Skip to content

Commit 8ab8b91

Browse files
Jedi knightjedi0_000
Jedi knight
authored and
jedi0_000
committed
v3.5.4 released
1 parent 1749100 commit 8ab8b91

File tree

2 files changed

+15
-12
lines changed

2 files changed

+15
-12
lines changed

Diff for: simple-download-monitor/main.php

+11-11
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
* Plugin Name: Simple Download Monitor
44
* Plugin URI: https://www.tipsandtricks-hq.com/simple-wordpress-download-monitor-plugin
55
* Description: Easily manage downloadable files and monitor downloads of your digital files from your WordPress site.
6-
* Version: 3.5.3
6+
* Version: 3.5.4
77
* Author: Tips and Tricks HQ, Ruhul Amin, Josh Lobe
88
* Author URI: https://www.tipsandtricks-hq.com/development-center
99
* License: GPL2
@@ -15,7 +15,7 @@
1515
exit;
1616
}
1717

18-
define('WP_SIMPLE_DL_MONITOR_VERSION', '3.5.3');
18+
define('WP_SIMPLE_DL_MONITOR_VERSION', '3.5.4');
1919
define('WP_SIMPLE_DL_MONITOR_DIR_NAME', dirname(plugin_basename(__FILE__)));
2020
define('WP_SIMPLE_DL_MONITOR_URL', plugins_url('', __FILE__));
2121
define('WP_SIMPLE_DL_MONITOR_PATH', plugin_dir_path(__FILE__));
@@ -313,7 +313,7 @@ public function display_sdm_upload_meta_box($post) { // File Upload metabox
313313
echo '<br /><br />';
314314

315315
echo '<div class="sdm-download-edit-file-url-section">';
316-
echo '<input id="sdm_upload" type="text" size="100" name="sdm_upload" value="' . $old_value . '" placeholder="http://..." />';
316+
echo '<input id="sdm_upload" type="text" size="100" name="sdm_upload" value="' . esc_url($old_value) . '" placeholder="http://..." />';
317317
echo '</div>';
318318

319319
echo '<br />';
@@ -356,7 +356,7 @@ public function display_sdm_thumbnail_meta_box($post) { // Thumbnail upload met
356356
_e('Manually enter a valid URL, or click "Select Image" to upload (or choose) the file thumbnail image.', 'simple-download-monitor');
357357
?>
358358
<br /><br />
359-
<input id="sdm_upload_thumbnail" type="text" size="100" name="sdm_upload_thumbnail" value="<?php echo $old_value; ?>" placeholder="http://..." />
359+
<input id="sdm_upload_thumbnail" type="text" size="100" name="sdm_upload_thumbnail" value="<?php echo esc_url($old_value); ?>" placeholder="http://..." />
360360
<br /><br />
361361
<input id="upload_thumbnail_button" type="button" class="button-primary" value="<?php _e('Select Image', 'simple-download-monitor'); ?>" />
362362
<input id="remove_thumbnail_button" type="button" class="button" value="<?php _e('Remove Image', 'simple-download-monitor'); ?>" />
@@ -401,7 +401,7 @@ public function display_sdm_stats_meta_box($post) { //Stats metabox
401401
echo '<div class="sdm-download-edit-offset-count">';
402402
_e('Offset Count: ', 'simple-download-monitor');
403403
echo '<br />';
404-
echo ' <input type="text" size="10" name="sdm_count_offset" value="' . $value . '" />';
404+
echo ' <input type="text" size="10" name="sdm_count_offset" value="' . esc_attr($value) . '" />';
405405
echo '<p class="description">' . __('Enter any positive or negative numerical value; to offset the download count shown to the visitors (when using the download counter shortcode).', 'simple-download-monitor') . '</p>';
406406
echo '</div>';
407407

