+			<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
+				<span class="bber-image">
+					<img src="<?php echo esc_url( $rows->settings->er_bc_image_src ); ?>" />
+				</span>
+			<?php endif ?>
 		<?php endif ?>
 	</div>
 
 	<?php if( $rows->settings->er_icon_position == 'bottom' ): ?>
-	 	<?php if( $rows->settings->er_img_type == 'icon' ): ?>
-	 		<div>
-	 			<i class="bber-icon <?php echo $rows->settings->er_bc_icon; ?>"></i>
-	 		</div>
-	 	<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
-	 		<div class="bber-image">
-	 			<img src="<?php echo $rows->settings->er_bc_image_src; ?>" />
-	 		</div>
-	 	<?php endif ?>
+		<?php if( $rows->settings->er_img_type == 'icon' ): ?>
+			<div>
+				<i class="bber-icon <?php echo esc_attr( $rows->settings->er_bc_icon ); ?>"></i>
+			</div>
+		<?php elseif( $rows->settings->er_img_type == 'image' ): ?>
+			<div class="bber-image">
+				<img src="<?php echo esc_url( $rows->settings->er_bc_image_src ); ?>" />
+			</div>
+		<?php endif ?>
 	<?php endif ?>
 
 </div>

diff --git a/expandable-row/css/row-css.php b/expandable-row/css/row-css.php
@@ -1,9 +1,9 @@
 <?php if ( $row->settings->is_enable == 'yes' ): ?>
 
 	/* Icon Padding */
-	.fl-node-<?php echo $row->node; ?> .bber-icon {
-		color: <?php echo ($row->settings->er_bc_icon_color != '' )? '#'.$row->settings->er_bc_icon_color : 'inherit' ?>;
-		font-size: <?php echo ($row->settings->er_icon_size != '' )? $row->settings->er_icon_size.'px' : 'inherit' ?>;
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bber-icon {
+		color: <?php echo ( $row->settings->er_bc_icon_color != '' ) ? '#' . esc_attr( $row->settings->er_bc_icon_color ) : 'inherit' ?>;
+		font-size: <?php echo ( $row->settings->er_icon_size != '' ) ? esc_attr( $row->settings->er_icon_size ) . 'px' : 'inherit' ?>;
 		vertical-align: middle;
 		padding: 0 10px;
 		-webkit-transition: all 0.3s ease-out;
@@ -12,50 +12,51 @@
 		-o-transition: all 0.3s ease-out;
 		transition: all 0.3s ease-out;
 	}
-	.fl-node-<?php echo $row->node; ?> .bber-expanded .bber-icon {
-		color: <?php echo ($row->settings->er_ac_icon_color != '' )? '#'.$row->settings->er_ac_icon_color : 'inherit' ?>;
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bber-expanded .bber-icon {
+		color: <?php echo ( $row->settings->er_ac_icon_color != '' ) ? '#' . esc_attr( $row->settings->er_ac_icon_color ) : 'inherit' 
+		?>;
 	}
 
 	/* Image Padding */
-	.fl-node-<?php echo $row->node; ?> .bber-image {
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bber-image {
 		padding: 0 10px;
 	}
-	.fl-node-<?php echo $row->node; ?> .bb-er-row:hover .bber-icon {
-		color: <?php echo ($row->settings->er_bc_icon_hcolor != '' )? '#'.$row->settings->er_bc_icon_hcolor : 'inherit' ?>;
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bb-er-row:hover .bber-icon {
+		color: <?php echo ( $row->settings->er_bc_icon_hcolor != '' ) ? '#' . esc_attr( $row->settings->er_bc_icon_hcolor ) : 'inherit' ?>;
 	}
-	.fl-node-<?php echo $row->node; ?> .bber-expanded:hover .bber-icon {
-		color: <?php echo ($row->settings->er_ac_icon_hcolor != '' )? '#'.$row->settings->er_ac_icon_hcolor : 'inherit' ?>;
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bber-expanded:hover .bber-icon {
+		color: <?php echo ( $row->settings->er_ac_icon_hcolor != '' ) ? '#' . esc_attr( $row->settings->er_ac_icon_hcolor ) : 'inherit' ?>;
 	}
 
 	<?php if ( ! FLBuilderModel::is_builder_active() ): ?>
-		.fl-node-<?php echo $row->node; ?> .fl-row-content-wrap {
+		.fl-node-<?php echo esc_attr( $row->node ); ?> .fl-row-content-wrap {
 			display: none;
 		}
 	<?php endif ?>
 
