MetaSlider - Version 3.7.2

Version Description

  • 2018/Mar/20 =

  • TWEAK: Remove an obsolete admin notice

  • SECURITY: Prevent a non-persistent logged-in XSS attack. The attacker must persuade a logged-in admin-level WP user to click on a malicious link specifically targeted to your site; this can result in his chosen JavaScript being run inside your browser on the MetaSlider page. Hence, the risk is low, but you should certainly update.

Download this release

Release Info

Developer DavidAnderson
Plugin Icon 128x128 MetaSlider
Version 3.7.2
Comparing to
See all releases

Code changes from version 3.7.1 to 3.7.2

Files changed (3) hide show
  1. admin/Notices.php +10 -10
  2. ml-slider.php +4 -4
  3. readme.txt +7 -3
admin/Notices.php CHANGED
@@ -119,16 +119,16 @@ class MetaSlider_Notices extends Updraft_Notices_1_0 {
119
  'hide_time' => 12,
120
  'supported_positions' => array('header'),
121
  ),
122
- 'lite_survey' => array(
123
- 'title' => __('Help us to get even better MetaSlider', 'ml-slider'),
124
- 'text' => __('Let us know how you use MetaSlider by answering 4 simple questions. We will make MetaSlider to suit you better.', 'ml-slider'),
125
- 'image' => 'metaslider_logo.png',
126
- 'button_link' => 'https://www.metaslider.com/survey?utm_source=metaslider-plugin-page&utm_medium=banner',
127
- 'button_meta' => 'lets_start',
128
- 'dismiss_time' => 'lite_survey',
129
- 'hide_time' => 12,
130
- 'supported_positions' => array('header'),
131
- ),
132
  'pro_layers' => array(
133
  'title' => __('Spice up your site with animated layers and video slides', 'ml-slider'),
134
  'text' => __('With the MetaSlider Add-on pack you can give your slideshows a professional look!', 'ml-slider'),
119
  'hide_time' => 12,
120
  'supported_positions' => array('header'),
121
  ),
122
+ // 'lite_survey' => array(
123
+ // 'title' => __('Help us to get even better MetaSlider', 'ml-slider'),
124
+ // 'text' => __('Let us know how you use MetaSlider by answering 4 simple questions. We will make MetaSlider to suit you better.', 'ml-slider'),
125
+ // 'image' => 'metaslider_logo.png',
126
+ // 'button_link' => 'https://www.metaslider.com/survey?utm_source=metaslider-plugin-page&utm_medium=banner',
127
+ // 'button_meta' => 'lets_start',
128
+ // 'dismiss_time' => 'lite_survey',
129
+ // 'hide_time' => 12,
130
+ // 'supported_positions' => array('header'),
131
+ // ),
132
  'pro_layers' => array(
133
  'title' => __('Spice up your site with animated layers and video slides', 'ml-slider'),
134
  'text' => __('With the MetaSlider Add-on pack you can give your slideshows a professional look!', 'ml-slider'),
ml-slider.php CHANGED
@@ -6,11 +6,11 @@
6
  * Plugin Name: MetaSlider
7
  * Plugin URI: https://www.metaslider.com
8
  * Description: Easy to use slideshow plugin. Create SEO optimised responsive slideshows with Nivo Slider, Flex Slider, Coin Slider and Responsive Slides.
9
- * Version: 3.7.1
10
  * Author: Team Updraft
11
  * Author URI: https://www.metaslider.com
12
  * License: GPL-2.0+
13
- * Copyright: 2017 Simba Hosting Ltd
14
  *
15
  * Text Domain: ml-slider
16
  * Domain Path: /languages
@@ -34,7 +34,7 @@ class MetaSliderPlugin {
34
  *
35
  * @var string
36
  */
37
- public $version = '3.7.1';
38
 
