Changeset 2923311

Timestamp:

06/08/2023 10:46:45 AM (22 months ago)

Author:

anadnet

Message:

Update to 5.2.4 - Vulnerability from XSS Fixed

Location:

quick-pagepost-redirect-plugin/trunk

Files:

• js/qppr_admin_script.js (modified) (1 diff)
• js/qppr_admin_script.min.js (modified) (1 diff)
• page_post_redirect_plugin.php (modified) (9 diffs)
• readme.txt (modified) (2 diffs)

quick-pagepost-redirect-plugin/trunk/js/qppr_admin_script.js

@@ -2 +2 @@
     $(d).ready(function() {
         $('span.qppr_meta_help').css('display','none');
-        $('.inside').delegate('span.qppr_meta_help_wrap', 'hover', function(e){
-            var $curdisp = $(this).find('span.qppr_meta_help').css('display');
-            if($curdisp == 'none'){
+
+        $('.inside').on({
+            mouseenter: function () {
                 $(this).find('span.qppr_meta_help').css('display','inline');
-            }else{
+            },
+            mouseleave: function () {
                 $(this).find('span.qppr_meta_help').css('display','none');
             }
-            e.preventDefault();
-        });
+        }, 'span.qppr_meta_help_wrap');
         var mainurl = z.ajaxurl;
         $( '#pprredirect_type').on( 'change', function(e){

