Spam protection, AntiSpam, FireWall by CleanTalk

Version Description

April 8 2020 = * Security: Possible XSS vulnerability.

Developer	Safronik
Plugin	Spam protection, AntiSpam, FireWall by CleanTalk
Version	5.136.4
Comparing to
See all releases

Files changed (3) hide show

cleantalk.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Anti-Spam by CleanTalk
4	Plugin URI: https://cleantalk.org
5	Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6	- Version: 5.136.3
7	Author: СleanTalk <welcome@cleantalk.org>
8	Author URI: https://cleantalk.org
9	Text Domain: cleantalk


3	Plugin Name: Anti-Spam by CleanTalk
4	Plugin URI: https://cleantalk.org
5	Description: Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
6	+ Version: 5.136.4
7	Author: СleanTalk <welcome@cleantalk.org>
8	Author URI: https://cleantalk.org
9	Text Domain: cleantalk

inc/cleantalk-settings.php CHANGED Viewed

	@@ -1256,6 +1256,11 @@ function apbct_settings__validate($settings) {
1256	$settings['apikey'] = is_main_site() \|\| !$settings['white_label'] ? $settings['apikey'] : $apbct->settings['apikey'];
1257	$settings['apikey'] = strpos($settings['apikey'], '*') === false ? $settings['apikey'] : $apbct->settings['apikey'];
1258





1259	// Validate Exclusions
1260	// URLs
1261	$result = apbct_settings__sanitize__exclusions($settings['exclusions__urls'], $settings['exclusions__urls__use_regexp']);
	@@ -1443,7 +1448,7 @@ function apbct_settings__sanitize__exclusions($exclusions, $regexp = false){
1443	if( ! empty( $exclusions ) ){
1444	$exclusions = explode( ',', $exclusions );
1445	foreach ( $exclusions as $exclusion ){
1446	- $sanitized_exclusion = ~~preg_replace( '/[<"\'>]/', '',~~ trim( $exclusion ) );
1447	if ( ! empty( $sanitized_exclusion ) ) {
1448	if( $regexp && ! apbct_is_regexp( $exclusion ) )
1449	return false;


1256	$settings['apikey'] = is_main_site() \|\| !$settings['white_label'] ? $settings['apikey'] : $apbct->settings['apikey'];
1257	$settings['apikey'] = strpos($settings['apikey'], '*') === false ? $settings['apikey'] : $apbct->settings['apikey'];
1258
1259	+ // Sanitize settings value
1260	+ foreach ($settings as &$setting ){
1261	+ $setting = preg_replace( '/[<"\'>]/', '', $setting ); // Make HTML code inactive
1262	+ }
1263	+
1264	// Validate Exclusions
1265	// URLs
1266	$result = apbct_settings__sanitize__exclusions($settings['exclusions__urls'], $settings['exclusions__urls__use_regexp']);

1448	if( ! empty( $exclusions ) ){
1449	$exclusions = explode( ',', $exclusions );
1450	foreach ( $exclusions as $exclusion ){
1451	+ $sanitized_exclusion = trim( $exclusion );
1452	if ( ! empty( $sanitized_exclusion ) ) {
1453	if( $regexp && ! apbct_is_regexp( $exclusion ) )
1454	return false;

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: spam, antispam, woocommerce, comments, firewall
4	Requires at least: 3.0
5	Tested up to: 5.4
6	Requires PHP: 5.4
7	- Stable tag: 5.136.3
8	License: GPLv2
9
10	Spam protection, anti-spam, firewall, premium plugin. No spam comments & users, no spam contact form & WooCommerce anti-spam.
	@@ -566,6 +566,9 @@ If your website has forms that send data to external sources, you can enable opt
566
567	== Changelog ==
568



569	= 5.136.3 April 7 2020 =
570	* Security: Possible XSS vulnerability.
571


4	Requires at least: 3.0
5	Tested up to: 5.4
6	Requires PHP: 5.4
7	+ Stable tag: 5.136.4
8	License: GPLv2
9
10	Spam protection, anti-spam, firewall, premium plugin. No spam comments & users, no spam contact form & WooCommerce anti-spam.

566
567	== Changelog ==
568
569	+ = 5.136.4 April 8 2020 =
570	+ * Security: Possible XSS vulnerability.
571	+
572	= 5.136.3 April 7 2020 =
573	* Security: Possible XSS vulnerability.
574