Making WordPress.org

Changeset 4424


Ignore:
Timestamp:
11/26/2016 04:17:20 AM (5 years ago)
Author:
dd32
Message:

Plugin Directory: Limit the shortcodes in use on the plugin directory to those registered by the directory, and youtube, vimeo and videopress.
Fixes #2270.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php

    r4423 r4424  
    3030        add_action( 'init', array( $this, 'init' ) );
    3131        add_action( 'init', array( $this, 'register_shortcodes' ) );
     32        add_action( 'init', array( $this, 'remove_other_shortcodes' ), 999 );
    3233        add_action( 'widgets_init', array( $this, 'register_widgets' ) );
    3334        add_filter( 'post_type_link', array( $this, 'filter_post_type_link' ), 10, 2 );
     
    347348        add_shortcode( 'wporg-plugins-reviews',     array( __NAMESPACE__ . '\Shortcodes\Reviews',     'display' ) );
    348349        add_shortcode( 'readme-validator',          array( __NAMESPACE__ . '\Shortcodes\Readme_Validator',     'display' ) );
     350    }
     351
     352    /**
     353     * deregister any shortcodes which we haven't explicitly allowed.
     354     */
     355    public function remove_other_shortcodes() {
     356        global $shortcode_tags;
     357        $allowed_shortcodes = array(
     358            'youtube',
     359            'vimeo',
     360            'videopress',
     361            'wporg-plugins-developers',
     362            'wporg-plugin-upload',
     363            'wporg-plugins-screenshots',
     364            'wporg-plugins-reviews',
     365            'readme-validator'
     366        );
     367
     368        $not_allowed_shortcodes = array_diff( array_keys( $shortcode_tags ), $allowed_shortcodes );
     369        foreach ( $not_allowed_shortcodes as $tag ) {
     370            remove_shortcode( $tag );
     371        }
    349372    }
    350373
Note: See TracChangeset for help on using the changeset viewer.