Plugin Directory

Changeset 2302759


Ignore:
Timestamp:
05/11/2020 03:03:36 PM (5 years ago)
Author:
eemitch
Message:

4.2.8 - Security Fix

Location:
simple-file-list
Files:
6 edited
1 copied

Legend:

Unmodified
Added
Removed
  • simple-file-list/tags/4.2.8/ee-simple-file-list.php

    r2298643 r2302759  
    99Description: A full-featured File List Manager | <a href="https://simplefilelist.com/donations/simple-file-list-project/">Donate</a> | <a href="admin.php?page=ee-simple-file-list&tab=extensions">Add Extensions</a>
    1010Author: Mitchell Bennis
    11 Version: 4.2.7
     11Version: 4.2.8
    1212Author URI: http://simplefilelist.com
    1313License: GPLv2 or later
     
    2222// SFL Versions
    2323
    24 define('eeSFL_Version', '4.2.7'); // Plugin version - DON'T FORGET TO UPDATE ABOVE TOO !!!
     24define('eeSFL_Version', '4.2.8'); // Plugin version - DON'T FORGET TO UPDATE ABOVE TOO !!!
    2525define('eeSFL_DB_Version', '4.2'); // Database structure version - used for eeSFL_VersionCheck()
    26 define('eeSFL_Cache_Version', '7'); // Cache-Buster version for static files - used when updating CSS/JS
     26define('eeSFL_Cache_Version', '8'); // Cache-Buster version for static files - used when updating CSS/JS
    2727
    2828// Our Core
     
    706706            } else {
    707707               
    708                 if(!strpos($eeFileName, '.')) { // Folder, need the trailing slash
    709                     $eeFileName .= '/';
    710                     $eeNewFileName .= '/';
    711                 }
    712                
    713                 $eeSFL->eeSFL_UpdateFileDetail($eeSFL_ID, $eeListFolder . $eeFileName, 'FilePath', $eeListFolder . $eeNewFileName);
    714                
    715                 delete_transient('eeSFL_FileList-' . $eeSFL_ID); // Trigger a re-scan to rebuild thumbnail
     708                delete_transient('eeSFL_FileList-' . $eeSFL_ID); // Trigger a re-scan
    716709               
    717710                return 'SUCCESS';
     
    771764        }
    772765       
    773         if(!strpos($eeFileName, '.')) { // Folder, need the trailing slash
     766        if(!strpos($eeFileName, '.')) { // Folder
    774767            $eeFileName .= '/';
    775768        }
  • simple-file-list/tags/4.2.8/includes/ee-functions.php

    r2298643 r2302759  
    1212    global $eeSFL_Log, $eeSFL_Env;
    1313   
    14     if($eeSFL_Env['eeOS'] == 'WINDOWS') {
    15        
    16         return TRUE; // For now
    17    
    18     } elseif($eeSFL_Env['eeOS'] == 'LINUX') {
     14    if($eeSFL_Env['eeOS'] == 'LINUX') {
    1915   
    2016        $eeUserPath = ABSPATH . dirname($eeFilePath);  // This could be problematic with things like ../
     
    2622        }
    2723       
     24        return TRUE;
     25   
     26    } else {
     27
     28        $eeFilePath = urldecode($eeFilePath);
     29       
     30        if(strpos($eeFilePath, '..') OR strpos($eeFilePath, '..') === 0) {
     31            wp_die('Error 99 :-('); // Bad guy found, bail out :-(
     32        }
     33           
    2834        return TRUE;
    2935    }
     
    425431                    for ($i = 1; $i <= $eeCopyLimit; $i++) { // Look for existing copies
    426432                       
    427                         $eeSFL_FilePathAdded = $eeDir . $eeNameOnly . '_' . $i . '.' . $eeExtension; // Indicate the copy number
     433                        $eeSFL_FilePathAdded = $eeDir . $eeNameOnly . '_(' . $i . ').' . $eeExtension; // Indicate the copy number
    428434                       
    429435                        if(!is_file(ABSPATH . $eeSFL_FilePathAdded)) { break; } // If no copy is there, we're done.
  • simple-file-list/tags/4.2.8/readme.txt

    r2298643 r2302759  
    44Tags: file sharing, file list, file uploader, upload files, share files, exchange files, host files, sort files, dropbox, ftp
    55Requires at least: 4.0
    6 Tested up to: 5.4.1
    7 Stable tag: 4.2.7
     6Tested up to: 5.4
     7Stable tag: 4.2.6
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    185185== Upgrade Notice ==
    186186
    187 * 4.2.7 - Various bug fixes and improvements
     187* 4.2.8 - Security Fix
    188188
    189189
     
