Skip to content
Permalink
Browse files Browse the repository at this point in the history
V2.34 - Security Exploit was fixed.
git-svn-id: https://plugins.svn.wordpress.org/facebook-button-plugin/trunk@965089 b8457f37-d9ea-0310-8a92-e5e31aec5664
  • Loading branch information
bestwebsoft committed Aug 13, 2014
1 parent 8500a45 commit b766da8
Show file tree
Hide file tree
Showing 6 changed files with 52 additions and 39 deletions.
47 changes: 27 additions & 20 deletions bws_menu/bws_menu.php
@@ -1,7 +1,7 @@
<?php
/*
* Function for displaying BestWebSoft menu
* Version: 1.3.6
* Version: 1.3.7
*/

if ( ! function_exists( 'bws_add_menu_render' ) ) {
Expand Down Expand Up @@ -515,8 +515,8 @@ function bws_add_menu_render() {
if ( ( isset( $_REQUEST['bwsmn_form_submit'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit' ) ) ||
( isset( $_REQUEST['bwsmn_form_submit_custom_email'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit_custom_email' ) ) ) {
if ( isset( $_REQUEST['bwsmn_form_email'] ) ) {
$bwsmn_form_email = trim( $_REQUEST['bwsmn_form_email'] );
if ( $bwsmn_form_email == "" || !preg_match( "/^((?:[a-z0-9']+(?:[a-z0-9\-_\.']+)?@[a-z0-9]+(?:[a-z0-9\-\.]+)?\.[a-z]{2,5})[, ]*)+$/i", $bwsmn_form_email ) ) {
$bwsmn_form_email = esc_html( trim( $_REQUEST['bwsmn_form_email'] ) );
if ( $bwsmn_form_email == "" || ! is_email( $bwsmn_form_email ) ) {
$error = __( "Please enter a valid email address.", 'bestwebsoft' );
} else {
$email = $bwsmn_form_email;
Expand All @@ -538,19 +538,24 @@ function bws_add_menu_render() {
foreach ( $system_info['system_info'] as $key => $value ) {
$message_text .= '<tr><td>'. $key .'</td><td>'. $value .'</td></tr>';
}
$message_text .= '</table>
<h4>Active Plugins</h4>
<table>';
foreach ( $system_info['active_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
$message_text .= '</table>';
if ( ! empty( $system_info['active_plugins'] ) ) {
$message_text .= '<h4>Active Plugins</h4>
<table>';
foreach ( $system_info['active_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
}
$message_text .= '</table>';
}
$message_text .= '</table>
<h4>Inactive Plugins</h4>
<table>';
foreach ( $system_info['inactive_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
if ( ! empty( $system_info['inactive_plugins'] ) ) {
$message_text .= '<h4>Inactive Plugins</h4>
<table>';
foreach ( $system_info['inactive_plugins'] as $key => $value ) {
$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
}
$message_text .= '</table>';
}
$message_text .= '</table></body></html>';
$message_text .= '</body></html>';
$result = wp_mail( $email, 'System Info From ' . $home_url, $message_text, $headers );
if ( $result != true )
$error = __( "Sorry, email message could not be delivered.", 'bestwebsoft' );
Expand Down Expand Up @@ -898,12 +903,14 @@ function bws_add_menu_render() {
<table class="bws_system_info">
<thead><tr><th><?php _e( 'Active Plugins', 'bestwebsoft' ); ?></th><th></th></tr></thead>
<tbody>
<?php foreach ( $system_info['active_plugins'] as $key => $value ) { ?>
<tr>
<td scope="row"><?php echo $key; ?></td>
<td scope="row"><?php echo $value; ?></td>
</tr>
<?php } ?>
<?php if ( ! empty( $system_info['active_plugins'] ) ) {
foreach ( $system_info['active_plugins'] as $key => $value ) { ?>
<tr>
<td scope="row"><?php echo $key; ?></td>
<td scope="row"><?php echo $value; ?></td>
</tr>
<?php }
} ?>
</tbody>
</table>
<table class="bws_system_info">
Expand Down
34 changes: 17 additions & 17 deletions facebook-button-plugin.php
Expand Up @@ -4,7 +4,7 @@
Plugin URI: http://bestwebsoft.com/plugin/
Description: Put Facebook Button in to your post.
Author: BestWebSoft
Version: 2.33
Version: 2.34
Author URI: http://bestwebsoft.com/
License: GPLv2 or later
*/
Expand Down Expand Up @@ -123,10 +123,10 @@ function fcbkbttn_settings() {
'like' => 1,
'share' => 0,
'where' => '',
'display_option' => '',
'display_option' => 'standard',
'count_icon' => 1,
'extention' => 'png',
'fb_img_link' => plugins_url( "images/standart-facebook-ico.png", __FILE__ ),
'fb_img_link' => plugins_url( "images/standard-facebook-ico.png", __FILE__ ),
'locale' => 'en_US',
'html5' => 0
);
Expand Down Expand Up @@ -159,14 +159,14 @@ function fcbkbttn_settings() {
}
}
/* Get options from the database */
if ( 1 == $wpmu )
$fcbkbttn_options = get_site_option( 'fcbk_bttn_plgn_options' );
else
$fcbkbttn_options = get_option( 'fcbk_bttn_plgn_options' );
$fcbkbttn_options = ( 1 == $wpmu ) ? get_site_option( 'fcbk_bttn_plgn_options' ) : get_option( 'fcbk_bttn_plgn_options' );