quick-pagepost-redirect-plugin/trunk/js/qppr_admin_script.min.js

@@ -1 @@
-function qppr_check_file(e){str=e.value.toUpperCase(),suffix=".TXT",-1===str.indexOf(suffix,str.length-suffix.length)&&(alert(qpprData.msgFileType),e.value="")}function qppr_goOnConfirm(e,r){confirm(e)&&(document.location.href=qpprData.adminURL+r)}!function(e,r,t){e(r).ready(function(){e("span.qppr_meta_help").css("display","none"),e(".inside").delegate("span.qppr_meta_help_wrap","hover",function(r){var t=e(this).find("span.qppr_meta_help").css("display");"none"==t?e(this).find("span.qppr_meta_help").css("display","inline"):e(this).find("span.qppr_meta_help").css("display","none"),r.preventDefault()});t.ajaxurl;e("#pprredirect_type").on("change",function(r){r.preventDefault(),e(".qppr-meta-section-wrapper").removeClass("meta-selected meta-not-selected");var t=e(this).val();"meta"==t?e(".qppr-meta-section-wrapper").slideDown("slow"):e(".qppr-meta-section-wrapper").slideUp("slow")}),e(".qppr-delete-everything").on("click",function(p){if(p.preventDefault(),confirm(t.msgAllDeleteConfirm)){var n={action:"qppr_delete_all_settings",security:t.securityDelete};e.post(t.ajaxurl,n,function(e){r.location.href="success"==e?t.adminURL+"?page=redirect-options&update=6":t.adminURL+"?page=redirect-options&update=0"})}}),e(".qppr-delete-regular").on("click",function(p){if(p.preventDefault(),confirm(t.msgIndividualDeleteConfirm)){var n={action:"qppr_delete_all_iredirects",security:t.securityDelete};e.post(t.ajaxurl,n,function(e){r.location.href="success"==e?t.adminURL+"?page=redirect-options&update=2":t.adminURL+"?page=redirect-options&update=0"})}}),e(".qppr-delete-quick").on("click",function(p){if(p.preventDefault(),confirm(t.msgQuickDeleteConfirm)){var n={action:"qppr_delete_all_qredirects",security:t.securityDelete};e.post(t.ajaxurl,n,function(e){r.location.href="success"==e?t.adminURL+"?page=redirect-options&update=3":t.adminURL+"?page=redirect-options&update=0"})}}),e("#qppr_quick_save_form").on("submit",function(r){var p=(e(this),e('input[name^="quickppr_redirects[request]"')),n=e('input[name^="quickppr_redirects[destination]"'),i=!1;return""==p[0].value&&""==n[0].value&&(i=!0),i?(r.preventDefault(),alert(t.error),!1):!0}),e("#qppr_quick_save_form").delegate(".delete-qppr","click",function(r){r.preventDefault();var p=e(this).data("rowid"),n=e("#"+p).children(".table-qppr-req").children(".qppr-request").text(),i={action:"qppr_delete_quick_redirect",request:n,security:t.security},a=1;confirm(t.msgDeleteConfirm)&&e.post(t.ajaxurl,i,function(){e("#"+p).remove()}).done(function(){e(".qppr-count-row").each(function(){e(this).text(a+"."),a++})})}),e(".edit-qppr").click(function(r){r.preventDefault();var t=e(this).data("rowid"),p=e("#"+t),n=e("#qppr-edit-row-holder").children("td");e("#"+t+" td").addClass("editing"),p.addClass("editing-redirect"),n.clone().prependTo(p);var i="X"==p.children(".table-qppr-nwn.editing").children(".qppr-newindow").text()?!0:!1,a="X"==p.children(".table-qppr-nfl.editing").children(".qppr-nofollow").text()?!0:!1;p.children(".table-qppr-req.cloned").children(".input-qppr-req").attr("value",p.children(".table-qppr-req.editing").children(".qppr-request").text()),p.children(".table-qppr-des.cloned").children(".input-qppr-dest").attr("value",p.children(".table-qppr-des.editing").children(".qppr-destination").text()),p.children(".table-qppr-nwn.cloned").children(".input-qppr-neww").prop("checked",i),p.children(".table-qppr-nfl.cloned").children(".input-qppr-nofo").prop("checked",a),p.children(".table-qppr-sav.cloned").children(".table-qppr-sav span").attr("data-rowid",t),p.children(".table-qppr-can.cloned").children(".table-qppr-can span").attr("data-rowid",t)}),e(".qppr_quick_redirects_wrapper").delegate(".table-qppr-sav span.qpprfont-save","hover",function(){0==e(".active-saving").length||e(this).parent().parent().hasClass("active-saving")||e(this).css({cursor:"no-drop",color:"#ff0000"})}),e(".qppr_quick_redirects_wrapper").delegate(".table-qppr-sav span.qpprfont-save","click",function(r){if(r.preventDefault(),0!