Version Description
- Add server input sanitization
Download this release
Release Info
| Developer | keycdn |
| Plugin |  Cache Enabler – WordPress Cache |
| Version | 1.8.8 |
| Comparing to | |
| See all releases | |
Code changes from version 1.8.7 to 1.8.8
- cache-enabler.php +1 -1
- inc/cache_enabler.class.php +1 -1
- inc/cache_enabler_disk.class.php +3 -3
- inc/cache_enabler_engine.class.php +57 -11
- readme.txt +4 -1
cache-enabler.php
CHANGED
|
@@ -6,7 +6,7 @@ Description: Simple and fast WordPress caching plugin.
|
|
| 6 |
Author: KeyCDN
|
| 7 |
Author URI: https://www.keycdn.com
|
| 8 |
License: GPLv2 or later
|
| 9 |
-
Version: 1.8.
|
| 10 |
*/
|
| 11 |
|
| 12 |
/*
|
| 6 |
Author: KeyCDN
|
| 7 |
Author URI: https://www.keycdn.com
|
| 8 |
License: GPLv2 or later
|
| 9 |
+
Version: 1.8.8
|
| 10 |
*/
|
| 11 |
|
| 12 |
/*
|
inc/cache_enabler.class.php
CHANGED
|
@@ -1342,7 +1342,7 @@ final class Cache_Enabler {
|
|
| 1342 |
}
|
| 1343 |
|
| 1344 |
if ( $_GET['_action'] === 'clearurl' ) {
|
| 1345 |
-
self::clear_page_cache_by_url( Cache_Enabler_Engine::$request_headers['Host'] . $_SERVER['REQUEST_URI'] );
|
| 1346 |
} elseif ( $_GET['_action'] === 'clear' ) {
|
| 1347 |
self::each_site( ( is_multisite() && is_network_admin() ), 'self::clear_site_cache', array(), true );
|
| 1348 |
}
|
| 1342 |
}
|
| 1343 |
|
| 1344 |
if ( $_GET['_action'] === 'clearurl' ) {
|
| 1345 |
+
self::clear_page_cache_by_url( Cache_Enabler_Engine::$request_headers['Host'] . Cache_Enabler_Engine::sanitize_server_input($_SERVER['REQUEST_URI'], false) );
|
| 1346 |
} elseif ( $_GET['_action'] === 'clear' ) {
|
| 1347 |
self::each_site( ( is_multisite() && is_network_admin() ), 'self::clear_site_cache', array(), true );
|
| 1348 |
}
|
inc/cache_enabler_disk.class.php
CHANGED
|
@@ -597,7 +597,7 @@ final class Cache_Enabler_Disk {
|
|
| 597 |
private static function get_cache_dir( $url = null ) {
|
| 598 |
|
| 599 |
if ( empty ( $url ) ) {
|
| 600 |
-
$url = 'http://' . Cache_Enabler_Engine::$request_headers['Host'] . $_SERVER['REQUEST_URI'];
|
| 601 |
}
|
| 602 |
|
| 603 |
$url_host = parse_url( $url, PHP_URL_HOST );
|
|
@@ -958,7 +958,7 @@ final class Cache_Enabler_Disk {
|
|
| 958 |
$settings_file_regex = str_replace( '.', '\.', $settings_file_regex );
|
| 959 |
|
| 960 |
if ( defined( 'SUBDOMAIN_INSTALL' ) && ! SUBDOMAIN_INSTALL && ! $skip_blog_path ) {
|
| 961 |
-
$url_path = trim( parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ), '/' );
|
| 962 |
|
| 963 |
if ( ! empty( $url_path ) ) {
|
| 964 |
$url_path_regex = str_replace( '/', '|', $url_path );
|
|
@@ -983,7 +983,7 @@ final class Cache_Enabler_Disk {
|
|
| 983 |
$settings_file_name = strtolower( Cache_Enabler_Engine::$request_headers['Host'] );
|
| 984 |
|
| 985 |
if ( is_multisite() && defined( 'SUBDOMAIN_INSTALL' ) && ! SUBDOMAIN_INSTALL && ! $skip_blog_path ) {
|
| 986 |
-
$url_path = $_SERVER['REQUEST_URI'];
|
| 987 |
$url_path_pieces = explode( '/', $url_path, 3 );
|
| 988 |
$blog_path = $url_path_pieces[1];
|
| 989 |
|
| 597 |
private static function get_cache_dir( $url = null ) {
|
| 598 |
|
| 599 |
if ( empty ( $url ) ) {
|
| 600 |
+
