Version Description
Download this release
Release Info
| Developer | barrykooij |
| Plugin |  Related Posts for WordPress |
| Version | 2.1.2 |
| Comparing to | |
| See all releases | |
Code changes from version 2.1.1 to 2.1.2
- classes/class-link-related-table.php +10 -5
- classes/class-rp4wp.php +1 -1
- classes/hooks/class-hook-link-related-screen.php +10 -10
- readme.txt +7 -1
- related-posts-for-wp.php +1 -1
classes/class-link-related-table.php
CHANGED
|
@@ -257,14 +257,19 @@ class RP4WP_Link_Related_Table extends WP_List_Table {
|
|
| 257 |
public function column_title( $item ) {
|
| 258 |
$actions = array(
|
| 259 |
'link' => sprintf(
|
| 260 |
-
'<a href="
|
| 261 |
-
|
| 262 |
-
|
| 263 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 264 |
),
|
| 265 |
'view' => sprintf(
|
| 266 |
'<a href="%s" target="_blank">%s</a>',
|
| 267 |
-
get_permalink( $item['ID'] ),
|
| 268 |
__( 'View Post' )
|
| 269 |
)
|
| 270 |
);
|
| 257 |
public function column_title( $item ) {
|
| 258 |
$actions = array(
|
| 259 |
'link' => sprintf(
|
| 260 |
+
'<a href="%s">' . __( 'Link Post', 'related-posts-for-wp' ) . '</a>',
|
| 261 |
+
esc_attr(
|
| 262 |
+
sprintf(
|
| 263 |
+
"?page=%s&rp4wp_parent=%s&rp4wp_create_link=%s",
|
| 264 |
+
$_REQUEST['page'],
|
| 265 |
+
$_GET['rp4wp_parent'],
|
| 266 |
+
$item['ID']
|
| 267 |
+
)
|
| 268 |
+
)
|
| 269 |
),
|
| 270 |
'view' => sprintf(
|
| 271 |
'<a href="%s" target="_blank">%s</a>',
|
| 272 |
+
esc_attr( get_permalink( $item['ID'] ) ),
|
| 273 |
__( 'View Post' )
|
| 274 |
)
|
| 275 |
);
|
classes/class-rp4wp.php
CHANGED
|
@@ -8,7 +8,7 @@ class RP4WP {
|
|
| 8 |
|
| 9 |
private static $instance = null;
|
| 10 |
|
| 11 |
-
const VERSION = '2.1.
|
| 12 |
|
| 13 |
/**
|
| 14 |
* @var RP4WP_Settings
|
| 8 |
|
| 9 |
private static $instance = null;
|
| 10 |
|
| 11 |
+
const VERSION = '2.1.2';
|
| 12 |
|
| 13 |
/**
|
| 14 |
* @var RP4WP_Settings
|
classes/hooks/class-hook-link-related-screen.php
CHANGED
|
@@ -41,7 +41,7 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 41 |
*/
|
| 42 |
private function catch_search() {
|
| 43 |
if ( isset( $_GET['page'] ) && 'rp4wp_link_related' == $_GET['page'] && isset ( $_POST['s'] ) ) {
|
| 44 |
-
$base_url = admin_url( sprintf( 'admin.php?page=rp4wp_link_related&rp4wp_parent=%d&rp4wp_view=%s', absint( $_GET['rp4wp_parent'] ), $_GET['rp4wp_view'] ) );
|
| 45 |
if ( ! empty( $_POST['s'] ) ) {
|
| 46 |
$s = urlencode( $_POST['s'] );
|
| 47 |
// post to get solution
|
|
@@ -54,7 +54,7 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 54 |
exit;
|
| 55 |
}
|
| 56 |
}
|
| 57 |
-
|
| 58 |
/**
|
| 59 |
* Check if the current user is allowed to create related posts
|
| 60 |
*/
|
|
@@ -76,20 +76,20 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 76 |
$this->check_if_allowed();
|
| 77 |
|
| 78 |
// Get parent
|
| 79 |
-
$parent = $_GET['rp4wp_parent'];
|
| 80 |
|
| 81 |
// Create link
|
| 82 |
$post_link_manager = new RP4WP_Post_Link_Manager();
|
| 83 |
|
| 84 |
// Create link
|
| 85 |
-
$post_link_manager->add( $parent, $_GET['rp4wp_create_link'] );
|
| 86 |
|
| 87 |
// Send back
|
| 88 |
$redirect_url = get_admin_url() . "post.php?post={$parent}&action=edit";
|
| 89 |
|
| 90 |
// WPML check
|
| 91 |
if ( isset( $_GET['lang'] ) ) {
|
| 92 |
-
$redirect_url .= "&lang=" . $_GET['lang'];
|
| 93 |
}
|
| 94 |
|
| 95 |
wp_redirect( $redirect_url );
|
|
@@ -106,7 +106,7 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 106 |
if ( isset( $_POST['rp4wp_bulk'] ) && isset( $_GET['rp4wp_parent'] ) ) {
|
| 107 |
|
| 108 |
// Get parent
|
| 109 |
-
$parent = $_GET['rp4wp_parent'];
|
| 110 |
|
| 111 |
// Check if user is allowed to do this
|
| 112 |
$this->check_if_allowed();
|
|
@@ -128,7 +128,7 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 128 |
|
| 129 |
// WPML check
|
| 130 |
if ( isset( $_GET['lang'] ) ) {
|
| 131 |
-
$redirect_url .= "&lang=" . $_GET['lang'];
|
| 132 |
}
|
| 133 |
|
| 134 |
wp_redirect( $redirect_url );
|
|
@@ -151,7 +151,7 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 151 |
}
|
| 152 |
|
| 153 |
// Parent
|
| 154 |
-
$parent = $_GET['rp4wp_parent'];
|
| 155 |
|
| 156 |
// Setup cancel URL
|
| 157 |
$cancel_url = get_admin_url() . "post.php?post={$parent}&action=edit";
|
|
@@ -166,7 +166,7 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 166 |
<div class="wrap">
|
| 167 |
<h2>
|
| 168 |
<?php _e( 'Posts', 'related-posts-for-wp' ); ?>
|
| 169 |
-
<a href="<?php echo $cancel_url; ?>" class="add-new-h2"><?php _e( 'Cancel linking', 'related-posts-for-wp' ); ?></a>
|
| 170 |
</h2>
|
| 171 |
|
| 172 |
<form id="sp-list-table-form" method="post">
|
|
@@ -192,4 +192,4 @@ class RP4WP_Hook_Link_Related_Screen extends RP4WP_Hook {
|
|
| 192 |
|
| 193 |
<?php
|
| 194 |
}
|
| 195 |
-
}
|
| 41 |
*/
|
| 42 |
private function catch_search() {
|
| 43 |
if ( isset( $_GET['page'] ) && 'rp4wp_link_related' == $_GET['page'] && isset ( $_POST['s'] ) ) {
|
| 44 |
+
$base_url = admin_url( sprintf( 'admin.php?page=rp4wp_link_related&rp4wp_parent=%d&rp4wp_view=%s', absint( $_GET['rp4wp_parent'] ), esc_attr( $_GET['rp4wp_view'] ) ) );
|
| 45 |
if ( ! empty( $_POST['s'] ) ) {
|
| 46 |
$s = urlencode( $_POST['s'] );
|
| 47 |
// post to get solution
|
| 54 |
exit;
|
| 55 |
}
|
| 56 |
}
|
| 57 |
+
|
| 58 |
/**
|
| 59 |
* Check if the current user is allowed to create related posts
|
| 60 |
*/
|
| 76 |
$this->check_if_allowed();
|
| 77 |
|
| 78 |
// Get parent
|
| 79 |
+
$parent = absint( $_GET['rp4wp_parent'] );
|
| 80 |
|
| 81 |
// Create link
|
| 82 |
$post_link_manager = new RP4WP_Post_Link_Manager();
|
| 83 |
|
| 84 |
// Create link
|
| 85 |
+
$post_link_manager->add( $parent, absint( $_GET['rp4wp_create_link'] ) );
|
| 86 |
|
| 87 |
// Send back
|
| 88 |
$redirect_url = get_admin_url() . "post.php?post={$parent}&action=edit";
|
| 89 |
|
| 90 |
// WPML check
|
| 91 |
if ( isset( $_GET['lang'] ) ) {
|
| 92 |
+
$redirect_url .= "&lang=" . esc_attr( $_GET['lang'] );
|
| 93 |
}
|
| 94 |
|
| 95 |
wp_redirect( $redirect_url );
|
| 106 |
if ( isset( $_POST['rp4wp_bulk'] ) && isset( $_GET['rp4wp_parent'] ) ) {
|
| 107 |
|
| 108 |
// Get parent
|
| 109 |
+
$parent = absint( $_GET['rp4wp_parent'] );
|
| 110 |
|
| 111 |
// Check if user is allowed to do this
|
| 112 |
$this->check_if_allowed();
|
| 128 |
|
| 129 |
// WPML check
|
| 130 |
if ( isset( $_GET['lang'] ) ) {
