From 3bb60fb193e3900771b549ce200ae5d3024f0b97 Mon Sep 17 00:00:00 2001
From: Erick Hitter <ehitter@gmail.com>
Date: Mon, 20 Apr 2015 15:21:43 -0700
Subject: [PATCH] v0.9.1
* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
---
readme.txt | 10 ++++++++--
view-all-posts-pages.php | 10 +++++-----
2 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/readme.txt b/readme.txt
index d575dea..109476c 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,8 +3,8 @@ Contributors: ethitter, thinkoomph
Donate link: http://www.thinkoomph.com/plugins-modules/view-all-posts-pages/
Tags: view all, pages, paged, paged post, multipage, single view, single page, wp_link_pages, nextpage, next page, quicktag
Requires at least: 3.2.1
-Tested up to: 4.1
-Stable tag: 0.9
+Tested up to: 4.2
+Stable tag: 0.9.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -45,6 +45,9 @@ This plugin is known to conflict with certain plugins, many pertaining to SEO an
== Changelog ==
+= 0.9.1 =
+* Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
+
= 0.9 =
* Move conditional registration of some filters to `init`, both to ensure external code can interact with filters and to avoid PHP notices.
@@ -92,6 +95,9 @@ This plugin is known to conflict with certain plugins, many pertaining to SEO an
== Upgrade Notice ==
+= 0.9.1 =
+Security update: correct misuse of `add_query_arg()` as identified by Sucuri: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html.
+
= 0.9 =
Recommended update for anyone hoping to use plugin's filters to modify its behaviour.
diff --git a/view-all-posts-pages.php b/view-all-posts-pages.php
index 68a38c2..a552c4d 100644
--- a/view-all-posts-pages.php
+++ b/view-all-posts-pages.php
@@ -1,11 +1,11 @@
<?php
/*
Plugin Name: View All Post's Pages
-Plugin URI: http://www.thinkoomph.com/plugins-modules/view-all-posts-pages/
+Plugin URI: http://www.oomphinc.com/plugins-modules/view-all-posts-pages/
Description: Provides a "view all" (single page) option for posts, pages, and custom post types paged using WordPress' <a href="http://codex.wordpress.org/Write_Post_SubPanel#Quicktags" target="_blank"><code><!--nextpage--></code> Quicktag</a> (multipage posts).
Author: Erick Hitter & Oomph, Inc.
-Version: 0.9
-Author URI: http://www.thinkoomph.com/
+Version: 0.9.1
+Author URI: http://www.oomphinc.com/
Text Domain: view_all_posts_pages
This program is free software; you can redistribute it and/or modify
@@ -686,9 +686,9 @@ class view_all_posts_pages {
<div id="wpf-rewrite-flush-warning" class="error fade">
<p><strong><?php _e( 'View All Post\'s Pages', 'view_all_posts_pages' ); ?></strong></p>
- <p><?php printf( __( 'You must refresh your site\'s permalinks before <em>View All Post\'s Pages</em> is fully activated. To do so, go to <a href="%s">Permalinks</a> and click the <strong><em>Save Changes</em></strong> button at the bottom of the screen.', 'view_all_posts_pages' ), admin_url( 'options-permalink.php' ) ); ?></p>
+ <p><?php printf( __( 'You must refresh your site\'s permalinks before <em>View All Post\'s Pages</em> is fully activated. To do so, go to <a href="%s">Permalinks</a> and click the <strong><em>Save Changes</em></strong> button at the bottom of the screen.', 'view_all_posts_pages' ), esc_url( admin_url( 'options-permalink.php' ) ) ); ?></p>
- <p><?php printf( __( 'When finished, click <a href="%s">here</a> to hide this message.', 'view_all_posts_pages' ), admin_url( add_query_arg( $this->notice_key, 1, 'index.php' ) ) ); ?></p>
+ <p><?php printf( __( 'When finished, click <a href="%s">here</a> to hide this message.', 'view_all_posts_pages' ), esc_url( admin_url( add_query_arg( $this->notice_key, 1, 'index.php' ) ) ) ); ?></p>
</div>
<?php
--
GitLab