WordPress.org
Get WordPress

Plugin Directory

Changeset 3373457


Ignore:
Timestamp:
10/06/2025 07:20:45 AM (6 months ago)
Author:
DylanAuty
Message:
  • Fixed issue where nominatim cache endpoints would not properly sanitize cache data. Security issue. Thanks Animesh Gaurav (Jetpack)
  • Fixed issue where nominatim cache would not clear previously stored cache data for specific query sets
Location:
wp-google-maps
Files:
664 added
5 edited

Legend:

Unmodified
Added
Removed

  • wp-google-maps/trunk/html/atlas-novus/credits.html.php

    r3168403 r3373457  
    127127    <div class="credit-container">
    128128        <ul class="list-chain">
     129            <li title="Organization: Jetpack">Animesh Gaurav</li>
     130            <li title="Organization: CleanTalk Inc | Wordfence">Dmitrii Ignatyev</li>
    129131            <li title='Organization: Patchstack'>Joshua Chan</li>
    130132            <li title='Organization: Wordfence'>Tim Coen</li>

  • wp-google-maps/trunk/html/credits.html.php

    r3370954 r3373457  
    1 <?php
    2     if(!defined('ABSPATH'))
    3         exit;
     1<div id="wpgmza-credits-page" class="wrap about-wrap">
    42
    5     global $wpgmza;
     3    <h1>
     4        <?php
     5        global $wpgmza;
     6        printf(__("Welcome to WP Go Maps version %s","wp-google-maps"), $wpgmza->getBasicVersion());
     7        ?>
     8    </h1>
    69
    7 ?>
    8 <div class="wpgmza-writeup-tabs">
    9     <a href="admin.php?page=wp-google-maps-menu&amp;action=welcome_page" class="tab"><?php _e("Welcome","wp-google-maps"); ?></a>
    10     <a href="admin.php?page=wp-google-maps-menu&amp;action=credits" class="tab tab-active"><?php _e("Credits","wp-google-maps"); ?></a>
    11 </div>
     10    <div class="about-text">
     11        <?php _e("Thank you for updating! WP Go Maps helps you build amazing maps through a simple interface and powerful functionality along with world class support.","wp-google-maps"); ?>
     12    </div>
    1213
    13 <div id="wpgmza-credits-page" class="wrap wpgmza-wrap wpgmza-writeup-block wpgmza-shadow-high">
     14    <h2 class="nav-tab-wrapper wp-clearfix">
     15   
     16        <a href="admin.php?page=wp-google-maps-menu&amp;action=welcome_page" class="nav-tab">
     17            <?php _e("Welcome","wp-google-maps"); ?>
     18        </a>
     19        <a href="admin.php?page=wp-google-maps-menu&amp;action=credits" class="nav-tab nav-tab-active">
     20            <?php _e("Credits","wp-google-maps"); ?>
     21        </a>
    1422
    15     <h1><?php _e("Welcome to Atlas Novus", "wp-google-maps"); ?></h1>
    16     <h2><?php printf(__("WP Go Maps version %s","wp-google-maps"), $wpgmza->getBasicVersion()); ?></h2>
     23    </h2>
    1724
    18     <hr>
     25    <p class="about-description">
     26        <?php _e("WP Go Maps is created by an international team of developers.","wp-google-maps"); ?>
     27    </p>
     28    <h3 class="wp-people-group">
     29        <?php _e("Project Leaders","wp-google-maps"); ?>
     30    </h3>
     31    <ul class="wp-people-group " id="wp-people-group-project-leaders">
    1932
    20     <h3><?php _e("WP Go Maps helps you create maps that you'll love!","wp-google-maps"); ?></h3>
    21     <h3><?php _e("Created by an international team of exceptional developers, with a passion for mapping","wp-google-maps"); ?></h3>
    22 
    23     <hr>
    24 
    25     <h2><?php _e("Project Leaders","wp-google-maps"); ?></h2>
    26 
    27     <div class="credit-container">
    28         <div class="member">
     33        <li class="wp-person" id="wp-person-nickduncan">
    2934            <a href="https://profiles.wordpress.org/nickduncan/" class="web" target="_BLANK">
    30                 <div class="wpgmza-rounded-image">
    31                     <img
    32                         class="wpgmza-developer-avatar gravatar"
    33                         src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/38d79f24b5a649e132f8ed93f6dc2d37.jpg"
    34                         alt="Nick Duncan"/>
    35                 </div>
     35                <img
     36                    class="wpgmza-developer-avatar gravatar"
     37                    src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/38d79f24b5a649e132f8ed93f6dc2d37.jpg"
     38                    alt="Nick Duncan"/>
    3639                Nick Duncan
    3740            </a>
     
