Merge pull request #41 from brainstormforce/bb-card-issue

Improvement in the code for Card

Author: sushmak02

README.md

@@ -1,9 +1,9 @@
 # Cards for Beaver Builder #
-**Contributors:** [pratikchaskar](https://profiles.wordpress.org/pratikchaskar)  
+**Contributors:** [brainstormforce](https://profiles.wordpress.org/brainstormforce), [pratikchaskar](https://profiles.wordpress.org/pratikchaskar)  
 **Donate link:** https://www.paypal.me/BrainstormForce  
 **Requires at least:** 4.4  
 **Tags:** beaver builder, page builder plugin, bootstrap cards, cards, bootstrap, drag and drop cards, bb bootstrap, Cards for Beaver Builder  
-**Stable tag:** 1.1.3  
+**Stable tag:** 1.1.4  
 **Tested up to:** 6.5  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
@@ -88,6 +88,9 @@ Visit our website to know more about the top WordPress products and services we
 
 ## Changelog ##
 
+### 1.1.4 ###
+This update addressed a security bug. Props to Wordfence for privately reporting it privately to our team. Please make sure you are using the latest version on your website.
+
 ### 1.1.3 ###
 * Security Fix: Hardened the security of the plugin. Props: Wordfence.
 

bb-bootstrap-cards-module/includes/frontend.php

@@ -18,12 +18,12 @@
 			$attrs   = $module->get_attributes();
 		?>
 		<?php if ( 'yes' == $settings->photo_hyperlink && 'link' == $settings->card_btn_type ) : ?>
-		<a href="<?php echo $settings->link_field; ?>" target="<?php echo $settings->link_target; ?>" itemprop="url">
+		<a href="<?php echo esc_url( $settings->link_field ); ?>" target="<?php echo esc_attr( $settings->link_target ); ?>" itemprop="url">
 		<?php endif; ?>
 		<?php if ( 'yes' == $settings->photo_hyperlink && 'button' == $settings->card_btn_type ) : ?>
-		<a href="<?php echo $settings->btn_link; ?>" target="<?php echo $settings->btn_link_target; ?>" itemprop="url">
+		<a href="<?php echo esc_url( $settings->btn_link ); ?>" target="<?php echo esc_attr( $settings->btn_link_target ); ?>" itemprop="url">
 		<?php endif; ?>
-		<img class="<?php echo $classes; ?>" src="<?php echo $src; ?>" alt="<?php echo $alt; ?>" itemprop="image" <?php echo $attrs; ?> />
+		<img class="<?php echo esc_attr( $classes ); ?>" src="<?php echo esc_url( $src ); ?>" alt="<?php echo esc_attr( $alt ); ?>" itemprop="image" <?php echo $attrs; ?> />
 		<?php if ( 'yes' == $settings->photo_hyperlink && 'none' != $settings->card_btn_type ) : ?>
 		</a>
 		<?php endif; ?>
@@ -34,7 +34,7 @@
 	<!--Card content-->
 	<div class="bb_boot_card_block">
 		<!--Title-->
-		<<?php echo $settings->tag; ?> class="bb_boot_card_title"><?php echo $settings->card_title; ?></<?php echo $settings->tag; ?>>
+		<<?php echo esc_attr( $settings->tag ); ?> class="bb_boot_card_title"><?php echo esc_html( $settings->card_title ); ?></<?php echo esc_attr( $settings->tag ); ?>>
 		<!--/.Title-->	
 			<!--Text-->
 			<div class="bb_boot_card_text">
@@ -44,11 +44,11 @@
 			<!--Link--> 
 			<?php if ( 'link' == $settings->card_btn_type ) { ?>  
 			<a class="bb_boot_card_link" href="<?php echo esc_url( $settings->link_field ); ?>" target="<?php echo esc_attr( $settings->link_target ); ?>">
-				<?php echo $settings->card_btn_text; ?>
+				<?php echo esc_html( $settings->card_btn_text ); ?>
 			</a>
 		<?php } elseif ( 'button' == $settings->card_btn_type ) { ?>
 			<a class="bb_boot_card_link_button" href="<?php echo esc_url( $settings->btn_link ); ?>" target="<?php echo esc_attr( $settings->btn_link_target ); ?>">
-				<span class="bb_boot_button"><?php echo $settings->btn_text; ?></span>
+				<span class="bb_boot_button"><?php echo esc_html( $settings->btn_text ); ?></span>
 			</a>	
 		<?php } ?>
 		<!--/.Link-->

bb-bootstrap-cards.php.php

@@ -3,10 +3,10 @@
  * Plugin Name:     Cards for Beaver Builder
  * Plugin URI:      https://www.brainstormforce.com/
  * Description:     This is a plugin for creating Awesome Bootstrap Card.
- * Author:          Pratik Chaskar
- * Author URI:      https://pratikchaskar.com/
+ * Author:          Brainstorm Force, Pratik Chaskar
+ * Author URI:      https://brainstormforce.com/
  * Text Domain:     bb-bootstrap-cards
- * Version:         1.1.3
+ * Version:         1.1.4
  *
  * @package         BB-Bootstrap-Cards
  */

readme.txt

@@ -1,9 +1,9 @@
 === Cards for Beaver Builder ===
-Contributors: pratikchaskar
+Contributors: brainstormforce, pratikchaskar
 Donate link: https://www.paypal.me/BrainstormForce
 Requires at least: 4.4
 Tags: beaver builder, page builder plugin, bootstrap cards, cards, bootstrap, drag and drop cards, bb bootstrap, Cards for Beaver Builder
-Stable tag: 1.1.3
+Stable tag: 1.1.4
 Tested up to: 6.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -88,6 +88,9 @@ Visit our website to know more about the top WordPress products and services we
 
 == Changelog ==
 
+= 1.1.4 =
+This update addressed a security bug. Props to Wordfence for privately reporting it privately to our team. Please make sure you are using the latest version on your website.
+
 = 1.1.3 =
 * Security Fix: Hardened the security of the plugin. Props: Wordfence.