Changeset 1637420

Timestamp:

04/14/2017 07:39:56 AM (9 years ago)

Author:

wpecommerce

Message:

.committing version 1.2.5

Location:

easy-wp-smtp/trunk

Files:

• easy-wp-smtp-admin-menu.php (modified) (6 diffs)
• easy-wp-smtp.php (modified) (1 diff)
• languages/easy-wp-smtp.mo (deleted)
• readme.txt (modified) (2 diffs)

easy-wp-smtp/trunk/easy-wp-smtp-admin-menu.php

@@ -42 +42 @@
         $swpsmtp_options['smtp_settings']['autentication'] = ( isset($_POST['swpsmtp_smtp_autentication']) ) ? sanitize_text_field($_POST['swpsmtp_smtp_autentication']) : 'yes';
         $swpsmtp_options['smtp_settings']['username'] = sanitize_text_field($_POST['swpsmtp_smtp_username']);
-        $smtp_password = trim($_POST['swpsmtp_smtp_password']);
+        $smtp_password = sanitize_text_field($_POST['swpsmtp_smtp_password']);
         $swpsmtp_options['smtp_settings']['password'] = base64_encode($smtp_password);
 
@@ -65 +65 @@
 
     /* Send test letter */
+    $swpsmtp_to = '';
     if (isset($_POST['swpsmtp_test_submit']) && check_admin_referer(plugin_basename(__FILE__), 'swpsmtp_nonce_name')) {
         if (isset($_POST['swpsmtp_to'])) {
-            if (is_email($_POST['swpsmtp_to'])) {
-                $swpsmtp_to = $_POST['swpsmtp_to'];
+            $to_email = sanitize_text_field($_POST['swpsmtp_to']);
+            if (is_email($to_email)) {
+                $swpsmtp_to = $to_email;
             } else {
                 $error .= __("Please enter a valid email address in the recipient email field.", 'easy-wp-smtp');
             }
         }
-        $swpsmtp_subject = isset($_POST['swpsmtp_subject']) ? $_POST['swpsmtp_subject'] : '';
-        $swpsmtp_message = isset($_POST['swpsmtp_message']) ? $_POST['swpsmtp_message'] : '';
+        $swpsmtp_subject = isset($_POST['swpsmtp_subject']) ? sanitize_text_field($_POST['swpsmtp_subject']) : '';
+        $swpsmtp_message = isset($_POST['swpsmtp_message']) ? sanitize_text_field($_POST['swpsmtp_message']) : '';
         
         //Save the test mail details so it doesn't need to be filled in everytime.
@@ -164 +166 @@
                         <th><?php _e('SMTP Password', 'easy-wp-smtp'); ?></th>
                         <td>
-                            <input type='password' name='swpsmtp_smtp_password' value='<?php echo esc_attr(swpsmtp_get_password()); ?>' /><br />
+                            <input type='password' name='swpsmtp_smtp_password' value='' /><br />
                             <p class="description"><?php _e("The password to login to your mail server", 'easy-wp-smtp'); ?></p>
                         </td>
@@ -193 +195 @@
                         <th scope="row"><?php _e("To", 'easy-wp-smtp'); ?>:</th>
                         <td>
-                            <input type="text" name="swpsmtp_to" value="<?php echo $smtp_test_mail['swpsmtp_to']; ?>" /><br />
+                            <input type="text" name="swpsmtp_to" value="<?php echo esc_html($smtp_test_mail['swpsmtp_to']); ?>" /><br />
                             <p class="description"><?php _e("Enter the recipient's email address", 'easy-wp-smtp'); ?></p>
                         </td>
@@ -200 +202 @@
                         <th scope="row"><?php _e("Subject", 'easy-wp-smtp'); ?>:</th>
                         <td>
-                            <input type="text" name="swpsmtp_subject" value="<?php echo $smtp_test_mail['swpsmtp_subject']; ?>" /><br />
+                            <input type="text" name="swpsmtp_subject" value="<?php echo esc_html($smtp_test_mail['swpsmtp_subject']); ?>" /><br />
                             <p class="description"><?php _e("Enter a subject for your message", 'easy-wp-smtp'); ?></p>
                         </td>
@@ -207 +209 @@
                         <th scope="row"><?php _e("Message", 'easy-wp-smtp'); ?>:</th>
                         <td>
-                            <textarea name="swpsmtp_message" id="swpsmtp_message" rows="5"><?php echo $smtp_test_mail['swpsmtp_message']; ?></textarea><br />
+                            <textarea name="swpsmtp_message" id="swpsmtp_message" rows="5"><?php echo esc_textarea($smtp_test_mail['swpsmtp_message']); ?></textarea><br />
                             <p class="description"><?php _e("Write your email message", 'easy-wp-smtp'); ?></p>
                         </td>

easy-wp-smtp/trunk/easy-wp-smtp.php

@@ -2 +2 @@
 /*
 Plugin Name: Easy WP SMTP
-Version: 1.2.4
+Version: 1.2.5
 Plugin URI: https://wp-ecommerce.net/easy-wordpress-smtp-send-emails-from-your-wordpress-site-using-a-smtp-server-2197
 Author: wpecommerce

easy-wp-smtp/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 4.3
 Tested up to: 4.7
-Stable tag: 1.2.4
+Stable tag: 1.2.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -75 +75 @@
 
 == Changelog ==
+
+= 1.2.5 =
+* Fixed two possible XSS vulnerabilities that were affecting the email subject and email body input fields.
+* The saved SMTP password is no longer displayed on the screen. This was a security concern for websites administered by multiple users.
 
 = 1.2.4 =