$url = 'http://' . Cache_Enabler_Engine::$request_headers['Host'] . Cache_Enabler_Engine::sanitize_server_input( $_SERVER['REQUEST_URI'], false );
|
| 601 |
}
|
| 602 |
|
| 603 |
$url_host = parse_url( $url, PHP_URL_HOST );
|
| 958 |
$settings_file_regex = str_replace( '.', '\.', $settings_file_regex );
|
| 959 |
|
| 960 |
if ( defined( 'SUBDOMAIN_INSTALL' ) && ! SUBDOMAIN_INSTALL && ! $skip_blog_path ) {
|
| 961 |
+
$url_path = trim( parse_url( Cache_Enabler_Engine::sanitize_server_input( $_SERVER['REQUEST_URI'], false ), PHP_URL_PATH ), '/' );
|
| 962 |
|
| 963 |
if ( ! empty( $url_path ) ) {
|
| 964 |
$url_path_regex = str_replace( '/', '|', $url_path );
|
| 983 |
$settings_file_name = strtolower( Cache_Enabler_Engine::$request_headers['Host'] );
|
| 984 |
|
| 985 |
if ( is_multisite() && defined( 'SUBDOMAIN_INSTALL' ) && ! SUBDOMAIN_INSTALL && ! $skip_blog_path ) {
|
| 986 |
+
$url_path = Cache_Enabler_Engine::sanitize_server_input( $_SERVER['REQUEST_URI'], false );
|
| 987 |
$url_path_pieces = explode( '/', $url_path, 3 );
|
| 988 |
$blog_path = $url_path_pieces[1];
|
| 989 |
|
inc/cache_enabler_engine.class.php
CHANGED
|
@@ -153,6 +153,45 @@ final class Cache_Enabler_Engine {
|
|
| 153 |
return $contents;
|
| 154 |
}
|
| 155 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 156 |
/**
|
| 157 |
* Get the required HTTP request headers from the current request.
|
| 158 |
*
|
|
@@ -170,15 +209,20 @@ final class Cache_Enabler_Engine {
|
|
| 170 |
$request_headers = function_exists( 'apache_request_headers' ) ? apache_request_headers() : array();
|
| 171 |
|
| 172 |
$request_headers = array(
|
| 173 |
-
'Accept' => isset( $request_headers['Accept'] ) ? $request_headers['Accept'] : ( isset( $_SERVER[
|
| 174 |
-
'Accept-Encoding' => isset( $request_headers['Accept-Encoding'] ) ? $request_headers['Accept-Encoding'] : ( isset( $_SERVER[
|
| 175 |
-
'Host' => isset( $request_headers['Host'] ) ? $request_headers['Host'] : ( isset( $_SERVER[
|
| 176 |
-
'If-Modified-Since' => isset( $request_headers['If-Modified-Since'] ) ? $request_headers['If-Modified-Since'] : ( isset( $_SERVER[
|
| 177 |
-
'User-Agent' => isset( $request_headers['User-Agent'] ) ? $request_headers['User-Agent'] : ( isset( $_SERVER[
|
| 178 |
-
'X-Forwarded-Proto' => isset( $request_headers['X-Forwarded-Proto'] ) ? $request_headers['X-Forwarded-Proto'] : ( isset( $_SERVER[
|
| 179 |
-
'X-Forwarded-Scheme' => isset( $request_headers['X-Forwarded-Scheme'] ) ? $request_headers['X-Forwarded-Scheme'] : ( isset( $_SERVER[
|
| 180 |
);
|
| 181 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 182 |
return $request_headers;
|
| 183 |
}
|
| 184 |
|
|
@@ -200,10 +244,12 @@ final class Cache_Enabler_Engine {
|
|
| 200 |
return false;
|
| 201 |
}
|
| 202 |
|
| 203 |
-
|
|
|
|
| 204 |
|
| 205 |
-
|
| 206 |
-
|
|
|
|
| 207 |
}
|
| 208 |
|
| 209 |
return false;
|
|
@@ -403,7 +449,7 @@ final class Cache_Enabler_Engine {
|
|
| 403 |
header( 'X-Cache-Handler: cache-enabler-engine' );
|
| 404 |
|
| 405 |
if ( strtotime( self::$request_headers['If-Modified-Since'] >= filemtime( $cache_file ) ) ) {
|
| 406 |
-
header( $_SERVER['SERVER_PROTOCOL'] . ' 304 Not Modified', true, 304 );
|
| 407 |
exit; // Deliver empty body.
