v2.7.3

Hotfix version 2.7.3

• Update regex for Object Injection check to include + bypass and PHP serialized classes. props @erwanlr

v2.7.2

Hotfix Version 2.7.2

• Extend the unfiltered_html iframe capabilities to support additional style attributes.

v2.7.1

Hotfix Version 2.7.1

• Fix error cannot redeclare _sanitize_recursive(). props @shramee
• Ensure iframe supports the style attribute for users with unfiltered_html capabilities.
• Ensure noscript is supported for users with unfiltered_html capabilities.

v2.7.0

Version 2.7.0

• Require PHP 5.3+
• Fix all PHPCS errors and warnings.
• Fix a vulnerability where Object Injection could take place if someone has a valid nonce.
• Force all settings to be sanitized and escaped before saving and during display.
• Add filter ot_validate_setting_input_safe which is used to validate the input value of a custom setting type. All values must be validated!
• Add a notice to let users know that a custom setting type is not properly validating saved data and do a best-effort sanitize of the user data before saving it.
• Fix issue with Composer autoload and only load OptionTree if we have access to WordPress. props @infomaniac50
• Fix deprecated create_function notice in PHP 7.2+. props @modesthatred
• Fix notice "Only variables should be passed by reference". props @SergeAx
• Add wordpress-plugin project type to composer file. props @egifford
• Removed translation files.
• Removed the deprecated XML file import method.
• Fix SQL syntax issue. props @ryanlabelle
• Fix metabox radio & checkbox style issues. props @ryanlabelle

v2.6.0

Bump version