Changeset 3044886
- Timestamp:
- 03/04/2024 10:22:45 AM (2 years ago)
- Location:
- prosolution-wp-client/trunk
- Files:
-
- 5 edited
-
README.txt (modified) (1 diff)
-
includes/class-prosolwpclient-functions.php (modified) (1 diff)
-
prosolwpclient.php (modified) (2 diffs)
-
public/class-prosolwpclient-public.php (modified) (1 diff)
-
public/js/prosolwpclientpublic.js (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
prosolution-wp-client/trunk/README.txt
r3036780 r3044886 66 66 67 67 == Changelog == 68 69 = 1.9.3 = 70 * FIXED Bug: 71 - Added server-side file extension check for fileupload in frontend to Prevent arbitrary file upload 68 72 69 73 = 1.9.2 = -
prosolution-wp-client/trunk/includes/class-prosolwpclient-functions.php
r2905063 r3044886 97 97 ); 98 98 } 99 100 /** 101 * acceptable document ext 102 * @return string 103 */ 104 function proSol_mimeExt($mime_type) { 105 106 $extensions = array( 107 'video/3gpp2' => '3g2', 108 'video/3gp' => '3gp', 109 'video/3gpp' => '3gp', 110 'application/x-compressed' => '7zip', 111 'audio/x-acc' => 'aac', 112 'audio/ac3' => 'ac3', 113 'application/postscript' => 'ai', 114 'audio/x-aiff' => 'aif', 115 'audio/aiff' => 'aif', 116 'audio/x-au' => 'au', 117 'video/x-msvideo' => 'avi', 118 'video/msvideo' => 'avi', 119 'video/avi' => 'avi', 120 'application/x-troff-msvideo' => 'avi', 121 'application/macbinary' => 'bin', 122 'application/mac-binary' => 'bin', 123 'application/x-binary' => 'bin', 124 'application/x-macbinary' => 'bin', 125 'image/bmp' => 'bmp', 126 'image/x-bmp' => 'bmp', 127 'image/x-bitmap' => 'bmp', 128 'image/x-xbitmap' => 'bmp', 129 'image/x-win-bitmap' => 'bmp', 130 'image/x-windows-bmp' => 'bmp', 131 'image/ms-bmp' => 'bmp', 132 'image/x-ms-bmp' => 'bmp', 133 'application/bmp' => 'bmp', 134 'application/x-bmp' => 'bmp', 135 'application/x-win-bitmap' => 'bmp', 136 'application/cdr' => 'cdr', 137 'application/coreldraw' => 'cdr', 138 'application/x-cdr' => 'cdr', 139 'application/x-coreldraw' => 'cdr', 140 'image/cdr' => 'cdr', 141 'image/x-cdr' => 'cdr', 142 'zz-application/zz-winassoc-cdr' => 'cdr', 143 'application/mac-compactpro' => 'cpt', 144 'application/pkix-crl' => 'crl', 145 'application/pkcs-crl' => 'crl', 146 'application/x-x509-ca-cert' => 'crt', 147 'application/pkix-cert' => 'crt', 148 'text/css' => 'css', 149 'text/x-comma-separated-values' => 'csv', 150 'text/comma-separated-values' => 'csv', 151 'application/vnd.msexcel' => 'csv', 152 'application/x-director' => 'dcr', 153 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'docx', 154 'application/x-dvi' => 'dvi', 155 'message/rfc822' => 'eml', 156 'application/x-msdownload' => 'exe', 157 'video/x-f4v' => 'f4v', 158 'audio/x-flac' => 'flac', 159 'video/x-flv' => 'flv', 160 'image/gif' => 'gif', 161 'application/gpg-keys' => 'gpg', 162 'application/x-gtar' => 'gtar', 163 'application/x-gzip' => 'gzip', 164 'application/mac-binhex40' => 'hqx', 165 'application/mac-binhex' => 'hqx', 166 'application/x-binhex40' => 'hqx', 167 