 	/* Expandable Row */
-	.fl-node-<?php echo $row->node; ?> .bb-er-row {
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bb-er-row {
 		width:100%;
 		cursor: pointer;
-		color: #<?php echo ($row->settings->er_bc_title_color != '') ? $row->settings->er_bc_title_color : '000' ; ?>;
+		color: #<?php echo ( $row->settings->er_bc_title_color != '' ) ? esc_attr( $row->settings->er_bc_title_color ) : '000' ; ?>;
 		<?php if( $row->settings->er_bg_type == 'color'): ?>
-			background-color:#<?php echo ($row->settings->er_bc_bg_color != '') ? $row->settings->er_bc_bg_color : 'c7c7c7' ; ?>;
+			background-color:#<?php echo ( $row->settings->er_bc_bg_color != '' ) ? esc_attr( $row->settings->er_bc_bg_color ) : 'c7c7c7' ; ?>;
 		<?php elseif ($row->settings->er_bg_type == 'image' ): ?>
-			background-image: url(<?php echo isset($row->settings->er_bc_bg_image_src)? $row->settings->er_bc_bg_image_src : null ; ?>);
+			background-image: url(<?php echo isset( $row->settings->er_bc_bg_image_src ) ? esc_attr( $row->settings->er_bc_bg_image_src ) : null ; ?>);
 		<?php endif ?>
-		<?php if($row->settings->er_title_typography['family'] != 'Default'):?>
-		font-family: <?php echo ($row->settings->er_title_typography['family'] != 'Default')? $row->settings->er_title_typography['family'] : 'inherit' ?>;
+		<?php if( $row->settings->er_title_typography['family'] != 'Default' ): ?>
+		font-family: <?php echo ( $row->settings->er_title_typography['family'] != 'Default' ) ? esc_attr( $row->settings->er_title_typography['family'] ) : 'inherit' ?>;
 		<?php if ( isset( $row->settings->er_title_typography['weight'] ) ) { ?>
-		font-weight: <?php echo ($row->settings->er_title_typography['weight'] != 'default' || $row->settings->er_title_typography['weight'] != 'regular' ) ? $row->settings->er_title_typography['weight'] : '500' ; ?>;
+		font-weight: <?php echo ( $row->settings->er_title_typography['weight'] != 'default' || $row->settings->er_title_typography['weight'] != 'regular' ) ? esc_attr( $row->settings->er_title_typography['weight'] ) : '500' ; ?>;
 		<?php }
 		endif ?>
-		font-size: <?php echo ($row->settings->er_font_size != '' ) ? $row->settings->er_font_size : '28' ; ?>px;
-		line-height: <?php echo ($row->settings->er_line_height != '' ) ? $row->settings->er_line_height : '32' ; ?>px;
-		text-align: <?php echo $row->settings->er_title_align; ?>;
-		padding-top: <?php echo ($row->settings->er_padding_top != '' ) ? $row->settings->er_padding_top : '20' ; ?>px;
-		padding-bottom: <?php echo ($row->settings->er_padding_bottom != '' ) ? $row->settings->er_padding_bottom : '20' ; ?>px;
-		padding-left: <?php echo ($row->settings->er_padding_left != '' ) ? $row->settings->er_padding_left : '20' ; ?>px;
-		padding-right: <?php echo ($row->settings->er_padding_right != '' ) ? $row->settings->er_padding_right : '20' ; ?>px;
+		font-size: <?php echo ( $row->settings->er_font_size != '' ) ? esc_attr( $row->settings->er_font_size ) : '28' ; ?>px;
+		line-height: <?php echo ( $row->settings->er_line_height != '' ) ? esc_attr( $row->settings->er_line_height ) : '32' ; ?>px;
+		text-align: <?php echo esc_attr( $row->settings->er_title_align ); ?>;
+		padding-top: <?php echo ( $row->settings->er_padding_top != '' ) ? esc_attr( $row->settings->er_padding_top ) : '20' ; ?>px;
+		padding-bottom: <?php echo ( $row->settings->er_padding_bottom != '' ) ? esc_attr( $row->settings->er_padding_bottom ) : '20' ; ?>px;
+		padding-left: <?php echo ( $row->settings->er_padding_left != '' ) ? esc_attr( $row->settings->er_padding_left ) : '20' ; ?>px;
+		padding-right: <?php echo ( $row->settings->er_padding_right != '' ) ? esc_attr( $row->settings->er_padding_right ) : '20' ; ?>px;
 		-webkit-transition: all 0.3s ease-out;
 		-moz-transition: all 0.3s ease-out;
 		-ms-transition: all 0.3s ease-out;
@@ -64,44 +65,44 @@
 	}
 
