added escaping for the missing attributes

pfefferle · pfefferle · commit 148a209b688b · 2019-01-27T01:10:33.000+01:00
diff --git a/opengraph.php b/opengraph.php
@@ -5,7 +5,7 @@
  * Description: Adds Open Graph metadata to your pages
  * Author: Will Norris
  * Author URI: http://willnorris.com/
- * Version: 1.8.2
+ * Version: 1.8.3
  * License: Apache License, Version 2.0
  * License URI: http://www.apache.org/licenses/LICENSE-2.0.html
  * Text Domain: opengraph
@@ -44,7 +44,7 @@ function opengraph_add_prefix( $output ) {
 	if ( preg_match( '/(prefix\s*=\s*[\"|\'])/i', $output ) ) {
 		$output = preg_replace( '/(prefix\s*=\s*[\"|\'])/i', '${1}' . $prefix_str, $output );
 	} else {
-		$output .= ' prefix="' . $prefix_str . '"';
+		$output .= ' prefix="' . esc_attr( $prefix_str ) . '"';
 	}
 
 	return $output;
@@ -163,7 +163,7 @@ function opengraph_default_title( $title ) {
 		$title = get_the_archive_title();
 	}
 
-	return $title;
+	return esc_attr( $title );
 }
 
 
@@ -181,7 +181,7 @@ function opengraph_default_type( $type ) {
 		}
 	}
 
-	return $type;
+	return esc_attr( $type );
 }
 
 
@@ -283,7 +283,7 @@ function opengraph_default_url( $url ) {
 		}
 	}
 
-	return $url;
+	return esc_url( $url );
 }
 
 
@@ -295,7 +295,7 @@ function opengraph_default_sitename( $name ) {
 		$name = get_bloginfo( 'name' );
 	}
 
-	return $name;
+	return esc_attr( $name );
 }
 
 
@@ -332,7 +332,7 @@ function opengraph_default_description( $description ) {
 	$description = strip_tags( strip_shortcodes( $description ) );
 	$description = __opengraph_trim_text( $description );
 
-	return $description;
+	return esc_attr( $description );
 }
 
 
@@ -363,7 +363,7 @@ function twitter_default_card( $card ) {
 		$card = 'summary_large_image';
 	}
 
-	return $card;
+	return esc_attr( $card );
 }
 
 
@@ -390,7 +390,7 @@ function twitter_default_creator( $creator ) {
 		$creator = '@' . $matches[1];
 	}
 
-	return $creator;
+	return esc_attr( $creator );
 }
 
 
diff --git a/readme.txt b/readme.txt
@@ -2,8 +2,8 @@
 Contributors: willnorris, pfefferle
 Tags: social, opengraph, ogp, facebook
 Requires at least: 2.3
-Tested up to: 4.9.9
-Stable tag: 1.8.2
+Tested up to: 5.0.3
+Stable tag: 1.8.3
 License: Apache License, Version 2.0
 License URI: http://www.apache.org/licenses/LICENSE-2.0.html
 
@@ -65,6 +65,9 @@ The plugin populates the meta 'name' attribute alongside the 'property' attribut
 
 Project maintained on github at [willnorris/wordpress-opengraph](https://github.com/willnorris/wordpress-opengraph).
 
+= version 1.8.3 (Jan 27, 2019) =
+ - added escaping for the missing attributes
+
 = version 1.8.2 (Nov 21, 2018) =
  - fixed PHP warning issue: <https://wordpress.org/support/topic/php-warning-count-parameter-must-be-an-array-or-an-object-that-implements-c/>
 

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`* Description: Adds Open Graph metadata to your pages`
`6`	`6`	`* Author: Will Norris`
`7`	`7`	`* Author URI: http://willnorris.com/`
`8`		`- * Version: 1.8.2`
	`8`	`+ * Version: 1.8.3`
`9`	`9`	`* License: Apache License, Version 2.0`
`10`	`10`	`* License URI: http://www.apache.org/licenses/LICENSE-2.0.html`
`11`	`11`	`* Text Domain: opengraph`
`@@ -44,7 +44,7 @@ function opengraph_add_prefix( $output ) {`
`44`	`44`	`if ( preg_match( '/(prefix\s=\s[\"\|\'])/i', $output ) ) {`
`45`	`45`	`$output = preg_replace( '/(prefix\s=\s[\"\|\'])/i', '${1}' . $prefix_str, $output );`
`46`	`46`	`} else {`
`47`		`- $output .= ' prefix="' . $prefix_str . '"';`
	`47`	`+ $output .= ' prefix="' . esc_attr( $prefix_str ) . '"';`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`return $output;`
`@@ -163,7 +163,7 @@ function opengraph_default_title( $title ) {`
`163`	`163`	`$title = get_the_archive_title();`
`164`	`164`	`}`
`165`	`165`
`166`		`- return $title;`
	`166`	`+ return esc_attr( $title );`
`167`	`167`	`}`
`168`	`168`
`169`	`169`
`@@ -181,7 +181,7 @@ function opengraph_default_type( $type ) {`
`181`	`181`	`}`
`182`	`182`	`}`
`183`	`183`
`184`		`- return $type;`
	`184`	`+ return esc_attr( $type );`
`185`	`185`	`}`
`186`	`186`
`187`	`187`
`@@ -283,7 +283,7 @@ function opengraph_default_url( $url ) {`
`283`	`283`	`}`
`284`	`284`	`}`
`285`	`285`
`286`		`- return $url;`
	`286`	`+ return esc_url( $url );`
`287`	`287`	`}`
`288`	`288`
`289`	`289`
`@@ -295,7 +295,7 @@ function opengraph_default_sitename( $name ) {`
`295`	`295`	`$name = get_bloginfo( 'name' );`
`296`	`296`	`}`
`297`	`297`
`298`		`- return $name;`
	`298`	`+ return esc_attr( $name );`
`299`	`299`	`}`
`300`	`300`
`301`	`301`
`@@ -332,7 +332,7 @@ function opengraph_default_description( $description ) {`
`332`	`332`	`$description = strip_tags( strip_shortcodes( $description ) );`
`333`	`333`	`$description = __opengraph_trim_text( $description );`
`334`	`334`
`335`		`- return $description;`
	`335`	`+ return esc_attr( $description );`
`336`	`336`	`}`
`337`	`337`
`338`	`338`
`@@ -363,7 +363,7 @@ function twitter_default_card( $card ) {`
`363`	`363`	`$card = 'summary_large_image';`
`364`	`364`	`}`
`365`	`365`
`366`		`- return $card;`
	`366`	`+ return esc_attr( $card );`
`367`	`367`	`}`
`368`	`368`
`369`	`369`
`@@ -390,7 +390,7 @@ function twitter_default_creator( $creator ) {`
`390`	`390`	`$creator = '@' . $matches[1];`
`391`	`391`	`}`
`392`	`392`
`393`		`- return $creator;`
	`393`	`+ return esc_attr( $creator );`
`394`	`394`	`}`
`395`	`395`
`396`	`396`