WordPress.org
Get WordPress

Plugin Directory

Changeset 3477703


Ignore:
Timestamp:
03/09/2026 03:44:09 AM (3 weeks ago)
Author:
wpmessiah
Message:

fix security issues

Location:
swiss-toolkit-for-wp
Files:
1287 added
4 edited

Legend:

Unmodified
Added
Removed

  • swiss-toolkit-for-wp/trunk/README.txt

    r3476218 r3477703  
    55Requires at least: 5.2
    66Tested up to: 6.9
    7 Stable tag: 1.4.4
     7Stable tag: 1.4.5
    88Requires PHP: 7.4
    99License: GPLv2 or later
     
    130130 == Changelog ==
    131131
     132= 1.4.5 - 09 March 2026 =
     133- Security Fix: Replaced deny-list extension validation with a strict allow-list approach in upload_extension_files() as recommended by WordPress.org.
     134- Security Fix: Hardened file upload validation to prevent potential bypasses.
     135
    132136= 1.4.4 - 06 March 2026 =
    133137- Security Fix: Patched arbitrary file upload vulnerability in Enhanced Multi-Format Image Support (CVE-2026-2354).

  • swiss-toolkit-for-wp/trunk/boomdevs-swiss-toolkit.php

    r3476218 r3477703  
    1717 * Plugin URI:        https://wpmessiah.com
    1818 * Description:       Say Goodbye to Plugin Overload - WP Swiss Toolkit Has It All
    19  * Version:           1.4.4
     19 * Version:           1.4.5
    2020 * Requires at least: 5.2
    2121 * Requires PHP:      7.4
     
    3838 * Rename this for your plugin and update it as you release new versions.
    3939 */
    40 define('BDSTFW_SWISS_TOOLKIT_VERSION', '1.4.4');
     40define('BDSTFW_SWISS_TOOLKIT_VERSION', '1.4.5');
    4141define('BDSTFW_SWISS_TOOLKIT_PATH', plugin_dir_path(__FILE__));
    4242define('BDSTFW_SWISS_TOOLKIT_URL', plugin_dir_url(__FILE__));

  • swiss-toolkit-for-wp/trunk/includes/class-boomdevs-swiss-toolkit.php

    r3476218 r3477703  
    6868                $this->version = BDSTFW_SWISS_TOOLKIT_VERSION;
    6969            } else {
    70                 $this->version = '1.4.4';
     70                $this->version = '1.4.5';
    7171            }
    7272            $this->plugin_name = 'swiss-toolkit-for-wp';

  • swiss-toolkit-for-wp/trunk/includes/plugins/class-boomdevs-swiss-toolkit-extension-supports.php

    r3476218 r3477703  
    2424         * Returns the single instance of the class.
    2525         *
    26          * @return BDSTFW_Swiss_Toolkit_AVIF Singleton instance.
     26         * @return BDSTFW_Swiss_Toolkit_Extension_Supports Singleton instance.
    2727         */
    2828        public static function get_instance()
     
    9393            ];
    9494
    95             // Dangerous extensions that should NEVER be allowed
    96             $dangerous_extensions = [
    97                 'php', 'phtml', 'php3', 'php4', 'php5', 'php7', 'phps',
    98                 'pht', 'phar', 'cgi', 'pl', 'py', 'sh', 'bash',
    99                 'exe', 'bat', 'cmd', 'com', 'htaccess', 'asp', 'aspx', 'jsp'
    100             ];
    101 
    10295            // Extract the ACTUAL file extension (after the last dot)
    10396            $file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
    10497
    105             // Immediately reject dangerous file types
    106             if (in_array($file_extension, $dangerous_extensions, true)) {
    107                 return $types;
    108             }
    109 
    110             // Remove any dangerous extensions from admin-configured list
    111             $extensions_array = array_diff($extensions_array, $dangerous_extensions);
    112 
     98            // FIXED: Strict allow-list approach.
     99            // Only allow if actual extension matches one of the administrator-configured and supported extensions.
    113100            foreach ($extensions_array as $extension) {
    114101                if (array_key_exists($extension, $mime_types)) {
    115                     // FIXED: Strict match — only allow if actual extension matches exactly
    116102                    if ($file_extension === $extension) {
    117103                        $types['ext'] = $extension;
    118104                        $types['type'] = $mime_types[$extension];
     105                        break; // Found a match, no need to continue.
    119106                    }
    120107                }
Note: See TracChangeset for help on using the changeset viewer.