WordPress.org
Get WordPress

Plugin Directory

Changeset 691240


Ignore:
Timestamp:
04/03/2013 03:50:16 PM (13 years ago)
Author:
ondics
Message:

security fix 1.0.7

Location:
open-data-viewer-for-austria/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • open-data-viewer-for-austria/trunk/ckanfunc.php

    r682506 r691240  
    44Plugin URI: http://apps4austria-open-data.ondics.de
    55Description: Open Data Viewer for Austria brings the full power of open data from Austria to your Wordpress site.
    6 Version: 1.0.6
     6Version: 1.0.7
    77Author: Ondics GmbH
    88Author URI: http://ondics.de
     
    104104    <script type="text/javascript">
    105105        jQuery(document).ready(function($) {
    106             wpCKANReclineViewer.createDataViewer(".data-explorer-here' . $NumberOfGrids . '", "' . urlencode(str_replace("&amp;","&",$attr['url'])) . '", "' . $attr['type'] . '", ' . $strOptionsJson . ', "' . $attr['filters'] . '", "' . plugins_url("/proxy.php?url=", __FILE__) . '", "' . $attr['height'] . '", "' . $attr['width'] . '");
     106            wpCKANReclineViewer.createDataViewer(".data-explorer-here' . $NumberOfGrids . '", "' . urlencode(str_replace("&amp;","&",$attr['url'])) . '&ispost=1&id=' . get_the_ID() . '", "' . urlencode(str_replace("&amp;","&",$attr['metaurl'])) . '&ispost=1&id=' . get_the_ID() . '", "' . $attr['type'] . '", ' . $strOptionsJson . ', "' . $attr['filters'] . '", "' . plugins_url("/proxy.php?url=", __FILE__) . '", "' . $attr['height'] . '", "' . $attr['width'] . '");
    107107                $.ajax({
    108108                    url: "' . $attr["metaurl"] . '",
     
    364364            var strClass = '.<?php echo $this->get_field_id( 'data-explorer-here' ); ?>';
    365365            var strType = '<?php echo $instance['type']; ?>';
    366             var objOptions = <?php echo ($instance[$instance['type']] == "" ? "{}" : $instance[$instance['type']]); ?>;
    367             var url = "<?php echo urlencode($instance['url']); ?>";
     366            var objOptions = <?php echo ($instance[$instance['type']] == "" || $instance[$instance['type']] == "{" ? "{}" : $instance[$instance['type']]); ?>;
     367            var url = "<?php echo urlencode($instance['url']); ?>" + "&ispost=0&id=<?php echo $this->number; ?>";
    368368            var strFilters = "<?php echo $instance['filters']; ?>";
    369369            var strFormat = "<?php echo $instance['format']; ?>";
     
    379379            }
    380380            objOptions.format = strFormat;
    381             wpCKANReclineViewer.createDataViewer(strClass, url, strType, objOptions, strFilters, "<?php echo plugins_url("/proxy.php?url=", __FILE__); ?>" , widgetHeight, widgetWidth); // Widget
     381            wpCKANReclineViewer.createDataViewer(strClass, url, '<?php echo urlencode(str_replace("&amp;","&",$instance['metaurl'])); ?>' + "&ispost=0&id=<?php echo $this->number; ?>", strType, objOptions, strFilters, "<?php echo plugins_url("/proxy.php?url=", __FILE__); ?>" , widgetHeight, widgetWidth); // Widget
    382382            $(".<?php echo $this->get_field_id( 'ZoomLink' );?> > a").click(function() {
    383383                wpCKANReclineViewer.createDataViewer("#<?php echo $this->get_field_id( 'ZoomPopup' ); ?>", url, strType, objOptions, strFilters, "<?php echo plugins_url("/proxy.php?url=", __FILE__); ?>",popupHeight, popupWidth); // Widget im Popup