    3942                <?php _e("Founder &amp; Lead Developer","wp-google-maps"); ?>
    4043            </span>
    41         </div>
    42 
    43         <div class="member">
     44        </li>
     45        <li class="wp-person" id="wp-person-dylanauty">
    4446            <a href="https://profiles.wordpress.org/dylanauty/" class="web" target="_BLANK">
    45                 <div class="wpgmza-rounded-image">
    46                     <img
    47                         class="wpgmza-developer-avatar gravatar"
    48                         src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/3e032ec3258ebc08eeed69568141164a.jpg"
    49                         alt="Dylan Auty"/>
    50                 </div>
     47                <img
     48                    class="wpgmza-developer-avatar gravatar"
     49                    src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/3e032ec3258ebc08eeed69568141164a.jpg"
     50                    alt="Dylan Auty"/>
    5151                Dylan Auty
    5252            </a>
     
    5454                <?php _e("Lead Developer &amp; Support","wp-google-maps"); ?>
    5555            </span>
    56         </div>
    57     </div>
    58 
    59     <hr>
    60 
    61     <h2><?php _e("Contributors","wp-google-maps"); ?></h2>
    62 
    63     <div class="credit-container">
    64         <div class="member">
    65             <a href="https://twitter.com/thebossybabe" class="web" target="_BLANK">
    66                 <div class="wpgmza-rounded-image">
    67                     <img
    68                         class="wpgmza-developer-avatar gravatar"
    69                         src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/tam-duncan.png"
    70                         alt="Tam Duncan"/>
    71                 </div>
     56        </li>
     57    </ul>
     58    <h3 class="wp-people-group">
     59        <?php _e("Contributors","wp-google-maps"); ?>
     60    </h3>
     61    <ul class="wp-people-group " id="wp-people-group-core-developers">
     62        <li class="wp-person" id="wp-person-tamduncan">
     63            <a href="https://twitter.com/thebossybabe" class="web">
     64                <img
     65                    class="wpgmza-developer-avatar gravatar"
     66                    src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/tam-duncan.png"
     67                    alt="Tam Duncan"/>
    7268                Tam Duncan</a>
    7369            <span class="title">
    7470                <?php _e("Marketing","wp-google-maps"); ?>
    7571            </span>
    76         </div>
    77 
    78         <div class="member">
     72        </li>
     73       
     74        <li class="wp-person" id="wp-person-pat">
    7975            <a href="https://profiles.wordpress.org/matthewlau/" class="web" target="_BLANK">
    80                 <div class="wpgmza-rounded-image">
    81                     <img
    82                         class="wpgmza-developer-avatar gravatar"
    83                         src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/matthew.png"
    84                         alt="Matthew Lau"/>
    85                 </div>
     76                <img
     77                    class="wpgmza-developer-avatar gravatar"
     78                    src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/matthew.png"
     79                    alt="Matthew Lau"/>
    8680                Matthew Lau</a>
    8781            <span class="title">
    88                 <?php esc_html_e("Support &amp; Developer","wp-google-maps"); ?>
     82                <?php _e("Support &amp; Developer","wp-google-maps"); ?>
    8983            </span>
    90         </div>
     84        </li>
    9185
    92         <div class="member">
     86        <li class="wp-person" id="wp-person-pat">
    9387            <a href="https://twitter.com/glen_smith" class="web" target="_BLANK">
    94                 <div class="wpgmza-rounded-image">
    95                     <img
    96                         class="wpgmza-developer-avatar gravatar"
    97                         src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/8afc912f69e8-512.jpeg"
    98                         alt="Glen Smith"/>
    99                 </div>
     88                <img
     89                    class="wpgmza-developer-avatar gravatar"
