Changeset 2646017

Timestamp:

12/17/2021 08:10:39 PM (4 years ago)

Author:

yikesinc

Message:

Update to version 6.8.6 from GitHub

Location:

yikes-inc-easy-mailchimp-extender

Files:

• tags/6.8.6 (copied) (copied from yikes-inc-easy-mailchimp-extender/trunk)
• tags/6.8.6/admin/partials/ajax/add_field_to_form.php (modified) (3 diffs)
• tags/6.8.6/readme.txt (modified) (2 diffs)
• tags/6.8.6/yikes-inc-easy-mailchimp-extender.php (modified) (2 diffs)
• trunk/admin/partials/ajax/add_field_to_form.php (modified) (3 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/yikes-inc-easy-mailchimp-extender.php (modified) (2 diffs)

yikes-inc-easy-mailchimp-extender/tags/6.8.6/admin/partials/ajax/add_field_to_form.php

@@ -1 +1 @@
 <?php
 $form_data = array(
-    'field_name' => $_POST['field_name'],
-    'merge_tag'  => $_POST['merge_tag'],
-    'field_type' => $_POST['field_type'],
-    'list_id'    => $_POST['list_id'],
+    'field_name' => isset( $_POST['field_name'] ) ? sanitize_text_field($_POST['field_name']) : '',
+    'merge_tag'  => isset( $_POST['merge_tag'] ) ? sanitize_text_field($_POST['merge_tag']) : '',
+    'field_type' => isset( $_POST['field_type'] ) ? sanitize_text_field($_POST['field_type']) : '',
+    'list_id'    => isset( $_POST['list_id'] ) ? sanitize_text_field($_POST['list_id']) : '',
 );
 
@@ -34 +34 @@
 $merge_field_data = $available_merge_variables['merge_fields'][ $index ];
 ?>
-<section class="draggable" id="<?php echo $form_data['field_name']; ?>">
+<section class="draggable" id="<?php echo esc_attr( $form_data['field_name'] ); ?>">
     <!-- top -->
     <a href="#" class="expansion-section-title settings-sidebar">
         <span class="dashicons dashicons-plus yikes-mc-expansion-toggle" title="<?php _e( 'Expand Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>"></span>
-        <?php echo stripslashes( $form_data['field_name'] ); ?>
-        <span class="field-type-text"><small><?php echo __( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . $form_data['field_type']; ?></small></span>
+        <?php echo wp_kses_post( stripslashes( $form_data['field_name'] ) ); ?>
+        <span class="field-type-text"><small><?php echo __( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . esc_html( $form_data['field_type'] ); ?></small></span>
     </a>
     <!-- expansion section -->
@@ -47 +47 @@
         <p class="type-container form-field-container"><!-- necessary to prevent skipping on slideToggle(); -->
             <!-- store the label -->
-            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][label]" value="<?php echo htmlspecialchars( $form_data['field_name'] ); ?>" />
-            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][type]" value="<?php echo $form_data['field_type']; ?>" />
+            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][label]" value="<?php echo esc_attr( htmlspecialchars( $form_data['field_name'] ) ); ?>" />
+            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][type]" value="<?php echo esc_attr( $form_data['field_type'] ); ?>" />
             <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][merge]" value="<?php echo $merge_field_data['tag']; ?>" />
             <input type="hidden" class="field-<?php echo $merge_field_data['tag']; ?>-position position-input" name="field[<?php echo $merge_field_data['tag']; ?>][position]" value="" />

yikes-inc-easy-mailchimp-extender/tags/6.8.6/readme.txt

@@ -6 +6 @@
 Tested up to: 5.8
 Requires PHP: 5.2.13
-Stable tag: 6.8.5
+Stable tag: 6.8.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -173 +173 @@
 == Changelog ==
 
+= 6.8.6 - December 17, 2021 =
+* Addressed potential XSS vulnerability
+
 = 6.8.5 - September 2, 2021 =
 * Deprecated filter block_categories is replaced by block_categories_all in WP 5.8

yikes-inc-easy-mailchimp-extender/tags/6.8.6/yikes-inc-easy-mailchimp-extender.php

@@ -4 +4 @@
  * Plugin URI:  https://yikesplugins.com/plugin/easy-forms-for-mailchimp/
  * Description: The ultimate Mailchimp WordPress plugin. Easily build <strong>unlimited forms for your Mailchimp lists</strong>, add them to your site and track subscriber activity. To get started, go to the settings page and enter your <a href="https://yikesplugins.com/support/knowledge-base/finding-your-mailchimp-api-key/" target="_blank">Mailchimp API key</a>.
- * Version:     6.8.5
+ * Version:     6.8.6
  * Author:      YIKES, Inc.
  * Author URI:  https://www.yikesplugins.com/
@@ -43 +43 @@
  */
 if ( ! defined( 'YIKES_MC_VERSION' ) ) {
-    define( 'YIKES_MC_VERSION', '6.8.5' );
+    define( 'YIKES_MC_VERSION', '6.8.6' );
 }
 

yikes-inc-easy-mailchimp-extender/trunk/admin/partials/ajax/add_field_to_form.php