=e(".active-saving").length&&!e(this).parent().parent().hasClass("active-saving"))return!1;var p=e("#"+e(this).data("rowid")),n=e(this).data("rowid"),i=p.children(".table-qppr-req.editing").children(".qppr-request").data("qppr-orig-url"),a=p.children(".table-qppr-req.cloned").children(".input-qppr-req").val(),l=p.children(".table-qppr-des.cloned").children(".input-qppr-dest").val(),c=p.children(".table-qppr-nwn.cloned").children(".input-qppr-neww:checked").val(),d=p.children(".table-qppr-nfl.cloned").children(".input-qppr-nofo:checked").val();c="undefined"==typeof c||"undefined"==c?0:c,d="undefined"==typeof d||"undefined"==d?0:d,p.children(".cloned").remove();var s=t.protocols,o=a.substring(0,1),u="/"==o?!0:!1,q="",f=-1;u||(f=a.indexOf(":"),q=a.substring(0,f)),u||-1!==e.inArray(q,s)||(a="/"+a),e("#qppr-edit-row-saving .qppr-saving-row").clone().prependTo("#"+n),p.addClass("active-saving");var h={action:"qppr_save_quick_redirect",row:n.replace("rowpprdel-",""),original:i,request:a,destination:l,newwin:c,nofollow:d,security:t.security};e.post(t.ajaxurl,h,function(r){var n=0;if("error"==r&&(alert(t.msgErrorSave),n=1),"duplicate"==r){alert(t.msgDuplicate);var s="#"+e(".table-qppr-req:contains("+a+")").parent("tr").attr("id");e(s).addClass("qppr-duplicate"),n=1}1!=n&&(d=1==d?"X":"",c=1==c?"X":"",p.children(".table-qppr-req.editing").children(".qppr-request").text(a),p.children(".table-qppr-des.editing").children(".qppr-destination").text(l),p.children(".table-qppr-nfl.editing").children(".qppr-nofollow").text(d),p.children(".table-qppr-nwn.editing").children(".qppr-newindow").text(c),p.children(".table-qppr-req.editing").children(".qppr-request").data("qppr-orig-url",i)),p.children("td").removeClass("editing"),p.children(".qppr-saving-row").remove()}).done(function(){p.removeClass("editing-redirect active-saving"),e(".table-qppr-sav span.qpprfont-save").css({cursor:"",color:""})})}),e('tr[id^="rowpprdel"]').on("hover",function(){e(this).removeClass("qppr-duplicate")}),e(".qppr_quick_redirects_wrapper").delegate(".table-qppr-can span.qpprfont-cancel","click",function(r){r.preventDefault();var t=e("#"+e(this).data("rowid"));t.children(".cloned").remove(),t.children("td").removeClass("editing"),t.removeClass("editing-redirect")}),e("#hidepprjqmessage").click(function(r){r.preventDefault();var p={action:"qppr_pprhidemessage_ajax",pprhidemessage:1,scid:t.security};e.post(t.ajaxurl,p,function(){e("#usejqpprmessage").remove()}).done(function(){})}),e("#hidepprjqmessage2").click(function(r){r.preventDefault();var p={action:"qppr_pprhidemessage_ajax",pprhidemessage:2,scid:t.security};e.post(t.ajaxurl,p,function(){e("#usejqpprmessage2").remove()}).done(function(){})}),e("#qppr-import-quick-redirects-button").click(function(r){r.preventDefault(),e("#qppr_addto_form").css({display:"none"}),e("#qppr_import_form").css("block"==e("#qppr_import_form").css("display")?{display:"none"}:{display:"block"})}),e("#qppr_addto_qr_button").click(function(r){e("#qppr_import_form").css({display:"none"}),e("#qppr_addto_form").css("block"==e("#qppr_addto_form").css("display")?{display:"none"}:{display:"block"}),r.preventDefault()}),e("#import_redirects_add_qppr").click(function(r){return""==e("[name|=qppr_file_add]").attr("value")?(r.preventDefault(),alert(t.msgSelect),!1):void 0}),e("#import-quick-redrects-file").click(function(r){return""==e("[name|=qppr_file]").attr("value")?(r.preventDefault(),alert(t.msgSelect),!1):void 0})})}(jQuery,document,qpprData);
