WordPress.org
Get WordPress

Plugin Directory

Changeset 2901397


Ignore:
Timestamp:
04/19/2023 06:44:13 PM (2 years ago)
Author:
activecampaign
Message:

Security fix to address XSS vulnerability

Location:
activecampaign-subscription-forms/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • activecampaign-subscription-forms/trunk/activecampaign-form-block/activecampaign-form-block.php

    r2473993 r2901397  
    118118        $css = ' css=1';
    119119    }
    120 
     120    $escapedClassNames = esc_attr($attributes['className']);
    121121    if(!empty($attributes['formId'])){
    122         return "<div class=\"{$attributes['className']}\">[activecampaign form=".$attributes['formId'].$css."]</div>";
     122        return "<div class=\"{$escapedClassNames}\">[activecampaign form=".$attributes['formId'].$css."]</div>";
    123123    }
    124     return "<div class=\"{$attributes['className']}\">[activecampaign]</div>";
     124    return "<div class=\"{$escapedClassNames}\">[activecampaign]</div>";
    125125}

  • activecampaign-subscription-forms/trunk/activecampaign.php

    r2898878 r2901397  
    55Description: Allows you to add ActiveCampaign contact forms to any post, page, or sidebar. Also allows you to embed <a href="http://www.activecampaign.com/help/site-event-tracking/" target="_blank">ActiveCampaign site tracking</a> code in your pages. To get started, please activate the plugin and add your <a href="http://www.activecampaign.com/help/using-the-api/" target="_blank">API credentials</a> in the <a href="options-general.php?page=activecampaign">plugin settings</a>.
    66Author: ActiveCampaign
    7 Version: 8.1.11
     7Version: 8.1.12
    88Author URI: http://www.activecampaign.com
    99*/
     
    6363## version 8.1.10: Verify 6.0 Compatibility. Updated listing
    6464## version 8.1.11: Removing obsolete Javascript
     65## version 8.1.12: Security fix to address XSS vulnerability
    6566
    6667define("ACTIVECAMPAIGN_URL", "");

  • activecampaign-subscription-forms/trunk/readme.txt

    r2898878 r2901397  
    110110== Changelog ==
    111111
     112= 8.1.12 =
     113* Security fix to address XSS vulnerability
     114
    112115= 8.1.11 =
    113116* Removing obsolete Javascript
Note: See TracChangeset for help on using the changeset viewer.