From cf51786375a3e2d37c460a5278f27551c08fe893 Mon Sep 17 00:00:00 2001
From: Erick Hitter <ehitter@gmail.com>
Date: Mon, 20 Apr 2015 15:05:28 -0700
Subject: [PATCH] v0.3.1

* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
* Bump WP compat
---
 date-based-taxonomy-archives.php |  9 +++++----
 readme.txt                       | 10 ++++++++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/date-based-taxonomy-archives.php b/date-based-taxonomy-archives.php
index 2c67137..3b56718 100644
--- a/date-based-taxonomy-archives.php
+++ b/date-based-taxonomy-archives.php
@@ -1,11 +1,11 @@
 <?php
 /*
 Plugin Name: Date-based Taxonomy Archives
-Plugin URI: http://www.ethitter.com/plugins/date-based-taxonomy-archives/
+Plugin URI: https://ethitter.com/plugins/date-based-taxonomy-archives/
 Description: Add support for date-based taxonomy archives. Render an unordered list of years with months, linked to corresponding date-based taxonomy archive, nested therein.
 Author: Erick Hitter
-Version: 0.3
-Author URI: http://www.ethitter.com/
+Version: 0.3.1
+Author URI: https://ethitter.com/
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -268,6 +268,7 @@ class Date_Based_Taxonomy_Archives {
 	 * @uses trailingslashit
 	 * @uses home_url
 	 * @uses get_taxonomy
+	 * @uses esc_url
 	 * @uses add_query_arg
 	 * @filter get_archives_link
 	 * @return string
@@ -291,7 +292,7 @@ class Date_Based_Taxonomy_Archives {
 					$taxonomy = get_taxonomy( $queried_object->taxonomy );
 
 					if ( is_object( $taxonomy ) && ! is_wp_error( $taxonomy ) )
-						$exploded[1] = add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] );
+						$exploded[1] = esc_url( add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] ) );
 				}
 
 				$link_html = implode( "'", $exploded );
diff --git a/readme.txt b/readme.txt
index 4154dc8..45f02eb 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,8 +3,8 @@ Contributors: ethitter
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=10275434
 Tags: archive, taxonomy, taxonomies, date
 Requires at least: 3.4
-Tested up to: 3.6
-Stable tag: 0.3
+Tested up to: 4.2
+Stable tag: 0.3.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -44,6 +44,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
 
 == Changelog ==
 
+= 0.3.1 =
+* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
+
 = 0.3 =
 * Remove unnecessary uses of `$wpdb->prepare()` that were incorrectly implemented, resulting in PHP warnings when `WP_DEBUG` was enabled.
 * Convert plugin to a singelton pattern instead of relying on a global variable.
@@ -56,6 +59,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
 
 == Upgrade Notice ==
 
+= 0.3.1 =
+Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
+
 = 0.3 =
 Maintenance release encouraged for all users. Of note, resolves a PHP warning due to an improper use of `$wpdb->prepare()`.
 
-- 
GitLab