Social Icons WordPress Plugin – AccessPress Social Icons - Version 1.5.6

Version Description

  • Checked and fixed some XSS vulnerabilities in plugin backend settings
Download this release

Release Info

Developer Access Keys
Plugin Icon 128x128 Social Icons WordPress Plugin – AccessPress Social Icons
Version 1.5.6
Comparing to
See all releases

Code changes from version 1.5.5 to 1.5.6

Files changed (6) hide show
  1. accesspress-social-icons.php +3 -3
  2. inc/backend/copy-icon-set.php +1 -1
  3. inc/backend/delete-icon-set.php +1 -1
  4. inc/backend/edit-icon-set.php +1 -1
  5. inc/backend/save-set.php +1 -1
  6. readme.txt +4 -1
accesspress-social-icons.php CHANGED
@@ -4,7 +4,7 @@ defined('ABSPATH') or die("No script kiddies please!");
4
  * Plugin Name:AccessPress Social Icons
5
  * Plugin URI: https://accesspressthemes.com/wordpress-plugins/accesspress-social-icons/
6
  * Description: A plugin to add social icons in your site wherever you want dynamically with handful of configurable settings.
7
- * Version:1.5.5
8
  * Author:AccessPress Themes
9
  * Author URI:http://accesspressthemes.com/
10
  * Text Domain: accesspress-social-icons
@@ -281,8 +281,8 @@ if (!class_exists('APS_Class')) {
281
 
282
  if (wp_verify_nonce($_POST['_wpnonce'], 'aps-ajax-nonce')) {
283
  $plugin_path = plugin_dir_path(__FILE__);
284
- $sub_folder = $_POST['sub_folder'];
285
- $folder = $_POST['folder'];
286
  $handle = opendir(dirname(realpath(__FILE__)) . '/icon-sets/' . $sub_folder . '/' . $folder);
287
  $icon_counter = 0;
288
  $set_image_array = array();
4
  * Plugin Name:AccessPress Social Icons
5
  * Plugin URI: https://accesspressthemes.com/wordpress-plugins/accesspress-social-icons/
6
  * Description: A plugin to add social icons in your site wherever you want dynamically with handful of configurable settings.
7
+ * Version:1.5.6
8
  * Author:AccessPress Themes
9
  * Author URI:http://accesspressthemes.com/
10
  * Text Domain: accesspress-social-icons
281
 
282
  if (wp_verify_nonce($_POST['_wpnonce'], 'aps-ajax-nonce')) {
283
  $plugin_path = plugin_dir_path(__FILE__);
284
+ $sub_folder = sanitize_text_field($_POST['sub_folder']);
285
+ $folder = sanitize_text_field($_POST['folder']);
286
  $handle = opendir(dirname(realpath(__FILE__)) . '/icon-sets/' . $sub_folder . '/' . $folder);
287
  $icon_counter = 0;
288
  $set_image_array = array();
inc/backend/copy-icon-set.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  defined('ABSPATH') or die("No script kiddies please!");
3
  global $wpdb;
4
- $si_id = $_GET['si_id'];
5
  $table_name = $table_name = $wpdb->prefix . "aps_social_icons";
6
  $icon_sets = $wpdb->get_results("SELECT * FROM $table_name where si_id = $si_id");
7
  $icon_set = $icon_sets[0];
1
  <?php
2
  defined('ABSPATH') or die("No script kiddies please!");
3
  global $wpdb;
4
+ $si_id = sanitize_text_field($_GET['si_id']);
5
  $table_name = $table_name = $wpdb->prefix . "aps_social_icons";
6
  $icon_sets = $wpdb->get_results("SELECT * FROM $table_name where si_id = $si_id");
7
  $icon_set = $icon_sets[0];
inc/backend/delete-icon-set.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  defined('ABSPATH') or die("No script kiddies please!");
3
  global $wpdb;
4
- $si_id = $_GET['si_id'];
5
  $table_name = $table_name = $wpdb->prefix . "aps_social_icons";
6
  $wpdb->delete( $table_name, array( 'si_id' => $si_id ), array( '%d' ) );
7
  $_SESSION['aps_message'] = __('Icon set deleted successfully.','accesspress-social-icons');
1
  <?php
2
  defined('ABSPATH') or die("No script kiddies please!");
3
  global $wpdb;
4
+ $si_id = sanitize_text_field($_GET['si_id']);
5
  $table_name = $table_name = $wpdb->prefix . "aps_social_icons";
6
  $wpdb->delete( $table_name, array( 'si_id' => $si_id ), array( '%d' ) );
7
  $_SESSION['aps_message'] = __('Icon set deleted successfully.','accesspress-social-icons');
inc/backend/edit-icon-set.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  defined('ABSPATH') or die("No script kiddies please!");
3
  global $wpdb;
4
- $si_id = $_GET['si_id'];
5
  $table_name = $table_name = $wpdb->prefix . "aps_social_icons";
6
  $icon_sets = $wpdb->get_results("SELECT * FROM $table_name where si_id = $si_id");
7
  $icon_set = $icon_sets[0];
1
  <?php
2
  defined('ABSPATH') or die("No script kiddies please!");
3
  global $wpdb;
4
+ $si_id = sanitize_text_field($_GET['si_id']);
5
  $table_name = $table_name = $wpdb->prefix . "aps_social_icons";
6
  $icon_sets = $wpdb->get_results("SELECT * FROM $table_name where si_id = $si_id");
7
  $icon_set = $icon_sets[0];
inc/backend/save-set.php CHANGED
@@ -201,7 +201,7 @@ $_SESSION['aps_message'] = __('Icon Set Saved Successfully','accesspress-social-
201
  }
202
  if(isset($_POST['current_page']))
203
  {
204
- wp_redirect($_POST['current_page']);
205
  }
206
  else
207
  {
201
  }
202
  if(isset($_POST['current_page']))
203
  {
204
+ wp_redirect(sanitize_text_field($_POST['current_page']));
205
  }
206
  else
207
  {
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: social icon, social icons, social media, social icon widget, social icons
4
  Donate link: http://accesspressthemes.com/donation/
5
  Requires at least: 3.8
6
  Tested up to: 4.5
7
- Stable tag: 1.5.5
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -129,6 +129,9 @@ Once you install the plugin , you can check some general documentation about how
129
  4. Backend Lcon Sets Listing
130
 
131
  == Changelog ==
 
 
 
132
  = 1.5.5 =
133
  * Changed input type to number for number of rows and columns field
134
 
4
  Donate link: http://accesspressthemes.com/donation/
5
  Requires at least: 3.8
6
  Tested up to: 4.5
7
+ Stable tag: 1.5.6
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
129
  4. Backend Lcon Sets Listing
130
 
131
  == Changelog ==
132
+ = 1.5.6 =
133
+ * Checked and fixed some XSS vulnerabilities in plugin backend settings
134
+
135
  = 1.5.5 =
136
  * Changed input type to number for number of rows and columns field
137