Changeset 425427

Timestamp:

08/18/2011 03:44:53 PM (14 years ago)

Author:

mdbitz

Message:

Restriction of preview servlet to edtior enabled users and removal of html entities and escaping of strings in styling code to remove XSS vulnerability

Location:

wordpress-amazon-associate/trunk

Files:

• WPAA/ShortCodeHandler.php (modified) (1 diff)
• readme.txt (modified) (1 diff)
• servlet/preview.php (modified) (3 diffs)
• wordpress_amazon_associate.php (modified) (1 diff)

wordpress-amazon-associate/trunk/WPAA/ShortCodeHandler.php

@@ -202 +202 @@
         $output = "";
         if( ! empty($options['container']) ) {
+            // strip inclusion of html entities
+            $options['container'] = strip_tags( $options['container'] );
             $output = "<" . $options['container'];
             if( ! empty($options['container_class']) ) {
-                $output .= ' class="' . $options['container_class'] . '"';
+                $output .= ' class="' . htmlentities(strip_tags($options['container_class']), ENT_COMPAT) . '"';
             }
             if( ! empty($options['container_style']) ) {
-                $output .= ' style="' . $options['container_style'] . '"';
+                $output .= ' style="' . htmlentities(strip_tags($options['container_style']), ENT_COMPAT) . '"';
             }
             return $output . ">" . $output_str . "</" . $options['container'] . ">";

wordpress-amazon-associate/trunk/readme.txt

@@ -188 +188 @@
 The full project changelogs can be found at [http://labs.mdbitz.com/wordpress/wordpress-amazon-associate-plugin/changelog](http://labs.mdbitz.com/wordpress/wordpress-amazon-associate-plugin/changelog/?utm_source=wordpress&utm_medium=plugin-readme&utm_campaign=plugin)
 
-= 1.7.4 - 08/10/2011 =
+= 1.7.4 - 08/18/2011 =
 * Removal of activate / deactivate hooks as per newly communicated [plugin guidelines](http://labs.mdbitz.com/2011/08/the-hidden-plugin-guidelines-all-wordpress-plugin-developers-should-know/)
+* Restrition of Preview Servlet to logged in users with edit capability
+* Tag and Entity Stripping of container, container_class and container_style attributes within preview serlvet to remove vulnerability to xss attacks
 
 = 1.7.3 - 08/05/2011 =

wordpress-amazon-associate/trunk/servlet/preview.php

@@ -22 +22 @@
 // load WordPress
 require_once( '../../../../wp-load.php');
+// User can Edit Content
+if (current_user_can('edit_posts') ) {
 ?>
 <html>
@@ -28 +30 @@
         <?php
         $width = '600';
-        if (!empty($_GET['width'])) {
+        if (!empty($_GET['width']) && is_numeric( $_GET['width']) ) {
             $width = $_GET['width'];
         }
         $height = '600';
-        if (!empty($_GET['height'])) {
+        if (!empty($_GET['height']) && is_numeric( $_GET['height'])) {
             $height = $_GET['height'];
         }
@@ -83 +85 @@
     </body>
 </html>
+<?php }

wordpress-amazon-associate/trunk/wordpress_amazon_associate.php

@@ -45 +45 @@
 global $wpaa_update_date;
 $wpaa_version = "1.7.4";
-$wpaa_update_date = "08-10-2011";
+$wpaa_update_date = "08-18-2011";
 
 // load Admin Class