WordPress.org
Get WordPress

Plugin Directory

Changeset 2654503


Ignore:
Timestamp:
01/08/2022 10:15:58 AM (4 years ago)
Author:
visser
Message:

Sanitize GET and POST form attributes (thanks for reporting)

Location:
woocommerce-store-toolkit/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • woocommerce-store-toolkit/trunk/includes/admin.php

    r2532824 r2654503  
    486486
    487487    if( isset( $_GET['tab'] ) && !$tab )
    488         $tab = $_GET['tab'];
     488        $tab = sanitize_text_field( $_GET['tab'] );
    489489    else
    490490        $tab = 'overview';
     
    604604            include_once( WOO_ST_PATH . 'templates/admin/tabs-' . $tab . '.php' );
    605605        } else {
    606             $message = sprintf( __( 'We couldn\'t load the export template file <code>%s</code> within <code>%s</code>, this file should be present.', 'woocommerce-store-toolkit' ), 'tabs-' . $tab . '.php', WOO_CD_PATH . 'templates/admin/...' );
     606            $message = sprintf( __( 'We couldn\'t load the export template file <code>%s</code> within <code>%s</code>, this file should be present.', 'woocommerce-store-toolkit' ), 'tabs-' . esc_attr( $tab ) . '.php', WOO_CD_PATH . 'templates/admin/...' );
    607607            woo_st_admin_notice_html( $message, 'error' );
    608608            ob_start(); ?>

  • woocommerce-store-toolkit/trunk/includes/admin/meta_box.php

    r2111093 r2654503  
    559559    );
    560560    $total_orders = woo_st_get_user_orders( $user_id, $args, 'found_posts' );
    561     $paged = ( isset( $_GET['paged'] ) ? $_GET['paged'] : 1 );
     561    $paged = ( isset( $_GET['paged'] ) ? absint( $_GET['paged'] ) : 1 );
    562562    if( !empty( $paged ) )
    563563        $args['paged'] = $paged;

  • woocommerce-store-toolkit/trunk/includes/common.php

    r1629613 r2654503  
    2626
    2727            if( isset( $_GET['action'] ) )
    28                 $action = $_GET['action'];
     28                $action = sanitize_text_field( $_GET['action'] );
    2929            else if( !isset( $action ) && isset( $_POST['action'] ) )
    30                 $action = $_POST['action'];
     30                $action = sanitize_text_field( $_POST['action'] );
    3131            else
    3232                $action = false;
     
    3535
    3636            if( isset( $_POST['action'] ) )
    37                 $action = $_POST['action'];
     37                $action = sanitize_text_field( $_POST['action'] );
    3838            else if( !isset( $action ) && isset( $_GET['action'] ) )
    39                 $action = $_GET['action'];
     39                $action = sanitize_text_field( $_GET['action'] );
    4040            else
    4141                $action = false;

  • woocommerce-store-toolkit/trunk/readme.txt

    r2630779 r2654503  
    66Requires at least: 2.9.2
    77Tested up to: 5.8.2
    8 Stable tag: 2.3.1
     8Stable tag: 2.3.2
    99License: GPLv2 or later
    1010
     
    123123== Changelog ==
    124124
     125= 2.3.2 =
     126* Fixed: Sanitize GET and POST form attributes (thanks for reporting)
     127
    125128= 2.3.1 =
    126129* Added: Delete Products by Product Status

  • woocommerce-store-toolkit/trunk/store-toolkit.php

    r2626818 r2654503  
    44Plugin URI: https://wordpress.org/plugins/woocommerce-store-toolkit/
    55Description: Store Toolkit includes a growing set of commonly-used WooCommerce administration tools aimed at web developers and store maintainers.
    6 Version: 2.3.1
     6Version: 2.3.2
    77Author: Visser Labs
    88Author URI: http://www.visser.com.au/about/
     
    299299        $tab = false;
    300300        if( isset( $_GET['tab'] ) )
    301             $tab = $_GET['tab'];
     301            $tab = sanitize_text_field( $_GET['tab'] );
    302302
    303303        include_once( WOO_ST_PATH . 'templates/admin/tabs.php' );
Note: See TracChangeset for help on using the changeset viewer.