Headline
CVE-2023-1917: Changeset 2896729 for powerpress – WordPress Plugin Repository
The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.
Legend:
Unmodified
Added
Removed
powerpress/trunk/class.powerpress-subscribe-widget.php
r2808231
r2896729
128
128
<option value=""><?php echo \_\_('Select Post Type', 'powerpress'); ?></option>
129
129
<?php
130
$post\_types = powerpress\_admin\_get\_post\_types(false);
130
$post\_types = $this->powerpress\_admin\_get\_post\_types(false);
131
131
foreach( $post\_types as $index => $label ) {
132
132
echo '<option value="' . $label . '"'
…
…
251
251
return;
252
252
}
253
254
function powerpress\_admin\_get\_post\_types($capability\_type = 'post')
255
{
256
if( !function\_exists('get\_post\_types') || !function\_exists('get\_post\_type\_object') )
257
return array($capability\_type);
258
259
$return = array();
260
$post\_types = get\_post\_types();
261
if (!empty($post\_types)) {
262
foreach ($post\_types as $index => $post\_type) {
263
if ($post\_type == 'redirect\_rule' || $post\_type == 'attachment' || $post\_type == 'nav\_menu\_item' || $post\_type == 'revision' || $post\_type == 'action')
264
continue;
265
if ($capability\_type !== false) {
266
$object = get\_post\_type\_object($post\_type);
267
if ($object && $object->capability\_type == $capability\_type)
268
$return\[\] = $post\_type;
269
} else {
270
$return\[\] = $post\_type;
271
}
272
}
273
}
274
return $return;
275
}
253
276
}
254
277
powerpress/trunk/powerpress-player.php
r2880730
r2896729
358
358
$embed .= '<iframe';
359
359
//$embed .= ' class="powerpress-player-embed"';
360
$embed .= ' width="'. $width .'"';
361
$embed .= ' height="'. $height .'"';
362
$embed .= ' src="'. $url .'"';
363
$embed .= ' title="'. $iframeTitle .'"';
360
$embed .= ' width="'. htmlspecialchars($width) .'"';
361
$embed .= ' height="'. htmlspecialchars($height) .'"';
362
$embed .= ' src="'. htmlspecialchars($url) .'"';
363
$embed .= ' title="'. htmlspecialchars($iframeTitle) .'"';
364
364
$embed .= ' frameborder="0" scrolling="no"';
365
365
if($extension != 'mp3' && $extension != 'm4a' && $extension != 'oga')
…
…
1138
1138
{
1139
1139
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. $player\_id .'">'.PHP\_EOL\_WEB;
1140
$content .= '<video width="'. $player\_width .'" height="'. $player\_height .'" controls="controls"';
1140
$content .= '<video width="'. htmlspecialchars($player\_width) .'" height="'. htmlspecialchars($player\_height) .'" controls="controls"';
1141
1141
if( $cover\_image )
1142
$content .= ' poster="'. $cover\_image .'"';
1142
$content .= ' poster="'. htmlspecialchars($cover\_image) .'"';
1143
1143
if( $autoplay )
1144
1144
$content .= ' autoplay="autoplay"';
…
…
1148
1148
$content .= '>'.PHP\_EOL\_WEB;
1149
1149
$content\_type = powerpress\_get\_contenttype($media\_url);
1150
$content .='<source src="'. $media\_url .'" type="'. $content\_type .'" />';
1150
$content .='<source src="'. htmlspecialchars($media\_url) .'" type="'. $content\_type .'" />';
1151
1151
1152
1152
if( !empty($EpisodeData\['webm\_src'\]) )
1153
1153
{
1154
1154
$EpisodeData\['webm\_src'\] = powerpress\_add\_flag\_to\_redirect\_url($EpisodeData\['webm\_src'\], 'p');
1155
$content .='<source src="'. $EpisodeData\['webm\_src'\] .'" type="video/webm" />';
1155
$content .='<source src="'. htmlspecialchars($EpisodeData\['webm\_src'\]) .'" type="video/webm" />';
1156
1156
}
1157
1157
…
…
1169
1169
$webm\_src = powerpress\_add\_flag\_to\_redirect\_url($EpisodeData\['webm\_src'\], 'p');
1170
1170
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. $player\_id .'">';
1171
$content .= '<a href="'. $media\_url .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" onclick="return powerpress\_embed\_html5v(\\''.$player\_id.'\\',\\''.$media\_url.'\\',\\''. $player\_width .'\\',\\''. $player\_height .'\\', \\''. $webm\_src .'\\');" target="\_blank" style="position: relative;">';
1171
$content .= '<a href="'. htmlspecialchars($media\_url) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" onclick="return powerpress\_embed\_html5v(\\''.$player\_id.'\\',\\''.htmlspecialchars($media\_url).'\\',\\''. htmlspecialchars($player\_width) .'\\',\\''. htmlspecialchars($player\_height) .'\\', \\''. htmlspecialchars($webm\_src) .'\\');" target="\_blank" style="position: relative;">';
