Version Description
- Fix XSS vulnerability
Download this release
Release Info
| Developer | panoslyrakis |
| Plugin |  Broken Link Checker |
| Version | 1.11.20 |
| Comparing to | |
| See all releases | |
Code changes from version 1.11.19 to 1.11.20
- broken-link-checker.php +1 -1
- core/core.php +3 -3
- includes/config-manager.php +58 -1
- readme.txt +4 -1
broken-link-checker.php
CHANGED
|
@@ -10,7 +10,7 @@
|
|
| 10 |
* Plugin Name: Broken Link Checker
|
| 11 |
* Plugin URI: https://wordpress.org/plugins/broken-link-checker/
|
| 12 |
* Description: Checks your blog for broken links and missing images and notifies you on the dashboard if any are found.
|
| 13 |
-
* Version: 1.11.
|
| 14 |
* Author: WPMU DEV
|
| 15 |
* Author URI: https://wpmudev.com/
|
| 16 |
* Text Domain: broken-link-checker
|
| 10 |
* Plugin Name: Broken Link Checker
|
| 11 |
* Plugin URI: https://wordpress.org/plugins/broken-link-checker/
|
| 12 |
* Description: Checks your blog for broken links and missing images and notifies you on the dashboard if any are found.
|
| 13 |
+
* Version: 1.11.20
|
| 14 |
* Author: WPMU DEV
|
| 15 |
* Author URI: https://wpmudev.com/
|
| 16 |
* Text Domain: broken-link-checker
|
core/core.php
CHANGED
|
@@ -156,7 +156,7 @@ if ( ! class_exists( 'wsBrokenLinkChecker' ) ) {
|
|
| 156 |
public function admin_footer() {
|
| 157 |
$fix = filter_input( INPUT_GET, 'fix-install-button', FILTER_VALIDATE_BOOLEAN );
|
| 158 |
$tab = ! empty( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : '';
|
| 159 |
-
|
| 160 |
if ( true === $fix && 'plugin-information' === $tab ) {
|
| 161 |
echo '<script>';
|
| 162 |
echo "jQuery('#plugin_install_from_iframe').on('click', function() { window.location.href = jQuery(this).attr('href'); return false;});";
|
|
@@ -876,7 +876,7 @@ if ( ! class_exists( 'wsBrokenLinkChecker' ) ) {
|
|
| 876 |
__( 'Every %s hours', 'broken-link-checker' ),
|
| 877 |
sprintf(
|
| 878 |
'<input type="text" name="check_threshold" id="check_threshold" value="%d" size="5" maxlength="5" />',
|
| 879 |
-
$this->conf->options['check_threshold']
|
| 880 |
)
|
| 881 |
);
|
| 882 |
?>
|
|
@@ -1112,7 +1112,7 @@ if ( ! class_exists( 'wsBrokenLinkChecker' ) ) {
|
|
| 1112 |
type="text"
|
| 1113 |
name="youtube_api_key"
|
| 1114 |
id="youtube_api_key"
|
| 1115 |
-
value="<?php echo $this->conf->options['youtube_api_key']; ?>"
|
| 1116 |
class="regular-text ltr">
|
| 1117 |
</label><br>
|
| 1118 |
<span class="description">
|
| 156 |
public function admin_footer() {
|
| 157 |
$fix = filter_input( INPUT_GET, 'fix-install-button', FILTER_VALIDATE_BOOLEAN );
|
| 158 |
$tab = ! empty( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : '';
|
| 159 |
+
|
| 160 |
if ( true === $fix && 'plugin-information' === $tab ) {
|
| 161 |
echo '<script>';
|
| 162 |
echo "jQuery('#plugin_install_from_iframe').on('click', function() { window.location.href = jQuery(this).attr('href'); return false;});";
|
| 876 |
__( 'Every %s hours', 'broken-link-checker' ),
|
| 877 |
sprintf(
|
| 878 |
'<input type="text" name="check_threshold" id="check_threshold" value="%d" size="5" maxlength="5" />',
|
| 879 |
+
esc_attr( $this->conf->options['check_threshold'] )
|
| 880 |
)
|
| 881 |
);
|
| 882 |
?>
|
| 1112 |
type="text"
|
| 1113 |
name="youtube_api_key"
|
| 1114 |
id="youtube_api_key"
|
| 1115 |
+
value="<?php echo esc_attr( $this->conf->options['youtube_api_key'] ); ?>"
|
| 1116 |
class="regular-text ltr">
|
| 1117 |
</label><br>
|
| 1118 |
<span class="description">
|
includes/config-manager.php
CHANGED
|
@@ -98,7 +98,64 @@ if ( ! class_exists( 'blcConfigurationManager' ) ) {
|
|
| 98 |
return false;
|
| 99 |
}
|
| 100 |
|
| 101 |
-
return update_option( $this->option_name, json_encode( $this->options ) );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 102 |
}
|
| 103 |
|
| 104 |
/**
|
| 98 |
return false;
|
| 99 |
}
|
| 100 |
|
| 101 |
+
return update_option( $this->option_name, json_encode( $this->sanitize_array( $this->options ) ) );
|
| 102 |
+
}
|
| 103 |
+
|
| 104 |
+
/**
|
| 105 |
+
* Sanitize an array.
