Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3231327

Timestamp:

01/29/2025 01:20:40 PM (14 months ago)

Author:

visualmodo

Message:

1.6.1 - Jan 29 2025

Fixed - RCE Vulnerability (CVE-2024-11600).
Security - Additional sanitization on font pack names and charmap.php generation.

Location:

borderless

Files:

: 210 added
: 3 edited

tags/1.6.1 (added)
tags/1.6.1/assets (added)
tags/1.6.1/assets/fonts (added)
tags/1.6.1/assets/fonts/bootstrap-icons.woff (added)
tags/1.6.1/assets/fonts/bootstrap-icons.woff2 (added)
tags/1.6.1/assets/fonts/borderless-icon-font.svg (added)
tags/1.6.1/assets/fonts/borderless-icon-font.ttf (added)
tags/1.6.1/assets/fonts/borderless-icon-font.woff (added)
tags/1.6.1/assets/img (added)
tags/1.6.1/assets/img/borderless.svg (added)
tags/1.6.1/assets/img/library.svg (added)
tags/1.6.1/assets/img/post-type.svg (added)
tags/1.6.1/assets/lib (added)
tags/1.6.1/assets/lib/appear.js (added)
tags/1.6.1/assets/lib/countto.js (added)
tags/1.6.1/assets/lib/flickity (added)
tags/1.6.1/assets/lib/flickity/flickity-as-nav-for.js (added)
tags/1.6.1/assets/lib/flickity/flickity-fade.css (added)
tags/1.6.1/assets/lib/flickity/flickity-fade.js (added)
tags/1.6.1/assets/lib/flickity/flickity-fullscreen.css (added)
tags/1.6.1/assets/lib/flickity/flickity-fullscreen.js (added)
tags/1.6.1/assets/lib/flickity/flickity.css (added)
tags/1.6.1/assets/lib/flickity/flickity.js (added)
tags/1.6.1/assets/lib/images-loaded.js (added)
tags/1.6.1/assets/lib/isotope.js (added)
tags/1.6.1/assets/lib/marquee.js (added)
tags/1.6.1/assets/lib/progressbar.js (added)
tags/1.6.1/assets/lib/typewriterjs.js (added)
tags/1.6.1/assets/scripts (added)
tags/1.6.1/assets/scripts/ai-button.js (added)
tags/1.6.1/assets/scripts/bootstrap.js (added)
tags/1.6.1/assets/scripts/borderless-elementor.min.js (added)
tags/1.6.1/assets/scripts/borderless-wpbakery.min.js (added)
tags/1.6.1/assets/scripts/borderless.js (added)
tags/1.6.1/assets/scripts/borderless.min.js (added)
tags/1.6.1/assets/scripts/library.js (added)
tags/1.6.1/assets/styles (added)
tags/1.6.1/assets/styles/bootstrap-icons.css (added)
tags/1.6.1/assets/styles/bootstrap.css (added)
tags/1.6.1/assets/styles/borderless-icon-font.css (added)
tags/1.6.1/assets/styles/borderless.css (added)
tags/1.6.1/assets/styles/borderless.min.css (added)
tags/1.6.1/assets/styles/dashboard.css (added)
tags/1.6.1/assets/styles/dashboard.min.css (added)
tags/1.6.1/assets/styles/elementor (added)
tags/1.6.1/assets/styles/elementor.css (added)
tags/1.6.1/assets/styles/elementor.min.css (added)
tags/1.6.1/assets/styles/elementor/elementor-widget-animated-text.css (added)
tags/1.6.1/assets/styles/elementor/elementor-widget-hero.css (added)
tags/1.6.1/assets/styles/elementor/elementor-widget-portfolio.css (added)
tags/1.6.1/assets/styles/elementor/elementor-widget-slider.css (added)
tags/1.6.1/assets/styles/elementor/elementor-widget-split-hero.css (added)
tags/1.6.1/assets/styles/library.css (added)
tags/1.6.1/assets/styles/wpbakery (added)
tags/1.6.1/assets/styles/wpbakery.css (added)