     90                    src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/8afc912f69e8-512.jpeg"
     91                    alt="Glen Smith"/>
    10092                Glen Smith</a>
    10193            <span class="title">
    10294                <?php _e("Quality Assurance","wp-google-maps"); ?>
    10395            </span>
    104         </div>
     96        </li>
    10597
    106     </div>
    107 
    108     <div class="credit-container">
    109         <div class="member">
     98        <li class="wp-person" id="wp-person-gerardarall">
    11099            <a href="https://hackerone.com/jerbinessim" class="web" target="_BLANK">
    111                 <div class="wpgmza-rounded-image">
    112                     <img
    113                         class="wpgmza-developer-avatar gravatar"
    114                         src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/d32b41e4f213.png"
    115                         alt="Nessim Jerbi"/>
    116                 </div>
     100                <img
     101                    class="wpgmza-developer-avatar gravatar"
     102                    src="<?php echo plugin_dir_url(WPGMZA_FILE); ?>images/d32b41e4f213.png"
     103                    alt="Nessim Jerbi"/>
    117104                Nessim Jerbi</a>
    118105            <span class="title">
    119106                <?php _e("Security Analyst","wp-google-maps"); ?>
    120107            </span>
    121         </div>
    122     </div>
     108        </li>
     109    </ul>
    123110
    124     <hr>
    125 
    126     <h2><?php _e("Security","wp-google-maps"); ?></h2>
    127     <div class="credit-container">
    128         <ul class="list-chain">
    129             <li title="Organization: CleanTalk Inc | Wordfence">Dmitrii Ignatyev</li>
    130             <li title='Organization: Patchstack'>Joshua Chan</li>
    131             <li title='Organization: Wordfence'>Tim Coen</li>
    132             <li title='Organization: Wordfence'>Marco Wotschka</li>
    133             <li title='Organization: Wordfence'>Akbar Kustirama</li>
    134             <li title='Organization: Wordfence'>Richard Telleng</li>
    135             <li title='Organization: Patchstack'>Rafie Muhammad</li>
    136             <li title='Organization: WPScan'>Marc</li>
    137             <li>Visse</li>
    138             <li>Mohammed Adam</li>
    139             <li>Thomas Chauchefoin</li>
    140             <li>Nessim Jerbi</li>
    141             <li>Gerard Arall</li>
    142             <li>David Clough</li>
    143             <li>Rezaduty</li>
    144         </ul>
    145 
    146     </div>
    147 
    148     <p>
    149         <em><?php _e("Special thanks to our amazing community, for all your security reports and contributions", "wp-google-maps"); ?></em>
    150     </p>
    151 
    152     <hr>
    153 
    154     <h2><?php _e("Core Contributions","wp-google-maps"); ?></h2>
    155     <div class="credit-container">
    156         <ul class="list-chain">
    157             <!-- Actionable code changes from community -->
    158             <li title="Stability Improvements | GitHub: @shazahm1">Steven Zahm</li>
    159             <li title="Stability Improvements | GitHub: @CNick">CNick</li>
    160             <li title="Optimization | GitHub: @Lowwebtech">Lowwebtech</li>
    161             <li title="Localization Improvements | GitHub: @garretthyder">Garrett Hyder</li>
    162             <li title="Stability Improvements | GitHub: @KZeni">Kurt Zenisek</li>
    163             <li title="Core Improvements | GitHub: @nicoletta-maia">Nicoletta Maia</li>
    164 
    165             <!-- Issue Reporters -->
    166             <li title="Issue Reporter | Organization: Hostpoint AG">Pascal</li>
    167             <li title="Issue Reporter">Arūnas Liuiza</li>
    168             <li title="Issue Reporter | GitHub: @AmitT">Amit Tal</li>
    169             <li title="Issue Reporter | GitHub: @Gismo1337">Sebastian Richter</li>
    170             <li title="Issue Reporter | GitHub: @dmitriyKharlashin">Dmitriy Kharlashin</li>
    171             <li title="Issue Reporter | GitHub: @MikeNGarrett">Mike Garrett</li>
    172             <li title="Issue Reporter | GitHub: @frank6tg">Frank Gomez</li>
    173             <li title="Issue Reporter | GitHub: @Tes3awy">Osama Abbas</li>
