Plugin Directory

Changeset 520611 for bsuite


Ignore:
Timestamp:
03/19/2012 12:28:23 AM (13 years ago)
Author:
misterbisson
Message:

fixed XSS vulerability as reported in http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/

Location:
bsuite/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • bsuite/trunk/bsuite.php

    r483093 r520611  
    44Plugin URI: http://maisonbisson.com/bsuite/
    55Description: Stats tracking, improved sharing, related posts, CMS features, and a kitchen sink. <a href="http://maisonbisson.com/bsuite/">Documentation here</a>.
    6 Version: 5 alpha 2
     6Version: 5 alpha 3
    77Author: Casey Bisson
    88Author URI: http://maisonbisson.com/blog/
  • bsuite/trunk/readme.txt

    r520603 r520611  
    55Requires at least: 3.2
    66Tested up to: 3.3.1
    7 Stable tag: 5a2
     7Stable tag: trunk
    88
    99A suite of tools used to help surface interesting and popular stories as well as improve WordPress' CMS capabilities as an application platform.
  • bsuite/trunk/ui_stats.php

    r312038 r520611  
    244244if( count( $results ) )
    245245    foreach( $results as $res )
    246         echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n";
     246        echo '<li><a href="'. sanitize_url( $res->name ).'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>Avg: '. number_format( $res->hit_avg ) .' Total: '. number_format( $res->hit_count ) ."</small></li>\n";
    247247else
    248248    echo '<li>No Data Yet.</li>';
     
    277277    foreach( $results as $res ){
    278278        if( 1 == $res->object_type )
    279             echo '<li><a href="'. $res->name .'">'. wordwrap( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name )), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>';
     279            echo '<li><a href="'. sanitize_url( $res->name ) .'">'. wordwrap( htmlspecialchars( urldecode( str_replace( get_settings( 'siteurl' ), '', $res->name ))), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>';
    280280        else
    281281            echo '<li><a href="'. get_permalink( $res->object_id ) .'">'. wordwrap( get_the_title( $res->object_id ), 25, "\n", TRUE ) .'</a><br><small>'. number_format( $res->hit_count ) .' hits since '. $res->date_min .'</small></li>';
Note: See TracChangeset for help on using the changeset viewer.