WordPress.org

Plugin Directory

Changeset 695870


Ignore:
Timestamp:
04/11/13 10:39:52 (13 months ago)
Author:
donncha
Message:

Remove mfunc, mclude and dynamic-cached-content tags from comments. Props Frank Goossen (http://blog.futtta.be/2013/04/10/wp-safer-cache-stopgap-for-wordpress-cache-plugins-vulnerability/) and kisscsaby (http://wordpress.org/support/topic/pwn3d?replies=6)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • wp-super-cache/trunk/wp-cache.php

    r616692 r695870  
    31383138add_action( 'wp_before_admin_bar_render', 'supercache_admin_bar_render' ); 
    31393139 
     3140add_filter( 'preprocess_comment','no_mfunc_in_comments' ); 
     3141add_filter( 'comment_text','no_mfunc_in_comments' ); 
     3142add_filter( 'comment_excerpt','no_mfunc_in_comments' ); 
     3143add_filter( 'comment_text_rss','no_mfunc_in_comments' ); 
     3144 
     3145function no_mfunc_in_comments( $comment_data ) { 
     3146    if ( is_array( $comment_data ) ) 
     3147        $text = $comment_data[ 'comment_content' ]; 
     3148    else 
     3149        $text = $comment_data; 
     3150 
     3151    if ( preg_match( '/<!--\s*mclude|<!--\s*mfunc|<!--\s*dynamic-cached-content/i', $text )) {  
     3152        $text = preg_replace( '#(<!--\s*(mclude|mfunc|dynamic-cached-content).*<!-+\s*/\s*(mfunc|mclude|dynamic-cached-content)\s*-+>)#ism','<!-- unsafe comment zapped -->', $text ); 
     3153        if ( is_array( $comment_data ) ) 
     3154            $comment_data[ 'comment_content' ] = $text; 
     3155        else 
     3156            $comment_data = $text; 
     3157    } 
     3158    return $comment_data; 
     3159} 
    31403160?> 
Note: See TracChangeset for help on using the changeset viewer.