WordPress.org

Plugin Directory

Changeset 1630687


Ignore:
Timestamp:
04/06/17 05:33:25 (7 months ago)
Author:
rohitashv
Message:

Removed Plugin Vulnerability found. Special Thanks to Mr. Ashutosh Singh graduate Student at Carnegie Mellon University to find such Vulnerability

Location:
emarksheet
Files:
43 added
6 edited

Legend:

Unmodified
Added
Removed
  • emarksheet/trunk/emarksheet.php

    r1378469 r1630687  
    22/* 
    33Plugin Name: Online Marksheet Creator : eMarksheet 
    4 Plugin URI: http://impulsesoftech.com 
     4Plugin URI: http://singhalrohitashv.com 
    55Description: This is a simple and unique wordpress plugin to create a simple marksheet using wordpress. You can also give a link to your users to see the result and print it. 
    66Author: rohitashv 
    7 Version: 3.2 
     7Version: 3.9 
    88Author URI: http://singhalrohitashv.com 
    99*/ 
  • emarksheet/trunk/menu-pages/emark_add_class.php

    r941412 r1630687  
    77if(isset($_POST['addsubject'])) 
    88{ 
    9     $subname = $_POST['name']; 
     9    $subname = strip_tags($_POST['name']); 
    1010    $insert_query="insert into `emarksheet_class`(`id`,`class_name`) values('','$subname')"; 
    1111    $wpdb->query($insert_query); 
     
    1414if(isset($_POST['update_name'])) 
    1515{ 
    16     $up_su_n = $_POST['up_su_n']; 
    17     $up_su_id = $_POST['up_id']; 
     16    $up_su_n = strip_tags($_POST['up_su_n']); 
     17    $up_su_id = strip_tags($_POST['up_id']); 
    1818    $update_query = "update `emarksheet_class` set `class_name`='$up_su_n' where `id`='$up_su_id'"; 
    1919    $wpdb->query($update_query); 
  • emarksheet/trunk/menu-pages/emark_add_student.php

    r941412 r1630687  
    1010if(isset($_POST['enroll'])) 
    1111{ 
    12     $class = $_POST['class_n']; 
    13     $roll_n = $_POST['roll_number']; 
    14     $first_n = $_POST['first_n']; 
    15     $last_n = $_POST['last_n']; 
    16     $father_n = $_POST['f_name']; 
    17     $mother_n = $_POST['m_name']; 
    18     $dob_date = $_POST['dob_date']; 
    19     $dob_m= $_POST['dob_month']; 
    20     $dob_y = $_POST['dob_year']; 
     12    $class = strip_tags($_POST['class_n']); 
     13    $roll_n = strip_tags($_POST['roll_number']); 
     14    $first_n = strip_tags($_POST['first_n']); 
     15    $last_n = strip_tags($_POST['last_n']); 
     16    $father_n = strip_tags($_POST['f_name']); 
     17    $mother_n = strip_tags($_POST['m_name']); 
     18    $dob_date = strip_tags($_POST['dob_date']); 
     19    $dob_m= strip_tags($_POST['dob_month']); 
     20    $dob_y = strip_tags($_POST['dob_year']); 
    2121    $insert_query="insert into `emarksheet_student`(`id`,`class_id`,`roll_no`,`first_n`,`last_n`,`father_n`,`mother_n`,`dob_date` ,`dob_month`,`dob_year`) values('','$class','$roll_n','$first_n','$last_n','$father_n','$mother_n','$dob_date','$dob_m','$dob_y')"; 
    2222    $wpdb->query($insert_query); 
  • emarksheet/trunk/menu-pages/emark_add_sub.php

    r958028 r1630687  
    1313if(isset($_POST['add_quiz'])) 
    1414{ 
    15     $quiz_n = $_POST['qz_n']; 
    16     $sub_id = $_POST['sub_nm']; 
    17     $tot_m = $_POST['tot_m']; 
    18     $min_pass = $_POST['min_pass']; 
     15    $quiz_n = strip_tags($_POST['qz_n']); 
     16    $sub_id = strip_tags($_POST['sub_nm']); 
     17    $tot_m = strip_tags($_POST['tot_m']); 
     18    $min_pass = strip_tags($_POST['min_pass']); 
    1919    $insert_queryr = "insert into `emarksheet_subject`(`id`,`class`,`sub_name`,`min_pass`,`total_marks`) values('','$sub_id','$quiz_n','$min_pass','$tot_m')"; 
    2020    $wpdb->query($insert_queryr); 
     
    2424if(isset($_POST['update_name'])) 
    2525{ 
    26     $up_su_n = $_POST['up_su_n']; 
    27     $up_su_id = $_POST['up_id']; 
    28     $up_su_ss = $_POST['sub_nm']; 
    29     $up_su_tm = $_POST['tot_m']; 
    30     $up_su_mp = $_POST['min_pass']; 
     26    $up_su_n = strip_tags($_POST['up_su_n']); 
     27    $up_su_id = strip_tags($_POST['up_id']); 
     28    $up_su_ss = strip_tags($_POST['sub_nm']); 
     29    $up_su_tm = strip_tags($_POST['tot_m']); 
     30    $up_su_mp = strip_tags($_POST['min_pass']); 
    3131    $update_query = "update `emarksheet_subject` set `sub_name`='$up_su_n',`class`='$up_su_ss',`total_marks`='$up_su_tm',`min_pass`='$up_su_mp' where `id`='$up_su_id'"; 
    3232    $wpdb->query($update_query); 
  • emarksheet/trunk/menu-pages/settings.php

    r941412 r1630687  
    77if(isset($_POST['save'])) 
    88{ 
    9     $name_sc = $_POST['sch_name']; 
    10     $address = $_POST['address']; 
    11     $district = $_POST['district']; 
    12     $state = $_POST['state']; 
    13     $phone_n  = $_POST['phone_n']; 
    14     $principal = $_POST['principle']; 
     9    $name_sc = strip_tags($_POST['sch_name']); 
     10    $address = strip_tags($_POST['address']); 
     11    $district = strip_tags($_POST['district']); 
     12    $state = strip_tags($_POST['state']); 
     13    $phone_n  = strip_tags($_POST['phone_n']); 
     14    $principal = strip_tags($_POST['principle']); 
    1515    $insert_q = "insert into `emarksheet_setting`(`id`,`school_name`,`address`,`district`,`state`,`phone`,`name_of_principal`) values('','$name_sc','$address','$district','$state','$phone_n','$principal')"; 
    1616    $wpdb->query($insert_q); 
  • emarksheet/trunk/readme.txt

    r1378469 r1630687  
    44Tags: emarksheet, online marksheet creator, create marksheet online, online marksheet 
    55Requires at least: 4.0 
    6 Stable tag: 3.2 
     6Stable tag: 3.9 
    77 
    88This is a simple and unique wordpress plugin to create a simple marksheet using wordpress. You can also give a link to your users to see the result and print it. 
     
    4545For Support Go to Link : 
    4646 
    47 http://impulsesoftech.com/forum/ 
     47http://singhalrohitashv.com 
    4848 
    4949or discuss more about it you can send a mail on ucerturohit@gmail.com 
     
    9696=3.2= 
    9797minor bug resolved 
     98 
     99=3.9= 
     100Removed Plugin Vulnerability found. Special Thanks to Mr. Ashutosh Singh graduate Student at Carnegie Mellon University to find such Vulnerability 
Note: See TracChangeset for help on using the changeset viewer.