From fd60015c0ac99676b88f9140540d4a26c0099262 Mon Sep 17 00:00:00 2001 From: samiahmedsiddiqui Date: Wed, 15 May 2019 01:12:22 +0500 Subject: [PATCH] Fixing issue with --- ...t-xss-vulnerability-reflected-settings.php | 12 ++++---- ...revent-xss-vulnerability-self-settings.php | 14 ++++----- ...ass-prevent-xss-vulnerability-frontend.php | 30 ++++++++++++++----- prevent-xss-vulnerability.php | 4 +-- readme.txt | 6 +++- 5 files changed, 43 insertions(+), 23 deletions(-) diff --git a/admin/class-prevent-xss-vulnerability-reflected-settings.php b/admin/class-prevent-xss-vulnerability-reflected-settings.php index 4ff0b27..bae941c 100644 --- a/admin/class-prevent-xss-vulnerability-reflected-settings.php +++ b/admin/class-prevent-xss-vulnerability-reflected-settings.php @@ -17,7 +17,7 @@ function __construct() { * * @access private * @since 0.1 - * @updated 0.3.4 + * @updated 0.3.5 * * @return void */ @@ -53,13 +53,15 @@ private function xss_reflected_settings() { $reflected_xss['escape_html'] = wp_kses( $_POST['escape_html'], array() ); } update_option( - 'prevent_xss_vulnerability_reflected_settings', - serialize( $reflected_xss ) + 'prevent_xss_vulnerability_reflected_settings', $reflected_xss ); } - $get_reflected_xss = unserialize( get_option( + $get_reflected_xss = get_option( 'prevent_xss_vulnerability_reflected_settings' - ) ); + ); + if ( is_string( $get_reflected_xss ) ) { + $get_reflected_xss = unserialize( $get_reflected_xss ); + } $enable_blocking = ''; $enable_encoding = ''; $escape_html = ''; diff --git a/admin/class-prevent-xss-vulnerability-self-settings.php b/admin/class-prevent-xss-vulnerability-self-settings.php index 5a66bdb..35da083 100644 --- a/admin/class-prevent-xss-vulnerability-self-settings.php +++ b/admin/class-prevent-xss-vulnerability-self-settings.php @@ -17,7 +17,7 @@ function __construct() { * * @access private * @since 0.3.0 - * @updated 0.3.3 + * @updated 0.3.5 * * @return void */ @@ -39,15 +39,15 @@ private function self_xss_settings_page() { $self_xss['user_warning'] = 1; } - update_option( - 'prevent_xss_vulnerability_self_xss_settings', - serialize( $self_xss ) - ); + update_option( 'prevent_xss_vulnerability_self_xss_settings', $self_xss ); } - $get_self_xss = unserialize( get_option( + $get_self_xss = get_option( 'prevent_xss_vulnerability_self_xss_settings' - ) ); + ); + if ( is_string( $get_self_xss ) ) { + $get_self_xss = unserialize( $get_self_xss ); + } $warning_message = ''; if ( isset( $get_self_xss['warning_message'] ) diff --git a/frontend/class-prevent-xss-vulnerability-frontend.php b/frontend/class-prevent-xss-vulnerability-frontend.php index 41f4950..c4f31da 100644 --- a/frontend/class-prevent-xss-vulnerability-frontend.php +++ b/frontend/class-prevent-xss-vulnerability-frontend.php @@ -22,14 +22,18 @@ public function init() { * * @access private * @since 0.1 - * @updated 0.3.0 + * @updated 0.3.5 * * @return void */ private function prevent_xss_vulnerability() { - $reflected_xss_settings = unserialize( get_option( + $reflected_xss_settings = get_option( 'prevent_xss_vulnerability_reflected_settings' - ) ); + ); + + if ( is_string( $reflected_xss_settings ) ) { + $reflected_xss_settings = unserialize( $reflected_xss_settings ); + } if ( ! isset( $reflected_xss_settings ) || empty( $reflected_xss_settings ) || ( 1 != $reflected_xss_settings['enable_encoding'] @@ -182,13 +186,19 @@ private function prevent_xss_vulnerability() { * * @access public * @since 0.2 + * @updated 0.3.5 * * @return void */ public function escape_html() { - $reflected_xss_settings = unserialize( get_option( + $reflected_xss_settings = get_option( 'prevent_xss_vulnerability_reflected_settings' - ) ); + ); + + if ( is_string( $reflected_xss_settings ) ) { + $reflected_xss_settings = unserialize( $reflected_xss_settings ); + } + if ( isset( $reflected_xss_settings ) && isset( $reflected_xss_settings['escape_html'] ) && 1 == $reflected_xss_settings['escape_html'] ) { @@ -204,14 +214,18 @@ public function escape_html() { * * @access public * @since 0.3.0 - * @updated 0.3.3 + * @updated 0.3.5 * * @return void */ public function self_xss_script() { - $self_xss_settings = unserialize( get_option( + $self_xss_settings = get_option( 'prevent_xss_vulnerability_self_xss_settings' - ) ); + ); + + if ( is_string( $self_xss_settings ) ) { + $self_xss_settings = unserialize( $self_xss_settings ); + } if ( isset( $self_xss_settings ) && isset( $self_xss_settings['user_warning'] ) diff --git a/prevent-xss-vulnerability.php b/prevent-xss-vulnerability.php index 217d20e..3b82f98 100644 --- a/prevent-xss-vulnerability.php +++ b/prevent-xss-vulnerability.php @@ -3,7 +3,7 @@ * Plugin Name: Prevent XSS Vulnerability * Plugin URI: https://wordpress.org/plugins/prevent-xss-vulnerability/ * Description: Secure your site from the XSS Attack. - * Version: 0.3.4 + * Version: 0.3.5 * Author: Sami Ahmed Siddiqui * Author URI: https://www.yasglobal.com/web-design-development/wordpress/prevent-xss-vulnerability/ * License: GPLv3 @@ -61,7 +61,7 @@ private function setup_constants() { define( 'PREVENT_XSS_VULNERABILITY_FILE', __FILE__ ); } if ( ! defined( 'PREVENT_XSS_VULNERABILITY_PLUGIN_VERSION' ) ) { - define( 'PREVENT_XSS_VULNERABILITY_PLUGIN_VERSION', '0.3.4' ); + define( 'PREVENT_XSS_VULNERABILITY_PLUGIN_VERSION', '0.3.5' ); } if ( ! defined( 'PREVENT_XSS_VULNERABILITY_PATH' ) ) { define( 'PREVENT_XSS_VULNERABILITY_PATH', plugin_dir_path( PREVENT_XSS_VULNERABILITY_FILE ) ); diff --git a/readme.txt b/readme.txt index 1cd63ef..684235d 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: sasiddiqui Tags: attack, cross-site scripting, security, vulnerability, xss, self-xss Requires at least: 3.5 Tested up to: 5.2 -Stable tag: 0.3.4 +Stable tag: 0.3.5 License: GPLv3 License URI: https://www.gnu.org/licenses/gpl-3.0.html @@ -106,6 +106,10 @@ A. No, this plugin doesn't have any conflict with any plugin. == Changelog == += 0.3.5 - May 14, 19 = + + * Fixing issue with `update_option` + = 0.3.4 - May 11, 19 = * Added `wp_kses` to make the textarea messages more secure