Changeset 1581570
- Timestamp:
- 01/24/2017 11:51:41 PM (8 years ago)
- Location:
- ad-buttons/trunk
- Files:
-
- 5 edited
-
adbuttons.php (modified) (7 diffs)
-
adbuttonsact.php (modified) (4 diffs)
-
adbuttonsadmin.php (modified) (11 diffs)
-
adbuttonstop.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ad-buttons/trunk/adbuttons.php
r984190 r1581570 5 5 Description: Plugin to add ad buttons to your blog 6 6 Author: Nico 7 Version: 2.3. 17 Version: 2.3.2 8 8 Author URI: http://www.blogio.net/blog/ 9 9 Questions, sugestions, problems? Let me know at [email protected] … … 71 71 dbDelta($structure); 72 72 73 $ad_buttons_version = "2.3. 1";73 $ad_buttons_version = "2.3.2"; 74 74 update_option("ad_buttons_version", $ad_buttons_version); 75 75 76 $ad_buttons_db_version = "2.3. 1";76 $ad_buttons_db_version = "2.3.2"; 77 77 update_option("ad_buttons_db_version", $ad_buttons_db_version); 78 78 … … 85 85 $ad_buttons_db_version = get_option("ad_buttons_db_version"); 86 86 87 if($ad_buttons_db_version <> "2.3. 1"){87 if($ad_buttons_db_version <> "2.3.2"){ 88 88 // update database 89 89 … … 146 146 dbDelta($structure); 147 147 148 $ad_buttons_version = "2.3. 1";148 $ad_buttons_version = "2.3.2"; 149 149 update_option("ad_buttons_version", $ad_buttons_version); 150 150 151 $ad_buttons_db_version = "2.3. 1";151 $ad_buttons_db_version = "2.3.2"; 152 152 update_option("ad_buttons_db_version", $ad_buttons_db_version); 153 153 … … 462 462 //add_submenu_page(__FILE__, 'Ad Buttons Test', 'Ad Network', 9, 'ad-buttons-test', 'ad_buttons_test_gae'); 463 463 // see if allow_url_fopen is enabled 464 if (ini_get('allow_url_fopen')) {465 add_submenu_page(__FILE__, 'Ad Buttons Network', 'Ad Network', 9, 'ad-buttons-network', 'ad_buttons_test_gae');466 } else {467 // allow_url_fopen is disabled see if CURL can be used...468 if (function_exists('curl_init')) {469 add_submenu_page(__FILE__, 'Ad Buttons Network', 'Ad Network', 9, 'ad-buttons-network', 'ad_buttons_test_gae');470 }471 }464 // if (ini_get('allow_url_fopen')) { 465 // add_submenu_page(__FILE__, 'Ad Buttons Network', 'Ad Network', 9, 'ad-buttons-network', 'ad_buttons_test_gae'); 466 // } else { 467 // // allow_url_fopen is disabled see if CURL can be used... 468 // if (function_exists('curl_init')) { 469 // add_submenu_page(__FILE__, 'Ad Buttons Network', 'Ad Network', 9, 'ad-buttons-network', 'ad_buttons_test_gae'); 470 // } 471 // } 472 472 } 473 473 … … 575 575 update_option('widget_adbuttons_cfg', $options); 576 576 } 577 $title = attribute_escape($options['ab_title']);577 $title = esc_attr($options['ab_title']); 578 578 ?> 579 579 <p><label for="adbuttons_widget_title"><?php _e('Title:'); ?> <input class="widefat" id="adbuttons_widget_title" name="adbuttons_widget_title" type="text" value="<?php echo $title; ?>" /></label></p> … … 583 583 <?php 584 584 } 585 585 586 586 register_sidebar_widget( "Ad Buttons", "adbuttons_widget" ); 587 587 register_widget_control( "Ad Buttons", "adbuttons_widget_control" ); -
