Skip to content

Commit

Permalink
Fixes XSS vuln.
Browse files Browse the repository at this point in the history
  • Loading branch information
Pierre-Lannoy committed Dec 11, 2024
1 parent 241d63c commit 1b3441c
Show file tree
Hide file tree
Showing 5 changed files with 17 additions and 4 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ All notable changes to **Sessions** are documented in this *changelog*.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and **Sessions** adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [3.1.1] - 2024-12-11

### Fixed
- [SEC006] XSS vulnerability.

## [3.1.0] - 2024-11-22

### Added
Expand Down
10 changes: 9 additions & 1 deletion includes/features/class-analyticsfactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@
*/
class AnalyticsFactory {

/**
* Allowed types.
*
* @since 3.1.1
* @var array $allowed_types Maintain the allowed types.
*/
private static $allowed_types = [ ];

/**
* Ajax callback.
*
Expand All @@ -53,7 +61,7 @@ public static function get_analytics( $reload = false ) {
if ( ! ( $type = filter_input( INPUT_GET, 'type' ) ) ) {
$type = filter_input( INPUT_POST, 'type' );
}
if ( empty( $type ) ) {
if ( empty( $type ) || ! in_array( $type, self::$allowed_types ) ) {
$type = 'summary';
}
// Filters.
Expand Down
2 changes: 1 addition & 1 deletion init.php
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@
define( 'POSE_PRODUCT_SHORTNAME', 'Sessions' );
define( 'POSE_PRODUCT_ABBREVIATION', 'posessions' );
define( 'POSE_SLUG', 'sessions' );
define( 'POSE_VERSION', '3.1.0' );
define( 'POSE_VERSION', '3.1.1' );
define( 'POSE_CODENAME', '"-"' );
define( 'POSE_CDN_AVAILABLE', true );
2 changes: 1 addition & 1 deletion readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Tags: authentication, login, protection, role, session
Requires at least: 6.2
Requires PHP: 8.1
Tested up to: 6.7
Stable tag: 3.1.0
Stable tag: 3.1.1
License: GPLv3
License URI: https://www.gnu.org/licenses/gpl-3.0.html

Expand Down
2 changes: 1 addition & 1 deletion sessions.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
* Plugin Name: Sessions
* Plugin URI: https://perfops.one/sessions
* Description: Powerful sessions manager for WordPress with sessions limiter and full analytics reporting capabilities.
* Version: 3.1.0
* Version: 3.1.1
* Requires at least: 6.2
* Requires PHP: 8.1
* Author: Pierre Lannoy / PerfOps One
Expand Down

0 comments on commit 1b3441c

Please sign in to comment.