WordPress.org
Get WordPress

Plugin Directory

Changeset 1429397


Ignore:
Timestamp:
06/02/2016 07:30:19 PM (10 years ago)
Author:
websitezcom
Message:

Fixing security exploit

Location:
wp-mobile-detector
Files:
5 edited
91 copied

Legend:

Unmodified
Added
Removed

  • wp-mobile-detector/tags/3.5/readme.txt

    r1330878 r1429397  
    1717The included interactive theme editor makes configuring your mobile website a breeze. See exactly what your mobile visitors will see right in your browser.
    1818
    19 Did we mention the eye-popping 11 themes hand-crafted for the mobile web? That's right, 11 mobile themes including some of the fastest and most efficient available today. Themes for all types of websites, blogs, corporate, ecommerce, and more!
     19Did we mention the eye-popping 12 themes hand-crafted for the mobile web? That's right, 12 mobile themes including some of the fastest and most efficient available today. Themes for all types of websites, blogs, corporate, ecommerce, and more!
    2020
    2121**Now Available: WP Mobile Detector PRO v3**

  • wp-mobile-detector/tags/3.6/admin/admin-page.php

    r1182979 r1429397  
    11<?php
    2 if(WEBSITEZ_MODE == "production"){
    3     error_reporting(0);
    4 }
    5 
    62function websitez_save_options() {
    73    global $wpdb; // this is how you get access to the database

  • wp-mobile-detector/tags/3.6/readme.txt

    r1330878 r1429397  
    44Minimum version: 2.7
    55Requires at least: 2.7
    6 Tested up to: 4.4.1
    7 Stable tag: 3.5
     6Tested up to: 4.5.2
     7Stable tag: 3.6
    88
    99WP Mobile Detector automatically detects standard and advanced mobile devices and displays a compatible wordpress mobile theme.
     
    1717The included interactive theme editor makes configuring your mobile website a breeze. See exactly what your mobile visitors will see right in your browser.
    1818
    19 Did we mention the eye-popping 11 themes hand-crafted for the mobile web? That's right, 11 mobile themes including some of the fastest and most efficient available today. Themes for all types of websites, blogs, corporate, ecommerce, and more!
     19Did we mention the eye-popping 12 themes hand-crafted for the mobile web? That's right, 12 mobile themes including some of the fastest and most efficient available today. Themes for all types of websites, blogs, corporate, ecommerce, and more!
    2020
    2121**Now Available: WP Mobile Detector PRO v3**
     
    7979== Changelog ==
    8080
     81= 3.6 =
     82
     83+ Fixed exploit with resize script.
     84
    8185= 3.3 =
    8286

  • wp-mobile-detector/tags/3.6/resize.php

    r1330906 r1429397  
    2626        exit();
    2727    }else{
    28         file_put_contents($path, file_get_contents($_REQUEST['src']));
    29         if(file_exists(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php")){
    30             if (defined('PHP_MAJOR_VERSION') && PHP_MAJOR_VERSION >= 5){
    31                 include_once(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php");
    32             }else{
    33                 include_once(dirname(__FILE__)."/libs/image/PHP4/easyphpthumbnail.class.php");
    34             }
     28        $acceptable_extensions = ['png','gif','jpg','jpeg','jif','jfif','svg'];
     29        $info = pathinfo($_REQUEST['src']);
     30        // Check file extension
     31        if(in_array($info['extension'],$acceptable_extensions)){
     32            file_put_contents($path, file_get_contents($_REQUEST['src']));
     33            if(file_exists(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php")){
     34                if (defined('PHP_MAJOR_VERSION') && PHP_MAJOR_VERSION >= 5){
     35                    include_once(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php");
     36                }else{
     37                    include_once(dirname(__FILE__)."/libs/image/PHP4/easyphpthumbnail.class.php");
     38                }
    3539           
    36             try{
    37                 $thumb = new easyphpthumbnail;
    38                 $thumb -> Thumbsize = ($_REQUEST['w'] > 0 && $_REQUEST['w'] <= 320 ? $_REQUEST['w'] : 320);
    39                 echo $thumb -> Createthumb($path);
    40                 exit();
    41             } catch (Exception $e) {
    42                 // $e->getMessage()
     40                try{
     41                    $thumb = new easyphpthumbnail;
     42                    $thumb -> Thumbsize = ($_REQUEST['w'] > 0 && $_REQUEST['w'] <= 320 ? $_REQUEST['w'] : 320);
     43                    echo $thumb -> Createthumb($path);
     44                    exit();
     45                } catch (Exception $e) {
     46                    // $e->getMessage()
     47                }
    4348            }
    4449        }