ad-buttons/trunk/adbuttonsact.php
r172892 r1581570 48 48 $widget_adbuttons_cfg = get_option('widget_adbuttons_cfg'); 49 49 50 50 51 // check if the form has been submitted and validate input 51 52 if(isset($_POST['ab_img']) || isset($_POST['ab_link']) || isset($_POST['ab_txt'])) { 53 if ( 54 ! isset( $_POST['ab-create-nonce'] ) 55 || ! wp_verify_nonce( $_POST['ab-create-nonce'], 'ab-create' ) 56 ) { 57 58 print 'Sorry, your nonce did not verify.'; 59 exit; 60 61 } else { 62 63 52 64 if (isset($_POST['ab_img'])) { 53 $ab_img = $htp.str_replace($htp, "", $_POST['ab_img']);65 $ab_img = $htp.str_replace($htp, "", esc_html($_POST['ab_img'])); 54 66 } 55 67 56 68 if (isset($_POST['ab_link'])) { 57 69 if(substr($_POST['ab_link'], 0, 7) == $htp){ 58 $ab_link = $_POST['ab_link'];70 $ab_link = esc_html($_POST['ab_link']); 59 71 }elseif(substr($_POST['ab_link'], 0, 8) == $htps){ 60 $ab_link = $_POST['ab_link'];72 $ab_link = esc_html($_POST['ab_link']); 61 73 }else{ 62 74 $ab_link = $htp.$_POST['ab_link']; … … 66 78 67 79 if (isset($_POST['ab_txt'])) { 68 $ab_txt = $_POST['ab_txt'];80 $ab_txt = esc_html($_POST['ab_txt']); 69 81 } 70 82 … … 134 146 135 147 } 148 } 149 136 150 ?> 137 151 <?php if ($ol_flash != '') echo '<div id="message"class="updated fade"><p>' . $ol_flash . '</p></div>'; ?> … … 147 161 148 162 <p><form method="post" name="ab_form"> 149 <?php wp_nonce_field(' update-options');163 <?php wp_nonce_field('ab-create', 'ab-create-nonce'); 150 164 $widget_adbuttons_cfg = get_option('widget_adbuttons_cfg'); 151 165 echo'<script src="'.$ab_plugindir.'/color_functions.js"></script>'; ?> -
ad-buttons/trunk/adbuttonsadmin.php
r901701 r1581570 48 48 // install ip2nation database 49 49 // this is quite a large sql file, so it will take some time to process 50 ini_set('max_execution_time', 300); //300 seconds = 5minutes50 ini_set('max_execution_time', 600); //600 seconds = 10 minutes 51 51 require_once(ABSPATH . 'wp-admin/includes/upgrade.php'); 52 52 ob_start(); … … 157 157 } 158 158 159 159 160 if(isset($_POST['ab_dspcnt'])) { 161 162 if ( 163 ! isset( $_POST['ab-update-options-nonce'] ) 164 || ! wp_verify_nonce( $_POST['ab-update-options-nonce'], 'ab-update-options' ) 165 ) { 166 167 print 'Sorry, your nonce did not verify.'; 168 exit; 169 170 } else { 171 172 // process form data 173 174 175 160 176 if (is_numeric ($_POST['ab_dspcnt'])) { 161 $widget_adbuttons_cfg['ab_title'] = $_POST['ab_title'];162 $widget_adbuttons_cfg['ab_dspcnt'] = $_POST['ab_dspcnt'];163 $widget_adbuttons_cfg['ab_target'] = $_POST['ab_target'];164 $widget_adbuttons_cfg['ab_adsense'] = $_POST['ab_adsense'];165 $widget_adbuttons_cfg['ab_adsense_fixed'] = $_POST['ab_adsense_fixed'];166 $widget_adbuttons_cfg['ab_adsense_pos'] = $_POST['ab_adsense_pos'];177 $widget_adbuttons_cfg['ab_title'] = esc_html($_POST['ab_title']); 