From 3d660ec0dfe838ad70be66431f1f5a90f85bab1e Mon Sep 17 00:00:00 2001
From: Fabio Rinaldi <fabiorino@outlook.com>
Date: Thu, 2 Jan 2025 12:03:34 +0100
Subject: [PATCH] Fix XSS vulnerability

---
 crellyslider.php       |  4 ++--
 readme.txt             |  7 +++++--
 wordpress/elements.php | 10 +++++-----
 wordpress/frontend.php |  6 +++---
 wordpress/slides.php   |  2 +-
 5 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/crellyslider.php b/crellyslider.php
index 95a5d33..dde6b22 100644
--- a/crellyslider.php
+++ b/crellyslider.php
@@ -3,7 +3,7 @@
  * Plugin Name: Crelly Slider
  * Plugin URI: https://wordpress.org/plugins/crelly-slider/
  * Description: A free responsive slider that supports layers. Add texts, images, videos and beautify them with transitions and animations.
- * Version: 1.4.6
+ * Version: 1.4.7
  * Author: Fabio Rinaldi
  * Author URI: https://github.com/fabiorino
  * Text Domain: crelly-slider
@@ -18,7 +18,7 @@
 
 define('CS_DEBUG', true);
 
-define('CS_VERSION', '1.4.6');
+define('CS_VERSION', '1.4.7');
 define('CS_MIN_CAPABILITY', 'manage_options');
 define('CS_PATH', plugin_dir_path(__FILE__));
 define('CS_PLUGIN_URL', plugins_url() . '/crelly-slider');
diff --git a/readme.txt b/readme.txt
index 76a8893..2a3a9ff 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,8 +3,8 @@ Contributors: fabiorino
 Donate link: http://crellyslider.altervista.org/contribute-and-support/
 Tags: slider, layers, animations, transitions, texts, images, videos
 Requires at least: 4.6
-Tested up to: 6.5
-Stable tag: 1.4.6
+Tested up to: 6.7
+Stable tag: 1.4.7
 License: MIT
 License URI: http://opensource.org/licenses/MIT
 
@@ -54,6 +54,9 @@ You can find the documentation <a href="http://crellyslider.altervista.org/docum
 
 == Changelog ==
 
+= 1.4.7 =
+* Fixed XSS vulnerability.
+
 = 1.4.6 =
 * Fixed security issue.
 * Fixed PHP warning.
diff --git a/wordpress/elements.php b/wordpress/elements.php
index 22c0be5..02b8faa 100644
--- a/wordpress/elements.php
+++ b/wordpress/elements.php
@@ -13,7 +13,7 @@ class="cs-slide-editing-area"
 				echo 'data-background-image-src="' . stripslashes($slide->background_type_image) . '"';
 			}
 
-			$background_url = CrellySliderCommon::getURL(stripslashes($slide->background_type_image));
+			$background_url = esc_url(CrellySliderCommon::getURL(stripslashes($slide->background_type_image)));
 
 			?>
 			style="
@@ -36,7 +36,7 @@ class="cs-slide-editing-area"
 
 						$link_output = '<a' . "\n" .
 						'class="cs-element cs-' . esc_attr($element->type) . '-element"' . "\n" .
-						'href="' . stripslashes($element->link) . '"' . "\n" .
+						'href="' . esc_url($element->link) . '"' . "\n" .
 						$target . "\n" .
 						'style="' .
 						'z-index: ' . esc_attr($element->z_index) . ';' . "\n" .
@@ -78,7 +78,7 @@ class="cs-slide-editing-area"
 						case 'image':
 							?>
 							<img
-							src="<?php echo CrellySliderCommon::getURL(stripslashes($element->image_src)); ?>"
+							src="<?php echo esc_url(CrellySliderCommon::getURL(stripslashes($element->image_src))); ?>"
 							alt="<?php echo esc_attr($element->image_alt); ?>"
 							style="
 							<?php
@@ -416,7 +416,7 @@ function crellyslider_printTextElement($element) {
 				<td class="cs-content">
 					<?php
 					if($void) echo '<input class="cs-element-link" type="text" value="" />';
-					else echo '<input class="cs-element-link" type="text" value="' . stripslashes($element->link) .'" />';
+					else echo '<input class="cs-element-link" type="text" value="' . esc_url($element->link) .'" />';
 					?>
 					<br />
 					<?php
@@ -666,7 +666,7 @@ function crellyslider_printImageElement($element) {
 				<td class="cs-content">
 					<?php
 					if($void) echo '<input class="cs-element-link" type="text" value="" />';
-					else echo '<input class="cs-element-link" type="text" value="' . stripslashes($element->link) .'" />';
+					else echo '<input class="cs-element-link" type="text" value="' . esc_url($element->link) .'" />';
 					?>
 					<br />
 					<?php
diff --git a/wordpress/frontend.php b/wordpress/frontend.php
index 992e5fc..3a7a05c 100644
--- a/wordpress/frontend.php
+++ b/wordpress/frontend.php
@@ -88,10 +88,10 @@ public static function output($alias) {
 
 			if($slide->link != '') {
 				if($slide->link_new_tab) {
-					$output .= '<a class="cs-background-link" target="_blank" href="' . stripslashes($slide->link) . '"></a>';
+					$output .= '<a class="cs-background-link" target="_blank" href="' . esc_url($slide->link) . '"></a>';
 				}
 				else {
-					$output .= '<a class="cs-background-link" href="' . stripslashes($slide->link) . '"></a>';
+					$output .= '<a class="cs-background-link" href="' . esc_url($slide->link) . '"></a>';
 				}
 			}
 
@@ -112,7 +112,7 @@ public static function output($alias) {
 					'data-top="' . esc_attr($element->data_top) . '"' . "\n" .
 					'data-left="' . esc_attr($element->data_left) . '"' . "\n" .
 					'data-time="' . esc_attr($element->data_time) . '"' . "\n" .
-					'href="' . stripslashes($element->link) . '"' . "\n" .
+					'href="' . esc_url($element->link) . '"' . "\n" .
 					$target . "\n" .
 					'style="' .
 					'z-index: ' . $element->z_index . ';' . "\n" .
diff --git a/wordpress/slides.php b/wordpress/slides.php
index 5e1b8cd..65dd598 100644
--- a/wordpress/slides.php
+++ b/wordpress/slides.php
@@ -286,7 +286,7 @@ function crellyslider_printSlide($slider, $slide, $edit) {
 				<td class="cs-content">
 					<?php
 					if($void) echo '<input class="cs-background-link" type="text" value="" />';
-					else echo '<input class="cs-background-link" type="text" value="' . stripslashes($slide->link) .'" />';
+					else echo '<input class="cs-background-link" type="text" value="' . esc_url($slide->link) .'" />';
 					?>
 					<br />
 					<?php