Commit cf517863 authored by Erick Hitter's avatar Erick Hitter
Browse files

v0.3.1

* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
* Bump WP compat
parent 0b534d46
<?php <?php
/* /*
Plugin Name: Date-based Taxonomy Archives Plugin Name: Date-based Taxonomy Archives
Plugin URI: http://www.ethitter.com/plugins/date-based-taxonomy-archives/ Plugin URI: https://ethitter.com/plugins/date-based-taxonomy-archives/
Description: Add support for date-based taxonomy archives. Render an unordered list of years with months, linked to corresponding date-based taxonomy archive, nested therein. Description: Add support for date-based taxonomy archives. Render an unordered list of years with months, linked to corresponding date-based taxonomy archive, nested therein.
Author: Erick Hitter Author: Erick Hitter
Version: 0.3 Version: 0.3.1
Author URI: http://www.ethitter.com/ Author URI: https://ethitter.com/
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -268,6 +268,7 @@ class Date_Based_Taxonomy_Archives { ...@@ -268,6 +268,7 @@ class Date_Based_Taxonomy_Archives {
* @uses trailingslashit * @uses trailingslashit
* @uses home_url * @uses home_url
* @uses get_taxonomy * @uses get_taxonomy
* @uses esc_url
* @uses add_query_arg * @uses add_query_arg
* @filter get_archives_link * @filter get_archives_link
* @return string * @return string
...@@ -291,7 +292,7 @@ class Date_Based_Taxonomy_Archives { ...@@ -291,7 +292,7 @@ class Date_Based_Taxonomy_Archives {
$taxonomy = get_taxonomy( $queried_object->taxonomy ); $taxonomy = get_taxonomy( $queried_object->taxonomy );
if ( is_object( $taxonomy ) && ! is_wp_error( $taxonomy ) ) if ( is_object( $taxonomy ) && ! is_wp_error( $taxonomy ) )
$exploded[1] = add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] ); $exploded[1] = esc_url( add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] ) );
} }
$link_html = implode( "'", $exploded ); $link_html = implode( "'", $exploded );
......
...@@ -3,8 +3,8 @@ Contributors: ethitter ...@@ -3,8 +3,8 @@ Contributors: ethitter
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=10275434 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=10275434
Tags: archive, taxonomy, taxonomies, date Tags: archive, taxonomy, taxonomies, date
Requires at least: 3.4 Requires at least: 3.4
Tested up to: 3.6 Tested up to: 4.2
Stable tag: 0.3 Stable tag: 0.3.1
License: GPLv2 or later License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html License URI: http://www.gnu.org/licenses/gpl-2.0.html
...@@ -44,6 +44,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a ...@@ -44,6 +44,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
== Changelog == == Changelog ==
= 0.3.1 =
* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
= 0.3 = = 0.3 =
* Remove unnecessary uses of `$wpdb->prepare()` that were incorrectly implemented, resulting in PHP warnings when `WP_DEBUG` was enabled. * Remove unnecessary uses of `$wpdb->prepare()` that were incorrectly implemented, resulting in PHP warnings when `WP_DEBUG` was enabled.
* Convert plugin to a singelton pattern instead of relying on a global variable. * Convert plugin to a singelton pattern instead of relying on a global variable.
...@@ -56,6 +59,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a ...@@ -56,6 +59,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
== Upgrade Notice == == Upgrade Notice ==
= 0.3.1 =
Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
= 0.3 = = 0.3 =
Maintenance release encouraged for all users. Of note, resolves a PHP warning due to an improper use of `$wpdb->prepare()`. Maintenance release encouraged for all users. Of note, resolves a PHP warning due to an improper use of `$wpdb->prepare()`.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment