Version Description
- Add server input sanitization
Download this release
Release Info
| Developer | keycdn |
| Plugin |  CDN Enabler – WordPress CDN Plugin |
| Version | 2.0.5 |
| Comparing to | |
| See all releases | |
Code changes from version 2.0.4 to 2.0.5
- cdn-enabler.php +2 -2
- inc/cdn_enabler_engine.class.php +41 -1
- readme.txt +4 -1
cdn-enabler.php
CHANGED
|
@@ -6,7 +6,7 @@ Description: Simple and fast WordPress content delivery network (CDN) integratio
|
|
| 6 |
Author: KeyCDN
|
| 7 |
Author URI: https://www.keycdn.com
|
| 8 |
License: GPLv2 or later
|
| 9 |
-
Version: 2.0.
|
| 10 |
*/
|
| 11 |
|
| 12 |
/*
|
|
@@ -32,7 +32,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
| 32 |
}
|
| 33 |
|
| 34 |
// constants
|
| 35 |
-
define( 'CDN_ENABLER_VERSION', '2.0.
|
| 36 |
define( 'CDN_ENABLER_MIN_PHP', '5.6' );
|
| 37 |
define( 'CDN_ENABLER_MIN_WP', '5.1' );
|
| 38 |
define( 'CDN_ENABLER_FILE', __FILE__ );
|
| 6 |
Author: KeyCDN
|
| 7 |
Author URI: https://www.keycdn.com
|
| 8 |
License: GPLv2 or later
|
| 9 |
+
Version: 2.0.5
|
| 10 |
*/
|
| 11 |
|
| 12 |
/*
|
| 32 |
}
|
| 33 |
|
| 34 |
// constants
|
| 35 |
+
define( 'CDN_ENABLER_VERSION', '2.0.5' );
|
| 36 |
define( 'CDN_ENABLER_MIN_PHP', '5.6' );
|
| 37 |
define( 'CDN_ENABLER_MIN_WP', '5.1' );
|
| 38 |
define( 'CDN_ENABLER_FILE', __FILE__ );
|
inc/cdn_enabler_engine.class.php
CHANGED
|
@@ -92,6 +92,46 @@ final class CDN_Enabler_Engine {
|
|
| 92 |
}
|
| 93 |
|
| 94 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 95 |
/**
|
| 96 |
* check if file URL is excluded from rewrite
|
| 97 |
*
|
|
@@ -181,7 +221,7 @@ final class CDN_Enabler_Engine {
|
|
| 181 |
private static function rewrite_url( $matches ) {
|
| 182 |
|
| 183 |
$file_url = $matches[0];
|
| 184 |
-
$site_hostname = ( ! empty( $_SERVER['HTTP_HOST'] ) ) ? $_SERVER['HTTP_HOST'] : parse_url( home_url(), PHP_URL_HOST );
|
| 185 |
$site_hostnames = (array) apply_filters( 'cdn_enabler_site_hostnames', array( $site_hostname ) );
|
| 186 |
$cdn_hostname = self::$settings['cdn_hostname'];
|
| 187 |
|
| 92 |
}
|
| 93 |
|
| 94 |
|
| 95 |
+
/**
|
| 96 |
+
* Sanitize server input string.
|
| 97 |
+
*
|
| 98 |
+
* @since 2.0.5
|
| 99 |
+
* @change 2.0.5
|
| 100 |
+
*
|
| 101 |
+
* @param string $str Input string.
|
| 102 |
+
* @param bool $strict Strictly sanitized.
|
| 103 |
+
* @return string Sanitized input string.
|
| 104 |
+
*/
|
| 105 |
+
public static function sanitize_server_input($str, $strict = true) {
|
| 106 |
+
|
| 107 |
+
if ( is_object( $str ) || is_array( $str ) ) {
|
| 108 |
+
return '';
|
| 109 |
+
}
|
| 110 |
+
|
| 111 |
+
$str = (string) $str;
|
| 112 |
+
if ( 0 === strlen( $str ) ) {
|
| 113 |
+
return '';
|
| 114 |
+
}
|
| 115 |
+
|
| 116 |
+
$filtered = preg_replace( '/[\r\n\t ]+/', ' ', $str );
|
| 117 |
+
$filtered = trim( $filtered );
|
| 118 |
+
|
| 119 |
+
if ( $strict ) {
|
| 120 |
+
$found = false;
|
| 121 |
+
while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) ) {
|
| 122 |
+
$filtered = str_replace( $match[0], '', $filtered );
|
| 123 |
+
$found = true;
|
| 124 |
+
}
|
| 125 |
+
|
| 126 |
+
if ( $found ) {
|
| 127 |
+
$filtered = trim( preg_replace( '/ +/', ' ', $filtered ) );
|
| 128 |
+
}
|
| 129 |
+
}
|
| 130 |
+
|
| 131 |
+
return $filtered;
|
| 132 |
+
}
|
| 133 |
+
|
| 134 |
+
|
| 135 |
/**
|
| 136 |
* check if file URL is excluded from rewrite
|
| 137 |
*
|
| 221 |
private static function rewrite_url( $matches ) {
|
| 222 |
|
| 223 |
$file_url = $matches[0];
|
| 224 |
+
$site_hostname = ( ! empty( $_SERVER['HTTP_HOST'] ) ) ? self::sanitize_server_input( $_SERVER['HTTP_HOST'] ) : parse_url( home_url(), PHP_URL_HOST );
|
| 225 |
$site_hostnames = (array) apply_filters( 'cdn_enabler_site_hostnames', array( $site_hostname ) );
|
| 226 |
$cdn_hostname = self::$settings['cdn_hostname'];
|
| 227 |
|
readme.txt
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
Contributors: keycdn
|
| 3 |
Tags: cdn, content delivery network, content distribution network
|
| 4 |
Requires at least: 5.1
|
| 5 |
-
Tested up to:
|
| 6 |
Requires PHP: 5.6
|
| 7 |
Stable tag: trunk
|
| 8 |
License: GPLv2 or later
|
|
@@ -48,6 +48,9 @@ CDN Enabler captures page contents and rewrites URLs to be served by the designa
|
|
| 48 |
|
| 49 |
== Changelog ==
|
| 50 |
|
|
|
|
|
|
|
|
|
|
| 51 |
= 2.0.4 =
|
| 52 |
* Update configuration validation to include the Site Address (URL) as an HTTP `Referer` (#42)
|
| 53 |
* Update URL matcher in rewriter to match URLs that are in escaped JSON format (#41)
|
| 2 |
Contributors: keycdn
|
| 3 |
Tags: cdn, content delivery network, content distribution network
|
| 4 |
Requires at least: 5.1
|
| 5 |
+
Tested up to: 6.0
|
| 6 |
Requires PHP: 5.6
|
| 7 |
Stable tag: trunk
|
| 8 |
License: GPLv2 or later
|
| 48 |
|
| 49 |
== Changelog ==
|
| 50 |
|
| 51 |
+
= 2.0.5 =
|
| 52 |
+
* Add server input sanitization
|
| 53 |
+
|
| 54 |
= 2.0.4 =
|
| 55 |
* Update configuration validation to include the Site Address (URL) as an HTTP `Referer` (#42)
|
| 56 |
* Update URL matcher in rewriter to match URLs that are in escaped JSON format (#41)
|