+function qppr_check_file(e){str=e.value.toUpperCase(),suffix=".TXT",-1!==str.indexOf(suffix,str.length-suffix.length)||(alert(qpprData.msgFileType),e.value="")}function qppr_goOnConfirm(e,r){confirm(e)&&(document.location.href=qpprData.adminURL+r)}!function(e,r,t){e(r).ready(function(){e("span.qppr_meta_help").css("display","none"),e(".inside").on({mouseenter:function(){e(this).find("span.qppr_meta_help").css("display","inline")},mouseleave:function(){e(this).find("span.qppr_meta_help").css("display","none")}},"span.qppr_meta_help_wrap"),t.ajaxurl,e("#pprredirect_type").on("change",function(r){r.preventDefault(),e(".qppr-meta-section-wrapper").removeClass("meta-selected meta-not-selected"),"meta"==e(this).val()?e(".qppr-meta-section-wrapper").slideDown("slow"):e(".qppr-meta-section-wrapper").slideUp("slow")}),e(".qppr-delete-everything").on("click",function(p){if(p.preventDefault(),confirm(t.msgAllDeleteConfirm)){var i={action:"qppr_delete_all_settings",security:t.securityDelete};e.post(t.ajaxurl,i,function(e){"success"==e?r.location.href=t.adminURL+"?page=redirect-options&update=6":r.location.href=t.adminURL+"?page=redirect-options&update=0"})}}),e(".qppr-delete-regular").on("click",function(p){if(p.preventDefault(),confirm(t.msgIndividualDeleteConfirm)){var i={action:"qppr_delete_all_iredirects",security:t.securityDelete};e.post(t.ajaxurl,i,function(e){"success"==e?r.location.href=t.adminURL+"?page=redirect-options&update=2":r.location.href=t.adminURL+"?page=redirect-options&update=0"})}}),e(".qppr-delete-quick").on("click",function(p){if(p.preventDefault(),confirm(t.msgQuickDeleteConfirm)){var i={action:"qppr_delete_all_qredirects",security:t.securityDelete};e.post(t.ajaxurl,i,function(e){"success"==e?r.location.href=t.adminURL+"?page=redirect-options&update=3":r.location.href=t.adminURL+"?page=redirect-options&update=0"})}}),e("#qppr_quick_save_form").on("submit",function(r){e(this);var p=e('input[name^="quickppr_redirects[request]"'),i=e('input[name^="quickppr_redirects[destination]"'),n=!1;return""==p[0].value&&""==i[0].value&&(n=!0),!n||(r.preventDefault(),alert(t.error),!1)}),e("#qppr_quick_save_form").delegate(".delete-qppr","click",function(r){r.preventDefault();var p=e(this).data("rowid"),i={action:"qppr_delete_quick_redirect",request:e("#"+p).children(".table-qppr-req").children(".qppr-request").text(),security:t.security},n=1;confirm(t.msgDeleteConfirm)&&e.post(t.ajaxurl,i,function(r){e("#"+p).remove()}).done(function(){e(".qppr-count-row").each(function(r){e(this).text(n+"."),n++})})}),e(".edit-qppr").click(function(r){r.preventDefault();var t=e(this).data("rowid"),p=e("#"+t),i=e("#qppr-edit-row-holder").children("td");e("#"+t+" td").addClass("editing"),p.addClass("editing-redirect"),i.clone().prependTo(p);var n="X"==p.children(".table-qppr-nwn.editing").children(".qppr-newindow").text(),a="X"==p.children(".table-qppr-nfl.editing").children(".qppr-nofollow").text();p.children(".table-qppr-req.cloned").children(".input-qppr-req").attr("value",p.children(".table-qppr-req.editing").children(".qppr-request").text()),p.children(".table-qppr-des.cloned").children(".input-qppr-dest").attr("value",p.children(".table-qppr-des.editing").children(".qppr-destination").text()),p.children(".table-qppr-nwn.cloned").children(".input-qppr-neww").prop("checked",n),p.children(".table-qppr-nfl.cloned").children(".input-qppr-nofo").prop("checked",a),p.children(".table-qppr-sav.cloned").children(".table-qppr-sav span").attr("data-rowid",t),p.children(".table-qppr-can.cloned").children(".table-qppr-can span").attr("data-rowid",t)}),e(".qppr_quick_redirects_wrapper").delegate(".table-qppr-sav span.qpprfont-save","hover",function(r){0==e(".active-saving").length||e(this).parent().parent().hasClass("active-saving")||e(this).css({cursor:"no-drop",color:"#ff0000"})}),e(".qppr_quick_redirects_wrapper").delegate(".table-qppr-sav span.qpprfont-save","click",function(r){if(r.preventDefault(),0!