new version 2.4.4 - fix XSS issues

git-svn-id: https://plugins.svn.wordpress.org/wp-file-upload/trunk@968920 b8457f37-d9ea-0310-8a92-e5e31aec5664
wp-plugins · Aug 20, 2014 · c846327 · c846327
1 parent 7c5732d
commit c846327
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 7 deletions.
diff --git a/lib/wfu_ajaxactions.php b/lib/wfu_ajaxactions.php
@@ -67,19 +67,19 @@ function wfu_ajax_action_callback() {
 	//check referer using server sessions to avoid CSRF attacks
 	if ( $_SESSION["wfu_token_".$arr['shortcode_id']] != $_POST['session_token'] ) {
 		echo "Session failed!<br/><br/>Session Data:<br/>";
-		print_r($_SESSION);
+		print_r(wfu_sanitize($_SESSION));
 		echo "<br/><br/>Post Data:<br/>";
-		print_r($_POST);
+		print_r(wfu_sanitize($_POST));
 		die();
 	}
 
 	if ( $user->user_login != $arr['user_login'] ) {
 		echo "User failed!<br/><br/>User Data:<br/>";
-		print_r($user);
+		print_r(wfu_sanitize($user));
 		echo "<br/><br/>Post Data:<br/>";
-		print_r($_POST);
+		print_r(wfu_sanitize($_POST));
 		echo "<br/><br/>Params Data:<br/>";
-		print_r($arr);
+		print_r(wfu_sanitize($arr));
 		die();
 	}
 

diff --git a/lib/wfu_functions.php b/lib/wfu_functions.php
@@ -103,6 +103,24 @@ function wfu_array_remove_nulls(&$arr) {
 			array_splice($arr, $key, 1);
 }
 
+function wfu_safe_array($arr) {
+	return array_map("htmlspecialchars", $arr);
+}
+
+function wfu_sanitize($var) {
+	$typ = gettype($var);
+	if ( $typ == "boolean" || $typ == "integer" || $typ == "double" || $typ == "resource" || $typ == "NULL" )
+		return $var;
+	elseif ( $typ == "string" )
+		return htmlspecialchars($var);
+	elseif ( $typ == "array" || $typ == "object" ) {
+		foreach ( $var as &$item ) $item = wfu_sanitize($item);
+		return $var;
+	}
+	else
+		return $typ;
+}
+
 function wfu_shortcode_string_to_array($shortcode) {
 	function _wfu_preg_replace_callback_alt($contents, $token) {
 		$in_block = false;

diff --git a/readme.txt b/readme.txt
@@ -110,6 +110,9 @@ Administrators can view and manage the uploaded files from the File Browser that
 
 == Changelog ==
 
+= 2.4.4 =
+* intermediate update to make the plugin more immune to hackers
+
 = 2.4.3 =
 * correction of bug to allow uploadpath to receive userdata as parameter
 
@@ -313,7 +316,10 @@ Initial version.
 
 == Upgrade Notice ==
 
-= 2.4.2 =
+= 2.4.4 =
+Important upgrade to address some vulnerability issues.
+
+= 2.4.3 =
 Upgrade to address some functionality issues.
 
 = 2.4.2 =

diff --git a/wordpress_file_upload.php b/wordpress_file_upload.php
@@ -4,7 +4,7 @@
 /*
 Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
 Description: Simple interface to upload files from a page.
-Version: 2.4.3
+Version: 2.4.4
 Author: Nickolas Bossinas
 Author URI: http://www.iptanus.com
 */