Changeset 385611

Timestamp:

05/16/2011 10:32:36 PM (15 years ago)

Author:

dardna

Message:

Fixed a security vulnerability (lack of _nonce on settings page).

Location:

wp-htaccess-control/trunk

Files:

• readme.txt (modified) (2 diffs)
• wp-htaccess-control-ui.php (modified) (2 diffs)
• wp-htaccess-control.php (modified) (3 diffs)

wp-htaccess-control/trunk/readme.txt

@@ -7 +7 @@
 Requires at least: 2.7
 Tested up to: 3.1.2
-Stable tag: 2.4
+Stable tag: 2.5
 
 Interface to customize the permalinks (author, category, archives and pagination) and htaccess file generated by Wordpress.
@@ -73 +73 @@
 == Changelog ==
 
+= 2.5 (16/05/2011) =
+* *Fix:* fixed a security vulnerability (lack of _nonce on settings page) (thank you Julio from Boiteaweb.fr for ringing the alarm bell; thank you Otto for the kind support!).
+
 = 2.4 (04/05/2011) =
-* *Feature:* added htaccess suggestion "Protect comments.php";
+* *Feature:* added htaccess suggestion "Protect comments.php" (thank you specimen.tk);
 * Added "Latest donations";
 * Confirmed compatibility with WP 3.1.2.

wp-htaccess-control/trunk/wp-htaccess-control-ui.php

@@ -4 +4 @@
 $q=explode('&',$_SERVER['QUERY_STRING']);
 $purl='http'.((!empty($_SERVER['HTTPS'])) ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$q[0];
-global $WPhtc;
+global $WPhtc, $echo;
 $WPhtc->wphtc_page_action();
-global $echo;
 $WPhtc_data=get_option('WPhtc_data');
+//$nonce= wp_create_nonce('WPhtc_settings');
 ?>
 <div id="wphtc-page" class="wrap">
@@ -415 +415 @@
                     </tr>
                 </table>
-            </div>  
+            </div>
+            <?php wp_nonce_field('WPhtc_settings'); ?>
             <input type="hidden" name="action" value="update" />
             <div class="wphtc-menu">
-                <a class="button-secondary" href="<?php echo $purl?>&action=reset_rules"><?php _e('Reset all rules', 'wp-htaccess-control'); ?></a>
+                <a class="button-secondary" href="<?php echo wp_nonce_url($purl."&action=reset_rules", 'WPhtc_reset_settings'); ?>"><?php _e('Reset all rules', 'wp-htaccess-control'); ?></a>
                 <input type="submit" class="button-primary" value="<?php _e('Save all changes', 'wp-htaccess-control'); ?>" />
             </div>

wp-htaccess-control/trunk/wp-htaccess-control.php

@@ -4 +4 @@
 Plugin URI: http://dardna.com/wp-htaccess-control
 Description: Interface to customize the permalinks (author, category, archives and pagination) and htaccess file generated by Wordpress.
-Version: 2.4
+Version: 2.5
 Author: António Andrade
 Author URI: http://dardna.com
@@ -433 +433 @@
                     # if reseting everything just delete the option array
                     case 'reset_rules':
+                        # nonce
+                        if(!check_admin_referer( 'WPhtc_reset_settings')){
+                            die("You have no permission to do this.");
+                            }
                         delete_option('WPhtc_data');
                         $echo.=__('All rules reset.', 'wp-htaccess-control');
@@ -442 +446 @@
                         if(!$WPhtc_data['donation_hidden_time']){
                             $WPhtc_data['donation_hidden_time']=time();
+                            }
+                        # nonce
+                        if(!check_admin_referer( 'WPhtc_settings')){
+                            die("You have no permission to do this.");
                             }
                         # get Custom Htaccess