WordPress.org
Get WordPress

Plugin Directory

Changeset 3454861


Ignore:
Timestamp:
02/05/2026 05:40:25 PM (7 weeks ago)
Author:
conveythis
Message:

269.3

  • Fix vulnerability
Location:
conveythis-translate/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • conveythis-translate/trunk/app/class/ConveyThis.php

    r3454136 r3454861  
    373373                $unslashed = wp_unslash($incoming[$field]);
    374374
     375                // SECURITY FIX: Block serialized input to prevent PHP Object Injection
    375376                if (is_serialized($unslashed)) {
    376                     if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
    377                         $value = @unserialize($unslashed, ['allowed_classes' => false]);
    378                         if ($value === false && $unslashed !== serialize(false)) {
    379                             wp_send_json_error('Invalid data format');
    380                             return;
    381                         }
    382                     } else {
    383                         if (preg_match('/O:\d+:"/', $unslashed)) {
    384                             wp_send_json_error('Invalid data format');
    385                             return;
    386                         }
    387                         $value = maybe_unserialize($unslashed);
    388                     }
    389                 } else {
    390                     $value = $unslashed;
    391                 }
     377                    // Skip this field but continue processing others
     378                    $this->print_log("SECURITY: Blocked serialized data in field: $field");
     379                    continue; // Skip this field, continue with others
     380                }
     381
     382                $value = $unslashed;
    392383
    393384                if ($field === 'style_change_language' || $field === 'style_change_flag') {

  • conveythis-translate/trunk/changelog.txt

    r3454136 r3454861  
    11== Changelog ==
     2= 269.3 =
     3* Fix vulnerability
     4
    25= 269.2 =
    36* Added per-language flag customization and fixed a Patchstack-reported security issue.

  • conveythis-translate/trunk/index.php

    r3454136 r3454861  
    44Plugin URI: https://www.conveythis.com/?utm_source=widget&utm_medium=wordpress
    55Description: Translate your WordPress site into over 100 languages using professional and instant machine translation technology. ConveyThis will help provide you with an SEO-friendy, multilingual website in minutes with no coding required.
    6 Version: 269.2
     6Version: 269.3
    77
    88Author: ConveyThis Translate Team

  • conveythis-translate/trunk/readme.txt

    r3454136 r3454861  
    66Tested up to: 6.9
    77
    8 Stable tag: 269.2
     8Stable tag: 269.3
    99
    1010License: GPLv2
     
    218218
    219219== Changelog ==
     220= 269.3 =
     221* Fix vulnerability
     222
    220223= 269.2 =
    221224* Added per-language flag customization and fixed a Patchstack-reported security issue.
Note: See TracChangeset for help on using the changeset viewer.