WordPress.org
Get WordPress

Plugin Directory

Changeset 3372942


Ignore:
Timestamp:
10/04/2025 07:22:13 PM (6 months ago)
Author:
vladimir.s
Message:

Terms Descriptions v.3.4.9. Bug fixes: XSS vulnerability fixed with WP XSS framework

Location:
terms-descriptions/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • terms-descriptions/trunk/ajax/td_terms_ajax.php

    r3341756 r3372942  
    7171
    7272function td_prepare_term_data($res) {
    73     $term = preg_replace('/>/', '&gt;', preg_replace('/</', '&lt;', $_POST['td_term']));
     73    $term = htmlspecialchars($_POST['td_term']);
    7474    switch ($_POST['td_content_type']) {
    7575        case 'ext_link' :
    76             $term_link = htmlspecialchars($_POST['td_link']);
     76            $term_link = sanitize_url($_POST['td_link']);
    7777            if (!preg_match('/^\w{3,5}\:\/\//i', $term_link)) {
    7878                $term_link = 'http://' . $term_link;
    7979            }
    8080            $link_title = $term_link;
    81             $trimmedTitle = htmlspecialchars(trim($_POST['td_title']));
     81            $trimmedTitle = wp_kses(trim($_POST['td_title']), 'post');
    8282            if ( isset( $_POST[ 'td_title' ] ) && !empty($trimmedTitle) ) {
    8383                $link_title = $trimmedTitle;

  • terms-descriptions/trunk/includes/parsers/td_parser.php

    r3341756 r3372942  
    2828                    $new_terms[ $i ] = $term;
    2929                    $new_terms[ $i ][ 't_term' ] = $prepared_term;
    30                     $new_terms[ $i ][ 't_post_title' ] = htmlspecialchars($term[ 't_post_title' ]);
    31                     $new_terms[ $i ][ 't_post_url' ] = htmlspecialchars($term[ 't_post_url' ]);
     30                    if (isset($term[ 't_post_title' ])) {
     31                        $new_terms[ $i ][ 't_post_title' ] = wp_kses($term[ 't_post_title' ], 'post');
     32                    }
     33                    if (isset($term[ 't_post_url' ])) {
     34                        $new_terms[ $i ][ 't_post_url' ] = sanitize_url($term[ 't_post_url' ]);
     35                    }
    3236                }
    3337            }

  • terms-descriptions/trunk/includes/td_admin_options.php

    r3341756 r3372942  
    11<?php
    2 
    3 require_once TD_DIR . 'includes/utils.php';
    42
    53/**
     
    327325
    328326        foreach ($input as $key => $value) {
    329             $input[$key] = td_sanitize_XSS($value);
     327            $input[$key] = wp_kses_post($value);
    330328        }
    331329

  • terms-descriptions/trunk/includes/td_options.php

    r3341756 r3372942  
    11<?php
    2 
    3 require_once TD_DIR . 'includes/utils.php';
    42
    53class SCO_TD_Options {
     
    4745            return false;
    4846        }
    49         return td_sanitize_XSS($this->options[ $name ]);
     47        return wp_kses_post($this->options[ $name ]);
    5048    }
    5149}

  • terms-descriptions/trunk/tests/mockpress/includes/filtering.php

    r928266 r3372942  
    33// stub functions for filtering. these do not filter!
    44
    5 function esc_html($string) { return $string; }
    6 function esc_attr($string) { return $string; }
     5// function esc_html($string) { return $string; }
     6// function esc_attr($string) { return $string; }
    77function attribute_escape($string) { return $string; }
    8 function esc_js($string) { return $string; }
    9 function wp_filter_nohtml_kses($string) { return $string; }
     8// function esc_js($string) { return $string; }
     9// function wp_filter_nohtml_kses($string) { return $string; }

  • terms-descriptions/trunk/tests/mockpress/mockpress.php

    r2902998 r3372942  
    1313require_once('includes/filtering.php');
    1414require_once('includes/comments.php');
     15require_once('includes/functions.php');
     16require_once('includes/formatting.php');
     17require_once('includes/kses.php');
    1518
    1619/**
     
    149152/** String Utility Functions **/
    150153
    151 /**
    152  * Remove a trailing slash from a string if it exists.
    153  * @param string $string The string to check for trailing slashes.
    154  * @return string The string with a trailing slash removed, if necessary.
    155  */
    156 function untrailingslashit($string) {
    157     return preg_replace('#/$#', '', $string);
    158 }
    159 
    160 /**
    161  * Add a trailing slash to a string if it does not exist.
    162  * @param string $string The string to which a trailing slash should be added.
    163  * @return string The string with a trailing slash added, if necessary.
    164  */
    165 function trailingslashit($string) {
    166     return preg_replace('#([^/])$#', '\1/', $string);
    167 }
    168 
    169154function user_trailingslashit($string, $type_of_url = '') {
    170155    $which = 'untrailingslashit';
     
    175160    }
    176161    return call_user_func($which, $string);
    177 }
    178 
    179 /**
    180  * Get GMT string from date string.
    181  * Currently does nothing.
    182  * @param string $date_string The date string to convert.
    183  * @return string The converted date string in GMT.
    184  */
    185 function get_gmt_from_date($date_string) {
    186     return $date_string;
    187162}
    188163
Note: See TracChangeset for help on using the changeset viewer.