1172
1172
if( !empty($EpisodeData\['custom\_play\_button'\]) ) // This currently does not apply
1173
1173
{
1174
1174
$cover\_image = $EpisodeData\['custom\_play\_button'\];
1175
1175
$Settings\['poster\_play\_image'\] = false;
1176
$content .= '<img class="powerpress-player-poster" src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" />';
1176
$content .= '<img class="powerpress-player-poster" src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" />';
1177
1177
}
1178
1178
else
1179
1179
{
1180
$content .= '<img class="powerpress-player-poster" src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="width: '. $player\_width .'px; height: '. $player\_height .'px;" />';
1180
$content .= '<img class="powerpress-player-poster" src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="width: '. htmlspecialchars($player\_width) .'px; height: '. htmlspecialchars($player\_height) .'px;" />';
1181
1181
}
1182
1182
…
…
1193
1193
if( $left < 0 )
1194
1194
$left = 0;
1195
$content .= '<img class="powerpress-player-play-image" src="'. $play\_image\_button\_url .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="position: absolute; bottom: '. $bottom .'px; left: '. $left .'px; border:0;" />';
1195
$content .= '<img class="powerpress-player-play-image" src="'. htmlspecialchars($play\_image\_button\_url) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="position: absolute; bottom: '. $bottom .'px; left: '. $left .'px; border:0;" />';
1196
1196
}
1197
1197
$content .= '</a>';
…
…
1201
1201
{
1202
1202
$content .= '<script type="text/javascript"><!--'.PHP\_EOL;
1203
$content .= "powerpress\_embed\_html5v('{$player\_id}','{$media\_url}',{$player\_width},{$player\_height},'{$webm\_src}');\\n";
1203
$content .= "powerpress\_embed\_html5v('{$player\_id}','" . htmlspecialchars($media\_url) . "'," . htmlspecialchars($player\_width) . "," . htmlspecialchars($player\_height) . ",'" . htmlspecialchars($webm\_src) . "');\\n";
1204
1204
$content .= "//-->\\n";
1205
1205
$content .= "</script>\\n";
…
…
1303
1303
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. $player\_id .'">'.PHP\_EOL\_WEB;
1304
1304
$content .= '<audio controls="controls"';
1305
$content .=' src="'. $media\_url .'"';
1305
$content .=' src="'. htmlspecialchars($media\_url) .'"';
1306
1306
if( $autoplay )
1307
1307
$content .= ' autoplay="autoplay"';
…
…
1329
1329
1330
1330
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. $player\_id .'">';
1331
$content .= '<a href="'. $media\_url .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" onclick="return powerpress\_embed\_html5a(\\''.$player\_id.'\\',\\''.$media\_url.'\\');" target="\_blank">';
1331
$content .= '<a href="'. htmlspecialchars($media\_url) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" onclick="return powerpress\_embed\_html5a(\\''.$player\_id.'\\',\\''.htmlspecialchars($media\_url).'\\');" target="\_blank">';
1332
1332
if( $cover\_image\_default == $cover\_image )
1333
$content .= '<img src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="border:0;" width="23px" height="24px" />';
1333
$content .= '<img src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="border:0;" width="23px" height="24px" />';
1334
1334
else
1335
$content .= '<img src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="border:0;" />';
1335
$content .= '<img src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="border:0;" />';
1336
1336
$content .= '</a>';
1337
1337
$content .= "</div>\\n";
…
…
1340
1340
{
1341
1341
$content .= '<script type="text/javascript"><!--'.PHP\_EOL;
1342
$content .= "powerpress\_embed\_html5a('{$player\_id}','{$media\_url}');\\n";
1342
$content .= "powerpress\_embed\_html5a('{$player\_id}','" . htmlspecialchars($media\_url) . "');\\n";
1343
1343
$content .= "//-->\\n";
1344
1344
$content .= "</script>\\n";
…
…
1419
1419
$playerSettings\['transcriptspacing'\] = '230px';
1420
1420
1421
return '<iframe src="' . $url . '" scrolling="yes" width="100%" height="'.$playerSettings\['transcriptspacing'\].'" frameborder="0" id="' . $playerID . '" class="blubrryplayer" title="' . $iframeTitle . '"></iframe>';
1421
return '<iframe src="' . htmlspecialchars($url) . '" scrolling="yes" width="100%" height="'. htmlspecialchars($playerSettings\['transcriptspacing'\]).'" frameborder="0" id="' . $playerID . '" class="blubrryplayer" title="' . $iframeTitle . '"></iframe>';