|
| 106 |
+
*
|
| 107 |
+
* @param array $options The options to sanitize.
|
| 108 |
+
*
|
| 109 |
+
* @return array Returns the sanitized array.
|
| 110 |
+
* @since 1.11.20
|
| 111 |
+
*/
|
| 112 |
+
protected function sanitize_array( array $options = array() ) {
|
| 113 |
+
if ( ! is_array( $options ) ) {
|
| 114 |
+
return $this->sanitize_single( $options );
|
| 115 |
+
}
|
| 116 |
+
|
| 117 |
+
$sanitized_options = array();
|
| 118 |
+
|
| 119 |
+
foreach ( $options as $key => $value ) {
|
| 120 |
+
$sanitized_options[ $key ] = is_array( $value ) ? $this->sanitize_array( $value ) : $this->sanitize_single( $value );
|
| 121 |
+
}
|
| 122 |
+
|
| 123 |
+
return $sanitized_options;
|
| 124 |
+
}
|
| 125 |
+
|
| 126 |
+
/**
|
| 127 |
+
* Sanitize an array.
|
| 128 |
+
*
|
| 129 |
+
* @param string|int|bool|float $input The option to sanitize.
|
| 130 |
+
*
|
| 131 |
+
* @return string|int|bool|float Returns the sanitized value.
|
| 132 |
+
* @since 1.11.20
|
| 133 |
+
*/
|
| 134 |
+
protected function sanitize_single( $input = '' ) {
|
| 135 |
+
if ( ! \is_null( $input ) && ! \is_array( $input ) && ! \is_object( $input ) ) {
|
| 136 |
+
if ( $this->has_email_format( $input ) ) {
|
| 137 |
+
$input = filter_var( $input, FILTER_SANITIZE_EMAIL );
|
| 138 |
+
} elseif ( preg_match( '/\R/', $input ) ) {
|
| 139 |
+
$input = sanitize_textarea_field( $input );
|
| 140 |
+
} elseif ( wp_strip_all_tags( $input ) !== $input ) {
|
| 141 |
+
$input = wp_kses_post( $input );
|
| 142 |
+
} elseif ( ! is_numeric( $input ) && ! is_bool( $input ) ) {
|
| 143 |
+
$input = sanitize_text_field( $input );
|
| 144 |
+
}
|
| 145 |
+
}
|
| 146 |
+
|
| 147 |
+
return $input;
|
| 148 |
+
}
|
| 149 |
+
|
| 150 |
+
/**
|
| 151 |
+
* Checks the format of input if it looks like an email. It doesn't validate against forbidden characters.
|
| 152 |
+
*
|
| 153 |
+
* @param string $input The email address.
|
| 154 |
+
*
|
| 155 |
+
* @return bool
|
| 156 |
+
*/
|
| 157 |
+
protected function has_email_format( $input ) {
|
| 158 |
+
return ( preg_match( '/(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)/', $input ) || ! preg_match( '/^.+\@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$/', $input ) ) ? false : true;
|
| 159 |
}
|
| 160 |
|
| 161 |
/**
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: managewp, wpmudev
|
|
| 3 |
Tags: links, broken links, internal link, external link, broken images, seo, test links, check links, bad links
|
| 4 |
Requires at least: 5.2
|
| 5 |
Tested up to: 6.1
|
| 6 |
-
Stable tag: 1.11.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -67,6 +67,9 @@ To upgrade your installation
|
|
| 67 |
|
| 68 |
== Changelog ==
|
| 69 |
|
|
|
|
|
|
|
|
|
|
| 70 |
= 1.11.19 =
|
| 71 |
* Enhance compatibility with WordPress 6.1
|
| 72 |
* Fix deprecated sanitization filter FILTER_SANITIZE_STRING
|
| 3 |
Tags: links, broken links, internal link, external link, broken images, seo, test links, check links, bad links
|
| 4 |
Requires at least: 5.2
|
| 5 |
Tested up to: 6.1
|
| 6 |
+
Stable tag: 1.11.20
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 67 |
|
| 68 |
== Changelog ==
|
| 69 |
|
| 70 |
+
= 1.11.20 =
|
| 71 |
+
* Fix XSS vulnerability
|
| 72 |
+
|
| 73 |
= 1.11.19 =
|
| 74 |
* Enhance compatibility with WordPress 6.1
|
| 75 |
* Fix deprecated sanitization filter FILTER_SANITIZE_STRING
|
