404 to 301 - Version 2.3.3

Version Description

(31/08/2016) = Bug Fixes

  • Using esc_url() for Ref and Url fields.
  • Fixed Cross Site Scripting vulnerability in "From" column - Thanks to Plugin Vulnerabilities.
Download this release

Release Info

Developer joelcj91
Plugin Icon 128x128 404 to 301
Version 2.3.3
Comparing to
See all releases

Code changes from version 2.3.1 to 2.3.3

Files changed (5) hide show
  1. 404-to-301.php +2 -2
  2. admin/class-404-to-301-logs.php +2 -2
  3. admin/images/gray-grad.png +0 -0
  4. public/class-404-to-301-public.php +9 -20
  5. readme.txt +11 -10
404-to-301.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: 404 to 301
4
  * Plugin URI: https://thefoxe.com/products/404-to-301/
5
  * Description: Automatically redirect all <strong>404 errors</strong> to any page using <strong>301 redirect for SEO</strong>. You can <strong>redirect and log</strong> every 404 errors. No more 404 errors in Webmaster tool.
6
- * Version: 2.3.1
7
  * Author: Joel James
8
  * Author URI: https://thefoxe.com/
9
  * Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XUVWY8HUBUXY4
@@ -49,7 +49,7 @@ if ( ! class_exists( '_404_To_301' ) ) {
49
  'I4T3_HELP_PAGE' => admin_url( 'admin.php?page=i4t3-settings&tab=credits' ),
50
  'I4T3_LOGS_PAGE' => admin_url( 'admin.php?page=i4t3-logs' ),
51
  'I4T3_DB_VERSION' => '8',
52
- 'I4T3_VERSION' => '2.3.1',
53
  'I4T3_TABLE' => $GLOBALS['wpdb']->prefix . '404_to_301',
54
  // Set who all can access 404 settings.
55
  // You can change this if you want to give others access.
3
  * Plugin Name: 404 to 301
4
  * Plugin URI: https://thefoxe.com/products/404-to-301/
5
  * Description: Automatically redirect all <strong>404 errors</strong> to any page using <strong>301 redirect for SEO</strong>. You can <strong>redirect and log</strong> every 404 errors. No more 404 errors in Webmaster tool.
6
+ * Version: 2.3.3
7
  * Author: Joel James
8
  * Author URI: https://thefoxe.com/
9
  * Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XUVWY8HUBUXY4
49
  'I4T3_HELP_PAGE' => admin_url( 'admin.php?page=i4t3-settings&tab=credits' ),
50
  'I4T3_LOGS_PAGE' => admin_url( 'admin.php?page=i4t3-logs' ),
51
  'I4T3_DB_VERSION' => '8',
52
+ 'I4T3_VERSION' => '2.3.3',
53
  'I4T3_TABLE' => $GLOBALS['wpdb']->prefix . '404_to_301',
54
  // Set who all can access 404 settings.
55
  // You can change this if you want to give others access.
admin/class-404-to-301-logs.php CHANGED
@@ -314,7 +314,7 @@ class _404_To_301_Logs extends WP_List_Table_404 {
314
  */
315
  public function column_url( $item ) {
316
 
317
- $url = sanitize_text_field( $item['url'] );
318
 
319
  // Apply filter - i4t3_log_list_url_column
320
  $url_data = apply_filters( 'i4t3_log_list_url_column', $this->get_empty_text('<p class="i4t3-url-p">' . $url . '</p>', $url));
@@ -337,7 +337,7 @@ class _404_To_301_Logs extends WP_List_Table_404 {
337
  */
338
  public function column_ref( $item ) {
339
 
340
- $ref = sanitize_text_field( $item['ref'] );
341
 
342
  // Apply filter - i4t3_log_list_ref_column
343
  $ref_data = apply_filters( 'i4t3_log_list_ref_column', $this->get_empty_text('<a href="' . $ref . '" target="_blank">' . $ref . '</a>', $ref ) );
314
  */
315
  public function column_url( $item ) {
316
 
317
+ $url = esc_url( $item['url'] );
318
 
319
  // Apply filter - i4t3_log_list_url_column
320
  $url_data = apply_filters( 'i4t3_log_list_url_column', $this->get_empty_text('<p class="i4t3-url-p">' . $url . '</p>', $url));
337
  */
338
  public function column_ref( $item ) {
339
 
340
+ $ref = ( $item['ref'] === 'N/A' ) ? 'N/A' : esc_url( $item['ref'] );
341
 
342
  // Apply filter - i4t3_log_list_ref_column
343
  $ref_data = apply_filters( 'i4t3_log_list_ref_column', $this->get_empty_text('<a href="' . $ref . '" target="_blank">' . $ref . '</a>', $ref ) );
admin/images/gray-grad.png DELETED
Binary file
public/class-404-to-301-public.php CHANGED
@@ -210,7 +210,7 @@ class _404_To_301_Public {
210
  return false;
211
  }
212
 
213
- $uri = $server['REQUEST_URI'];
214
 
215
  global $wpdb;
216
  // make sure that the errors are hidden
@@ -252,28 +252,17 @@ class _404_To_301_Public {
252
  * @return array $data
253
  */
254
  private function get_error_data() {
255
-
256
- $server = array(
257
- 'url' => 'REQUEST_URI',
258
- 'ref' => 'HTTP_REFERER',
259
- 'ua' => 'HTTP_USER_AGENT',
260
- );
261
 
262
  $data['date'] = current_time('mysql');
263
  $data['ip'] = $this->get_ip();
264
- foreach ( $server as $key => $value ) {
265
- if ( ! empty( $_SERVER[ $value ] ) ) {
266
- if ($key === 'url') {
267
- $string = trailingslashit( $_SERVER[ $value ] );
268
- } else {
269
- $string = $_SERVER[ $value ];
270
- }
271
- } else {
272
- $string = '';
273
- }
274
-
275
- $data[ $key ] = $this->get_clear_empty( $string );
276
- }
277
 
278
  return $data;
279
  }
210
  return false;
211
  }
212
 
213
+ $uri = trailingslashit( $server['REQUEST_URI'] );
214
 
215
  global $wpdb;
216
  // make sure that the errors are hidden
252
  * @return array $data
253
  */
254
  private function get_error_data() {
255
+
256
+ // Get request data.
257
+ $url = empty( $_SERVER['REQUEST_URI'] ) ? '' : trailingslashit( esc_url( $_SERVER['REQUEST_URI'] ) );
258
+ $ref = empty( $_SERVER['HTTP_REFERER'] ) ? '' : esc_url( $_SERVER['HTTP_REFERER'] );
259
+ $ua = empty( $_SERVER['HTTP_USER_AGENT'] ) ? '' : $_SERVER['HTTP_USER_AGENT'];
 
260
 
261
  $data['date'] = current_time('mysql');
262
  $data['ip'] = $this->get_ip();
263
+ $data['url'] = $this->get_clear_empty( $url );
264
+ $data['ref'] = $this->get_clear_empty( $ref );
265
+ $data['ua'] = $this->get_clear_empty( $ua );
 
 
 
 
 
 
 
 
 
 
266
 
267
  return $data;
268
  }
readme.txt CHANGED
@@ -3,8 +3,8 @@ Contributors: joelcj91,foxe
3
  Tags: 404, 301, 302, 307, not found, 404 redirect, 404 to 301, 301 redirect, seo redirect, error redirect, 404 seo, custom 404 page
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XUVWY8HUBUXY4
5
  Requires at least: 3.5
6
- Tested up to: 4.6
7
- Stable tag: 2.3.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -128,6 +128,12 @@ Bug reports for 404 to 301 are always welcome. [Report here](https://thefoxe.com
128
 
129
  == Changelog ==
130
 
 
 
 
 
 
 
131
  = 2.3.1 (27/08/2016) =
132
  **Bug Fixes**
133
 
@@ -352,13 +358,8 @@ Bug reports for 404 to 301 are always welcome. [Report here](https://thefoxe.com
352
 
353
  == Upgrade Notice ==
354
 
355
- = 2.3.1 (27/08/2016) =
356
  **Bug Fixes**
357
 
358
- - Fixed Cross Site Scripting vulnerability - Thanks to [Summer of Pwnage](https://www.sumofpwn.nl/) & Louis Dion-Marcil.
359
- - Fixed sorting issue in error log (Changed default order to Date Descending order).
360
- - Fixed issues when trailing slash found at the end of custom redirect.
361
-
362
- **Improvements**
363
-
364
- - Tested with WordPress 4.6.
3
  Tags: 404, 301, 302, 307, not found, 404 redirect, 404 to 301, 301 redirect, seo redirect, error redirect, 404 seo, custom 404 page
4
  Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=XUVWY8HUBUXY4
5
  Requires at least: 3.5
6
+ Tested up to: 4.9
7
+ Stable tag: 2.3.3
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
128
 
129
  == Changelog ==
130
 
131
+ = 2.3.3 (31/08/2016) =
132
+ **Bug Fixes**
133
+
134
+ - Using esc_url() for Ref and Url fields.
135
+ - Fixed Cross Site Scripting vulnerability in "From" column - Thanks to [Plugin Vulnerabilities](https://www.pluginvulnerabilities.com/).
136
+
137
  = 2.3.1 (27/08/2016) =
138
  **Bug Fixes**
139
 
358
 
359
  == Upgrade Notice ==
360
 
361
+ = 2.3.3 (31/08/2016) =
362
  **Bug Fixes**
363
 
364
+ - Using esc_url() for Ref and Url fields.
365
+ - Fixed Cross Site Scripting vulnerability in "From" column - Thanks to [Plugin Vulnerabilities](https://www.pluginvulnerabilities.com/).