Plugin Directory

Changeset 3344142


Ignore:
Timestamp:
08/13/2025 07:08:14 PM (6 months ago)
Author:
hiroprot
Message:

Security fix: the content page is now sanitized before display to prevent XSS attacks.

Location:
terms-before-download
Files:
3 added
2 edited

Legend:

Unmodified
Added
Removed
  • terms-before-download/trunk/readme.txt

    r2609043 r3344142  
    33Tags: download,terms,eula,license
    44Requires at least: 3.5
    5 Tested up to: 5.8.1
     5Tested up to: 6.8.2
    66Stable tag: trunk
    77License: GPL2
     
    6868== Changelog ==
    6969
     70= 1.0.5 =
     71* Security fix: the content page is now sanitized before display to prevent XSS attacks.
     72
    7073= 1.0.4 =
    7174* Bugfix: multiple links on the same page always pointed to the first URL on the page. This was introduced in 1.0.3.
  • terms-before-download/trunk/terms-before-download.php

    r2609043 r3344142  
    44 * Plugin URI: https://helgeklein.com/free-tools/terms-download/
    55 * Description: Shows a popup dialog with terms and conditions (EULA) that must be accepted before a file can be downloaded
    6  * Version: 1.0.4
     6 * Version: 1.0.5
    77 * Author: Helge Klein
    88 * Author URI: https://helgeklein.com
     
    6565
    6666   // Get the terms page content, allowing for nested shortcodes
    67    $terms_page_content = do_shortcode ($terms_page->post_content);
     67   $terms_page_content = wp_kses_post(do_shortcode ($terms_page->post_content));
    6868   // Convert double line breaks into paragraphs, replacing \n with <br /> to the string
    6969   $terms_page_content = wpautop($terms_page_content);
Note: See TracChangeset for help on using the changeset viewer.