    174             <li title="Issue Reporter | GitHub: @MrKoopie">D Koop</li>
    175             <li title="Issue Reporter | GitHub: @DavidHepper">David Hepper</li>
    176             <li title="Issue Reporter | GitHub: @stevengliebe">Steven Gliebe</li>
    177             <li title="Issue Reporter | GitHub: @aamorozov">Andrey Morozov</li>
    178             <li title="Issue Reporter | GitHub: @Tanmccuin">Tanner McCuin</li>
    179             <li title="Issue Reporter | GitHub: @stephangriesel">Stephan Griesel</li>
    180             <li title="Issue Reporter | GitHub: @nickw108">Nick Weisser</li>
    181             <li title="Issue Reporter | GitHub: @waded">Wade Dorrell</li>
    182             <li title="Issue Reporter">Dani Haberer</li>
    183 
    184             <!-- Issue Reporters - Internal -->
    185             <li title="Issue Reporter | GitHub: @patdumond">Patricia Dumond</li>
    186             <li title="Issue Reporter | GitHub: @DiegoSilva776">Diego Silva</li>
    187 
    188             <!-- Previous Internal Developers -->
    189             <li title="Version 8 Developer">Perry Rylance <code>V8</code></li>
    190             <li title="Version 8 Developer">Steven De Beer <code>V8</code></li>
    191             <li title="Version 7 Developer">Dylan Kotze <code>V7</code></li>
    192             <li title="Version 7 Developer">Trevor Anderson <code>V7</code></li>
    193             <li title="Version 6 Developer">Jarek Kacprzak <code>V6</code></li>
    194             <li title="Version 6 Developer">Jarryd Long <code>V6</code></li>
    195         </ul>
    196 
    197     </div>
    198    
    199     <p>
    200         <em><?php _e("Special thanks to all the developers who have helped improve our architecture", "wp-google-maps"); ?></em>
    201     </p>
    202 
    203     <hr>
    204 
    205     <h2><?php _e("Translators","wp-google-maps"); ?></h2>
    206     <div class="credit-container">
    207         <ul class="list-chain">
    208             <li>Christian Svendsen</li>
    209             <li>Attila</li>
    210             <li>Gerard Ayter Codina</li>
    211             <li>Finn Sommer Jensen</li>
    212             <li>Michael Møller</li>
    213             <li>Daniel Tan</li>
    214             <li>Mats Wale</li>
    215             <li>Starlogic</li>
    216             <li>Pedro Ponz</li>
    217             <li>Neno</li>
    218             <li>Martin Sleipner</li>
    219             <li>Lyubomir Kolev</li>
    220             <li>Suha Karalar</li>
    221             <li>Konstantinos Koukoulakis</li>
    222             <li>Tommaso Mori</li>
    223             <li>Arnaud Thomas</li>
    224             <li>Borisa Djuraskovic</li>
    225             <li>Matteo Ender</li>
    226             <li>Fernando</li>
    227             <li>Alessio Cornale</li>
    228             <li>Michik1712</li>
    229             <li>Alejandro Catalán</li>
    230             <li>Petr Aubrecht</li>
    231             <li>Updownbikes</li>
    232         </ul>
    233 
    234     </div>
    235    
    236     <p>
    237         <em><?php _e("Special thanks to our amazing community, for all your translation contributions", "wp-google-maps"); ?></em>
    238     </p>
    239 
    240     <hr>
    241 
    242     <h3>
     111    <p class="clear">
    243112        <?php _e("Want to see your name on this page?","wp-google-maps"); ?>
    244113        <a href="https://github.com/CodeCabin/wp-google-maps/">
    245114            <?php _e("Get involved on GitHub.","wp-google-maps"); ?>
    246115        </a>
    247     </h3>
     116    </p>
    248117
    249     <hr>
    250 
    251     <h2><?php _e("Ready to get started?", "wp-google-maps"); ?></h2>               
    252     <a class="wpgmza-button" href="<?php echo admin_url('admin.php?page=wp-google-maps-menu&amp;action=installer&amp;autoskip=true'); ?>">
    253         <?php echo __("Let's get started","wp-google-maps"); ?>
    254         <i class="fa fa-chevron-right" aria-hidden="true"></i>
    255     </a>
     118    <a class="button-primary" style='padding:10px; height:inherit;' href="admin.php?page=wp-google-maps-menu&amp;action=installer&amp;autoskip=true&amp;override=1">
     119        <?php echo __("OK! Let's start","wp-google-maps"); ?>
     120    </a>
    256121
    257122</div>

