From 200fb5179cc1e784ea04d9880261e3e097be4900 Mon Sep 17 00:00:00 2001
From: ShubhamW <shubhamw@bsf.io>
Date: Wed, 16 Sep 2020 17:16:10 +0530
Subject: [PATCH 1/3]  fix : plugin security audits

---
 classes/class-bsf-sb-metabox.php | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/classes/class-bsf-sb-metabox.php b/classes/class-bsf-sb-metabox.php
index b8ca19e..7e2235b 100644
--- a/classes/class-bsf-sb-metabox.php
+++ b/classes/class-bsf-sb-metabox.php
@@ -81,7 +81,7 @@ public function metabox_actions() {
 		 */
 		public function metabox_save( $post_id ) {
 
-			if( ! isset( $_POST[ BSF_SB_POST_TYPE . '-nonce' ] ) ) {
+			if ( ! isset( $_POST[ BSF_SB_POST_TYPE . '-nonce' ] ) ) {
 				return;
 			}
 
@@ -110,12 +110,13 @@ public function metabox_save( $post_id ) {
 			}
 
 			if ( isset( $_POST['bsf-sb-users'] ) ) {
-				update_post_meta( $post_id, '_bsf-sb-users', $_POST['bsf-sb-users'] );
+				$bsf_sb_user_roles = array_map( 'sanitize_text_field', $_POST['bsf-sb-users'] );
+				update_post_meta( $post_id, '_bsf-sb-users', $bsf_sb_user_roles );
 			}
 
 			if ( isset( $_POST['replace_this_sidebar'] ) ) {
 
-				$replace_sidebar = esc_attr( $_POST['replace_this_sidebar'] );
+				$replace_sidebar = sanitize_text_field( esc_attr( $_POST['replace_this_sidebar'] ) );
 
 				update_post_meta( $post_id, '_replace_this_sidebar', $replace_sidebar );
 			}
@@ -158,7 +159,7 @@ public function sidebar_settings( $post ) {
 					if ( strrpos( $slug, BSF_SB_PREFIX ) !== false ) {
 						continue;
 					}
-					$out .= '<option value="' . $slug . '"' . selected( $replace_sidebar, $slug, false ) . '>' . $name . '</option>';
+					$out .= '<option value="' . esc_attr( $slug ) . '"' . selected( $replace_sidebar, $slug, false ) . '>' . esc_attr( $name ) . '</option>';
 				}
 				$out .= '</select>';
 			} else {
@@ -174,7 +175,7 @@ public function sidebar_settings( $post ) {
 							$out .= '<i class="bsf-sb-help dashicons dashicons-editor-help" title="' . esc_attr__( 'Add an optional description fot the Widgets screen.', 'sidebar-manager' ) . '"></i>';
 						$out     .= '</td>';
 						$out     .= '<td class="bsf-sb-row-content">';
-							$out .= '<input type="text" rows="1" name="excerpt" value="' . $post->post_excerpt . '">';
+							$out .= '<input type="text" rows="1" name="excerpt" value="' . esc_attr( $post->post_excerpt ) . '">';
 						$out     .= '</td>';
 					$out         .= '</tr>';
 

From 69579399db88c548144a9ba1663d71511a50ae05 Mon Sep 17 00:00:00 2001
From: ShubhamW <shubhamw@bsf.io>
Date: Mon, 21 Sep 2020 11:11:31 +0530
Subject: [PATCH 2/3] fix: security audit for the plugin

---
 README.md           | 9 ++++++---
 readme.txt          | 7 +++++--
 sidebar-manager.php | 4 ++--
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index e3e7184..4547acd 100644
--- a/README.md
+++ b/README.md
@@ -3,8 +3,8 @@
 **Donate link:** https://www.paypal.me/BrainstormForce  
 **Tags:** custom sidebar, sidebar manager, custom widget areas, widgets, conditional sidebar  
 **Requires at least:** 4.0  
-**Tested up to:** 5.5  
-**Stable tag:** 1.1.5 
+**Tested up to:** 5.5.1  
+**Stable tag:** 1.1.6  
 **License:** GPLv2 or later  
 **License URI:** https://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -51,7 +51,10 @@ Other plugins we found are heavy with ugly interface, non supported, developed o
 
 ## Changelog ##
 
-### 1.1.5 ### 
+### 1.1.6 ###
+- Improvement: Hardened the security of plugin.
+
+### 1.1.5 ###
 - Fix: Security hardening. 
 
 ### 1.1.4 ###
diff --git a/readme.txt b/readme.txt
index 2c39040..6ce8b6c 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,8 +3,8 @@ Contributors: BrainstormForce
 Donate link: https://www.paypal.me/BrainstormForce
 Tags: custom sidebar, sidebar manager, custom widget areas, widgets, conditional sidebar
 Requires at least: 4.0
-Tested up to: 5.5
-Stable tag: 1.1.5
+Tested up to: 5.5.1
+Stable tag: 1.1.6
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
@@ -51,6 +51,9 @@ Other plugins we found are heavy with ugly interface, non supported, developed o
 
 == Changelog ==
 
+= 1.1.6 =
+- Improvement: Hardened the security of plugin.
+
 = 1.1.5 = 
 - Fix: Security hardening. 
 
diff --git a/sidebar-manager.php b/sidebar-manager.php
index 6096827..80f80f4 100644
--- a/sidebar-manager.php
+++ b/sidebar-manager.php
@@ -3,7 +3,7 @@
  * Plugin Name:     Sidebar Manager
  * Plugin URI:      http://www.brainstormforce.com
  * Description:     This is the plugin to create custom siderbars to your site.
- * Version:         1.1.5
+ * Version:         1.1.6
  * Author:          Brainstorm Force
  * Author URI:      https://www.brainstormforce.com/
  * Text Domain:     bsfsidebars
@@ -25,7 +25,7 @@
 define( 'BSF_SB_BASE', plugin_basename( BSF_SB_FILE ) );
 define( 'BSF_SB_DIR', plugin_dir_path( BSF_SB_FILE ) );
 define( 'BSF_SB_URL', plugins_url( '/', BSF_SB_FILE ) );
-define( 'BSF_SB_VER', '1.1.5' );
+define( 'BSF_SB_VER', '1.1.6' );
 define( 'BSF_SB_PREFIX', 'bsf-sb' );
 define( 'BSF_SB_POST_TYPE', 'bsf-sidebar' );
 

From 822a689b596ddc19c875370117e8f12740c8d892 Mon Sep 17 00:00:00 2001
From: ShubhamW <shubhamw@bsf.io>
Date: Mon, 21 Sep 2020 11:16:56 +0530
Subject: [PATCH 3/3] removed the esc_attr and used sanitize_text_feild

---
 classes/class-bsf-sb-metabox.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/classes/class-bsf-sb-metabox.php b/classes/class-bsf-sb-metabox.php
index 7e2235b..b65b99d 100644
--- a/classes/class-bsf-sb-metabox.php
+++ b/classes/class-bsf-sb-metabox.php
@@ -116,7 +116,7 @@ public function metabox_save( $post_id ) {
 
 			if ( isset( $_POST['replace_this_sidebar'] ) ) {
 
-				$replace_sidebar = sanitize_text_field( esc_attr( $_POST['replace_this_sidebar'] ) );
+				$replace_sidebar = sanitize_text_field( $_POST['replace_this_sidebar'] );
 
 				update_post_meta( $post_id, '_replace_this_sidebar', $replace_sidebar );
 			}