    197197== Changelog ==
    198198
     199= 4.2.8 =
     200* Fixed a security issue for non-Linux users who allow front-side file management.
     201
     202
    199203= 4.2.7 =
    200204* Speed and server load improvements.
    201205* Fixed a couple of bugs with sorting.
    202 * Fixed a bug where descriptions were not sticking to folders or files after renaming the file.
     206* Fixed a bug where descriptions were not sticking to folders.
    203207* Improved the French translations, added French-Belgium translations.
    204 * Various other improvements.
    205208
    206209
  • simple-file-list/trunk/ee-simple-file-list.php

    r2298643 r2302759  
    99Description: A full-featured File List Manager | <a href="https://simplefilelist.com/donations/simple-file-list-project/">Donate</a> | <a href="admin.php?page=ee-simple-file-list&tab=extensions">Add Extensions</a>
    1010Author: Mitchell Bennis
    11 Version: 4.2.7
     11Version: 4.2.8
    1212Author URI: http://simplefilelist.com
    1313License: GPLv2 or later
     
    2222// SFL Versions
    2323
    24 define('eeSFL_Version', '4.2.7'); // Plugin version - DON'T FORGET TO UPDATE ABOVE TOO !!!
     24define('eeSFL_Version', '4.2.8'); // Plugin version - DON'T FORGET TO UPDATE ABOVE TOO !!!
    2525define('eeSFL_DB_Version', '4.2'); // Database structure version - used for eeSFL_VersionCheck()
    26 define('eeSFL_Cache_Version', '7'); // Cache-Buster version for static files - used when updating CSS/JS
     26define('eeSFL_Cache_Version', '8'); // Cache-Buster version for static files - used when updating CSS/JS
    2727
    2828// Our Core
     
    706706            } else {
    707707               
    708                 if(!strpos($eeFileName, '.')) { // Folder, need the trailing slash
    709                     $eeFileName .= '/';
    710                     $eeNewFileName .= '/';
    711                 }
    712                
    713                 $eeSFL->eeSFL_UpdateFileDetail($eeSFL_ID, $eeListFolder . $eeFileName, 'FilePath', $eeListFolder . $eeNewFileName);
    714                
    715                 delete_transient('eeSFL_FileList-' . $eeSFL_ID); // Trigger a re-scan to rebuild thumbnail
     708                delete_transient('eeSFL_FileList-' . $eeSFL_ID); // Trigger a re-scan
    716709               
    717710                return 'SUCCESS';
     
    771764        }
    772765       
    773         if(!strpos($eeFileName, '.')) { // Folder, need the trailing slash
     766        if(!strpos($eeFileName, '.')) { // Folder
    774767            $eeFileName .= '/';
    775768        }
  • simple-file-list/trunk/includes/ee-functions.php

    r2298643 r2302759  
    1212    global $eeSFL_Log, $eeSFL_Env;
    1313   
    14     if($eeSFL_Env['eeOS'] == 'WINDOWS') {
    15        
    16         return TRUE; // For now
    17    
    18     } elseif($eeSFL_Env['eeOS'] == 'LINUX') {
     14    if($eeSFL_Env['eeOS'] == 'LINUX') {
    1915   
    2016        $eeUserPath = ABSPATH . dirname($eeFilePath);  // This could be problematic with things like ../
     
    2622        }
    2723       
     24        return TRUE;
     25   
     26    } else {
     27
     28        $eeFilePath = urldecode($eeFilePath);
     29       
     30        if(strpos($eeFilePath, '..') OR strpos($eeFilePath, '..') === 0) {
     31            wp_die('Error 99 :-('); // Bad guy found, bail out :-(
     32        }
     33           
    2834        return TRUE;
    2935    }
     
    425431                    for ($i = 1; $i <= $eeCopyLimit; $i++) { // Look for existing copies
    426432                       
    427                         $eeSFL_FilePathAdded = $eeDir . $eeNameOnly . '_' . $i . '.' . $eeExtension; // Indicate the copy number
     433                        $eeSFL_FilePathAdded = $eeDir . $eeNameOnly . '_(' . $i . ').' . $eeExtension; // Indicate the copy number
    428434                       
    429435                        if(!is_file(ABSPATH . $eeSFL_FilePathAdded)) { break; } // If no copy is there, we're done.
  • simple-file-list/trunk/readme.txt

    r2298643 r2302759  
    44Tags: file sharing, file list, file uploader, upload files, share files, exchange files, host files, sort files, dropbox, ftp
    55Requires at least: 4.0
    6 Tested up to: 5.4.1
    7 Stable tag: 4.2.7
     6Tested up to: 5.4
     7Stable tag: 4.2.6
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    185185== Upgrade Notice ==
    186186
    187 * 4.2.7 - Various bug fixes and improvements
     187* 4.2.8 - Security Fix
    188188
    189189
     
    197197== Changelog ==
    198198
     199= 4.2.8 =
     200* Fixed a security issue for non-Linux users who allow front-side file management.
     201
     202
    199203= 4.2.7 =
    200204* Speed and server load improvements.
    201205* Fixed a couple of bugs with sorting.
    202 * Fixed a bug where descriptions were not sticking to folders or files after renaming the file.
     206* Fixed a bug where descriptions were not sticking to folders.
    203207* Improved the French translations, added French-Belgium translations.
    204 * Various other improvements.
    205208
    206209
Note: See TracChangeset for help on using the changeset viewer.