Plugin Directory

Changeset 541069


Ignore:
Timestamp:
05/07/2012 08:10:46 PM (13 years ago)
Author:
netweblogic
Message:

fixed trunk xss bug, updated readme stable version to 3.0.4.1

Location:
login-with-ajax/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • login-with-ajax/trunk/login-with-ajax-admin.php

    r361572 r541069  
    119119                        <h3 class="hndle">Plugin Information</h3>
    120120                        <div class="inside">
    121                             <p>This plugin was developed by <a href="http://twitter.com/marcussykes">Marcus Sykes</a> @ <a href="http://netweblogic.com">NetWebLogic</a></p>
    122                             <p>Please visit <a href="http://netweblogic.com/forums/">our forum</a> for plugin support.</p>
     121                            <p>This plugin was developed by <a href="http://msyk.es">Marcus Sykes</a> @ <a href="http://netweblogic.com">NetWebLogic</a></p>
     122                            <p>Please visit <a href="http://wordpress.org/tags/login-with-ajax?forum_id=10">the WordPress forum</a> for plugin support.</p>
    123123                            <p>If you'd like to translate this plugin, the language files are in the langs folder. Please email any translations to wp.plugins@netweblogic.com and we'll incorporate it into the plugin.</p>
    124124                        </div>
  • login-with-ajax/trunk/login-with-ajax.php

    r404884 r541069  
    33Plugin Name: Login With Ajax
    44Plugin URI: http://netweblogic.com/wordpress/plugins/login-with-ajax/
    5 Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area. 
     5Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area.
    66Author: NetWebLogic
    7 Version: 3.0.4
     7Version: 3.0.5
    88Author URI: http://netweblogic.com/
    99Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
     
    2525*/
    2626class LoginWithAjax {
    27    
     27
    2828    /**
    2929     * If logged in upon instantiation, it is a user object.
     
    5050     * @var string
    5151     */
    52     var $footer_loc;   
     52    var $footer_loc;
    5353    /**
    5454     * URL for the AJAX Login procedure in templates (including callback and template parameters)
     
    6666     */
    6767    var $url_register;
    68    
    69    
    70    
     68
     69
     70
    7171    // Class initialization
    7272    function LoginWithAjax() {
     
    7474        add_action( 'widgets_init', array(&$this,'init') );
    7575    }
    76    
     76
    7777    // Actions to take upon initial action hook
    7878    function init(){
     
    8181        //Remember the current user, in case there is a logout
    8282        $this->current_user = wp_get_current_user();
    83            
     83
    8484        //Get Templates from theme and default by checking for folders - we assume a template works if a folder exists!
    8585        //Note that duplicate template names are overwritten in this order of precedence (highest to lowest) - Child Theme > Parent Theme > Plugin Defaults
     
    8888        //Now, the parent theme (if exists)
    8989        if( get_stylesheet_directory() != get_template_directory() ){
    90             $this->find_templates( get_template_directory().'/plugins/login-with-ajax/' );             
    91         }   
     90            $this->find_templates( get_template_directory().'/plugins/login-with-ajax/' );
     91        }
    9292        //Finally, the child theme
    9393        $this->find_templates( get_stylesheet_directory().'/plugins/login-with-ajax/' );
    94        
     94
    9595        //Generate URLs for login, remember, and register
    9696        $this->url_login = $this->template_link(site_url('wp-login.php', 'login_post'));
    9797        $this->url_register = $this->template_link(site_url('wp-login.php?action=register', 'login_post'));
    9898        $this->url_remember = $this->template_link(site_url('wp-login.php?action=lostpassword', 'login_post'));
    99        
     99
    100100        //Make decision on what to display
    101101        if ( isset($_REQUEST["login-with-ajax"]) ) { //AJAX Request
     
    118118                    wp_enqueue_script( "login-with-ajax", $plugin_url."/widget/login-with-ajax.js", array( 'jquery' ) );
    119119                }
    120                
    121                 //Enqueue stylesheets - Only one style enqueued here.... theme CSS takes priority, then default CSS 
     120
     121                //Enqueue stylesheets - Only one style enqueued here.... theme CSS takes priority, then default CSS
    122122                //The concept here is one stylesheet is loaded which will work for multiple templates.
    123123                if( file_exists(get_stylesheet_directory().'/plugins/login-with-ajax/widget.css') ){ //Child Theme (or just theme)
     
