Changeset 545369

Timestamp:

05/17/2012 01:22:14 PM (14 years ago)

Author:

michelem

Message:

Release version 1.8.3.1

Location:

wassup/trunk

Files:

• readme.txt (modified) (3 diffs)
• wassup.php (modified) (4 diffs)

wassup/trunk/readme.txt

@@ -1 @@
-=== WassUp Real Time Analitycs ===
+=== WassUp Real Time Analytics ===
 Contributors: michelem, helened
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=michele%40befree%2eit&item_name=WassUp&no_shipping=0&no_note=1&tax=0&currency_code=EUR&lc=IT&bn=PP%2dDonationsBF&charset=UTF%2d8
@@ -5 +5 @@
 Requires at least: 2.2
 Tested up to: 3.2.1
-Stable tag: 1.8.3
+Stable tag: 1.8.3.1
 
 Analyze your visitors traffic with real-time statistics, a lot of chronological information, charts, a sidebar widget.
@@ -144 +144 @@
 
 == Changelog ==
+
+= 1.8.3.1 =
+= Urgent bugfix =
+* fixed security issue: Change the UserAgent of the browser to include html tags, and by accessing a WordPress blog with WassUp installed, the tag is executed when going to "View Details" from the administrative page and viewing the access logs.
 
 = 1.8.3 =

wassup/trunk/wassup.php

@@ -1 +1 @@
 <?php
 /*
-Plugin Name: WassUp
+Plugin Name: WassUp Real Time Analytics
 Plugin URI: http://www.wpwp.org
 Description: Analyze your visitors traffic with real-time stats, charts, and a lot of chronological information. Includes a sidebar widget of current online visitors and other statistics and an admin dashboard widget with chart. For Wordpress 2.2 or higher. Caution: don't upgrade when your site is busy!
-Version: 1.8.3
+Version: 1.8.3.1
 Author: Michele Marcucci, Helene Duncker
 Author URI: http://www.michelem.org/
@@ -24 +24 @@
 //wassup globals & constants
 global $wp_version, $current_user, $user_level, $wassup_options;
-$wassupversion="1.8.3";
+$wassupversion="1.8.3.1";
 $wassup_cookie_value="";
 $wdebug_mode=false; //turn on debugging (global)...Use cautiously! Will display errors from all plugins, not just WassUp
@@ -1556 +1556 @@
         echo __("Page","wassup").': <span class="raw">'.$rk->searchpage.'</span>';?></li><?php
         } ?>
-        <li><?php echo __("User Agent","wassup").': <span class="raw">'.attribute_escape(htmlspecialchars(html_entity_decode($rk->agent))).'</span>'; ?></li><?php
+        <li><?php echo __("User Agent","wassup").': <span class="raw">'.strip_tags(attribute_escape(htmlspecialchars(html_entity_decode($rk->agent)))).'</span>'; ?></li><?php
         if (empty($rk->spider) || $rk->browser != "") { 
             echo "\n"; ?>
@@ -1702 +1702 @@
             //hidden user agent string
             ?><div style="display: none;" class="togglenavi naviagent<?php echo $rk->id ?>"><ul class="useragent">
-                <li class="useragent"><?php _e('User Agent','wassup'); ?>: <strong><?php print $rk->agent; ?></strong></li>
+                <li class="useragent"><?php _e('User Agent','wassup'); ?>: <strong><?php print strip_tags($rk->agent); ?></strong></li>
             </ul></div>
             <?php