Merge pull request #15 from codebard/2_1_9

codebard · web-flow · commit edb166db4622 · 2023-07-24T18:52:58.000+02:00
2.1.9
diff --git a/index.php b/index.php
@@ -3,7 +3,7 @@
 	Plugin Name: CodeBard's Patron Button and Widgets for Patreon
 	Plugin URI: https://wordpress.org/plugins/patron-button-and-widgets-by-codebard/
 	Description: Patreon Patron Buttons, Widgets and Patreon Functions
-	Version: 2.1.8
+	Version: 2.1.9
 	Author: CodeBard
 	Author URI: http://codebard.com
 	Text Domain: cb_p6
diff --git a/plugin/includes/default_internal_vars.php b/plugin/includes/default_internal_vars.php
@@ -10,7 +10,7 @@
 		'id' => 'cb_p6',
 		'plugin_id' => 'patron-button-and-widgets-by-codebard',
 		'prefix' => 'cb_p6_',
-		'version' => '2.1.8',
+		'version' => '2.1.9',
 		'plugin_name' => 'CodeBard\'s Patron Button and Widgets for Patreon',
 		
 		'callable_from_request' => array(
diff --git a/plugin/includes/setup_modal.php b/plugin/includes/setup_modal.php
@@ -31,7 +31,14 @@
 			
 		}
 		
-		$_REQUEST['site_account'] = sanitize_text_field($_REQUEST['site_account']);
+		// Quotes, tags are not allowable or usable in site account names or urls
+		$_REQUEST['site_account'] = str_replace('"', "", $_REQUEST['site_account']);
+		$_REQUEST['site_account'] = str_replace("'", "", $_REQUEST['site_account']);
+		$_REQUEST['site_account'] = str_replace("<", "", $_REQUEST['site_account']);
+		$_REQUEST['site_account'] = str_replace(">", "", $_REQUEST['site_account']);
+		// Extra sanitization
+		$_REQUEST['site_account'] = esc_attr(sanitize_text_field($_REQUEST['site_account']));
+		
 	?>
 	
 	<form method="post" action="<?php echo $this->internal['admin_url'].'admin.php?page=settings_'.$this->internal['id']; ?>">
diff --git a/readme.txt b/readme.txt
@@ -7,7 +7,7 @@ Tags: plugins, patreon, widgets, crowdfunding, crowdfund, crowd fund, crowd fund
 License: GPL
 Requires at least: 4.0
 Tested up to: 6.2
-Stable Tag: 2.1.8
+Stable Tag: 2.1.9
 
 Patron Button and Plugin allows you to add Patreon Buttons to your content and sidebars, along with offering other Patreon functions. Upgradable to Patron Plugin Pro with patron-only posts and powerful features.
 
@@ -57,7 +57,11 @@ To be updated
 3. Patron Button Widget for Author
 4. Quick Start easy settings page
 
+
 == Upgrade Notice ==
+= 2.1.9 =
+
+* Added extra sanitization for security
 
 = 2.1.8 =
 
@@ -190,6 +194,10 @@ To be updated
 
 == Changelog ==
 
+= 2.1.9 =
+
+* Added extra sanitization for security
+
 = 2.1.8 =
 
 * Fixed a bug that could prevent WP cli used in managed hosting services from failing in certain tasks