1422
1422
} else {
1423
return '<iframe src="' . $url . '" scrolling="no" width="100%" height="138px" frameborder="0" id="' . $playerID . '" class="blubrryplayer" title="' . $iframeTitle . '"></iframe>';
1423
return '<iframe src="' . htmlspecialchars($url) . '" scrolling="no" width="100%" height="138px" frameborder="0" id="' . $playerID . '" class="blubrryplayer" title="' . $iframeTitle . '"></iframe>';
1424
1424
}
1425
1425
}
…
…
1524
1524
if( $include\_div )
1525
1525
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. powerpressplayer\_get\_next\_id() .'">';
1526
$content .= '<a href="'. $media\_url .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" target="\_blank" style="position: relative;">';
1527
$content .= '<img src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="width: '. $player\_width .'px; height: '. $player\_height .'px;" />';
1526
$content .= '<a href="'. htmlspecialchars($media\_url) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" target="\_blank" style="position: relative;">';
1527
$content .= '<img src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="width: '. htmlspecialchars($player\_width) .'px; height: '. htmlspecialchars($player\_height) .'px;" />';
1528
1528
if(!isset($Settings\['poster\_play\_image'\]) || $Settings\['poster\_play\_image'\] )
1529
1529
{
…
…
1538
1538
if( $left < 0 )
1539
1539
$left = 0;
1540
$content .= '<img src="'. $play\_image\_button\_url .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="position: absolute; bottom:'. $bottom .'px; left:'. $left .'px; border:0;" />';
1540
$content .= '<img src="'. htmlspecialchars($play\_image\_button\_url) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="position: absolute; bottom:'. $bottom .'px; left:'. $left .'px; border:0;" />';
1541
1541
}
1542
1542
$content .= '</a>';
…
…
1556
1556
if( $include\_div )
1557
1557
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. powerpressplayer\_get\_next\_id() .'">';
1558
$content .= '<a href="'. $media\_url .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" target="\_blank">';
1559
$content .= '<img src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="border:0;" />';
1558
$content .= '<a href="'. htmlspecialchars($media\_url) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" target="\_blank">';
1559
$content .= '<img src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_PLAY\_TEXT) .'" style="border:0;" />';
1560
1560
$content .= '</a>';
1561
1561
if( $include\_div )
…
…
1574
1574
if( $include\_div )
1575
1575
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. powerpressplayer\_get\_next\_id() .'">';
1576
$content .= '<a href="'. $media\_url .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" target="\_blank">';
1577
$content .= '<img src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" style="border:0;" />';
1576
$content .= '<a href="'. htmlspecialchars($media\_url) .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" target="\_blank">';
1577
$content .= '<img src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" style="border:0;" />';
1578
1578
$content .= '</a>';
1579
1579
if( $include\_div )
…
…
1592
1592
if( $include\_div )
1593
1593
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. powerpressplayer\_get\_next\_id() .'">';
1594
$content .= '<a href="'. $media\_url .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" target="\_blank">';
1595
$content .= '<img src="'. $cover\_image .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" style="border:0;" />';
1594
$content .= '<a href="'. htmlspecialchars($media\_url) .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" target="\_blank">';
1595
$content .= '<img src="'. htmlspecialchars($cover\_image) .'" title="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" alt="'. htmlspecialchars(POWERPRESS\_READ\_TEXT) .'" style="border:0;" />';
1596
1596
$content .= '</a>';
1597
1597
if( $include\_div )
…
…
1637
1637
$poster\_attribute = '';
1638
1638
if ($cover\_image)
1639
$poster\_attribute = ' poster="'.$cover\_image.'"';
1639
$poster\_attribute = ' poster="'.htmlspecialchars($cover\_image).'"';
1640
1640
1641
1641
// Autoplay the video?
