WordPress.org

Plugin Directory

Changeset 379407


Ignore:
Timestamp:
05/01/11 07:30:20 (3 years ago)
Author:
ldebrouwer
Message:

Added support for detecting javascript in the plugin headers

Location:
wp-plugin-security-check/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • wp-plugin-security-check/trunk/readme.txt

    r379097 r379407  
    55Requires at least: 3.1 
    66Tested up to: 3.1.1 
    7 Stable tag: 0.3 
     7Stable tag: 0.4 
    88 
    99WP Plugin Security Check checks if your WordPress plugins are 'safe'. 
     
    3131== Changelog == 
    3232 
     33= 0.4 = 
     34* Added support for detecting javascript in the plugin headers. 
     35* Squashed a minor bug. Thanks to Julio Potier. 
     36 
    3337= 0.3 = 
    3438* Added another way to check for image files to reduce the number of false positives. 
  • wp-plugin-security-check/trunk/wp-plugin-security-check.php

    r379097 r379407  
    44 * Plugin URI: http://www.lucdebrouwer.nl/wordpress-plugin-wp-plugin-security-check/ 
    55 * Description: WP Plugin Security Check checks if your WordPress plugins are 'safe'. 
    6  * Version: 0.3 
     6 * Version: 0.4 
    77 * Author: Luc De Brouwer 
    88 * Author URI: http://www.lucdebrouwer.nl/ 
     
    4646        return false; 
    4747    } 
     48} 
     49 
     50function LDB_wp_plugin_security_check_data( $plugin ) { 
     51    $hit = false; 
     52    foreach( $plugin as $key => $value ){ 
     53        $regexp = '/<script/'; 
     54        if( preg_match_all( $regexp, strtolower( $value ), $matches ) ) { 
     55            $hit = true; 
     56        } 
     57    } 
     58    return $hit; 
    4859} 
    4960 
     
    160171    $safe = true; 
    161172    $class = 'safe'; 
     173    $data_hit = LDB_wp_plugin_security_check_data( $plugins[$plugins_keys[$p]] ); 
     174    if( $data_hit ) { 
     175        $class = 'unsafe'; 
     176        $hitlist[] = array( array('Javascript detected in plugin headers', 'warning') ); 
     177    } 
    162178    for( $f = 0, $fc = count( $plugin_files ); $f < $fc; $f++ ){ 
    163179        $hit = LDB_wp_plugin_security_check( $plugin_files[$f] ); 
     
    177193?> 
    178194                <div class="wp_plugin_security_check_plugin <?php if( $safe ){ echo $class; } else { echo $class; }?>"> 
    179                     <h4><?php echo $plugins[$plugins_keys[$p]]['Name']; ?></h4> 
     195                    <h4><?php echo esc_attr($plugins[$plugins_keys[$p]]['Name']); ?></h4> 
    180196<?php 
    181197    if( count( $hitlist ) > 0 ){ 
Note: See TracChangeset for help on using the changeset viewer.