WordPress.org
Get WordPress

Plugin Directory

Changeset 2615120


Ignore:
Timestamp:
10/16/2021 01:46:50 PM (4 years ago)
Author:
funnycat
Message:

fix XSS vulnerability

Location:
wp-sitemap-page/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • wp-sitemap-page/trunk/readme.txt

    r2482700 r2615120  
    11=== WP Sitemap Page ===
    22Contributors: funnycat
    3 Donate link: http://www.infowebmaster.fr/dons.php
     3Donate link: https://www.infowebmaster.fr/dons.php
    44Tags: sitemap, generator, page list, site map, html sitemap, sitemap generator, dynamic sitemap, seo
    55Requires at least: 3.0
    6 Tested up to: 5.6.2
    7 Stable tag: 1.6.4
     6Tested up to: 5.8.1
     7Stable tag: 1.6.5
    88License: GPLv2 or later
    99
     
    102102== Changelog ==
    103103
     104= 1.6.5
     105* fix vulnaribility issue (XSS)
    104106= 1.6.3 and 1.6.4 =
    105107* compatibility to PHP 8

  • wp-sitemap-page/trunk/settings.php

    r1463573 r2615120  
    149149                            $textarea = $wsp_posts_by_category;
    150150                        }
     151                       
     152                        // fix an XSS issue by removing every HTML tag except the <a>
     153                        $textarea = strip_tags($textarea, '<a><strong><b><em><i>');
    151154                        ?>
    152155                        <textarea name="wsp_posts_by_category" id="wsp_posts_by_category"

  • wp-sitemap-page/trunk/wp-sitemap-page.php

    r2482700 r2615120  
    44Plugin URI: http://tonyarchambeau.com/
    55Description: Add a sitemap on any page/post using the simple shortcode [wp_sitemap_page]
    6 Version: 1.6.4
     6Version: 1.6.5
    77Author: Tony Archambeau
    88Author URI: http://tonyarchambeau.com/
     
    12211221        add_option( 'wsp_posts_by_category', $wsp_posts_by_category );
    12221222    }
     1223    // fix an XSS issue by removing every HTML tag except the <a>
     1224    $wsp_posts_by_category = strip_tags($wsp_posts_by_category, '<a><strong><b><em><i>');
    12231225   
    12241226    // list the posts
Note: See TracChangeset for help on using the changeset viewer.