@@ -1 +1 @@
 <?php
 $form_data = array(
-    'field_name' => $_POST['field_name'],
-    'merge_tag'  => $_POST['merge_tag'],
-    'field_type' => $_POST['field_type'],
-    'list_id'    => $_POST['list_id'],
+    'field_name' => isset( $_POST['field_name'] ) ? sanitize_text_field($_POST['field_name']) : '',
+    'merge_tag'  => isset( $_POST['merge_tag'] ) ? sanitize_text_field($_POST['merge_tag']) : '',
+    'field_type' => isset( $_POST['field_type'] ) ? sanitize_text_field($_POST['field_type']) : '',
+    'list_id'    => isset( $_POST['list_id'] ) ? sanitize_text_field($_POST['list_id']) : '',
 );
 
@@ -34 +34 @@
 $merge_field_data = $available_merge_variables['merge_fields'][ $index ];
 ?>
-<section class="draggable" id="<?php echo $form_data['field_name']; ?>">
+<section class="draggable" id="<?php echo esc_attr( $form_data['field_name'] ); ?>">
     <!-- top -->
     <a href="#" class="expansion-section-title settings-sidebar">
         <span class="dashicons dashicons-plus yikes-mc-expansion-toggle" title="<?php _e( 'Expand Field' , 'yikes-inc-easy-mailchimp-extender' ); ?>"></span>
-        <?php echo stripslashes( $form_data['field_name'] ); ?>
-        <span class="field-type-text"><small><?php echo __( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . $form_data['field_type']; ?></small></span>
+        <?php echo wp_kses_post( stripslashes( $form_data['field_name'] ) ); ?>
+        <span class="field-type-text"><small><?php echo __( 'type' , 'yikes-inc-easy-mailchimp-extender' ) . ' : ' . esc_html( $form_data['field_type'] ); ?></small></span>
     </a>
     <!-- expansion section -->
@@ -47 +47 @@
         <p class="type-container form-field-container"><!-- necessary to prevent skipping on slideToggle(); -->
             <!-- store the label -->
-            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][label]" value="<?php echo htmlspecialchars( $form_data['field_name'] ); ?>" />
-            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][type]" value="<?php echo $form_data['field_type']; ?>" />
+            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][label]" value="<?php echo esc_attr( htmlspecialchars( $form_data['field_name'] ) ); ?>" />
+            <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][type]" value="<?php echo esc_attr( $form_data['field_type'] ); ?>" />
             <input type="hidden" name="field[<?php echo $merge_field_data['tag']; ?>][merge]" value="<?php echo $merge_field_data['tag']; ?>" />
             <input type="hidden" class="field-<?php echo $merge_field_data['tag']; ?>-position position-input" name="field[<?php echo $merge_field_data['tag']; ?>][position]" value="" />

yikes-inc-easy-mailchimp-extender/trunk/readme.txt

@@ -6 +6 @@
 Tested up to: 5.8
 Requires PHP: 5.2.13
-Stable tag: 6.8.5
+Stable tag: 6.8.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -173 +173 @@
 == Changelog ==
 
+= 6.8.6 - December 17, 2021 =
+* Addressed potential XSS vulnerability
+
 = 6.8.5 - September 2, 2021 =
 * Deprecated filter block_categories is replaced by block_categories_all in WP 5.8

yikes-inc-easy-mailchimp-extender/trunk/yikes-inc-easy-mailchimp-extender.php

@@ -4 +4 @@
  * Plugin URI:  https://yikesplugins.com/plugin/easy-forms-for-mailchimp/
  * Description: The ultimate Mailchimp WordPress plugin. Easily build <strong>unlimited forms for your Mailchimp lists</strong>, add them to your site and track subscriber activity. To get started, go to the settings page and enter your <a href="https://yikesplugins.com/support/knowledge-base/finding-your-mailchimp-api-key/" target="_blank">Mailchimp API key</a>.
- * Version:     6.8.5
+ * Version:     6.8.6
  * Author:      YIKES, Inc.
  * Author URI:  https://www.yikesplugins.com/
@@ -43 +43 @@
  */
 if ( ! defined( 'YIKES_MC_VERSION' ) ) {
-    define( 'YIKES_MC_VERSION', '6.8.5' );
+    define( 'YIKES_MC_VERSION', '6.8.6' );
 }