WordPress.org
Get WordPress

Plugin Directory

Changeset 2374159


Ignore:
Timestamp:
09/02/2020 09:45:49 PM (6 years ago)
Author:
bompus
Message:

3.5.4

Location:
wp-customer-reviews/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • wp-customer-reviews/trunk/changelog.txt

    r2373284 r2374159  
     1= 3.5.4 =
     2* 09/02/2020
     3* [NOTICE] PLEASE UPGRADE TO THIS VERSION.
     4* [Bugfix] Workaround to prevent plugins / web servers from interfering with our security checks.
     5
    16= 3.5.3 =
    27* 09/01/2020
    3 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    48* [Bugfix] A tags in review content allow href/title/target/rel/style/class attributes.
    59* [Bugfix] IMG tags in review content allow src/alt/width/height/style/class attributes.
     
    711= 3.5.2 =
    812* 08/31/2020
    9 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    1013* [Bugfix] Allow img tags with safe attributes to appear in review content.
    1114
    1215= 3.5.1 =
    1316* 08/29/2020
    14 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    1517* [Bugfix] Fixed PHP errors being displayed on frontend review pages when custom fields are enabled in plugin settings.
    1618
     
    2123= 3.5.0 =
    2224* 08/26/2020
    23 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    2425* [Security] There have been reported attempts to inject code into your website / admin area, which this version aims to prevent. This should also prevent some spam submission attempts.
    2526

  • wp-customer-reviews/trunk/readme.txt

    r2373284 r2374159  
    55Requires at least: 3.0.0
    66Tested up to: 5.5
    7 Stable tag: 3.5.3
     7Stable tag: 3.5.4
    88License: MIT
    99License URI: http://opensource.org/licenses/MIT
     
    6363== Changelog ==
    6464
     65= 3.5.4 =
     66* 09/02/2020
     67* [NOTICE] PLEASE UPGRADE TO THIS VERSION.
     68* [Bugfix] Workaround to prevent plugins / web servers from interfering with our security checks.
     69
    6570= 3.5.3 =
    6671* 09/01/2020
    67 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    6872* [Bugfix] A tags in review content allow href/title/target/rel/style/class attributes.
    6973* [Bugfix] IMG tags in review content allow src/alt/width/height/style/class attributes.
     
    7175= 3.5.2 =
    7276* 08/31/2020
    73 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    7477* [Bugfix] Allow img tags with safe attributes to appear in review content.
    7578
    7679= 3.5.1 =
    7780* 08/29/2020
    78 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    7981* [Bugfix] Fixed PHP errors being displayed on frontend review pages when custom fields are enabled in plugin settings.
    8082
     
    8587= 3.5.0 =
    8688* 08/26/2020
    87 * [NOTICE] PLEASE UPGRADE TO THIS VERSION.
    8889* [Security] There have been reported attempts to inject code into your website / admin area, which this version aims to prevent. This should also prevent some spam submission attempts.
    8990

  • wp-customer-reviews/trunk/wp-customer-reviews-3.php

    r2373284 r2374159  
    44 * Plugin URI: http://www.gowebsolutions.com/wp-customer-reviews/
    55 * Description: Allows your visitors to leave business / product reviews. Testimonials are in Microdata / Microformat and may display star ratings in search results.
    6  * Version: 3.5.3
     6 * Version: 3.5.4
    77 * Author: Go Web Solutions
    88 * Author URI: http://www.gowebsolutions.com/
     
    938938        $posted = new stdClass();
    939939        foreach ($this->p as $k => $v) {
     940            $k = str_replace($this->prefix.'_', '', $k);
     941            $posted->$k = $v;
     942        }
     943       
     944        $params = array(
     945            'ajaxAct2', 'postid', 'checkid2',
     946            'fconfirm1', 'fconfirm2', 'fconfirm3',
     947            'url', 'website',
     948            'femail', 'fname', 'frating', 'ftitle', 'fwebsite',
     949            'pageOpts', 'page', 'on_postid'
     950        );
     951
     952        foreach($this->options['custom_fields'] as $name => $fieldArr) {
     953            $params[] = $name;
     954        }
     955
     956        $this->param($params, $posted);
     957
     958        // loop over expected params to check XSS
     959        // because plugins/servers sometimes inject vars into $_GET and $_POST, and...
     960        // $this->p, $this->posted then ends up with more than expected
     961        foreach ($params as $k) {
     962            $v = $posted->$k;
     963
    940964            if ($this->isXssAttempt($v) === true) {
    941965                $rtn->err[] = 'You have failed the spambot check. Code 0';
     
    943967            }
    944968
    945             $k = str_replace($this->prefix.'_', '', $k);
    946969            $posted->$k = trim(strip_tags($v));
    947970        }
    948        
    949         $params = array('checkid2', 'ajaxAct2', 'postid', 'on_postid', 'fname', 'femail', 'page', 'pageOpts');
    950         $this->param($params, $posted);
    951971
    952972        $ajaxAct = $posted->ajaxAct2;
Note: See TracChangeset for help on using the changeset viewer.