Skip to content
Permalink
Browse files Browse the repository at this point in the history
Validate width values to avoid unlikely security vulnerabilities.
If the database were compromised, a value like `500" onclick="alert(1)" foo="` could be inserted into the `custom_content_width` option, resulting in XSS. If the attacker had full access to the database, then they could obviously do much more damage, regardless of whether the widths are validated or not, but there are other scenarios where validating the widths could mitigate an attack, like if a vulnerability elsewhere allowed an attacker to insert an arbitrary value into an arbitrary option record, but they needed to find one that wasn't being escaped.

That's not very likely, but it's better to be safe than sorry.
  • Loading branch information
iandunn committed Feb 4, 2015
1 parent 1f0cf1a commit e05e010
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 6 deletions.
8 changes: 4 additions & 4 deletions custom-content-width.php
Expand Up @@ -4,7 +4,7 @@
* Plugin URI: http://wordpress.org/plugins/custom-content-width/
* Description: Adds a 'Custom Content Width' setting to the Settings > Media screen, to let users override their theme's content width.
* Author: George Stephanis
* Version: 1.0
* Version: 1.0.1
* Author URI: http://stephanis.info/
*/

Expand All @@ -24,7 +24,7 @@ function override_content_width() {
$this->original_content_width = $content_width;

if( $custom_content_width = get_option( 'custom_content_width' ) )
$content_width = $custom_content_width;
$content_width = absint( $custom_content_width );
}

function register_settings() {
Expand All @@ -36,13 +36,13 @@ function register_settings() {
function custom_content_width_cb() {
$value = get_option( 'custom_content_width' );
?>
<input type="number" class="small-text" min="0" id="custom_content_width" name="custom_content_width" value="<?php echo $value ? $value : ''; ?>" />
<input type="number" class="small-text" min="0" id="custom_content_width" name="custom_content_width" value="<?php echo $value ? absint( $value ) : ''; ?>" />
<label for="custom_content_width">px</label>
<?php if( ! empty( $this->original_content_width ) ): ?>
<?php if( $value ): ?>
<small><a href="javascript:;" onclick="jQuery('#custom_content_width').val('');"><?php _e('clear custom value', 'custom_content_width'); ?></a></small>
<?php endif; ?>
<br /><em><?php printf( __('Your theme&rsquo;s default content width is %s pixels.', 'custom_content_width'), $this->original_content_width ); ?></em>
<br /><em><?php printf( __('Your theme&rsquo;s default content width is %s pixels.', 'custom_content_width'), absint( $this->original_content_width ) ); ?></em>
<?php endif;
}
}
Expand Down
7 changes: 5 additions & 2 deletions readme.txt
Expand Up @@ -3,8 +3,8 @@ Contributors: georgestephanis
Donate link: https://www.charitywater.org/donate
Tags: Theme, Content Width
Requires at least: 2.7
Tested up to: 3.6
Stable tag: 1.0
Tested up to: 4.1
Stable tag: 1.0.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Expand All @@ -22,5 +22,8 @@ Occasionally, themes forget to set the `$content_width` variable in functions.ph

== Changelog ==

= 1.0.1 =
* Validate width values to avoid unlikely security vulnerabilities.

= 1.0 =
* Initial release.

0 comments on commit e05e010

Please sign in to comment.