plugin-nl / websitescanner-custom-schema Goto Github PK

Add extra column to quickly see if there is any custom schema from this plugin set on a page.

If someone wants to add a price of an item to the schema markup we want them to be able to add these via placeholder variables. This way the schema is always up-to-date even if product/post details change.

Hello Tim,
i found your plugin in the WordPress repository (use it for some clients) and am very happy with it. Thank you very much!!!

I noticed a security hole thing that you could easily improve: the plugin does not sanitize the input.

What does it mean?
It is very easy to inject bad code via the plugin. Just add </script><script> in one of the input fields. Then you can fill some JavaScript. This script will run on the browser of the user.

But this security thing is easy to fix. Just sanitize the input:

How to solve the problem?
Sanitizes the input with sanitize_post().

In this file:
websitescanner-custom-schema/admin/class-websitescanner-custom-schema-admin.php

Change line 97:
$data = $this->validate($_POST[$this->plugin_name]);

With this both lines:
$data = sanitize_post($_POST[$this->plugin_name], 'js');
$data = $this->validate($data);

Or just accept my pull request. :-)

Currently the plugin validates if the JSON is correct and uses a different method then the validation done by Google's testing tool. By auto removing new lines within JSON fields it should correct a part of the differences.

Enhancement request by email:

Hi, I love your custom schema plugin. It is possible to add support to amp pages? That is a custom schema created in a post should also reflect in the amp version of the post
Thanks

Currently the fields only show up on posts and pages. Would be nice if It also worked on Custom post types and products (WooCommerce).

If a user has custom attributes or post meta we want them to be able to create custom placeholder variables.