…
…
1649
1649
$class = '';
1650
1650
if ( !empty($Settings\['videojs\_css\_class'\]) )
1651
$class = ' '. $Settings\['videojs\_css\_class'\];
1651
$class = ' '. htmlspecialchars($Settings\['videojs\_css\_class'\]);
1652
1652
1653
1653
$content .= '<div class="powerpress\_player" id="powerpress\_player\_'. $player\_id .'">';
1654
1654
1655
$content .= '<video id="videojs\_player\_'. $player\_id .'" class="video-js vjs-default-skin'. $class .'" width="'. $player\_width .'" height="'. $player\_height .'"'. $poster\_attribute .' controls '. $autoplay\_attribute .' data-setup="{}">';
1655
$content .= '<video id="videojs\_player\_'. $player\_id .'" class="video-js vjs-default-skin'. $class .'" width="'. htmlspecialchars($player\_width) .'" height="'. htmlspecialchars($player\_height) .'"'. $poster\_attribute .' controls '. $autoplay\_attribute .' data-setup="{}">';
1656
1656
1657
1657
$content\_type = powerpress\_get\_contenttype($media\_url);
1658
1658
if( $content\_type == 'video/x-m4v' )
1659
1659
$content\_type = 'video/mp4'; // Mp4
1660
$content .='<source src="'. $media\_url .'" type="'. $content\_type .'" />';
1660
$content .='<source src="'. htmlspecialchars($media\_url) .'" type="'. $content\_type .'" />';
1661
1661
1662
1662
if( !empty($EpisodeData\['webm\_src'\]) )
1663
1663
{
1664
1664
$EpisodeData\['webm\_src'\] = powerpress\_add\_flag\_to\_redirect\_url($EpisodeData\['webm\_src'\], 'p');
1665
$content .='<source src="'. $EpisodeData\['webm\_src'\] .'" type="video/webm; codecs="vp8, vorbis" />';
1665
$content .='<source src="'. htmlspecialchars($EpisodeData\['webm\_src'\]) .'" type="video/webm; codecs="vp8, vorbis" />';
1666
1666
}
1667
1667
powerpress/trunk/powerpress-subscribe.php
r2820035
r2896729
947
947
if( !empty($settings\['itunes\_url'\]) && !empty($settings\['subscribe\_feature\_apple\_shortcode'\]) ) {
948
948
$link\_counter++;
949
$html .= '<a href="'. esc\_url( $settings\['itunes\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-itunes" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Apple Podcasts', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Apple Podcasts', 'powerpress') ) .'</a>';
949
$html .= '<a href="'. esc\_url( $settings\['itunes\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-itunes" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Apple Podcasts', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Apple Podcasts', 'powerpress') ) .'</a>';
950
950
}
951
951
// Google Podcasts
…
…
957
957
if (!empty($settings\['subscribe\_feature\_gp\_shortcode'\])) {
958
958
$link\_counter++;
959
$html .= '<a href="' . esc\_url($googleUrl) . '" class="pp-sub-btn' . $settings\['subscribe\_widget\_shape'\] . ' pp-sub-gp" target="\_blank" title="' . esc\_attr(\_\_('Subscribe on Google Podcasts', 'powerpress')) . '"><span class="pp-sub-ic"></span>' . esc\_html(\_\_('Google Podcasts', 'powerpress')) . '</a>';
959
$html .= '<a href="' . esc\_url($googleUrl) . '" class="pp-sub-btn' . htmlspecialchars($settings\['subscribe\_widget\_shape'\]) . ' pp-sub-gp" target="\_blank" title="' . esc\_attr(\_\_('Subscribe on Google Podcasts', 'powerpress')) . '"><span class="pp-sub-ic"></span>' . esc\_html(\_\_('Google Podcasts', 'powerpress')) . '</a>';
960
960
}
961
961
…
…
963
963
{
964
964
$link\_counter++;
965
$html .= '<a href="'. esc\_url( $settings\['spotify\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-spotify" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Spotify', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Spotify', 'powerpress') ) .'</a>';
965
$html .= '<a href="'. esc\_url( $settings\['spotify\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-spotify" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Spotify', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Spotify', 'powerpress') ) .'</a>';
966
966
}
967
967
968
968
if( !empty($settings\['subscribe\_feature\_amazon\_shortcode'\]) && !empty($settings\['amazon\_url'\]) ) {
969
969
$link\_counter++;
970
$html .= '<a href="'. esc\_url( $settings\['amazon\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-amazon" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Amazon Music', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Amazon Music', 'powerpress') ) .'</a>';
