diff -r 8c2e4d02f4ef -r 417f20492bf7 wp/wp-content/plugins/include-mastodon-feed/readme.txt --- a/wp/wp-content/plugins/include-mastodon-feed/readme.txt Fri Sep 05 18:52:52 2025 +0200 +++ b/wp/wp-content/plugins/include-mastodon-feed/readme.txt Mon Sep 08 19:44:41 2025 +0200 @@ -3,10 +3,10 @@ Donate link: https://www.buymeacoffee.com/w101 Tags: mastodon, status, feed Requires at least: 6.0 -Tested up to: 6.5 +Tested up to: 6.8 Requires PHP: 7.4 -Stable tag: 1.9.4 -License: Expat License +Stable tag: 1.13.1 +License: MIT License URI: https://directory.fsf.org/wiki/License:Expat Plugin that provides a shortcode to easily integrate mastodon feeds into wordpress pages. @@ -14,6 +14,8 @@ == Description == Plugin that provides an `[include-mastodon-feed]` shortcode to easily integrate mastodon feeds into wordpress pages. Supports personal and tag feeds. +Account and post images are lazy loaded if preserveImageAspectRatio is set to true (default: false). + The plugin is written in PHP and generates native JavaScript to fetch and render the mastodon feed. No special libraries needed. == Installation == @@ -26,15 +28,15 @@ `[include-mastodon-feed instance="YOUR-INSTANCE" account="YOUR-ACCOUNT-ID"]` = Shortcode attributes = +* **instance** (required) +Domain name of the instance without https:// (e.g. example.org) + * **account** (required) The account ID (a long number - see FAQ on how to get it) * **tag** Use **tag** instead of **account** if you want to embed a tag feed instead of a personal feed -* **instance** (required) -Domain name of the instance without https:// (e.g. example.org) - * **limit** Maximum number of statuses (Default: 20) @@ -56,6 +58,12 @@ * **preserveImageAspectRatio** Preserve image aspect ratio (Default: false) +* **imageSize** +Load small sized preview images or full size high quality images (Default: preview, full) + +* **imageLink** +Link image to status or image (Default: status, image) + * **tagged** Show only statuses that are tagged with given tag name (Default: false) No leading #, case insensitive, e.g.: tagged="tagname" @@ -102,12 +110,10 @@ * **date-locale** Locale for date string, used in toLocaleString() (Default: en-US) -* **date-options** -Format options directly fed into toLocaleString() (Default: {}) = Additional customizations = -You can define several plugin constants to set custom default options that will be applied site-wide. +You can define several plugin constants to set custom default options that will be applied site-wide (e.g. date options can only be set as php constant to mitigate an XSS vulnerability). 1. Open your `wp-config.php` file 2. Search for the line `/* Add any custom values between this line and the "stop editing" line. */` @@ -148,6 +154,58 @@ == Changelog == += 1.13.1 = +* fix: removed unnecessary, broken aria-label functionality + += 1.13 = +Special release for Global Accessibility Awareness Day +in collaboration with @oldrup@mastodon.green + +Happy [Accesssibility Day](https://accessibility.day) + +* accessibility (fix): image alt attributes - initial implementation was faulty +* accessibility: added alt text to image / gifv attachments +* accessibility: added alt text to avatar images +* accessibility: added alt text to preview card media +* accessibility: added descriptive aria-labels +* accessibility: increased default text / background color contrast +* accessibility: switched from DIV to semantic OL / LI structure + += 1.12 = +* accessibility: added image alt attribute (thank you @oldrup@mastodon.green) + += 1.11 = +* now favoring preview_url (smaler size) instead of remote_url (full size) for image previews (thank you @oldrup@mastodon.green) + += 1.10 = +* added image lazy loading for account and post images - post image lazy loading only works with preserveImageAspectRatio set to true (thank you @oldrup@mastodon.green) + += 1.9.11 = +* fixed typo (thank you @hjek) +* cleaned up code after 1.9.10 release + += 1.9.10 = +* fixed XSS vulnerability: removed support for date-options as shortcode attribute completely - to mitigate an XSS vulnerability where authenticated attackers with contributor permission could insert malicious JavaScript (still can be set as constant in PHP code) + += 1.9.9 = +* fixed esc_url context that previously broke the URL for the Mastodon API JS ajax request (thank you @beach@illo.social) + += 1.9.8 = +* fix broken date-locale and date-options parameters (thank you @crusy@chaos.social) +* improved string excaping for text parameters and added url escaping +* removed unnecessary output buffering +* fix license SPDX Identifier + += 1.9.7 = +* fix option to either display smaller image media attachment previews (default) or large image versions (thank you @beach@illo.social) + += 1.9.6 = +* fixed XSS vulnerability where authenticated attackers with contributor permissions could insert malicious JavaScript + += 1.9.5 = +* added option to either display smaller image media attachment previews (default) or large image versions (thank you @beach@illo.social) +* added option to point image media attachment links to either status (default) or image + = 1.9.4 = * added option to hide status meta information and date/time (thank you @PaulKingtiger@dice.camp) * added tag support - you can now embed tag feeds (thank you @martin@openedtech.social)