v0.3.1

* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html * Bump WP compat

v0.3.1
cf517863 · Erick Hitter · 0b534d46 · cf517863 · cf517863
Commit cf517863 authored 10 years ago by Erick Hitter
--- a/date-based-taxonomy-archives.php
+++ b/date-based-taxonomy-archives.php
 <?php
 /*
 Plugin Name: Date-based Taxonomy Archives
-Plugin URI: http://www.ethitter.com/plugins/date-based-taxonomy-archives/
+Plugin URI: https://ethitter.com/plugins/date-based-taxonomy-archives/
 Description: Add support for date-based taxonomy archives. Render an unordered list of years with months, linked to corresponding date-based taxonomy archive, nested therein.
 Author: Erick Hitter
-Version: 0.3
+Version: 0.3.1
-Author URI: http://www.ethitter.com/
+Author URI: https://ethitter.com/
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -268,6 +268,7 @@ class Date_Based_Taxonomy_Archives {
 	 * @uses trailingslashit
 	 * @uses home_url
 	 * @uses get_taxonomy
+	 * @uses esc_url
 	 * @uses add_query_arg
 	 * @filter get_archives_link
 	 * @return string
@@ -291,7 +292,7 @@ class Date_Based_Taxonomy_Archives {
 					$taxonomy = get_taxonomy( $queried_object->taxonomy );
 					if ( is_object( $taxonomy ) && ! is_wp_error( $taxonomy ) )
-						$exploded[1] = add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] );
+						$exploded[1] = esc_url( add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] ) );
 				}
 				$link_html = implode( "'", $exploded );

--- a/readme.txt
+++ b/readme.txt
@@ -3,8 +3,8 @@ Contributors: ethitter
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=10275434
 Tags: archive, taxonomy, taxonomies, date
 Requires at least: 3.4
-Tested up to: 3.6
+Tested up to: 4.2
-Stable tag: 0.3
+Stable tag: 0.3.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -44,6 +44,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
 == Changelog ==
+= 0.3.1 =
+* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
 = 0.3 =
 * Remove unnecessary uses of `$wpdb->prepare()` that were incorrectly implemented, resulting in PHP warnings when `WP_DEBUG` was enabled.
 * Convert plugin to a singelton pattern instead of relying on a global variable.
@@ -56,6 +59,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
 == Upgrade Notice ==
+= 0.3.1 =
+Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
 = 0.3 =
 Maintenance release encouraged for all users. Of note, resolves a PHP warning due to an improper use of `$wpdb->prepare()`.