Changeset 2780267

Timestamp:

09/05/2022 04:29:02 PM (4 years ago)

Author:

Alphawolf

Message:

Version 1.1.2 update:

• Fixed Admin+ Stored XSS vulnerability

Location:

goolytics-simple-google-analytics/trunk

Files:

• goolytics.php (modified) (4 diffs)
• languages/goolytics-simple-google-analytics-de_DE.mo (modified) (previous)
• languages/goolytics-simple-google-analytics-de_DE.po (modified) (5 diffs)
• languages/goolytics-simple-google-analytics.pot (modified) (5 diffs)
• readme.txt (modified) (1 diff)

goolytics-simple-google-analytics/trunk/goolytics.php

@@ -2 +2 @@
 /*
 Plugin Name: Goolytics - Simple Google Analytics
-Version: 1.1.1
+Version: 1.1.2
 Plugin URI: https://wordpress.org/plugins/goolytics-simple-google-analytics/
 Description: A simple Google Analytics solution that works without slowing down your WordPress installation.
@@ -10 +10 @@
 Domain Path: /languages
 
-Copyright 2013-2021 Oliver Schlöbe (email : scripts@schloebe.de)
+Copyright 2013-2022 Oliver Schlöbe (email : scripts@schloebe.de)
 
 This program is free software; you can redistribute it and/or modify
@@ -122 +122 @@
         if ( !function_exists("add_action") ) return;
         
-        register_setting(self::_NAMESPACE, 'goolytics_web_property_id');
+        register_setting(self::_NAMESPACE, 'goolytics_web_property_id', array(
+            'type' => 'string',
+            'sanitize_callback' => array(&$this, 'sanitize_web_property_id')
+        ));
         register_setting(self::_NAMESPACE, 'goolytics_anonymize_ip');
         register_setting(self::_NAMESPACE, 'goolytics_usercentrics_support');
@@ -244 +247 @@
     }
     
+    
+    /**
+    * Sanitize web_property_id input
+    *
+    * @since        1.1.2
+    * @author       scripts@schloebe.de
+    */
+    function sanitize_web_property_id( $input ) {
+        if( preg_match('/^[A-Z][A-Z0-9]?-[A-Z0-9]{4,10}(?:\-[1-9]\d{0,3})?$/', $input) ) {
+            return $input;
+        } else {
+            if( empty($input) ) {
+                add_settings_error(
+                    'goolytics_web_property_id',
+                    'goolytics_web_property_id',
+                    __('The Google Analytics ID is empty.', 'goolytics-simple-google-analytics'),
+                    'error'
+                );
+            } else {
+                add_settings_error(
+                    'goolytics_web_property_id',
+                    'goolytics_web_property_id',
+                    __('The Google Analytics ID you entered is invalid. Please check your input and try again.', 'goolytics-simple-google-analytics'),
+                    'error'
+                );
+            }
+            return '';
+        }
+    }
+    
 }
 

goolytics-simple-google-analytics/trunk/languages/goolytics-simple-google-analytics-de_DE.po

@@ -4 +4 @@
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2019-11-04 11:21+0000\n"
-"PO-Revision-Date: 2019-11-04 12:42+0000\n"
+"PO-Revision-Date: 2022-09-02 19:16+0000\n"
 "Last-Translator: Alphawolf <scripts@schloebe.de>\n"
-"Language-Team: Deutsch\n"
+"Language-Team: German\n"
 "Language: de_DE\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
@@ -94 +94 @@
 msgstr "Goolytics - Simple Google Analytics"
 
-#: goolytics.php:243
+#: goolytics.php:246
 msgid "Goolytics - Simple Google Analytics requires at least WordPress 3.0!"
 msgstr "Goolytics - Simple Google Analytics benötigt mindestens WordPress 3.0!"
@@ -126 +126 @@
 msgstr "Oliver Schl&ouml;be"
 
-#: goolytics.php:215 inc/options.php:11
+#: goolytics.php:218 inc/options.php:11
 msgid "Settings"
 msgstr "Einstellungen"
@@ -142 +142 @@
 "werden sollen, indem das letzte Oktett der IP-Adresse entfernt wird."
 
-#: goolytics.php:230
+#: goolytics.php:233
 #, php-format
 msgid ""
@@ -153 +153 @@
 "werden. Danach ist alles bereit."
 
+#: goolytics.php:264
+msgid "The Google Analytics ID is empty."
+msgstr "Die Google Analytics ID ist leer."
+
+#: goolytics.php:271
+msgid ""
+"The Google Analytics ID you entered is invalid. Please check your input and "
+"try again."
+msgstr ""
+"Die von Ihnen eingegebene Google Analytics-ID ist ungültig. Bitte überprüfen "
+"Sie Ihre Eingabe und versuchen Sie es erneut."
+
 #: inc/options.php:23 inc/options.php:38
 msgid "Yes"

goolytics-simple-google-analytics/trunk/languages/goolytics-simple-google-analytics.pot

@@ -4 +4 @@
 "Project-Id-Version: Goolytics - Simple Google Analytics\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2019-11-04 11:21+0000\n"
+"POT-Creation-Date: 2022-09-02 19:15+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -81 +81 @@
 msgstr ""
 
-#: goolytics.php:243
+#: goolytics.php:246
 msgid "Goolytics - Simple Google Analytics requires at least WordPress 3.0!"
 msgstr ""
@@ -111 +111 @@
 msgstr ""
 
-#: goolytics.php:215 inc/options.php:11
+#: goolytics.php:218 inc/options.php:11
 msgid "Settings"
 msgstr ""
@@ -125 +125 @@
 msgstr ""
 
-#: goolytics.php:230
+#: goolytics.php:233
 #, php-format
 msgid ""
@@ -131 +131 @@
 "<a href=\"%s\">settings page</a>, finish setting up the plugin and you are "
 "good to go!"
+msgstr ""
+
+#: goolytics.php:264
+msgid "The Google Analytics ID is empty."
+msgstr ""
+
+#: goolytics.php:271
+msgid ""
+"The Google Analytics ID you entered is invalid. Please check your input and "
+"try again."
 msgstr ""
 

goolytics-simple-google-analytics/trunk/readme.txt

@@ -46 +46 @@
 == Changelog ==
 
+= 1.1.2 =
+* Fixed Admin+ Stored XSS vulnerability
+
 = 1.1.1 =
 * Localization preparations for translate.wordpress.org