Skip to content

Commit 41069ba

Browse files
yanniksyanniks
committed
version 1.0.8
1 parent 59937ab commit 41069ba

File tree

4 files changed

+17
-10
lines changed

4 files changed

+17
-10
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Shariff for WordPress
22

3-
This is the Shariff sharing plugin by Heise Zeitschriften Verlag / c't modified for WordPress.
3+
This is the Shariff for WordPress plugin based on c't Shariff.
44

55
From the original Shariff GitHub project:
66

release.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
version=1.0.7
1+
version=1.0.8
22
if [ "$1" = "zip" ]; then
33
rm -rf shariff-wp
44
mkdir -p shariff-wp

src/readme.txt

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,19 @@
11
=== Shariff for Wordpress ===
22
Contributors: yanniks
3-
Tags: sharing, social, networks, network, privacy, facebook, twitter, google, whatsapp, linkedin, heise
3+
Tags: sharing, social, networks, network, privacy, facebook, twitter, google, whatsapp, linkedin, heise, pinterest
44
Requires at least: 3.0
55
Tested up to: 4.0.1
6-
Stable tag: 1.0.7
6+
Stable tag: 1.0.8
77
License: MIT
88
License URI: http://opensource.org/licenses/MIT
99

1010
Shariff enables website users to share their favorite content without compromising their privacy.
1111

1212
== Description ==
1313

14-
This is the Shariff sharing plugin by Heise Zeitschriften Verlag / c't updated for WordPress.
14+
This is the Shariff for WordPress plugin based on c't Shariff.
15+
16+
For more information, check out the original [GitHub project](https://github.com/heiseonline/shariff) and the [c’t information page](http://ct.de/shariff).
1517

1618
> Shariff enables website users to share their favorite content without compromising their privacy.
1719

@@ -42,8 +44,13 @@ Select which color you want, set the button location, select the orientation fit
4244

4345
**Method B:** Include `hideshariff` in the article. The word will be removed automatically and Shariff will not be shown. If you want to write hidesharrif in an article without removing Shariff, just write `/hideshariff`.
4446

47+
= Shariff doesn't show any numbers =
48+
Your user probably doesn't have the right to write to the default temp folder `/tmp`. Then create a new folder and use it as temp folder in the Shariff settings, make sure that the rights are set correct.
4549
== Changelog ==
4650

51+
= 1.0.8 =
52+
* security fix
53+
4754
= 1.0.7 =
4855
* upstream changes
4956
* possibility to manually change temp dir

src/shariff-wp.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -93,11 +93,11 @@ function shariffsharing($content) {
9393
}
9494
}
9595
} else {
96-
$image = get_option('shariff_image','');
96+
$image = filter_var(get_option('shariff_image',''), FILTER_SANITIZE_STRING);
9797
}
9898
}
9999
if (!((strpos($content,'hideshariff') !== false) && (strpos($content,'/hideshariff') == false)) && !(get_post_meta($post->ID, 'shariff_enabled', true))) {
100-
$content2 .= '<div class="shariff" data-backend-url="'.plugins_url( 'backend/index.php', __FILE__ ).'" data-temp="'.get_option('shariff_temp',"/tmp").'" data-ttl="'.get_option('shariff_ttl',"60").'" data-service="'.$serv.'" data-services=\''.$services.'\' data-image="'.$image.'" data-url="'.get_permalink().'" data-lang="'.__('en', 'shariff').'" data-theme="'.get_option('shariff_color',"colored").'" data-orientation="'.get_option('shariff_orientation',"horizontal").'"></div>';
100+
$content2 .= '<div class="shariff" data-backend-url="'.plugins_url( 'backend/index.php', __FILE__ ).'" data-temp="'.filter_var(get_option('shariff_temp',"/tmp"),FILTER_SANITIZE_STRING).'" data-ttl="'.filter_var(get_option('shariff_ttl',"60"),FILTER_SANITIZE_STRING).'" data-service="'.$serv.'" data-services=\''.$services.'\' data-image="'.$image.'" data-url="'.get_permalink().'" data-lang="'.__('en', 'shariff').'" data-theme="'.get_option('shariff_color',"colored").'" data-orientation="'.get_option('shariff_orientation',"horizontal").'"></div>';
101101
}
102102
if (get_option('shariff_beforeafter','before') != 'after') {
103103
$content2 .= $content;
@@ -178,7 +178,7 @@ function setting_pinterest_callback() {
178178
checkbox_setting('shariff_pinterest','Pinterest',false);
179179
}
180180
function setting_imageurl() {
181-
echo '<input type="text" name="shariff_image" value="'.get_option('shariff_image','').'"> '.__('Used for services such as Pinterest','shariff');
181+
echo '<input type="text" name="shariff_image" value="'.filter_var(get_option('shariff_image',''), FILTER_SANITIZE_STRING).'"> '.__('Used for services such as Pinterest','shariff');
182182
}
183183
function setting_whatsapp_callback() {
184184
checkbox_setting('shariff_whatsapp','WhatsApp',false);
@@ -200,10 +200,10 @@ function setting_orientation_callback() {
200200
</select>';
201201
}
202202
function setting_ttl_callback() {
203-
echo '<input type="number" name="shariff_ttl" value="'.get_option("shariff_ttl","60").'">';
203+
echo '<input type="number" name="shariff_ttl" value="'.filter_var(get_option("shariff_ttl","60"),FILTER_SANITIZE_STRING).'">';
204204
}
205205
function setting_temp_callback() {
206-
echo '<input type="text" name="shariff_temp" value="'.get_option("shariff_temp","/tmp").'">';
206+
echo '<input type="text" name="shariff_temp" value="'.filter_var(get_option("shariff_temp","/tmp"),FILTER_SANITIZE_STRING).'">';
207207
}
208208
function setting_color_callback() {
209209
echo '<select name="shariff_color">

0 commit comments

Comments
 (0)