1berry/include-mastodon-feed
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'develop'

Browse Source
This commit is contained in:
wolfgang101 2025-01-24 12:24:50 +01:00
commit 4f7c264dad
3 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -54,11 +54,10 @@ Place the following shortcode right into the page. Either as shortcode block or
| text-permalinkPost | "" | text-showContent="📅" | Text after post permalink (date & time) |
| text-edited | "(edited)" | text-showContent="✏" | Text indicating edited posts |
| date-locale | "en-US" | date-locale="de-DE" | Locale for date string, used in toLocaleString() |
| date-options | "{}" | date-options="{dateStyle: 'short', timeStyle: 'long'}" | Format options directly fed into toLocaleString() |
### Additional customizations
You can define several plugin constants to set custom default options that will be applied site-wide.
You can define several plugin constants to set custom default options that will be applied site-wide (e.g. date options can only be set as php constant to mitigate an XSS vulnerability).
1. Open your `wp-config.php` file
2. Search for the line `/* Add any custom values between this line and the "stop editing" line. */`

8
plugin.php
View File

@ -3,7 +3,7 @@
Plugin Name: Include Mastodon Feed
Plugin URI: https://wolfgang.lol/code/include-mastodon-feed-wordpress-plugin
Description: Plugin providing [include-mastodon-feed] shortcode
Version: 1.9.9
Version: 1.9.10
Author: wolfgang.lol
Author URI: https://wolfgang.lol
License: MIT
@ -725,7 +725,7 @@ function display_feed($atts) {
"<?php echo esc_url( $apiUrl, ['https'], 'apicall' ); ?>",
"<?php echo filter_var( $elemId, FILTER_UNSAFE_RAW ); ?>",
{
linkTarget: "<?php echo esc_attr(filter_var( $atts['linktarget'], FILTER_UNSAFE_RAW )); ?>",
linkTarget: "<?php echo esc_js(filter_var( $atts['linktarget'], FILTER_UNSAFE_RAW )); ?>",
showPreviewCards: <?php echo (filter_var( $atts['showpreviewcards'], FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ? "true" : "false"); ?>,
excludeConversationStarters: <?php echo (filter_var( $atts['excludeconversationstarters'], FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) ? "true" : "false"); ?>,
content: {
@ -748,8 +748,8 @@ function display_feed($atts) {
},
localization: {
date: {
locale: "<?php echo filter_var( $atts['date-locale'], FILTER_UNSAFE_RAW ); ?>",
options: <?php echo filter_var( $atts['date-options'], FILTER_UNSAFE_RAW ); ?>,
locale: "<?php echo esc_js( filter_var( $atts['date-locale'], FILTER_UNSAFE_RAW ) ); ?>",
options: <?php echo filter_var( INCLUDE_MASTODON_FEED_DATE_OPTIONS, FILTER_UNSAFE_RAW ); ?>,
}
}
}

13
readme.txt
View File

@ -5,7 +5,7 @@ Tags: mastodon, status, feed
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 7.4
Stable tag: 1.9.9
Stable tag: 1.9.10
License: MIT
License URI: https://directory.fsf.org/wiki/License:Expat
@ -105,15 +105,9 @@ Text after post permalink (date & time) (Default: )
* **text-edited**
Text indicating edited posts (Default: (edited))
* **date-locale**
Locale for date string, used in toLocaleString() (Default: en-US)
* **date-options**
Format options directly fed into toLocaleString() (Default: {})
= Additional customizations =
You can define several plugin constants to set custom default options that will be applied site-wide.
You can define several plugin constants to set custom default options that will be applied site-wide (e.g. date options can only be set as php constant to mitigate an XSS vulnerability).
1. Open your `wp-config.php` file
2. Search for the line `/* Add any custom values between this line and the "stop editing" line. */`
@ -154,6 +148,9 @@ Use the following URL to get your ID:
== Changelog ==
= 1.9.10 =
* fixed XSS vulnerability: removed support for date-options as shortcode attribute to mitigate an XSS vulnerability (still can be set as constant in PHP code)
= 1.9.9 =
* fixed esc_url context that previously broke the URL for the Mastodon API JS ajax request (thank you @beach@illo.social)