|
| 408 |
}
|
| 409 |
|
| 153 |
return $contents;
|
| 154 |
}
|
| 155 |
|
| 156 |
+
/**
|
| 157 |
+
* Sanitize server input string.
|
| 158 |
+
*
|
| 159 |
+
* @since 1.8.8
|
| 160 |
+
* @change 1.8.8
|
| 161 |
+
*
|
| 162 |
+
* @param string $str Input string.
|
| 163 |
+
* @param bool $strict Strictly sanitized.
|
| 164 |
+
* @return string Sanitized input string.
|
| 165 |
+
*/
|
| 166 |
+
public static function sanitize_server_input($str, $strict = true) {
|
| 167 |
+
|
| 168 |
+
if ( is_object( $str ) || is_array( $str ) ) {
|
| 169 |
+
return '';
|
| 170 |
+
}
|
| 171 |
+
|
| 172 |
+
$str = (string) $str;
|
| 173 |
+
if ( 0 === strlen( $str ) ) {
|
| 174 |
+
return '';
|
| 175 |
+
}
|
| 176 |
+
|
| 177 |
+
$filtered = preg_replace( '/[\r\n\t ]+/', ' ', $str );
|
| 178 |
+
$filtered = trim( $filtered );
|
| 179 |
+
|
| 180 |
+
if ( $strict ) {
|
| 181 |
+
$found = false;
|
| 182 |
+
while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) ) {
|
| 183 |
+
$filtered = str_replace( $match[0], '', $filtered );
|
| 184 |
+
$found = true;
|
| 185 |
+
}
|
| 186 |
+
|
| 187 |
+
if ( $found ) {
|
| 188 |
+
$filtered = trim( preg_replace( '/ +/', ' ', $filtered ) );
|
| 189 |
+
}
|
| 190 |
+
}
|
| 191 |
+
|
| 192 |
+
return $filtered;
|
| 193 |
+
}
|
| 194 |
+
|
| 195 |
/**
|
| 196 |
* Get the required HTTP request headers from the current request.
