WordPress.org
Get WordPress

Plugin Directory

Changeset 3148752


Ignore:
Timestamp:
09/09/2024 02:14:50 PM (19 months ago)
Author:
babbardel
Message:

Version 2.1.8: Fixed stored XSS vulnerability in the 'align' attribute of the 'wp:separator' block. Improved sanitization and escaping to enhance security. Removed unnecessary .map files to reduce plugin size.

Location:
nova-blocks/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • nova-blocks/trunk/languages/nova-blocks.pot

    r3080841 r3148752  
    33msgid ""
    44msgstr ""
    5 "Project-Id-Version: Nova Blocks 2.1.7\n"
     5"Project-Id-Version: Nova Blocks 2.1.8\n"
    66"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/nova-blocks\n"
    77"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
     
    1010"Content-Type: text/plain; charset=UTF-8\n"
    1111"Content-Transfer-Encoding: 8bit\n"
    12 "POT-Creation-Date: 2024-05-03T09:50:48+00:00\n"
     12"POT-Creation-Date: 2024-09-09T13:11:17+00:00\n"
    1313"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
    1414"X-Generator: WP-CLI 2.9.0\n"

  • nova-blocks/trunk/nova-blocks.php

    r3080841 r3148752  
    44 * Plugin URI: https://github.com/pixelgrade/nova-blocks/
    55 * Description: Nova Blocks is a collection of <strong>distinctive Gutenberg blocks</strong>, committed to making your site shine like a newborn star. It is taking a design-driven approach to help you made the right decisions and showcase your content in the best shape.
    6  * Version: 2.1.7
     6 * Version: 2.1.8
    77 * Author: Pixelgrade
    88 * Author URI: https://www.pixelgrade.com

  • nova-blocks/trunk/packages/core/src/blocks/core/separator/init.php

    r2719178 r3148752  
    3636        $classes = [
    3737            'wp-block-separator',
    38             'align' . $attributes['align']
     38            'align' . sanitize_html_class( $attributes['align'] )
    3939        ];
    4040
     
    5050
    5151        <div <?php echo $data_attributes; ?>
    52             class="<?php echo join( ' ', $classes ) ?>"
     52            class="<?php echo esc_attr( join( ' ', $classes ) ); ?>"
    5353            style="<?php echo esc_attr( $style ); ?>">
    5454            <?php

  • nova-blocks/trunk/readme.txt

    r3080841 r3148752  
    33Tags: blocks, editor, gutenberg, gutenberg blocks, page builder, block enabled, page building, full site editing, site editor, posts collection
    44Requires at least: 5.9
    5 Tested up to: 6.5.3
    6 Stable tag: 2.1.7
     5Tested up to: 6.6.1
     6Stable tag: 2.1.8
    77Requires PHP: 7.4
    88License: GPLv2 or later
     
    9494
    9595== Changelog ==
     96
     97= 2.1.8 =
     98* Fixed an authenticated (Contributor+) stored cross-site scripting (XSS) vulnerability via the 'align' attribute of the 'wp:separator' Gutenberg block.
     99* Improved sanitization and escaping of the 'align' attribute to prevent potential XSS attacks.
    96100
    97101= 2.1.7 =
Note: See TracChangeset for help on using the changeset viewer.