Commit cf517863 authored by Erick Hitter's avatar Erick Hitter

v0.3.1

* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
* Bump WP compat
parent 0b534d46
<?php
/*
Plugin Name: Date-based Taxonomy Archives
Plugin URI: http://www.ethitter.com/plugins/date-based-taxonomy-archives/
Plugin URI: https://ethitter.com/plugins/date-based-taxonomy-archives/
Description: Add support for date-based taxonomy archives. Render an unordered list of years with months, linked to corresponding date-based taxonomy archive, nested therein.
Author: Erick Hitter
Version: 0.3
Author URI: http://www.ethitter.com/
Version: 0.3.1
Author URI: https://ethitter.com/
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -268,6 +268,7 @@ class Date_Based_Taxonomy_Archives {
* @uses trailingslashit
* @uses home_url
* @uses get_taxonomy
* @uses esc_url
* @uses add_query_arg
* @filter get_archives_link
* @return string
......@@ -291,7 +292,7 @@ class Date_Based_Taxonomy_Archives {
$taxonomy = get_taxonomy( $queried_object->taxonomy );
if ( is_object( $taxonomy ) && ! is_wp_error( $taxonomy ) )
$exploded[1] = add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] );
$exploded[1] = esc_url( add_query_arg( $taxonomy->query_var, $queried_object->slug, $exploded[1] ) );
}
$link_html = implode( "'", $exploded );
......
......@@ -3,8 +3,8 @@ Contributors: ethitter
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=10275434
Tags: archive, taxonomy, taxonomies, date
Requires at least: 3.4
Tested up to: 3.6
Stable tag: 0.3
Tested up to: 4.2
Stable tag: 0.3.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
......@@ -44,6 +44,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
== Changelog ==
= 0.3.1 =
* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
= 0.3 =
* Remove unnecessary uses of `$wpdb->prepare()` that were incorrectly implemented, resulting in PHP warnings when `WP_DEBUG` was enabled.
* Convert plugin to a singelton pattern instead of relying on a global variable.
......@@ -56,6 +59,9 @@ Add the function `date_based_taxonomy_archives()` to any template element that a
== Upgrade Notice ==
= 0.3.1 =
Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
= 0.3 =
Maintenance release encouraged for all users. Of note, resolves a PHP warning due to an improper use of `$wpdb->prepare()`.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment