Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3462046

Timestamp:

02/15/2026 08:48:30 PM (6 weeks ago)

Author:

visiblefirst

Message:

Release 3.2.60 - Security hardening and WordPress.org compliance fixes

Location:

visiblefirst

Files:

: 8 edited
: 1 copied

tags/3.2.60 (copied) (copied from visiblefirst/trunk)
tags/3.2.60/admin/views/metabox.php (modified) (1 diff)
tags/3.2.60/admin/views/settings.php (modified) (3 diffs)
tags/3.2.60/readme.txt (modified) (2 diffs)
tags/3.2.60/visiblefirst.php (modified) (4 diffs)
trunk/admin/views/metabox.php (modified) (1 diff)
trunk/admin/views/settings.php (modified) (3 diffs)
trunk/readme.txt (modified) (2 diffs)
trunk/visiblefirst.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

visiblefirst/tags/3.2.60/admin/views/metabox.php

-                      r3461929
+                      r3462046
             <div id="visibl-faq-pairs">
                 <?php if (!empty($visibl_faq_pairs)): ?>
                     <?php foreach ($visibl_faq_pairs as $index => $pair): ?>
                     <div class="visibl-faq-pair" data-index="<?php echo intval($index); ?>">
+                    <?php foreach ($visibl_faq_pairs as $visibl_index => $visibl_pair): ?>
+                    <div class="visibl-faq-pair" data-index="<?php echo intval($visibl_index); ?>">
                         <div class="visibl-faq-question">
                             <input type="text"
                                    name="_visibl_faq_pairs[<?php echo intval($index); ?>][question]"
                                    value="<?php echo esc_attr($pair['question'] ?? ''); ?>"
+                                   name="_visibl_faq_pairs[<?php echo intval($visibl_index); ?>][question]"
+                                   value="<?php echo esc_attr($visibl_pair['question'] ?? ''); ?>"
                                    placeholder="<?php esc_attr_e('Question', 'visiblefirst'); ?>">
                         </div>
                         <div class="visibl-faq-answer">
                             <textarea name="_visibl_faq_pairs[<?php echo intval($index); ?>][answer]"
+                            <textarea name="_visibl_faq_pairs[<?php echo intval($visibl_index); ?>][answer]"
                                       rows="2"
                                       placeholder="<?php esc_attr_e('Answer', 'visiblefirst'); ?>"><?php echo esc_textarea($pair['answer'] ?? ''); ?></textarea>
+                                      placeholder="<?php esc_attr_e('Answer', 'visiblefirst'); ?>"><?php echo esc_textarea($visibl_pair['answer'] ?? ''); ?></textarea>
                         </div>
                         <button type="button" class="visibl-faq-remove" title="<?php esc_attr_e('Remove', 'visiblefirst'); ?>">&times;</button>

visiblefirst/tags/3.2.60/admin/views/settings.php

-                      r3461929
+                      r3462046
 // Determine active tab - default to 'business' if not set or empty
 $visibl_active_tab = !empty($_GET['tab']) ? sanitize_text_field($_GET['tab']) : 'business';
+$visibl_active_tab = !empty($_GET['tab']) ? sanitize_text_field(wp_unslash($_GET['tab'])) : 'business';
 // Validate tab is one of the allowed values
 if (!in_array($visibl_active_tab, ['business', 'sitefiles', 'account'], true)) {
 …
+}
 // Also check for #business-info anchor
 if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], '#business-info') !== false) {
+if (isset($_SERVER['HTTP_REFERER']) && strpos(esc_url_raw(wp_unslash($_SERVER['HTTP_REFERER'])), '#business-info') !== false) {
     $visibl_active_tab = 'business';
+}
 …
                                    style="width: 80px;"
                                    value="<?php echo esc_attr($visibl_business_info['founding_year'] ?? ''); ?>"
                                    placeholder="<?php echo esc_attr(date('Y')); ?>"
+                                   placeholder="<?php echo esc_attr(gmdate('Y')); ?>"
                                    maxlength="4">
                             <p class="description"><?php esc_html_e('Year your business was founded. Used in llms.txt and schema.', 'visiblefirst'); ?></p>

visiblefirst/tags/3.2.60/readme.txt

-                      r3461985
+                      r3462046
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 3.2.59
+Stable tag: 3.2.60
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 3.2.60 =
+* FIX: Security hardening - proper escaping and sanitization for WordPress.org compliance
+* FIX: Use gmdate() instead of date() for timezone-safe operations
+* FIX: Properly prefix loop variables to avoid global namespace pollution
 = 3.2.59 =

visiblefirst/tags/3.2.60/visiblefirst.php

-                      r3461985
+                      r3462046
  * Plugin Name: VisibleFirst
  * Description: AI + SEO + Social visibility in one plugin. Complete visibility optimization for WordPress.
  * Version: 3.2.59
+ * Version: 3.2.60
  * Author: VisibleFirst
  * Author URI: https://visiblefirst.com
 …
 // Plugin constants
 define('VISIBL_VERSION', '3.2.59');
+define('VISIBL_VERSION', '3.2.60');
 define('VISIBL_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('VISIBL_PLUGIN_URL', plugin_dir_url(__FILE__));
 …
         // Save custom JSON-LD schema (textarea - use wp_kses_post for HTML/JSON safety)
         if (isset($_POST['_visibl_custom_schema'])) {
             $custom_schema = wp_unslash($_POST['_visibl_custom_schema']);
+            $custom_schema = sanitize_textarea_field(wp_unslash($_POST['_visibl_custom_schema']));
             // Validate it's valid JSON if not empty
             if (!empty(trim($custom_schema))) {
 …
         update_option('visibl_version', VISIBL_VERSION);
         echo '<div class="notice notice-info is-dismissible visibl-api-notice">';
         echo '<p><strong>' . esc_html__('VisibleFirst updated to', 'visiblefirst') . ' v' . VISIBL_VERSION . '!</strong></p>';
+        echo '<p><strong>' . esc_html__('VisibleFirst updated to', 'visiblefirst') . ' v' . esc_html(VISIBL_VERSION) . '!</strong></p>';
         echo '</div>';
+    }

