A2 Optimized WP - Version 2.1.3.3

Version Description

Patches a cross-site-scripting vulnerablity. This is a recommended upgrade.

Release Info

Developer	a2hosting
Plugin	A2 Optimized WP
Version	2.1.3.3
Comparing to
See all releases

Code changes from version 2.1.3.2 to 2.1.3.3

Files changed (4) hide show

A2_Optimized_Optimizations.php +1 -1
A2_Optimized_OptionsManager.php +49 -97
a2-optimized.php +1 -1
readme.txt +6 -3

A2_Optimized_Optimizations.php CHANGED Viewed

	@@ -590,7 +590,7 @@ class A2_Optimized_Optimizations {
590	),
591	'images' => array(
592	'name' => 'Compress Images on Upload',
593	- 'plugin' => '~~EWWW~~ ~~Image Optimizer~~',
594	'slug' => 'images',
595	'premium' => true,
596	'configured' => false,


590	),
591	'images' => array(
592	'name' => 'Compress Images on Upload',
593	+ 'plugin' => 'Warp iMagick',
594	'slug' => 'images',
595	'premium' => true,
596	'configured' => false,

A2_Optimized_OptionsManager.php CHANGED Viewed

	@@ -989,6 +989,10 @@ HTML;
989	if (isset($_GET['save_settings']) && $_GET['save_settings']) {
990	$save_alert = '<div class="alert alert-success">Settings Saved</div>';
991	}




992
993	$warning_circle = '';
994	if ($num_warnings > 0) {
	@@ -1082,7 +1086,7 @@ HTML;
1082	<h2>Additional Plugins Installed on A2 Hosting</h2>
1083	<p><strong>Easy Hide Login</strong><br />
1084	Changes the location of the WordPress login page</p>
1085	- <p><strong>~~EWWW~~ ~~Image Optimizer~~</strong><br />
1086	Compress and optimize images on upload</p>
1087	</div>
1088	<div style="margin:20px 0;">
	@@ -1161,7 +1165,7 @@ HTML;
1161	<dt>Compress Images on Upload</dt>
1162	<dd>
1163	<ul>
1164	- <li>Enables and configures ~~EWWW~~ Image Optimizer.</li>
1165	<li>Compresses images that are uploaded to save bandwidth.</li>
1166	<li>Improves page load times: especially on sites with many images.</li>
1167	</ul>
	@@ -1897,44 +1901,28 @@ HTML;
1897	$this->optimizations = $opts->get_optimizations();
1898	$this->plugin_list = get_plugins();
1899
1900	- ~~if (isset(~~$~~_GET['activate']))~~ {
1901	- foreach ($this->plugin_list as $file => $plugin) {
1902	- if ($_GET['activate'] == $plugin['Name']) {
1903	- $this->activate_plugin($file);
1904	- }
1905	- }
1906	- }
1907
1908	- if (isset($_GET['~~hide_login_url~~'])) {
1909	- $~~this->addOption(~~'~~hide_login_url~~'~~, true)~~;
1910	}
1911
1912	- if (isset($_GET['~~deactivate~~'])) {
1913	- ~~foreach (~~$~~this->plugin_list~~ as ~~$file => $plugin) {~~
1914	- ~~if ($_GET['deactivate'] == $plugin['Name']) {~~
1915	- $~~this->deactivate_plugin(~~$~~file)~~;




1916	}
1917	- }
1918	- }
1919
1920	- if (isset($_GET['~~delete~~'])) {
1921	- ~~foreach (~~$this->~~plugin_list as~~ $~~file =>~~ $~~plugin~~) {
1922	- ~~if (~~$~~_GET['delete']~~ == ~~$plugin[~~'~~Name~~'~~]) {~~
1923	- $this->uninstall_plugin($file);
1924	}
1925	- }
1926	- }
1927	-
1928	- if (isset($_GET['disable_optimization'])) {
1929	- $hash = '';
1930	-
1931	- if (isset($this->optimizations[$_GET['disable_optimization']])) {
1932	- $this->optimizations[$_GET['disable_optimization']]['disable']($_GET['disable_optimization']);
1933	- }
1934	-
1935	- if (isset($this->advanced_optimizations[$_GET['disable_optimization']])) {
1936	- $this->advanced_optimizations[$_GET['disable_optimization']]['disable']($_GET['disable_optimization']);
1937	- $hash = '#optimization-advanced-tab';
1938	}
1939
1940	echo <<<JAVASCRIPT
	@@ -1945,15 +1933,22 @@ JAVASCRIPT;
1945	exit();
1946	}
1947
1948	- if (isset($_GET['enable_optimization'])) {
1949	$hash = '';
1950	- if ~~(isset(~~$~~this->optimizations[$~~_GET['enable_optimization']~~])) {~~
1951	- $~~this->optimizations[$_GET[~~'~~enable_optimization~~'~~]]['enable'](~~$~~_GET['enable_optimization']~~);
1952	- }




