Skip to content
Permalink
Browse files Browse the repository at this point in the history
* Fixed cross-scripting vulnerability with sandbox_body_class. Big th…
…anks to Prentiss Riddle, twitter.com/pzriddle, for the security fix.

See functions.php, line 130
  • Loading branch information
swallick committed Jun 19, 2009
1 parent 5736716 commit 8045b1e
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
2 changes: 2 additions & 0 deletions functions.php
Expand Up @@ -126,6 +126,8 @@ function sandbox_body_class( $print = true ) {

// Paged classes; for 'page X' classes of index, single, etc.
if ( ( ( $page = $wp_query->get('paged') ) || ( $page = $wp_query->get('page') ) ) && $page > 1 ) {
// Thanks to Prentiss Riddle, twitter.com/pzriddle, for the security fix below.
$page = intval($page); // Ensures that an integer (not some dangerous script) is passed for the variable
$c[] = 'paged-' . $page;
if ( is_single() ) {
$c[] = 'single-paged-' . $page;
Expand Down
6 changes: 3 additions & 3 deletions readme.html
Expand Up @@ -44,7 +44,7 @@
<div id="readme">
<div id="header">
<h1 id="title">The Sandbox</h1>
<div class="readme-version">Version 1.6</div>
<div class="readme-version">Version 1.6.1</div>
<div class="readme-subtitle">A theme rich and powerful with dynamic semantic class selectors</div>
</div><!-- #header -->
<ol id="menu" class="xoxo">
Expand Down Expand Up @@ -82,7 +82,7 @@ <h2>Table of contents</h2>
<h2>Introduction</h2>
<p>Sandbox is a lot of things:</p>
<ul>
<li>For WordPress 2.5.x</li>
<li>For WordPress 2.6.x</li>
<li>Beautiful on the inside</li>
<li>Valid <abbr title="eXtensible HyperText Markup Language">XHTML</abbr> 1.0 Transitional</li>
<li>Widgets friendly</li>
Expand Down Expand Up @@ -810,7 +810,7 @@ <h2>License</h2>
</li><!-- #license -->
</ol><!-- #readme .xoxo -->
<div id="footer">
<p>Last updated 18 July 2008</p>
<p>Last updated 19 June 2009</p>
</div><!-- #footer -->
</div><!-- #readme -->
</body>
Expand Down
2 changes: 1 addition & 1 deletion style.css
Expand Up @@ -2,7 +2,7 @@
THEME NAME: Sandbox
THEME URI: http://www.plaintxt.org/themes/sandbox/
DESCRIPTION: Rich with powerful and dynamic semantic class selectors, Sandbox is a canvas for CSS artists
VERSION: 1.6
VERSION: 1.6.1
AUTHOR: <a href="http://andy.wordpress.com/">Andy Skelton</a> &amp; <a href="http://www.plaintxt.org/">Scott Allan Wallick</a>
AUTHOR URI:
TAGS: sandbox, microformats, hcard, hatom, xoxo, widgets, blank slate, starter theme, minimalist, developer
Expand Down

0 comments on commit 8045b1e

Please sign in to comment.