970
$html .= '<a href="'. esc\_url( $settings\['amazon\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-amazon" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Amazon Music', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Amazon Music', 'powerpress') ) .'</a>';
971
971
}
972
972
…
…
974
974
$android\_url = $matches\[1\] . 'subscribeonandroid.com/' . $matches\[2\];
975
975
$link\_counter++;
976
$html .= '<a href="'. esc\_url( $android\_url ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-android" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Android', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Android', 'powerpress') ) .'</a>';
976
$html .= '<a href="'. esc\_url( $android\_url ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-android" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Android', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Android', 'powerpress') ) .'</a>';
977
977
}
978
978
979
979
if( !empty($settings\['subscribe\_feature\_pandora\_shortcode'\]) && !empty($settings\['pandora\_url'\]) ) {
980
980
$link\_counter++;
981
$html .= '<a href="'. esc\_url( $settings\['pandora\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-pandora" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Pandora', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Pandora', 'powerpress') ) .'</a>';
981
$html .= '<a href="'. esc\_url( $settings\['pandora\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-pandora" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Pandora', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Pandora', 'powerpress') ) .'</a>';
982
982
}
983
983
984
984
if( !empty($settings\['subscribe\_feature\_iheart\_shortcode'\]) && !empty($settings\['iheart\_url'\]) ) {
985
985
$link\_counter++;
986
$html .= '<a href="'. esc\_url( $settings\['iheart\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-iheartradio" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on iHeartRadio', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('iHeartRadio', 'powerpress') ) .'</a>';
986
$html .= '<a href="'. esc\_url( $settings\['iheart\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-iheartradio" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on iHeartRadio', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('iHeartRadio', 'powerpress') ) .'</a>';
987
987
}
988
988
…
…
990
990
{
991
991
$link\_counter++;
992
$html .= '<a href="'. esc\_url( $settings\['stitcher\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-stitcher" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Stitcher', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Stitcher', 'powerpress') ) .'</a>';
992
$html .= '<a href="'. esc\_url( $settings\['stitcher\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-stitcher" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Stitcher', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Stitcher', 'powerpress') ) .'</a>';
993
993
}
994
994
995
995
if( !empty($settings\['subscribe\_feature\_blubrry\_shortcode'\]) && !empty($settings\['blubrry\_url'\]) ) {
996
996
$link\_counter++;
997
$html .= '<a href="'. esc\_url( $settings\['blubrry\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-blubrry" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Blubrry', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Blubrry', 'powerpress') ) .'</a>';
997
$html .= '<a href="'. esc\_url( $settings\['blubrry\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-blubrry" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Blubrry', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Blubrry', 'powerpress') ) .'</a>';
998
998
}
999
999
1000
1000
if( !empty($settings\['subscribe\_feature\_jiosaavn\_shortcode'\]) && !empty($settings\['jiosaavn\_url'\]) ) {
1001
1001
$link\_counter++;
1002
$html .= '<a href="'. esc\_url( $settings\['jiosaavn\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-jiosaavn" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on JioSaavn', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('JioSaavn', 'powerpress') ) .'</a>';
