V1.0.1 - Security Exploit was fixed.

git-svn-id: https://plugins.svn.wordpress.org/job-board/trunk@962207 b8457f37-d9ea-0310-8a92-e5e31aec5664

bws_menu/bws_menu.php

@@ -1,7 +1,7 @@
 <?php
 /*
 * Function for displaying BestWebSoft menu
-* Version: 1.3.6
+* Version: 1.3.7
 */
 
 if ( ! function_exists( 'bws_add_menu_render' ) ) {
@@ -515,8 +515,8 @@ function bws_add_menu_render() {
 		if ( ( isset( $_REQUEST['bwsmn_form_submit'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit' ) ) ||
 			 ( isset( $_REQUEST['bwsmn_form_submit_custom_email'] ) && check_admin_referer( plugin_basename(__FILE__), 'bwsmn_nonce_submit_custom_email' ) ) ) {
 			if ( isset( $_REQUEST['bwsmn_form_email'] ) ) {
-				$bwsmn_form_email = trim( $_REQUEST['bwsmn_form_email'] );
-				if ( $bwsmn_form_email == "" || !preg_match( "/^((?:[a-z0-9']+(?:[a-z0-9\-_\.']+)?@[a-z0-9]+(?:[a-z0-9\-\.]+)?\.[a-z]{2,5})[, ]*)+$/i", $bwsmn_form_email ) ) {
+				$bwsmn_form_email = esc_html( trim( $_REQUEST['bwsmn_form_email'] ) );
+				if ( $bwsmn_form_email == "" || ! is_email( $bwsmn_form_email ) ) {
 					$error = __( "Please enter a valid email address.", 'bestwebsoft' );
 				} else {
 					$email = $bwsmn_form_email;
@@ -538,19 +538,24 @@ function bws_add_menu_render() {
 				foreach ( $system_info['system_info'] as $key => $value ) {
 					$message_text .= '<tr><td>'. $key .'</td><td>'. $value .'</td></tr>';	
 				}
-				$message_text .= '</table>
-				<h4>Active Plugins</h4>
-				<table>';
-				foreach ( $system_info['active_plugins'] as $key => $value ) {	
-					$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';	
+				$message_text .= '</table>';
+				if ( ! empty( $system_info['active_plugins'] ) ) {
+					$message_text .= '<h4>Active Plugins</h4>
+					<table>';
+					foreach ( $system_info['active_plugins'] as $key => $value ) {	
+						$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';	
+					}
+					$message_text .= '</table>';
 				}
-				$message_text .= '</table>
-				<h4>Inactive Plugins</h4>
-				<table>';
-				foreach ( $system_info['inactive_plugins'] as $key => $value ) {
-					$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
+				if ( ! empty( $system_info['inactive_plugins'] ) ) {
+					$message_text .= '<h4>Inactive Plugins</h4>
+					<table>';
+					foreach ( $system_info['inactive_plugins'] as $key => $value ) {
+						$message_text .= '<tr><td scope="row">'. $key .'</td><td scope="row">'. $value .'</td></tr>';
+					}
+					$message_text .= '</table>';
 				}
-				$message_text .= '</table></body></html>';
+				$message_text .= '</body></html>';
 				$result = wp_mail( $email, 'System Info From ' . $home_url, $message_text, $headers );
 				if ( $result != true )
 					$error = __( "Sorry, email message could not be delivered.", 'bestwebsoft' );
@@ -898,12 +903,14 @@ function bws_add_menu_render() {
 					<table class="bws_system_info">
 						<thead><tr><th><?php _e( 'Active Plugins', 'bestwebsoft' ); ?></th><th></th></tr></thead>
 						<tbody>
-						<?php foreach ( $system_info['active_plugins'] as $key => $value ) { ?>	
-							<tr>
-								<td scope="row"><?php echo $key; ?></td>
-								<td scope="row"><?php echo $value; ?></td>
-							</tr>	
-						<?php } ?>
+						<?php if ( ! empty( $system_info['active_plugins'] ) ) {
+							foreach ( $system_info['active_plugins'] as $key => $value ) { ?>	
+								<tr>
+									<td scope="row"><?php echo $key; ?></td>
+									<td scope="row"><?php echo $value; ?></td>
+								</tr>	
+							<?php }
+						} ?>
 						</tbody>
 					</table>
 					<table class="bws_system_info">

