Plugin Directory

Changeset 1136202 for simple-ads-manager


Ignore:
Timestamp:
04/16/2015 01:38:44 PM (10 years ago)
Author:
minimus
Message:

New version

Location:
simple-ads-manager/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • simple-ads-manager/trunk/readme.txt

    r1120627 r1136202  
    44Tags: ad, adbrite, adgridwork, adify, admin, adpinion, adroll, ads, adsense, adserver, advertisement, advertising, affiliate, banner, banners, chitika, cj, commercial, commission, crispads, dfp, google, income, junction, link, manager, media, money, plugin, random, referral, revenue, rotator, seo, server, shoppingads, widget, widgetbucks, yahoo, ypn
    55Requires at least: 3.9
    6 Tested up to: 4.1
    7 Stable tag: 2.6.96
     6Tested up to: 4.2
     7Stable tag: 2.7.97
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    8686== Changelog ==
    8787
     88= 2.7.97 =
     89* SQL injection fix.
    8890= 2.6.96 =
    8991* Potential vulnerability issue was resolved.
     
    211213== Upgrade Notice ==
    212214
    213 = 2.6.96
     215= 2.7.97 =
     216SQL injection fix.
     217= 2.6.96 =
    214218Some issues with errors were resolved.
    215219= 2.5.94 =
  • simple-ads-manager/trunk/sam-ajax-admin.php

    r1120627 r1136202  
    1919ini_set('html_errors', 0);
    2020
    21 define('SHORTINIT', true);
     21$validUri = '';
     22$validRequest = false;
     23if($_REQUEST['action'] !== 'load_combo_data') define('SHORTINIT', true);
    2224
    2325require_once( $root . '/wp-load.php' );
     
    2628    $letters = 'abcefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 ';
    2729    return substr(str_shuffle($letters), 0, $chars);
     30}
     31
     32$action = !empty($_REQUEST['action']) ? 'sam_ajax_' . stripslashes($_REQUEST['action']) : false;
     33if( ! SHORTINIT ) {
     34    $validUri = admin_url('admin.php') . '?page=sam-edit';
     35    $validRequest = strpos($_SERVER['HTTP_REFERER'], $validUri);
    2836}
    2937
     
    4957send_nosniff_header();
    5058nocache_headers();
    51 
    52 $action = !empty($_REQUEST['action']) ? 'sam_ajax_' . stripslashes($_REQUEST['action']) : false;
    5359
    5460//A bit of security
     
    126132
    127133    case 'sam_ajax_load_posts':
    128       $custs = (isset($_REQUEST['cstr'])) ? $_REQUEST['cstr'] : '';
     134      $custs = $wpdb->escape((isset($_REQUEST['cstr'])) ? $_REQUEST['cstr'] : '');
    129135      $sPost = (isset($_REQUEST['sp'])) ? urldecode( $_REQUEST['sp'] ) : 'Post';
    130136      $sPage = (isset($_REQUEST['spg'])) ? urldecode( $_REQUEST['spg'] ) : 'Page';
     
    187193
    188194    case 'sam_ajax_load_users':
    189       $roleSubscriber = (isset($_REQUEST['subscriber'])) ? urldecode($_REQUEST['subscriber']) : 'Subscriber';
    190       $roleContributor = (isset($_REQUEST['contributor'])) ? urldecode($_REQUEST['contributor']) : 'Contributor';
    191       $roleAuthor = (isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : 'Author';
    192       $roleEditor = (isset($_REQUEST['editor'])) ? urldecode($_REQUEST['editor']) : 'Editor';
    193       $roleAdministrator = (isset($_REQUEST["admin"])) ? urldecode($_REQUEST["admin"]) : 'Administrator';
    194       $roleSuperAdmin = (isset($_REQUEST['sadmin'])) ? urldecode($_REQUEST['sadmin']) : 'Super Admin';
     195      $roleSubscriber = $wpdb->escape((isset($_REQUEST['subscriber'])) ? urldecode($_REQUEST['subscriber']) : 'Subscriber');
     196      $roleContributor = $wpdb->escape((isset($_REQUEST['contributor'])) ? urldecode($_REQUEST['contributor']) : 'Contributor');
     197      $roleAuthor = $wpdb->escape((isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : 'Author');
     198      $roleEditor = $wpdb->escape((isset($_REQUEST['editor'])) ? urldecode($_REQUEST['editor']) : 'Editor');
     199      $roleAdministrator = $wpdb->escape((isset($_REQUEST["admin"])) ? urldecode($_REQUEST["admin"]) : 'Administrator');
     200      $roleSuperAdmin = $wpdb->escape((isset($_REQUEST['sadmin'])) ? urldecode($_REQUEST['sadmin']) : 'Super Admin');
    195201      $sql = "SELECT
    196202                wu.id,
     
    224230
    225231    case 'sam_ajax_load_combo_data':
    226       $page = $_GET['page'];
    227       $rows = $_GET['rows'];
    228       $searchTerm = $_GET['searchTerm'];
    229       $offset = ((int)$page - 1) * (int)$rows;
    230 
    231       $sql = "SELECT
     232      if($validRequest !== false) {
     233          $page = $_GET['page'];
     234        $rows = $_GET['rows'];
     235        $searchTerm = $_GET['searchTerm'];
     236        $searchTerm = $wpdb->escape($searchTerm);
     237        $offset = ((int)$page - 1) * (int)$rows;
     238
     239        $sql = "SELECT
    232240                wu.id,
    233241                wu.display_name AS title,
     
    239247              ORDER BY wu.id
    240248              LIMIT $offset, $rows;";
    241       $users = $wpdb->get_results($sql, ARRAY_A);
    242 
    243       $sql = "SELECT COUNT(*) FROM $uTable wu WHERE wu.user_nicename LIKE '{$searchTerm}%';";
    244       $rTotal = $wpdb->get_var($sql);
    245       $total = ceil((int)$rTotal/(int)$rows);
    246 
    247       $out = array(
    248         'page' => $page,
    249         'records' => count($users),
    250         'rows' => $users,
    251         'total' => $total,
    252         'offset' => $offset
    253       );
     249        $users = $wpdb->get_results($sql, ARRAY_A);
     250
     251        $sql = "SELECT COUNT(*) FROM $uTable wu WHERE wu.user_nicename LIKE '{$searchTerm}%';";
     252        $rTotal = $wpdb->get_var($sql);
     253        $total = ceil((int)$rTotal/(int)$rows);
     254
     255        $out = array(
     256          'page' => $page,
     257          'records' => count($users),
     258          'rows' => $users,
     259          'total' => $total,
     260          'offset' => $offset
     261        );
     262      }
     263            else
     264                $out = array(
     265                    'page' => 0,
     266                    'records' => 0,
     267                    'rows' => 0,
     268                    'total' => 0,
     269                    'offset' => 0
     270                );
    254271
    255272      break;
  • simple-ads-manager/trunk/sam-ajax.php

    r997526 r1136202  
    4949$allowed_actions = array(
    5050  'sam_ajax_sam_click',
    51   'sam_ajax_sam_hit',
    5251    'sam_ajax_sam_hits',
    5352  'sam_ajax_sam_maintenance'
     
    8281      break;
    8382
    84     case 'sam_ajax_sam_hit':
    85       if(isset($_POST['id']) && isset($_POST['pid'])) {
    86         $id = $_POST['id'];
    87         $pid = $_POST['pid'];
    88         $cid = ($id == 0) ? $pid : $id;
    89         $result = 0;
    90         //if($id > 0) $sql = "UPDATE $aTable sa SET sa.ad_hits = sa.ad_hits + 1, sa.ad_weight_hits = sa.ad_weight_hits + 1 WHERE sa.id = %d;";
    91         /*if($id > 0) $sql = "UPDATE $aTable sa SET sa.ad_hits = sa.ad_hits + 1 WHERE sa.id = %d;";
    92         elseif($id == 0) $sql = "UPDATE $pTable sp SET sp.patch_hits = sp.patch_hits + 1 WHERE sp.id = %d;";
    93         else $sql = '';*/
    94         $sql = "INSERT INTO $sTable (id, pid, event_time, event_type) VALUES (%d, %d, NOW(), 0);";
    95         if(!empty($sql)) $result = $wpdb->query($wpdb->prepare($sql, $id, $pid));
    96         if($result === 1) echo json_encode(array('success' => true, 'id' => $id, 'pid' => $pid));
    97         else echo json_encode(array(
    98           'success' => false,
    99           'id' => $id,
    100           'pid' => $pid,
    101           'cid' => $cid,
    102           'result' => $result,
    103           'sql' => $wpdb->prepare($sql, $cid)
    104         ));
    105       }
    106       else echo json_encode(array('success' => false));
    107       break;
    108 
    10983      case 'sam_ajax_sam_hits':
    11084          if(isset($_POST['hits']) && is_array($_POST['hits'])) {
     
    11387              $remoteAddr = $_SERVER['REMOTE_ADDR'];
    11488              foreach($hits as $hit) {
    115                   $values .= ((empty($values)) ? '' : ', ') . "({$hit[1]}, {$hit[0]}, NOW(), 0, \"{$remoteAddr}\")";
     89                  if(is_numeric($hit[0]) && is_numeric($hit[1])) {
     90                      $values .= ((empty($values)) ? '' : ', ') . "({$hit[1]}, {$hit[0]}, NOW(), 0, \"{$remoteAddr}\")";
     91                  }
    11692              }
     93        //$values = $wpdb->escape($values);
    11794              $sql = "INSERT INTO $sTable (id, pid, event_time, event_type, remote_addr) VALUES {$values};";
    11895              $result = $wpdb->query($sql);
    119               if($result > 0) echo json_encode(array('success' => true, 'sql' => $sql, 'addr' => $_SERVER['REMOTE_ADDR']));
     96              if($result > 0) echo json_encode(array('success' => true));
    12097              else echo json_encode(array(
    12198                  'success' => false,
    122                   'result' => $result,
     99                  /*'result' => $result,
    123100                  'sql' => $sql,
    124101                  'hits' => $hits,
    125                   'values' => $values
     102                  'values' => $values*/
    126103              ));
    127104          }
  • simple-ads-manager/trunk/sam.class.php

    r1120627 r1136202  
    7575       
    7676      public function __construct() {
    77       define('SAM_VERSION', '2.6.96');
     77      define('SAM_VERSION', '2.7.97');
    7878      define('SAM_DB_VERSION', '2.8');
    7979      define('SAM_PATH', dirname( __FILE__ ));
  • simple-ads-manager/trunk/simple-ads-manager.php

    r1120627 r1136202  
    44Plugin URI: http://www.simplelib.com/archives/wordpress-plugin-simple-ads-manager/
    55Description: "Simple Ads Manager" is easy to use plugin providing a flexible logic of displaying advertisements. Visit <a href="http://www.simplelib.com/">SimpleLib blog</a> for more details.
    6 Version: 2.6.96
     6Version: 2.7.97
    77Author: minimus
    88Author URI: http://blogcoding.ru
Note: See TracChangeset for help on using the changeset viewer.