39
  /**
40
  * The lowest tier price for upgrades
@@ -1258,7 +1258,7 @@ class MetaSliderPlugin {
1258
  // If the id parameter exists, verify and use that.
1259
  if (isset($_REQUEST['id']) && $id = $_REQUEST['id']) {
1260
  if (in_array(get_post_status(absint($id)), array('publish', 'inherit'))) {
1261
- $slider_id = $id;
1262
  }
1263
  }
1264
 
6
  * Plugin Name: MetaSlider
7
  * Plugin URI: https://www.metaslider.com
8
  * Description: Easy to use slideshow plugin. Create SEO optimised responsive slideshows with Nivo Slider, Flex Slider, Coin Slider and Responsive Slides.
9
+ * Version: 3.7.2
10
  * Author: Team Updraft
11
  * Author URI: https://www.metaslider.com
12
  * License: GPL-2.0+
13
+ * Copyright: 2017- Simba Hosting Ltd
14
  *
15
  * Text Domain: ml-slider
16
  * Domain Path: /languages
34
  *
35
  * @var string
36
  */
37
+ public $version = '3.7.2';
38
 
39
  /**
40
  * The lowest tier price for upgrades
1258
  // If the id parameter exists, verify and use that.
1259
  if (isset($_REQUEST['id']) && $id = $_REQUEST['id']) {
1260
  if (in_array(get_post_status(absint($id)), array('publish', 'inherit'))) {
1261
+ $slider_id = (int)$id;
1262
  }
1263
  }
1264
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: matchalabs, DavidAnderson, dnutbourne, kbat82
3
  Tags: wordpress slideshow,seo,slideshow,slider,widget,wordpress slider,image slider,flexslider,flex slider,nivoslider,nivo slider,responsive,responsive slides,coinslider,coin slider,slideshow,carousel,responsive slider,vertical slides
4
  Donate link: https://david.dw-perspective.org.uk/donate
5
  Requires at least: 3.5
6
- Stable tag: 3.7.1
7
  Tested up to: 4.9
8
  License: GPLv2 or later
9
  License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -151,6 +151,11 @@ See https://www.metaslider.com/documentation/image-cropping/
151
 
152
  == Changelog ==
153
 
 
 
 
 
 
154
  = 3.7.1 - 2018/Mar/13 =
155
 
156
  * FIX: Updates FlexSlider to remove flash on page load.
@@ -637,5 +642,4 @@ More info/Comments: http://www.metaslider.com/coming-soon-meta-slider-2-6-free/
637
  * Initial version
638
 
639
  == Upgrade Notice ==
640
- * 3.7.1 : One bug-fix; a recommended update for all
641
- * 3.7.0 : One new feature, one bug-fix, one tweak; a recommended update for all
3
  Tags: wordpress slideshow,seo,slideshow,slider,widget,wordpress slider,image slider,flexslider,flex slider,nivoslider,nivo slider,responsive,responsive slides,coinslider,coin slider,slideshow,carousel,responsive slider,vertical slides
4
  Donate link: https://david.dw-perspective.org.uk/donate
5
  Requires at least: 3.5
6
+ Stable tag: 3.7.2
7
  Tested up to: 4.9
8
  License: GPLv2 or later
9
  License URI: https://www.gnu.org/licenses/gpl-2.0.html
151
 
152
  == Changelog ==
153
 
154
+ = 3.7.2 - 2018/Mar/20 =
155
+
156
+ * TWEAK: Remove an obsolete admin notice
157
+ * SECURITY: Prevent a non-persistent logged-in XSS attack. The attacker must persuade a logged-in admin-level WP user to click on a malicious link specifically targeted to your site; this can result in his chosen JavaScript being run inside your browser on the MetaSlider page. Hence, the risk is low, but you should certainly update.
158
+
159
  = 3.7.1 - 2018/Mar/13 =
160
 
161
  * FIX: Updates FlexSlider to remove flash on page load.
642
  * Initial version
643
 
644
  == Upgrade Notice ==
645
+ * 3.7.2 : Fix non-persistent admin XSS attack (requiring clicking on a targeted, crafted link specific to your site leading to one-time execution of his chosen JavaScript in your browser - so, low risk but you should certainly update)