=e(".active-saving").length&&!e(this).parent().parent().hasClass("active-saving"))return!1;var p=e("#"+e(this).data("rowid")),i=e(this).data("rowid"),n=p.children(".table-qppr-req.editing").children(".qppr-request").data("qppr-orig-url"),a=p.children(".table-qppr-req.cloned").children(".input-qppr-req").val(),c=p.children(".table-qppr-des.cloned").children(".input-qppr-dest").val(),l=p.children(".table-qppr-nwn.cloned").children(".input-qppr-neww:checked").val(),d=p.children(".table-qppr-nfl.cloned").children(".input-qppr-nofo:checked").val();l=void 0===l||"undefined"==l?0:l,d=void 0===d||"undefined"==d?0:d,p.children(".cloned").remove();var o=t.protocols,s="/"==a.substring(0,1),u="",q=-1;s||(q=a.indexOf(":"),u=a.substring(0,q)),s||-1!==e.inArray(u,o)||(a="/"+a),e("#qppr-edit-row-saving .qppr-saving-row").clone().prependTo("#"+i),p.addClass("active-saving");var f={action:"qppr_save_quick_redirect",row:i.replace("rowpprdel-",""),original:n,request:a,destination:c,newwin:l,nofollow:d,security:t.security};e.post(t.ajaxurl,f,function(r){var i=0;if("error"==r&&(alert(t.msgErrorSave),i=1),"duplicate"==r){alert(t.msgDuplicate);var o="#"+e(".table-qppr-req:contains("+a+")").parent("tr").attr("id");e(o).addClass("qppr-duplicate"),i=1}1!=i&&(d=1==d?"X":"",l=1==l?"X":"",p.children(".table-qppr-req.editing").children(".qppr-request").text(a),p.children(".table-qppr-des.editing").children(".qppr-destination").text(c),p.children(".table-qppr-nfl.editing").children(".qppr-nofollow").text(d),p.children(".table-qppr-nwn.editing").children(".qppr-newindow").text(l),p.children(".table-qppr-req.editing").children(".qppr-request").data("qppr-orig-url",n)),p.children("td").removeClass("editing"),p.children(".qppr-saving-row").remove()}).done(function(){p.removeClass("editing-redirect active-saving"),e(".table-qppr-sav span.qpprfont-save").css({cursor:"",color:""})})}),e('tr[id^="rowpprdel"]').on("hover",function(){e(this).removeClass("qppr-duplicate")}),e(".qppr_quick_redirects_wrapper").delegate(".table-qppr-can span.qpprfont-cancel","click",function(r){r.preventDefault();var t=e("#"+e(this).data("rowid"));t.children(".cloned").remove(),t.children("td").removeClass("editing"),t.removeClass("editing-redirect")}),e("#hidepprjqmessage").click(function(r){r.preventDefault();var p={action:"qppr_pprhidemessage_ajax",pprhidemessage:1,scid:t.security};e.post(t.ajaxurl,p,function(r){e("#usejqpprmessage").remove()}).done(function(){})}),e("#hidepprjqmessage2").click(function(r){r.preventDefault();var p={action:"qppr_pprhidemessage_ajax",pprhidemessage:2,scid:t.security};e.post(t.ajaxurl,p,function(r){e("#usejqpprmessage2").remove()}).done(function(){})}),e("#qppr-import-quick-redirects-button").click(function(r){r.preventDefault(),e("#qppr_addto_form").css({display:"none"}),"block"==e("#qppr_import_form").css("display")?e("#qppr_import_form").css({display:"none"}):e("#qppr_import_form").css({display:"block"})}),e("#qppr_addto_qr_button").click(function(r){e("#qppr_import_form").css({display:"none"}),"block"==e("#qppr_addto_form").css("display")?e("#qppr_addto_form").css({display:"none"}):e("#qppr_addto_form").css({display:"block"}),r.preventDefault()}),e("#import_redirects_add_qppr").click(function(r){if(""==e("[name|=qppr_file_add]").attr("value"))return r.preventDefault(),alert(t.msgSelect),!1}),e("#import-quick-redrects-file").click(function(r){if(""==e("[name|=qppr_file]").attr("value"))return r.preventDefault(),alert(t.msgSelect),!1})})}(jQuery,document,qpprData);

