Rumperuu/footnotes
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Unreleased bugfix v2.6.1 with Stable Tag 2.6.0.

Browse source 
Needed to share in a Forum topic where the problem came up incidentally.
Must also be shared in the Forum topic of the related bug report.
This also contains an escapement reversal (without known incidence on the plugin’s behavior).

= 2.6.1 =
- Bugfix: Tooltips: Styling: Font color: set to black for maximum contrast with respect to white default background, thanks to 4msc bug report.
- Bugfix: Tooltips: Styling: Background color: set default value back to white because empty doesn’t work out as expected.

= Branches =
Delete the staging branch.
Rationale:

- It is outdated an cannot be used for staging any more.
- It had been made improperly on its own instead of copying from trunk/.
- It is undue for the following reasons:
  - Staging release processes here is too dangerous.
  - Staging release processes here is too little effective.

Staging must not take place in this repository but in another SVN instance.

git-svn-id: https://plugins.svn.wordpress.org/footnotes/trunk@2504324 b8457f37-d9ea-0310-8a92-e5e31aec5664
This commit is contained in:
pewgeuges 2021-03-27 06:10:08 +00:00
parent 380a309ad3
commit 258e3c6070
17 changed files with 104 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

25
class/dashboard/layout.php
View file

@ -337,9 +337,24 @@ abstract class MCI_Footnotes_Layout_Engine {
/**
* Loads specific setting and returns an array with the keys [id, name, value].
*
* @since 1.5.0
* @since 1.5.0
* @param string $p_str_setting_key_name Settings Array key name.
* @return array Contains Settings ID, Settings Name and Settings Value.
*
* @since 2.5.11 Remove escapement function.
* When refactoring the codebase after 2.5.8, all and every output was escaped.
* After noticing that the plugin was broken, all escapement functions were removed.
* @link https://github.com/markcheret/footnotes/pull/50/commits/25c3f2f12eb5de1079e9215bf624ec4289b095a5
* @link https://github.com/markcheret/footnotes/pull/50#issuecomment-787624123
* In that process, this instance of esc_attr() was removed too, so the plugin was
* broken again.
* @link https://github.com/markcheret/footnotes/pull/50/commits/25c3f2f12eb5de1079e9215bf624ec4289b095a5#diff-a8ed6e859c32a18fc10bbbad3b4dd8ce7f43f2378d29471c7638e314ab30f1bdL349-L354
*
* @since 2.5.15 To fix it, the data was escaped in add_select_box() instead.
* @since 2.6.1 Restore esc_attr() in load_setting().
* @see add_select_box()
* This is the only instance of esc_|kses|sanitize in the pre-2.5.11 codebase.
* Removing this did not fix the quotation mark backslash escapement bug.
*/
protected function load_setting( $p_str_setting_key_name ) {
// Get current section.
@ -347,7 +362,7 @@ abstract class MCI_Footnotes_Layout_Engine {
$p_arr_return = array();
$p_arr_return['id'] = sprintf( '%s', $p_str_setting_key_name );
$p_arr_return['name'] = sprintf( '%s', $p_str_setting_key_name );
$p_arr_return['value'] = MCI_Footnotes_Settings::instance()->get( $p_str_setting_key_name );
$p_arr_return['value'] = esc_attr( MCI_Footnotes_Settings::instance()->get( $p_str_setting_key_name ) );
return $p_arr_return;
}
@ -467,6 +482,9 @@ abstract class MCI_Footnotes_Layout_Engine {
* @param string $p_str_setting_name Name of the Settings key to pre select the current value.
* @param array $p_arr_options Possible options to be selected.
* @return string
*
* @since 2.5.15 Bugfix: Dashboard: General settings: Footnote start and end short codes: debug select box for shortcodes with pointy brackets.
* @since 2.6.1 Restore esc_attr() in load_setting(), remove htmlspecialchars() here.
*/
protected function add_select_box( $p_str_setting_name, $p_arr_options ) {
// Collect data for given settings field.
@ -478,9 +496,8 @@ abstract class MCI_Footnotes_Layout_Engine {
$l_str_options .= sprintf(
'<option value="%s" %s>%s</option>',
$l_str_value,
// Now we need to escape the data, WRT shortcodes with pointy brackets.
// Only check for equality, not identity, WRT backlink symbol arrows.
$l_str_value == htmlspecialchars( $l_arr_data['value'] ) ? 'selected' : '',
$l_str_value == $l_arr_data['value'] ? 'selected' : '',
$l_str_caption
);
}