tags/1.6.1/assets/styles/wpbakery.min.css (added)
tags/1.6.1/assets/styles/wpbakery/wpbakery-icon-fonts.css (added)
tags/1.6.1/borderless.php (added)
tags/1.6.1/includes (added)
tags/1.6.1/includes/class-borderless-loader.php (added)
tags/1.6.1/includes/class-borderless-public.php (added)
tags/1.6.1/includes/class-borderless.php (added)
tags/1.6.1/includes/custom-post-types (added)
tags/1.6.1/includes/custom-post-types/custom-post-types.php (added)
tags/1.6.1/includes/custom-post-types/templates.php (added)
tags/1.6.1/includes/helper.php (added)
tags/1.6.1/includes/icon-manager (added)
tags/1.6.1/includes/icon-manager/assets (added)
tags/1.6.1/includes/icon-manager/assets/css (added)
tags/1.6.1/includes/icon-manager/assets/css/icon-manager.css (added)
tags/1.6.1/includes/icon-manager/assets/css/icon-manager.min.css (added)
tags/1.6.1/includes/icon-manager/assets/css/icon-manager.scss (added)
tags/1.6.1/includes/icon-manager/assets/js (added)
tags/1.6.1/includes/icon-manager/assets/js/icon-manager.js (added)
tags/1.6.1/includes/icon-manager/assets/js/icon-manager.min.js (added)
tags/1.6.1/includes/icon-manager/icon-manager.php (added)
tags/1.6.1/includes/index.php (added)
tags/1.6.1/includes/library (added)
tags/1.6.1/includes/library/importer.php (added)
tags/1.6.1/includes/library/inc (added)
tags/1.6.1/includes/library/inc/BorderlessLibraryImporter.php (added)
tags/1.6.1/includes/library/inc/CustomizerImporter.php (added)
tags/1.6.1/includes/library/inc/CustomizerOption.php (added)
tags/1.6.1/includes/library/inc/Downloader.php (added)
tags/1.6.1/includes/library/inc/Helpers.php (added)
tags/1.6.1/includes/library/inc/ImportActions.php (added)
tags/1.6.1/includes/library/inc/Importer.php (added)
tags/1.6.1/includes/library/inc/Logger.php (added)
tags/1.6.1/includes/library/inc/PluginInstaller.php (added)
tags/1.6.1/includes/library/inc/PluginInstallerSkin.php (added)
tags/1.6.1/includes/library/inc/PluginInstallerSkinSilent.php (added)
tags/1.6.1/includes/library/inc/ReduxImporter.php (added)
tags/1.6.1/includes/library/inc/ViewHelpers.php (added)
tags/1.6.1/includes/library/inc/WPCLICommands.php (added)
tags/1.6.1/includes/library/inc/WXRImporter.php (added)
tags/1.6.1/includes/library/inc/WidgetImporter.php (added)
tags/1.6.1/includes/library/templates (added)
tags/1.6.1/includes/library/templates/borderless-templates-after.php (added)
tags/1.6.1/includes/library/templates/borderless-templates.php (added)
tags/1.6.1/includes/library/templates/classic-templates-after.php (added)
tags/1.6.1/includes/library/templates/classic-templates-plugins.php (added)
tags/1.6.1/includes/library/templates/classic-templates.php (added)
tags/1.6.1/includes/library/templates/templates.php (added)
tags/1.6.1/includes/library/vendor (added)
tags/1.6.1/includes/library/vendor/autoload.php (added)
tags/1.6.1/includes/library/vendor/awesomemotive (added)
tags/1.6.1/includes/library/vendor/awesomemotive/wp-content-importer-v2 (added)
tags/1.6.1/includes/library/vendor/awesomemotive/wp-content-importer-v2/src (added)
tags/1.6.1/includes/library/vendor/awesomemotive/wp-content-importer-v2/src/Importer.php (added)
tags/1.6.1/includes/library/vendor/awesomemotive/wp-content-importer-v2/src/WPImporterLogger.php (added)
tags/1.6.1/includes/library/vendor/awesomemotive/wp-content-importer-v2/src/WPImporterLoggerCLI.php (added)
tags/1.6.1/includes/library/vendor/awesomemotive/wp-content-importer-v2/src/WXRImportInfo.php (added)
tags/1.6.1/includes/library/vendor/awesomemotive/wp-content-importer-v2/src/WXRImporter.php (added)
tags/1.6.1/includes/library/vendor/composer (added)
tags/1.6.1/includes/library/vendor/composer/ClassLoader.php (added)
tags/1.6.1/includes/library/vendor/composer/autoload_classmap.php (added)
tags/1.6.1/includes/library/vendor/composer/autoload_namespaces.php (added)
tags/1.6.1/includes/library/vendor/composer/autoload_psr4.php (added)
tags/1.6.1/includes/library/vendor/composer/autoload_real.php (added)
tags/1.6.1/includes/library/vendor/composer/autoload_static.php (added)
tags/1.6.1/includes/library/views (added)
tags/1.6.1/includes/library/views/import.php (added)
tags/1.6.1/includes/library/views/install-plugins.php (added)
tags/1.6.1/includes/library/views/plugin-page.php (added)
tags/1.6.1/includes/svg (added)
tags/1.6.1/includes/svg/sanitizer.php (added)
tags/1.6.1/includes/svg/svg.min.js (added)
tags/1.6.1/includes/svg/svg.php (added)
tags/1.6.1/includes/svg/whitelist.php (added)
tags/1.6.1/includes/templates (added)
tags/1.6.1/includes/templates/dashboard.php (added)
tags/1.6.1/includes/templates/license.php (added)
tags/1.6.1/includes/templates/system-info.php (added)
tags/1.6.1/languages (added)
tags/1.6.1/languages/borderless.pot (added)
tags/1.6.1/license.txt (added)
tags/1.6.1/modules (added)
tags/1.6.1/modules/block-editor (added)
tags/1.6.1/modules/block-editor/contact-information (added)
tags/1.6.1/modules/block-editor/contact-information/contact-information-frontend.css (added)
tags/1.6.1/modules/block-editor/contact-information/contact-information.css (added)
tags/1.6.1/modules/block-editor/contact-information/contact-information.js (added)
tags/1.6.1/modules/block-editor/contact-information/contact-information.php (added)
tags/1.6.1/modules/block-editor/social-icons (added)
tags/1.6.1/modules/block-editor/social-icons/social-icons-backend.css (added)
tags/1.6.1/modules/block-editor/social-icons/social-icons-frontend.css (added)
tags/1.6.1/modules/block-editor/social-icons/social-icons.js (added)
tags/1.6.1/modules/block-editor/social-icons/social-icons.php (added)
tags/1.6.1/modules/block-editor/spacer (added)
tags/1.6.1/modules/block-editor/spacer/spacer-backend.css (added)
tags/1.6.1/modules/block-editor/spacer/spacer.js (added)
tags/1.6.1/modules/block-editor/spacer/spacer.php (added)
tags/1.6.1/modules/elementor (added)
tags/1.6.1/modules/elementor/assets.php (added)
tags/1.6.1/modules/elementor/elementor.php (added)
tags/1.6.1/modules/elementor/helper.php (added)
tags/1.6.1/modules/elementor/widgets (added)
tags/1.6.1/modules/elementor/widgets/animated-text.php (added)
tags/1.6.1/modules/elementor/widgets/circular-progress-bar.php (added)
