Updates to 6.1.8

pronamic · Aug 4, 2023 · b9336de · b9336de
1 parent 4503aaf
commit b9336de
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 9 deletions.
diff --git a/acf.php b/acf.php
@@ -9,7 +9,7 @@
  * Plugin Name: Advanced Custom Fields PRO
  * Plugin URI: https://www.advancedcustomfields.com
  * Description: Customize WordPress with powerful, professional and intuitive fields.
- * Version: 6.1.7
+ * Version: 6.1.8
  * Author: WP Engine
  * Author URI: https://wpengine.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=plugin_directory&utm_content=advanced_custom_fields
  * Update URI: https://www.advancedcustomfields.com/pro
@@ -34,7 +34,7 @@ class ACF {
  *
  * @var string
  */
- public $version = '6.1.7';
+ public $version = '6.1.8';
 
  /**
  * The plugin settings array.

diff --git a/includes/post-types/class-acf-post-type.php b/includes/post-types/class-acf-post-type.php
@@ -363,6 +363,7 @@ public function get_post_type_args( $post ) {
  // Make sure any provided labels are strings and not empty.
  $labels = array_filter( $post['labels'] );
  $labels = array_map( 'strval', $labels );
+ $labels = array_map( 'esc_html', $labels );
 
  if ( ! empty( $labels ) ) {
  $args['labels'] = $labels;

diff --git a/includes/post-types/class-acf-taxonomy.php b/includes/post-types/class-acf-taxonomy.php
@@ -190,10 +190,10 @@ public function get_settings_array() {
  ),
  'description' => '',
  'capabilities' => array(
- 'manage_terms'  => 'manage_categories',
- 'edit_terms'  => 'manage_categories',
- 'delete_terms'  => 'manage_categories',
- 'assign_terms'  => 'edit_posts',
+ 'manage_terms' => 'manage_categories',
+ 'edit_terms' => 'manage_categories',
+ 'delete_terms' => 'manage_categories',
+ 'assign_terms' => 'edit_posts',
  ),
  'public' => true,
  'publicly_queryable' => true,
@@ -309,6 +309,7 @@ public function get_taxonomy_args( $post ) {
  // Make sure any provided labels are strings and not empty.
  $labels = array_filter( $post['labels'] );
  $labels = array_map( 'strval', $labels );
+ $labels = array_map( 'esc_html', $labels );
 
  if ( ! empty( $labels ) ) {
  $args['labels'] = $labels;

diff --git a/readme.txt b/readme.txt
@@ -2,9 +2,9 @@
 Contributors: elliotcondon
 Tags: acf, fields, custom fields, meta, repeater
 Requires at least: 4.7
-Tested up to: 6.2
+Tested up to: 6.3
 Requires PHP: 5.6
-Stable tag: 6.1.7
+Stable tag: 6.1.8
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
@@ -92,6 +92,11 @@ From your WordPress dashboard
 
 == Changelog ==
 
+= 6.1.8 =
+*Release Date 3rd August 2023*
+
+* Security Fix - This release resolves a stored XSS vulnerability in admin screens with ACF post type and taxonomy labels (Thanks to Satoo Nakano and Ryotaro Imamura)
+
 = 6.1.7 =
 *Release Date 27th June 2023*
 
@@ -114,7 +119,7 @@ From your WordPress dashboard
 = 6.1.6 =
 *Release Date 4th May 2023*
 
-* Security Fix - This release resolves an XSS vulnerability in ACF’s admin pages (Thanks to Rafie Muhammad for the responsible disclosure)
+* Security Fix - This release resolves an XSS vulnerability in ACF's admin pages (Thanks to Rafie Muhammad for the responsible disclosure)
 * Fix - Duplicating fields in a new field group with field setting tabs disabled now behaves correctly
 
 = 6.1.5 =