Addresses add_query_arg vulnerability

git-svn-id: https://plugins.svn.wordpress.org/simplr-registration-form/trunk@1154851 b8457f37-d9ea-0310-8a92-e5e31aec5664
wp-plugins · May 6, 2015 · d588446 · d588446
1 parent ba96308
commit d588446
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 5 deletions.
diff --git a/lib/mod.php b/lib/mod.php
@@ -7,7 +7,7 @@
 if(!function_exists('simplr_views_users')):
 	function simplr_views_users( $views ) {
 		$class = (@$_GET['view_inactive'] == true) ? 'current':'';
-		$views['view_inactive'] = '<a href="'.add_query_arg(array('view_inactive' => 'true')).'" class="'.$class.'" >'. __('Inactive Users','simplr-reg') . ' ('.simplr_count_inactive().')</a>';
+		$views['view_inactive'] = '<a href="'.esc_url(add_query_arg(array('view_inactive' => 'true'))).'" class="'.$class.'" >'. __('Inactive Users','simplr-reg') . ' ('.simplr_count_inactive().')</a>';
 		return $views;
 	}
 endif;

diff --git a/readme.txt b/readme.txt
@@ -3,8 +3,8 @@ Contributors: mpvanwinkle77, mpol
 Donate link: http://www.mikevanwinkle.com/
 Tags: registration, signup, profile, cms, users, user management, user profile
 Requires at least: 3.0
-Tested up to: 4.2
-Stable tag: 2.3.4
+Tested up to: 4.2.1
+Stable tag: 2.3.5
 
 This plugin allows users to easily add a custom user registration form anywhere on their site using simple shortcode.
 
@@ -53,6 +53,9 @@ For the banners we credit:
 
 == Changelog ==
 
+= 2.3.5 =
+* properly escape add_query_arg inputs
+
 = 2.3.4 =
 * 2015-04-18
 * Really use the Email From address for emails.

diff --git a/simplr_reg_page.php b/simplr_reg_page.php
@@ -1,7 +1,7 @@
 <?php
 /*
 Plugin Name: Simplr User Registration Form Plus
-Version: 2.3.4
+Version: 2.3.5
 Description: This a simple plugin for adding a custom user registration form to any post or page using shortcode.
 Author: Mike Van Winkle
 Author URI: http://www.mikevanwinkle.com

diff --git a/views/fields.php b/views/fields.php
@@ -75,7 +75,7 @@ function update_field_sort(event,ui) {
 	});
 	</script>
 	<div class="inner">
-		<form action="<?php echo add_query_arg(array('action'=>'add')); ?>" method="post" id="add-field">
+		<form action="<?php echo esc_url(add_query_arg(array('action'=>'add'))); ?>" method="post" id="add-field">
 			<?php SREG_Form::text(array('name'=>'label','label'=>__('Field Label','simplr-reg'),'required'=>true,'comment'=>__('Human readable name for display to users','simplr-reg')),esc_attr(@$field->label),'wide'); ?>
 			<?php SREG_Form::text(array('name'=>'key','label'=>__('Field Key','simplr-reg'),'required'=>true,'comment'=>__('Machine readable name to represent this field in the Database','simplr-reg')),esc_attr(@$field->key),'wide'); ?>