quick-pagepost-redirect-plugin/trunk/page_post_redirect_plugin.php

@@ -7 +7 @@
 Author URI: http://www.anadnet.com/
 Donate link:
-Version: 5.2.3
+Version: 5.2.4
 Text Domain: quick-pagepost-redirect-plugin
 Domain Path: /lang
@@ -72 +72 @@
 
     function __construct() {
-        $this->ppr_curr_version         = '5.2.3';
+        $this->ppr_curr_version         = '5.2.4';
         $this->ppr_nofollow             = array();
         $this->ppr_newindow             = array();
@@ -337 +337 @@
 
         check_ajax_referer( 'qppr_ajax_verify', 'security', true );
-        $request        = isset($_POST['request']) && sanitize_url($_POST['request']) != '' ? sanitize_url($_POST['request']) : '';
+        $request        = isset($_POST['request']) && esc_url_raw($_POST['request']) != '' ? esc_url_raw($_POST['request']) : '';
         $curRedirects   = get_option( 'quickppr_redirects', array() );
         $curMeta        = get_option( 'quickppr_redirects_meta', array() );
@@ -358 +358 @@
 
         $protocols      = apply_filters('qppr_allowed_protocols',array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp'));
-        $request        = isset($_POST['request']) && sanitize_url($_POST['request']) != '' ? esc_url_raw(str_replace(' ','%20', sanitize_url($_POST['request'])), null, 'appip') : '';
+        $request        = isset($_POST['request']) && esc_url_raw($_POST['request']) != '' ? esc_url_raw(str_replace(' ','%20', $_POST['request']), null, 'appip') : '';
         $requestOrig    = isset($_POST['original']) && sanitize_text_field($_POST['original']) != '' ? esc_url_raw(str_replace(' ','%20', sanitize_text_field($_POST['original'])), null, 'appip') : '';
         $destination    = isset($_POST['destination']) && sanitize_text_field($_POST['destination']) != '' ? esc_url_raw(str_replace(' ','%20',sanitize_text_field($_POST['destination'])), null, 'appip') : '';
@@ -726 +726 @@
         register_setting( 'ppr-settings-group', 'ppr_override-redirect-type' );
         register_setting( 'ppr-settings-group', 'ppr_override-active' );
-        register_setting( 'ppr-settings-group', 'ppr_override-URL' );
+        register_setting( 'ppr-settings-group', 'ppr_override-URL', 'esc_url' );
         register_setting( 'ppr-settings-group', 'ppr_override-rewrite' );
         register_setting( 'ppr-settings-group', 'ppr_use-jquery' );
@@ -733 +733 @@
         register_setting( 'ppr-settings-group', 'ppr_show-columns' );
         //meta settings
-        register_setting( 'qppr-meta-settings-group', 'qppr_meta_addon_sec' );
+        register_setting( 'qppr-meta-settings-group', 'qppr_meta_addon_sec', 'intval' );
         register_setting( 'qppr-meta-settings-group', 'qppr_meta_addon_load' );
-        register_setting( 'qppr-meta-settings-group', 'qppr_meta_append_to' );
-        register_setting( 'qppr-meta-settings-group', 'qppr_meta_addon_trigger' );
-        register_setting( 'qppr-meta-settings-group', 'qppr_meta_addon_content' );
+        register_setting( 'qppr-meta-settings-group', 'qppr_meta_append_to', 'esc_attr' );
+        register_setting( 'qppr-meta-settings-group', 'qppr_meta_addon_trigger', 'esc_attr' );
+        register_setting( 'qppr-meta-settings-group', 'qppr_meta_addon_content', 'esc_textarea' );
         register_setting( 'qppr-meta-settings-group', 'ppr_meta-seconds' );
         register_setting( 'qppr-meta-settings-group', 'ppr_meta-message' );
@@ -760 +760 @@
         $linkfaq        = array();
         $linkcontent    = array();
+        $maxitems       = 0;
         if (!is_wp_error( $rss ) ) :
                 $maxitems   = $rss->get_item_quantity( 100 );
@@ -1869 +1870 @@
             // find & save the form data & put it into an array
             $my_meta_data['_pprredirect_active']        = isset($_REQUEST['pprredirect_active'])        ? $this->isOne_none(intval( $_REQUEST['pprredirect_active'])) : '';
-            $my_meta_data['_pprredirect_newwindow']     = isset($_REQUEST['pprredirect_newwindow'])     ? $this->isOne_none(intval($_REQUEST['pprredirect_newwindow'])) : '';
+            $my_meta_data['_pprredirect_newwindow']     = isset($_REQUEST['pprredirect_newwindow'])     ? $this->isOne_none(sanitize_text_field($_REQUEST['pprredirect_newwindow']))    : '';
             $my_meta_data['_pprredirect_relnofollow']   = isset($_REQUEST['pprredirect_relnofollow'])   ? $this->isOne_none(intval( $_REQUEST['pprredirect_relnofollow']))  : '';
             $my_meta_data['_pprredirect_type']          = isset($_REQUEST['pprredirect_type'])          ? sanitize_text_field( $_REQUEST['pprredirect_type'] )  : '';
             $my_meta_data['_pprredirect_rewritelink']   = isset($_REQUEST['pprredirect_rewritelink'])   ? $this->isOne_none(intval( $_REQUEST['pprredirect_rewritelink']))  : '';
-            $my_meta_data['_pprredirect_url']           = isset($_REQUEST['pprredirect_url'])           ? esc_url_raw( sanitize_url($_REQUEST['pprredirect_url']), $protocols ) : '';
+            $my_meta_data['_pprredirect_url']           = isset($_REQUEST['pprredirect_url'])           ? esc_url_raw( $_REQUEST['pprredirect_url'], $protocols ) : '';
             $my_meta_data['_pprredirect_meta_secs']     = isset($_REQUEST['pprredirect_meta_secs']) &&  (int) $_REQUEST['pprredirect_meta_secs'] > 0 ? (int) $_REQUEST['pprredirect_meta_secs'] : '';
-
 
