Changeset 3378505
- Timestamp:
- 10/15/2025 12:41:50 AM (4 months ago)
- Location:
- mxchat-basic
- Files:
-
- 103 added
- 6 edited
-
tags/2.4.7 (added)
-
tags/2.4.7/admin (added)
-
tags/2.4.7/admin/class-ajax-handler.php (added)
-
tags/2.4.7/admin/class-knowledge-manager.php (added)
-
tags/2.4.7/admin/class-pinecone-manager.php (added)
-
tags/2.4.7/css (added)
-
tags/2.4.7/css/admin-add-ons.css (added)
-
tags/2.4.7/css/admin-style.css (added)
-
tags/2.4.7/css/chat-style.css (added)
-
tags/2.4.7/css/chat-transcripts.css (added)
-
tags/2.4.7/css/content-selector.css (added)
-
tags/2.4.7/css/intent-style.css (added)
-
tags/2.4.7/css/knowledge-style.css (added)
-
tags/2.4.7/css/test-panel.css (added)
-
tags/2.4.7/images (added)
-
tags/2.4.7/images/Icon-01.svg (added)
-
tags/2.4.7/images/Icon-02.svg (added)
-
tags/2.4.7/images/Icon-03.svg (added)
-
tags/2.4.7/images/Icon-04.svg (added)
-
tags/2.4.7/images/pro-only-dark.png (added)
-
tags/2.4.7/includes (added)
-
tags/2.4.7/includes/class-mxchat-addons.php (added)
-
tags/2.4.7/includes/class-mxchat-admin.php (added)
-
tags/2.4.7/includes/class-mxchat-integrator.php (added)
-
tags/2.4.7/includes/class-mxchat-meta-box.php (added)
-
tags/2.4.7/includes/class-mxchat-public.php (added)
-
tags/2.4.7/includes/class-mxchat-user.php (added)
-
tags/2.4.7/includes/class-mxchat-utils.php (added)
-
tags/2.4.7/includes/class-mxchat-woocommerce.php (added)
-
tags/2.4.7/includes/class-mxchat-word-handler.php (added)
-
tags/2.4.7/includes/pdf-parser (added)
-
tags/2.4.7/includes/pdf-parser/alt_autoload.php (added)
-
tags/2.4.7/includes/pdf-parser/src (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Config.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Document.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementArray.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementBoolean.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementDate.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementHexa.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementMissing.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementName.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementNull.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementNumeric.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementString.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementStruct.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Element/ElementXRef.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/AbstractEncoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/EncodingLocator.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/ISOLatin1Encoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/ISOLatin9Encoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/MacRomanEncoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/PDFDocEncoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/PostScriptGlyphs.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/StandardEncoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Encoding/WinAnsiEncoding.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Exception (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Exception/EmptyPdfException.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Exception/EncodingNotFoundException.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Exception/MissingPdfHeaderException.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Exception/NotImplementedException.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font/FontCIDFontType0.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font/FontCIDFontType2.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font/FontTrueType.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font/FontType0.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font/FontType1.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Font/FontType3.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Header.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/PDFObject.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Page.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Pages.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/Parser.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/RawData (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/RawData/FilterHelper.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/RawData/RawDataParser.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/XObject (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/XObject/Form.php (added)
-
tags/2.4.7/includes/pdf-parser/src/Smalot/PdfParser/XObject/Image.php (added)
-
tags/2.4.7/js (added)
-
tags/2.4.7/js/activation-script.js (added)
-
tags/2.4.7/js/admin-status.js (added)
-
tags/2.4.7/js/chat-script.js (added)
-
tags/2.4.7/js/content-selector.js (added)
-
tags/2.4.7/js/embedding-check.js (added)
-
tags/2.4.7/js/floating-script.js (added)
-
tags/2.4.7/js/knowledge-processing.js (added)
-
tags/2.4.7/js/meta-box.js (added)
-
tags/2.4.7/js/mxchat-admin.js (added)
-
tags/2.4.7/js/mxchat-test-streaming.js (added)
-
tags/2.4.7/js/mxchat_transcripts.js (added)
-
tags/2.4.7/js/my-color-picker.js (added)
-
tags/2.4.7/js/test-panel.js (added)
-
tags/2.4.7/languages (added)
