Version Description
- Fix for remote code execution vulnerability - credit to Wordfence
Download this release
Release Info
| Developer | spacetime |
| Plugin |  Ad Inserter – WordPress Ads Management with AdSense Header Integration |
| Version | 2.4.22 |
| Comparing to | |
| See all releases | |
Code changes from version 2.4.20 to 2.4.22
- ad-inserter.php +33 -3
- constants.php +1 -1
- css/ai-settings.css +1 -1
- js/ad-inserter.js +1 -1
- readme.txt +14 -2
ad-inserter.php
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
|
| 3 |
/*
|
| 4 |
Plugin Name: Ad Inserter
|
| 5 |
-
Version: 2.4.
|
| 6 |
Description: Ad management with many advanced advertising features to insert ads at optimal positions
|
| 7 |
Author: Igor Funa
|
| 8 |
Author URI: http://igorfuna.com/
|
|
@@ -15,6 +15,12 @@ Domain Path: /languages
|
|
| 15 |
|
| 16 |
Change Log
|
| 17 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 18 |
Ad Inserter 2.4.20 - 2019-07-09
|
| 19 |
- Fix for path traversal vulnerability - credit to Wilfried B�card of Synacktiv (https://synacktiv.com)
|
| 20 |
- Fix for block rearrangement issues
|
|
@@ -4663,6 +4669,10 @@ function ai_ajax_backend () {
|
|
| 4663 |
// check_ajax_referer ("adinserter_data", "ai_check");
|
| 4664 |
check_admin_referer ("adinserter_data", "ai_check");
|
| 4665 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4666 |
if (isset ($_POST ["preview"])) {
|
| 4667 |
$block = urldecode ($_POST ["preview"]);
|
| 4668 |
if (is_numeric ($block) && $block >= 1 && $block <= 96) {
|
|
@@ -4689,6 +4699,10 @@ function ai_ajax_backend () {
|
|
| 4689 |
if (isset ($_POST ['count'])) $preview_parameters ['count'] = $_POST ['count'];
|
| 4690 |
if (isset ($_POST ['rotate'])) $preview_parameters ['rotate'] = $_POST ['rotate'];
|
| 4691 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4692 |
generate_code_preview (
|
| 4693 |
$block,
|
| 4694 |
$preview_parameters
|
|
@@ -4696,7 +4710,13 @@ function ai_ajax_backend () {
|
|
| 4696 |
}
|
| 4697 |
elseif ($block == 'adb') {
|
| 4698 |
require_once AD_INSERTER_PLUGIN_DIR.'includes/preview-adb.php';
|
| 4699 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4700 |
}
|
| 4701 |
elseif ($block == 'adsense') {
|
| 4702 |
|
|
@@ -4738,7 +4758,13 @@ function ai_ajax_backend () {
|
|
| 4738 |
elseif (isset ($_POST ["edit"])) {
|
| 4739 |
if (is_numeric ($_POST ["edit"]) && $_POST ["edit"] >= 1 && $_POST ["edit"] <= 96) {
|
| 4740 |
require_once AD_INSERTER_PLUGIN_DIR.'includes/editor.php';
|
| 4741 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 4742 |
}
|
| 4743 |
}
|
| 4744 |
|
|
@@ -5549,6 +5575,10 @@ function generate_selection_css () {
|
|
| 5549 |
function ai_settings () {
|
| 5550 |
global $ai_db_options, $block_object, $wpdb, $ai_db_options_extract;
|
| 5551 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5552 |
if (isset ($_POST [AI_FORM_SAVE])) {
|
| 5553 |
|
| 5554 |
// echo count ($_POST);
|
| 2 |
|
| 3 |
/*
|
| 4 |
Plugin Name: Ad Inserter
|
| 5 |
+
Version: 2.4.22
|
| 6 |
