Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3341756

Timestamp:

08/08/2025 04:30:12 PM (8 months ago)

Author:

vladimir.s

Message:

Terms descriptions v.3.4.9. Bug fixes: XSS vulnerability fixed

Location:

terms-descriptions/trunk

Files:

: 7 edited

ajax/td_terms_ajax.php (modified) (4 diffs)
includes/parsers/td_parser.php (modified) (1 diff)
includes/parsers/td_simple_parser.php (modified) (1 diff)
includes/td_admin_options.php (modified) (3 diffs)
includes/td_options.php (modified) (2 diffs)
readme.txt (modified) (2 diffs)
terms-descriptions.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

terms-descriptions/trunk/ajax/td_terms_ajax.php

-                      r3211640
+                      r3341756
     switch ($_POST['td_content_type']) {
         case 'ext_link' :
             $term_link = $_POST['td_link'];
+            $term_link = htmlspecialchars($_POST['td_link']);
             if (!preg_match('/^\w{3,5}\:\/\//i', $term_link)) {
                 $term_link = 'http://' . $term_link;
+            }
             $link_title = $term_link;
             $trimmedTitle = trim($_POST['td_title']);
+            $trimmedTitle = htmlspecialchars(trim($_POST['td_title']));
             if ( isset( $_POST[ 'td_title' ] ) && !empty($trimmedTitle) ) {
                 $link_title = $trimmedTitle;
 …
                                't_post_url'   => $term_link,
                                't_post_type'  => $_POST['td_content_type'],
                                't_term'       => $_POST['td_term'],
+                               't_term'       => $term,
                                't_use_in_post_types' => serialize($_POST['t_use_in_post_types']),
                             );
 …
                                't_post_url'   => $term_link,
                                't_post_type'  => $_POST['td_content_type'],
                                't_term'       => $_POST['td_term'],
+                               't_term'       => $term,
                                't_use_in_post_types' => serialize($_POST['t_use_in_post_types']),
                             );
 …
                                't_post_url'   => $term_link,
                                't_post_type'  => $_POST['td_content_type'],
                                't_term'       => $_POST['td_term'],
+                               't_term'       => $term,
                                't_use_in_post_types' => serialize($_POST['t_use_in_post_types']),
                             );

terms-descriptions/trunk/includes/parsers/td_parser.php

r2754088	r3341756
28	28	$new_terms[ $i ] = $term;
29	29	$new_terms[ $i ][ 't_term' ] = $prepared_term;
	30	$new_terms[ $i ][ 't_post_title' ] = htmlspecialchars($term[ 't_post_title' ]);
	31	$new_terms[ $i ][ 't_post_url' ] = htmlspecialchars($term[ 't_post_url' ]);
30	32	}
31	33	}

terms-descriptions/trunk/includes/parsers/td_simple_parser.php

r2902998	r3341756
127	127	//adding links to terms
128	128	foreach ( $matches[0] as $match ) {
129		//is their a text before this occurrence?
	129	//is there a text before this occurrence?
130	130	$length = $match[1] - $start_pos;
131	131	if ( $length > 0 ) {

terms-descriptions/trunk/includes/td_admin_options.php

-                      r2902998
+                      r3341756
 <?php
+require_once TD_DIR . 'includes/utils.php';
 /**
  * This class creates Options page in Terms menu
 …
             $options = $terms_class->get_default_options();
             add_option( 'td_options', $options );
+        }
+        foreach ($options as $key => $value) {
+            $options[$key] = preg_replace('/"/i', '&quot;', $value);
+        }
 ?>
 …
             $input[ 'additional_filters' ] = '';
+        }
+        foreach ($input as $key => $value) {
+            $input[$key] = td_sanitize_XSS($value);
+        }
         if ( false !== $old_options ) {
             return array_merge( $old_options, $input );

terms-descriptions/trunk/includes/td_options.php

r2902998	r3341756
1	1	<?php
	2
	3	require_once TD_DIR . 'includes/utils.php';
	4
2	5	class SCO_TD_Options {
3	6	private $options = array();
…	…
44	47	return false;
45	48	}
46		return ~~$this->options[ $name ]~~;
	49	return td_sanitize_XSS($this->options[ $name ]);
47	50	}
48	51	}

terms-descriptions/trunk/readme.txt

-                      r3211640
+                      r3341756
 === Terms descriptions ===
 Contributors: vladimir.s
 Tags: post, page, links, plugin, link building, cross linking, seo
+Tags: post, page, links, link building, cross linking
 Requires at least: 4.1
 Tested up to: 6.6.2
+Tested up to: 6.8.2
 Stable tag: trunk
+License: GPLv3
+License URI: https://www.gnu.org/licenses/gpl-3.0.html
 This plugin allows you to create list of terms and assign links to them. Plugin replaces terms occurrences in your posts with appropriate links.
+== Description ==
 The main purpose of this plugin is easy link building.
 …
 == Changelog ==
+= 3.4.9 =
+* Bug fixes: XSS vulnerability fixed
 = 3.4.8 =

terms-descriptions/trunk/terms-descriptions.php

r3211640	r3341756
4	4	Plugin URI: https://simplecoding.org/plagin-wordpress-terms-descriptions
5	5	Description: This plugin allows you to create list of terms and assign links to them. Plugin automatically replaces terms occurrences in your posts with appropriate links. You can control the number of replacements. After activation you can create terms list on plugin administration page (Tools -> Terms Descriptions).
6		Version: 3.4.8
	6	Version: 3.4.9
7	7	Author: Vladimir Statsenko
8	8	Author URI: https://simplecoding.org

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory