WP-Paginate - Version 2.1.4

Version Description

  • Fixed potential XSS Vulnerabilities
Download this release

Release Info

Developer AlanP57
Plugin Icon 128x128 WP-Paginate
Version 2.1.4
Comparing to
See all releases

Code changes from version 2.1.3 to 2.1.4

Files changed (2) hide show
  1. readme.txt +4 -1
  2. wp-paginate.php +17 -6
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: maxfoundry, emartin24, AlanP57
3
  Tags: paginate, pagination, navigation, page, wp-paginate, comments, rtl, seo, usability
4
  Requires at least: 2.6.0 (2.7.0 for comments pagination)
5
  Tested up to: 5.6
6
- Stable tag: 2.1.3
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
@@ -161,6 +161,9 @@ Example (also applies to `wp_paginate_comments()`):
161
  When calling `wp_paginate_comments()`, WP-Paginate adds an extra class to the `ol` element, `wp-paginate-comments`.
162
 
163
  == Changelog ==
 
 
 
164
  = 2.1.3 =
165
  * Tested with Wordpress 5.6
166
  * Updated readme.txt with note to use WP-Paginate Settings rather than editing theme files
3
  Tags: paginate, pagination, navigation, page, wp-paginate, comments, rtl, seo, usability
4
  Requires at least: 2.6.0 (2.7.0 for comments pagination)
5
  Tested up to: 5.6
6
+ Stable tag: 2.1.4
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
161
  When calling `wp_paginate_comments()`, WP-Paginate adds an extra class to the `ol` element, `wp-paginate-comments`.
162
 
163
  == Changelog ==
164
+ = 2.1.4 =
165
+ * Fixed potential XSS Vulnerabilities
166
+
167
  = 2.1.3 =
168
  * Tested with Wordpress 5.6
169
  * Updated readme.txt with note to use WP-Paginate Settings rather than editing theme files
wp-paginate.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WP-Paginate
4
  Plugin URI: https://wordpress.org/plugins/wp-paginate/
5
  Description: A simple and flexible pagination plugin for WordPress posts and comments.
6
- Version: 2.1.3
7
  Author: Max Foundry
8
  Author URI: http://maxfoundry.com
9
  Text Domain: 'wp-paginate'
@@ -60,7 +60,7 @@ if (!class_exists('WPPaginate')) {
60
  /**
61
  * @var string The plugin version
62
  */
63
- public $version = '2.1.3';
64
 
65
  /**
66
  * @var string The options string name for this plugin
@@ -542,6 +542,17 @@ if (!class_exists('WPPaginate')) {
542
  * Adds settings/options page
543
  */
544
  function admin_options_page() {
 
 
 
 
 
 
 
 
 
 
 
545
  if (isset($_POST['wp_paginate_save'])) {
546
  if (wp_verify_nonce($_POST['_wpnonce'], 'wp-paginate-update-options')) {
547
 
@@ -552,8 +563,8 @@ if (!class_exists('WPPaginate')) {
552
  $this->options['title'] = trim(stripslashes(strip_tags($_POST['title'])));
553
  $this->options['previouspage'] = trim(stripslashes(strip_tags($_POST['previouspage'])));
554
  $this->options['nextpage'] = trim(stripslashes(strip_tags($_POST['nextpage'])));
555
- $this->options['before'] = esc_attr($_POST['before']);
556
- $this->options['after'] = esc_attr($_POST['after']);
557
  $this->options['empty'] = (isset($_POST['empty']) && $_POST['empty'] === 'on') ? true : false;
558
  $this->options['css'] = (isset($_POST['css']) && $_POST['css'] === 'on') ? true : false;
559
  $this->options['slash'] = (isset($_POST['slash']) && $_POST['slash'] === 'on') ? true : false;
@@ -573,7 +584,7 @@ if (!class_exists('WPPaginate')) {
573
  if(isset($_POST['font']))
574
  $this->options['font'] = $_POST['font'];
575
  if(isset($_POST['preset']))
576
- $this->options['preset'] = $_POST['preset'];
577
 
578
  $this->save_admin_options();
579
 
@@ -977,7 +988,7 @@ if (!class_exists('WPPaginate')) {
977
  if ( isset( $_REQUEST['wpp_update_custom_code'] ) && check_admin_referer( 'wpp_update_nonce' . $css_file ) ) {
978
 
979
  /* CSS */
980
- $newcontent_css = wp_unslash( $_POST['wpp_newcontent_css'] );
981
  if ( $f = fopen( $real_css_file, 'w+' ) ) {
982
  fwrite( $f, $newcontent_css );
983
  fclose( $f );
3
  Plugin Name: WP-Paginate
4
  Plugin URI: https://wordpress.org/plugins/wp-paginate/
5
  Description: A simple and flexible pagination plugin for WordPress posts and comments.
6
+ Version: 2.1.4
7
  Author: Max Foundry
8
  Author URI: http://maxfoundry.com
9
  Text Domain: 'wp-paginate'
60
  /**
61
  * @var string The plugin version
62
  */
63
+ public $version = '2.1.4';
64
 
65
  /**
66
  * @var string The options string name for this plugin
542
  * Adds settings/options page
543
  */
544
  function admin_options_page() {
545
+
546
+ $allowed_html = array(
547
+ 'div' => array(
548
+ 'class' => array(),
549
+ 'id' => array()
550
+ ),
551
+ 'em' => array(),
552
+ 'strong' => array()
553
+ );
554
+
555
+
556
  if (isset($_POST['wp_paginate_save'])) {
557
  if (wp_verify_nonce($_POST['_wpnonce'], 'wp-paginate-update-options')) {
558
 
563
  $this->options['title'] = trim(stripslashes(strip_tags($_POST['title'])));
564
  $this->options['previouspage'] = trim(stripslashes(strip_tags($_POST['previouspage'])));
565
  $this->options['nextpage'] = trim(stripslashes(strip_tags($_POST['nextpage'])));
566
+ $this->options['before'] = wp_kses($_POST['before'], $allowed_html);
567
+ $this->options['after'] = wp_kses($_POST['after'], $allowed_html);
568
  $this->options['empty'] = (isset($_POST['empty']) && $_POST['empty'] === 'on') ? true : false;
569
  $this->options['css'] = (isset($_POST['css']) && $_POST['css'] === 'on') ? true : false;
570
  $this->options['slash'] = (isset($_POST['slash']) && $_POST['slash'] === 'on') ? true : false;
584
  if(isset($_POST['font']))
585
  $this->options['font'] = $_POST['font'];
586
  if(isset($_POST['preset']))
587
+ $this->options['preset'] = trim(stripslashes(strip_tags($_POST['preset'])));
588
 
589
  $this->save_admin_options();
590
 
988
  if ( isset( $_REQUEST['wpp_update_custom_code'] ) && check_admin_referer( 'wpp_update_nonce' . $css_file ) ) {
989
 
990
  /* CSS */
991
+ $newcontent_css = wp_kses_post(wp_unslash( $_POST['wpp_newcontent_css'] ));
992
  if ( $f = fopen( $real_css_file, 'w+' ) ) {
993
  fwrite( $f, $newcontent_css );
994
  fclose( $f );