|
| 197 |
*
|
| 209 |
$request_headers = function_exists( 'apache_request_headers' ) ? apache_request_headers() : array();
|
| 210 |
|
| 211 |
$request_headers = array(
|
| 212 |
+
'Accept' => isset( $request_headers['Accept'] ) ? $request_headers['Accept'] : ( isset( $_SERVER['HTTP_ACCEPT'] ) ? $_SERVER['HTTP_ACCEPT'] : '' ),
|
| 213 |
+
'Accept-Encoding' => isset( $request_headers['Accept-Encoding'] ) ? $request_headers['Accept-Encoding'] : ( isset( $_SERVER['HTTP_ACCEPT_ENCODING'] ) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '' ),
|
| 214 |
+
'Host' => isset( $request_headers['Host'] ) ? $request_headers['Host'] : ( isset( $_SERVER['HTTP_HOST'] ) ? $_SERVER[ 'HTTP_HOST' ] : '' ),
|
| 215 |
+
'If-Modified-Since' => isset( $request_headers['If-Modified-Since'] ) ? $request_headers['If-Modified-Since'] : ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ? $_SERVER['HTTP_IF_MODIFIED_SINCE'] : '' ),
|
| 216 |
+
'User-Agent' => isset( $request_headers['User-Agent'] ) ? $request_headers['User-Agent'] : ( isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : '' ),
|
| 217 |
+
'X-Forwarded-Proto' => isset( $request_headers['X-Forwarded-Proto'] ) ? $request_headers['X-Forwarded-Proto'] : ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) ? $_SERVER['HTTP_X_FORWARDED_PROTO'] : '' ),
|
| 218 |
+
'X-Forwarded-Scheme' => isset( $request_headers['X-Forwarded-Scheme'] ) ? $request_headers['X-Forwarded-Scheme'] : ( isset( $_SERVER['HTTP_X_FORWARDED_SCHEME'] ) ? $_SERVER['HTTP_X_FORWARDED_SCHEME'] : '' ),
|
| 219 |
);
|
| 220 |
|
| 221 |
+
// Sanitize request header values
|
| 222 |
+
foreach ($request_headers as $key => $value) {
|
| 223 |
+
$request_headers[$key] = self::sanitize_server_input( $value );
|
| 224 |
+
}
|
| 225 |
+
|
| 226 |
return $request_headers;
|
| 227 |
}
|
| 228 |
|
| 244 |
return false;
|
| 245 |
}
|
| 246 |
|
| 247 |
+
if ( isset( $_SERVER['SCRIPT_NAME'] ) ) {
|
| 248 |
+
$script_name_length = strlen( $_SERVER['SCRIPT_NAME'] );
|
| 249 |
|
| 250 |
+
if ( substr( CACHE_ENABLER_INDEX_FILE, -$script_name_length, $script_name_length ) === $_SERVER['SCRIPT_NAME'] ) {
|
| 251 |
+
return true;
|
| 252 |
+
}
|
| 253 |
}
|
| 254 |
|
| 255 |
return false;
|
| 449 |
header( 'X-Cache-Handler: cache-enabler-engine' );
|
| 450 |
|
| 451 |
if ( strtotime( self::$request_headers['If-Modified-Since'] >= filemtime( $cache_file ) ) ) {
|
| 452 |
+
header( self::sanitize_server_input( $_SERVER['SERVER_PROTOCOL'] ) . ' 304 Not Modified', true, 304 );
|
| 453 |
exit; // Deliver empty body.
|
| 454 |
}
|
| 455 |
|
readme.txt
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
Contributors: keycdn
|
| 3 |
Tags: cache, caching, performance, webp, gzip, brotli, mobile, speed
|
| 4 |
Requires at least: 5.1
|
| 5 |
-
Tested up to:
|
| 6 |
Requires PHP: 5.6
|
| 7 |
Stable tag: trunk
|
| 8 |
License: GPLv2 or later
|
|
@@ -55,6 +55,9 @@ Cache Enabler captures page contents and saves it as a static HTML file on the s
|
|
| 55 |
|
| 56 |
== Changelog ==
|
| 57 |
|
|
|
|
|
|
|
|
|
|
| 58 |
= 1.8.7 =
|
| 59 |
* Update plugin upgrade process for multisite networks (#303)
|
| 60 |
* Update `wp-config.php` file handling (#302)
|
| 2 |
Contributors: keycdn
|
| 3 |
Tags: cache, caching, performance, webp, gzip, brotli, mobile, speed
|
| 4 |
Requires at least: 5.1
|
| 5 |
+
Tested up to: 6.0
|
| 6 |
Requires PHP: 5.6
|
| 7 |
Stable tag: trunk
|
| 8 |
License: GPLv2 or later
|
| 55 |
|
| 56 |
== Changelog ==
|
| 57 |
|
| 58 |
+
= 1.8.8 =
|
| 59 |
+
* Add server input sanitization
|
| 60 |
+
|
| 61 |
= 1.8.7 =
|
| 62 |
* Update plugin upgrade process for multisite networks (#303)
|
| 63 |
* Update `wp-config.php` file handling (#302)
|
