WordPress.org
Get WordPress

Plugin Directory

Changeset 1547028


Ignore:
Timestamp:
12/07/2016 06:50:08 AM (9 years ago)
Author:
MrWiblog
Message:

0.5.2 Fixed un-encoded output related to XSS bug

Location:
check-email/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • check-email/trunk/check-email.php

    r1537145 r1547028  
    55Description: Check email allows you to test if your WordPress installation is sending emails correctly.
    66Text Domain: check-email
    7 Version: 0.5.1
     7Version: 0.5.2
    88Author: Chris Taylor
    99Author URI: http://www.stillbreathing.co.uk
     
    1616$register->slug = "checkemail";
    1717$register->name = "Check Email";
    18 $register->version = "0.5.1";
     18$register->version = "0.5.2";
    1919$register->developer = "Chris Taylor";
    2020$register->homepage = "http://www.stillbreathing.co.uk";
     
    9999    <p>' . __( "Add X header:", "check-email" ) . ' ' . ini_get("mail.add_x_header") . '</p>
    100100   
    101     <h3>' . __( "Send a test email", "check-meail" ) . '</h3>
     101    <h3>' . __( "Send a test email", "check-email" ) . '</h3>
    102102    <form action="tools.php?page=checkemail" method="post">
    103103    <p><label for="checkemail_to">' . __( "Send test email to:", "check-email" ) . '</label>
    104104    <input type="text" name="checkemail_to" id="checkemail_to" class="text"';
    105105        if ( isset( $_POST["checkemail_to"] ) ) {
    106             echo ' value="' . $_POST["checkemail_to"] . '"';
     106            echo ' value="' . esc_attr( $_POST["checkemail_to"] ) . '"';
    107107        }
    108108        echo ' /></p>
     
    135135        <input type="text" name="checkemail_mime" id="checkemail_mime" value="';
    136136        if ( isset( $_POST["checkemail_mime"] ) ) {
    137             echo $_POST["checkemail_mime"];
     137            echo esc_attr( $_POST["checkemail_mime"] );
    138138        } else {
    139139            echo '1.0';
     
    143143        <input type="text" name="checkemail_type" id="checkemail_type" value="';
    144144        if ( isset( $_POST["checkemail_type"] ) ) {
    145             echo $_POST["checkemail_type"];
     145            echo esc_attr( $_POST["checkemail_type"] );
    146146        } else {
    147147            echo 'text/html; charset=iso-8859-1';
     
    151151        <input type="text" name="checkemail_from" id="checkemail_from" value="';
    152152        if ( isset( $_POST["checkemail_from"] ) ) {
    153             echo $_POST["checkemail_from"];
     153            echo esc_attr( $_POST["checkemail_from"] );
    154154        } else {
    155155            echo $current_user->user_email;
     
    159159        <textarea name="checkemail_cc" id="checkemail_cc" cols="30" rows="4" class="text">';
    160160        if ( isset( $_POST["checkemail_cc"] ) ) {
    161             echo $_POST["checkemail_cc"];
     161            echo esc_textarea( $_POST["checkemail_cc"] );
    162162        }
    163163        echo '</textarea></p>

  • check-email/trunk/readme.txt

    r1537145 r1547028  
    55Requires at least: 2.7
    66Tested up to: 4.6.1
    7 Stable tag: 0.5.1
     7Stable tag: 0.5.2
    88
    99Check email allows you to test if your WordPress installation is sending emails correctly by sending a test email to an address of your choice. Allows overriding of email headers and carbon copying to another address.
     
    2727== Changelog ==
    2828
     290.5.2 Fixed un-encoded output related to XSS bug
    29300.5.1 Properly fixed XSS vulnerability (apologies)
    30310.5 Fixed XSS vulnerability found by Antonis Manaras
Note: See TracChangeset for help on using the changeset viewer.