Version Description
- Fixed a security issue on admin side only exploitable by logged in admins
Download this release
Release Info
| Developer | satollo |
| Plugin |  Newsletter |
| Version | 4.6.1 |
| Comparing to | |
| See all releases | |
Code changes from version 4.6.0 to 4.6.1
- includes/controls.php +6 -6
- plugin.php +2 -2
- readme.txt +6 -2
- users/massive.php +1 -1
includes/controls.php
CHANGED
|
@@ -240,13 +240,13 @@ class NewsletterControls {
|
|
| 240 |
|
| 241 |
echo '<select id="options-' . $name . '" name="options[' . $name . ']">';
|
| 242 |
if (!empty($first)) {
|
| 243 |
-
echo '<option value="">' .
|
| 244 |
}
|
| 245 |
foreach ($options as $key => $label) {
|
| 246 |
-
echo '<option value="' . $key . '"';
|
| 247 |
if ($value == $key)
|
| 248 |
echo ' selected';
|
| 249 |
-
echo '>' .
|
| 250 |
}
|
| 251 |
echo '</select>';
|
| 252 |
}
|
|
@@ -257,15 +257,15 @@ class NewsletterControls {
|
|
| 257 |
echo '<select name="options[' . $name . ']">';
|
| 258 |
|
| 259 |
foreach ($groups as $group) {
|
| 260 |
-
echo '<optgroup label="' .
|
| 261 |
if (!empty($group)) {
|
| 262 |
foreach ($group as $key => $label) {
|
| 263 |
if ($key == '')
|
| 264 |
continue;
|
| 265 |
-
echo '<option value="' . $key . '"';
|
| 266 |
if ($value == $key)
|
| 267 |
echo ' selected';
|
| 268 |
-
echo '>' .
|
| 269 |
}
|
| 270 |
}
|
| 271 |
echo '</optgroup>';
|
| 240 |
|
| 241 |
echo '<select id="options-' . $name . '" name="options[' . $name . ']">';
|
| 242 |
if (!empty($first)) {
|
| 243 |
+
echo '<option value="">' . esc_html($first) . '</option>';
|
| 244 |
}
|
| 245 |
foreach ($options as $key => $label) {
|
| 246 |
+
echo '<option value="' . esc_attr($key) . '"';
|
| 247 |
if ($value == $key)
|
| 248 |
echo ' selected';
|
| 249 |
+
echo '>' . esc_html($label) . '</option>';
|
| 250 |
}
|
| 251 |
echo '</select>';
|
| 252 |
}
|
| 257 |
echo '<select name="options[' . $name . ']">';
|
| 258 |
|
| 259 |
foreach ($groups as $group) {
|
| 260 |
+
echo '<optgroup label="' . esc_attr($group['']) . '">';
|
| 261 |
if (!empty($group)) {
|
| 262 |
foreach ($group as $key => $label) {
|
| 263 |
if ($key == '')
|
| 264 |
continue;
|
| 265 |
+
echo '<option value="' . esc_attr($key) . '"';
|
| 266 |
if ($value == $key)
|
| 267 |
echo ' selected';
|
| 268 |
+
echo '>' . esc_html($label) . '</option>';
|
| 269 |
}
|
| 270 |
}
|
| 271 |
echo '</optgroup>';
|
plugin.php
CHANGED
|
@@ -4,7 +4,7 @@
|
|
| 4 |
Plugin Name: Newsletter
|
| 5 |
Plugin URI: http://www.thenewsletterplugin.com/plugins/newsletter
|
| 6 |
Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="http://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
|
| 7 |
-
Version: 4.6.
|
| 8 |
Author: Stefano Lissa & The Newsletter Team
|
| 9 |
Author URI: http://www.thenewsletterplugin.com
|
| 10 |
Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
|
|
@@ -14,7 +14,7 @@
|
|
| 14 |
*/
|
| 15 |
|
| 16 |
// Used as dummy parameter on css and js links
|
| 17 |
-
define('NEWSLETTER_VERSION', '4.6.