if ( ! isset( $fcbkbttn_options['plugin_option_version'] ) || $fcbkbttn_options['plugin_option_version'] != $fcbkbttn_plugin_info["Version"] ) {
if ( stristr( $fcbkbttn_options['fb_img_link'], 'standart-facebook-ico.jpg' ) )
$fcbkbttn_options['fb_img_link'] = plugins_url( "images/standart-facebook-ico.png", __FILE__ );
if ( stristr( $fcbkbttn_options['fb_img_link'], 'standart-facebook-ico.jpg' ) || stristr( $fcbkbttn_options['fb_img_link'], 'standart-facebook-ico.png' ) )
$fcbkbttn_options['fb_img_link'] = plugins_url( "images/standard-facebook-ico.png", __FILE__ );

if ( 'standart' == $fcbkbttn_options['display_option'] )
$fcbkbttn_options['display_option'] = 'standard';

if ( stristr( $fcbkbttn_options['fb_img_link'], 'img/' ) )
$fcbkbttn_options['fb_img_link'] = plugins_url( str_replace( 'img/', 'images/', $fcbkbttn_options['fb_img_link'] ), __FILE__ );
Expand Down Expand Up @@ -204,11 +204,11 @@ function fcbkbttn_settings_page() {
if ( isset( $_REQUEST['fcbkbttn_form_submit'] ) && check_admin_referer( plugin_basename( __FILE__ ), 'fcbkbttn_nonce_name' ) ) {
/* Takes all the changed settings on the plugin's admin page and saves them in array 'fcbk_bttn_plgn_options'. */
if ( isset( $_REQUEST['fcbkbttn_where'] ) && isset( $_REQUEST['fcbkbttn_link'] ) && isset( $_REQUEST['fcbkbttn_display_option'] ) ) {
$fcbkbttn_options['link'] = $_REQUEST['fcbkbttn_link'];
$fcbkbttn_options['link'] = stripslashes( esc_html( $_REQUEST['fcbkbttn_link'] ) );
$fcbkbttn_options['where'] = $_REQUEST['fcbkbttn_where'];
$fcbkbttn_options['display_option'] = $_REQUEST['fcbkbttn_display_option'];
if ( 'standart' == $fcbkbttn_options['display_option'] ) {
$fcbkbttn_options['fb_img_link'] = plugins_url( 'images/standart-facebook-ico.png', __FILE__ );
if ( 'standard' == $fcbkbttn_options['display_option'] ) {
$fcbkbttn_options['fb_img_link'] = plugins_url( 'images/standard-facebook-ico.png', __FILE__ );
}
$fcbkbttn_options['my_page'] = isset( $_REQUEST['fcbkbttn_my_page'] ) ? 1 : 0 ;
$fcbkbttn_options['like'] = isset( $_REQUEST['fcbkbttn_like'] ) ? 1 : 0 ;
Expand Down Expand Up @@ -280,7 +280,7 @@ function fcbkbttn_settings_page() {
if ( isset( $_GET['action'] ) && 'go_pro' == $_GET['action'] ) {
global $wpmu;