  • wp-google-maps/trunk/includes/open-layers/class.nominatim-geocode-cache.php

    r3168403 r3373457  
    6767        global $wpdb;
    6868       
    69         if(empty($query))
     69        $query = sanitize_text_field($query);
     70
     71        if(empty($query)){
    7072            throw new \Exception("First argument cannot be empty");
    71                
    72         $stmt = $wpdb->prepare("INSERT INTO {$this->table} (query, response) VALUES (%s, %s)", array(
    73             $query,
    74             $response
    75         ));
    76 
    77         /* Developer Hook (Filter) - Modify nominatim cache store */
    78         $stmt = apply_filters( 'wpgmza_ol_nomination_cache_query_set', $stmt, $query, $response );
    79 
    80         $wpdb->query($stmt);
     73        }
     74
     75        if(!empty($response)){
     76            if(is_string($response)){
     77                try{
     78                    $json = json_decode(stripslashes($response));
     79                    $response = $json;
     80                } catch(\Exception $ex){
     81                    $response = false;
     82                } catch(\Error $err){
     83
     84                    $response = false;
     85                }
     86
     87            }
     88
     89            if(!empty($response)){
     90                if(is_object($response)){
     91                    $response = array($response);
     92                }
     93
     94                if(is_array($response)){
     95                    $response = $this->sanitizeDataRecursive($response);
     96                } else {
     97                    throw new \Exception("Response data must be array of objects");
     98                }
     99            } else {
     100                throw new \Exception("Malformed response data");
     101            }
     102        } else {
     103            throw new \Exception("Response data cannot be empty");
     104        }
     105           
     106       
     107        if(!empty($response) && is_array($response)){
     108            $response = json_encode($response);
     109
     110            /* Remove old cache results */
     111            $wpdb->query($wpdb->prepare("DELETE FROM {$this->table} WHERE query = %s", array($query)));
     112
     113            /* Store new cache result */
     114            $stmt = $wpdb->prepare("INSERT INTO {$this->table} (query, response) VALUES (%s, %s)", array(
     115                $query,
     116                $response
     117            ));
     118
     119            /* Developer Hook (Filter) - Modify nominatim cache store */
     120            $stmt = apply_filters( 'wpgmza_ol_nomination_cache_query_set', $stmt, $query, $response );
     121
     122            $wpdb->query($stmt);
     123        } else {
     124            throw new \Exception("Malformed response data");
     125        }
    81126    }
    82127
     
    90135        $stmt = $wpdb->query("TRUNCATE TABLE {$this->table}");
    91136    }
     137
     138    public function sanitizeDataRecursive($data){
     139        if(!is_array($data) && !is_object($data)){
     140            return sanitize_text_field($data);
     141        }
     142
     143        foreach($data as $key => $value){
     144            if(is_array($value) || is_object($value)){
     145                $value = $this->sanitizeDataRecursive($value);
     146            } else if(is_float($value)){
     147                $value = floatval($value);
     148            } else if(is_int($value)){
     149                $value = intval($value);
     150            } else {
     151                $value = sanitize_text_field($value);
     152            }
     153
     154            if(is_object($data)){
     155                $data->{$key} = $value;
     156            } else if(is_array($data)){
     157                $data[$key] = $value;
     158            }
     159        }
     160        return $data;
     161    }
    92162}
    93163
     
