WordPress.org
Get WordPress

Plugin Directory

Changeset 3202481


Ignore:
Timestamp:
12/04/2024 03:14:45 PM (16 months ago)
Author:
digireturn
Message:

DN Shipping by Weight v1.2.1 fixed vulnerability on sanitized integer id

Location:
dn-shipping-by-weight/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • dn-shipping-by-weight/trunk/dn-shipping-by-weight.php

    r3200242 r3202481  
    22    Plugin Name: DN Shipping by Weight for WooCommerce
    33    Description: Weight-based shipping costs. Spese di spedizione basata sul peso.
    4     Version: 1.2
     4    Version: 1.2.1
    55    Author: Digireturn
    66    Author URI: https://digireturn.it/
     
    149149}
    150150function dn_shipping_by_weight_delete_single(){
    151     $id=isset($_GET['id'])?sanitize_text_field($_GET['id']):-1;
     151    $id=isset($_GET['id'])?intval(sanitize_text_field($_GET['id'])):-1;
    152152    $tb=dn_shipping_by_weight_get_table($id);
    153153    if(!$tb)echo __('Table not found','dn_shipping_by_weight');
     
    162162}
    163163function dn_shipping_by_weight_test(){ 
    164     $id=isset($_GET['id'])?sanitize_text_field($_GET['id']):-1;
     164    $id=isset($_GET['id'])?intval(sanitize_text_field($_GET['id'])):-1;
    165165    $tb=dn_shipping_by_weight_get_table($id);
    166166    if(!isset($tb['rows'])||!is_array($tb['rows']))$tb['rows']=array();
     
    178178}
    179179function dn_shipping_by_weight_menage_single(){
    180     $id=isset($_GET['id'])?sanitize_text_field($_GET['id']):-1;
     180    $id=isset($_GET['id'])?intval(sanitize_text_field($_GET['id'])):-1;
    181181    $tb=dn_shipping_by_weight_get_table($id);
    182182    if(!isset($tb['rows'])||!is_array($tb['rows']))$tb['rows']=array();
     
    312312function dn_shipping_by_weight_update(){
    313313    $table=array(
    314         'id'=>isset($_POST['dn_shipping_by_weight_table_id'])?sanitize_text_field($_POST['dn_shipping_by_weight_table_id']):-1,
     314        'id'=>isset($_POST['dn_shipping_by_weight_table_id'])?intval(sanitize_text_field($_POST['dn_shipping_by_weight_table_id'])):-1,
    315315        'title'=>isset($_POST['dn_shipping_by_weight_table_title'])?sanitize_text_field($_POST['dn_shipping_by_weight_table_title']):'',
    316316        'rows'=>array(),
     
    345345   
    346346   
    347     $id=isset($_POST['dn_shipping_by_weight_test_table_id'])?sanitize_text_field($_POST['dn_shipping_by_weight_test_table_id']):-1;
     347    $id=isset($_POST['dn_shipping_by_weight_test_table_id'])?intval(sanitize_text_field($_POST['dn_shipping_by_weight_test_table_id'])):-1;
    348348    check_admin_referer('test_table_'.$id);
    349     $weight=isset($_POST['dn_shipping_by_weight_table_weight'])?sanitize_text_field($_POST['dn_shipping_by_weight_table_weight']):0;
     349    $weight=isset($_POST['dn_shipping_by_weight_table_weight'])?floatval(sanitize_text_field($_POST['dn_shipping_by_weight_table_weight'])):0;
    350350    if($id<0){
    351351        dn_shipping_by_weight_session_add_notify('error',__('Error: table not found','dn_shipping_by_weight'));

  • dn-shipping-by-weight/trunk/readme.txt

    r3200242 r3202481  
    55Tested up to: 6.7.1
    66Requires PHP: 5.6
    7 Stable tag: 1.2
     7Stable tag: 1.2.1
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
Note: See TracChangeset for help on using the changeset viewer.