WordPress.org

Plugin Directory

Changeset 682420


Ignore:
Timestamp:
03/15/13 15:13:49 (2 years ago)
Author:
mailup
Message:

Security vulnerability has been patched with is_user_logged_in() and now submitted to first review

Location:
wp-mailup/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • wp-mailup/trunk/ajax.functions.php

    r676428 r682420  
    55 */ 
    66  
     7// Remove the two lines below when debugging 
     8// ini_set('display_errors',1);  
     9// error_reporting(E_ALL); 
     10  
    711$logged_in = false; 
    8 if (count($_COOKIE)) { 
    9     foreach ($_COOKIE as $key => $val) { 
    10         if (substr($key, 0, 19) === "wordpress_logged_in") { 
    11              $logged_in = true; 
    12         } 
    13     } 
     12include_once "myPluggable.php"; 
     13 
     14 
     15 
     16//if ( current_user_can( 'manage_options' ) ) /* Not used because this message is returned: Fatal error: Call to undefined function wp_get_current_user() in /usr/local/www/vhosts/wpress.xrider.it/httpdocs/wp-includes/capabilities.php on line 1281 */ 
     17 
     18if( is_user_logged_in() )  
     19{ 
     20    $logged_in = true; 
     21         
     22    /* This commented block was active in 1.3.2 but it has been replaced by "is_user_logged_in" (see above)  
     23       due to security vulnerability that has been reported on "http://wpsecure.net/2013/03/mailup-plugin-ajax/"   
     24    if (count($_COOKIE)) { 
     25        foreach ($_COOKIE as $key => $val) { 
     26            if (substr($key, 0, 19) === "wordpress_logged_in") { 
     27                 $logged_in = true; 
     28            } 
     29        } 
     30    } 
     31    */ 
    1432} 
     33 
    1534 
    1635if(@$_REQUEST['formData'] == 'save') 
     
    2039    } 
    2140    else { 
    22         echo 'ACCESS DENIED'; 
     41        echo 'ACCESS DENIED (1)'; 
    2342    } 
    2443} 
     
    85104        $wpmailup['mobileDisplayedName'] = $_REQUEST['mobile-displayed-name']; 
    86105         
    87         $wpmailup['successMessage'] = $_REQUEST['success-message']; 
    88         $wpmailup['genericError'] = $_REQUEST['generic-error']; 
    89         $wpmailup['invalidAddress'] = $_REQUEST['invalid-address']; 
    90         $wpmailup['invalidPhone'] = $_REQUEST['invalid-phone']; 
    91         $wpmailup['alreadyPresent'] = $_REQUEST['already-present']; 
    92         $wpmailup['fieldRequired'] = $_REQUEST['field-required']; 
    93         $wpmailup['termsNotAgreed'] = $_REQUEST['terms-not-agreed']; 
    94         $wpmailup['termsConfirm'] = $_REQUEST['terms-confirm'];      
     106        $wpmailup['successMessage'] = stripslashes($_REQUEST['success-message']); 
     107        $wpmailup['genericError'] = stripslashes($_REQUEST['generic-error']); 
     108        $wpmailup['invalidAddress'] = stripslashes($_REQUEST['invalid-address']); 
     109        $wpmailup['invalidPhone'] = stripslashes($_REQUEST['invalid-phone']); 
     110        $wpmailup['alreadyPresent'] = stripslashes($_REQUEST['already-present']); 
     111        $wpmailup['fieldRequired'] = stripslashes($_REQUEST['field-required']); 
     112        $wpmailup['termsNotAgreed'] = stripslashes($_REQUEST['terms-not-agreed']); 
     113        $wpmailup['termsConfirm'] = stripslashes($_REQUEST['terms-confirm']);        
    95114        $tmp = $_REQUEST[('terms-n-con')]; 
    96115        $tmp=stripslashes($tmp); // see MailUp ticket 091-1874209D-0204 
     
    106125 
    107126if(@$_REQUEST['formData'] == 'load') 
    108 { 
    109     add_action('init', 'wpmailup_load_config'); 
     127{        
     128    if($logged_in){ 
     129        add_action('init', 'wpmailup_load_config'); 
     130    } 
     131    else { 
     132        echo 'ACCESS DENIED (2)'; 
     133    } 
     134     
    110135} 
     136 
     137 
    111138 
    112139function wpmailup_load_config() 
     
    118145} 
    119146 
     147 
    120148?> 
  • wp-mailup/trunk/display-setting.php

    r676428 r682420  
    417417            jQ.post('<?php echo $_SERVER['PHP_SELF']; ?>', {"formData":"load"}, function(data){ 
    418418                //console.log(data); 
     419                 
    419420                /* 
    420421                    Fill the form data 
  • wp-mailup/trunk/display-widget.php

    r676428 r682420  
    22    error_reporting(0); 
    33    $wpmailup = unserialize(get_option('wpmailup')); 
    4     /*exit('<pre>' . print_r($wpmailup, true) . '</pre>');*/ 
     4    /* exit('<pre>' . print_r($wpmailup, true) . '</pre>'); */ 
    55     
    66    $text_field_size = 22; 
  • wp-mailup/trunk/readme.txt

    r676439 r682420  
    33Tags: email marketing, e-mail marketing, newsletter sending, newsletter marketing, email signup, e-mail sign-up, subscription form, subscribe form, registration form, sms signup, newsletter, email, smtp, bulk, sms, send, list, subscribe, form, marketing, widget, plugin, feedburner, subscription, email newsletter form, email widget, emails, newsletter form, newsletter plugin, newsletter signup, newsletter widget, newsletters, signup, iscrizione, mailup 
    44Requires at least: 3.0 
    5 Tested up to: 3.5.1 
     5Tested up to: 3.5 
    66Stable tag: 1.3.2 
    77 
Note: See TracChangeset for help on using the changeset viewer.