job-board.php

@@ -4,7 +4,7 @@
 Plugin URI: http://bestwebsoft.com/plugin/
 Description: Plugin for adding to site possibility to create job offers page with custom search, send CV and subscribing for similar jobs.
 Author: BestWebSoft
-Version: 1.0.0
+Version: 1.0.1
 Author URI: http://bestwebsoft.com/
 License: GPLv3 or later
 */
@@ -622,7 +622,7 @@ function jbbrd_settings_page() {
 
 			/* Set time period unit. */
 			if ( ( isset( $_POST['vacancy_reply_text'] ) ) && ( '' != $_POST['vacancy_reply_text'] ) )
-				$jbbrd_options['vacancy_reply_text'] = $_POST['vacancy_reply_text'];
+				$jbbrd_options['vacancy_reply_text'] = stripslashes( esc_html( $_POST['vacancy_reply_text'] ) );
 
 			/* Set archieving period. */
 			if ( ( isset( $_POST['archieving_period'] ) ) && ( '' != $_POST['archieving_period'] ) && ( is_numeric( $_POST['archieving_period'] ) ) )
@@ -1576,7 +1576,7 @@ function jbbrd_save_post( $post_id, $post = NULL ) {
 				if ( isset( $_POST[ $key ] ) ) {
 					/* Change date format if fild is 'expiry_date'. */
 					if ( $key == 'expiry_date' ) {
-						$date_compl = $_POST[ $key ];
+						$date_compl = stripslashes( esc_html( $_POST[ $key ] ) );
 						/* Set 30 days period if date field is empty. */
 						if ( '' == $date_compl ) {
 							$jbbrd_default_time = $jbbrd_options['archieving_period'];
@@ -1591,7 +1591,7 @@ function jbbrd_save_post( $post_id, $post = NULL ) {
 							$value				= date( $format, strtotime( $date_compl[1] . "-" . $date_compl[0] . '-' . $date_compl[2] ) );
 						}
 					} else {
-						$value =  $_POST[ $key ];
+						$value =  stripslashes( esc_html( $_POST[ $key ] ) );
 					}
 				} else {
 					$value = '';

readme.txt

@@ -3,8 +3,8 @@ Contributors: bestwebsoft
 Donate link: https://www.2checkout.com/checkout/purchase?sid=1430388&quantity=1&product_id=94
 Tags: plugin, wordpress, jobs, vacancy, job-manager, job-board, job, job offer, job bord, djob board, dgob bord, CV, upload CV, add job offer, apply for a job, vacancy application, job candidate role, manage vacancies, job offer list, save search conditions, job offer categories, search by job category, search by salary, search by organization, post job offer, vacancy archive.  
 Requires at least: 3.5
-Tested up to: 3.9.1
-Stable tag: 1.0.0
+Tested up to: 3.9.2
+Stable tag: 1.0.1
 License: GPLv3 or later
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -115,11 +115,17 @@ Please make sure that the problem hasn't been discussed yet on our forum (<a hre
 
 == Changelog ==
 
+= V1.0.1 - 08.08.2014 =
+* Bugfix : Security Exploit was fixed.
+
 = V1.0.0 - 18.07.2014 = 
 * Bugfix : Login/registration form bugs were fixed.
 * Bugfix : Session bugs were fixed.
 
 == Upgrade Notice ==
 
+= V1.0.1 =
+Security Exploit was fixed.
+
 = V1.0.0 =
-Login/registration form bugs were fixed. Session bugs were fixed.
+Login/registration form bugs were fixed. Session bugs were fixed.