visiblefirst/trunk/admin/views/metabox.php

-                      r3461929
+                      r3462046
             <div id="visibl-faq-pairs">
                 <?php if (!empty($visibl_faq_pairs)): ?>
                     <?php foreach ($visibl_faq_pairs as $index => $pair): ?>
                     <div class="visibl-faq-pair" data-index="<?php echo intval($index); ?>">
+                    <?php foreach ($visibl_faq_pairs as $visibl_index => $visibl_pair): ?>
+                    <div class="visibl-faq-pair" data-index="<?php echo intval($visibl_index); ?>">
                         <div class="visibl-faq-question">
                             <input type="text"
                                    name="_visibl_faq_pairs[<?php echo intval($index); ?>][question]"
                                    value="<?php echo esc_attr($pair['question'] ?? ''); ?>"
+                                   name="_visibl_faq_pairs[<?php echo intval($visibl_index); ?>][question]"
+                                   value="<?php echo esc_attr($visibl_pair['question'] ?? ''); ?>"
                                    placeholder="<?php esc_attr_e('Question', 'visiblefirst'); ?>">
                         </div>
                         <div class="visibl-faq-answer">
                             <textarea name="_visibl_faq_pairs[<?php echo intval($index); ?>][answer]"
+                            <textarea name="_visibl_faq_pairs[<?php echo intval($visibl_index); ?>][answer]"
                                       rows="2"
                                       placeholder="<?php esc_attr_e('Answer', 'visiblefirst'); ?>"><?php echo esc_textarea($pair['answer'] ?? ''); ?></textarea>
+                                      placeholder="<?php esc_attr_e('Answer', 'visiblefirst'); ?>"><?php echo esc_textarea($visibl_pair['answer'] ?? ''); ?></textarea>
                         </div>
                         <button type="button" class="visibl-faq-remove" title="<?php esc_attr_e('Remove', 'visiblefirst'); ?>">&times;</button>

visiblefirst/trunk/admin/views/settings.php

-                      r3461929
+                      r3462046
 // Determine active tab - default to 'business' if not set or empty
 $visibl_active_tab = !empty($_GET['tab']) ? sanitize_text_field($_GET['tab']) : 'business';
+$visibl_active_tab = !empty($_GET['tab']) ? sanitize_text_field(wp_unslash($_GET['tab'])) : 'business';
 // Validate tab is one of the allowed values
 if (!in_array($visibl_active_tab, ['business', 'sitefiles', 'account'], true)) {
 …
+}
 // Also check for #business-info anchor
 if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], '#business-info') !== false) {
+if (isset($_SERVER['HTTP_REFERER']) && strpos(esc_url_raw(wp_unslash($_SERVER['HTTP_REFERER'])), '#business-info') !== false) {
     $visibl_active_tab = 'business';
+}
 …
                                    style="width: 80px;"
                                    value="<?php echo esc_attr($visibl_business_info['founding_year'] ?? ''); ?>"
                                    placeholder="<?php echo esc_attr(date('Y')); ?>"
+                                   placeholder="<?php echo esc_attr(gmdate('Y')); ?>"
                                    maxlength="4">
                             <p class="description"><?php esc_html_e('Year your business was founded. Used in llms.txt and schema.', 'visiblefirst'); ?></p>

visiblefirst/trunk/readme.txt

-                      r3461985
+                      r3462046
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 3.2.59
+Stable tag: 3.2.60
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 3.2.60 =
+* FIX: Security hardening - proper escaping and sanitization for WordPress.org compliance
+* FIX: Use gmdate() instead of date() for timezone-safe operations
+* FIX: Properly prefix loop variables to avoid global namespace pollution
 = 3.2.59 =

visiblefirst/trunk/visiblefirst.php

-                      r3461985
+                      r3462046
  * Plugin Name: VisibleFirst
  * Description: AI + SEO + Social visibility in one plugin. Complete visibility optimization for WordPress.
  * Version: 3.2.59
+ * Version: 3.2.60
  * Author: VisibleFirst
  * Author URI: https://visiblefirst.com
 …
 // Plugin constants
 define('VISIBL_VERSION', '3.2.59');
+define('VISIBL_VERSION', '3.2.60');
 define('VISIBL_PLUGIN_DIR', plugin_dir_path(__FILE__));
 define('VISIBL_PLUGIN_URL', plugin_dir_url(__FILE__));
 …
         // Save custom JSON-LD schema (textarea - use wp_kses_post for HTML/JSON safety)
         if (isset($_POST['_visibl_custom_schema'])) {
             $custom_schema = wp_unslash($_POST['_visibl_custom_schema']);
+            $custom_schema = sanitize_textarea_field(wp_unslash($_POST['_visibl_custom_schema']));
             // Validate it's valid JSON if not empty
             if (!empty(trim($custom_schema))) {
 …
         update_option('visibl_version', VISIBL_VERSION);
         echo '<div class="notice notice-info is-dismissible visibl-api-notice">';
         echo '<p><strong>' . esc_html__('VisibleFirst updated to', 'visiblefirst') . ' v' . VISIBL_VERSION . '!</strong></p>';
+        echo '<p><strong>' . esc_html__('VisibleFirst updated to', 'visiblefirst') . ' v' . esc_html(VISIBL_VERSION) . '!</strong></p>';
         echo '</div>';
+    }

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory