Ultimate FAQ - Version 1.9.4

Version Description

Update to correct a potential minor XSS vulnerability

Release Info

Developer	Rustaurius
Plugin	Ultimate FAQ
Version	1.9.4
Comparing to
See all releases

Code changes from version 1.9.3 to 1.9.4

Files changed (4) hide show

Functions/EWD_UFAQ_WPForms_Integration.php +4 -1
Main.php +1 -1
Shortcodes/DisplayFAQs.php +16 -16
readme.txt +3 -0

Functions/EWD_UFAQ_WPForms_Integration.php CHANGED Viewed

	@@ -63,7 +63,7 @@ function EWD_UFAQ_WPForms_Integration_Localization( $form_data, $form ) {
63	if ( isset ( $form_data['settings']['ufaq_enabled'] ) and $form_data['settings']['ufaq_enabled'] == 'specific' ) {
64	$target_field = isset( $form_data['settings']['ufaq_selected_field'] ) ? $form_data['settings']['ufaq_selected_field'] : 0;
65	}
66	- elseif ( isset ( $form_data['settings']['ufaq_enabled'] ) and $form_data['settings']['ufaq_enabled'] != 'disabled' ) {
67	foreach ( $form_data['fields'] as $field_id => $field ){
68	if ( $field['type'] == 'textarea' ) {
69	$target_field = $field['id'];
	@@ -71,6 +71,9 @@ function EWD_UFAQ_WPForms_Integration_Localization( $form_data, $form ) {
71	}
72	}
73	}



74
75	wp_localize_script(
76	'ewd-ufaq-js',


63	if ( isset ( $form_data['settings']['ufaq_enabled'] ) and $form_data['settings']['ufaq_enabled'] == 'specific' ) {
64	$target_field = isset( $form_data['settings']['ufaq_selected_field'] ) ? $form_data['settings']['ufaq_selected_field'] : 0;
65	}
66	+ elseif ( ! isset( $form_data['settings']['ufaq_enabled'] ) or ( isset ( $form_data['settings']['ufaq_enabled'] ) and $form_data['settings']['ufaq_enabled'] != 'disabled' ) ) {
67	foreach ( $form_data['fields'] as $field_id => $field ){
68	if ( $field['type'] == 'textarea' ) {
69	$target_field = $field['id'];

71	}
72	}
73	}
74	+ else {
75	+ $target_field = 0;
76	+ }
77
78	wp_localize_script(
79	'ewd-ufaq-js',

Main.php CHANGED Viewed

	@@ -7,7 +7,7 @@ Author: Etoile Web Design
7	Author URI: http://www.EtoileWebDesign.com/wordpress-plugins/
8	Terms and Conditions: http://www.etoilewebdesign.com/plugin-terms-and-conditions/
9	Text Domain: ultimate-faqs
10	- Version: 1.9.3
11	*/
12
13	global $ewd_ufaq_message;


7	Author URI: http://www.EtoileWebDesign.com/wordpress-plugins/
8	Terms and Conditions: http://www.etoilewebdesign.com/plugin-terms-and-conditions/
9	Text Domain: ultimate-faqs
10	+ Version: 1.9.4
11	*/
12
13	global $ewd_ufaq_message;

Shortcodes/DisplayFAQs.php CHANGED Viewed

	@@ -149,11 +149,11 @@ function Display_FAQs($atts) {
149	if ($display_all_answers != "") {$Display_All_Answers = $display_all_answers;}
150
151	if ($post__in != "") {
152	- $~~post_id_array~~ = json_decode(str_replace(array("[", "]"), array("[", "]"), $post__in));
153	- $~~post_id_array~~[] = 0;
154	}
155	- elseif ($post__in_string != "") {$~~post_id_array~~ = explode(",", $post__in_string);}
156	- else {$~~post_id_array~~ = "";}
157
158	if ($orderby == "") {$orderby = $Order_By_Setting;}
159	if ($orderby == "popular" or $orderby == "set_order" or $orderby == "top_rated") {
	@@ -176,7 +176,7 @@ function Display_FAQs($atts) {
176
177	if ($post__in != "" and $Category_Array[0] != "EWD_UFAQ_ALL_CATEGORIES") {$Category_Array[] = "uncategorized";}
178
179	- if (isset($_GET['include_category'])) {$include_category = $_GET['include_category'];}
180	if ($include_category_children == "No") {$include_children = false;}
181	else {$include_children = true;}
182	if (get_query_var('ufaq_category_slug') != "") {$include_category = get_query_var('ufaq_category_slug');}
	@@ -216,7 +216,7 @@ function Display_FAQs($atts) {
216	);
217	}
218
219	- if (isset($_GET['include_tag'])) {$include_tag = $_GET['include_tag'];}
220	if (get_query_var('ufaq_tag_slug') != "") {$include_tag = get_query_var('ufaq_tag_slug');}
221	if (isset($include_tag) and $include_tag != "" ) {$include_tag_array = explode(",", $include_tag);}
222	else {$include_tag_array = array();}
	@@ -246,7 +246,7 @@ function Display_FAQs($atts) {
246	$Display_FAQ_ID = $FAQ->ID;
247	}
248	elseif (isset($_GET['Display_FAQ'])) {
249	- $ReturnString .= "<script>var Display_FAQ_ID = '" . intval($_GET['Display_FAQ']) . "-%Counter_Placeholder%';</script>";
250	$Display_FAQ_ID = $_GET['Display_FAQ'];
251	}
252	else {$Display_FAQ_ID = "";}
	@@ -316,7 +316,7 @@ function Display_FAQs($atts) {
316	unset($tax_query_array);
317
318	if ($search_string != "") {$params['s'] = $search_string;}
319	- if (is_array($~~post_id_array~~)) {$params['post__in'] = $~~post_id_array~~;}
320	if ($orig_order_setting == "popular") {$params['meta_key'] = 'ufaq_view_count';}
321	if ($orig_order_setting == "top_rated") {$params['meta_key'] = 'FAQ_Total_Score';}
322	if ($orig_order_setting == "set_order") {$params['meta_key'] = 'ufaq_order';}
	@@ -435,7 +435,7 @@ function Display_FAQs($atts) {
435	foreach ($Category_Terms as $Category_Term) {
436	if ($Pretty_Permalinks == "Yes") {$Category_URL = $current_url . "faq-category/" . $Category_Term->slug . "/";}
437	else {$Category_URL = $current_url . "?include_category=" . $Category_Term->slug;}
438	- $ReturnString .= "<a href='" . $Category_URL ."'>" .$Category_Term->name . "</a>, ";
439	}
440	$ReturnString = substr($ReturnString, 0, strlen($ReturnString)-2);
441	$ReturnString .= "</div>";
	@@ -451,7 +451,7 @@ function Display_FAQs($atts) {
451	foreach ($Tag_Terms as $Tag_Term) {
452	if ($Pretty_Permalinks == "Yes") {$Tag_URL = $current_url . "faq-tag/" . $Tag_Term->slug . "/";}
453	else {$Tag_URL = $current_url . "?include_tag=" . $Tag_Term->slug;}
454	- $ReturnString .= "<a href='" . $Tag_URL . "'>" .$Tag_Term->name . "</a>, ";
455	}
456	$ReturnString = substr($ReturnString, 0, strlen($ReturnString)-2);
457	$ReturnString .= "</div>";
	@@ -579,12 +579,12 @@ function Display_FAQs($atts) {
579
580	$ReturnString .= "<div class='ewd-ufaq-bottom ewd-ufaq-page-type-" . $Page_Type . "' data-currentpage='" . $faq_page . "'>";
581	$ReturnString .= "<form>";
582	- $ReturnString .= "<input type='hidden' name='include_category' value='" . ~~htmlspecialchars~~($include_category) . "' id='ufaq-include-category' />";
583	- $ReturnString .= "<input type='hidden' name='exclude_category' value='" . $exclude_category . "' id='ufaq-exclude-category' />";
584	- $ReturnString .= "<input type='hidden' name='orderby' value='" . $orderby . "' id='ufaq-orderby' />";
585	- $ReturnString .= "<input type='hidden' name='order' value='" . $order . "' id='ufaq-order' />";
586	- $ReturnString .= "<input type='hidden' name='post_count' value='" . $post_count . "' id='ufaq-post-count' />";
587	- $ReturnString .= "<input type='hidden' name='current_url' value='" . $_SERVER['REQUEST_URI'] . "' id='ufaq-current-url' />";
588	$ReturnString .= "</form>";
589	if ($Page_Type == 'Distinct') {$ReturnString .= "<div class='ewd-ufaq-previous-faqs " . ($Skip_FAQs == 0 ? 'ewd-ufaq-hidden' : '') . "'><h4>" . __('Previous', 'ultimate-faqs') . "</h4></div>";}
590	if ($Page_Type == 'Distinct') {$ReturnString .= "<div class='ewd-ufaq-next-faqs " . ($Counter >= $Max_FAQ_Count ? '' : 'ewd-ufaq-hidden') . "'><h4>" . __('Next', 'ultimate-faqs') . "</h4></div>";}


149	if ($display_all_answers != "") {$Display_All_Answers = $display_all_answers;}
150
151	if ($post__in != "") {
152	+ $post_id_arr = json_decode(str_replace(array("[", "]"), array("[", "]"), $post__in));
153	+ $post_id_arr[] = 0;
154	}
155	+ elseif ($post__in_string != "") {$post_id_arr = explode(",", $post__in_string);}
156	+ else {$post_id_arr = "";}
157
158	if ($orderby == "") {$orderby = $Order_By_Setting;}
159	if ($orderby == "popular" or $orderby == "set_order" or $orderby == "top_rated") {

176
177	if ($post__in != "" and $Category_Array[0] != "EWD_UFAQ_ALL_CATEGORIES") {$Category_Array[] = "uncategorized";}
178
179	+ if (isset($_GET['include_category'])) {$include_category = sanitize_text_field( $_GET['include_category'] );}
180	if ($include_category_children == "No") {$include_children = false;}
181	else {$include_children = true;}
182	if (get_query_var('ufaq_category_slug') != "") {$include_category = get_query_var('ufaq_category_slug');}

216	);
217	}
218
219	+ if (isset($_GET['include_tag'])) {$include_tag = sanitize_text_field( $_GET['include_tag'] );}
220	if (get_query_var('ufaq_tag_slug') != "") {$include_tag = get_query_var('ufaq_tag_slug');}
221	if (isset($include_tag) and $include_tag != "" ) {$include_tag_array = explode(",", $include_tag);}
222	else {$include_tag_array = array();}

246	$Display_FAQ_ID = $FAQ->ID;
247	}
248	elseif (isset($_GET['Display_FAQ'])) {
249	+ $ReturnString .= "<script>var Display_FAQ_ID = '" . intval( $_GET['Display_FAQ'] ) . "-%Counter_Placeholder%';</script>";
250	$Display_FAQ_ID = $_GET['Display_FAQ'];
251	}
252	else {$Display_FAQ_ID = "";}

316	unset($tax_query_array);
317
318	if ($search_string != "") {$params['s'] = $search_string;}
319	+ if (is_array($post_id_arr)) {$params['post__in'] = $post_id_arr;}
320	if ($orig_order_setting == "popular") {$params['meta_key'] = 'ufaq_view_count';}
321	if ($orig_order_setting == "top_rated") {$params['meta_key'] = 'FAQ_Total_Score';}
322	if ($orig_order_setting == "set_order") {$params['meta_key'] = 'ufaq_order';}

435	foreach ($Category_Terms as $Category_Term) {
436	if ($Pretty_Permalinks == "Yes") {$Category_URL = $current_url . "faq-category/" . $Category_Term->slug . "/";}
437	else {$Category_URL = $current_url . "?include_category=" . $Category_Term->slug;}
438	+ $ReturnString .= "<a href='" . esc_attr( $Category_URL ) ."'>" .$Category_Term->name . "</a>, ";
439	}
440	$ReturnString = substr($ReturnString, 0, strlen($ReturnString)-2);
441	$ReturnString .= "</div>";

451	foreach ($Tag_Terms as $Tag_Term) {
452	if ($Pretty_Permalinks == "Yes") {$Tag_URL = $current_url . "faq-tag/" . $Tag_Term->slug . "/";}
453	else {$Tag_URL = $current_url . "?include_tag=" . $Tag_Term->slug;}
454	+ $ReturnString .= "<a href='" . esc_attr( $Tag_URL ) . "'>" .$Tag_Term->name . "</a>, ";
455	}
456	$ReturnString = substr($ReturnString, 0, strlen($ReturnString)-2);
457	$ReturnString .= "</div>";

579
580	$ReturnString .= "<div class='ewd-ufaq-bottom ewd-ufaq-page-type-" . $Page_Type . "' data-currentpage='" . $faq_page . "'>";
581	$ReturnString .= "<form>";
582	+ $ReturnString .= "<input type='hidden' name='include_category' value='" . esc_attr( $include_category ) . "' id='ufaq-include-category' />";
583	+ $ReturnString .= "<input type='hidden' name='exclude_category' value='" . esc_attr( $exclude_category ) . "' id='ufaq-exclude-category' />";
584	+ $ReturnString .= "<input type='hidden' name='orderby' value='" . esc_attr( $orderby ) . "' id='ufaq-orderby' />";
585	+ $ReturnString .= "<input type='hidden' name='order' value='" . esc_attr( $order ) . "' id='ufaq-order' />";
586	+ $ReturnString .= "<input type='hidden' name='post_count' value='" . esc_attr( $post_count ) . "' id='ufaq-post-count' />";
587	+ $ReturnString .= "<input type='hidden' name='current_url' value='" . esc_attr( $_SERVER['REQUEST_URI'] ) . "' id='ufaq-current-url' />";
588	$ReturnString .= "</form>";
589	if ($Page_Type == 'Distinct') {$ReturnString .= "<div class='ewd-ufaq-previous-faqs " . ($Skip_FAQs == 0 ? 'ewd-ufaq-hidden' : '') . "'><h4>" . __('Previous', 'ultimate-faqs') . "</h4></div>";}
590	if ($Page_Type == 'Distinct') {$ReturnString .= "<div class='ewd-ufaq-next-faqs " . ($Counter >= $Max_FAQ_Count ? '' : 'ewd-ufaq-hidden') . "'><h4>" . __('Next', 'ultimate-faqs') . "</h4></div>";}

readme.txt CHANGED Viewed

	@@ -289,6 +289,9 @@ Video 3 - FAQs Ordering
289
290	== Changelog ==
291



292	= 1.9.3 =
293	- CSS update for the admin styling options page layout
294	- Clarifying the purpose of the plugin in the name


289
290	== Changelog ==
291
292	+ = 1.9.4 =
293	+ - Update to correct a potential minor XSS vulnerability
294	+
295	= 1.9.3 =
296	- CSS update for the admin styling options page layout
297	- Clarifying the purpose of the plugin in the name