Changeset 3275878

Timestamp:

04/17/2025 01:41:36 PM (10 months ago)

Author:

momen2009

Message:

脆弱性の指摘を受けたの修正をした。（クロスサイトスクリプティングの脆弱性）

Location:

theme-changer

Files:

• tags/1.4 (added)
• tags/1.4/readme.txt (added)
• tags/1.4/theme-changer.php (added)
• trunk/readme.txt (modified) (2 diffs)
• trunk/theme-changer.php (modified) (10 diffs)

theme-changer/trunk/readme.txt

@@ -3 +3 @@
 Tags: theme,change,get,parameter,demo
 Requires at least: 3.0
-Tested up to: 4.8
-Stable tag: 1.3
+Tested up to: 6.8
+Stable tag: 1.4
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -39 +39 @@
 = 1.3 =
 * Fixed a problem where the theme returns to the original when transitioning to the lower page. Once the password matched, the modified theme was applied even to the lower page.
+
+= 1.4 =
+* Cross-site scripting vulnerability response.

theme-changer/trunk/theme-changer.php

@@ -4 +4 @@
 Plugin URI: http://www.elegants.biz/theme-changer.php
 Description: Easy theme change in the get parameter. this to be a per-session only change, and one that everyone (all visitors) can use. I just enter the following URL. It's easy. e.g. http://wordpress_install_domain/?theme_changer=theme_folder_name
-Version: 1.3
+Version: 1.4
 Author: momen2009
-Author URI: http://www.elegants.biz/
 License: GPLv2 or later
 */
 
-/*  Copyright 2017 木綿の優雅な一日 (email : [email protected])
+/*  Copyright 2025 momen2009 (email : [email protected])
 
 This program is free software; you can redistribute it and/or modify
@@ -43 +42 @@
     global $theme_changer_theme;
     $theme_changer_password = get_option("theme_changer_password");
+
+    $theme_changer = "";
     if($theme_changer_password != false){
         $now_theme = wp_get_theme();
@@ -50 +51 @@
             if($_SESSION["theme_changer_password"] != $theme_changer_password) return;
         }else{
-            if($theme_changer_password != $wpdb->escape($_GET["theme_changer_password"])){
+            if(!isset($_GET["theme_changer_password"])) return;
+            if($theme_changer_password != sanitize_text_field(wp_unslash($_GET["theme_changer_password"]))){
                 return;
             }else{
@@ -58 +60 @@
     }
 
-    $theme_changer = $wpdb->escape($_GET["theme_changer"]);
+    if(isset($_GET["theme_changer"])){
+        $theme_changer = sanitize_text_field(wp_unslash($wpdb->escape($_GET["theme_changer"])));
+    }
     if(isset($theme_changer) && $theme_changer != ""){
-        $theme_changer = $wpdb->escape($_GET["theme_changer"]);
+
     }elseif(isset($_SESSION["theme_changer"])){
-        $theme_changer = $_SESSION["theme_changer"];
+        $theme_changer = sanitize_text_field($_SESSION["theme_changer"]);
     }
     if($value = exist_search_theme($theme_changer)){
@@ -71 +75 @@
 
 function exist_search_theme($stylesheet){
-    foreach(get_themes() as $value){
+    foreach(wp_get_themes() as $value){
         if($value->get_stylesheet() == $stylesheet) return $value;
     }
@@ -108 +112 @@
 function theme_changer_footer() {
     global $theme_changer_theme;
-    $output .= "<style>\r\n#theme_changer{z-index:1000 !important;position:fixed;padding:10px;bottom:10px;left:10px;opacity:0.2;}#theme_changer label {color: #333 !important;display: block !important;font-weight: 800 !important;margin-bottom: 0.5em !important;font-family: 'Hiragino Kaku Gothic Pro', Meiryo, sans-serif !important;font-size: 16px !important;}#theme_changer select {font-weight:normal !important;font-size: 16px !important;color: #333 !important;border: 1px solid #bbb !important;-webkit-border-radius: 3px !important;border-radius: 3px !important;height: 3em !important;max-width: 100% !important;}#theme_changer p {font-size: 9px;}</style><script>jQuery(document).ready(function(){jQuery('#theme_changer select').change(function() {if (jQuery(this).val() != '') {";
+
+    $output = "<style>\r\n#theme_changer{z-index:1000 !important;position:fixed;padding:10px;bottom:10px;left:10px;opacity:0.2;}#theme_changer label {color: #333 !important;display: block !important;font-weight: 800 !important;margin-bottom: 0.5em !important;font-family: 'Hiragino Kaku Gothic Pro', Meiryo, sans-serif !important;font-size: 16px !important;}#theme_changer select {font-weight:normal !important;font-size: 16px !important;color: #333 !important;border: 1px solid #bbb !important;-webkit-border-radius: 3px !important;border-radius: 3px !important;height: 3em !important;max-width: 100% !important;}#theme_changer p {font-size: 9px;}</style><script>jQuery(document).ready(function(){jQuery('#theme_changer select').change(function() {if (jQuery(this).val() != '') {";
     $output .= "var kvp2; kvp2 = insertParameter(document.location.search.substr(1).split('&'),'theme_changer',jQuery(this).val());";
-    $theme_changer_password = get_option("theme_changer_password");
+    $theme_changer_password = sanitize_text_field(wp_unslash(get_option("theme_changer_password")));
     if($theme_changer_password != false){
         $output .= "kvp2 = insertParameter(kvp2.split('&'),'theme_changer_password','" . $theme_changer_password . "');";
@@ -121 +126 @@
     foreach(wp_get_themes() as $value){
         $output .= "<option value=\"";
-        $output .= $value -> get_stylesheet();
+        $output .= sanitize_text_field(wp_unslash($value -> get_stylesheet()));
         $output .= "\"";
         if($value -> get_stylesheet() == $theme_changer_theme){
@@ -127 +132 @@
         } 
         $output .= ">";
-        $output .= $value -> Name;
+        $output .= sanitize_text_field(wp_unslash($value -> Name));
         $output .= "</option>";
     }
     $output .= "<select><p>This will only be displayed if you are logged in.</p></div>');</script>";
-    echo $output;
+    _e($output);
 }
 
@@ -142 +147 @@
 function theme_changer_options() {
     if ( !current_user_can( 'manage_options' ) )  {
-        wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
+        wp_die( esc_html(__( 'You do not have sufficient permissions to access this page.' )) );
     }
 
     if (isset($_POST['theme_changer_password'])) {
-        update_option('theme_changer_password', wp_unslash($_POST['theme_changer_password']));
+        update_option('theme_changer_password', sanitize_text_field(wp_unslash($_POST['theme_changer_password'])));
     }
 ?>
@@ -168 +173 @@
 <?php
 }
+
+function theme_changer_files() {
+    wp_enqueue_script('jquery');
+}
+add_action( 'wp_enqueue_scripts', 'theme_changer_files' );
 ?>