$bws_license_key = ( isset( $_POST['bws_license_key'] ) ) ? trim( $_POST['bws_license_key'] ) : "";
$bws_license_key = ( isset( $_POST['bws_license_key'] ) ) ? stripslashes( esc_html( trim( $_POST['bws_license_key'] ) ) ) : "";
$bstwbsftwppdtplgns_options_defaults = array();
if ( 1 == $wpmu ) {
if ( !get_site_option( 'bstwbsftwppdtplgns_options' ) )
Expand All @@ -297,7 +297,7 @@ function fcbkbttn_settings_page() {
if ( strlen( $bws_license_key ) != 18 ) {
$error = __( "Wrong license key", 'facebook' );
} else {
$bws_license_plugin = trim( $_POST['bws_license_plugin'] );
$bws_license_plugin = stripslashes( esc_html( $_POST['bws_license_plugin'] ) );
if ( isset( $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] ) && $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['time'] < ( time() + (24 * 60 * 60) ) ) {
$bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] = $bstwbsftwppdtplgns_options['go_pro'][ $bws_license_plugin ]['count'] + 1;
} else {
Expand Down Expand Up @@ -438,7 +438,7 @@ function fcbkbttn_settings_page() {
<td>
<?php if ( scandir( $upload_dir['basedir'] ) && is_writable( $upload_dir['basedir'] ) ) { ?>
<select name="fcbkbttn_display_option" onchange="if ( this . value == 'custom' ) { getElementById ( 'fcbkbttn_display_option_custom' ) . style.display = 'table-row'; } else { getElementById ( 'fcbkbttn_display_option_custom' ) . style.display = 'none'; }">
<option <?php if ( 'standart' == $fcbkbttn_options['display_option'] ) echo 'selected="selected"'; ?> value="standart"><?php _e( "Standard Facebook image", 'facebook' ); ?></option>
<option <?php if ( 'standard' == $fcbkbttn_options['display_option'] ) echo 'selected="selected"'; ?> value="standard"><?php _e( "Standard Facebook image", 'facebook' ); ?></option>
<option <?php if ( 'custom' == $fcbkbttn_options['display_option'] ) echo 'selected="selected"'; ?> value="custom"><?php _e( "Custom Facebook image", 'facebook' ); ?></option>
</select>
<?php } else {
Expand Down Expand Up @@ -620,8 +620,8 @@ function fcbkbttn_settings_page() {
if ( ! function_exists( 'fcbkbttn_update_option' ) ) {
function fcbkbttn_update_option() {
global $fcbkbttn_options;
if ( 'standart' == $fcbkbttn_options['display_option'] ) {
$fb_img_link = plugins_url( 'images/standart-facebook-ico.png', __FILE__ );
if ( 'standard' == $fcbkbttn_options['display_option'] ) {
$fb_img_link = plugins_url( 'images/standard-facebook-ico.png', __FILE__ );
} else if ( 'custom' == $fcbkbttn_options['display_option'] ) {
$upload_dir = wp_upload_dir();
$fb_img_link = $upload_dir['baseurl'] . '/facebook-image/facebook-ico' . $fcbkbttn_options['count_icon'] . '.' . $fcbkbttn_options['extention'];
Expand Down
Binary file removed images/facebook-ico3.jpg
Binary file not shown.
File renamed without changes
Binary file removed images/standart-facebook-ico.png
Binary file not shown.
10 changes: 8 additions & 2 deletions readme.txt
Expand Up @@ -3,8 +3,8 @@ Contributors: bestwebsoft
Donate link: https://www.2checkout.com/checkout/purchase?sid=1430388&quantity=1&product_id=94
Tags: button, buton, batton, button image, button position, Button like, Facebook, Facebook account button, facebook button, facebook button language, Facebook button icon, Facebook button like, Facebook button share, Facebook ID, Facebook page, facebook like, facebook like button, facebook share, facebook share button, follow, Follow button, icon, Like, like button, My Page button, Share, share button, social, social button, social account
Requires at least: 3.0
Tested up to: 4.0-beta2
Stable tag: 2.33
Tested up to: 4.0-beta3
Stable tag: 2.34
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Expand Down Expand Up @@ -107,6 +107,9 @@ Please make sure that the problem hasn't been discussed yet on our forum (<a hre

== Changelog ==

= V2.34 - 13.08.2014 =
* Budfix : Security Exploit was fixed.

= V2.33 - 06.08.2014 =
* Update : We updated all functionality for wordpress 4.0-beta2.
* Bugfix : Problem with custom images after updating plugin was fixed.
Expand Down Expand Up @@ -245,6 +248,9 @@ Please make sure that the problem hasn't been discussed yet on our forum (<a hre

== Upgrade Notice ==

= V2.34 =
Security Exploit was fixed.

= V2.33 =
We updated all functionality for wordpress 4.0-beta2. Problem with custom images after updating plugin was fixed.

Expand Down

0 comments on commit b766da8

Please sign in to comment.