Security Fix for add_query_arg vulnerability

readme.txt

@@ -3,8 +3,8 @@ Contributors: woothemes,mattyza,jeffikus
 Donate link: http://woothemes.com/
 Tags: wooframework,settings
 Requires at least: 3.9.1
-Tested up to: 3.9.1
-Stable tag: 1.0.1
+Tested up to: 4.1.1
+Stable tag: 1.0.2
 License: GPLv3 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -46,6 +46,10 @@ We encourage everyone to contribute their ideas, thoughts and code snippets. Thi
 
 == Upgrade Notice ==
 
+= 1.0.2 =
+* 2015-04-22
+* Security Fix for add_query_arg vulnerability
+
 = 1.0.1 =
 * 2014-08-18
 * Adds WF export capabilities
@@ -58,6 +62,10 @@ We encourage everyone to contribute their ideas, thoughts and code snippets. Thi
 
 == Changelog ==
 
+= 1.0.2 =
+* 2015-04-22
+* Security Fix for add_query_arg vulnerability
+
 = 1.0.1 =
 * 2014-08-18
 * Adds WF export capabilities

wooframework-tweaks.php

@@ -3,11 +3,11 @@
  * Plugin Name: WooFramework Tweaks
  * Plugin URI: http://github.com/woothemes/wooframework-tweaks/
  * Description: Hidey ho, neighborino! Lets add a few options back to the WooFramework, for a bit of extra fine tuning, shall we?
- * Version: 1.0.1
+ * Version: 1.0.2
  * Author: WooThemes
  * Author URI: http://woothemes.com/
  * Requires at least: 3.9.1
- * Tested up to: 3.9.1
+ * Tested up to: 4.1.1
  *
  * Text Domain: wooframework-tweaks
  * Domain Path: /languages/
@@ -318,7 +318,7 @@ public function admin_screen_logic () {
 			$url = add_query_arg( 'page', $page );
 			$url = add_query_arg( 'updated', 'true', $url );
 
-			wp_safe_redirect( $url );
+			wp_safe_redirect( esc_url( $url ) );
 			exit;
 		}
 	} // End admin_screen_logic()