    129129                }
    130130            }
    131            
     131
    132132            //Register widget
    133133            register_widget("LoginWithAjaxWidget");
    134            
     134
    135135            //Add logout/in redirection
    136136            add_action('login_form_register', array(&$this, 'register'));
    137137            add_action('wp_logout', array(&$this, 'logoutRedirect'));
    138138            add_action('logout_url', array(&$this, 'logoutUrl'));
    139             add_action('login_redirect', array(&$this, 'loginRedirect'), 1, 3); 
     139            add_action('login_redirect', array(&$this, 'loginRedirect'), 1, 3);
    140140            add_shortcode('login-with-ajax', array(&$this, 'shortcode'));
    141141            add_shortcode('lwa', array(&$this, 'shortcode'));
    142            
    143         }
    144     }
    145    
     142
     143        }
     144    }
     145
    146146    /*
    147147     * LOGIN OPERATIONS
    148148     */
    149    
     149
    150150    // Decides what action to take from the ajax request
    151151    function ajax(){
     
    164164        exit();
    165165    }
    166    
     166
    167167    // Reads ajax login creds via POSt, calls the login script and interprets the result
    168168    function login(){
     
    187187                    $query_vars = ($_GET['template'] != '') ? "&template={$_GET['template']}" : '';
    188188                    $query_vars .= ($_REQUEST['lwa_profile_link'] == '1') ? "&lwa_profile_link=1" : '';
    189                     $return['widget'] = get_bloginfo('wpurl')."?login-with-ajax-widget=1$query_vars";   
    190                     $return['message'] = __("Login successful, updating...",'login-with-ajax');         
     189                    $return['widget'] = get_bloginfo('wpurl')."?login-with-ajax-widget=1$query_vars";
     190                    $return['message'] = __("Login successful, updating...",'login-with-ajax');
    191191                }
    192192            } elseif ( strtolower(get_class($loginResult)) == 'wp_error' ) {
     
    207207        return $return;
    208208    }
    209    
     209
    210210    /**
    211211     * Checks post data and registers user
     
    232232        }
    233233    }
    234    
     234
    235235    // Reads ajax login creds via POSt, calls the login script and interprets the result
    236236    function remember(){
    237237        $return = array(); //What we send back
    238238        $result = retrieve_password();
    239        
     239
    240240        if ( $result === true ) {
    241241            //Password correctly remembered
     
    255255        return $return;
    256256    }
    257    
    258     //Added fix for 
     257
     258    //Added fix for
    259259    function logoutUrl( $logout_url ){
    260260        //Add ICL if necessary
     
    265265        return $logout_url;
    266266    }
    267    
     267
    268268    /*
    269269     * Redirect Functions
    270270     */
    271    
     271
    272272    function logoutRedirect(){
    273273        $redirect = $this->getLogoutRedirect();
     
    277277        }
    278278    }
    279    
     279
    280280    function getLogoutRedirect(){
    281281        $data = $this->data;
     
    289289            if( isset($data["logout_redirect_".$code]) ){
    290290                $redirect = $data["logout_redirect_".$code];
    291             }           
     291            }
    292292        }
    293293        //Role based redirect
     
    298298            if( !empty($data["role_logout"]) && is_array($data["role_logout"]) && isset($data["role_logout"][$user_role]) ){
    299299                $redirect = $data["role_logout"][$user_role];
    300             }   
     300            }
    301301            //Check for language redirects based on roles
    302302            if( !empty($_REQUEST['icl_language_code']) ){
    303303                if( isset($data["role_logout"][$user_role."_".$code]) ){
    304304                    $redirect = $data["role_logout"][$user_role."_".$code];
    305                 }           
    306             }       
     305                }
     306            }
    307307        }
    308308        $redirect = str_replace("%LASTURL%", $_SERVER['HTTP_REFERER'], $redirect);
    309309        if( !empty($_REQUEST['icl_language_code']) ){
    310             $redirect = str_replace("%LANG%", $code.'/', $redirect);           
     310            $redirect = str_replace("%LANG%", $code.'/', $redirect);
    311311        }
    312312        return $redirect;
    313313    }
    314    
     314
    315315    function loginRedirect( $redirect, $redirect_notsurewhatthisis, $user ){
    316316        $data = $this->data;
    317317        if(is_user_logged_in()){
    318             $lwa_redirect = $this->getLoginRedirect($user); 
     318            $lwa_redirect = $this->getLoginRedirect($user);
    319319            if( $lwa_redirect != '' ){
    320320                wp_redirect($lwa_redirect);
     
    324324        return $redirect;
    325325    }
    326    
     326
    327327    function getLoginRedirect($user){
    328         $data = $this->data;   
     328        $data = $this->data;
    329329        //Global redirect
    330330        if($data['login_redirect'] != ''){
     
    336336            if( isset($data["login_redirect_".$code]) ){
    337337                $redirect = $data["login_redirect_".$code];
    338             }           
     338            }
    339339        }
    340340        //Role based redirects
     
