Changeset 3344142

Timestamp:

08/13/2025 07:08:14 PM (6 months ago)

Author:

hiroprot

Message:

Security fix: the content page is now sanitized before display to prevent XSS attacks.

Location:

terms-before-download

Files:

• tags/1.0.5 (added)
• tags/1.0.5/readme.txt (added)
• tags/1.0.5/terms-before-download.php (added)
• trunk/readme.txt (modified) (2 diffs)
• trunk/terms-before-download.php (modified) (2 diffs)

terms-before-download/trunk/readme.txt

@@ -3 +3 @@
 Tags: download,terms,eula,license
 Requires at least: 3.5
-Tested up to: 5.8.1
+Tested up to: 6.8.2
 Stable tag: trunk
 License: GPL2
@@ -68 +68 @@
 == Changelog ==
 
+= 1.0.5 =
+* Security fix: the content page is now sanitized before display to prevent XSS attacks.
+
 = 1.0.4 =
 * Bugfix: multiple links on the same page always pointed to the first URL on the page. This was introduced in 1.0.3.

terms-before-download/trunk/terms-before-download.php

@@ -4 +4 @@
  * Plugin URI: https://helgeklein.com/free-tools/terms-download/
  * Description: Shows a popup dialog with terms and conditions (EULA) that must be accepted before a file can be downloaded
- * Version: 1.0.4
+ * Version: 1.0.5
  * Author: Helge Klein
  * Author URI: https://helgeklein.com
@@ -65 +65 @@
 
    // Get the terms page content, allowing for nested shortcodes
-   $terms_page_content = do_shortcode ($terms_page->post_content);
+   $terms_page_content = wp_kses_post(do_shortcode ($terms_page->post_content));
    // Convert double line breaks into paragraphs, replacing \n with <br /> to the string
    $terms_page_content = wpautop($terms_page_content);