Plugin Directory

Changeset 555124 for wpstorecart


Ignore:
Timestamp:
06/09/2012 12:35:36 AM (13 years ago)
Author:
jquindlen
Message:

2.5.30

  • Fixed: Security vulnerability patched
Location:
wpstorecart
Files:
662 added
3 edited

Legend:

Unmodified
Added
Removed
  • wpstorecart/trunk/php/upload.php

    r464415 r555124  
    1313if (isset($wpStoreCart)) {
    1414
     15        $wpStoreCartOptions = get_option('wpStoreCartAdminOptions'); 
     16        if(!isset($_POST['wpstorecart_download_hash'])) {die("death 1");}
     17       
     18        if( $_POST['wpstorecart_download_hash'] != $wpStoreCartOptions['wpstorecart_download_hash'] ) {
     19            die("death 2");
     20        }   
     21   
    1522    /* Handles the error output. This error message will be sent to the uploadSuccess event handler.  The event handler
    1623    will have to check for any error messages and react as needed. */
  • wpstorecart/trunk/readme.txt

    r553286 r555124  
    55Requires at least: 3.0.0
    66Tested up to: 3.4
    7 Stable tag: 2.5.29
     7Stable tag: 2.5.30
    88
    99The next generation of Wordpress ecommerce.  Easy to use & fully customizable, it's the store front of the future; today.
     
    8585
    8686== Changelog ==
     87
     88= 2.5.30 =
     89* Fixed: Security vulnerability patched
    8790
    8891= 2.5.29 =
     
    615618== Upgrade Notice ==
    616619
     620= 2.5.30 =
     621* Important Security Update! Please update now!
     622
    617623= 2.5.24 =
    618624* Important Security Update! Please update now!
  • wpstorecart/trunk/wpstorecart.php

    r553286 r555124  
    44Plugin URI: http://wpstorecart.com/
    55Description: <a href="http://wpstorecart.com/" target="blank">wpStoreCart</a> is a powerful, yet simple to use e-commerce Wordpress plugin that accepts PayPal & more out of the box. It includes multiple widgets, dashboard widgets, shortcodes, and works using Wordpress pages to keep everything nice and simple.
    6 Version: 2.5.29
     6Version: 2.5.30
    77Author: wpStoreCart, LLC
    88Author URI: http://wpstorecart.com/
     
    2929 *
    3030 * @package wpstorecart
    31  * @version 2.5.29
     31 * @version 2.5.30
    3232 * @author wpStoreCart, LLC <admin@wpstorecart.com>
    3333 * @copyright Copyright &copy; 2010, 2011, 2012 wpStoreCart, LLC.  All rights reserved.
     
    5252
    5353//Global variables:
    54 $wpstorecart_version = '2.5.29';
    55 $wpstorecart_version_int = 205029; // Mm_p__ which is 1 digit for Major, 2 for minor, and 3 digits for patch updates, so version 2.0.14 would be 200014
     54$wpstorecart_version = '2.5.30';
     55$wpstorecart_version_int = 205030; // Mm_p__ which is 1 digit for Major, 2 for minor, and 3 digits for patch updates, so version 2.0.14 would be 200014
    5656$wpstorecart_db_version = $wpstorecart_version_int; // Legacy, used to check db version
    5757$testing_mode = false; // Enables or disables testing mode.  Should be set to false unless using on a test site, with test data, with no actual customers
     
    12761276                                    'paymate_currency' => 'USD',
    12771277                                    'paymate_ipn' => '',
    1278                                     'completely_disable_shareyourcart' => 'false'
     1278                                    'completely_disable_shareyourcart' => 'false',
     1279                                    'wpstorecart_download_hash' => sha1(rand(-4096, 4096))
    12791280                                    );
    12801281
     
    48724873                                            var settings_object = {
    48734874                                                    upload_url : "'.plugins_url('/php/upload.php' , __FILE__).'",
    4874                                                     post_params: {"PHPSESSID" : "'.session_id().'"},
     4875                                                    post_params: {"PHPSESSID" : "'.session_id().'", "wpstorecart_download_hash" : "'.$devOptions['wpstorecart_download_hash'].'"},
    48754876                                                    flash_url : "'.get_option( 'siteurl' ).'/wp-includes/js/swfupload/swfupload.swf",
    48764877                                                    file_size_limit : "2048 MB",
     
