Skip to content

Commit a3bdf78

Browse files
ajaydsouzaajaydsouza
committed
Fixed security issue where Knowledge Base slug in settings was not sanitized.
1 parent 90958bf commit a3bdf78

File tree

3 files changed

+12
-7
lines changed

3 files changed

+12
-7
lines changed

includes/class-cpt.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ public function __construct() {
3535
* @since 2.3.0
3636
*/
3737
public static function register_post_type() {
38-
$slug = \wzkb_get_option( 'kb_slug', 'knowledgebase' );
38+
$slug = sanitize_title( \wzkb_get_option( 'kb_slug', 'knowledgebase' ) );
3939
$archives = defined( 'WZKB_DISABLE_ARCHIVE' ) && WZKB_DISABLE_ARCHIVE ? false : $slug;
4040
$rewrite = defined( 'WZKB_DISABLE_REWRITE' ) && WZKB_DISABLE_REWRITE ? false : array(
4141
'slug' => $slug,
@@ -104,8 +104,8 @@ public static function register_post_type() {
104104
* @since 2.3.0
105105
*/
106106
public static function register_taxonomies() {
107-
$catslug = \wzkb_get_option( 'category_slug', 'section' );
108-
$tagslug = \wzkb_get_option( 'tag_slug', 'kb-tags' );
107+
$catslug = sanitize_title( \wzkb_get_option( 'category_slug', 'section' ) );
108+
$tagslug = sanitize_title( \wzkb_get_option( 'tag_slug', 'kb-tags' ) );
109109

110110
$args = array(
111111
'hierarchical' => true,

knowledgebase.php

100755100644
Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
* Plugin Name: WebberZone Knowledge Base
1414
* Plugin URI: https://github.com/WebberZone/knowledgebase
1515
* Description: Create a multi-product knowledge base on your WordPress site.
16-
* Version: 2.3.1
16+
* Version: 2.3.2
1717
* Author: WebberZone
1818
* Author URI: https://webberzone.com
1919
* License: GPL-2.0+
@@ -37,7 +37,7 @@
3737
*
3838
* @var string $wzkb_version Plugin version
3939
*/
40-
define( 'WZKB_VERSION', '2.3.1' );
40+
define( 'WZKB_VERSION', '2.3.2' );
4141
}
4242

4343
if ( ! defined( 'WZKB_PLUGIN_DIR' ) ) {

readme.txt

100755100644
Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -113,11 +113,16 @@ You can report security bugs through the Patchstack Vulnerability Disclosure Pro
113113

114114
== Upgrade Notice ==
115115

116-
= 2.3.1 =
117-
Fixed security issue where arguments passed to the shortcodes were not properly sanitized.
116+
= 2.3.2 =
117+
Fixed security issue where Knowledge Base slug in settings was not sanitized.
118118

119119
== Changelog ==
120120

121+
= 2.3.2 =
122+
123+
* Bug fixes:
124+
* Fixed security issue where Knowledge Base slug in settings was not sanitized.
125+
121126
= 2.3.1 =
122127

123128
* Bug fixes:

0 commit comments

Comments
 (0)