Changeset 3418891

Timestamp:

12/13/2025 12:12:22 PM (3 months ago)

Author:

babbardel

Message:

Sanitize and validate term icon/image IDs for security

Location:

category-icon/trunk

Files:

• category-icon.php (modified) (6 diffs)
• readme.txt (modified) (2 diffs)

category-icon/trunk/category-icon.php

@@ -4 +4 @@
  * Plugin URI:  http://pixelgrade.com
  * Description: Easily attach an icon and/or an image to a category, tag or any other taxonomy term.
- * Version: 1.0.2
+ * Version: 1.0.3
  * Author: Pixelgrade
  * Author URI: http://pixelgrade.com
@@ -31 +31 @@
     protected $plugin_baseurl = null;
     protected $plugin_screen_hook_suffix = null;
-    protected $version = '1.0.2';
+    protected $version = '1.0.3';
     protected $plugin_slug = 'category-icon';
     protected $plugin_key = 'category-icon';
@@ -299 +299 @@
             <td>
                 <div class="open_term_icon_preview">
-                    <input type="hidden" name="term_icon_value" id="term_icon_value" value="<?php echo $current_value; ?>">
+                    <input type="hidden" name="term_icon_value" id="term_icon_value" value="<?php echo esc_attr( $current_value ); ?>">
                     <?php if ( empty( $current_value ) ) { ?>
                         <span class="open_term_icon_upload button button-secondary">
@@ -327 +327 @@
             <td>
                 <div class="open_term_image_preview">
-                    <input type="hidden" name="term_image_value" id="term_image_value" value="<?php echo $current_image_value; ?>">
+                    <input type="hidden" name="term_image_value" id="term_image_value" value="<?php echo esc_attr( $current_image_value ); ?>">
                     <?php if ( empty( $current_image_value ) ) { ?>
                         <span class="open_term_image_upload button button-secondary">
@@ -350 +350 @@
     function save_taxonomy_custom_meta ( $term_id ) {
         if ( isset( $_POST['term_icon_value'] ) ) {
-            $value = $_POST['term_icon_value'];
+            $value = absint( wp_unslash( $_POST['term_icon_value'] ) );
+            if ( $value <= 0 ) {
+                $value = '';
+            }
             $current_value = get_term_meta( $term_id, 'pix_term_icon', true );
 
@@ -362 +365 @@
 
         if ( isset( $_POST['term_image_value'] ) ) {
-            $value_image = $_POST['term_image_value'];
+            $value_image = absint( wp_unslash( $_POST['term_image_value'] ) );
+            if ( $value_image <= 0 ) {
+                $value_image = '';
+            }
             $current_value_image = get_term_meta( $term_id, 'pix_term_image', true );
 

category-icon/trunk/readme.txt

@@ -5 +5 @@
 Tested up to: 6.8.1
 Requires PHP: 5.6.40
-Stable tag: 1.0.2
+Stable tag: 1.0.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -26 +26 @@
 
 == Changelog ==
+
+= 1.0.3 =
+* Security: sanitize and strictly validate term icon / image IDs on save and escape them on output to prevent XSS via the `term_icon_value` and `term_image_value` fields, even for Editor-level users.
 
 = 1.0.2 =