|
| 18 |
|
| 19 |
global $wpdb, $newsletter;
|
| 20 |
|
| 4 |
Plugin Name: Newsletter
|
| 5 |
Plugin URI: http://www.thenewsletterplugin.com/plugins/newsletter
|
| 6 |
Description: Newsletter is a cool plugin to create your own subscriber list, to send newsletters, to build your business. <strong>Before update give a look to <a href="http://www.thenewsletterplugin.com/category/release">this page</a> to know what's changed.</strong>
|
| 7 |
+
Version: 4.6.1
|
| 8 |
Author: Stefano Lissa & The Newsletter Team
|
| 9 |
Author URI: http://www.thenewsletterplugin.com
|
| 10 |
Disclaimer: Use at your own risk. No warranty expressed or implied is provided.
|
| 14 |
*/
|
| 15 |
|
| 16 |
// Used as dummy parameter on css and js links
|
| 17 |
+
define('NEWSLETTER_VERSION', '4.6.1');
|
| 18 |
|
| 19 |
global $wpdb, $newsletter;
|
| 20 |
|
readme.txt
CHANGED
|
@@ -1,8 +1,8 @@
|
|
| 1 |
=== Newsletter ===
|
| 2 |
Tags: newsletter,email,subscription,mass mail,list build,email marketing,direct mailing,automation,automated
|
| 3 |
Requires at least: 3.4.0
|
| 4 |
-
Tested up to: 4.6.
|
| 5 |
-
Stable tag: 4.6.
|
| 6 |
Contributors: satollo,webagile,michael-travan
|
| 7 |
|
| 8 |
Add a real newsletter system to your blog. For free. With unlimited newsletters and subscribers.
|
|
@@ -77,6 +77,10 @@ Thank you, The Newsletter Team
|
|
| 77 |
|
| 78 |
== Changelog ==
|
| 79 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 80 |
= 4.6.0 =
|
| 81 |
|
| 82 |
* Fixed debug notices on composer post blocks
|
| 1 |
=== Newsletter ===
|
| 2 |
Tags: newsletter,email,subscription,mass mail,list build,email marketing,direct mailing,automation,automated
|
| 3 |
Requires at least: 3.4.0
|
| 4 |
+
Tested up to: 4.6.1
|
| 5 |
+
Stable tag: 4.6.1
|
| 6 |
Contributors: satollo,webagile,michael-travan
|
| 7 |
|
| 8 |
Add a real newsletter system to your blog. For free. With unlimited newsletters and subscribers.
|
| 77 |
|
| 78 |
== Changelog ==
|
| 79 |
|
| 80 |
+
= 4.6.1 =
|
| 81 |
+
|
| 82 |
+
* Fixed a security issue on admin side only exploitable by logged in admins
|
| 83 |
+
|
| 84 |
= 4.6.0 =
|
| 85 |
|
| 86 |
* Fixed debug notices on composer post blocks
|
users/massive.php
CHANGED
|
@@ -284,7 +284,7 @@ if ($controls->is_action('bounces')) {
|
|
| 284 |
<?php for ($i = 1; $i <= NEWSLETTER_LIST_MAX; $i++) { ?>
|
| 285 |
<tr>
|
| 286 |
<td><?php echo $i; ?></td>
|
| 287 |
-
<td><?php echo $options_profile['list_' . $i]; ?></td>
|
| 288 |
<td>
|
| 289 |
<?php echo $wpdb->get_var("select count(*) from " . NEWSLETTER_USERS_TABLE . " where list_" . $i . "=1 and status='C'"); ?>
|
| 290 |
</td>
|
| 284 |
<?php for ($i = 1; $i <= NEWSLETTER_LIST_MAX; $i++) { ?>
|
| 285 |
<tr>
|
| 286 |
<td><?php echo $i; ?></td>
|
| 287 |
+
<td><?php echo esc_html($options_profile['list_' . $i]); ?></td>
|
| 288 |
<td>
|
| 289 |
<?php echo $wpdb->get_var("select count(*) from " . NEWSLETTER_USERS_TABLE . " where list_" . $i . "=1 and status='C'"); ?>
|
| 290 |
</td>
|