'application/x-mac-binhex40' => 'hqx', 168 'text/html' => 'html', 169 'image/x-icon' => 'ico', 170 'image/x-ico' => 'ico', 171 'image/vnd.microsoft.icon' => 'ico', 172 'text/calendar' => 'ics', 173 'application/java-archive' => 'jar', 174 'application/x-java-application' => 'jar', 175 'application/x-jar' => 'jar', 176 'image/jp2' => 'jp2', 177 'video/mj2' => 'jp2', 178 'image/jpx' => 'jp2', 179 'image/jpm' => 'jp2', 180 'image/jpeg' => 'jpeg', 181 'image/pjpeg' => 'jpeg', 182 'application/x-javascript' => 'js', 183 'application/json' => 'json', 184 'text/json' => 'json', 185 'application/vnd.google-earth.kml+xml' => 'kml', 186 'application/vnd.google-earth.kmz' => 'kmz', 187 'text/x-log' => 'log', 188 'audio/x-m4a' => 'm4a', 189 'audio/mp4' => 'm4a', 190 'application/vnd.mpegurl' => 'm4u', 191 'audio/midi' => 'mid', 192 'application/vnd.mif' => 'mif', 193 'video/quicktime' => 'mov', 194 'video/x-sgi-movie' => 'movie', 195 'audio/mpeg' => 'mp3', 196 'audio/mpg' => 'mp3', 197 'audio/mpeg3' => 'mp3', 198 'audio/mp3' => 'mp3', 199 'video/mp4' => 'mp4', 200 'video/mpeg' => 'mpeg', 201 'application/oda' => 'oda', 202 'audio/ogg' => 'ogg', 203 'video/ogg' => 'ogg', 204 'application/ogg' => 'ogg', 205 'font/otf' => 'otf', 206 'application/x-pkcs10' => 'p10', 207 'application/pkcs10' => 'p10', 208 'application/x-pkcs12' => 'p12', 209 'application/x-pkcs7-signature' => 'p7a', 210 'application/pkcs7-mime' => 'p7c', 211 'application/x-pkcs7-mime' => 'p7c', 212 'application/x-pkcs7-certreqresp' => 'p7r', 213 'application/pkcs7-signature' => 'p7s', 214 'application/pdf' => 'pdf', 215 'application/octet-stream' => 'pdf', 216 'application/x-x509-user-cert' => 'pem', 217 'application/x-pem-file' => 'pem', 218 'application/pgp' => 'pgp', 219 'application/x-httpd-php' => 'php', 220 'application/php' => 'php', 221 'application/x-php' => 'php', 222 'text/php' => 'php', 223 'text/x-php' => 'php', 224 'application/x-httpd-php-source' => 'php', 225 'image/png' => 'png', 226 'image/x-png' => 'png', 227 'application/powerpoint' => 'ppt', 228 'application/vnd.ms-powerpoint' => 'ppt', 229 'application/vnd.ms-office' => 'ppt', 230 'application/msword' => 'doc', 231 'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'pptx', 232 'application/x-photoshop' => 'psd', 233 'image/vnd.adobe.photoshop' => 'psd', 234 'audio/x-realaudio' => 'ra', 235 'audio/x-pn-realaudio' => 'ram', 236 'application/x-rar' => 'rar', 237 'application/rar' => 'rar', 238 'application/x-rar-compressed' => 'rar', 239 'audio/x-pn-realaudio-plugin' => 'rpm', 240 'application/x-pkcs7' => 'rsa', 241 'text/rtf' => 'rtf', 242 'text/richtext' => 'rtx', 243 'video/vnd.rn-realvideo' => 'rv', 244 'application/x-stuffit' => 'sit', 245 'application/smil' => 'smil', 246 'text/srt' => 'srt', 247 'image/svg+xml' => 'svg', 248 'application/x-shockwave-flash' => 'swf', 249 'application/x-tar' => 'tar', 250 'application/x-gzip-compressed' => 'tgz', 251 'image/tiff' => 'tiff', 252 'font/ttf' => 'ttf', 253 'text/plain' => 'txt', 254 'text/x-vcard' => 