XSS Exploit Fix.

git-svn-id: https://plugins.svn.wordpress.org/wp-insert/trunk@831372 b8457f37-d9ea-0310-8a92-e5e31aec5664

includes/common/popups/categories.php

@@ -22,7 +22,7 @@ function submit_popup() {
 					selectedItems.push(pagePicker.options[pagePicker.selectedIndex].value);
 					pagePicker.options[pagePicker.selectedIndex].selected = false;
 				}
-				parent.jQuery('#<?php echo (string)$_GET['target']; ?>').val(selectedItems.join(','));
+				parent.jQuery('#<?php echo wp_kses((string)$_GET['target'], ''); ?>').val(selectedItems.join(','));
 				parent.jQuery.colorbox.close();
 			}
 		</script>

includes/common/popups/chitika.php

@@ -32,7 +32,7 @@ function submit_popup() {
 				adCode += 'ch_color_bg = "'+jQuery("#chitikaBackgroundColor").val()+'";\n';
 				adCode += '</'+'script>\n';
 				adCode += '<script src="http://scripts.chitika.net/eminimalls/amm.js" type="text/javascript"></'+'script>';
-				parent.jQuery('#<?php echo (string)$_GET['target']; ?>').val(adCode);
+				parent.jQuery('#<?php echo wp_kses((string)$_GET['target'], ''); ?>').val(adCode);
 				parent.jQuery.colorbox.close();
 			}
 			function validateUsername(sender) {

includes/common/popups/countries.php

@@ -22,7 +22,7 @@ function submit_popup() {
 					selectedItems.push(pagePicker.options[pagePicker.selectedIndex].value);
 					pagePicker.options[pagePicker.selectedIndex].selected = false;
 				}
-				parent.jQuery('#<?php echo (string)$_GET['target']; ?>').val(selectedItems.join(','));
+				parent.jQuery('#<?php echo wp_kses((string)$_GET['target'], ''); ?>').val(selectedItems.join(','));
 				parent.jQuery.colorbox.close();
 			}
 		</script>

includes/common/popups/instances.php

@@ -33,7 +33,7 @@ function submit_popup() {
 					selectedItems.push(pagePicker.options[pagePicker.selectedIndex].value);
 					pagePicker.options[pagePicker.selectedIndex].selected = false;
 				}
-				parent.jQuery('#<?php echo (string)$_GET['target']; ?>').val(selectedItems.join(','));
+				parent.jQuery('#<?php echo wp_kses((string)$_GET['target'], ''); ?>').val(selectedItems.join(','));
 				parent.jQuery.colorbox.close();
 			}
 		</script>

includes/common/popups/pages.php

@@ -22,7 +22,7 @@ function submit_popup() {
 					selectedItems.push(pagePicker.options[pagePicker.selectedIndex].value);
 					pagePicker.options[pagePicker.selectedIndex].selected = false;
 				}
-				parent.jQuery('#<?php echo (string)$_GET['target']; ?>').val(selectedItems.join(','));
+				parent.jQuery('#<?php echo wp_kses((string)$_GET['target'], ''); ?>').val(selectedItems.join(','));
 				parent.jQuery.colorbox.close();
 			}
 		</script>

includes/common/popups/posts.php

@@ -22,7 +22,7 @@ function submit_popup() {
 					selectedItems.push(pagePicker.options[pagePicker.selectedIndex].value);
 					pagePicker.options[pagePicker.selectedIndex].selected = false;
 				}
-				parent.jQuery('#<?php echo (string)$_GET['target']; ?>').val(selectedItems.join(','));
+				parent.jQuery('#<?php echo wp_kses((string)$_GET['target'], ''); ?>').val(selectedItems.join(','));
 				parent.jQuery.colorbox.close();
 			}
 		</script>

readme.txt

@@ -4,7 +4,7 @@ Donate link:www.wp-insert.smartlogix.co.in/support
 Tags: adsense,google,widget,post,admin,plugin,ads,in post ads,feed logo,smartlogix,ads in feeds,analytics,google analytics,header,footer,ad management,advertisements,content,ad,advertising,privacy policy,privacy,policy,automatic privacy policy,blog,feed,feeds,formatting,html,javascript,manage,post,posts,seo,sidebar,widget,widgets,wordpress,tracking,syntex highlighter,highlighting,theme tools,plugin tools,developer tools,highlighting,theme editor,plugin editor,middle ad,ad filtration,pagewise ad filtration,template ads,ad tags,adbrite ads,adsense ready,easy adsense,adsense optimized,terms and conditions,terms,conditions,automatic terms and conditions
 Requires at least: 3.2
 Tested up to: 3.8
-Stable tag: 2.0.8
+Stable tag: 2.0.9
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 

wp-insert.php

@@ -3,7 +3,7 @@
 Plugin Name: Wp-Insert
 Plugin URI: http://www.wp-insert.smartlogix.co.in/
 Description: WP-INSERT by SMARTLOGIX : The ultimate wordpress plugin (No1 Adsense Plugin for Wordpress)
-Version: 2.0.8
+Version: 2.0.9
 Author: Namith Jawahar
 Author URI: http://www.smartlogix.co.in/
 WP-INSERT by SMARTLOGIX : The ultimate wordpress plugin (No1 Adsense Plugin for Wordpress)