-
tags/2.4.7/languages/mxchat.pot (added)
-
tags/2.4.7/mxchat-basic.php (added)
-
tags/2.4.7/readme.txt (added)
-
trunk/css/chat-style.css (modified) (1 diff)
-
trunk/includes/class-mxchat-addons.php (modified) (1 diff)
-
trunk/includes/class-mxchat-admin.php (modified) (1 diff)
-
trunk/includes/class-mxchat-integrator.php (modified) (6 diffs)
-
trunk/mxchat-basic.php (modified) (2 diffs)
-
trunk/readme.txt (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
mxchat-basic/trunk/css/chat-style.css
r3370326 r3378505 971 971 } 972 972 973 .chatbot-top-bar#exit-chat-button button.exit-chat:hover { 974 background: none; 975 } 973 976 .visible { 974 977 display: flex; -
mxchat-basic/trunk/includes/class-mxchat-addons.php
r3372373 r3378505 191 191 */ 192 192 public function enqueue_styles() { 193 $plugin_version = '2.4. 6';193 $plugin_version = '2.4.7'; 194 194 195 195 wp_enqueue_style( -
mxchat-basic/trunk/includes/class-mxchat-admin.php
r3372373 r3378505 6531 6531 public function mxchat_enqueue_admin_assets() { 6532 6532 // Get plugin version (define this in your main plugin file) 6533 $version = defined('MXCHAT_VERSION') ? MXCHAT_VERSION : '2.4. 6';6533 $version = defined('MXCHAT_VERSION') ? MXCHAT_VERSION : '2.4.7'; 6534 6534 6535 6535 // Use file modification time for development (remove in production) -
mxchat-basic/trunk/includes/class-mxchat-integrator.php
r3372373 r3378505 1867 1867 1868 1868 if (false === $results) { 1869 // Fetch new results from the Brave Search API1870 $response = wp_ remote_get(1869 // SECURITY FIX: Changed to wp_safe_remote_get 1870 $response = wp_safe_remote_get( 1871 1871 $api_url, 1872 1872 array( … … 2009 2009 ]; 2010 2010 2011 $response = wp_remote_get($api_url, $args); 2011 // SECURITY FIX: Changed to wp_safe_remote_get 2012 $response = wp_safe_remote_get($api_url, $args); 2012 2013 2013 2014 if (is_wp_error($response)) { … … 2409 2410 2410 2411 /** 2411 * Enhanced fetch_and_split_pdf_pages with detailed debugging2412 * Enhanced fetch_and_split_pdf_pages with SSRF protection 2412 2413 */ 2413 2414 private function fetch_and_split_pdf_pages($pdf_source, $max_pages) { … … 2466 2467 if (filter_var($pdf_source, FILTER_VALIDATE_URL)) { 2467 2468 //error_log("Downloading PDF from URL..."); 2469 2470 // SECURITY FIX: Validate URL before processing 2471 if (!$this->mxchat_is_safe_pdf_url($pdf_source)) { 2472 //error_log("❌ SECURITY: Blocked unsafe PDF URL"); 2473 return false; 2474 } 2475 2468 2476 $temp_file = wp_tempnam($pdf_source); 2469 $response = wp_remote_get($pdf_source, [ 2477 2478 // SECURITY FIX: Changed from wp_remote_get to wp_safe_remote_get 2479 $response = wp_safe_remote_get($pdf_source, [ 2470 2480 'timeout' => 60, 2471 2481 'headers' => ['User-Agent' => 'MxChat PDF Processor'] … … 2550 2560 } 2551 2561 } 2562 2563 2564 /** 2565 * Validate PDF URL for security 2566 * Prevents SSRF attacks by blocking dangerous URLs 2567 */ 2568 2569 private function mxchat_is_safe_pdf_url($url) { 2570 // Use WordPress core function for comprehensive validation 2571 // This blocks localhost, private IPs, and reserved IP ranges 2572 $validated_url = wp_http_validate_url($url); 2573 2574 if ($validated_url === false) { 2575 return false; 2576 } 2577 2578 // Additional check: only allow HTTP/HTTPS schemes 2579 $parsed = parse_url($url); 2580 if (!isset($parsed['scheme']) || !in_array($parsed['scheme'], ['http', 'https'], true)) { 2581 return false; 2582 } 2583 2584 return true; 2585 } 2586 2552 2587 2553 2588 private function mxchat_clean_text($text) { … … 6339 6374 public function mxchat_enqueue_scripts_styles() { 6340 6375 // Define version numbers for the styles and scripts 6341 $chat_style_version = '2.4. 6';6342 $chat_script_version = '2.4. 6';6376 $chat_style_version = '2.4.7'; 6377 $chat_script_version = '2.4.7'; 6343 6378 // Enqueue the script 6344 6379 wp_enqueue_script( -
mxchat-basic/trunk/mxchat-basic.php
r3372373 r3378505 4 4 * Plugin URI: https://mxchat.ai/ 5 5 * Description: AI chatbot for WordPress with OpenAI, Claude, xAI, DeepSeek, live agent, PDF uploads, WooCommerce, and training on website data. 6 * Version: 2.4. 66 * Version: 2.4.7 7 7 * Author: MxChat 8 8 * Author URI: https://mxchat.ai … … 18 18 19 19 // Define plugin version constant for asset versioning 20 define('MXCHAT_VERSION', '2.4. 6');20 define('MXCHAT_VERSION', '2.4.7'); 21 21 22 22 function mxchat_load_textdomain() { -
mxchat-basic/trunk/readme.txt
r3372373 r3378505 6 6 Tested up to: 6.8 7 7 Requires PHP: 7.2 8 Stable tag: 2.4. 68 Stable tag: 2.4.7 9 9 License: GPLv2 or later 10 10 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 182 182 == Changelog == 183 183 184 = 2.4. 6 - October,3, 2025 =185 - Update: Added plugin URI information.184 = 2.4.7 - October 13, 2025 = 185 - Security: Fixed Server-Side Request Forgery (SSRF) vulnerability in PDF processing (CVE-2025-10705) 186 186 187 187 = 2.4.5 - September 30, 2025 = … … 556 556 == Upgrade Notice == 557 557 558 = 2.4. 6=559 - Update: Added plugin URI information.558 = 2.4.7 = 559 - Security: Fixed Server-Side Request Forgery (SSRF) vulnerability in PDF processing (CVE-2025-10705) 560 560 561 561 == License & Warranty ==
Note: See TracChangeset
for help on using the changeset viewer.