@@ -425,14 +425,14 @@ public function display_sdm_other_details_meta_box($post) { //Other details meta
425425
echo '<div class="sdm-download-edit-filesize">';
426426
_e('File Size: ', 'simple-download-monitor');
427427
echo '<br />';
428-
echo ' <input type="text" name="sdm_item_file_size" value="' . $file_size . '" size="20" />';
428+
echo ' <input type="text" name="sdm_item_file_size" value="' . esc_attr($file_size) . '" size="20" />';
429429
echo '<p class="description">' . __('Enter the size of this file (example value: 2.15 MB). You can show this value in the fancy display by using a shortcode parameter.', 'simple-download-monitor') . '</p>';
430430
echo '</div>';
431431

432432
echo '<div class="sdm-download-edit-version">';
433433
_e('Version: ', 'simple-download-monitor');
434434
echo '<br />';
435-
echo ' <input type="text" name="sdm_item_version" value="' . $version . '" size="20" />';
435+
echo ' <input type="text" name="sdm_item_version" value="' . esc_attr($version) . '" size="20" />';
436436
echo '<p class="description">' . __('Enter the version number for this item if any (example value: v2.5.10). You can show this value in the fancy display by using a shortcode parameter.', 'simple-download-monitor') . '</p>';
437437
echo '</div>';
438438

@@ -473,7 +473,7 @@ public function sdm_save_upload_meta_data($post_id) { // Save File Upload metab
473473
return;
474474

475475
if (isset($_POST['sdm_upload'])) {
476-
update_post_meta($post_id, 'sdm_upload', $_POST['sdm_upload']);
476+
update_post_meta($post_id, 'sdm_upload', sanitize_text_field($_POST['sdm_upload']));
477477
}
478478
}
479479

@@ -496,7 +496,7 @@ public function sdm_save_thumbnail_meta_data($post_id) { // Save Thumbnail Uplo
496496
return;
497497

498498
if (isset($_POST['sdm_upload_thumbnail'])) {
499-
update_post_meta($post_id, 'sdm_upload_thumbnail', $_POST['sdm_upload_thumbnail']);
499+
update_post_meta($post_id, 'sdm_upload_thumbnail', sanitize_text_field($_POST['sdm_upload_thumbnail']));
500500
}
501501
}
502502

@@ -528,11 +528,11 @@ public function sdm_save_other_details_meta_data($post_id) { // Save Statistics
528528
}
529529

530530
if (isset($_POST['sdm_item_file_size'])) {
531-
update_post_meta($post_id, 'sdm_item_file_size', $_POST['sdm_item_file_size']);
531+
update_post_meta($post_id, 'sdm_item_file_size', sanitize_text_field($_POST['sdm_item_file_size']));
532532
}
533533

534534
if (isset($_POST['sdm_item_version'])) {
535-
update_post_meta($post_id, 'sdm_item_version', $_POST['sdm_item_version']);
535+
update_post_meta($post_id, 'sdm_item_version', sanitize_text_field($_POST['sdm_item_version']));
536536
}
537537
}
538538

Diff for: simple-download-monitor/readme.txt

+4-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ Donate link: https://www.tipsandtricks-hq.com
44
Tags: download, downloads, count, counter, tracker, tracking, hits, logging, monitor, manager, files, media, digital, download monitor, download manager, downloadmanager, file manager, protect downloads, password, download category, file tree, ajax, download template, grid, documents, ip address
55
Requires at least: 4.1.0
66
Tested up to: 4.9
7-
Stable tag: 3.5.3
7+
Stable tag: 3.5.4
88
License: GPLv2 or later
99

1010
Easily manage downloadable files and monitor downloads of your digital files from your WordPress site.
@@ -174,6 +174,9 @@ For screenshots please visit the [download monitor plugin page](https://www.tips
174174

175175
== Changelog ==
176176

177+
= 3.5.4 =
178+
- Fixed stored-XSS bug. Thanks to d4wner.
179+
177180
= 3.5.3 =
178181
- Added "Text Domain" and "Domain Path" to the File Header.
179182

0 commit comments

Comments
 (0)