|
| 131 |
+
$redirect_url .= "&lang=" . esc_attr( $_GET['lang'] );
|
| 132 |
}
|
| 133 |
|
| 134 |
wp_redirect( $redirect_url );
|
| 151 |
}
|
| 152 |
|
| 153 |
// Parent
|
| 154 |
+
$parent = absint( $_GET['rp4wp_parent'] );
|
| 155 |
|
| 156 |
// Setup cancel URL
|
| 157 |
$cancel_url = get_admin_url() . "post.php?post={$parent}&action=edit";
|
| 166 |
<div class="wrap">
|
| 167 |
<h2>
|
| 168 |
<?php _e( 'Posts', 'related-posts-for-wp' ); ?>
|
| 169 |
+
<a href="<?php echo esc_attr( $cancel_url ); ?>" class="add-new-h2"><?php _e( 'Cancel linking', 'related-posts-for-wp' ); ?></a>
|
| 170 |
</h2>
|
| 171 |
|
| 172 |
<form id="sp-list-table-form" method="post">
|
| 192 |
|
| 193 |
<?php
|
| 194 |
}
|
| 195 |
+
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: http://www.barrykooij.com/donate/
|
|
| 4 |
Tags: related posts for wordpress, related posts for wp, simple related posts, easy related posts, related posts, related post, related, relations, internal links, seo, bounce rate
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0.2
|
| 7 |
-
Stable tag: 2.1.
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
|
@@ -120,6 +120,12 @@ There is one custom table created for the post cache, this table will however no
|
|
| 120 |
|
| 121 |
== Changelog ==
|
| 122 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 123 |
= 2.1.1: September 17, 2022 =
|
| 124 |
* Tweak: Added rp4wp_post_title_html filter.
|
| 125 |
* Tweak: Added rp4wp_post_link filter.
|
| 4 |
Tags: related posts for wordpress, related posts for wp, simple related posts, easy related posts, related posts, related post, related, relations, internal links, seo, bounce rate
|
| 5 |
Requires at least: 3.6
|
| 6 |
Tested up to: 6.0.2
|
| 7 |
+
Stable tag: 2.1.2
|
| 8 |
License: GPLv3 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 10 |
|
| 120 |
|
| 121 |
== Changelog ==
|
| 122 |
|
| 123 |
+
= 2.1.2: October 1, 2022 =
|
| 124 |
+
* Tweak: Fixed CWE-79 XSS issue on manually link related post screen, props [foobar7](https://github.com/foobar7).
|
| 125 |
+
* Tweak: Properly escape redirect URL params on manually bulk linking of related posts.
|
| 126 |
+
* Tweak: Properly escape links in post table on manually link related post screen.
|
| 127 |
+
* Tweak: Properly escape rp4wp_view on manually link search page.
|
| 128 |
+
|
| 129 |
= 2.1.1: September 17, 2022 =
|
| 130 |
* Tweak: Added rp4wp_post_title_html filter.
|
| 131 |
* Tweak: Added rp4wp_post_link filter.
|
related-posts-for-wp.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Related Posts for WordPress
|
| 4 |
Plugin URI: http://www.relatedpostsforwp.com/
|
| 5 |
Description: Related Posts for WordPress, the best way to display related posts in WordPress.
|
| 6 |
-
Version: 2.1.
|
| 7 |
Author: Never5
|
| 8 |
Author URI: http://www.never5.com/
|
| 9 |
License: GPL v3
|
| 3 |
Plugin Name: Related Posts for WordPress
|
| 4 |
Plugin URI: http://www.relatedpostsforwp.com/
|
| 5 |
Description: Related Posts for WordPress, the best way to display related posts in WordPress.
|
| 6 |
+
Version: 2.1.2
|
| 7 |
Author: Never5
|
| 8 |
Author URI: http://www.never5.com/
|
| 9 |
License: GPL v3
|
