WordPress.org
Get WordPress

Plugin Directory

Changeset 3418449


Ignore:
Timestamp:
12/12/2025 05:28:45 PM (3 months ago)
Author:
bompus
Message:

3.7.7

Location:
wp-customer-reviews
Files:
39 added
3 edited

Legend:

Unmodified
Added
Removed

  • wp-customer-reviews/trunk/changelog.txt

    r3417782 r3418449  
     1= 3.7.7 =
     2* 12/12/2025
     3* [Update] Security / hardening updates
     4
    15= 3.7.6 =
    26* 12/11/2025

  • wp-customer-reviews/trunk/readme.txt

    r3417782 r3418449  
    55Requires at least: 3.0.0
    66Tested up to: 6.9
    7 Stable tag: 3.7.6
     7Stable tag: 3.7.7
    88License: MIT
    99License URI: http://opensource.org/licenses/MIT
     
    6363== Changelog ==
    6464
     65= 3.7.7 =
     66* 12/12/2025
     67* [Update] Security / hardening updates
     68
    6569= 3.7.6 =
    6670* 12/11/2025
    67 * [Update] Bug fix with hardening updates
     71* [Update] Bug fix for hardening updates
    6872
    6973= 3.7.5 =

  • wp-customer-reviews/trunk/wp-customer-reviews-3.php

    r3417782 r3418449  
    44 * Plugin URI: https://wordpress.org/plugins/wp-customer-reviews/
    55 * Description: Allows your visitors to leave business / product reviews. Testimonials are in Microdata / Microformat and may display star ratings in search results.
    6  * Version: 3.7.6
     6 * Version: 3.7.7
    77 * Author: Aaron Queen
    88 * Author URI: https://wordpress.org/plugins/wp-customer-reviews/
     
    207207                }
    208208
    209                 if ($this->isXssAttempt($v)) {
    210                     $valArr[$k] = '';
    211                 }
     209                $valArr[$k] = trim(stripslashes($v));
    212210            }
    213211
     
    222220                }
    223221
    224                 if ($this->isXssAttempt($val)) {
    225                     $this->p->$c = '';
    226                 }
     222                // this is escaped on output by wp_kses() using allowedContentTags or allowedFieldTags, depending on the context
     223                $this->p->$c = trim(stripslashes($val));
    227224            }
    228225        }
     
    231228            $this->p = new stdClass();
    232229
    233             foreach ($_GET as $c => $val) {
    234                 if (is_array($val)) {
     230            if (is_admin()) {
     231                // $_GET is used mainly by filters for admin pages, but no intended use case for this in frontend
     232                foreach ($_GET as $c => $val) {
    235233                    $this->p->$c = $val;
    236                 } else {
    237                     $this->p->$c = trim(stripslashes($val));
    238234                }
    239235            }
    240236
    241237            foreach ($_POST as $c => $val) {
    242                 if (is_array($val)) {
    243                     $this->p->$c = $val;
    244                 } else {
    245                     $this->p->$c = trim(stripslashes($val));
    246                 }
     238                $this->p->$c = $val;
    247239            }
    248240
     
    859851
    860852        $data = array(
    861             'name' => $this->prefix.'_'.$name, 
     853            'name' => $this->prefix.'_'.$name,
    862854            'label' => wp_kses($fieldArr['label'], $this->allowedFieldTags),
    863855            'required' => $required ? '*' : '',
    864856            'class' => $required ? $this->prefix.'_required' : '',
    865             'value' => $this->p->$posted_name
     857            'value' => wp_kses($this->p->$posted_name, $this->allowedFieldTags)
    866858        );
    867         $field = wpcr_Goatee::fill($this->options['templates']['frontend_review_form_text_field'], $data);     
     859        $field = wpcr_Goatee::fill($this->options['templates']['frontend_review_form_text_field'], $data);
    868860        return $field;
    869861    }
     
    884876       
    885877        $data = array(
    886             'value' => $this->p->$posted_name
     878            'value' => wp_kses($this->p->$posted_name, $this->allowedContentTags)
    887879        );
    888         $field = wpcr_Goatee::fill($this->options['templates']['frontend_review_form_review_field'], $data);       
     880        $field = wpcr_Goatee::fill($this->options['templates']['frontend_review_form_review_field'], $data);
    889881        return $field;
    890882    }
Note: See TracChangeset for help on using the changeset viewer.