WordPress.org

Plugin Directory

Changeset 696520


Ignore:
Timestamp:
04/12/13 10:42:01 (12 months ago)
Author:
donncha
Message:

Fixed XSS problems with REQUEST_URI on the settings page.

Location:
wp-super-cache/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • wp-super-cache/trunk/plugins/awaitingmoderation.php

    r311564 r696520  
    3131        <fieldset id="<?php echo $id; ?>" class="options">  
    3232        <h4><?php _e( 'Awaiting Moderation', 'wp-super-cache' ); ?></h4> 
    33         <form name="wp_manager" action="<?php echo $_SERVER[ "REQUEST_URI" ]; ?>" method="post"> 
     33        <form name="wp_manager" action="" method="post"> 
    3434        <label><input type="radio" name="cache_awaitingmoderation" value="1" <?php if( $cache_awaitingmoderation ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label> 
    3535        <label><input type="radio" name="cache_awaitingmoderation" value="0" <?php if( !$cache_awaitingmoderation ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label> 
  • wp-super-cache/trunk/plugins/badbehaviour.php

    r554393 r696520  
    6262        <fieldset id="<?php echo $id; ?>" class="options">  
    6363        <h4><?php _e( 'Bad Behavior', 'wp-super-cache' ); ?></h4> 
    64         <form name="wp_manager" action="<?php echo $_SERVER[ "REQUEST_URI" ]; ?>" method="post"> 
     64        <form name="wp_manager" action="" method="post"> 
    6565        <label><input type="radio" name="cache_badbehaviour" value="1" <?php if( $cache_badbehaviour ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label> 
    6666        <label><input type="radio" name="cache_badbehaviour" value="0" <?php if( !$cache_badbehaviour ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label> 
  • wp-super-cache/trunk/plugins/domain-mapping.php

    r554393 r696520  
    7272        <fieldset id="<?php echo $id; ?>" class="options">  
    7373        <h4><?php _e( 'Domain Mapping', 'wp-super-cache' ); ?></h4> 
    74         <form name="wp_manager" action="<?php echo $_SERVER[ "REQUEST_URI" ]; ?>" method="post"> 
     74        <form name="wp_manager" action="" method="post"> 
    7575        <label><input type="radio" name="cache_domain_mapping" value="1" <?php if( $cache_domain_mapping ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label> 
    7676        <label><input type="radio" name="cache_domain_mapping" value="0" <?php if( !$cache_domain_mapping ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label> 
  • wp-super-cache/trunk/plugins/searchengine.php

    r554393 r696520  
    6666        <fieldset id="<?php echo $id; ?>" class="options">  
    6767        <h4><?php _e( 'No Adverts for Friends', 'wp-super-cache' ); ?></h4> 
    68         <form name="wp_manager" action="<?php echo $_SERVER[ "REQUEST_URI" ]; ?>" method="post"> 
     68        <form name="wp_manager" action="" method="post"> 
    6969        <label><input type="radio" name="cache_no_adverts_for_friends" value="1" <?php if( $cache_no_adverts_for_friends == 'yes' ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label> 
    7070        <label><input type="radio" name="cache_no_adverts_for_friends" value="0" <?php if( $cache_no_adverts_for_friends == 'no' ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label> 
  • wp-super-cache/trunk/plugins/wptouch.php

    r564002 r696520  
    1919        <fieldset id="<?php echo $id; ?>" class="options">  
    2020        <h4><?php _e( 'WPTouch', 'wp-super-cache' ); ?></h4> 
    21         <form name="wp_manager" action="<?php echo $_SERVER[ "REQUEST_URI" ]; ?>" method="post"> 
     21        <form name="wp_manager" action="" method="post"> 
    2222        <label><input type="radio" name="cache_wptouch" value="1" <?php if( $cache_wptouch ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Enabled', 'wp-super-cache' ); ?></label> 
    2323        <label><input type="radio" name="cache_wptouch" value="0" <?php if( !$cache_wptouch ) { echo 'checked="checked" '; } ?>/> <?php _e( 'Disabled', 'wp-super-cache' ); ?></label> 
  • wp-super-cache/trunk/wp-cache.php

    r695886 r696520  
    31333133                'title' => __( 'Delete Cache', 'wp-super-cache' ), 
    31343134                'meta' => array( 'title' => __( 'Delete cache of the current page', 'wp-super-cache' ) ), 
    3135                 'href' => wp_nonce_url( admin_url( 'index.php?action=delcachepage&path=' . urlencode( $_SERVER[ 'REQUEST_URI' ] ) ), 'delete-cache' ) 
     3135                'href' => wp_nonce_url( admin_url( 'index.php?action=delcachepage&path=' . urlencode( preg_replace( '/[ <>\'\"\r\n\t\(\)]/', '', $_SERVER[ 'REQUEST_URI' ] ) ) ), 'delete-cache' ) 
    31363136                ) ); 
    31373137} 
Note: See TracChangeset for help on using the changeset viewer.