178 $widget_adbuttons_cfg['ab_dspcnt'] = esc_html($_POST['ab_dspcnt']); 179 $widget_adbuttons_cfg['ab_target'] = esc_html($_POST['ab_target']); 180 $widget_adbuttons_cfg['ab_adsense'] = esc_html($_POST['ab_adsense']); 181 $widget_adbuttons_cfg['ab_adsense_fixed'] = esc_html($_POST['ab_adsense_fixed']); 182 $widget_adbuttons_cfg['ab_adsense_pos'] = esc_html($_POST['ab_adsense_pos']); 167 183 if($widget_adbuttons_cfg['ab_adsense_pos'] > $widget_adbuttons_cfg['ab_dspcnt']){ 168 184 $widget_adbuttons_cfg['ab_adsense_pos'] = $widget_adbuttons_cfg['ab_dspcnt']; 169 185 } 170 $widget_adbuttons_cfg['ab_adsense_pubid'] = $_POST['ab_adsense_pubid'];171 $widget_adbuttons_cfg['ab_adsense_channel'] = $_POST['ab_adsense_channel'];172 $widget_adbuttons_cfg['ab_adsense_corners'] = $_POST['ab_adsense_corners'];173 $widget_adbuttons_cfg['ab_adsense_col_border'] = trim( $_POST['ab_adsense_col_border'], "#");174 $widget_adbuttons_cfg['ab_adsense_col_title'] = trim( $_POST['ab_adsense_col_title'], "#");175 $widget_adbuttons_cfg['ab_adsense_col_bg'] = trim( $_POST['ab_adsense_col_bg'], "#");176 $widget_adbuttons_cfg['ab_adsense_col_txt'] = trim( $_POST['ab_adsense_col_txt'], "#");177 $widget_adbuttons_cfg['ab_adsense_col_url'] = trim( $_POST['ab_adsense_col_url'], "#");178 $widget_adbuttons_cfg['ab_nocss'] = $_POST['ab_nocss'];179 $widget_adbuttons_cfg['ab_width'] = $_POST['ab_width'];180 $widget_adbuttons_cfg['ab_padding'] = $_POST['ab_padding'];181 $widget_adbuttons_cfg['ab_nofollow'] = $_POST['ab_nofollow'];182 $widget_adbuttons_cfg['ab_powered'] = $_POST['ab_powered'];183 $widget_adbuttons_cfg['ab_yah'] = $_POST['ab_yah'];184 $widget_adbuttons_cfg['ab_yourad'] = $_POST['ab_yourad'];185 $widget_adbuttons_cfg['ab_geot'] = $_POST['ab_geot'];186 $widget_adbuttons_cfg['ab_yaht'] = $_POST['ab_yaht'];187 $widget_adbuttons_cfg['ab_yahurl'] = $_POST['ab_yahurl'];188 $widget_adbuttons_cfg['ab_anet'] = $_POST['ab_anet'];189 $widget_adbuttons_cfg['ab_anetu'] = $_POST['ab_anetu'];190 $widget_adbuttons_cfg['ab_anett'] = $_POST['ab_anett'];191 $widget_adbuttons_cfg['ab_fix'] = $_POST['ab_fix'];192 $widget_adbuttons_cfg['ab_count'] = $_POST['ab_count'];186 $widget_adbuttons_cfg['ab_adsense_pubid'] = esc_html($_POST['ab_adsense_pubid']); 187 $widget_adbuttons_cfg['ab_adsense_channel'] = esc_html($_POST['ab_adsense_channel']); 188 $widget_adbuttons_cfg['ab_adsense_corners'] = esc_html($_POST['ab_adsense_corners']); 189 $widget_adbuttons_cfg['ab_adsense_col_border'] = trim(esc_html($_POST['ab_adsense_col_border']), "#"); 190 $widget_adbuttons_cfg['ab_adsense_col_title'] = trim(esc_html($_POST['ab_adsense_col_title']), "#"); 191 $widget_adbuttons_cfg['ab_adsense_col_bg'] = trim(esc_html($_POST['ab_adsense_col_bg']), "#"); 192 $widget_adbuttons_cfg['ab_adsense_col_txt'] = trim(esc_html($_POST['ab_adsense_col_txt']), "#"); 193 $widget_adbuttons_cfg['ab_adsense_col_url'] = trim(esc_html($_POST['ab_adsense_col_url']), "#"); 