Changeset 3281379

Timestamp:

04/25/2025 02:11:54 AM (10 months ago)

Author:

marcusbs

Message:

Resolved SQL injection vulnerability

Location:

wp-mailing-group

Files:

• tags/3.0.5 (added)
• tags/3.0.5/crons (added)
• tags/3.0.5/crons/wpmg_cron_attachments.php (added)
• tags/3.0.5/crons/wpmg_cron_bounced_email.php (added)
• tags/3.0.5/crons/wpmg_cron_parse_email.php (added)
• tags/3.0.5/crons/wpmg_cron_send_email.php (added)
• tags/3.0.5/css (added)
• tags/3.0.5/css/demo_table.css (added)
• tags/3.0.5/css/wpmg-bootstrap-wrapper.css (added)
• tags/3.0.5/images (added)
• tags/3.0.5/images/add.png (added)
• tags/3.0.5/images/back_disabled.png (added)
• tags/3.0.5/images/back_enabled.png (added)
• tags/3.0.5/images/back_enabled_hover.png (added)
• tags/3.0.5/images/bin.png (added)
• tags/3.0.5/images/del-inform.png (added)
• tags/3.0.5/images/delete.png (added)
• tags/3.0.5/images/edit.png (added)
• tags/3.0.5/images/forward_disabled.png (added)
• tags/3.0.5/images/forward_enabled.png (added)
• tags/3.0.5/images/forward_enabled_hover.png (added)
• tags/3.0.5/images/import.png (added)
• tags/3.0.5/images/list.png (added)
• tags/3.0.5/images/mail-incoming.png (added)
• tags/3.0.5/images/mail_outgoing.png (added)
• tags/3.0.5/images/mg_close.png (added)
• tags/3.0.5/images/mg_loading.gif (added)
• tags/3.0.5/images/remove.png (added)
• tags/3.0.5/images/sort_asc.png (added)
• tags/3.0.5/images/sort_asc_disabled.png (added)
• tags/3.0.5/images/sort_both.png (added)
• tags/3.0.5/images/sort_desc.png (added)
• tags/3.0.5/images/sort_desc_disabled.png (added)
• tags/3.0.5/images/tick.png (added)
• tags/3.0.5/images/user_add.png (added)
• tags/3.0.5/images/view_archive.png (added)
• tags/3.0.5/images/view_archive_blur-old.png (added)
• tags/3.0.5/images/view_archive_blur.png (added)
• tags/3.0.5/images/view_users.png (added)
• tags/3.0.5/images/wpmg_import_wordpress_users.png (added)
• tags/3.0.5/images/wpmg_mailing_group_icons.png (added)
• tags/3.0.5/images/zoom-in.png (added)
• tags/3.0.5/js (added)
• tags/3.0.5/js/ColVis.js (added)
• tags/3.0.5/js/custom.js (added)
• tags/3.0.5/js/custommenu.js (added)
• tags/3.0.5/js/jquery.dataTables.js (added)
• tags/3.0.5/languages (added)
• tags/3.0.5/languages/mailing-group-module-de_DE.mo (added)
• tags/3.0.5/languages/mailing-group-module-de_DE.po (added)
• tags/3.0.5/languages/mailing-group-module-en_US.mo (added)
• tags/3.0.5/languages/mailing-group-module-en_US.po (added)
• tags/3.0.5/languages/mailing-group-module-es_ES.mo (added)
• tags/3.0.5/languages/mailing-group-module-es_ES.po (added)
• tags/3.0.5/lib (added)
• tags/3.0.5/lib/captcha.php (added)
• tags/3.0.5/lib/class.phpmailer.php (added)
• tags/3.0.5/lib/class.smtp.php (added)
• tags/3.0.5/lib/mailinggroupclass.php (added)
• tags/3.0.5/lib/receivemail.class.php (added)
• tags/3.0.5/lib/vcard.php (added)
• tags/3.0.5/mailing-group-module.php (added)
• tags/3.0.5/readme.txt (added)
• tags/3.0.5/screenshot-1.png (added)
• tags/3.0.5/screenshot-2.png (added)
• tags/3.0.5/screenshot-3.png (added)
• tags/3.0.5/screenshot-4.png (added)
• tags/3.0.5/screenshot-5.png (added)
• tags/3.0.5/screenshot-6.png (added)
• tags/3.0.5/template (added)
• tags/3.0.5/template/mg_adminmessageadd.php (added)
• tags/3.0.5/template/mg_adminmessagelist.php (added)
• tags/3.0.5/template/mg_contact.php (added)
• tags/3.0.5/template/mg_formstyle.php (added)
• tags/3.0.5/template/mg_help.php (added)
• tags/3.0.5/template/mg_imapemailconnection.php (added)
• tags/3.0.5/template/mg_importuser.php (added)
• tags/3.0.5/template/mg_intro_text.php (added)
• tags/3.0.5/template/mg_mailinggroupadd.php (added)
• tags/3.0.5/template/mg_mailinggrouplist.php (added)
• tags/3.0.5/template/mg_mailingrequest.php (added)
• tags/3.0.5/template/mg_mailingrequestadd.php (added)
• tags/3.0.5/template/mg_memberadd.php (added)
• tags/3.0.5/template/mg_membergroups.php (added)
• tags/3.0.5/template/mg_memberlist.php (added)
• tags/3.0.5/template/mg_messageadd.php (added)
• tags/3.0.5/template/mg_messagelist.php (added)
• tags/3.0.5/template/mg_sendmessage.php (added)
• tags/3.0.5/template/mg_settingstab.php (added)
• tags/3.0.5/template/mg_testmail.php (added)
• tags/3.0.5/template/mg_user_form.php (added)
• tags/3.0.5/template/mg_viewmessage.php (added)
• tags/3.0.5/template/mg_viewmessageajax.php (added)
• tags/3.0.5/template/temp (added)
• tags/3.0.5/template/temp/sample.vcf (added)
• trunk/mailing-group-module.php (modified) (4 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/template/mg_mailinggrouplist.php (modified) (2 diffs)

wp-mailing-group/trunk/mailing-group-module.php

@@ -1 +1 @@
 <?php /**
 * @package Mailing_group_module
-* @version 3.0.4
+* @version 3.0.5
 */
 /*
@@ -9 +9 @@
 Author: Yamna Khawaja
 Author URI: https://www.wpmailinggroup.com/
-Version: 3.0.4
+Version: 3.0.5
 License: GPL v2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -39 +39 @@
 