  • open-data-viewer-for-austria/trunk/proxy.php

    r681293 r691240  
    22require( '../../../wp-load.php' );
    33
     4// this proxy is needed because to get the ckan data from a foreign server
     5// The code checks if the requested url is in shortcode-data or widget-data
     6// If yes the request will be executed, if not =>'forbidden'
     7// If the user is logined the request will be also executed
    48
    5 // this proxy is needed because to get the ckan data from a foreign server
    69$url = urldecode(($_GET['url']));
    7 $url = str_replace(" ","%20",$url);
     10$nr = $_GET['id'];
     11$blnPost = $_GET['ispost'];
     12$urlCheck = $url;
     13$requestUrl = str_replace(" ","%20",$url);
    814if (strpos($url, "pop") !== FALSE) return ""; // http://www.heise.de/newsticker/meldung/cURL-auf-Abwegen-1800433.html
    915
    10 $response = wp_remote_get($url, array("user-agent" => "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0", 'sslverify' => false, 'timeout' => '1200', "redirection" => 5 ));
    11 $output = wp_remote_retrieve_body($response); // using a common useragent to prevent blocking from some server
     16if (!is_user_logged_in()) {
     17    if (isset($nr)) {
     18        if ($blnPost === "1") {
     19               $post = get_post($nr, ARRAY_A);
     20               if ($post != null) {
     21                    $iPos = 0;
     22                    $content = $post["post_content"];
     23                    $iPos = strpos($content, htmlentities($urlCheck));
     24                    if ($iPos !== false) {
     25                        getAndReturn($requestUrl);
     26                    }
     27               }
     28        } else {
     29            $aryWidgetDatas = get_option('widget_CkanWidget');
     30            if ($aryWidgetDatas[$nr]["url"] == $urlCheck || $aryWidgetDatas[$nr]["metaurl"] == $urlCheck) {
     31                getAndReturn($requestUrl);
     32            }
     33        }
     34    }
     35} else {
     36    getAndReturn($url);
     37}
     38denied();
    1239
    13 // this code converts to utf-8 when needed. But mb_check_encoding is critical code! http://de2.php.net/manual/de/function.mb-check-encoding.php
    14 if(!mb_check_encoding($output, 'UTF-8')) { // only convert when string is not utf-8
    15     echo utf8_encode($output);
    16 } else {
    17     echo $output;
     40
     41
     42function getAndReturn($url) {
     43    $url = str_replace(" ","%20",$url);
     44    $response = wp_remote_get($url, array("user-agent" => "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0", 'sslverify' => true, 'timeout' => '1200', "redirection" => 10 ));
     45    $output = wp_remote_retrieve_body($response); // using a common useragent to prevent blocking from some server
     46   
     47    // this code converts to utf-8 when needed. But mb_check_encoding is critical code! http://de2.php.net/manual/de/function.mb-check-encoding.php
     48    if(!mb_check_encoding($output, 'UTF-8')) { // only convert when string is not utf-8
     49        echo utf8_encode($output);
     50    } else {
     51        echo $output;
     52    }
     53    exit;
     54}
     55
     56function denied() {
     57    header('HTTP/1.1 403 Forbidden');
     58    echo "Access denied";
     59    exit;
    1860}
    1961

  • open-data-viewer-for-austria/trunk/readme.txt

    r682511 r691240  
    1 === Open Data Viewer for Austria ===
     1=== Open Data Viewer for Austria ===
    22Contributors: ondics
    33Donate link: http://ondics.de
     
    55Requires at least: 3.3
    66Tested up to: 3.5.1
    7 Stable tag: 1.0.6
     7Stable tag: 1.0.7
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    175175== Changelog ==
    176176
     177= 1.0.7 =
     178
     179* security fix (thanks to C. Mehlmauer)
     180
    177181= 1.0.6 =
    178182

  • open-data-viewer-for-austria/trunk/recline/initRecline.js

    r680599 r691240  
    100100var wpCKANReclineViewer = function () {}
    101101wpCKANReclineViewer.prototype = {
    102     createDataViewer: function (strContainerId, strUrl, strType, objTypeOptions, strFilters, strProxyUrl, height, width) {
     102    createDataViewer: function (strContainerId, strUrl, strMetaUrl, strType, objTypeOptions, strFilters, strProxyUrl, height, width) {
    103103        $(strContainerId).html("");
    104104        window.dataExplorer = null;
     
    113113        var $el = $('<div />');
    114114        $el.appendTo(window.explorerDiv);
    115        
    116115        var strProxy = strProxyUrl || "../wp-content/plugins/ckan/proxy.php?url=";
    117116        var format = objTypeOptions.format || "csv";
    118117        if (format == "json") format = "geojson";
     118       
    119119        var dataset = new recline.Model.Dataset({
    120120            url: strProxy + strUrl,
     
    191191                    var url = opts.metaurl;
    192192                    $.ajax({
    193                         url: strProxy + opts.metaurl,
     193                        url: strProxy + (strMetaUrl),
    194194                        contentType: "json",
    195195                        dataType: "json"

  • open-data-viewer-for-austria/trunk/recline/src/view.map.js

    r668365 r691240  
    407407      var lat = doc.get(this.state.get('latField'));
    408408      // Replaces in lat- and lonField , with . as decimal seperator
    409       lon = lon.replace(",", ".");
    410       lat = lat.replace(",", ".");
    411 
     409      if (lon != null) lon = lon.toString().replace(",", ".");
     410      if (lat != null) lat = lat.toString().replace(",", ".");
     411     
    412412      if (!isNaN(parseFloat(lon)) && !isNaN(parseFloat(lat))) {
    413413        return {

  • open-data-viewer-for-austria/trunk/showdataexplorer.php

    r681293 r691240  
    6363                var strType = '<?php echo $aryData['type']; ?>';
    6464                var objOptions = <?php echo ($aryData[$aryData['type']] == "" ? "{}": $aryData[$aryData['type']]); ?>;
    65                 var url = "<?php echo urlencode($aryData['url']); ?>";
     65                var url = "<?php echo urlencode($aryData['url']); ?>" + "&ispost=0&id=<?php echo $id; ?>";
    6666                var strFilters = "<?php echo $aryData['filters']; ?>";
    6767                wpCKANReclineViewer.createDataViewer(strClass, url, strType, objOptions, strFilters, "proxy.php?url=", 500, 500);
Note: See TracChangeset for help on using the changeset viewer.