    58795880            <tr>
    58805881            <td><h3>Product<br />Thumbnail: <img src="'.plugins_url('/images/help.png' , __FILE__).'" class="tooltip-target" id="example-target-9" /><div class="tooltip-content" id="example-content-9">The main product image.  It will be used in multiple places.  It is recommend that the image have a 1:1 width and height ratio.  For example, 100px X 100px.  You can add an unlimited amount of additional pictures by clicking on the Pictures tab.</div></h3></td>
    5881             <td><div style="float:left;"><input type="hidden" name="wpStoreCartproduct_thumbnail" style="width: 250px;" value="'.$wpStoreCartproduct_thumbnail.'" /><br />
     5882            <td><div style="float:left;"><input type="hidden" name="wpStoreCartproduct_thumbnail" style="width: 250px;" value="'.$wpStoreCartproduct_thumbnail.'" /><input type="hidden" name="wpstorecart_download_hash" value="'.$devOptions['wpstorecart_download_hash'].'" /><br />
    58825883            Upload a file: <span id="spanSWFUploadButton2"></span>
    58835884                        <div id="upload-progressbar-container2">
     
    1248212483        function my_admin_scripts_cat(){
    1248312484            global $APjavascriptQueue;
     12485                       
     12486                        $devOptions = $this->getAdminOptions();
    1248412487
    1248512488                        wp_enqueue_script('jquery-ui-effects', plugins_url() .'/wpstorecart/js/jquery-ui-effects-1.8.11.min.js',array('jquery'),'1.4');
     
    1263012633                var settings_object2 = {
    1263112634                    upload_url : "'.plugins_url().'/wpstorecart/php/upload.php",
    12632                     post_params: {"PHPSESSID" : "'.session_id().'"},
     12635                    post_params: {"PHPSESSID" : "'.session_id().'", "wpstorecart_download_hash" : "'.$devOptions['wpstorecart_download_hash'].'"},
    1263312636                    flash_url : "'.get_option( 'siteurl' ).'/wp-includes/js/swfupload/swfupload.swf",
    1263412637                    file_size_limit : "9999 MB",
     
    1267812681            global $APjavascriptQueue;
    1267912682
     12683                        $devOptions = $this->getAdminOptions();
     12684                       
    1268012685            wp_enqueue_script('wpscniceditor', plugins_url('/js/nicedit/nicEdit.js' , __FILE__), array('jquery'),'1.4');         
    1268112686                        wp_enqueue_script('jeditable-wpsc', plugins_url() .'/wpstorecart/js/jquery.jeditable.mini.js',array('jquery'),'1.4');
     
    1287912884                var settings_object = {
    1288012885                    upload_url : "'.plugins_url().'/wpstorecart/php/upload.php",
    12881                     post_params: {"PHPSESSID" : "'.session_id().'"},
     12886                    post_params: {"PHPSESSID" : "'.session_id().'", "wpstorecart_download_hash" : "'.$devOptions['wpstorecart_download_hash'].'"},
    1288212887                    flash_url : "'.get_option( 'siteurl' ).'/wp-includes/js/swfupload/swfupload.swf",
    1288312888                    file_size_limit : "2048 MB",
     
    1290112906                var settings_object2 = {
    1290212907                    upload_url : "'.plugins_url().'/wpstorecart/php/upload.php",
    12903                     post_params: {"PHPSESSID" : "'.session_id().'"},
     12908                    post_params: {"PHPSESSID" : "'.session_id().'", "wpstorecart_download_hash" : "'.$devOptions['wpstorecart_download_hash'].'"},
    1290412909                    flash_url : "'.get_option( 'siteurl' ).'/wp-includes/js/swfupload/swfupload.swf",
    1290512910                    file_size_limit : "9999 MB",
     
    1292312928                var settings_object3 = {
    1292412929                    upload_url : "'.plugins_url().'/wpstorecart/php/upload.php",
    12925                     post_params: {"PHPSESSID" : "'.session_id().'"},
     12930                    post_params: {"PHPSESSID" : "'.session_id().'", "wpstorecart_download_hash" : "'.$devOptions['wpstorecart_download_hash'].'"},
    1292612931                    flash_url : "'.get_option( 'siteurl' ).'/wp-includes/js/swfupload/swfupload.swf",
    1292712932                    file_size_limit : "2048 MB",
     
    1294512950                var settings_object4 = {
    1294612951                    upload_url : "'.plugins_url().'/wpstorecart/php/upload.php",
    12947                     post_params: {"PHPSESSID" : "'.session_id().'"},
     12952                    post_params: {"PHPSESSID" : "'.session_id().'", "wpstorecart_download_hash" : "'.$devOptions['wpstorecart_download_hash'].'"},
    1294812953                    flash_url : "'.get_option( 'siteurl' ).'/wp-includes/js/swfupload/swfupload.swf",
    1294912954                    file_size_limit : "2048 MB",
Note: See TracChangeset for help on using the changeset viewer.