Fixes XSS vuln.

Author: Pierre-Lannoy

CHANGELOG.md

@@ -3,6 +3,11 @@ All notable changes to **Device Detector** are documented in this *changelog*.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and **Device Detector** adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.2.1] - 2024-12-11
+
+### Fixed
+- [SEC005] XSS vulnerability.
+
 ## [4.2.0] - 2024-11-22
 
 ### Added

device-detector.php

@@ -10,7 +10,7 @@
  * Plugin Name:       Device Detector
  * Plugin URI:        https://perfops.one/device-detector
  * Description:       Full featured analytics reporting and management tool that detects all devices accessing your WordPress site.
- * Version:           4.2.0
+ * Version:           4.2.1
  * Requires at least: 6.2
  * Requires PHP:      8.1
  * Author:            Pierre Lannoy / PerfOps One

includes/features/class-analyticsfactory.php

@@ -71,6 +71,7 @@ public static function get_analytics( $reload = false ) {
 		if ( empty( $id ) ) {
 			$id = '';
 		}
+		$id = sanitize_key( $id );
 		if ( ! ( $extended = filter_input( INPUT_GET, 'extended' ) ) ) {
 			$extended = filter_input( INPUT_POST, 'extended' );
 		}

init.php

@@ -12,7 +12,7 @@
 define( 'PODD_PRODUCT_SHORTNAME', 'Device Detector' );
 define( 'PODD_PRODUCT_ABBREVIATION', 'podd' );
 define( 'PODD_SLUG', 'device-detector' );
-define( 'PODD_VERSION', '4.2.0' );
+define( 'PODD_VERSION', '4.2.1' );
 define( 'PODD_API_VERSION', '3' );
 define( 'PODD_CODENAME', '"-"' );
 

readme.txt

@@ -4,7 +4,7 @@ Tags: bot, detection, detector, device, mobile
 Requires at least: 6.2
 Requires PHP: 8.1
 Tested up to: 6.7
-Stable tag: 4.2.0
+Stable tag: 4.2.1
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html