V1.1.2 - Security Fix for _query_arg vulnerability.

git-svn-id: https://plugins.svn.wordpress.org/woosidebars-sbm-converter/trunk@1142182 b8457f37-d9ea-0310-8a92-e5e31aec5664
wp-plugins · Apr 22, 2015 · a0efb4f · a0efb4f
1 parent 3232579
commit a0efb4f
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -1,5 +1,8 @@
 *** Sidebar Manager to WooSidebars Converter Changelog ***
 
+2015.04.22 - version 1.1.2
+* classes/class-woosidebars-sbm-converter.php - Security Fix for remove_query_arg vulnerability
+
 2013.01.14 - version 1.1.1
  * /classes/class-woosidebars-sbm-converter-updater.php - REMOVED.
  * /classes/class-woosidebars-sbm-converter.php - Replaced camelCase WooSidebars with Woosidebars in class name, in accordance with WordPress class naming standards.

diff --git a/classes/class-woosidebars-sbm-converter.php b/classes/class-woosidebars-sbm-converter.php
@@ -143,7 +143,7 @@ public function process_request () {
 				$status = 'true';
 			}
 
-			wp_safe_redirect( add_query_arg( 'type', urlencode( $_GET['action'] ),  add_query_arg( 'status', urlencode( $status ), add_query_arg( 'page', urlencode( $this->token ),  admin_url( 'tools.php' ) ) ) ) );
+			wp_safe_redirect( esc_url( add_query_arg( 'type', urlencode( $_GET['action'] ),  add_query_arg( 'status', urlencode( $status ), add_query_arg( 'page', urlencode( $this->token ),  admin_url( 'tools.php' ) ) ) ) ) );
 			exit;
 		}
 	} // End process_request()

diff --git a/readme.txt b/readme.txt
@@ -2,8 +2,8 @@
 Contributors: woothemes, mattyza, jeffikus
 Tags: widgets, sidebars, widget-areas, import, tools, converter
 Requires at least: 3.3
-Tested up to: 3.5
-Stable tag: 1.1.1
+Tested up to: 4.1.1
+Stable tag: 1.1.2
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -71,11 +71,19 @@ Looking to contribute code to this plugin? [Fork the repository over at GitHub](
 
 == Upgrade Notice ==
 
+= 1.1.2 =
+* 2015-04-22
+* Security Fix for add_query_arg vulnerability
+
 = 1.1.1 =
 Moved to WordPress.org. Woo!
 
 == Changelog ==
 
+= 1.1.2 =
+* 2015-04-22
+* Security Fix for add_query_arg vulnerability
+
 = 1.1.1 = 
 * 2013-01-14
 * Moved to WordPress.org. Woo!
diff --git a/woosidebars-sbm-converter.php b/woosidebars-sbm-converter.php
@@ -3,7 +3,7 @@
 Plugin Name: WooSidebars - Sidebar Manager to WooSidebars Converter
 Plugin URI: http://woothemes.com/
 Description: Convert your custom sidebars in the WooFramework's Sidebar Manager to Widget Areas in WooSidebars, with the appropriate conditions assigned.
-Version: 1.1.1
+Version: 1.1.2
 Author: WooThemes
 Author URI: http://woothemes.com/
 License: GPL version 2 or later - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
@@ -27,5 +27,5 @@
 
 	global $woosidebars_sbm_converter;
 	$woosidebars_sbm_converter = new Woosidebars_SBM_Converter( __FILE__ );
-	$woosidebars_sbm_converter->version = '1.1.1';
+	$woosidebars_sbm_converter->version = '1.1.2';
 ?>