Plugin Directory

Changeset 541880 for user-photo


Ignore:
Timestamp:
05/09/2012 03:46:25 PM (13 years ago)
Author:
ryanhellyer
Message:

Fixed security flaw

Location:
user-photo/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • user-photo/trunk/readme.txt

    r347150 r541880  
    11=== User Photo ===
    2 Contributors: westonruter
     2Contributors: westonruter, ryanhellyer
    33Tags: users, photos, images
    4 Tested up to: 3.0.5
    5 Stable tag: 0.9.5.1
     4Requires at least: 3.0.5
     5Stable tag: 0.9.5.2
    66
    77Allows a user to associate a photo with their account and for this photo to be displayed in their posts and comments.
     
    99== Description ==
    1010
    11 ***Make sure you upgrade to version 0.9.5!***
     11***Make sure you upgrade to version 0.9.5.2!***
    1212
    1313Allows a user to associate a profile photo with their account through their "Your Profile" page. Admins may
     
    116116== Changelog ==
    117117
     118= 2012-05-08: 0.9.5.2 =
     119
     120* Security issue (credit Ryan Hellyer).
     121
    118122= 2011-02-17: 0.9.5 =
    119123
  • user-photo/trunk/user-photo.php

    r347149 r541880  
    44Plugin URI: http://wordpress.org/extend/plugins/user-photo/
    55Description: Allows users to associate photos with their accounts by accessing their "Your Profile" page. Uploaded images are resized to fit the dimensions specified on the options page; a thumbnail image is also generated. New template tags introduced are: <code>userphoto_the_author_photo</code>, <code>userphoto_the_author_thumbnail</code>, <code>userphoto_comment_author_photo</code>, and <code>userphoto_comment_author_thumbnail</code>. Uploaded images may be moderated by administrators.
    6 Version: 0.9.5.1
     6Version: 0.9.5.2
    77Author: <a href="http://weston.ruter.net/">Weston Ruter</a>
    88
    99Original code by Weston Ruter <http://weston.ruter.net> at Shepherd Interactive <http://shepherd-interactive.com>.
    10 Continued development and maintenance by Dave Wagner (cptnwinky) <http://dev.dave-wagner.com/>
     10Continued development and maintenance by Dave Wagner (cptnwinky) <http://dev.dave-wagner.com/> and Ryan Hellyer (ryanhellyer)
    1111
    1212GNU General Public License, Free Software Foundation <http://creativecommons.org/licenses/GPL/2.0/>
     
    723723    <div class="wrap">
    724724        <h2>User Photo Options</h2>
    725         <form method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>" id='userphoto_options_form'>
     725        <form method="post" action="<?php echo esc_url( $_SERVER['REQUEST_URI'] ); ?>" id='userphoto_options_form'>
    726726            <?php
    727727            if(function_exists('wp_nonce_field'))
Note: See TracChangeset for help on using the changeset viewer.