194 $widget_adbuttons_cfg['ab_nocss'] = esc_html($_POST['ab_nocss']); 195 $widget_adbuttons_cfg['ab_width'] = esc_html($_POST['ab_width']); 196 $widget_adbuttons_cfg['ab_padding'] = esc_html($_POST['ab_padding']); 197 $widget_adbuttons_cfg['ab_nofollow'] = esc_html($_POST['ab_nofollow']); 198 $widget_adbuttons_cfg['ab_powered'] = esc_html($_POST['ab_powered']); 199 $widget_adbuttons_cfg['ab_yah'] = esc_html($_POST['ab_yah']); 200 $widget_adbuttons_cfg['ab_yourad'] = esc_html($_POST['ab_yourad']); 201 $widget_adbuttons_cfg['ab_geot'] = esc_html($_POST['ab_geot']); 202 $widget_adbuttons_cfg['ab_yaht'] = esc_html($_POST['ab_yaht']); 203 $widget_adbuttons_cfg['ab_yahurl'] = esc_html($_POST['ab_yahurl']); 204 $widget_adbuttons_cfg['ab_anet'] = esc_html($_POST['ab_anet']); 205 $widget_adbuttons_cfg['ab_anetu'] = esc_html($_POST['ab_anetu']); 206 $widget_adbuttons_cfg['ab_anett'] = esc_html($_POST['ab_anett']); 207 $widget_adbuttons_cfg['ab_fix'] = esc_html($_POST['ab_fix']); 208 $widget_adbuttons_cfg['ab_count'] = esc_html($_POST['ab_count']); 193 209 update_option('widget_adbuttons_cfg',$widget_adbuttons_cfg); 194 210 $ol_flash = "Your settings have been saved."; … … 196 212 $ab_num_err = 1; 197 213 } 214 } 198 215 } 199 ?> 200 <?phpif ($ol_flash != '') echo '<div id="message"class="updated fade"><p>' . $ol_flash . '</p></div>'; ?>216 217 if ($ol_flash != '') echo '<div id="message"class="updated fade"><p>' . $ol_flash . '</p></div>'; ?> 201 218 202 219 <div class="wrap"> … … 204 221 205 222 206 <?php wp_nonce_field('update-options');223 <?php 207 224 $widget_adbuttons_cfg = get_option('widget_adbuttons_cfg'); 208 225 $ab_geot = $widget_adbuttons_cfg['ab_geot']; … … 484 501 tabDiv.appendChild(tabSpan); 485 502 var tabImg = document.createElement('IMG'); 486 tabImg.src = " tab_right_" + suffix + ".gif";503 tabImg.src = "<?php echo"$ab_plugindir";?>/tab_right_" + suffix + ".gif"; 487 504 tabDiv.appendChild(tabImg); 488 505 div.appendChild(tabDiv); … … 998 1015 </form> 999 1016 <form method="post"> 1017 <?php wp_nonce_field('ab-update-options', 'ab-update-options-nonce');?> 1000 1018 <tr valign="top"> 1001 1019 <th scope="row">Enable geo targeting</th> … … 1176 1194 </td> 1177 1195 <td> 1178 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[ 0].ab_adsense_col_border)">1196 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[1].ab_adsense_col_border)"> 1179 1197 </td> 1180 1198 </tr> … … 1187 1205 </td> 1188 1206 <td> 1189 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[ 0].ab_adsense_col_title)">1207 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[1].ab_adsense_col_title)"> 1190 1208 </td> 1191 1209 </tr> … … 1198 1216 </td> 1199 1217 <td> 1200 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[ 0].ab_adsense_col_bg)">1218 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[1].ab_adsense_col_bg)"> 1201 1219 </td> 1202 1220 </tr> … … 