'vcf', 255 'application/videolan' => 'vlc', 256 'text/vtt' => 'vtt', 257 'audio/x-wav' => 'wav', 258 'audio/wave' => 'wav', 259 'audio/wav' => 'wav', 260 'application/wbxml' => 'wbxml', 261 'video/webm' => 'webm', 262 'image/webp' => 'webp', 263 'audio/x-ms-wma' => 'wma', 264 'application/wmlc' => 'wmlc', 265 'video/x-ms-wmv' => 'wmv', 266 'video/x-ms-asf' => 'wmv', 267 'font/woff' => 'woff', 268 'font/woff2' => 'woff2', 269 'application/xhtml+xml' => 'xhtml', 270 'application/excel' => 'xl', 271 'application/msexcel' => 'xls', 272 'application/x-msexcel' => 'xls', 273 'application/x-ms-excel' => 'xls', 274 'application/x-excel' => 'xls', 275 'application/x-dos_ms_excel' => 'xls', 276 'application/xls' => 'xls', 277 'application/x-xls' => 'xls', 278 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'xlsx', 279 'application/vnd.ms-excel' => 'xlsx', 280 'application/xml' => 'xml', 281 'text/xml' => 'xml', 282 'text/xsl' => 'xsl', 283 'application/xspf+xml' => 'xspf', 284 'application/x-compress' => 'z', 285 'application/x-zip' => 'zip', 286 'application/zip' => 'zip', 287 'application/x-zip-compressed' => 'zip', 288 'application/s-compressed' => 'zip', 289 'multipart/x-zip' => 'zip', 290 'text/x-scriptzsh' => 'zsh' 291 ); 292 return isset($extensions[$mime_type]) ? $extensions[$mime_type] : ''; 293 } -
prosolution-wp-client/trunk/prosolwpclient.php
r3036780 r3044886 17 17 * Plugin URI: https://prosolution.com/produkte-und-services/workexpert.html 18 18 * Description: WordPress client for ProSolution 19 * Version: 1.9. 219 * Version: 1.9.3 20 20 * Author: ProSolution 21 21 * Author URI: https://www.prosolution.com … … 42 42 43 43 defined('PROSOLWPCLIENT_PLUGIN_NAME') or define('PROSOLWPCLIENT_PLUGIN_NAME', 'prosolwpclient'); 44 defined('PROSOLWPCLIENT_PLUGIN_VERSION') or define('PROSOLWPCLIENT_PLUGIN_VERSION', '1.9. 2');44 defined('PROSOLWPCLIENT_PLUGIN_VERSION') or define('PROSOLWPCLIENT_PLUGIN_VERSION', '1.9.3'); 45 45 defined('PROSOLWPCLIENT_BASE_NAME') or define('PROSOLWPCLIENT_BASE_NAME', plugin_basename(__FILE__)); 46 46 defined('PROSOLWPCLIENT_ROOT_PATH') or define('PROSOLWPCLIENT_ROOT_PATH', plugin_dir_path(__FILE__)); -
prosolution-wp-client/trunk/public/class-prosolwpclient-public.php
r3012337 r3044886 878 878 //if the upload dir for prosolwpclient is not created then then create it 879 879 $dir_info = $this->proSol_checkUploadDir(); 880 881 if ( is_array( $dir_info ) && sizeof( $dir_info ) > 0 && array_key_exists( 'folder_exists', $dir_info ) && $dir_info['folder_exists'] == 1 ) { 882 $options = array( 883 'script_url' => admin_url( 'admin-ajax.php' ), 884 'upload_dir' => $dir_info['prosol_base_dir'], 885 'upload_url' => $dir_info['prosol_base_url'], 886 'print_response' => false, 887 ); 888 889 $upload_handler = new CBXProSolWpClient_UploadHandler( $options ); 890 891 $response_obj = $upload_handler->response['files'][0]; 892 if ( $response_obj->name != '' ) { 893 if ( ! session_id() ) { 894 session_start(); 895 } 896 897 $attached_file_name = $response_obj->name; 