1002
$html .= '<a href="'. esc\_url( $settings\['jiosaavn\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-jiosaavn" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on JioSaavn', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('JioSaavn', 'powerpress') ) .'</a>';
1003
1003
}
1004
1004
1005
1005
if( !empty($settings\['subscribe\_feature\_podchaser\_shortcode'\]) && !empty($settings\['podchaser\_url'\]) ) {
1006
1006
$link\_counter++;
1007
$html .= '<a href="'. esc\_url( $settings\['podchaser\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-podchaser" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Podchaser', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Podchaser', 'powerpress') ) .'</a>';
1007
$html .= '<a href="'. esc\_url( $settings\['podchaser\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-podchaser" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Podchaser', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Podchaser', 'powerpress') ) .'</a>';
1008
1008
}
1009
1009
1010
1010
if( !empty($settings\['subscribe\_feature\_gaana\_shortcode'\]) && !empty($settings\['gaana\_url'\]) ) {
1011
1011
$link\_counter++;
1012
$html .= '<a href="'. esc\_url( $settings\['gaana\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-gaana" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Gaana', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Gaana', 'powerpress') ) .'</a>';
1012
$html .= '<a href="'. esc\_url( $settings\['gaana\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-gaana" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Gaana', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Gaana', 'powerpress') ) .'</a>';
1013
1013
}
1014
1014
1015
1015
if( !empty($settings\['subscribe\_feature\_pcindex\_shortcode'\]) && !empty($settings\['pcindex\_url'\]) ) {
1016
1016
$link\_counter++;
1017
$html .= '<a href="'. esc\_url( $settings\['pcindex\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-pcindex" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Podcast Index', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Podcast Index', 'powerpress') ) .'</a>';
1017
$html .= '<a href="'. esc\_url( $settings\['pcindex\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-pcindex" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Podcast Index', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Podcast Index', 'powerpress') ) .'</a>';
1018
1018
}
1019
1019
…
…
1021
1021
$link\_counter++;
1022
1022
$email\_url = $matches\[1\] . 'subscribebyemail.com/' . $matches\[2\];
1023
$html .= '<a href="'. esc\_url( $email\_url ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-email" target="\_blank" title="'. esc\_attr( \_\_('Subscribe by Email', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('by Email', 'powerpress') ) .'</a>';
1023
$html .= '<a href="'. esc\_url( $email\_url ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-email" target="\_blank" title="'. esc\_attr( \_\_('Subscribe by Email', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('by Email', 'powerpress') ) .'</a>';
1024
1024
}
1025
1025
…
…
1027
1027
{
1028
1028
$link\_counter++;
1029
$html .= '<a href="'. esc\_url( $settings\['tunein\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-tunein" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on TuneIn', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('TuneIn', 'powerpress') ) .'</a>';
1029
$html .= '<a href="'. esc\_url( $settings\['tunein\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-tunein" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on TuneIn', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('TuneIn', 'powerpress') ) .'</a>';
1030
1030
}
1031
1031
1032
1032
if( !empty($settings\['subscribe\_feature\_deezer\_shortcode'\]) && !empty($settings\['deezer\_url'\]) ) {
1033
1033
$link\_counter++;
1034
$html .= '<a href="'. esc\_url( $settings\['deezer\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-deezer" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Deezer', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Deezer', 'powerpress') ) .'</a>';
1034
