WordPress.org

Plugin Directory

Changeset 1539083


Ignore:
Timestamp:
11/23/16 12:25:30 (11 months ago)
Author:
SriniG
Message:

v2.0.7: Security fixes

Location:
quotes-collection/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • quotes-collection/trunk/inc/class-quotes-collection-admin-list-table.php

    r1538861 r1539083  
    220220        // Frame the parameters to be passed to fetch the data from the database 
    221221        $db_args = array(); 
    222         $db_args['orderby'] = (!empty($_REQUEST['orderby'])) ? esc_attr( $_REQUEST['orderby'] ) : 'quote_id'; 
     222        $db_args['orderby'] = (!empty($_REQUEST['orderby'])) ? $_REQUEST['orderby'] : 'quote_id'; 
    223223        if( empty($_REQUEST['order']) ) { 
    224224            if( 'quote_id' == $db_args['orderby'] ) 
     
    227227        } 
    228228        else  
    229             $db_args['order'] = esc_attr( $_REQUEST['order'] ); 
     229            $db_args['order'] = $_REQUEST['order']; 
    230230 
    231231        if( isset( $_REQUEST['s'] ) && !empty( $_REQUEST['s'] ) ) { 
    232             $db_args['search'] = (string) esc_attr( $_REQUEST['s'] ); 
     232            $db_args['search'] = (string) $_REQUEST['s']; 
    233233        } 
    234234        else $db_args['search'] = ''; 
  • quotes-collection/trunk/inc/class-quotes-collection-widget.php

    r1138881 r1539083  
    8888            $options['random_refresh'] = isset($instance['random_refresh'])?$instance['random_refresh']:1; 
    8989            $options['refresh_interval'] = isset($instance['refresh_interval'])?$instance['refresh_interval']:5; 
    90             $options['char_limit'] = $instance['char_limit']; 
     90            if( isset( $instance['char_limit'] ) && is_numeric( $instance['char_limit'] ) ) { 
     91                $options['char_limit'] = $instance['char_limit'];    
     92            } else { 
     93                $options['char_limit'] = __('none', 'quotes-collection'); 
     94            } 
    9195            $options['tags'] = $instance['tags']; 
    9296        } 
     
    144148        echo '<label for="'.$this->get_field_id( 'auto_refresh' ).'">'.__( 'Auto refresh', 'quotes-collection' ).'</label>'; 
    145149        echo ' <label for="'.$this->get_field_id( 'refresh_interval' ).'"">'; 
    146         printf( __('every %s sec', 'quotes-collection'), '<input type="number" id="'.$this->get_field_id( 'refresh_interval' ).'" name="'.$this->get_field_name('refresh_interval').'" value="'.$options['refresh_interval'].'" min="3" max="60" step="1" style="width:3em;" />' ); 
     150        printf( __('every %s sec', 'quotes-collection'), '<input type="number" id="'.$this->get_field_id( 'refresh_interval' ).'" name="'.$this->get_field_name('refresh_interval').'" value="'. esc_attr( $options['refresh_interval'] ).'" min="3" max="60" step="1" style="width:3em;" />' ); 
    147151        echo '</label>'; 
    148152        echo '</p>'; 
     
    182186        $instance['ajax_refresh'] = (isset($new_instance['ajax_refresh']) && $new_instance['ajax_refresh'])?1:0; 
    183187        $instance['auto_refresh'] = (isset($new_instance['auto_refresh']) && $new_instance['auto_refresh'])?1:0; 
    184         $instance['refresh_interval'] = $new_instance['refresh_interval']; 
     188        if( is_numeric( $new_instance['refresh_interval'] ) ) { 
     189            $instance['refresh_interval'] = $new_instance['refresh_interval'];   
     190        } else { 
     191            $instance['refresh_interval'] = $old_instance['refresh_interval']; 
     192        } 
    185193        $instance['random_refresh'] = (isset($new_instance['random_refresh']) && $new_instance['random_refresh'])?1:0; 
    186194        $instance['tags'] = strip_tags(stripslashes($new_instance['tags'])); 
    187195        $instance['char_limit'] = strip_tags(stripslashes($new_instance['char_limit'])); 
    188         if(!$instance['char_limit']) 
     196        if(!$instance['char_limit'] || !is_numeric($instance['char_limit'])) 
    189197            $instance['char_limit'] = __('none', 'quotes-collection'); 
    190198 
  • quotes-collection/trunk/inc/class-quotes-collection.php

    r1538861 r1539083  
    1010     
    1111    /** Plugin version **/ 
    12     const PLUGIN_VERSION = '2.0.6'; 
     12    const PLUGIN_VERSION = '2.0.7'; 
    1313 
    1414    public $refresh_link_text; 
     
    129129         
    130130        $char_limit = (isset($_POST['char_limit']) && is_numeric($_POST['char_limit']))?$_POST['char_limit']:''; 
    131         $tags = esc_attr( $_POST['tags'] ); 
    132         $orderby = esc_attr( $_POST['orderby'] ); 
     131        $tags = $_POST['tags']; 
     132        $orderby = $_POST['orderby']; 
    133133        $order = ''; 
    134134        $exclude = ''; 
  • quotes-collection/trunk/quotes-collection.php

    r1538861 r1539083  
    44 * Plugin URI: http://srinig.com/wordpress/plugins/quotes-collection/ 
    55 * Description: Quotes Collection plugin with Ajax powered Random Quote sidebar widget helps you collect and display your favourite quotes in your WordPress blog/website. 
    6  * Version: 2.0.6 
     6 * Version: 2.0.7 
    77 * Author: Srini G 
    88 * Author URI: http://srinig.com/ 
  • quotes-collection/trunk/readme.txt

    r1538861 r1539083  
    255255==Changelog== 
    256256 
    257 * **2016-11-23: Version 2.0.6** 
     257* **2016-11-23: Version 2.0.7** 
    258258    * Security fixes 
    259259 
     
    488488== Upgrade Notice == 
    489489 
    490 = 2.0.6 = 
     490= 2.0.7 = 
    491491Important security fixes. Upgrade highly recommended. If you upgrade from a version prior to 2.0, you will have to re-add the widget and set the widget options once again after upgrading. 
    492492 
Note: See TracChangeset for help on using the changeset viewer.