Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed vulnerability
git-svn-id: https://plugins.svn.wordpress.org/buddystream/trunk@634128 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information
blackphantom committed Dec 4, 2012
1 parent 4416a4a commit 7d5b9a8
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 9 deletions.
4 changes: 2 additions & 2 deletions buddystream.php
Expand Up @@ -3,7 +3,7 @@
Plugin Name: BuddyStream
Plugin URI: http://www.buddystream.net
Description: BuddyStream
Version: 2.6.2
Version: 2.6.3
Author: Peter Hofman
Author URI: http://www.buddystream.net
*/
Expand Down Expand Up @@ -31,7 +31,7 @@ function buddystream_init()
global $bp;

//define plugin version and installed value
define('BP_BUDDYSTREAM_VERSION', '2.6.2');
define('BP_BUDDYSTREAM_VERSION', '2.6.3');
define('BP_BUDDYSTREAM_IS_INSTALLED', 1);
define('BP_BUDDYSTREAM_DIR', dirname(__FILE__));
define('BP_BUDDYSTREAM_URL', $bp->root_domain."/".str_replace(ABSPATH,"",dirname(__FILE__)));
Expand Down
10 changes: 5 additions & 5 deletions extensions/default/templates/ShareBox.php
Expand Up @@ -4,15 +4,15 @@
<br/>

<blockquote>
<h4><i>"<?php echo $_GET['content']; ?>"</i></h4>
<h4><i>"<?php echo esc_attr($_GET['content']); ?>"</i></h4>
</blockquote>
<br/>

<?php

$content = $_GET['content'];
$link = $_GET['link'];
$arrShares = explode(',', $_GET['shares']);
$content = esc_attr($_GET['content']);
$link = esc_attr($_GET['link']);
$arrShares = explode(',', esc_attr($_GET['shares']));

foreach($arrShares as $share){

Expand All @@ -26,7 +26,7 @@
}

if($share == 'linkedin'){
echo '<script src="http://platform.linkedin.com/in.js" type="text/javascript"></script><script type="IN/Share" data-url="'.$link.'"></script> ';
echo '<script src="http://platform.linkedin.com/in.js" type="text/javascript"></script><script type="IN/Share" data-url="'.urlencode($link).'"></script> ';
}

if($share == 'googleplus'){
Expand Down
7 changes: 5 additions & 2 deletions readme.txt
Expand Up @@ -2,8 +2,8 @@
Contributors: Blackphantom
Tags: Buddypress, Twitter, Facebook, Flickr, Tweetstream, Facestream, Google+, Soundcloud, Rss, Last.fm, Vimeo, LinkedIn, Buddystream, Apollo
Requires at least: WP 2.9.1, BuddyPress 1.2.3
Tested up to: WP 3.4.1, BuddyPress 1.6.1
Stable tag: 2.6.2
Tested up to: WP 3.4.2, BuddyPress 1.6.1
Stable tag: 2.6.3

== Released under the GPL license ==
http://www.opensource.org/licenses/gpl-license.php
Expand Down Expand Up @@ -39,6 +39,9 @@ For support and other feature request, please contact us on our website.

== ChangeLog ==

= 2.6.3 =
* Fixed vulnerability in the ShareBox

= 2.6.2 =
* Improved check for sending out to networks (now no longer conflicts with plugins like activity hashtags)
* Small CSS fix for BuddyPress 1.6 support.
Expand Down

0 comments on commit 7d5b9a8

Please sign in to comment.