Last active
August 29, 2015 14:01
-
-
Save nciske/7853fdbdc90c1245e656 to your computer and use it in GitHub Desktop.
Add some sanitization to avoid XSS issues. Based on http://plugins.svn.wordpress.org/url-params/tags/1.5/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
Plugin Name: URL Params | |
Plugin URI: http://asandia.com/wordpress-plugins/urlparams/ | |
Description: Short Code to grab any URL Parameter | |
Version: 1.5.1 | |
Author: Jeremy B. Shapiro | |
Author URI: http://www.asandia.com/ | |
*/ | |
/* | |
URL Params (Wordpress Plugin) | |
Copyright (C) 2011-2013 Jeremy Shapiro | |
*/ | |
//tell wordpress to register the shortcodes | |
add_shortcode("urlparam", "urlparam"); | |
add_shortcode("ifurlparam", "ifurlparam"); | |
function urlparam($atts) { | |
$atts = shortcode_atts(array( | |
'param' => '', | |
'default' => '', | |
'dateformat' => '' | |
), $atts); | |
$params = preg_split('/\,\s*/',$atts['param']); | |
foreach($params as $param) | |
{ | |
if($_REQUEST[$param]) | |
{ | |
if(($atts['dateformat'] != '') && strtotime(wp_filter_nohtml_kses($_REQUEST[$param]))) | |
{ | |
return date($atts['dateformat'], strtotime(wp_filter_nohtml_kses($_REQUEST[$param]))); | |
} else { | |
return wp_filter_nohtml_kses($_REQUEST[$param]); | |
} | |
} | |
} | |
return $atts['default']; | |
} | |
/* | |
* If 'param' is found and 'is' is set, compare the two and display the contact if they match | |
* If 'param' is found and 'is' isn't set, display the content between the tags | |
* If 'param' is not found and 'empty' is set, display the content between the tags | |
* | |
*/ | |
function ifurlparam($atts, $content) { | |
$atts = shortcode_atts(array( | |
'param' => '', | |
'empty' => false, | |
'is' => false, | |
), $atts); | |
$params = preg_split('/\,\s*/',$atts['param']); | |
foreach($params as $param) | |
{ | |
if($_REQUEST[$param]) | |
{ | |
if($atts['empty']) | |
{ | |
return ''; | |
} elseif(!$atts['is'] or ($_REQUEST[$param] == $atts['is'])) { | |
return do_shortcode($content); | |
} | |
} | |
} | |
if ($atts['empty']) | |
{ | |
return do_shortcode($content); | |
} | |
return ''; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment