v1.5.1 - Improved escaping of Shortcode attributes.

Waymark.php

@@ -4,7 +4,7 @@
 Plugin Name: Waymark
 Plugin URI: https://www.waymark.dev/
 Description: Mapping with WordPress made easy. With Waymark enabled, click on the "Maps" link in the sidebar to create and edit Maps. Once you are happy with your Map, copy the Waymark shortcode and add it to your content.
-Version: 1.5.0
+Version: 1.5.1
 Text Domain: waymark
 Author: Joe Hawes
 Author URI: https://www.morehawes.ca/

inc/Front/Waymark_HTTP.php

@@ -137,58 +137,15 @@ public function template_redirect() {
 						header('Content-Type: application/gpx+xml');
 
 						//Clean (allow GPX elements)
-						echo wp_kses($map_data, [
-							'gpx' => [
-								'creator' => true,
-								'version' => true,
-								'xmlns' => true,
-								'xmlns:xsi' => true,
-								'xsi:schemaLocation' => true,
-							],
-							'metadata' => [],
-							'name' => [],
-							'wpt' => [
-								'lat' => true,
-								'lon' => true,
-							],
-							'desc' => [],
-							'trk' => [],
-							'trkseg' => [],
-							'trkpt' => [
-								'lat' => true,
-								'lon' => true,
-							],
-							'ele' => [],
-						]);
+						echo wp_kses($map_data, Waymark_Helper::allowable_tags('gpx'));
 
 						break;
 					case 'kml':
 						header('Content-Type: application/vnd.google-earth.kml+xml');
 
 						// Clean (allow KML elements)
 						echo '<?xml version="1.0" encoding="UTF-8"?>';
-						echo wp_kses($map_data, [
-							'kml' => [
-								'xmlns' => true,
-							],
-							'document' => [],
-							'placemark' => [],
-							'name' => [],
-							'extendeddata' => [],
-							'data' => [
-								'name' => true,
-							],
-							'value' => [],
-							'point' => [],
-							'coordinates' => [],
-							'description' => [],
-							'linestring' => [],
-							'linearring' => [],
-							'polygon' => [],
-							'outerboundaryis' => [],
-							'innerboundaryis' => [],
-							'multigeometry' => [],
-						]);
+						echo wp_kses($map_data, Waymark_Helper::allowable_tags('kml'));
 
 						break;
 					case 'geojson':

inc/Helpers/Waymark_Helper.php

@@ -1674,4 +1674,59 @@ public static function parameter_allowed_html() {
 		];
 	}
 
+	public static function allowable_tags($kind = '') {
+		switch ($kind) {
+		case 'kml':
+			return [
+				'kml' => [
+					'xmlns' => true,
+				],
+				'document' => [],
+				'placemark' => [],
+				'name' => [],
+				'extendeddata' => [],
+				'data' => [
+					'name' => true,
+				],
+				'value' => [],
+				'point' => [],
+				'coordinates' => [],
+				'description' => [],
+				'linestring' => [],
+				'linearring' => [],
+				'polygon' => [],
+				'outerboundaryis' => [],
+				'innerboundaryis' => [],
+				'multigeometry' => [],
+			];
+
+			break;
+		case 'gpx':
+			return [
+				'gpx' => [
+					'creator' => true,
+					'version' => true,
+					'xmlns' => true,
+					'xmlns:xsi' => true,
+					'xsi:schemaLocation' => true,
+				],
+				'metadata' => [],
+				'name' => [],
+				'wpt' => [
+					'lat' => true,
+					'lon' => true,
+				],
+				'desc' => [],
+				'trk' => [],
+				'trkseg' => [],
+				'trkpt' => [
+					'lat' => true,
+					'lon' => true,
+				],
+				'ele' => [],
+			];
+
+			break;
+		}
+	}
 }

inc/Waymark_Config.php

@@ -11,7 +11,7 @@ public static function init() {
 			'plugin_name' => 'Waymark',
 			'plugin_name_short' => 'Waymark',
 			'custom_types' => [],
-			'plugin_version' => '1.5.0',
+			'plugin_version' => '1.5.1',
 			'nonce_string' => 'Waymark_Nonce',
 			'site_url' => 'https://www.waymark.dev/',
 			'directory_url' => 'https://wordpress.org/support/plugin/waymark/',

languages/waymark-en_CA.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-18 00:24:31+00:00\n"
 "PO-Revision-Date: 2024-01-23 10:12-0800\n"

languages/waymark-en_GB.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-18 00:24:31+00:00\n"
 "PO-Revision-Date: 2024-01-23 08:47-0800\n"

languages/waymark-es_ES.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-18 00:24:31+00:00\n"
 "PO-Revision-Date: 2024-01-23 10:19-0800\n"

languages/waymark-fr_CA.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-18 00:24:31+00:00\n"
 "PO-Revision-Date: 2024-01-23 10:17-0800\n"

languages/waymark-ja_JP.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-23 14:32:30+00:00\n"
 "PO-Revision-Date: 2024-01-23 10:42-0800\n"

languages/waymark-sv_SE.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-18 00:24:31+00:00\n"
 "PO-Revision-Date: 2024-01-23 10:18-0800\n"

languages/waymark-uk_UA.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-18 00:24:31+00:00\n"
 "PO-Revision-Date: 2024-01-23 10:18-0800\n"

languages/waymark-zh_CN.po

@@ -2,7 +2,7 @@
 # This file is distributed under the GPLv2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Waymark 1.5.0\n"
+"Project-Id-Version: Waymark 1.5.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/waymark\n"
 "POT-Creation-Date: 2024-01-23 14:32:30+00:00\n"
 "PO-Revision-Date: 2024-01-23 10:25-0800\n"