Context Navigation

Changeset 2475134

Timestamp:

02/15/2021 08:49:49 PM (5 years ago)

Author:

minnur

Message:

Secueirt improvements.

Location:

external-media/trunk

Files:

-                      r2406122
+                      r2475134
   Plugin Name: External Media
   Description: Import files from thrid-party services (Dropbox, Box, OneDrive, Google Drive and any remote URL).
   Version: 1.0.27
+  Version: 1.0.28
   Author: Minnur Yunusov
   Author URI: http://www.minnur.com/
 …
 define( 'WP_ExternalMedia_PluginName', plugin_basename( __FILE__ ) );
 define( 'WP_ExternalMedia_Prefix', 'WPExternalMedia_' );
 define( 'WP_ExternalMedia_Version', '1.0.27' );
+define( 'WP_ExternalMedia_Version', '1.0.28' );
 if ( !class_exists( 'WP_ExternalMedia' ) ) {

-                      r2335386
+                      r2475134
     if ( !function_exists( 'curl_init' ) || empty( $filename ) ) {
+      return;
+    }
+    $extensions = apply_filters( 'external_media_safe_extensions', 'jpg jpeg gif png mp3 mp4 m4v mov webm' );
+    if ($this->isUnsafe( $filename, $extensions )) {
       return;
+    }
 …
+  }
+  /**
+   * Check if file extension is unsafe to upload.
+   */
+  protected function isUnsafe( $filename, $extensions ) {
+    if (preg_match('/\.(php|phar|pl|py|cgi|asp|js|html|htm|xml)(\.|$)/i', $filename)) {
+      $regex = '/\.(' . preg_replace('/ +/', '|', preg_quote($extensions)) . ')$/i';
+      if (!preg_match($regex, $filename)) {
+        return true;
+      }
+    }
+  }
+}

-                      r2406122
+                      r2475134
 Requires at least: 5.4
 Tested up to: 5.5.1
 Stable tag: 1.0.27
+Stable tag: 1.0.28
 Requires PHP: 7.1
 License: GPLv2 or later
 …
 == Changelog ==
+= 1.0.28 =
+* Improve security.
+* Version bump.
 = 1.0.27 =
 * Update plugin information.

Note: See TracChangeset for help on using the changeset viewer.