WPML Security Update, Bug and Fix

1.0WPMLhttps://wpml.org/vi/Amirhttps://wpml.org/vi/author/amir/WPML Security Update, Bug and Fix - WPMLrich600338<blockquote class="wp-embedded-content" data-secret="QQv5CSoYLf"><a href="https://wpml.org/vi/changelog/2015/03/wpml-security-update-bug-and-fix/">WPML Security Update, Bug and Fix</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://wpml.org/vi/changelog/2015/03/wpml-security-update-bug-and-fix/embed/#?secret=QQv5CSoYLf" width="600" height="338" title="“WPML Security Update, Bug and Fix” — WPML" data-secret="QQv5CSoYLf" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://wpml.org/wp-includes/js/wp-embed.min.js /* ]]> */ </script> Yesterday we released WPML 3.1.9, which addresses several security concerns. We take the security of our clients very seriously, so as soon as we noticed these possible exploits, we set to work on a version which fixes them. That version added sanitation to a number of places in the code. One of them, sanitized URLs […]https://wpml.org/wp-content/uploads/2015/03/wpml319-bug-non-english-chars-300x183.png