Relevanssi – A Better Search - Version 4.14.3

Version Description

  • Security fix: User searches page had a XSS vulnerability.
Download this release

Release Info

Developer msaari
Plugin Icon 128x128 Relevanssi – A Better Search
Version 4.14.3
Comparing to
See all releases

Code changes from version 4.14.2 to 4.14.3

Files changed (4) hide show
  1. lib/common.php +4 -1
  2. lib/user-searches.php +2 -2
  3. readme.txt +9 -3
  4. relevanssi.php +2 -2
lib/common.php CHANGED
@@ -1035,7 +1035,10 @@ function relevanssi_permalink( $link, $link_post = null ) {
1035
  }
1036
  // Using property_exists() to avoid troubles from magic variables.
1037
  if ( is_object( $link_post ) && property_exists( $link_post, 'relevanssi_link' ) ) {
1038
- $link = $link_post->relevanssi_link;
 
 
 
1039
  }
1040
 
1041
  if ( is_search() && is_object( $link_post ) && property_exists( $link_post, 'relevance_score' ) ) {
1035
  }
1036
  // Using property_exists() to avoid troubles from magic variables.
1037
  if ( is_object( $link_post ) && property_exists( $link_post, 'relevanssi_link' ) ) {
1038
+ // $link_post->relevanssi_link can still be false.
1039
+ if ( ! empty( $link_post->relevanssi_link ) ) {
1040
+ $link = $link_post->relevanssi_link;
1041
+ }
1042
  }
1043
 
1044
  if ( is_search() && is_object( $link_post ) && property_exists( $link_post, 'relevance_score' ) ) {
lib/user-searches.php CHANGED
@@ -336,7 +336,7 @@ function relevanssi_date_queries( string $from, string $to, string $version = 'g
336
  if ( function_exists( 'relevanssi_insights_link' ) ) {
337
  $query_link = relevanssi_insights_link( $query );
338
  } else {
339
- $query_link = $query->query;
340
  }
341
 
342
  if ( 'good' === $version ) {
@@ -347,7 +347,7 @@ function relevanssi_date_queries( string $from, string $to, string $version = 'g
347
  <td style='padding: 3px 5px; text-align: center'>%d</td>
348
  <td style='padding: 3px 5px; text-align: center'>%s</td>
349
  </tr>",
350
- $query_link, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
351
  esc_attr( $query_url ),
352
  intval( $query->cnt ),
353
  intval( $query->hits ),
336
  if ( function_exists( 'relevanssi_insights_link' ) ) {
337
  $query_link = relevanssi_insights_link( $query );
338
  } else {
339
+ $query_link = wp_kses( $query->query, 'strip' );
340
  }
341
 
342
  if ( 'good' === $version ) {
347
  <td style='padding: 3px 5px; text-align: center'>%d</td>
348
  <td style='padding: 3px 5px; text-align: center'>%s</td>
349
  </tr>",
350
+ $query_link, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
351
  esc_attr( $query_url ),
352
  intval( $query->cnt ),
353
  intval( $query->hits ),
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: search, relevance, better search, product search, woocommerce search
5
  Requires at least: 4.9
6
  Tested up to: 5.8.1
7
  Requires PHP: 7.0
8
- Stable tag: 4.14.2
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -131,9 +131,12 @@ Each document database is full of useless words. All the little words that appea
131
  * John Calahan for extensive 4.0 beta testing.
132
 
133
  == Changelog ==
 
 
 
134
  = 4.14.2 =
135
- * Fix: Remove unnecessary database calls from admin pages.
136
- * Fix: Improved Oxygen compatibility.
137
 
138
  = 4.14.1 =
139
  * Adds a missing file.
@@ -249,6 +252,9 @@ Each document database is full of useless words. All the little words that appea
249
  * Minor fix: In some cases, having less than or greater than symbols in PDF content would block that PDF content from being indexed.
250
 
251
  == Upgrade notice ==
 
 
 
252
  = 4.14.2 =
253
  * Removes database calls on admin pages.
254
 
5
  Requires at least: 4.9
6
  Tested up to: 5.8.1
7
  Requires PHP: 7.0
8
+ Stable tag: 4.14.3
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
131
  * John Calahan for extensive 4.0 beta testing.
132
 
133
  == Changelog ==
134
+ = 4.14.3 =
135
+ * Security fix: User searches page had a XSS vulnerability.
136
+
137
  = 4.14.2 =
138
+ * Minor fix: Remove unnecessary database calls from admin pages.
139
+ * Minor fix: Improved Oxygen compatibility.
140
 
141
  = 4.14.1 =
142
  * Adds a missing file.
252
  * Minor fix: In some cases, having less than or greater than symbols in PDF content would block that PDF content from being indexed.
253
 
254
  == Upgrade notice ==
255
+ = 4.14.3
256
+ * Security fix: User searches page had a XSS vulnerability.
257
+
258
  = 4.14.2 =
259
  * Removes database calls on admin pages.
260
 
relevanssi.php CHANGED
@@ -13,7 +13,7 @@
13
  * Plugin Name: Relevanssi
14
  * Plugin URI: https://www.relevanssi.com/
15
  * Description: This plugin replaces WordPress search with a relevance-sorting search.
16
- * Version: 4.14.2
17
  * Author: Mikko Saari
18
  * Author URI: http://www.mikkosaari.fi/
19
  * Text Domain: relevanssi
@@ -67,7 +67,7 @@ $relevanssi_variables['database_version'] = 6;
67
  $relevanssi_variables['file'] = __FILE__;
68
  $relevanssi_variables['plugin_dir'] = plugin_dir_path( __FILE__ );
69
  $relevanssi_variables['plugin_basename'] = plugin_basename( __FILE__ );
70
- $relevanssi_variables['plugin_version'] = '4.14.2';
71
 
72
  require_once 'lib/admin-ajax.php';
73
  require_once 'lib/common.php';
13
  * Plugin Name: Relevanssi
14
  * Plugin URI: https://www.relevanssi.com/
15
  * Description: This plugin replaces WordPress search with a relevance-sorting search.
16
+ * Version: 4.14.3
17
  * Author: Mikko Saari
18
  * Author URI: http://www.mikkosaari.fi/
19
  * Text Domain: relevanssi
67
  $relevanssi_variables['file'] = __FILE__;
68
  $relevanssi_variables['plugin_dir'] = plugin_dir_path( __FILE__ );
69
  $relevanssi_variables['plugin_basename'] = plugin_basename( __FILE__ );
70
+ $relevanssi_variables['plugin_version'] = '4.14.3';
71
 
72
  require_once 'lib/admin-ajax.php';
73
  require_once 'lib/common.php';