898 899 $extension = pathinfo( $attached_file_name, PATHINFO_EXTENSION ); 900 901 $newfilename = wp_create_nonce( session_id() . time() ) . '.' . $extension; 902 $rename_status = rename( $dir_info['prosol_base_dir'] . $attached_file_name, $dir_info['prosol_base_dir'] . $newfilename ); 903 $response_obj->newfilename = $newfilename; 904 $response_obj->rename_status = $rename_status; 905 $response_obj->extension = $extension; 906 907 $return_response = array( 'files' => array( 0 => $response_obj ) ); 908 echo json_encode( $return_response ); 909 wp_die(); 880 $submit_data = $_FILES["files"]; 881 $mime_type = isset( $submit_data['type'] ) ? $submit_data['type'][0] : ''; 882 $ext = proSol_mimeExt($mime_type); 883 884 if ( in_array( $ext, proSol_imageExtArr() ) || in_array( $ext, proSol_documentExtArr() ) ) { 885 if ( is_array( $dir_info ) && sizeof( $dir_info ) > 0 && array_key_exists( 'folder_exists', $dir_info ) && $dir_info['folder_exists'] == 1 ) { 886 $options = array( 887 'script_url' => admin_url( 'admin-ajax.php' ), 888 'upload_dir' => $dir_info['prosol_base_dir'], 889 'upload_url' => $dir_info['prosol_base_url'], 890 'print_response' => false, 891 ); 892 893 $upload_handler = new CBXProSolWpClient_UploadHandler( $options ); 894 895 $response_obj = $upload_handler->response['files'][0]; 896 if ( $response_obj->name != '' ) { 897 if ( ! session_id() ) { 898 session_start(); 899 } 900 901 $attached_file_name = $response_obj->name; 902 903 $extension = pathinfo( $attached_file_name, PATHINFO_EXTENSION ); 904 905 $newfilename = wp_create_nonce( session_id() . time() ) . '.' . $extension; 906 $rename_status = rename( $dir_info['prosol_base_dir'] . $attached_file_name, $dir_info['prosol_base_dir'] . $newfilename ); 907 $response_obj->newfilename = $newfilename; 908 $response_obj->rename_status = $rename_status; 909 $response_obj->extension = $extension; 910 911 $return_response = array( 'files' => array( 0 => $response_obj ) ); 912 echo json_encode( $return_response ); 913 wp_die(); 914 } 910 915 } 911 916 } -
prosolution-wp-client/trunk/public/js/prosolwpclientpublic.js
r3012337 r3044886 2275 2275 minFileCount: 1, 2276 2276 maxFileCount: 1, 2277 autoReplace: true, 2277 2278 validateInitialCount: true, 2278 2279 maxFilePreviewSize: 2000, … … 2331 2332 reader = data.reader; 2332 2333 var error = $('#kartik-file-errors').text(msg); 2334 }); 2335 2336 jQuery('#input-711').on('filecleared', function(event, data, msg) { 2337 var $attachmentThread = $('#attachmentThread'); 2338 2339 $attachmentThread.find('#attached_file_info').attr('data-name', '').attr('data-size', '') 2340 .attr('data-newfilename', '').attr('data-mime-type', '').attr('data-ext', ''); 2341 2342 $attachmentThread.find('.newfilename').val(''); 2343 $attachmentThread.find('.uploaded-mime-type').val(''); 2344 $attachmentThread.find('.uploaded-ext').val(''); 2345 $attachmentThread.find('.uploaded-filesize').val(''); 2333 2346 }); 2334 2347
Note: See TracChangeset
for help on using the changeset viewer.