1209 1227 </td> 1210 1228 <td> 1211 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[ 0].ab_adsense_col_txt)">1229 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[1].ab_adsense_col_txt)"> 1212 1230 </td> 1213 1231 </tr> … … 1220 1238 </td> 1221 1239 <td> 1222 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[ 0].ab_adsense_col_url)">1240 <input type="button" value="Color picker" onclick="showColorPicker(this,document.forms[1].ab_adsense_col_url)"> 1223 1241 </td> 1224 1242 </tr> -
ad-buttons/trunk/adbuttonstop.php
r137030 r1581570 15 15 $ab_img_err = ''; 16 16 $ab_link_err= ''; 17 18 if ( 19 ! isset( $_POST['ab-create-nonce'] ) 20 || ! wp_verify_nonce( $_POST['ab-create-nonce'], 'ab-create' ) 21 ) { 22 23 print 'Sorry, your nonce did not verify.'; 24 exit; 25 26 } else { 27 17 28 // check if the form has been submitted and validate input 18 29 if(isset($_POST['ab_img']) || isset($_POST['ab_link']) || isset($_POST['ab_txt'])) { 19 30 if (isset($_POST['ab_img'])) { 20 $ab_img = $htp.str_replace($htp, "", $_POST['ab_img']);31 $ab_img = $htp.str_replace($htp, "", wp_specialchars_decode($_POST['ab_img'])); 21 32 } 22 33 23 34 if (isset($_POST['ab_link'])) { 24 $ab_link = $htp.str_replace($htp, "", $_POST['ab_link']);35 $ab_link = $htp.str_replace($htp, "", wp_specialchars_decode($_POST['ab_link'])); 25 36 } 26 37 27 38 if (isset($_POST['ab_txt'])) { 28 $ab_txt = $_POST['ab_txt'];39 $ab_txt = wp_specialchars_decode($_POST['ab_txt']); 29 40 30 41 } 31 42 if($ab_img == $htp || $ab_img == ''){ 32 $ab_img_err = 'Please fill in the link to your image file ';43 $ab_img_err = 'Please fill in the link to your image filex'; 33 44 } 34 45 if($ab_link == $htp || $ab_link == ''){ … … 50 61 51 62 } 63 } 52 64 53 ?> 54 <?php if ($ol_flash != '') echo '<div id="message"class="updated fade"><p>' . $ol_flash . '</p></div>'; ?> 65 if ($ol_flash != '') echo '<div id="message"class="updated fade"><p>' . $ol_flash . '</p></div>'; ?> 55 66 <div class="wrap"> 56 67 57 68 <h2>Create new Ad Button</h2> 58 69 <p><form method="post"> 59 <?php wp_nonce_field(' update-options');70 <?php wp_nonce_field('ab-create', 'ab-create-nonce'); 60 71 $widget_adbuttons_cfg = get_option('widget_adbuttons_cfg') 61 72 ?> -
ad-buttons/trunk/readme.txt
r984182 r1581570 3 3 Donate link: http://blogio.net/blog/donate/ 4 4 Tags: ads, buttons, advertising, monetizing, AdSense, 125, widget, sidebar, plugin, links, admin, google, geo, ip2nation 5 Requires at least: 2. 0.26 Tested up to: 4. 07 Stable tag: 2.3. 15 Requires at least: 2.8.0 6 Tested up to: 4.7.1 7 Stable tag: 2.3.2 8 8 9 9 The Ad Buttons plugin displays a number of graphical ads in a sidebar widget. … … 39 39 40 40 == Changelog == 41 42 = 2.3.2 = 43 * 24-01-2017 44 * added Nonce to admin pages 45 * bugfix for XSS vulnerability 46 * bugfix to the colorpicker 41 47 42 48 = 2.3.1 =
Note: See TracChangeset
for help on using the changeset viewer.