WordPress.org

Plugin Directory


Ignore:
Timestamp:
07/02/12 12:13:17 (6 years ago)
Author:
SriniG
Message:

v1.5.6: security fix

Location:
quotes-collection/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • quotes-collection/trunk/quotes-collection-admin.php

    r411494 r566394  
    2020    { 
    2121         
    22         $quote = stripslashes($quote); 
    23         $author = stripslashes($author);     
    24         $source = stripslashes($source);     
    25         $tags = stripslashes($tags); 
    26  
     22        $quote = wp_kses_data( stripslashes($quote) ); 
     23        $author = wp_kses( stripslashes($author), array( 'a' => array( 'href' => array(),'title' => array() ) ) ) ;  
     24        $source = wp_kses( stripslashes($source), array( 'a' => array( 'href' => array(),'title' => array() ) ) ) ;  
     25        $tags = strip_tags( stripslashes($tags) ); 
     26         
    2727        $quote = "'".$wpdb->escape($quote)."'"; 
    2828        $author = $author?"'".$wpdb->escape($author)."'":"NULL"; 
     
    5757    { 
    5858         
    59         $quote = stripslashes($quote); 
    60         $author = stripslashes($author);     
    61         $source = stripslashes($source);     
    62         $tags = stripslashes($tags); 
     59        $quote = wp_kses_data( stripslashes($quote) ); 
     60        $author = wp_kses( stripslashes($author), array( 'a' => array( 'href' => array(),'title' => array() ) ) ) ;  
     61        $source = wp_kses( stripslashes($source), array( 'a' => array( 'href' => array(),'title' => array() ) ) ) ;  
     62        $tags = strip_tags( stripslashes($tags) ); 
    6363 
    6464        $quote = "'".$wpdb->escape($quote)."'"; 
  • quotes-collection/trunk/quotes-collection.php

    r524772 r566394  
    44Plugin URI: http://srinig.com/wordpress/plugins/quotes-collection/ 
    55Description: Quotes Collection plugin with Ajax powered Random Quote sidebar widget helps you collect and display your favourite quotes on your WordPress blog. 
    6 Version: 1.5.5.1 
     6Version: 1.5.6 
    77Author: Srini G 
    88Author URI: http://srinig.com/wordpress/ 
  • quotes-collection/trunk/readme.txt

    r524772 r566394  
    44Tags: quotes collection, quotes, quotations, random quote, sidebar, widget, ajax, shortcode 
    55Requires at least: 2.8 
    6 Tested up to: 3.3.1 
     6Tested up to: 3.4.1 
    77Stable tag: trunk 
    88 
     
    1616**Features and notes** 
    1717 
    18 * **Admin interface**: A nice admin interface to add, edit and manage quotes. Details such as author and source of the quote, and attributes like tags and visibility, can be specified. The 'Quotes' menu in the WP admin navigation leads to the quotes admin interface. 
     18* **Admin interface**: An admin interface to add, edit and manage quotes. Details such as author and source of the quote, and attributes like tags and visibility, can be specified. The 'Quotes' menu in the WP admin navigation leads to the quotes admin interface. 
    1919* **Sidebar widget**: The Random Quote sidebar widget with Ajax refresh feature -- you will be able to get another random quote on the same space without refreshing the web page. Following is the list of options in the widget control panel: 
    2020    * Widget title 
     
    230230 
    231231==Changelog== 
     232 
     233* **2012-07-02: Version 1.5.6** 
     234    * Security fix (pointed out by Charlie Eriksen via Secunia SVCRP) 
     235 
    232236* **2012-03-28: Version 1.5.5.1** 
    233237    * Minor fix (the missing semicolon in <code>&amp;nbsp;</code>) 
     
    410414    * Initial release 
    411415 
     416 
     417== Upgrade Notice == 
     418 
     419= 1.5.6 = 
     420This version fixes a security vulnerability. Please upgrade. 
     421 
Note: See TracChangeset for help on using the changeset viewer.