WordPress.org
Get WordPress

Plugin Directory

Changeset 3345313


Ignore:
Timestamp:
08/15/2025 10:57:53 PM (8 months ago)
Author:
osamaesh
Message:

Security: Fixed stored XSS in wsm_showMostActiveVisitorsGeo shortcode by sanitizing zoom, id, and height attributes before output.

Location:
wp-stats-manager
Files:
94 added
3 edited

Legend:

Unmodified
Added
Removed

  • wp-stats-manager/trunk/includes/wsm_statistics.php

    r3319247 r3345313  
    10881088        $objLocation = wsmFnGetLocationInfo($ipAddress);
    10891089        $googleMapAPI = get_option(WSM_PREFIX . 'GoogleMapAPI');
     1090       
     1091        // Sanitize shortcode attributes to prevent XSS in JS context.
     1092        $zoom = isset($atts['zoom']) ? (int) $atts['zoom'] : 1;
     1093        if ($zoom < 0) { $zoom = 0; }
     1094        if ($zoom > 21) { $zoom = 21; }
     1095
     1096        $height = isset($atts['height']) ? $atts['height'] : '300px';
     1097        if (!preg_match('/^\d+(px|%)$/', $height)) { $height = '300px'; }
     1098
     1099        $safe_id = sanitize_key($atts['id']);
     1100       
     1101       
    10901102        if (is_null($googleMapAPI) || $googleMapAPI == '') {
    10911103            echo '<br><br>&nbsp;<i>' . __('Please enter map API key (check the settings page for more details)', 'wp-stats-manager') . '</i><br><br>';
     
    11051117                return json_encode($arrJSMarkers);
    11061118            }
    1107             $html = '<style>#' . WSM_PREFIX . '_' . sanitize_key($atts['id']) . '{height:' . $atts['height'] . ';}</style><div id="' . WSM_PREFIX . '_' . $atts['id'] . '" class="wsmMapContainer" ></div>';
     1119            $html = '<style>#' . WSM_PREFIX . '_' . esc_attr($safe_id) . '{height:' . esc_attr($height) . ';}</style><div id="' . WSM_PREFIX . '_' . esc_attr($safe_id) . '" class="wsmMapContainer" ></div>';
    11081120            $wsmAdminJavaScript .= "arrLiveStats.push('" . WSM_PREFIX . '_' . $atts['id'] . "'); var " . WSM_PREFIX . "_locations=[]; var " . WSM_PREFIX . "_lDetails=[];";
    11091121            if (is_array($arrJSMarkers) && count($arrJSMarkers) > 0) {
     
    11341146        ';
    11351147            $wsmAdminJavaScript .= '
    1136         var ' . WSM_PREFIX . 'ZoomLevel= ' . $atts['zoom'] . ';                         
     1148        var ' . WSM_PREFIX . 'ZoomLevel= ' . $zoom . ';                       
    11371149        var ' . WSM_PREFIX . 'centerObj= {lat: parseFloat(' . $objLocation->geoplugin_latitude . '), lng: parseFloat(' . $objLocation->geoplugin_longitude . ')};                         
    11381150        window.wsmInitMap=function() {
    11391151        var infoWindow = new google.maps.InfoWindow;               
    1140         var map_' . WSM_PREFIX . '_' . $atts['id'] . ' = new google.maps.Map(document.getElementById("' . WSM_PREFIX . '_' . $atts['id'] . '"), {
     1152        var map_' . WSM_PREFIX . '_' . $safe_id . ' = new google.maps.Map(document.getElementById("' . WSM_PREFIX . '_' . $atts['id'] . '"), {
    11411153        center: ' . WSM_PREFIX . 'centerObj ,
    11421154        zoom: ' . WSM_PREFIX . 'ZoomLevel,
     
    11471159        scaleControl: false
    11481160        });
    1149         google.maps.event.addListener(map_' . WSM_PREFIX . '_' . $atts['id'] . ', \'zoom_changed\',function() {
    1150             ' . WSM_PREFIX . 'ZoomLevel=map_' . WSM_PREFIX . '_' . $atts['id'] . '.getZoom();           
     1161        google.maps.event.addListener(map_' . WSM_PREFIX . '_' . $safe_id . ', \'zoom_changed\',function() {
     1162            ' . WSM_PREFIX . 'ZoomLevel=map_' . WSM_PREFIX . '_' . $safe_id . '.getZoom();           
    11511163        });
    1152         google.maps.event.addListener(map_' . WSM_PREFIX . '_' . $atts['id'] . ', \'center_changed\',function() {           
    1153             ' . WSM_PREFIX . 'centerObj=map_' . WSM_PREFIX . '_' . $atts['id'] . '.getCenter();
     1164        google.maps.event.addListener(map_' . WSM_PREFIX . '_' . $safe_id . ', \'center_changed\',function() {           
     1165            ' . WSM_PREFIX . 'centerObj=map_' . WSM_PREFIX . '_' . $safe_id . '.getCenter();
    11541166        });
    1155         google.maps.event.addListener(map_' . WSM_PREFIX . '_' . $atts['id'] . ', \'drag\',function() {           
    1156             ' . WSM_PREFIX . 'centerObj=map_' . WSM_PREFIX . '_' . $atts['id'] . '.getCenter();
     1167        google.maps.event.addListener(map_' . WSM_PREFIX . '_' . $safe_id . ', \'drag\',function() {           
     1168            ' . WSM_PREFIX . 'centerObj=map_' . WSM_PREFIX . '_' . $safe_id . '.getCenter();
    11571169        });
    11581170        ';

  • wp-stats-manager/trunk/readme.txt

    r3338192 r3345313  
    33Tags: analytics, google analytics, insights, stats, visitors
    44Requires at least: 5.0
    5 Tested up to: 6.8.1
    6 Stable tag: 8.2
     5Tested up to: 6.8.2
     6Stable tag: 8.3
    77License: GPL3
    88
     
    8282
    8383== Changelog ==
     84
     85= 8.3
     86Security: Fixed stored XSS in wsm_showMostActiveVisitorsGeo shortcode by sanitizing zoom, id, and height attributes before output.
    8487
    8588= 8.2 =

  • wp-stats-manager/trunk/wp-stats-manager.php

    r3338192 r3345313  
    44 * Plugin URI: http://plugins-market.com/contact-us
    55 * Description: This plugin will track the web analytics for each page and show various analytics report in admin panel as well as in front end.
    6  * Version: 8.2
     6 * Version: 8.3
    77 * Author: osamaesh
    88 * Author URI: http://plugins-market.com/
Note: See TracChangeset for help on using the changeset viewer.