    115185{
    116186    $cache = new NominatimGeocodeCache();
    117     $cache->set(sanitize_text_field($_POST['query']), $_POST['response']);
    118    
     187    try{
     188        $cache->set(sanitize_text_field($_POST['query']), $_POST['response']);
     189       
     190        wp_send_json(array(
     191            'success' => 1
     192        ));
     193    } catch (\Exception $ex){
     194        wp_send_json(array(
     195            'success' => 0,
     196            'message' => $ex->getMessage()
     197        ));
     198    } catch (\Error $err){
     199        wp_send_json(array(
     200            'success' => 0,
     201            'message' => $err->getMessage()
     202        ));
     203    }
     204    exit;
     205}
     206
     207/**
     208 * Bind function to clear the Nominatim cache.
     209 * @deprecated This will be moved to the REST API in the future
     210 */
     211function clear_nominatim_cache()
     212{
     213    global $wpgmza;
     214   
     215    if(!$wpgmza->isUserAllowedToEdit() || empty($_POST['wpgmza_security']) || !wp_verify_nonce($_POST['wpgmza_security'], 'wpgmza_ajaxnonce')){
     216        http_response_code(401);
     217        return;
     218    }
     219   
     220    $cache = new NominatimGeocodeCache();
     221    $cache->clear();
     222
    119223    wp_send_json(array(
    120224        'success' => 1
     
    123227}
    124228
    125 /**
    126  * Bind function to clear the Nominatim cache.
    127  * @deprecated This will be moved to the REST API in the future
    128  */
    129 function clear_nominatim_cache()
    130 {
    131     global $wpgmza;
    132    
    133     if(!$wpgmza->isUserAllowedToEdit() || empty($_POST['wpgmza_security']) || !wp_verify_nonce($_POST['wpgmza_security'], 'wpgmza_ajaxnonce')){
    134         http_response_code(401);
    135         return;
    136     }
    137    
    138     $cache = new NominatimGeocodeCache();
    139     $cache->clear();
    140 
    141     wp_send_json(array(
    142         'success' => 1
    143     ));
    144     exit;
    145 }
    146 
    147229add_action('wp_ajax_wpgmza_query_nominatim_cache',          'WPGMZA\\query_nominatim_cache');
    148230add_action('wp_ajax_nopriv_wpgmza_query_nominatim_cache',   'WPGMZA\\query_nominatim_cache');

  • wp-google-maps/trunk/readme.txt

    r3370954 r3373457  
    66Tested up to: 6.8
    77Requires PHP: 7.0
    8 Stable tag: 9.0.47
     8Stable tag: 9.0.48
    99License: GPLv2
    1010
     
    214214== Upgrade Notice ==
    215215
     216= 9.0.48 =
     217Please update to 9.0.48 or above or above to ensure you are using the latest security enhancements.
     218
    216219= 9.0.47 =
    217220Please update to 9.0.47 or above or above to ensure you are using the latest security enhancements.
     
    341344
    342345== Changelog ==
     346
     347= 9.0.48 - 2025-10-06 =
     348* Fixed issue where nominatim cache endpoints would not properly sanitize cache data. Security issue. Thanks Animesh Gaurav (Jetpack)
     349* Fixed issue where nominatim cache would not clear previously stored cache data for specific query sets
    343350
    344351= 9.0.47 - 2025-10-01 =

  • wp-google-maps/trunk/wpGoogleMaps.php

    r3370954 r3373457  
    44Plugin URI: https://www.wpgmaps.com
    55Description: The easiest to use Google Maps plugin! Create custom Google Maps or a map block with high quality markers containing locations, descriptions, images and links. Add your customized map to your WordPress posts and/or pages quickly and easily with the supplied shortcode. No fuss.
    6 Version: 9.0.47
     6Version: 9.0.48
    77Author: WP Go Maps (formerly WP Google Maps)
    88Author URI: https://www.wpgmaps.com
     
    1313
    1414/*
     15 * 9.0.48 - 2025-10-06
     16 * Fixed issue where nominatim cache endpoints would not properly sanitize cache data. Security issue. Thanks Animesh Gaurav (Jetpack)
     17 * Fixed issue where nominatim cache would not clear previously stored cache data for specific query sets
     18 *
    1519 * 9.0.47 - 2025-10-01
    1620 * Fixed issue where Ajax transport would not correctly check for nonce values. Security issue. Thanks Dmitrii Ignatyev (CleanTalk Inc) (Wordfence)
Note: See TracChangeset for help on using the changeset viewer.