Description: Ad management with many advanced advertising features to insert ads at optimal positions
|
| 7 |
Author: Igor Funa
|
| 8 |
Author URI: http://igorfuna.com/
|
| 15 |
|
| 16 |
Change Log
|
| 17 |
|
| 18 |
+
Ad Inserter 2.4.22 - 2019-07-13
|
| 19 |
+
- Fix for remote code execution vulnerability - credit to Wordfence
|
| 20 |
+
|
| 21 |
+
Ad Inserter 2.4.21 - 2019-07-11
|
| 22 |
+
- Fix for possible error Class not found (Pro only)
|
| 23 |
+
|
| 24 |
Ad Inserter 2.4.20 - 2019-07-09
|
| 25 |
- Fix for path traversal vulnerability - credit to Wilfried B�card of Synacktiv (https://synacktiv.com)
|
| 26 |
- Fix for block rearrangement issues
|
| 4669 |
// check_ajax_referer ("adinserter_data", "ai_check");
|
| 4670 |
check_admin_referer ("adinserter_data", "ai_check");
|
| 4671 |
|
| 4672 |
+
if (!current_user_can ('activate_plugins')) {
|
| 4673 |
+
wp_die ();
|
| 4674 |
+
}
|
| 4675 |
+
|
| 4676 |
if (isset ($_POST ["preview"])) {
|
| 4677 |
$block = urldecode ($_POST ["preview"]);
|
| 4678 |
if (is_numeric ($block) && $block >= 1 && $block <= 96) {
|
| 4699 |
if (isset ($_POST ['count'])) $preview_parameters ['count'] = $_POST ['count'];
|
| 4700 |
if (isset ($_POST ['rotate'])) $preview_parameters ['rotate'] = $_POST ['rotate'];
|
| 4701 |
|
| 4702 |
+
if (!current_user_can ('edit_plugins')) {
|
| 4703 |
+
$preview_parameters ['php'] = false;
|
| 4704 |
+
}
|
| 4705 |
+
|
| 4706 |
generate_code_preview (
|
| 4707 |
$block,
|
| 4708 |
$preview_parameters
|
| 4710 |
}
|
| 4711 |
elseif ($block == 'adb') {
|
| 4712 |
require_once AD_INSERTER_PLUGIN_DIR.'includes/preview-adb.php';
|
| 4713 |
+
|
| 4714 |
+
$process_php = isset ($_POST ["php"]) && $_POST ["php"] == 1;
|
| 4715 |
+
if (!current_user_can ('edit_plugins')) {
|
| 4716 |
+
$process_php = false;
|
| 4717 |
+
}
|
| 4718 |
+
|
| 4719 |
+
generate_code_preview_adb (base64_decode ($_POST ["code"]), $process_php);
|
| 4720 |
}
|
| 4721 |
elseif ($block == 'adsense') {
|
| 4722 |
|
| 4758 |
elseif (isset ($_POST ["edit"])) {
|
| 4759 |
if (is_numeric ($_POST ["edit"]) && $_POST ["edit"] >= 1 && $_POST ["edit"] <= 96) {
|
| 4760 |
require_once AD_INSERTER_PLUGIN_DIR.'includes/editor.php';
|
| 4761 |
+
|
| 4762 |
+
$process_php = isset ($_POST ["php"]) && $_POST ["php"] == 1;
|
| 4763 |
+
if (!current_user_can ('edit_plugins')) {
|
| 4764 |
+
$process_php = false;
|
| 4765 |
+
}
|
| 4766 |
+
|
| 4767 |
+
generate_code_editor ($_POST ["edit"], base64_decode ($_POST ["code"]), $process_php);
|
| 4768 |
}
|
| 4769 |
}
|
| 4770 |
|
| 5575 |
function ai_settings () {
|
| 5576 |
global $ai_db_options, $block_object, $wpdb, $ai_db_options_extract;
|
| 5577 |
|
| 5578 |
+
if (!current_user_can ('activate_plugins')) {
|
| 5579 |
+
return;
|
| 5580 |
+
}
|
| 5581 |
+
|
| 5582 |
if (isset ($_POST [AI_FORM_SAVE])) {
|
| 5583 |
|
| 5584 |
// echo count ($_POST);
|
constants.php
CHANGED
|
@@ -29,7 +29,7 @@ if (!defined( 'AD_INSERTER_NAME'))
|
|
| 29 |
define ('AD_INSERTER_NAME', 'Ad Inserter');
|
| 30 |
|
| 31 |
if (!defined( 'AD_INSERTER_VERSION'))
|
| 32 |
-
define ('AD_INSERTER_VERSION', '2.4.
|
| 33 |
|
| 34 |
if (!defined ('AD_INSERTER_PLUGIN_BASENAME'))
|
| 35 |
define ('AD_INSERTER_PLUGIN_BASENAME', plugin_basename (__FILE__));
|
| 29 |
define ('AD_INSERTER_NAME', 'Ad Inserter');
|
| 30 |
|
| 31 |
if (!defined( 'AD_INSERTER_VERSION'))
|
| 32 |
+
define ('AD_INSERTER_VERSION', '2.4.22');
|
| 33 |
|
| 34 |
if (!defined ('AD_INSERTER_PLUGIN_BASENAME'))
|
| 35 |
define ('AD_INSERTER_PLUGIN_BASENAME', plugin_basename (__FILE__));
|
css/ai-settings.css
CHANGED
|
@@ -1,5 +1,5 @@
|
|
| 1 |
#ai-data {
|
| 2 |
-
font-family: "2.4.
|
| 3 |
}
|
| 4 |
|
| 5 |
#blocked-warning {
|
| 1 |
#ai-data {
|
| 2 |
+
font-family: "2.4.22"; /* Used for version number of the file */
|
| 3 |
}
|
| 4 |
|
| 5 |
#blocked-warning {
|
js/ad-inserter.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
var javascript_version = "2.4.
|
| 2 |
var ignore_key = true;
|
| 3 |
var start = 1;
|
| 4 |
var end = 16;
|
| 1 |
+
var javascript_version = "2.4.22";
|
| 2 |
var ignore_key = true;
|
| 3 |
var start = 1;
|
| 4 |
var end = 16;
|
readme.txt
CHANGED
|
@@ -6,7 +6,7 @@ Tags: ads, adsense, ad rotation, ad manager, amp, amazon, ad blocking detection,
|
|
| 6 |
Requires at least: 4.0
|
| 7 |
Tested up to: 5.2
|
| 8 |
Requires PHP: 5.6
|
| 9 |
-
Stable tag: 2.4.
|
| 10 |
License: GPLv3
|
| 11 |
|
| 12 |
Manage ads: Google AdSense, Media.net, Amazon banners, ad rotation, sticky widgets, AMP ads, DFP, PHP, tracking, AdSense header and footer code
|
|
@@ -313,8 +313,14 @@ If you are not happy to reveal this information and you have opted in, simply di
|
|
| 313 |
|
| 314 |
== Changelog ==
|
| 315 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 316 |
= 2.4.20 =
|
| 317 |
-
- Fix for path traversal vulnerability - credit to Wilfried
|
| 318 |
- Fix for block rearrangement issues
|
| 319 |
- Few minor bug fixes, cosmetic changes and code improvements
|
| 320 |
|
|
@@ -442,6 +448,12 @@ For the changelog of earlier versions, please refer to the separate changelog.tx
|
|
| 442 |
|
| 443 |
== Upgrade Notice ==
|
| 444 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 445 |
= 2.4.20 =
|
| 446 |
Fix for path traversal vulnerability;
|
| 447 |
Fix for block rearrangement issues;
|
| 6 |
Requires at least: 4.0
|
| 7 |
Tested up to: 5.2
|
| 8 |
Requires PHP: 5.6
|
| 9 |
+
Stable tag: 2.4.22
|
| 10 |
License: GPLv3
|
| 11 |
|
| 12 |
Manage ads: Google AdSense, Media.net, Amazon banners, ad rotation, sticky widgets, AMP ads, DFP, PHP, tracking, AdSense header and footer code
|
| 313 |
|
| 314 |
== Changelog ==
|
| 315 |
|
| 316 |
+
= 2.4.22 =
|
| 317 |
+
- Fix for remote code execution vulnerability - credit to Wordfence
|
| 318 |
+
|
| 319 |
+
= 2.4.21 =
|
| 320 |
+
- Fix for possible error Class not found (Pro only)
|
| 321 |
+
|
| 322 |
= 2.4.20 =
|
| 323 |
+
- Fix for path traversal vulnerability - credit to Wilfried Becard of Synacktiv (https://synacktiv.com)
|
| 324 |
- Fix for block rearrangement issues
|
| 325 |
- Few minor bug fixes, cosmetic changes and code improvements
|
| 326 |
|
| 448 |
|
| 449 |
== Upgrade Notice ==
|
| 450 |
|
| 451 |
+
= 2.4.22 =
|
| 452 |
+
Fix for remote code execution vulnerability
|
| 453 |
+
|
| 454 |
+
= 2.4.21 =
|
| 455 |
+
Fix for possible error Class not found (Pro only)
|
| 456 |
+
|
| 457 |
= 2.4.20 =
|
| 458 |
Fix for path traversal vulnerability;
|
| 459 |
Fix for block rearrangement issues;
|
