Release 3.0.2.

Author: bradyvercher

CHANGELOG.md

@@ -2,18 +2,23 @@
 
 ## [Unreleased]
 
-* Removed `DOCTYPE`, `html` and `body` elements added with DOMDocument.
+## [v3.0.2] - 2020-01-16
+
+* Sanitized the `id` attribute passed to the `[gist]` shortcode. This fixes an XSS vulnerability that could be exploited by untrusted contributors on multi-author sites. Thanks to [@cornerpirate](https://github.com/cornerpirate) for disclosing responsibly.
+* Added an XML encoding declaration to load Gist content as UTF-8 ([#76](https://github.com/bradyvercher/gistpress/issues/76)).
+* Removed `DOCTYPE`, `html` and `body` elements added by DOMDocument.
+* Ensured the $gistpress global exists and is an instance of `GistPress` before running ([#72](https://github.com/bradyvercher/gistpress/issues/72)). Props [@robneu](https://github.com/robneu)
 * Added `.editorconfig` file.
 * Fixed some code standards.
 * Updated change log.
 * Added Issue and Pull Request templates.
 * Move screenshot into `assets-repo`.
 * Removed / updated author details.
-* Updated "Tested up to" to 4.4.2.
+* Updated "Tested up to" to 5.3.
 
 ## [v3.0.1] - 2016-02-16
 
-* Explicitly declared main instance variables as global to prevent fatal errors when using WP-CLI. [See #61](https://github.com/bradyvercher/gistpress/issues/61).
+* Explicitly declared main instance variables as global to prevent fatal errors when using WP-CLI ([#61](https://github.com/bradyvercher/gistpress/issues/61)).
 
 ## [v3.0.0] - 2015-08-11
 
@@ -106,7 +111,8 @@
 
 * Initial release.
 
-[Unreleased]: https://github.com/bradyvercher/gistpress/compare/v3.0.1...HEAD
+[Unreleased]: https://github.com/bradyvercher/gistpress/compare/v3.0.2...HEAD
+[v3.0.2]: https://github.com/bradyvercher/gistpress/compare/v3.0.1...v3.0.2
 [v3.0.1]: https://github.com/bradyvercher/gistpress/compare/v3.0.0...v3.0.1
 [v3.0.0]: https://github.com/bradyvercher/gistpress/compare/v2.0.3...v3.0.0
 [v2.0.3]: https://github.com/bradyvercher/gistpress/compare/v2.0.2...v2.0.3

README.md

@@ -4,7 +4,7 @@ A WordPress plugin to easily embed Gists via oEmbed or shortcode.
 
 __Contributors:__ [Brady Vercher](https://github.com/bradyvercher), [Gary Jones](https://github.com/GaryJones)  
 __Requires:__ 4.0  
-__Tested up to:__ 4.4.2  
+__Tested up to:__ 5.3  
 __License:__ [GPL-2.0+](http://www.gnu.org/licenses/gpl-2.0.html)
 
 GitHub provides a method for embedding Gists on websites, but it requires inserting a `<script>` tag, which can become mangled or stripped from the TinyMCE editor used in WordPress. Instead, this plugin allows you to embed a Gist by simply inserting its URL into the editor for oEmbed-like support, or via a shortcode for more refined control.

gistpress.php

@@ -12,7 +12,7 @@
  * Plugin Name:       GistPress
  * Plugin URI:        https://github.com/bradyvercher/gistpress
  * Description:       Gist oEmbed and shortcode support with caching.
- * Version:           3.0.1
+ * Version:           3.0.2
  * Author:            Blazer Six
  * Author URI:        http://www.blazersix.com/
  * License:           GPL-2.0+