 	/* After click expand */
-	.fl-node-<?php echo $row->node; ?> .bber-expanded {
-		color: <?php echo ($row->settings->er_ac_title_color != '') ? '#'.$row->settings->er_ac_title_color : 'inherit' ; ?>;
-		<?php if ($row->settings->er_bg_type == 'color' ): ?>
-			background-color: <?php echo ($row->settings->er_ac_bg_color != '') ? '#'.$row->settings->er_ac_bg_color : '#c7c7c7' ; ?>;
-		<?php elseif ($row->settings->er_bg_type == 'image' ): ?>
-			background-image: url(<?php echo isset($row->settings->er_ac_bg_image_src)? $row->settings->er_ac_bg_image_src : null ; ?>);
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bber-expanded {
+		color: <?php echo ( $row->settings->er_ac_title_color != '' ) ? '#' . esc_attr( $row->settings->er_ac_title_color ) : 'inherit' ; ?>;
+		<?php if ( $row->settings->er_bg_type == 'color' ): ?>
+			background-color: <?php echo ( $row->settings->er_ac_bg_color != '' ) ? '#' . esc_attr( $row->settings->er_ac_bg_color ) : '#c7c7c7' ; ?>;
+		<?php elseif ( $row->settings->er_bg_type == 'image' ): ?>
+			background-image: url(<?php echo isset( $row->settings->er_ac_bg_image_src ) ? esc_attr( $row->settings->er_ac_bg_image_src ) : null ; ?>);
 		<?php endif ?>
 
 	}
 
 	/* Expandable row hover */
-	.fl-node-<?php echo $row->node; ?> .bb-er-row:hover {
-		color: <?php echo ($row->settings->er_bc_title_hcolor != '') ? '#'.$row->settings->er_bc_title_hcolor : 'inherit' ; ?>;
-		<?php if ($row->settings->er_bg_type == 'color' ): ?>
-			background-color: <?php echo ($row->settings->er_bc_bg_hcolor != '') ? '#'.$row->settings->er_bc_bg_hcolor : 'inherit' ; ?>;
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bb-er-row:hover {
+		color: <?php echo ( $row->settings->er_bc_title_hcolor != '' ) ? '#' . esc_attr( $row->settings->er_bc_title_hcolor ) : 'inherit' ; ?>;
+		<?php if ( $row->settings->er_bg_type == 'color' ): ?>
+			background-color: <?php echo ( $row->settings->er_bc_bg_hcolor != '' ) ? '#' . esc_attr( $row->settings->er_bc_bg_hcolor ) : 'inherit' ; ?>;
 		<?php endif ?>
 	}
 
 	/* After click hover */
-	.fl-node-<?php echo $row->node; ?> .bber-expanded:hover {
-		color: <?php echo ($row->settings->er_ac_title_hcolor != '') ? '#'.$row->settings->er_ac_title_hcolor : 'inherit' ; ?>;
-		<?php if ($row->settings->er_bg_type == 'color' ): ?>
-			background-color: <?php echo ($row->settings->er_ac_bg_hcolor != '') ? '#'.$row->settings->er_ac_bg_hcolor : '#c7c7c7' ; ?>;
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bber-expanded:hover {
+		color: <?php echo ( $row->settings->er_ac_title_hcolor != '' ) ? '#' . esc_attr( $row->settings->er_ac_title_hcolor ) : 'inherit' ; ?>;
+		<?php if ( $row->settings->er_bg_type == 'color' ): ?>
+			background-color: <?php echo ( $row->settings->er_ac_bg_hcolor != '' ) ? '#' . esc_attr( $row->settings->er_ac_bg_hcolor ) : '#c7c7c7' ; ?>;
 		<?php endif ?>	
 	}
 
 	/* Image icon size */
-	.fl-node-<?php echo $row->node; ?> .bber-image img {
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .bber-image img {
 		vertical-align: middle;
-		width: <?php echo ( $row->settings->er_image_size != '' ) ? $row->settings->er_image_size : 'auto' ?>px;
+		width: <?php echo ( $row->settings->er_image_size != '' ) ? esc_attr( $row->settings->er_image_size ) : 'auto' ?>px;
 	}
 
 	/* Dashicons alignment */
-	.fl-node-<?php echo $row->node; ?> .dashicons,
-	.fl-node-<?php echo $row->node; ?> .dashicons-before:before {
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .dashicons,
+	.fl-node-<?php echo esc_attr( $row->node ); ?> .dashicons-before:before {
 		width: auto;
-    	height: auto;
-    	font-size: <?php echo ($row->settings->er_icon_size != '' )? $row->settings->er_icon_size.'px' : 'inherit' ?>;
+		height: auto;
+		font-size: <?php echo ( $row->settings->er_icon_size != '' ) ? esc_attr( $row->settings->er_icon_size ) . 'px' : 'inherit' ?>;
 	}
 
 <?php endif ?>
diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: pratikchaskar
 Donate link: https://www.paypal.me/BrainstormForce
 Requires at least: 4.4
 Tags: beaver builder, page builder plugin, expandable, expand, row expand, row
-Stable tag: 1.1.2
+Stable tag: 1.1.3
 Tested up to: 6.6
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -26,6 +26,9 @@ Simple Expandable Row for Beaver Builder. This plugin toggles any row in Beaver
 
 == Changelog ==
 
+= 1.1.3 =
+- Improvement: Improved codebase for improved security.
+
 = 1.1.2 =
 - Improvement: Added compatibility to WordPress 6.1