Changeset 3343759

Timestamp:

08/12/2025 06:50:32 PM (6 months ago)

Author:

solwininfotech

Message:

Timeline designer version 1.4.1 security update.

Location:

timeline-designer/trunk

Files:

• README.txt (modified) (2 diffs)
• admin/assets/admin-shortcode-list.php (modified) (4 diffs)
• admin/class-wp-timeline-lite-admin.php (modified) (2 diffs)
• admin/wtl-functions.php (modified) (2 diffs)
• timeline-designer.php (modified) (1 diff)

timeline-designer/trunk/README.txt

@@ -4 +4 @@
 Tags: Timeline Layout, Template, Posts, 
 Requires at least: 5.0
-Tested up to: 6.6.1
-Stable tag: 1.4
+Requires PHP: 7.4
+Tested up to: 6.7.3
+Stable tag: 1.4.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -79 +80 @@
 
 
-== Changelog ==
+\1
+
+= 1.4.1 =
+* Security: Fix SQL injection in admin shortcode list search (`s` param) using $wpdb->prepare and esc_like.
+* Security: Sanitize `orderby` and use prepared statements for pagination queries.
+* Maintenance: Update \"Tested up to\" to 6.7.3 and add \"Requires PHP: 7.4\".
+
 
 = 1.4 =

timeline-designer/trunk/admin/assets/admin-shortcode-list.php

@@ -38 +38 @@
 $where    = '';
 $search_p = '';
-if ( isset( $_REQUEST['s'] ) && '' != $_REQUEST['s'] ) {
-    $search_p = sanitize_text_field( wp_unslash( $_REQUEST['s'] ) );
-    $where    = "WHERE shortcode_name LIKE '%$search_p%'";
-}
+if ( isset( $_REQUEST['s'] ) && '' !== $_REQUEST['s'] ) {
+    $search_p = sanitize_text_field( wp_unslash( $_REQUEST['s'] ) );
+    // Build a safe LIKE with esc_like and a placeholder.
+    $where    = $wpdb->prepare( ' WHERE shortcode_name LIKE %s', '%' . $wpdb->esc_like( $search_p ) . '%' );
+}
+
 
 if ( isset( $_POST['btnSearchShortcode'] ) || ( isset( $_POST['s'] ) && '' != $_POST['s'] ) ) {
@@ -59 +61 @@
 }
 $ord = 0;
-if ( isset( $_REQUEST['orderby'] ) && 0 == $_REQUEST['orderby'] ) {
+if ( isset( $_REQUEST['orderby'] ) && 0 === (int) $_REQUEST['orderby'] ) {
     $order_by    = 'desc';
     $ord         = 1;
     $order_field = 'shortcode_name';
-} elseif ( isset( $_REQUEST['orderby'] ) && 1 == $_REQUEST['orderby'] ) {
+} elseif ( isset( $_REQUEST['orderby'] ) && 1 === (int) $_REQUEST['orderby'] ) {
     $order_by    = 'asc';
     $ord         = 0;
@@ -73 +75 @@
 
 
-$total        = $wpdb->get_var( 'SELECT COUNT(`wtlid`) FROM ' . $wpdb->prefix . 'wtl_shortcodes ' . $where );
+$count_sql = 'SELECT COUNT(`wtlid`) FROM ' . $wpdb->prefix . 'wtl_shortcodes';
+$total = ( '' !== $where ) ? $wpdb->get_var( $count_sql . $where ) : $wpdb->get_var( $count_sql );
 $num_of_pages = ceil( $total / $limit );
 
@@ -89 +92 @@
 
 // Get the shortcode information.
-$shortcodes = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}wtl_shortcodes $where order by $order_field $order_by limit %d , %d", $offset, $limit ) );
+$list_sql  = 'SELECT * FROM ' . $wpdb->prefix . 'wtl_shortcodes';
+$list_args = array();
+if ( '' !== $where ) {
+    $list_sql .= $where; // $where already includes a prepared LIKE clause
+}
+$list_sql .= ' ORDER BY ' . $order_field . ' ' . $order_by . ' LIMIT %d , %d';
+$list_args[] = (int) $offset;
+$list_args[] = (int) $limit;
+$shortcodes = $wpdb->get_results( $wpdb->prepare( $list_sql, $list_args ) );
 ?>
 <div class="wp-timeline-admin wrap wp-timeline-shortcode-list">

timeline-designer/trunk/admin/class-wp-timeline-lite-admin.php

@@ -69 +69 @@
      */
     public function __construct( $plugin_name, $version ) {
+        add_action( 'admin_notices', array( $this, 'render_admin_notices' ) );
         $this->plugin_name = $plugin_name;
         $this->version     = $version;
@@ -2073 +2074 @@
         return $loaders;
     }
+
+
+public function render_admin_notices() {
+    if ( isset( $_GET['message'] ) && 'shortcode_add_error' === $_GET['message'] ) {
+        echo '<div class="notice notice-error"><p>' . esc_html__( 'Error adding shortcode. Please check the error log for details.', 'timeline-designer' ) . '</p></div>';
+    }
 }
+}

