Fix XSS in admin page reported by wporg/wpscan

BoldGrid · Jun 21, 2021 · 24b887a · 24b887a
1 parent 2bdb3aa
commit 24b887a
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 5 deletions.
diff --git a/Generic_Plugin_Admin.php b/Generic_Plugin_Admin.php
@@ -321,7 +321,7 @@ function admin_head() {
 					'dimension9': '<?php echo esc_attr( $state->get_string( 'common.install_version' ) ) ?>',
 					'dimension10': '<?php echo esc_attr( Util_Environment::w3tc_edition( $this->_config ) ) ?>',
 					'dimension11': '<?php echo esc_attr( Util_Widget::list_widgets() ) ?>',
-					'page': '<?php echo wp_strip_all_tags( $page ); ?>'
+					'page': '<?php echo esc_attr( $page ); ?>'
 				});
 
 				w3tc_ga('send', 'pageview');

diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: boldgrid, fredericktownes, maxicusc, gidomanders, bwmarkle, harryj
 Tags: seo, cache, optimize, pagespeed, performance, caching, compression, maxcdn, nginx, varnish, redis, new relic, aws, amazon web services, s3, cloudfront, rackspace, cloudflare, azure, apache
 Requires at least: 3.8
 Tested up to: 5.7
-Stable tag: 2.1.4
+Stable tag: 2.1.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -275,8 +275,10 @@ Please reach out to all of these people and support their projects if you're so
 
 == Changelog ==
 
-= 2.1.4 =
+= 2.1.5 =
 * Fix: Sanitize extension argument
+
+= 2.1.4 =
 * Fix: Use Memcached server from config for Nginx rules instead of localhost
 * Fix: Allow more characters in CDN hostname sanitization
 * Fix: Added missing textdomains for Browser Cache settings

diff --git a/w3-total-cache-api.php b/w3-total-cache-api.php
@@ -5,7 +5,7 @@
 }
 
 define( 'W3TC', true );
-define( 'W3TC_VERSION', '2.1.4' );
+define( 'W3TC_VERSION', '2.1.5' );
 define( 'W3TC_POWERED_BY', 'W3 Total Cache' );
 define( 'W3TC_EMAIL', '[email protected]' );
 define( 'W3TC_TEXT_DOMAIN', 'w3-total-cache' );

diff --git a/w3-total-cache.php b/w3-total-cache.php
@@ -3,7 +3,7 @@
  * Plugin Name:       W3 Total Cache
  * Plugin URI:        https://www.boldgrid.com/totalcache/
  * Description:       The highest rated and most complete WordPress performance plugin. Dramatically improve the speed and user experience of your site. Add browser, page, object and database caching as well as minify and content delivery network (CDN) to WordPress.
- * Version:           2.1.4
+ * Version:           2.1.5
  * Requires at least: 3.8
  * Requires PHP:      5.6
  * Author:            BoldGrid