Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed XSS. Props Juampa Rodriguez
  • Loading branch information
lesterchan committed Aug 14, 2022
1 parent 16039a8 commit 59c76b2
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 6 deletions.
5 changes: 4 additions & 1 deletion README.md
Expand Up @@ -4,7 +4,7 @@ Donate link: https://lesterchan.net/site/donation/
Tags: useronline, usersonline, wp-useronline, online, users, user, ajax, widget
Requires at least: 4.0
Tested up to: 6.0
Stable tag: 2.88.0
Stable tag: 2.88.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Expand Down Expand Up @@ -88,6 +88,9 @@ Make sure your host is running PHP 5. The only foolproof way to do this is to ad
`var_dump(PHP_VERSION);`

## Changelog
### 2.88.1
* FIXED: Fixed XSS. Props Juampa Rodriguez.

### 2.88.0
* NEW: Bump to WordPress 6.0.
* FIXED: Fixed XSS. Props @steffinstanly.
Expand Down
18 changes: 14 additions & 4 deletions admin.php
Expand Up @@ -65,11 +65,21 @@ public function validate( $options, $old_data = array() ) {
$options['url'] = ! empty( $options['url'] ) ? esc_url_raw( trim( $options['url'] ) ) : '';
$options['names'] = ! empty( $options['names'] ) ? (int) $options['names'] : 0;

foreach ( $options['templates'] as $key => $template )
if ( is_array( $template ) )
foreach ( $options['naming'] as $key => $template ) {
$options['naming'][$key] = wp_kses_post( trim( $template ) );
}
foreach ( $options['templates'] as $key => $template ) {
if ( is_array( $template ) ) {
$options['templates'][$key]['text'] = wp_kses_post( trim( $template['text'] ) );
else
if ( ! empty( $template['separators'] ) && is_array( $template['separators'] ) ) {
foreach( $template['separators'] as $seperator_key => $seperator_value ) {
$options['templates'][$key]['separators'][$seperator_key] = wp_kses_post( trim( $seperator_value ) );
}
}
} else {
$options['templates'][$key] = wp_kses_post( trim( $template ) );
}
}

return $options;
}
Expand Down Expand Up @@ -206,7 +216,7 @@ private function naming_table( $data ) {
'type' => 'text',
'name' => array( 'naming', $type ),
'extra' => 'size="30"',
'desc' => html( 'td', '%input%' )
'desc' => html( 'td', $type )
), $data );
}
echo "\n</tr>\n";
Expand Down
2 changes: 1 addition & 1 deletion wp-useronline.php
Expand Up @@ -3,7 +3,7 @@
Plugin Name: WP-UserOnline
Plugin URI: https://lesterchan.net/portfolio/programming/php/
Description: Enable you to display how many users are online on your Wordpress site
Version: 2.88.0
Version: 2.88.1
Author: Lester 'GaMerZ' Chan
Author URI: https://lesterchan.net
Text Domain: wp-useronline
Expand Down

0 comments on commit 59c76b2

Please sign in to comment.