diff --git a/mathjax-latex-admin.php b/mathjax-latex-admin.php index 32373ee..b176e11 100644 --- a/mathjax-latex-admin.php +++ b/mathjax-latex-admin.php @@ -57,7 +57,7 @@ function plugin_options_menu() { // save options if this is a valid post if ( isset( $_POST['kblog_mathjax_latex_save_field'] ) && // input var okay - wp_verify_nonce( sanitize_text_field( $_POST['kblog_mathjax_latex_save_field'] ), 'kblog_mathjax_latex_save_action' ) // input var okay + wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['kblog_mathjax_latex_save_field'] ) ), 'kblog_mathjax_latex_save_action' ) // input var okay ) { echo "

Settings saved.

\n"; $this->admin_save(); @@ -75,8 +75,8 @@ function plugin_options_menu() { '' ); - $selected_inline = get_option( 'kblog_mathjax_latex_inline' ) == 'inline' ? 'selected="true"' : ''; - $selected_display = get_option( 'kblog_mathjax_latex_inline' ) == 'display' ? 'selected="true"' : ''; + $selected_inline = get_option( 'kblog_mathjax_latex_inline' ) === 'inline' ? 'selected="true"' : ''; + $selected_display = get_option( 'kblog_mathjax_latex_inline' ) === 'display' ? 'selected="true"' : ''; $syntax_input = << @@ -105,9 +105,7 @@ function plugin_options_menu() { $use_cdn = get_option( 'kblog_mathjax_use_cdn', true ) ? 'checked="true"' : ''; $this->admin_table_row( 'Use MathJax CDN Service?', - 'Allows use of the MathJax hosted content delivery network. ' . - 'By using this, you are agreeing to the ' . - 'MathJax CDN Terms of Service.', + 'Allows use of the MathJax hosted content delivery network. By using this, you are agreeing to the MathJax CDN Terms of Service.', "", 'use_cdn' ); @@ -156,9 +154,9 @@ function admin_save() { update_option( 'kblog_mathjax_force_load', array_key_exists( 'kblog_mathjax_force_load', $_POST ) ); // input var okay if ( array_key_exists( 'kblog_mathjax_latex_inline', $_POST ) && isset( $_POST['kblog_mathjax_latex_inline'] ) && // input var okay - in_array( sanitize_text_field( $_POST['kblog_mathjax_latex_inline'] ), array( 'inline', 'display' ) ) // input var okay + in_array( sanitize_text_field( wp_unslash( $_POST['kblog_mathjax_latex_inline'] ) ), array( 'inline', 'display' ), true ) // input var okay ) { - update_option( 'kblog_mathjax_latex_inline', sanitize_text_field( $_POST['kblog_mathjax_latex_inline'] ) ); // input var okay + update_option( 'kblog_mathjax_latex_inline', sanitize_text_field( wp_unslash( $_POST['kblog_mathjax_latex_inline'] ) ) ); // input var okay } update_option( 'kblog_mathjax_use_wplatex_syntax', array_key_exists( 'kblog_mathjax_use_wplatex_syntax', $_POST ) ); // input var okay @@ -166,13 +164,13 @@ function admin_save() { update_option( 'kblog_mathjax_use_cdn', array_key_exists( 'kblog_mathjax_use_cdn', $_POST ) ); // input var okay if ( array_key_exists( 'kblog_mathjax_custom_location', $_POST ) && isset( $_POST['kblog_mathjax_custom_location'] ) ) { // input var okay - update_option( 'kblog_mathjax_custom_location', esc_url_raw( $_POST['kblog_mathjax_custom_location'] ) ); // input var okay + update_option( 'kblog_mathjax_custom_location', esc_url_raw( wp_unslash( $_POST['kblog_mathjax_custom_location'] ) ) ); // input var okay } if ( array_key_exists( 'kblog_mathjax_config', $_POST ) && isset( $_POST['kblog_mathjax_config'] ) && // input var okay - in_array( sanitize_text_field( $_POST['kblog_mathjax_config'] ), $this->config_options() ) // input var okay + in_array( sanitize_text_field( wp_unslash( $_POST['kblog_mathjax_config'] ) ), $this->config_options(), true ) // input var okay ) { - update_option( 'kblog_mathjax_config', sanitize_text_field( $_POST['kblog_mathjax_config'] ) ); // input var okay + update_option( 'kblog_mathjax_config', sanitize_text_field( wp_unslash( $_POST['kblog_mathjax_config'] ) ) ); // input var okay } } @@ -226,7 +224,6 @@ function admin_table_row( $head, $comment, $input, $input_id ) { .*<\/math>)/isU', - function ( $matches ) { + function( $matches ) { return str_replace( array( '
', '
', '
' ) , '' , $matches[0] ); }, $content diff --git a/readme.txt b/readme.txt index 46eadbf..9ddba30 100644 --- a/readme.txt +++ b/readme.txt @@ -3,8 +3,8 @@ Contributors: philliplord, sjcockell, knowledgeblog, d_swan, paulschreiber, jwenerd Tags: mathematics, math, latex, mathml, mathjax, science, res-comms, scholar, academic Requires at least: 3.0 -Tested up to: 4.0.0 -Stable tag: 1.3.3 +Tested up to: 4.3 +Stable tag: 1.3.4 License: GPLv3 This plugin enables mathjax (http://www.mathjax.org) functionality for @@ -60,6 +60,12 @@ MathJax-LaTeX is developed on == Changelog == += 1.3.4 = + +1. PHP code cleanup +1. Always use https URL for MathJax library +1. Updated "tested up to" to 4.3 + = 1.3.3 = 1. Fixed inconsistent version numbers between readme and php file