tags/1.6.1/modules/elementor/widgets/contact-form-7.php (added)
tags/1.6.1/modules/elementor/widgets/hero.php (added)
tags/1.6.1/modules/elementor/widgets/marquee-text.php (added)
tags/1.6.1/modules/elementor/widgets/portfolio.php (added)
tags/1.6.1/modules/elementor/widgets/progress-bar.php (added)
tags/1.6.1/modules/elementor/widgets/semi-circular-progress-bar.php (added)
tags/1.6.1/modules/elementor/widgets/slider.php (added)
tags/1.6.1/modules/elementor/widgets/split-hero.php (added)
tags/1.6.1/modules/elementor/widgets/team-member.php (added)
tags/1.6.1/modules/elementor/widgets/testimonial.php (added)
tags/1.6.1/modules/related-posts (added)
tags/1.6.1/modules/related-posts/related-posts.php (added)
tags/1.6.1/modules/wpbakery (added)
tags/1.6.1/modules/wpbakery/custom-default-elements.php (added)
tags/1.6.1/modules/wpbakery/elements (added)
tags/1.6.1/modules/wpbakery/elements/alert.php (added)
tags/1.6.1/modules/wpbakery/elements/circular-progress-bar.php (added)
tags/1.6.1/modules/wpbakery/elements/counter.php (added)
tags/1.6.1/modules/wpbakery/elements/icon-group.php (added)
tags/1.6.1/modules/wpbakery/elements/icon.php (added)
tags/1.6.1/modules/wpbakery/elements/infobox.php (added)
tags/1.6.1/modules/wpbakery/elements/list-group.php (added)
tags/1.6.1/modules/wpbakery/elements/modal.php (added)
tags/1.6.1/modules/wpbakery/elements/pricing.php (added)
tags/1.6.1/modules/wpbakery/elements/progress-bar.php (added)
tags/1.6.1/modules/wpbakery/elements/semi-circular-progress-bar.php (added)
tags/1.6.1/modules/wpbakery/elements/svg.php (added)
tags/1.6.1/modules/wpbakery/elements/team-member.php (added)
tags/1.6.1/modules/wpbakery/elements/testimonial.php (added)
tags/1.6.1/modules/wpbakery/images (added)
tags/1.6.1/modules/wpbakery/images/alert.png (added)
tags/1.6.1/modules/wpbakery/images/circular-progress-bar.png (added)
tags/1.6.1/modules/wpbakery/images/counter.png (added)
tags/1.6.1/modules/wpbakery/images/icon-group.png (added)
tags/1.6.1/modules/wpbakery/images/icon.png (added)
tags/1.6.1/modules/wpbakery/images/infobox.png (added)
tags/1.6.1/modules/wpbakery/images/list-group.png (added)
tags/1.6.1/modules/wpbakery/images/list-item.png (added)
tags/1.6.1/modules/wpbakery/images/modal.png (added)
tags/1.6.1/modules/wpbakery/images/pricing.png (added)
tags/1.6.1/modules/wpbakery/images/progress-bar.png (added)
tags/1.6.1/modules/wpbakery/images/semi-circular-progress-bar.png (added)
tags/1.6.1/modules/wpbakery/images/svg.png (added)
tags/1.6.1/modules/wpbakery/images/team-member.png (added)
tags/1.6.1/modules/wpbakery/images/testimonial-section.png (added)
tags/1.6.1/modules/wpbakery/images/testimonial.png (added)
tags/1.6.1/modules/wpbakery/lean-map.php (added)
tags/1.6.1/modules/wpbakery/paramns (added)
tags/1.6.1/modules/wpbakery/paramns/icon-manager-param.php (added)
tags/1.6.1/modules/wpbakery/wpbakery.php (added)
tags/1.6.1/readme.txt (added)
trunk/borderless.php (modified) (2 diffs)
trunk/includes/icon-manager/icon-manager.php (modified) (3 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