1953
1954	- if (isset($this->advanced_optimizations[$_GET['enable_optimization']])) {
1955	- $this->advanced_optimizations[$_GET['enable_optimization']]['enable']($_GET['enable_optimization']);
1956	- $hash = '#optimization-advanced-tab';



1957	}
1958
1959	echo <<<JAVASCRIPT
	@@ -1964,7 +1959,7 @@ JAVASCRIPT;
1964	exit();
1965	}
1966
1967	- if (isset($_GET['apply_divi_settings'])) {
1968	$this->optimizations['minify']['disable']('minify');
1969	$this->optimizations['css_minify']['disable']('css_minify');
1970	$this->optimizations['js_minify']['disable']('js_minify');
	@@ -2149,7 +2144,9 @@ JAVASCRIPT;
2149	// skip adding "disable" link if 'remove_link' key is set and site is behind cloudflare
2150	// used for Gzip options
2151	} else {
2152	- $~~links[]~~ = ~~array~~(~~"?page=$settings_slug&disable_optimization={$item['slug']}",~~ ~~'Disable',~~ ~~'_self'~~);


2153	}
2154	}
2155	if (isset($item['settings'])) {
	@@ -2174,7 +2171,9 @@ JAVASCRIPT;
2174	$glyph = 'warning-sign';
2175
2176	if (isset($item['disable'])) {
2177	- $~~links[]~~ = ~~array~~(~~"?page=$settings_slug&disable_optimization={$item['slug']}",~~ ~~'Disable',~~ ~~'_self'~~);


2178	}
2179	if (isset($item['settings'])) {
2180	$links[] = array("{$item['settings']}", 'Configure', '_self');
	@@ -2198,7 +2197,9 @@ JAVASCRIPT;
2198	if (isset($item['update'])) {
2199	$action_text = 'Update Now';
2200	}
2201	- $~~links[]~~ = ~~array~~(~~"?page=$settings_slug&enable_optimization={$item['slug']}",~~ ~~$action_text,~~ ~~'_self'~~);


2202	}
2203
2204	if (isset($item['not_configured_links'])) {
	@@ -2212,7 +2213,9 @@ JAVASCRIPT;
2212	}
2213	} else {
2214	if (isset($item['enable']) && $active_class == '') {
2215	- $~~links[]~~ = ~~array~~(~~"?page=$settings_slug&enable_optimization={$item['slug']}",~~ ~~'Enable',~~ ~~'_self'~~);


2216	}
2217
2218	if (isset($item['not_configured_links'])) {
	@@ -2806,57 +2809,6 @@ HTACCESS;
2806	return false;
2807	}
2808
2809	- /**
2810	- * Display plugin name, status and description
2811	- * @param array $plugin The plugin attributes
2812	- * @return markup HTML The plugin information in HTML format
2813	- */
2814	- private function plugin_display($plugin) {
2815	- $links['Delete'] = admin_url() . 'admin.php?page=' . $this->getSettingsSlug() . "&delete={$plugin['Name']}";
2816	-
2817	- $glyph = 'warning-sign';
2818	- if (!$plugin['active']) {
2819	- if ($plugin['optional']) {
2820	- $glyph = 'warning-sign';
2821	- } else {
2822	- $glyph = 'exclamation-sign';
2823	- }
2824	- $links['Activate'] = admin_url() . 'admin.php?page=' . $this->getSettingsSlug() . "&activate={$plugin['Name']}";
2825	- } else {
2826	- $glyph = 'ok';
2827	- $links['Deactivate'] = admin_url() . 'admin.php?page=' . $this->getSettingsSlug() . "&deactivate={$plugin['Name']}";
2828	- if (isset($plugin['config_url'])) {
2829	- $links['Configure'] = $plugin['config_url'];
2830	- }
2831	- }
2832	-
2833	- $link_html = '';
2834	- foreach ($links as $name => $href) {
2835	- $link_html .= <<<HTML
2836	- <a href="{$href}">$name</a> \|
2837	- HTML;
2838	- }
2839	-
2840	- $link_html = trim($link_html, ' \|');
2841	-
2842	- return <<<HTML
2843	- <div class="optimization-item">
2844	- <div style="float:left;width:44px;font-size:36px">
2845	- <span class="glyphicon glyphicon-{$glyph}"></span>
2846	- </div>
2847	- <div style="float:left;">
2848	- <b>{$plugin['Name']}</b><br>
2849	- </div>
2850	- <div style="clear:both;">
2851	- <p>{$plugin['Description']}</p>
2852	- </div>
2853	- <div>
2854	- {$link_html}
2855	- </div>
2856	- </div>
2857	- HTML;
2858	- }
2859	-
2860	/**
2861	* Check Check for the correct a2_optimized directory
2862	* @return boolean true\|false


