Better Click To Tweet - Version 5.3.1

Version Description

  • Security Fix potential XSS vulnerability on settings page. (mild security risk only affecting logged-in administrator accounts previously compromised). Thanks Robbie at DXW @robbiepaul on Github for the responsible disclosure.
  • If the last point didn't make any sense, please translate it to "UPDATE NOW. Previous versions of the plugin are mildly vulnerable to enterprising attackers."
Download this release

Release Info

Developer ben.meredith@gmail.com
Plugin Icon 128x128 Better Click To Tweet
Version 5.3.1
Comparing to
See all releases

Code changes from version 5.3 to 5.3.1

Files changed (3) hide show
  1. bctt_options.php +2 -2
  2. better-click-to-tweet.php +3 -3
  3. readme.txt +5 -1
bctt_options.php CHANGED
@@ -38,7 +38,7 @@ function bctt_register_settings() {
38
}
39
40
function bctt_validate_settings( $input ) {
41
- return str_replace( '@', '', strip_tags( stripslashes( $input ) ) );
42
}
43
44
function bctt_validate_checkbox( $input ) {
@@ -123,7 +123,7 @@ function bctt_settings_page() {
123
<label><?php _ex( 'Your Twitter Handle', 'label for text input on settings screen', 'better-click-to-tweet' ); ?></label>
124
</th>
125
<td><input type="text" name="bctt-twitter-handle"
126
- value="<?php echo get_option( 'bctt-twitter-handle' ); ?>"/>
127
</td>
128
<tr valign="top">
129
<th style="width: 200px;">
38
}
39
40
function bctt_validate_settings( $input ) {
41
+ return preg_replace('/[^0-9a-zA-Z_]/', '', $input);
42
}
43
44
function bctt_validate_checkbox( $input ) {
123
<label><?php _ex( 'Your Twitter Handle', 'label for text input on settings screen', 'better-click-to-tweet' ); ?></label>
124
</th>
125
<td><input type="text" name="bctt-twitter-handle"
126
+ value="<?php echo esc_attr( get_option( 'bctt-twitter-handle' ) ); ?>"/>
127
</td>
128
<tr valign="top">
129
<th style="width: 200px;">
better-click-to-tweet.php CHANGED
@@ -2,7 +2,7 @@
2
/*
3
Plugin Name: Better Click To Tweet
4
Description: Add Click to Tweet boxes simply and elegantly to your posts or pages. All the features of a premium plugin, for FREE!
5
- Version: 5.3
6
Author: Ben Meredith
7
Author URI: https://www.wpsteward.com
8
Plugin URI: https://wordpress.org/plugins/better-click-to-tweet/
@@ -156,11 +156,11 @@ function bctt_shortcode( $atts ) {
156
157
if ( $atts['url'] != 'no' ) {
158
159
- $short = bctt_shorten( $text, ( 117 - ( $handle_length ) ) );
160
161
} else {
162
163
- $short = bctt_shorten( $text, ( 140 - ( $handle_length ) ) );
164
165
}
166
2
/*
3
Plugin Name: Better Click To Tweet
4
Description: Add Click to Tweet boxes simply and elegantly to your posts or pages. All the features of a premium plugin, for FREE!
5
+ Version: 5.3.1
6
Author: Ben Meredith
7
Author URI: https://www.wpsteward.com
8
Plugin URI: https://wordpress.org/plugins/better-click-to-tweet/
156
157
if ( $atts['url'] != 'no' ) {
158
159
+ $short = bctt_shorten( $text, ( 253 - ( $handle_length ) ) );
160
161
} else {
162
163
+ $short = bctt_shorten( $text, ( 280 - ( $handle_length ) ) );
164
165
}
166
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.wpsteward.com/donations/plugin-support/
4
Tags: click to tweet, twitter, tweet,
5
Requires at least: 3.8
6
Tested up to: 4.8
7
- Stable tag: 5.3
8
License: GPLv2 or later
9
License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
@@ -101,6 +101,10 @@ Donations: http://benlikes.us/donate
101
102
== Changelog ==
103
104
= 5.3 =
105
* enhancement — cleaned up the various options checks that were happening on the front end (thanks @igmoweb on GitHub!)
106
* Readme changes. I also celebrated a milestone of 20K active installs, which was cause for great celebration, and at least one undocumented happy dance.
4
Tags: click to tweet, twitter, tweet,
5
Requires at least: 3.8
6
Tested up to: 4.8
7
+ Stable tag: 5.3.1
8
License: GPLv2 or later
9
License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
101
102
== Changelog ==
103
104
+ = 5.3.1 =
105
+ * Security Fix — potential XSS vulnerability on settings page. (mild security risk only affecting logged-in administrator accounts previously compromised). Thanks Robbie at DXW @robbiepaul on Github for the responsible disclosure.
106
+ * If the last point didn't make any sense, please translate it to "UPDATE NOW. Previous versions of the plugin are mildly vulnerable to enterprising attackers."
107
+
108
= 5.3 =
109
* enhancement — cleaned up the various options checks that were happening on the front end (thanks @igmoweb on GitHub!)
110
* Readme changes. I also celebrated a milestone of 20K active installs, which was cause for great celebration, and at least one undocumented happy dance.