 $WPMG_SETTINGS = get_option("WPMG_SETTINGS");
-$MG_VERSION_NO = '3.0.4';
+$MG_VERSION_NO = '3.0.5';
 $WPMG_SETTINGS['MG_VERSION_NO']  = $MG_VERSION_NO;
 $WPMG_SETTINGS['MG_PLUGIN_TYPE'] = 'FREE';
@@ -144 +144 @@
     $MG_SUPPORT_EMAIL    = (isset($wpmgs['MG_SUPPORT_EMAIL']) && $wpmgs['MG_SUPPORT_EMAIL']!=''?esc_html($wpmgs['MG_SUPPORT_EMAIL']):'[email protected]');
     $MG_SUPPORT_PHONE    = (isset($wpmgs['MG_SUPPORT_PHONE']) && $wpmgs['MG_SUPPORT_PHONE']!=''?esc_html($wpmgs['MG_SUPPORT_PHONE']):'1800-123-1234');
-    $MG_VERSION_NO       = (isset($wpmgs['MG_VERSION_NO'])    && $wpmgs['MG_VERSION_NO']!=''?esc_html($wpmgs['MG_VERSION_NO']):'3.0.4');
+    $MG_VERSION_NO       = (isset($wpmgs['MG_VERSION_NO'])    && $wpmgs['MG_VERSION_NO']!=''?esc_html($wpmgs['MG_VERSION_NO']):'3.0.5');
     
     $wpmg_setting = array(

wp-mailing-group/trunk/readme.txt

@@ -6 +6 @@
 Tested up to: 6.8
 Tested up to PHP: 8.2
-Stable tag: 3.0.4
+Stable tag: 3.0.5
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -132 +132 @@
 == Changelog ==
 
+=3.0.5 =
+*Resolved sql injection vulnerability.
+
 =3.0.4 =
 *Tested with latest wp version.

wp-mailing-group/trunk/template/mg_mailinggrouplist.php

@@ -10 +10 @@
 
 if ($info == "del") {
-
-    $wpdb->query("delete from " . $table_name_group . " where id=" . $delid);
-
-    $wpdb->query("delete from " . $table_name_requestmanager_taxonomy . " where group_id=" . $delid);
-
-    wpmg_showmessages("updated", __("Mailing group has been deleted successfully.", 'wp-mailing-group'));
+    // Check if user is logged in
+    if (!is_user_logged_in()) {
+        wp_die(__('You must be logged in to perform this action.', 'wp-mailing-group'));
+    }
+
+    // Ensure user has proper capabilities
+    if (!current_user_can('manage_options')) {
+        wp_die(__('You do not have sufficient permissions to access this page.', 'wp-mailing-group'));
+    }
+
+    // Verify nonce
+    if (!isset($_GET['_wpnonce']) || !wp_verify_nonce($_GET['_wpnonce'], 'delete_mailing_group')) {
+        wp_die(__('Security check failed', 'wp-mailing-group'));
+    }
+
+    // Ensure $delid is a positive integer
+    $delid = absint($delid);
+    if ($delid > 0) {
+        // Use prepared statements
+        $wpdb->query($wpdb->prepare("DELETE FROM $table_name_group WHERE id = %d", $delid));
+        $wpdb->query($wpdb->prepare("DELETE FROM $table_name_requestmanager_taxonomy WHERE group_id = %d", $delid));
+        wpmg_showmessages("updated", __("Mailing group has been deleted successfully.", 'wp-mailing-group'));
+    }
 }
 
@@ -184 +201 @@
                             |<a class="import_users" title="<?php esc_attr_e("Import Users", 'wp-mailing-group'); ?>" href="admin.php?page=wpmg_mailinggroup_importuser&gid=<?php echo esc_attr($id); ?>"></a>
 
-                            |<a class="quick_edit edit_record" title="<?php esc_attr_e("Edit", 'wp-mailing-group'); ?>" name="<?php echo esc_attr($id); ?>" href="#"></a>|<a class="delete_record" title="<?php esc_attr_e("Delete", 'wp-mailing-group'); ?>" href="admin.php?page=wpmg_mailinggroup_list&info=del&did=<?php echo esc_attr($id); ?>" onclick="return confirm('<?php echo esc_js(__("Are you sure you want to delete this group?", 'wp-mailing-group')); ?>');"></a>
+                            |<a class="quick_edit edit_record" title="<?php esc_attr_e("Edit", 'wp-mailing-group'); ?>" name="<?php echo esc_attr($id); ?>" href="#"></a>|<a class="delete_record" title="<?php esc_attr_e("Delete", 'wp-mailing-group'); ?>" href="<?php echo wp_nonce_url('admin.php?page=wpmg_mailinggroup_list&info=del&did=' . esc_attr($id), 'delete_mailing_group'); ?>" onclick="return confirm('<?php echo esc_js(__("Are you sure you want to delete this group?", 'wp-mailing-group')); ?>');"></a>
                         </td>