diff --git a/includes/class-shortcodes.php b/includes/class-shortcodes.php index 1a914d3..8e8139d 100644 --- a/includes/class-shortcodes.php +++ b/includes/class-shortcodes.php @@ -21,12 +21,12 @@ public function button_callback( $atts ) { return sprintf( '', - $atts['formaction'], - $atts['data-background-color'], - $atts['data-color'], - $atts['data-turbo'], - $atts['data-primary'], - $atts['value'] + esc_attr( $atts['formaction'] ), + esc_attr( $atts['data-background-color'] ), + esc_attr( $atts['data-color'] ), + esc_attr( $atts['data-turbo'] ), + esc_attr( $atts['data-primary'] ), + esc_html( $atts['value'] ) ); } } \ No newline at end of file diff --git a/mihdan-yandex-turbo-feed.php b/mihdan-yandex-turbo-feed.php index 4e903d2..4230890 100644 --- a/mihdan-yandex-turbo-feed.php +++ b/mihdan-yandex-turbo-feed.php @@ -17,7 +17,7 @@ * Plugin Name: Yandex Turbo Feed * Plugin URI: https://www.kobzarev.com/projects/yandex-turbo-feed/ * Description: Плагин создаёт настраиваемые ленты для сервиса Яндекс Турбо - * Version: 1.6.5.1 + * Version: 1.6.6 * Author: Mikhail Kobzarev * Author URI: https://www.kobzarev.com/ * License: GNU General Public License v2 @@ -35,7 +35,7 @@ // Слаг плагина define( 'MIHDAN_YANDEX_TURBO_FEED_SLUG', 'mihdan_yandex_turbo_feed' ); -define( 'MIHDAN_YANDEX_TURBO_FEED_VERSION', '1.6.5.1' ); +define( 'MIHDAN_YANDEX_TURBO_FEED_VERSION', '1.6.6' ); define( 'MIHDAN_YANDEX_TURBO_FEED_PATH', __DIR__ ); define( 'MIHDAN_YANDEX_TURBO_FEED_URL', trailingslashit( plugin_dir_url( __FILE__ ) ) ); define( 'MIHDAN_YANDEX_TURBO_FEED_FILE', __FILE__ ); diff --git a/readme.txt b/readme.txt index 8856399..b90f6c3 100644 --- a/readme.txt +++ b/readme.txt @@ -5,8 +5,8 @@ Donate link: https://www.kobzarev.com/donate/ Tags: wordpress, feed, yandex, turbo, rss, yandex-turbo, yandex-turbo-pages, rss-feed, seo, seo-friendly, yoast, google, webmaster, schema, sitemap Requires at least: 5.6 Requires PHP: 7.4 -Tested up to: 6.4 -Stable tag: 1.6.5.1 +Tested up to: 6.5 +Stable tag: 1.6.6 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -174,6 +174,9 @@ add_filter( 'mihdan_yandex_turbo_feed_taxonomy', function( $taxonomy ) { == Changelog == += 1.6.6 (2024-05-03) = +* Исправлена критическая уязвимость `CVE-2024-4411` + = 1.6.5 (2023-12-05) = * Добавлена возможность вставки видео из плагина Lite Video Embed