timeline-designer/trunk/admin/wtl-functions.php

@@ -31 +31 @@
      */
     function wtl_insert_layout( $layout_name, $wtl_settings ) {
-        global $wpdb;
-        $wtl_table_name = $wpdb->prefix . 'wtl_shortcodes';
-        if ( isset( $wtl_settings ) && ! empty( $wtl_settings ) ) {
-            foreach ( $wtl_settings as $single_key => $single_val ) {
-                if ( is_array( $single_val ) ) {
-                    foreach ( $single_val as $s_key => $s_val ) {
-                        $wtl_settings[ $single_key ][ $s_key ] = sanitize_text_field( $s_val );
-                    }
-                } elseif ( 'custom_css' === $single_key ) {
-                    $wtl_settings[ $single_key ] = wp_strip_all_tags( $single_val );
-                } else {
-                    $wtl_settings[ $single_key ] = sanitize_text_field( $single_val );
+    global $wpdb;
+
+    $table_name = $wpdb->prefix . 'wtl_shortcodes';
+
+    // Ensure table exists
+    $expected = $table_name;
+    $exists   = $wpdb->get_var( $wpdb->prepare( "SHOW TABLES LIKE %s", $expected ) );
+    if ( $exists !== $expected ) {
+        $charset_collate = '';
+        if ( ! empty( $wpdb->charset ) ) {
+            $charset_collate = "DEFAULT CHARACTER SET $wpdb->charset";
+        }
+        if ( ! empty( $wpdb->collate ) ) {
+            $charset_collate .= " COLLATE $wpdb->collate";
+        }
+        $sql = "CREATE TABLE $table_name (
+            wtlid int(9) NOT NULL AUTO_INCREMENT,
+            shortcode_name tinytext NOT NULL,
+            wtlsettngs text NOT NULL,
+            UNIQUE KEY wtlid (wtlid)
+        ) $charset_collate;";
+        require_once ABSPATH . 'wp-admin/includes/upgrade.php';
+        dbDelta( $sql );
+    }
+
+    // Sanitize settings
+    if ( isset( $wtl_settings ) && ! empty( $wtl_settings ) ) {
+        foreach ( $wtl_settings as $single_key => $single_val ) {
+            if ( is_array( $single_val ) ) {
+                foreach ( $single_val as $s_key => $s_val ) {
+                    $wtl_settings[ $single_key ][ $s_key ] = sanitize_text_field( $s_val );
                 }
+            } elseif ( 'custom_css' === $single_key ) {
+                $wtl_settings[ $single_key ] = wp_strip_all_tags( $single_val );
+            } else {
+                $wtl_settings[ $single_key ] = sanitize_text_field( $single_val );
             }
         }
-        $insert = $wpdb->insert(
-            $wtl_table_name,
-            array(
-                'shortcode_name' => sanitize_text_field( $layout_name ),
-                'wtlsettngs'     => maybe_serialize( $wtl_settings ),
-            ),
-            array( '%s', '%s' )
-        );
-        if ( false === $insert ) {
-            return;
-        } else {
-            return $wpdb->insert_id;
+    }
+
+    $insert = $wpdb->insert(
+        $table_name,
+        array(
+            'shortcode_name' => sanitize_text_field( $layout_name ),
+            'wtlsettngs'     => maybe_serialize( $wtl_settings ),
+        ),
+        array( '%s', '%s' )
+    );
+
+    if ( false === $insert ) {
+        if ( defined( 'WP_DEBUG_LOG' ) && WP_DEBUG_LOG ) {
+            error_log( '[Timeline Designer] Insert failed: ' . $wpdb->last_error );
         }
-    }
+        return new WP_Error( 'wtl_insert_failed', __( 'Database insert failed while adding shortcode.', 'timeline-designer' ), array( 'db_error' => $wpdb->last_error ) );
+    }
+
+    return (int) $wpdb->insert_id;
 }
 
@@ -481 +509 @@
     return $attr;
 }
+}

timeline-designer/trunk/timeline-designer.php

@@ -16 +16 @@
  * Plugin URI:        https://www.solwininfotech.com/product/wordpress-plugins/timeline-designer/
  * Description:       Best WordPress Timeline Plugin to create a stunning timeline on your website.
- * Version:           1.4
+ * Version:           1.4.1
  * Author:            Solwin Infotech
  * Author URI:        https://www.solwininfotech.com/