WordPress.org
Get WordPress

Plugin Directory

Changeset 2418972


Ignore:
Timestamp:
11/15/2020 02:06:06 PM (5 years ago)
Author:
upstreamplugin
Message:

1.38.4

Location:
upstream/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • upstream/trunk/includes.php

    r2417603 r2418972  
    11<?php
    2 define('UPSTREAM_VERSION', '1.38.3');
     2define('UPSTREAM_VERSION', '1.38.4');
    33
    44global $upstream_addon_requirements;

  • upstream/trunk/includes/class-up-comments.php

    r2417454 r2418972  
    293293            $user_id = get_current_user_id();
    294294
    295             $comment_content = stripslashes(sanitize_textarea_field($_POST['content']));
     295            $comment_content = stripslashes(wp_kses_post($_POST['content']));
    296296
    297297            $item_title = isset($_POST['item_title']) ? sanitize_text_field($_POST['item_title']) : '';
     
    379379            }
    380380
    381             $item_id = (int)$_POST['item_id'];
     381            // could be alnum ID
     382            $item_id = sanitize_text_field($_POST['item_id']);
    382383
    383384            // Check if the project exists.
     
    411412            $user_id = get_current_user_id();
    412413
    413             $comment                    = new Comment(stripslashes(sanitize_textarea_field( $_POST['content'])), $project_id, $user_id);
     414            $comment                    = new Comment(stripslashes(wp_kses_post( $_POST['content'])), $project_id, $user_id);
    414415            $comment->parent_id         = (int)$_POST['parent_id'];
    415416            $comment->created_by->ip    = preg_replace('/[^0-9a-fA-F:., ]/', '', $_SERVER['REMOTE_ADDR']);

  • upstream/trunk/readme.txt

    r2417603 r2418972  
    55Tested up to: 5.5
    66Requires PHP: 5.6.20
    7 Stable tag: 1.38.3
     7Stable tag: 1.38.4
    88License: GPL-3
    99License URI: https://www.gnu.org/licenses/gpl-3.0.html
     
    142142The format is based on [Keep a Changelog](http://keepachangelog.com)
    143143and this project adheres to [Semantic Versioning](http://semver.org).
     144
     145= [1.38.4] - 2020-11-15 =
     146* Fixed comment posting bug
     147* Fixed removal of newlines in comments
    144148
    145149= [1.38.3] - 2020-11-13 =

  • upstream/trunk/templates/single-project/details.php

    r2417454 r2418972  
    7070                        <?php if (upstream_override_access_field(true, UPSTREAM_ITEM_TYPE_PROJECT, $project_id, null, 0, 'start', UPSTREAM_PERMISSIONS_ACTION_VIEW) &&
    7171                            upstream_override_access_field(true, UPSTREAM_ITEM_TYPE_PROJECT, $project_id, null, 0, 'end', UPSTREAM_PERMISSIONS_ACTION_VIEW)): ?>
    72                         <span><?php echo esc_html($projectTimeframe); ?></span>
     72                        <span><?php echo $projectTimeframe; /* already sanitized */ ?></span>
    7373                        <?php else: ?>
    7474                            <span class="label up-o-label" style="background-color:#666;color:#fff">(hidden)</span>

  • upstream/trunk/upstream.php

    r2417603 r2418972  
    55 * Author: UpStream
    66 * Author URI: https://upstreamplugin.com
    7  * Version: 1.38.3
     7 * Version: 1.38.4
    88 * Text Domain: upstream
    99 * Domain Path: /languages
Note: See TracChangeset for help on using the changeset viewer.