Changeset 2769680
- Timestamp:
- 08/12/2022 09:24:14 AM (4 years ago)
- Location:
- fast-flow-dashboard/trunk
- Files:
-
- 7 edited
-
fastflow.php (modified) (1 diff)
-
includes/fast-tagger-init.php (modified) (1 diff)
-
includes/fast-tagger-pages.php (modified) (2 diffs)
-
lib/class.color_schema.screen.opt.php (modified) (1 diff)
-
lib/class.fastflow-addons.php (modified) (1 diff)
-
lib/class.fastflow.widgets.interface.php (modified) (3 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
fast-flow-dashboard/trunk/fastflow.php
r2708173 r2769680 5 5 * Plugin URI: https://fastflow.io 6 6 * Description: User tagging and dashboard plugin for Fast Flow system 7 * Version: 1.2.1 17 * Version: 1.2.12 8 8 * Author: FastFlow.io 9 9 * Author URI: https://fastflow.io -
fast-flow-dashboard/trunk/includes/fast-tagger-init.php
r2558992 r2769680 788 788 $previous = get_term_meta($term_id,'tag_color',true); 789 789 790 update_term_meta($term_id,'tag_color', $_POST['color'],$previous);790 update_term_meta($term_id,'tag_color',wp_filter_nohtml_kses($_POST['color']),$previous); 791 791 792 792 } -
fast-flow-dashboard/trunk/includes/fast-tagger-pages.php
r2708173 r2769680 172 172 <div class="alignleft actions"> 173 173 <form id="tag-filter" method="get"> 174 <input type="hidden" name="page" value="<?php echo $_REQUEST['page']?>" />174 <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" /> 175 175 <?php $ft_list_table->display(); ?> 176 176 </form> … … 267 267 <form id="fast-tagged-users" method="post"> 268 268 <!-- For plugins, we also need to ensure that the form posts back to our current page --> 269 <input type="hidden" name="page" value="<?php echo $_REQUEST['page']?>" />269 <input type="hidden" name="page" value="<?php echo esc_attr($_REQUEST['page']); ?>" /> 270 270 <input type="hidden" name="action" value="tag_or_type_filter" /> 271 271 <?php wp_nonce_field( 'tag_or_type_filter', 'tag_or_type_filter' ); ?> -
fast-flow-dashboard/trunk/lib/class.color_schema.screen.opt.php
r2038496 r2769680 198 198 { 199 199 check_ajax_referer(self::NONCE, 'nonce'); 200 $screen = isset($_POST['screen']) ? $_POST['screen']: false;201 $color_schema = isset($_POST['color_schema']) ? $_POST['color_schema']: false;202 $is_minimal_color_schema = isset($_POST['is_minimal_color_schema']) ? $_POST['is_minimal_color_schema']: 0;200 $screen = isset($_POST['screen']) ? wp_filter_nohtml_kses($_POST['screen']) : false; 201 $color_schema = isset($_POST['color_schema']) ? wp_filter_nohtml_kses($_POST['color_schema']) : false; 202 $is_minimal_color_schema = isset($_POST['is_minimal_color_schema']) ? wp_filter_nohtml_kses($_POST['is_minimal_color_schema']) : 0; 203 203 204 204 if(!$screen || !($user = wp_get_current_user())) -
fast-flow-dashboard/trunk/lib/class.fastflow-addons.php
r2323449 r2769680 241 241 $params = self::get_param_data(); 242 242 $params['_ff_data_action'] = 'get_prod'; 243 $params['_ff_data_source'] = $_POST['value'];243 $params['_ff_data_source'] = esc_html($_POST['value']); 244 244 $request_param = array( 245 245 'timeout' => 90, -
fast-flow-dashboard/trunk/lib/class.fastflow.widgets.interface.php
r2689915 r2769680 482 482 483 483 <?php 484 $p = isset($_REQUEST['p'])? $_REQUEST['p']:1;484 $p = isset($_REQUEST['p'])?esc_attr($_REQUEST['p']):1; 485 485 $fm_is_welcome_panel_enabled = get_user_option( 486 486 sprintf('fm_is_welcome_panel_enabled_%s', sanitize_key(get_current_screen()->id)), … … 513 513 </div> 514 514 515 <form action="<?php echo admin_url('admin.php?page=fast-flow&p='. $p);?>" name="form-<?php echo $p;?>" id="form-<?php echo $p;?>" method="post">515 <form action="<?php echo admin_url('admin.php?page=fast-flow&p='.esc_attr($p));?>" name="form-<?php echo esc_attr($p);?>" id="form-<?php echo esc_attr($p);?>" method="post"> 516 516 517 517 <?php wp_nonce_field('closedpostboxes', 'closedpostboxesnonce', true ); ?> … … 519 519 <?php wp_nonce_field('meta-box-order', 'meta-box-order-nonce', true ); ?> 520 520 521 <input type="hidden" name="action" value="action-metabox-<?php echo $p;?>">521 <input type="hidden" name="action" value="action-metabox-<?php echo esc_attr($p);?>"> 522 522 523 523 <?php wp_nonce_field( 'action-nonce' );?> -
fast-flow-dashboard/trunk/readme.txt
r2708173 r2769680 3 3 Tags: fastflow, fast flow, dashboard, user tags 4 4 Requires at least: 4 5 Tested up to: 5.96 Requires PHP: 5.25 Tested up to: 6 6 Requires PHP: 7.4 7 7 Stable tag: trunk 8 8 License: GPL … … 64 64 65 65 == Changelog == 66 67 = 1.2.12 = 68 69 Fix for potential admin XSS 66 70 67 71 = 1.2.11 =
Note: See TracChangeset
for help on using the changeset viewer.