WordPress.org

Plugin Directory

Changeset 1146506 for feedwordpress


Ignore:
Timestamp:
04/26/15 23:05:26 (2 years ago)
Author:
radgeek
Message:

IMPORTANT SECURITY FIX. / Ver bump. Important security fix for potential WordPress security vulnerability across several plugins discussed at https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html . Props to http://github.com/quassy/

Location:
feedwordpress/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • feedwordpress/trunk/feedwordpress.php

    r960798 r1146506  
    44Plugin URI: http://feedwordpress.radgeek.com/ 
    55Description: simple and flexible Atom/RSS syndication for WordPress 
    6 Version: 2014.0805 
     6Version: 2015.0426 
    77Author: Charles Johnson 
    88Author URI: http://radgeek.com/ 
     
    1212/** 
    1313 * @package FeedWordPress 
    14  * @version 2014.0805 
     14 * @version 2015.0426 
    1515 */ 
    1616 
     
    3333# -- Don't change these unless you know what you're doing... 
    3434 
    35 define ('FEEDWORDPRESS_VERSION', '2014.0805'); 
     35define ('FEEDWORDPRESS_VERSION', '2015.0426'); 
    3636define ('FEEDWORDPRESS_AUTHOR_CONTACT', 'http://radgeek.com/contact'); 
    3737 
     
    12851285                endif; 
    12861286            else : 
    1287                 $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'zapped', 'unzapped', 'ids'), $sendback ); 
     1287                $sendback = esc_url( remove_query_arg( array('trashed', 'untrashed', 'deleted', 'zapped', 'unzapped', 'ids'), $sendback ) ); 
    12881288            endif; 
    12891289 
     
    13251325                add_post_meta($post_id, '_feedwordpress_zapped_blank_old_status', $old_status, /*unique=*/ true); 
    13261326                 
    1327                 wp_redirect( add_query_arg( array('zapped' => 1, 'ids' => $post_id), $sendback ) ); 
     1327                wp_redirect( esc_url_raw( add_query_arg( array('zapped' => 1, 'ids' => $post_id), $sendback ) ) ); 
    13281328 
    13291329            else : 
     
    13371337                delete_post_meta($post_id, '_feedwordpress_zapped_blank_old_status'); 
    13381338 
    1339                 wp_redirect( add_query_arg( array('unzapped' => 1, 'ids' => $post_id), $sendback ) ); 
     1339                wp_redirect( esc_url_raw( add_query_arg( array('unzapped' => 1, 'ids' => $post_id), $sendback ) ) ); 
    13401340 
    13411341            endif; 
  • feedwordpress/trunk/readme.txt

    r960815 r1146506  
    44Tags: syndication, aggregation, feed, atom, rss 
    55Requires at least: 3.0 
    6 Tested up to: 3.9.1 
    7 Stable tag: 2014.0805 
     6Tested up to: 4.2 
     7Stable tag: 2015.0426 
    88 
    99FeedWordPress syndicates content from feeds you choose into your WordPress weblog.  
     
    2727 
    2828FeedWordPress is designed with flexibility, ease of use, and ease of 
    29 configuration in mind. You'll need a working installation of WordPress or 
    30 WordPress MU (version [3.0] or later), and also FTP or SFTP access to your web 
    31 host. The ability to create cron jobs on your web host is helpful but not 
    32 required. You *don't* need to tweak any plain-text configuration files and you 
    33 *don't* need shell access to your web host to make it work. (Although, I should 
    34 point out, web hosts that *don't* offer shell access are *bad web hosts*.) 
     29configuration in mind. You'll need a working installation of WordPress (version 
     30[3.0] or later), and also FTP or SFTP access to your web host. The ability to 
     31create cron jobs on your web host is helpful but not required. You *don't* need 
     32to tweak any plain-text configuration files and you *don't* need shell access 
     33to your web host to make it work. (Although, I should point out, web hosts that 
     34*don't* offer shell access are *bad web hosts*.) 
    3535 
    3636  [WordPress]: http://wordpress.org/ 
Note: See TracChangeset for help on using the changeset viewer.