  • wp-mobile-detector/tags/3.6/websitez-wp-mobile-detector.php

    r1330878 r1429397  
    44 Plugin URI: http://www.websitez.com/
    55 Description: Create a mobile friendly WordPress website instantly for over 5,000+ mobile devices.
    6  Version: 3.5
     6 Version: 3.6
    77 Author: Websitez.com, LLC
    88 Author URI: http://www.websitez.com

  • wp-mobile-detector/trunk/admin/admin-page.php

    r1182979 r1429397  
    11<?php
    2 if(WEBSITEZ_MODE == "production"){
    3     error_reporting(0);
    4 }
    5 
    62function websitez_save_options() {
    73    global $wpdb; // this is how you get access to the database

  • wp-mobile-detector/trunk/readme.txt

    r1330878 r1429397  
    44Minimum version: 2.7
    55Requires at least: 2.7
    6 Tested up to: 4.4.1
    7 Stable tag: 3.5
     6Tested up to: 4.5.2
     7Stable tag: 3.6
    88
    99WP Mobile Detector automatically detects standard and advanced mobile devices and displays a compatible wordpress mobile theme.
     
    1717The included interactive theme editor makes configuring your mobile website a breeze. See exactly what your mobile visitors will see right in your browser.
    1818
    19 Did we mention the eye-popping 11 themes hand-crafted for the mobile web? That's right, 11 mobile themes including some of the fastest and most efficient available today. Themes for all types of websites, blogs, corporate, ecommerce, and more!
     19Did we mention the eye-popping 12 themes hand-crafted for the mobile web? That's right, 12 mobile themes including some of the fastest and most efficient available today. Themes for all types of websites, blogs, corporate, ecommerce, and more!
    2020
    2121**Now Available: WP Mobile Detector PRO v3**
     
    7979== Changelog ==
    8080
     81= 3.6 =
     82
     83+ Fixed exploit with resize script.
     84
    8185= 3.3 =
    8286

  • wp-mobile-detector/trunk/resize.php

    r1330906 r1429397  
    2626        exit();
    2727    }else{
    28         file_put_contents($path, file_get_contents($_REQUEST['src']));
    29         if(file_exists(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php")){
    30             if (defined('PHP_MAJOR_VERSION') && PHP_MAJOR_VERSION >= 5){
    31                 include_once(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php");
    32             }else{
    33                 include_once(dirname(__FILE__)."/libs/image/PHP4/easyphpthumbnail.class.php");
    34             }
     28        $acceptable_extensions = ['png','gif','jpg','jpeg','jif','jfif','svg'];
     29        $info = pathinfo($_REQUEST['src']);
     30        // Check file extension
     31        if(in_array($info['extension'],$acceptable_extensions)){
     32            file_put_contents($path, file_get_contents($_REQUEST['src']));
     33            if(file_exists(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php")){
     34                if (defined('PHP_MAJOR_VERSION') && PHP_MAJOR_VERSION >= 5){
     35                    include_once(dirname(__FILE__)."/libs/image/PHP5/easyphpthumbnail.class.php");
     36                }else{
     37                    include_once(dirname(__FILE__)."/libs/image/PHP4/easyphpthumbnail.class.php");
     38                }
    3539           
    36             try{
    37                 $thumb = new easyphpthumbnail;
    38                 $thumb -> Thumbsize = ($_REQUEST['w'] > 0 && $_REQUEST['w'] <= 320 ? $_REQUEST['w'] : 320);
    39                 echo $thumb -> Createthumb($path);
    40                 exit();
    41             } catch (Exception $e) {
    42                 // $e->getMessage()
     40                try{
     41                    $thumb = new easyphpthumbnail;
     42                    $thumb -> Thumbsize = ($_REQUEST['w'] > 0 && $_REQUEST['w'] <= 320 ? $_REQUEST['w'] : 320);
     43                    echo $thumb -> Createthumb($path);
     44                    exit();
     45                } catch (Exception $e) {
     46                    // $e->getMessage()
     47                }
    4348            }
    4449        }

  • wp-mobile-detector/trunk/websitez-wp-mobile-detector.php

    r1330878 r1429397  
    44 Plugin URI: http://www.websitez.com/
    55 Description: Create a mobile friendly WordPress website instantly for over 5,000+ mobile devices.
    6  Version: 3.5
     6 Version: 3.6
    77 Author: Websitez.com, LLC
    88 Author URI: http://www.websitez.com
Note: See TracChangeset for help on using the changeset viewer.