    343343            if( isset($data["role_login"][$user_role]) ){
    344344                $redirect = $data["role_login"][$user_role];
    345             }   
     345            }
    346346            //Check for language redirects based on roles
    347347            if( !empty($_REQUEST['icl_language_code']) ){
    348348                if( isset($data["role_login"][$user_role."_".$code]) ){
    349349                    $redirect = $data["role_login"][$user_role."_".$code];
    350                 }           
    351             }
    352         }
    353         //Do string replacements   
     350                }
     351            }
     352        }
     353        //Do string replacements
    354354        $redirect = str_replace('%USERNAME%', $user->user_login, $redirect);
    355355        $redirect = str_replace("%LASTURL%", $_SERVER['HTTP_REFERER'], $redirect);
    356356        if( !empty($_REQUEST['icl_language_code']) ){
    357             $redirect = str_replace("%LANG%", $code.'/', $redirect);           
     357            $redirect = str_replace("%LANG%", $code.'/', $redirect);
    358358        }
    359359        return $redirect;
    360360    }
    361    
     361
    362362    /*
    363363     * WIDGET OPERATIONS
    364364     */
    365    
     365
    366366    function widget($args, $instance = array() ){
    367367        //Extract widget arguments
     
    390390        }
    391391    }
    392    
     392
    393393    function shortcode($atts){
    394394        $defaults = array( 'is_widget' => false, 'profile_link' => false, 'registration' => 1 );
     
    398398        return ob_get_clean();
    399399    }
    400    
     400
    401401    function new_user_notification($user_login, $plaintext_pass, $user_email, $blogname){
    402402        //Copied out of /wp-includes/pluggable.php
     
    406406        $message = str_replace('%BLOGNAME%', $blogname, $message);
    407407        $message = str_replace('%BLOGURL%', get_bloginfo('wpurl'), $message);
    408        
     408
    409409        $subject = $this->data['notification_subject'];
    410410        $subject = str_replace('%BLOGNAME%', $blogname, $subject);
    411411        $subject = str_replace('%BLOGURL%', get_bloginfo('wpurl'), $subject);
    412            
     412
    413413        wp_mail($user_email, $subject, $message);
    414     }   
    415    
     414    }
     415
    416416    /*
    417417     * Auxillary Functions
    418418     */
    419    
     419
    420420    //Checks a directory for folders and populates the template file
    421     function find_templates($dir){ 
     421    function find_templates($dir){
    422422        if (is_dir($dir)) {
    423423            if ($dh = opendir($dir)) {
     
    432432        }
    433433    }
    434    
     434
    435435    //Add template link and JSON callback var to the URL
    436436    function template_link( $content ){
     
    442442        return $content;
    443443    }
    444    
     444
    445445    //PHP4 Safe JSON encoding
    446446    function json_encode($array){
     
    450450            $return = $this->array_to_json($array);
    451451        }
    452         if( isset($_REQUEST['callback']) ){
     452        if( isset($_REQUEST['callback']) && preg_match("/^jQuery[_a-zA-Z0-9]+$/", $_REQUEST['callback']) ){
    453453            $return = $_REQUEST['callback']."($return)";
    454454        }
     
    499499            // Then we collapse the staging array into the JSON form:
    500500            $result = "[ " . implode( ", ", $construct ) . " ]";
    501         }       
     501        }
    502502        return $result;
    503503    }
     
    505505//Add translation
    506506function lwa_load_plugin_textdomain(){
    507     load_plugin_textdomain('login-with-ajax', false, "login-with-ajax/langs"); 
    508 } 
     507    load_plugin_textdomain('login-with-ajax', false, "login-with-ajax/langs");
     508}
    509509add_action('plugins_loaded','lwa_load_plugin_textdomain');
    510510
     
    530530
    531531// Start plugin
    532 global $LoginWithAjax; 
     532global $LoginWithAjax;
    533533$LoginWithAjax = new LoginWithAjax();
    534534
  • login-with-ajax/trunk/readme.txt

    r506873 r541069  
    55Requires at least: 2.8
    66Tested up to: 3.3.1
    7 Stable tag: 3.0.4
     7Stable tag: 3.0.4.1
    88
    99Add smooth ajax login and registration effects to your blog and choose where users get redirected upon login/logout. Supports SSL, MU, and BuddyPress.
     
    211211* added registration attribute to template tags/shortcode
    212212
     213= 3.0.4.1 =
     214* fixed xss vulnerability for re-enlistment on wordpress repo, more on the way
     215
    213216= 3.0.5 =
    214217* fixed json_encode issue
Note: See TracChangeset for help on using the changeset viewer.