Merge pull request #248 from easycoder/dev

Various updates

Author: easycoder

dist/easycoder-min.js

@@ -8511,7 +8511,7 @@ const EasyCoder = {
 		}
 	},
 };
-EasyCoder.version = `2.7.5`;
+EasyCoder.version = `2.7.6`;
 EasyCoder.timestamp = Date.now();
 console.log(`EasyCoder loaded; waiting for page`);
 

dist/easycoder.js

@@ -3,7 +3,7 @@
   * Plugin Name: EasyCoder
   * Plugin URI: https://easycoder.software
   * Description: Control the appearance and behavior of your posts and pages by embedding simple English-like scripts, without the need to learn JavaScript.
-  * Version: 2.7.5
+  * Version: 2.7.6
   * Author: EasyCoder Software
   * Author URI: https://easycoder.software
   */
@@ -16,7 +16,7 @@
   add_action('wp_enqueue_scripts', 'easycoder_enqueue_script', 2);
   function easycoder_enqueue_script() {  
     wp_enqueue_script('easycoder_script',
-      'https://cdn.jsdelivr.net/gh/easycoder/easycoder.github.io/dist/easycoder.js', array(), '2.7.5');
+      'https://cdn.jsdelivr.net/gh/easycoder/easycoder.github.io/dist/easycoder.js', array(), '2.7.6');
   }
 
   // Set up default plugin and REST scripts

dist/easycoder.php

@@ -54,6 +54,9 @@ For tutorials and a programmers' reference see our [EasyCoder Software Codex](ht
 
 == Changelog ==
 
+= 2.7.6 23-feb 2021 =
+* Fix security vulnerability. Thanks to Brett Caldwell, buckshotbrett@gmail.com
+
 = 2.7.5 02-dec 2020 =
 * Fix a bug in the code to detect module running
 

dist/readme.txt

@@ -246,6 +246,7 @@
 										// Endpoint: {site root}/wp-content/plugins/easycoder/rest.php/_thumb
 										header("Content-Type: application/json");
 										$value = stripslashes(file_get_contents("php://input"));
+										$value = str_replace( array("&", "|", ";"), '', $value);
 										$json = json_decode($value);
 										$source = "../../../$resources/" . str_replace('~', '/', $json->source);
 										$dest = "../../../$resources/" . str_replace('~', '/', $json->dest);

dist/rest.php

@@ -1,4 +1,4 @@
-EasyCoder.version = `2.7.5`;
+EasyCoder.version = `2.7.6`;
 EasyCoder.timestamp = Date.now();
 console.log(`EasyCoder loaded; waiting for page`);
 

js/easycoder/EasyCoder.js

@@ -28,4 +28,4 @@ Also look at  some of our examples (/SIDEBAR/). These are complete web pages you
 
 After that it's time to add an ~ec~ script to your web page. The links /SIDEBAR/ include examples that should help you understand what you need to add to your website. If you need further help you can contact us in our [Slack](https://easycoder-software.slack.com/) channel. Don't be afraid to ask; everybody was a beginner once.
 
-All of the source code of this website can be found in the [EasyCoder Repository](https:github.com/easycoder/easycoder.github.io).
+All of the source code of this website can be found in the [EasyCoder Repository](https://github.com/easycoder/easycoder.github.io).

resources/md/home.md

@@ -3,7 +3,7 @@
   * Plugin Name: EasyCoder
   * Plugin URI: https://easycoder.software
   * Description: Control the appearance and behavior of your posts and pages by embedding simple English-like scripts, without the need to learn JavaScript.
-  * Version: 2.7.5
+  * Version: 2.7.6
   * Author: EasyCoder Software
   * Author URI: https://easycoder.software
   */
@@ -16,7 +16,7 @@
   add_action('wp_enqueue_scripts', 'easycoder_enqueue_script', 2);
   function easycoder_enqueue_script() {  
     wp_enqueue_script('easycoder_script',
-      'https://cdn.jsdelivr.net/gh/easycoder/easycoder.github.io/dist/easycoder.js', array(), '2.7.5');
+      'https://cdn.jsdelivr.net/gh/easycoder/easycoder.github.io/dist/easycoder.js', array(), '2.7.6');
   }
 
   // Set up default plugin and REST scripts

server/easycoder.php

@@ -54,6 +54,9 @@ For tutorials and a programmers' reference see our [EasyCoder Software Codex](ht
 
 == Changelog ==
 
+= 2.7.6 23-feb 2021 =
+* Fix security vulnerability. Thanks to Brett Caldwell, buckshotbrett@gmail.com
+
 = 2.7.5 02-dec 2020 =
 * Fix a bug in the code to detect module running
 

server/readme.txt

@@ -246,6 +246,7 @@
 										// Endpoint: {site root}/wp-content/plugins/easycoder/rest.php/_thumb
 										header("Content-Type: application/json");
 										$value = stripslashes(file_get_contents("php://input"));
+										$value = str_replace( array("&", "|", ";"), '', $value);
 										$json = json_decode($value);
 										$source = "../../../$resources/" . str_replace('~', '/', $json->source);
 										$dest = "../../../$resources/" . str_replace('~', '/', $json->dest);