 //          function qppr_sanitize_pprredirect_active_meta( $meta_value ) {
 //              return absint( $meta_value );
 //          }
-            add_filter( 'sanitize_post_meta__pprredirect_newwindow', 'qppr_sanitize_pprredirect_active_meta', 10, 1 );
-            add_filter( 'sanitize_post_meta__pprredirect_active', 'qppr_sanitize_pprredirect_active_meta', 10, 1 );
+            add_filter( 'sanitize_post_meta__pprredirect_newwindow', 'qppr_sanitize_pprredirect_newwindow_meta', 10, 1 );
             add_filter( 'sanitize_post_meta__pprredirect_active', 'qppr_sanitize_pprredirect_active_meta', 10, 1 );
 
@@ -2348 +2347 @@
     <div class="wrap" style="position:relative;">
         <h2><?php echo __( 'Meta Redirect Settings', 'quick-pagepost-redirect-plugin' );?></h2>
-        <?php if ( ! empty( sanitize_text_field($_GET['settings-updated']) ) ) : ?><div id="message" class="updated notice is-dismissible"><p><?php echo __( 'Settings Updated', 'quick-pagepost-redirect-plugin' );?></p></div><?php endif; ?>
+        <?php if ( ! empty( $_GET['settings-updated'] ) && sanitize_text_field( $_GET['settings-updated'] ) ) : ?><div id="message" class="updated notice is-dismissible"><p><?php echo __( 'Settings Updated', 'quick-pagepost-redirect-plugin' );?></p></div><?php endif; ?>
         <p><?php echo __( 'This section is for updating options for redirects that use the "meta refresh" funcitonality for redirecting.', 'quick-pagepost-redirect-plugin' );?></p>
         <p><?php echo __( 'Using the setting below, you can add elements or a message to the page that is loaded before tht redirect, or just allow the page to load as normal until the redirect reaches the number of seconds you have set below.', 'quick-pagepost-redirect-plugin' );?></p>

quick-pagepost-redirect-plugin/trunk/readme.txt

@@ -6 +6 @@
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
-Tested up to: 5.9.1
-Stable tag: 5.2.3
+Tested up to: 6.2.2
+Stable tag: 5.2.4
 
 Easily redirect pages/posts or custom post types to another page/post or external URL by specifying the redirect URL and type (301, 302, 307, meta).
 
 == Description ==
-**Current Version 5.2.3**
+**Current Version 5.2.4**
 
 This plugin has two redirect functionalities - **"Quick Redirects"** and **"Individual Redirects"**:
@@ -182 +182 @@
 * THIS SECTION IS JUST TO KEEP TRACK OF TODO ITEMS FOR FUTURE UPDATES.
 * Add New Window and No Follow to links where the URL has been rewritten. Currently if you rewrite the URL neither will work as they are referenced with the original URL, not the rewrite.
+
+= 5.2.4 =
+* **Vulnerability from XSS attacks fixed
 
 = 5.2.3 =