Changeset 3222952

Timestamp:

01/15/2025 01:59:10 PM (13 months ago)

Author:

instawp

Message:

Update to version 2.6.7 from GitHub

Location:

string-locator

Files:

• tags/2.6.7 (copied) (copied from string-locator/trunk)
• tags/2.6.7/changelog.txt (modified) (1 diff)
• tags/2.6.7/includes/Extension/SearchReplace/Replace/class-sql.php (modified) (1 diff)
• tags/2.6.7/readme.txt (modified) (2 diffs)
• tags/2.6.7/string-locator.php (modified) (1 diff)
• trunk/changelog.txt (modified) (1 diff)
• trunk/includes/Extension/SearchReplace/Replace/class-sql.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/string-locator.php (modified) (1 diff)

string-locator/tags/2.6.7/changelog.txt

@@ +1 @@
+= 2.6.7 (2025-01-15) =
+* Fixed secured unserialized data handling to prevent potential vulnerabilities.
+* Verified compatibility with WordPress 6.7
+
 = 2.6.6 (2024-08-21) =
 * Fixed missing URL input sanitization.

string-locator/tags/2.6.7/includes/Extension/SearchReplace/Replace/class-sql.php

@@ -167 +167 @@
     public function recursive_unserialize_replace( $from = '', $to = '', $data = '', $serialised = false ) {
         // Some unserialised data cannot be re-serialised eg. SimpleXMLElements.
+        global $wpdb;
         try {
-            $unserialized = @unserialize( $data );
+            $unserialized = false;
+            if ( ! empty( $data ) && ( $wpdb->prefix . 'comments' !== $this->table_name || 'comment_content' !== $this->column_name ) && is_serialized( $data ) ) {
+                $unserialized = @unserialize( $data, array( 'allowed_classes' => false ) );
+            }
             if ( is_string( $data ) && false !== $unserialized ) {
                 $data = $this->recursive_unserialize_replace( $from, $to, $unserialized, true );

string-locator/tags/2.6.7/readme.txt

@@ -5 +5 @@
 Tags: text, search, find, syntax, highlight
 Requires at least: 4.9
-Tested up to: 6.6
-Stable tag: 2.6.6
+Tested up to: 6.7
+Stable tag: 2.6.7
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -47 +47 @@
 == Changelog ==
 
+= 2.6.7 (2025-01-15) =
+* Fixed secured unserialized data handling to prevent potential vulnerabilities.
+* Verified compatibility with WordPress 6.7
+
 = 2.6.6 (2024-08-21) =
 * Fixed missing URL input sanitization.

string-locator/tags/2.6.7/string-locator.php

@@ -4 +4 @@
  * Plugin URI: https://wordpress.org/plugins/string-locator/
  * Description: Scan through theme and plugin files looking for text strings
- * Version: 2.6.6
+ * Version: 2.6.7
  * Author: InstaWP
  * Author URI: https://instawp.com/

string-locator/trunk/changelog.txt

@@ +1 @@
+= 2.6.7 (2025-01-15) =
+* Fixed secured unserialized data handling to prevent potential vulnerabilities.
+* Verified compatibility with WordPress 6.7
+
 = 2.6.6 (2024-08-21) =
 * Fixed missing URL input sanitization.

string-locator/trunk/includes/Extension/SearchReplace/Replace/class-sql.php

@@ -167 +167 @@
     public function recursive_unserialize_replace( $from = '', $to = '', $data = '', $serialised = false ) {
         // Some unserialised data cannot be re-serialised eg. SimpleXMLElements.
+        global $wpdb;
         try {
-            $unserialized = @unserialize( $data );
+            $unserialized = false;
+            if ( ! empty( $data ) && ( $wpdb->prefix . 'comments' !== $this->table_name || 'comment_content' !== $this->column_name ) && is_serialized( $data ) ) {
+                $unserialized = @unserialize( $data, array( 'allowed_classes' => false ) );
+            }
             if ( is_string( $data ) && false !== $unserialized ) {
                 $data = $this->recursive_unserialize_replace( $from, $to, $unserialized, true );

string-locator/trunk/readme.txt

@@ -5 +5 @@
 Tags: text, search, find, syntax, highlight
 Requires at least: 4.9
-Tested up to: 6.6
-Stable tag: 2.6.6
+Tested up to: 6.7
+Stable tag: 2.6.7
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -47 +47 @@
 == Changelog ==
 
+= 2.6.7 (2025-01-15) =
+* Fixed secured unserialized data handling to prevent potential vulnerabilities.
+* Verified compatibility with WordPress 6.7
+
 = 2.6.6 (2024-08-21) =
 * Fixed missing URL input sanitization.

string-locator/trunk/string-locator.php

@@ -4 +4 @@
  * Plugin URI: https://wordpress.org/plugins/string-locator/
  * Description: Scan through theme and plugin files looking for text strings
- * Version: 2.6.6
+ * Version: 2.6.7
  * Author: InstaWP
  * Author URI: https://instawp.com/