$html .= '<a href="'. esc\_url( $settings\['deezer\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-deezer" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Deezer', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Deezer', 'powerpress') ) .'</a>';
1035
1035
}
1036
1036
1037
1037
if( !empty($settings\['subscribe\_feature\_anghami\_shortcode'\]) && !empty($settings\['anghami\_url'\]) ) {
1038
1038
$link\_counter++;
1039
$html .= '<a href="'. esc\_url( $settings\['anghami\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-anghami" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Anghami', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Anghami', 'powerpress') ) .'</a>';
1039
$html .= '<a href="'. esc\_url( $settings\['anghami\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-anghami" target="\_blank" title="'. esc\_attr( \_\_('Subscribe on Anghami', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('Anghami', 'powerpress') ) .'</a>';
1040
1040
}
1041
1041
…
…
1045
1045
if (!empty($settings\['subscribe\_feature\_rss\_shortcode'\])) {
1046
1046
$link\_counter++;
1047
$html .= '<a href="'. esc\_url( $settings\['feed\_url'\] ) .'" class="pp-sub-btn'.$settings\['subscribe\_widget\_shape'\].' pp-sub-rss" target="\_blank" title="'. esc\_attr( \_\_('Subscribe via RSS', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('RSS', 'powerpress') ) .'</a>';
1047
$html .= '<a href="'. esc\_url( $settings\['feed\_url'\] ) .'" class="pp-sub-btn'. htmlspecialchars($settings\['subscribe\_widget\_shape'\]) .' pp-sub-rss" target="\_blank" title="'. esc\_attr( \_\_('Subscribe via RSS', 'powerpress') ) .'"><span class="pp-sub-ic"></span>'. esc\_html( \_\_('RSS', 'powerpress') ) .'</a>';
1048
1048
}
1049
1049
powerpress/trunk/powerpress.php
r2895047
r2896729
4
4
Plugin URI: http://create.blubrry.com/resources/powerpress/
5
5
Description: <a href="https://create.blubrry.com/resources/powerpress/" target="\_blank">Blubrry PowerPress</a> is the No. 1 Podcasting plugin for WordPress. Developed by podcasters for podcasters; features include Simple and Advanced modes, multiple audio/video player options, subscribe to podcast tools, podcast SEO features, and more! Fully supports Apple Podcasts (previously iTunes), Google Podcasts, Spotify, Stitcher, and Blubrry Podcasting directories, as well as all podcast applications and clients.
6
Version: 10.0
6
Version: 10.0.1
7
7
Author: Blubrry
8
8
Author URI: https://blubrry.com/
…
…
36
36
37
37
// WP\_PLUGIN\_DIR (REMEMBER TO USE THIS DEFINE IF NEEDED)
38
define('POWERPRESS\_VERSION', '10.0' );
38
define('POWERPRESS\_VERSION', '10.0.1' );
39
39
40
40
// Translation support:
powerpress/trunk/powerpressadmin.php
r2895047
r2896729
3629
3629
add\_action('admin\_head', 'powerpress\_admin\_head');
3630
3630
3631
// our sidebar widget throws an error in the block widget editor
3632
function example\_theme\_support() {
3633
remove\_theme\_support( 'widgets-block-editor' );
3634
}
3635
add\_action( 'after\_setup\_theme', 'example\_theme\_support' );
3636
3637
3631
function powerpress\_check\_account\_verified\_popup($no\_signout\_link = false) {
3638
3632
$link\_action\_url = admin\_url('admin.php?action=powerpress-jquery-account-verify');
powerpress/trunk/readme.txt
r2895047
r2896729
5
5
Requires PHP: 5.2
6
6
Tested up to: 6.1.1
7
<<<<<<< HEAD
8
Stable tag: 10.0
9
\=======
10
Stable tag: 9.10.5
11
\>>>>>>> 0299d7b62ee2e8bccfaced78b21d5895cc48006e
7
Stable tag: 10.0.1
12
8
Donate link: https://create.blubrry.com/resources/podcast-media-hosting/
13
9
License: GPLv2 or later
…
…
190
186
191
187
\== Changelog ==
188
\= 10.0.1 =
189
\* Released on 04/10/2023
190
\* Bugfix in suscribe widget
191
\* Stop disabling widget block editor
192
\* Security updates for shortcodes
193
192
194
\= 10.0 =
193
\* Released on 03/29/2023
195
\* Released on 04/06/2023
194
196
\* Network section redesign
195
197
\* New features: Add program to list, undo applicant status, delete rejected applicant
Note: See TracChangeset for help on using the changeset viewer.
Related news
WordPress PowerPress 10.0 Cross Site Scripting
WordPress PowerPress plugin versions 10.0 and below suffer from a persistent cross site scripting vulnerability.