WordPress.org
Get WordPress

Plugin Directory

Changeset 980573


Ignore:
Timestamp:
09/04/2014 09:12:09 PM (12 years ago)
Author:
briancolinger
Message:

Adding a new security hotfix.
Bumping plugin version.

Location:
vaultpress/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • vaultpress/trunk/class.vaultpress-hotfixes.php

    r941846 r980573  
    8989        // Protect The MailPoet plugin (wysija-newsletters) from remote file upload. Affects versions <= 2.6.6
    9090        add_action( 'admin_init', array( $this , 'protect_wysija_newsletters_verify_capability' ), 1 );
     91
     92        // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
     93        add_action( 'init', array( $this , 'protect_revslider_lfi' ), 1 );
    9194    }
    9295
     
    617620        }
    618621    }
     622
     623    // Protect the Revolution Slider plugin (revslider) from local file inclusion. Affects versions < 4.2
     624    function protect_revslider_lfi() {
     625        if ( isset( $_GET['action'] ) && 'revslider_show_image' == $_GET['action'] ) {
     626            $img = '';
     627            if ( isset( $_GET['img'] ) )
     628                $img = $_GET['img'];
     629            if ( is_numeric( $img ) )
     630                return;
     631            $validate = validate_file( $img );
     632            if ( 0 !== $validate )
     633                die( 'invalid file' );
     634            if ( !file_exists( $img ) )
     635                die( 'file does not exist' );
     636        }
     637    }
    619638}
    620639

  • vaultpress/trunk/readme.txt

    r978194 r980573  
    44Requires at least: 2.9.2
    55Tested up to: 4.0
    6 Stable tag: 1.6.4
     6Stable tag: 1.6.5
    77License: GPLv2
    88
     
    5252
    5353== Changelog ==
     54= 1.6.5 =
     55* Security: Add a new security hotfix.
     56
    5457= 1.6.4 =
    5558* Bumping the "Tested up to" tag to 4.0

  • vaultpress/trunk/vaultpress.php

    r978194 r980573  
    44 * Plugin URI: http://vaultpress.com/?utm_source=plugin-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
    55 * Description: Protect your content, themes, plugins, and settings with <strong>realtime backup</strong> and <strong>automated security scanning</strong> from <a href="http://vaultpress.com/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">VaultPress</a>. Activate, enter your registration key, and never worry again. <a href="http://vaultpress.com/help/?utm_source=wp-admin&amp;utm_medium=plugin-description&amp;utm_campaign=1.0" rel="nofollow">Need some help?</a>
    6  * Version: 1.6.4
     6 * Version: 1.6.5
    77 * Author: Automattic
    88 * Author URI: http://vaultpress.com/?utm_source=author-uri&amp;utm_medium=plugin-description&amp;utm_campaign=1.0
     
    1919    var $option_name    = 'vaultpress';
    2020    var $db_version     = 3;
    21     var $plugin_version = '1.6.4';
     21    var $plugin_version = '1.6.5';
    2222
    2323    function __construct() {
Note: See TracChangeset for help on using the changeset viewer.