989	if (isset($_GET['save_settings']) && $_GET['save_settings']) {
990	$save_alert = '<div class="alert alert-success">Settings Saved</div>';
991	}
992	+
993	+ if (isset($_GET['msg']) && $_GET['msg'] == 'token') {
994	+ $save_alert = '<div class="alert alert-danger">Session timed out, please try to configure your optimization again.</div>';
995	+ }
996
997	$warning_circle = '';
998	if ($num_warnings > 0) {

1086	<h2>Additional Plugins Installed on A2 Hosting</h2>
1087	<p><strong>Easy Hide Login</strong><br />
1088	Changes the location of the WordPress login page</p>
1089	+ <p><strong>Warp iMagick</strong><br />
1090	Compress and optimize images on upload</p>
1091	</div>
1092	<div style="margin:20px 0;">

1165	<dt>Compress Images on Upload</dt>
1166	<dd>
1167	<ul>
1168	+ <li>Enables and configures Warp iMagick Image Optimizer.</li>
1169	<li>Compresses images that are uploaded to save bandwidth.</li>
1170	<li>Improves page load times: especially on sites with many images.</li>
1171	</ul>

1901	$this->optimizations = $opts->get_optimizations();
1902	$this->plugin_list = get_plugins();
1903
1904	+ $url_token = false;






1905
1906	+ if (isset($_GET['a2_token'])) {
1907	+ $url_token = $_GET['a2_token'];
1908	}
1909
1910	+ if (isset($_GET['disable_optimization']) && $url_token) {
1911	+ $hash = '';
1912	+
1913	+ $item_slug = $_GET['disable_optimization'];
1914	+ $a2_token = get_transient('a2_token-' . $item_slug);
1915	+ if ($a2_token && $a2_token == $url_token) {
1916	+ if (isset($this->optimizations[$_GET['disable_optimization']])) {
1917	+ $this->optimizations[$_GET['disable_optimization']]['disable']($_GET['disable_optimization']);
1918	}


1919
1920	+ if (isset($this->advanced_optimizations[$_GET['disable_optimization']])) {
1921	+ $this->advanced_optimizations[$_GET['disable_optimization']]['disable']($_GET['disable_optimization']);
1922	+ $hash = '#optimization-advanced-tab';

1923	}
1924	+ } else {
1925	+ $hash = '&msg=token';











1926	}
1927
1928	echo <<<JAVASCRIPT

1933	exit();
1934	}
1935
1936	+ if (isset($_GET['enable_optimization']) && $url_token) {
1937	$hash = '';
1938	+ $item_slug = $_GET['enable_optimization'];
1939	+ $a2_token = get_transient('a2_token-' . $item_slug);
1940	+
1941	+ if ($a2_token && $a2_token == $url_token) {
1942	+ if (isset($this->optimizations[$_GET['enable_optimization']])) {
1943	+ $this->optimizations[$_GET['enable_optimization']]['enable']($_GET['enable_optimization']);
1944	+ }
1945
1946	+ if (isset($this->advanced_optimizations[$_GET['enable_optimization']])) {
1947	+ $this->advanced_optimizations[$_GET['enable_optimization']]['enable']($_GET['enable_optimization']);
1948	+ $hash = '#optimization-advanced-tab';
1949	+ }
1950	+ } else {
1951	+ $hash = '&msg=token';
1952	}
1953
1954	echo <<<JAVASCRIPT

1959	exit();
1960	}
1961
1962	+ if (isset($_GET['apply_divi_settings']) && $url_token) {
1963	$this->optimizations['minify']['disable']('minify');
1964	$this->optimizations['css_minify']['disable']('css_minify');
1965	$this->optimizations['js_minify']['disable']('js_minify');

2144	// skip adding "disable" link if 'remove_link' key is set and site is behind cloudflare
2145	// used for Gzip options
2146	} else {
2147	+ $a2_token = md5(time() . rand());
2148	+ set_transient('a2_token-' . $item['slug'], $a2_token, 180);
2149	+ $links[] = array("?page=$settings_slug&disable_optimization={$item['slug']}&a2_token={$a2_token}", 'Disable', '_self');
2150	}
2151	}
2152	if (isset($item['settings'])) {

2171	$glyph = 'warning-sign';
2172
2173	if (isset($item['disable'])) {
2174	+ $a2_token = md5(time() . rand());
2175	+ set_transient('a2_token-' . $item['slug'], $a2_token, 180);
2176	+ $links[] = array("?page=$settings_slug&disable_optimization={$item['slug']}&a2_token={$a2_token}", 'Disable', '_self');
2177	}
2178	if (isset($item['settings'])) {
2179	$links[] = array("{$item['settings']}", 'Configure', '_self');

2197	if (isset($item['update'])) {
2198	$action_text = 'Update Now';
2199	}
2200	+ $a2_token = md5(time() . rand());
2201	+ set_transient('a2_token-' . $item['slug'], $a2_token, 180);
2202	+ $links[] = array("?page=$settings_slug&enable_optimization={$item['slug']}&a2_token={$a2_token}", $action_text, '_self');
2203	}
2204
2205	if (isset($item['not_configured_links'])) {

2213	}
2214	} else {
2215	if (isset($item['enable']) && $active_class == '') {
2216	+ $a2_token = md5(time() . rand());
2217	+ set_transient('a2_token-' . $item['slug'], $a2_token, 180);
2218	+ $links[] = array("?page=$settings_slug&enable_optimization={$item['slug']}&a2_token={$a2_token}", 'Enable', '_self');
2219	}
2220
2221	if (isset($item['not_configured_links'])) {

2809	return false;
2810	}
2811



















































2812	/**
2813	* Check Check for the correct a2_optimized directory
2814	* @return boolean true\|false

a2-optimized.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: A2 Optimized WP
4	Plugin URI: https://wordpress.org/plugins/a2-optimized/
5	- Version: 2.1.3.2
6	Author: A2 Hosting
7	Author URI: https://www.a2hosting.com/
8	Description: A2 Optimized - WordPress Optimization Plugin


2	/*
3	Plugin Name: A2 Optimized WP
4	Plugin URI: https://wordpress.org/plugins/a2-optimized/
5	+ Version: 2.1.3.3
6	Author: A2 Hosting
7	Author URI: https://www.a2hosting.com/
8	Description: A2 Optimized - WordPress Optimization Plugin

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: A2BCool, a2hosting, dmatteson, sputala
3	Tags: Speed, Optimize, Secure, Fast, W3 Total Cache, W3TC, Hosting
4	Requires at least: 5.1
5	- Tested up to: 5.~~7.1~~
6	- Stable tag: 2.1.3.2
7	Requires PHP: 5.6
8	License: GPLv3
9	License URI: http://www.gnu.org/licenses/gpl-3.0.html
	@@ -72,7 +72,7 @@ A2 Optimized has broken it down into the most valuable optimizations and will au
72
73	Compress Images on Upload:
74
75	- * Enables and configures ~~EWWW~~ Image Optimizer.
76	* Compresses images that are uploaded to save bandwidth.
77	* Improves page load times: especially on sites with many images.
78
	@@ -123,6 +123,9 @@ Yes. A2 Optimized works on any host that supports WordPress; however, A2 Hostin
123
124	== Changelog ==
125



126	= 2.1.3.1 =
127	* Small improvments to disk caching
128


2	Contributors: A2BCool, a2hosting, dmatteson, sputala
3	Tags: Speed, Optimize, Secure, Fast, W3 Total Cache, W3TC, Hosting
4	Requires at least: 5.1
5	+ Tested up to: 5.8
6	+ Stable tag: 2.1.3.3
7	Requires PHP: 5.6
8	License: GPLv3
9	License URI: http://www.gnu.org/licenses/gpl-3.0.html

72
73	Compress Images on Upload:
74
75	+ * Enables and configures Warp iMagick Image Optimizer.
76	* Compresses images that are uploaded to save bandwidth.
77	* Improves page load times: especially on sites with many images.
78

123
124	== Changelog ==
125
126	+ = 2.1.3.3 =
127	+ * Patches a cross-site-scripting vulnerablity. This is a recommended upgrade.
128	+
129	= 2.1.3.1 =
130	* Small improvments to disk caching
131