Security fixes

allan23 · Apr 19, 2016 · 661cb8b · 661cb8b
1 parent 402894b
commit 661cb8b
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 .DS_Store
+.idea
diff --git a/debug_bar_cache_lookup.php b/debug_bar_cache_lookup.php
@@ -2,9 +2,9 @@
 
 /**
  * Plugin Name: Debug Bar Cache Lookup
- * Plugin URI:  http://wordpress.org/plugins
+ * Plugin URI:  https://wordpress.org/plugins/debug-bar-cache-lookup/
  * Description: Look up items in object cache. Requires Debug Bar Plugin.
- * Version:     0.1.0
+ * Version:     0.1.1
  * Author:      Allan Collins
  * Author URI:  http://www.allancollins.net/
  * License:     GPLv2+
@@ -40,12 +40,15 @@
 
 /**
  * Add the panel to the Debug Bar.
+ *
  * @param array $panels Array of panel objects.
+ *
  * @return array Array of panel objects.
  */
 function dbcl_add_panel( $panels ) {
 	require DBCL_PATH . 'includes/class-debug-bar-cache-lookup.php';
 	array_push( $panels, new Debug_Bar_Cache_Lookup() );
+
 	return $panels;
 }
 
@@ -67,16 +70,17 @@ function dbcl_enqueue() {
  */
 function dbcl_ajax() {
 	check_ajax_referer( 'dbcl_security', 'security' );
-	$dbcl_key	 = filter_input( INPUT_POST, 'dbcl_key', FILTER_SANITIZE_STRING );
-	$dbcl_group	 = filter_input( INPUT_POST, 'dbcl_group', FILTER_SANITIZE_STRING );
+	$dbcl_key   = filter_input( INPUT_POST, 'dbcl_key', FILTER_SANITIZE_STRING );
+	$dbcl_group = filter_input( INPUT_POST, 'dbcl_group', FILTER_SANITIZE_STRING );
 
 	$cache = wp_cache_get( $dbcl_key, $dbcl_group );
-	if ( !$cache ) {
+	if ( ! $cache ) {
 		return wp_send_json_error();
 	}
 	ob_start();
 	print_r( $cache );
-	$cache = ob_get_clean();
+	$cache = esc_html( ob_get_clean() );
+
 	return wp_send_json_success( array( 'cache' => $cache ) );
 }
 

diff --git a/includes/class-debug-bar-cache-lookup.php b/includes/class-debug-bar-cache-lookup.php
@@ -3,7 +3,7 @@
 class Debug_Bar_Cache_Lookup extends Debug_Bar_Panel {
 
 	function init() {
-		$this->title( __( 'Cache Lookup', 'dbcl' ) );
+		$this->title( esc_html__( 'Cache Lookup', 'dbcl' ) );
 	}
 
 	function prerender() {
@@ -14,6 +14,6 @@ function prerender() {
 	function render() {
 		include DBCL_PATH . 'views/searchform.php';
 	}
-	
+
 
 }
diff --git a/readme.txt b/readme.txt
@@ -3,8 +3,8 @@ Contributors:      collinsinternet
 Donate link:       
 Tags: debug bar, object cache, memcached, memcache
 Requires at least: 3.9
-Tested up to:      4.1.1
-Stable tag:        0.1.0
+Tested up to:      4.5
+Stable tag:        0.1.1
 License:           GPLv2 or later
 License URI:       http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -35,10 +35,13 @@ Instead of using WP CLI or other tools, you can look it up from within the Debug
 
 == Changelog ==
 
+= 0.1.1 =
+* Minor security update.
+
 = 0.1.0 =
 * First release
 
 == Upgrade Notice ==
 
-= 0.1.0 =
-First Release
+= 0.1.1 =
+Security fixes.
diff --git a/views/searchform.php b/views/searchform.php
@@ -4,11 +4,11 @@
 		<p>Enter the cache key and cache group:</p>
 		<p>
 		<label for="dbcl_key">Key:</label>
-		<input type="text" id="dbcl_key" name="dbcl_key">
+		<input type="text" id="dbcl_key" name="dbcl_key"> <small>(Example: alloptions)</small>
 		</p>
 		<p>
 		<label for="dbcl_group">Group:</label>
-		<input type="text" id="dbcl_group" name="dbcl_group">
+		<input type="text" id="dbcl_group" name="dbcl_group"> <small>(Example: options)</small>
 		</p>
 		<p class="center"><input type="submit" value="Lookup" class="button button-primary"></p>
 	</form><br/>