github
/
kratos
mirror of https://github.com/vtrois/kratos
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: potential XSS vulnerability in jQuery

pull/620/head
Seaton Jiang 2023-04-04 20:06:00 +08:00
parent bd12b16648
commit a307af4add
No known key found for this signature in database
GPG Key ID: B79682F6FE8D30E3
4 changed files with 90 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
assets/js/jquery.min.js vendored
View File

File diff suppressed because one or more lines are too long

6
assets/js/kratos.js
View File

@ -2,7 +2,7 @@
* Kratos
* Seaton Jiang <hi@seatonjiang.com>
*/
(function () {
(function ($) {
"use strict";
var KRATOS_VERSION = "4.2.0";
@ -136,7 +136,7 @@
};
var accordionConfig = function () {
$(document).on("click", ".acheader", function (event) {
$(".acheader").on("click", function (event) {
var $this = $(this);
$this.closest(".accordion").find(".contents").slideToggle(300);
if ($this.closest(".accordion").hasClass("active")) {
@ -178,7 +178,7 @@
consoleConfig();
lightGalleryConfig();
});
})();
})(jQuery);
function grin(tag) {
var myField;

10
inc/theme-article.php
View File

@ -4,7 +4,7 @@
* 文章相关函数
* @author Seaton Jiang <hi@seatonjiang.com>
* @license GPL-3.0 License
* @version 2022.11.27
* @version 2023.04.04
*/
// 文章链接添加 target 和 rel
@ -211,7 +211,7 @@ function pagelist($range = 5)
// 文章评论
function comment_scripts()
{
wp_enqueue_script('comment', ASSET_PATH . '/assets/js/comments.min.js', array(), THEME_VERSION);
wp_enqueue_script('comment', ASSET_PATH . '/assets/js/comments.min.js', array('jquery'), THEME_VERSION);
wp_localize_script('comment', 'ajaxcomment', array(
'ajax_url' => admin_url('admin-ajax.php'),
'order' => get_option('comment_order'),
@ -266,7 +266,8 @@ function comment_callback()
<?php comment_text(); ?>
</div>
<div class="meta clearfix">
<div class="date d-inline-block float-left"><?php echo get_comment_date(); ?><?php if (current_user_can('edit_posts')) {
<div class="date d-inline-block float-left"><?php echo get_comment_date(); ?>
<?php if (current_user_can('edit_posts')) {
echo '<span class="ml-2">';
edit_comment_link(__('编辑', 'kratos'));
echo '</span>';
@ -321,7 +322,8 @@ function comment_callbacks($comment, $args, $depth = 2)
<?php comment_text(); ?>
</div>
<div class="meta clearfix">
<div class="date d-inline-block float-left"><?php echo get_comment_date(); ?><?php if (current_user_can('edit_posts')) {
<div class="date d-inline-block float-left"><?php echo get_comment_date(); ?>
<?php if (current_user_can('edit_posts')) {
echo '<span class="ml-2">';
edit_comment_link(__('编辑', 'kratos'));
echo '</span>';

10
inc/theme-core.php
View File

@ -4,7 +4,7 @@
* 核心函数
* @author Seaton Jiang <hi@seatonjiang.com>
* @license GPL-3.0 License
* @version 2023.03.30
* @version 2023.04.04
*/
// CDN 资源地址
@ -94,12 +94,10 @@ function theme_autoload()
}');
}
// js
wp_deregister_script('jquery');
wp_enqueue_script('jquery', ASSET_PATH . '/assets/js/jquery.min.js', array(), '3.4.1', false);
wp_enqueue_script('bootstrap-bundle', ASSET_PATH . '/assets/js/bootstrap.bundle.min.js', array(), '4.5.0', true);
wp_enqueue_script('layer', ASSET_PATH . '/assets/js/layer.min.js', array(), '3.1.1', true);
wp_enqueue_script('bootstrap-bundle', ASSET_PATH . '/assets/js/bootstrap.bundle.min.js', array('jquery'), '4.5.0', true);
wp_enqueue_script('layer', ASSET_PATH . '/assets/js/layer.min.js', array('jquery'), '3.1.1', true);
wp_enqueue_script('dplayer', ASSET_PATH . '/assets/js/DPlayer.min.js', array(), THEME_VERSION, true);
wp_enqueue_script('kratos', ASSET_PATH . '/assets/js/kratos.js', array(), THEME_VERSION, true);
wp_enqueue_script('kratos', ASSET_PATH . '/assets/js/kratos.js', array('jquery'), THEME_VERSION, true);
$data = array(
'site' => home_url(),