WordPress.org
Get WordPress

Plugin Directory

Changeset 647532


Ignore:
Timestamp:
01/03/2013 05:35:22 PM (13 years ago)
Author:
bitinn
Message:

fixing xss

Location:
faster-image-insert
Files:
4 edited
1 copied

Legend:

Unmodified
Added
Removed

  • faster-image-insert/tags/2.4.1/faster-image-insert.php

    r637727 r647532  
    55Plugin URI: http://bitinn.net/2765/
    66Description: Fully integrates media manager into editing interface, avoid having to reload it separately in thickbox pop-up; comes with enhanced features, suitable for precise image control.
    7 Version: trunk
     7Version: 2.4.1
    88Author: David Frank
    99Author URI: http://bitinn.net/
     
    254254    //load settings
    255255    $customstring = 'faster_insert_plugin_custom';
    256     $cstring = get_option( $customstring );
     256    $cstring = wp_kses_post(get_option( $customstring ));
    257257   
    258258    $line_number = 'faster_insert_line_number';
     
    262262    $oneline = get_option( $image_line );
    263263   
    264     if(!is_numeric($number)) $number = 4;
     264    if(!is_numeric($number)) $number = 1;
    265265
    266266    //modify the insertion string
     
    403403    $number = get_option( $line_number );
    404404    $caption = get_option( $no_caption );
    405     $cstring = get_option( $customstring );
    406     $ptype = get_option( $customtype );
     405    $cstring = esc_attr( get_option( $customstring ) );
     406    $ptype = esc_attr( get_option( $customtype ) );
    407407
    408408    echo '<div class="wrap">'."\n".

  • faster-image-insert/tags/2.4.1/readme.txt

    r637736 r647532  
    55Requires at least: 2.6
    66Tested up to: 3.5
    7 Stable tag: 2.4.0
     7Stable tag: 2.4.1
    88License: MIT
    99
     
    7575
    7676* [unstable release](http://downloads.wordpress.org/plugin/faster-image-insert.zip)
     77
     78= 2.4.1 =
     79
     80* Fixed a potential XSS issue
    7781
    7882= 2.4.0 =

  • faster-image-insert/trunk/faster-image-insert.php

    r637727 r647532  
    254254    //load settings
    255255    $customstring = 'faster_insert_plugin_custom';
    256     $cstring = get_option( $customstring );
     256    $cstring = wp_kses_post(get_option( $customstring ));
    257257   
    258258    $line_number = 'faster_insert_line_number';
     
    262262    $oneline = get_option( $image_line );
    263263   
    264     if(!is_numeric($number)) $number = 4;
     264    if(!is_numeric($number)) $number = 1;
    265265
    266266    //modify the insertion string
     
    403403    $number = get_option( $line_number );
    404404    $caption = get_option( $no_caption );
    405     $cstring = get_option( $customstring );
    406     $ptype = get_option( $customtype );
     405    $cstring = esc_attr( get_option( $customstring ) );
     406    $ptype = esc_attr( get_option( $customtype ) );
    407407
    408408    echo '<div class="wrap">'."\n".

  • faster-image-insert/trunk/readme.txt

    r637736 r647532  
    55Requires at least: 2.6
    66Tested up to: 3.5
    7 Stable tag: 2.4.0
     7Stable tag: 2.4.1
    88License: MIT
    99
     
    7575
    7676* [unstable release](http://downloads.wordpress.org/plugin/faster-image-insert.zip)
     77
     78= 2.4.1 =
     79
     80* Fixed a potential XSS issue
    7781
    7882= 2.4.0 =
Note: See TracChangeset for help on using the changeset viewer.