Changeset 2959852

Timestamp:

08/29/2023 11:56:00 AM (3 years ago)

Author:

christophrado

Message:

1.6.1 release

Location:

cookie-notice-consent

Files:

• tags/1.6.1 (copied) (copied from cookie-notice-consent/trunk)
• tags/1.6.1/cookie-notice-consent.php (copied) (copied from cookie-notice-consent/trunk/cookie-notice-consent.php) (2 diffs)
• tags/1.6.1/css/admin.css (copied) (copied from cookie-notice-consent/trunk/css/admin.css)
• tags/1.6.1/css/front-theme-labs.min.css (copied) (copied from cookie-notice-consent/trunk/css/front-theme-labs.min.css)
• tags/1.6.1/css/front-theme-lowkey.min.css (copied) (copied from cookie-notice-consent/trunk/css/front-theme-lowkey.min.css)
• tags/1.6.1/css/front-theme-sidecar.min.css (copied) (copied from cookie-notice-consent/trunk/css/front-theme-sidecar.min.css)
• tags/1.6.1/css/front.css (copied) (copied from cookie-notice-consent/trunk/css/front.css)
• tags/1.6.1/css/front.min.css (copied) (copied from cookie-notice-consent/trunk/css/front.min.css)
• tags/1.6.1/includes/class-cnc-admin.php (copied) (copied from cookie-notice-consent/trunk/includes/class-cnc-admin.php)
• tags/1.6.1/includes/class-cnc-embeds.php (copied) (copied from cookie-notice-consent/trunk/includes/class-cnc-embeds.php)
• tags/1.6.1/includes/class-cnc-front.php (copied) (copied from cookie-notice-consent/trunk/includes/class-cnc-front.php)
• tags/1.6.1/includes/class-cnc-helper.php (copied) (copied from cookie-notice-consent/trunk/includes/class-cnc-helper.php)
• tags/1.6.1/includes/class-cnc-logger.php (copied) (copied from cookie-notice-consent/trunk/includes/class-cnc-logger.php)
• tags/1.6.1/includes/class-cnc-settings.php (copied) (copied from cookie-notice-consent/trunk/includes/class-cnc-settings.php) (1 diff)
• tags/1.6.1/js/front.js (copied) (copied from cookie-notice-consent/trunk/js/front.js)
• tags/1.6.1/js/front.min.js (copied) (copied from cookie-notice-consent/trunk/js/front.min.js)
• tags/1.6.1/readme.txt (copied) (copied from cookie-notice-consent/trunk/readme.txt) (2 diffs)
• tags/1.6.1/wpml-config.xml (copied) (copied from cookie-notice-consent/trunk/wpml-config.xml)
• trunk/cookie-notice-consent.php (modified) (2 diffs)
• trunk/includes/class-cnc-settings.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)

cookie-notice-consent/tags/1.6.1/cookie-notice-consent.php

@@ -4 +4 @@
  * Plugin Name:     Cookie Notice & Consent
  * Description:     Display a cookie notice, collect consent for different categories and output scripts if consent is given.
- * Version:         1.6.0
+ * Version:         1.6.1
  * Author:          Christoph Rado
  * Author URI:      https://christophrado.de/
- * Tested up to:    6.2
+ * Tested up to:    6.3
  */
 
@@ -17 +17 @@
      * Current plugin version
      */
-    private $version = '1.6.0';
+    private $version = '1.6.1';
     
     /**

cookie-notice-consent/tags/1.6.1/includes/class-cnc-settings.php

@@ -103 +103 @@
     private function render_settings_field_text( $group, $name, $description = '' ) {
         ?>
-        <input type="text" name="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" id="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" value="<?php echo $this->get_option( $group, $name ); ?>" class="regular-text">
+        <input type="text" name="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" id="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" value="<?php echo esc_html( $this->get_option( $group, $name ) ); ?>" class="regular-text">
         <?php
         if( !empty( $description ) ) {

cookie-notice-consent/tags/1.6.1/readme.txt

@@ -4 +4 @@
 Tags: cookie, consent, compliance, gdpr, dsgvo
 Requires at least: 5.0
-Tested up to: 6.2
-Stable tag: 1.6.0
+Tested up to: 6.3
+Stable tag: 1.6.1
 Requires PHP: 5.6
 License: GPLv3
@@ -76 +76 @@
 
 == Changelog ==
+
+= 1.6.1 =
+* Fixed: XSS vulnerability (non-escaped settings field values; only Administrator affected; disclosed by Patchstack)
+* Tested up to 6.3
 
 = 1.6.0 =

cookie-notice-consent/trunk/cookie-notice-consent.php

@@ -4 +4 @@
  * Plugin Name:     Cookie Notice & Consent
  * Description:     Display a cookie notice, collect consent for different categories and output scripts if consent is given.
- * Version:         1.6.0
+ * Version:         1.6.1
  * Author:          Christoph Rado
  * Author URI:      https://christophrado.de/
- * Tested up to:    6.2
+ * Tested up to:    6.3
  */
 
@@ -17 +17 @@
      * Current plugin version
      */
-    private $version = '1.6.0';
+    private $version = '1.6.1';
     
     /**

cookie-notice-consent/trunk/includes/class-cnc-settings.php

@@ -103 +103 @@
     private function render_settings_field_text( $group, $name, $description = '' ) {
         ?>
-        <input type="text" name="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" id="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" value="<?php echo $this->get_option( $group, $name ); ?>" class="regular-text">
+        <input type="text" name="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" id="cookie_notice_consent_<?php echo $group; ?>[<?php echo $name; ?>]" value="<?php echo esc_html( $this->get_option( $group, $name ) ); ?>" class="regular-text">
         <?php
         if( !empty( $description ) ) {

cookie-notice-consent/trunk/readme.txt

@@ -4 +4 @@
 Tags: cookie, consent, compliance, gdpr, dsgvo
 Requires at least: 5.0
-Tested up to: 6.2
-Stable tag: 1.6.0
+Tested up to: 6.3
+Stable tag: 1.6.1
 Requires PHP: 5.6
 License: GPLv3
@@ -76 +76 @@
 
 == Changelog ==
+
+= 1.6.1 =
+* Fixed: XSS vulnerability (non-escaped settings field values; only Administrator affected; disclosed by Patchstack)
+* Tested up to 6.3
 
 = 1.6.0 =