borderless/trunk/borderless.php

-                      r3230461
+                      r3231327
 Plugin URI: https://visualmodo.com/borderless/
 Description: One service packed with powerful tools to help you reach your purposes.
 Version: 1.6.0
+Version: 1.6.1
 Author: Visualmodo
 Author URI: https://visualmodo.com
 …
 /*-----------------------------------------------------------------------------------*/
 define( 'BORDERLESS__VERSION', '1.6.0' );
+define( 'BORDERLESS__VERSION', '1.6.1' );
 define( 'BORDERLESS__DIR', plugin_dir_path( __FILE__ ) );
 define( 'BORDERLESS__URL', plugins_url( '/', __FILE__ ) );

borderless/trunk/includes/icon-manager/icon-manager.php

-                      r3230461
+                      r3231327
                 $glyphs    = $xml->defs->font->children();
                 // Sanitize the font name (ip_name)
+                // Sanitize the font name (ip_name) - changed to sanitize_file_name() for security
                 $this->ip_name = (string) $font_attr['id'];
+                $this->ip_name = sanitize_text_field( $this->ip_name );
+                $this->ip_name = sanitize_file_name( $this->ip_name );
+                if ( empty( $this->ip_name ) ) {
+                    $this->ip_name = 'unknown';
+                }
                 $font_folder = trailingslashit( $this->paths['fontdir'] ) . $this->ip_name;
 …
                     // Create a "class" by removing spaces and sanitizing further
                     $icon_class = str_replace( ' ', '', $icon_name );
-                    // Remove any other characters that are not typical in a CSS class
                     $icon_class = preg_replace( '/[^A-Za-z0-9\-_]/', '', $icon_class );
                     $raw_tags   = isset( $icon->icon->tags ) ? $icon->icon->tags : array();
-                    // Sanitize each tag
                     $safe_tags  = array_map( 'sanitize_text_field', $raw_tags );
                     $tags       = implode( ",", $safe_tags );
 …
                 // Safely build the PHP array with sanitized content
                 foreach ( $this->json_config[ $this->ip_name ] as $icon => $info ) {
                     if ( ! empty( $info ) ) {
                         $delimiter   = "'";
                         $safe_icon   = esc_attr( $icon );
                         $safe_class  = esc_attr( $info["class"] );
                         $safe_tags   = esc_attr( $info["tags"] );
                         fwrite( $handle, "\r\n" . '$icons[\'' . $this->ip_name . '\'][' . $delimiter . $safe_icon . $delimiter . '] = array("class"=>' . $delimiter . $safe_class . $delimiter . ',"tags"=>' . $delimiter . $safe_tags . $delimiter . ');' );
                     } else {
                         $this->delete_folder( $this->paths['tempdir'] );
                         die( esc_html__( 'Error generating the configuration file.', 'borderless' ) );
+                    }
+                    // Escapes to prevent any code injection in the generated PHP
+                    $safe_icon  = addslashes( $icon );
+                    $safe_class = addslashes( $info["class"] );
+                    $safe_tags  = addslashes( $info["tags"] );
+                    $escaped_ip_name = addslashes( $this->ip_name );
+                    fwrite(
+                        $handle,
+                        "\r\n" .
+                        '$icons[\'' . $escaped_ip_name . '\'][\'' . $safe_icon . '\'] = array("class"=>\'' . $safe_class . '\',"tags"=>\'' . $safe_tags . '\');'
+                    );
+                }
                 fclose( $handle );

borderless/trunk/readme.txt

-                      r3230461
+                      r3231327
 Tested up to: 6.7.1
 Requires PHP: 7.4
 Stable tag: 1.6.0
+Stable tag: 1.6.1
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 1.6.1 - Jan 29 2025 =
+* Fixed - RCE Vulnerability (CVE-2024-11600).
+* Security - Additional sanitization on font pack names and `charmap.php` generation.
 = 1.6.0 - Jan 28 2025 =
 * Fixed - General Vulnerabilities.

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3231327

1.6.1 - Jan 29 2025

Legend:

borderless/trunk/borderless.php

borderless/trunk/includes/icon-manager/icon-manager.php

borderless/trunk/readme.txt

Download in other formats: