Companion Auto Update - Version 3.2.1

Version Description

( October 2, 2018) = * Fix: Cross-site request forgery (CSRF)/local file inclusion (LFI) vulnerability.

Download this release

Release Info

Developer Papin
Plugin Icon 128x128 Companion Auto Update
Version 3.2.1
Comparing to
See all releases

Code changes from version 3.2.0 to 3.2.1

Files changed (7) hide show
  1. admin/rollback.php +1 -1
  2. admin/status.php +38 -0
  3. admin/support.php +7 -0
  4. backend/style.css +26 -0
  5. cau_functions.php +48 -1
  6. companion-auto-update.php +9 -2
  7. readme.txt +4 -1
admin/rollback.php CHANGED
@@ -1,3 +1,3 @@
1
  <?php
2
-
3
  ?>
1
  <?php
2
+ // Currently working on this
3
  ?>
admin/status.php CHANGED
@@ -201,4 +201,42 @@ if( checkAutomaticUpdaterDisabled() ) { ?>
201
 
202
  </table>
203
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
204
  <?php } ?>
201
 
202
  </table>
203
 
204
+ <?php }
205
+
206
+ function cau_incompatiblePlugins() {
207
+
208
+ if( is_plugin_active( 'better-wp-security/better-wp-security.php' ) ) {
209
+ return true;
210
+ } else {
211
+ return false;
212
+ }
213
+
214
+ }
215
+
216
+ if( cau_incompatiblePlugins() ) { ?>
217
+
218
+ <p>&nbsp;</p>
219
+ <h2 style="margin-bottom: 3px"><?php _e('Possible plugin issues', 'companion-auto-update'); ?></h2>
220
+ <span class='cau_disabled'><?php _e("You're using one or more plugins that <i>might</i> cause issues.", "companion-auto-update"); ?></span>
221
+
222
+ <table class="cau_status_list widefat striped">
223
+
224
+ <thead>
225
+ <tr>
226
+ <th><strong><?php _e('Plugin name', 'companion-auto-update'); ?></strong></th>
227
+ <th><strong><?php _e('How to fix', 'companion-auto-update'); ?></strong></th>
228
+ </tr>
229
+ </thead>
230
+
231
+ <tbody id="the-list">
232
+ <?php if( is_plugin_active( 'better-wp-security/better-wp-security.php' ) ) { ?>
233
+ <tr>
234
+ <td>iThemes Security</td>
235
+ <td><a href="<?php echo admin_url( 'tools.php?page=cau-settings&tab=support' ); ?>"><?php _e('Contact for support', 'companion-auto-update'); ?></a></td>
236
+ </tr>
237
+ <?php } ?>
238
+ </tbody>
239
+
240
+ </table>
241
+
242
  <?php } ?>
admin/support.php CHANGED
@@ -2,8 +2,15 @@
2
  <h2 class="title"><?php _e('Support', 'companion-auto-update');?></h2>
3
  <?php _e('Feel free to reach out to me if you have any questions or feedback.', 'companion-auto-update'); ?>
4
 
 
5
  <table class="form-table cau_support">
6
 
 
 
 
 
 
 
7
  <tr>
8
  <th scope="row"><?php _e('Give feedback', 'companion-auto-update');?></th>
9
  <td>
2
  <h2 class="title"><?php _e('Support', 'companion-auto-update');?></h2>
3
  <?php _e('Feel free to reach out to me if you have any questions or feedback.', 'companion-auto-update'); ?>
4
 
5
+
6
  <table class="form-table cau_support">
7
 
8
+ <tr>
9
+ <th scope="row"><?php _e('FAQ', 'companion-auto-update');?></th>
10
+ <td>
11
+ <a href="https://codeermeneer.nl/stuffs/faq-auto-updater/" target="_blank" class="button"><span class="dashicons dashicons-editor-help"></span> <?php _e('Frequently Asked Questions', 'companion-auto-update'); ?></a>
12
+ </td>
13
+ </tr>
14
  <tr>
15
  <th scope="row"><?php _e('Give feedback', 'companion-auto-update');?></th>
16
  <td>
backend/style.css CHANGED
@@ -61,6 +61,19 @@ table.cau_status_list {
61
  color: #FF0000;
62
  }
63
 
 
 
 
 
 
 
 
 
 
 
 
 
 
64
  /* Custom checkboxes */
65
  #the-list input[type="checkbox"]:not(:checked), #the-list input[type="checkbox"]:checked {
66
  width: 45px;
@@ -156,6 +169,19 @@ table.cau_status_list {
156
  background-color: #796597;
157
  border-color: #5B4C72;
158
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
159
  .cau_support .donate-button {
160
  padding: 10px 15px;
161
  height: auto;
61
  color: #FF0000;
62
  }
63
 
64
+ /* Rollback list */
65
+ table.rollbacklist {
66
+ max-width: 650px;
67
+ }
68
+ table.rollbacklist td {
69
+ vertical-align: middle;
70
+ }
71
+ table.rollbacklist td a.versionselectbutton {
72
+ display: inline-block;
73
+ width: 100px;
74
+ text-align: center;
75
+ }
76
+
77
  /* Custom checkboxes */
78
  #the-list input[type="checkbox"]:not(:checked), #the-list input[type="checkbox"]:checked {
79
  width: 45px;
169
  background-color: #796597;
170
  border-color: #5B4C72;
171
  }
172
+ .cau_content_wrap .buttonIsLoading {
173
+ background: #DDD!important;
174
+ }
175
+ .cau_content_wrap .buttonIsLoading img {
176
+ position: relative;
177
+ bottom: -3px;
178
+ }
179
+ .cau_content_wrap .button-primary.disabled {
180
+ background-color: #DDD!important;
181
+ border-color: #BDBDBD!important;
182
+ color: rgba(0,0,0,0.7)!important;
183
+ text-shadow: none!important;
184
+ }
185
  .cau_support .donate-button {
186
  padding: 10px 15px;
187
  height: auto;
cau_functions.php CHANGED
@@ -164,7 +164,16 @@ function cau_fetch_log( $limit, $format = 'simple' ) {
164
 
165
  echo '<tr>';
166
 
167
- echo '<td class="column-updatetitle"><p><strong>'. $pluginNames[$key] .'</strong></p></td>';
 
 
 
 
 
 
 
 
 
168
 
169
  if( $format == 'table' ) {
170
 
@@ -207,4 +216,42 @@ function cau_dont_update( $update, $item ) {
207
 
208
  }
209
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
210
  ?>
164
 
165
  echo '<tr>';
166
 
167
+ if( $format == 'table' ) {
168
+ $pluginName = $pluginNames[$key];
169
+ } else {
170
+ $pluginName = substr( $pluginNames[$key], 0, 25);
171
+ if( strlen( $pluginNames[$key] ) > 25 ) {
172
+ $pluginName .= '...';
173
+ }
174
+ }
175
+
176
+ echo '<td class="column-updatetitle"><p><strong title="'. $pluginNames[$key] .'">'. $pluginName .'</strong></p></td>';
177
 
178
  if( $format == 'table' ) {
179
 
216
 
217
  }
218
 
219
+ // Get plugin information of repository
220
+ function cau_plugin_info( $slug, $what ) {
221
+
222
+ $slug = sanitize_title( $slug );
223
+ $cau_transient_name = 'cau' . $slug;
224
+ $cau_info = get_transient( $cau_transient_name );
225
+
226
+ require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
227
+ $cau_info = plugins_api( 'plugin_information', array( 'slug' => $slug ) );
228
+
229
+ if ( ! $cau_info or is_wp_error( $cau_info ) ) {
230
+ return false;
231
+ }
232
+
233
+ set_transient( $cau_transient_name, $cau_info, 3600 );
234
+
235
+ if( $what == 'versions' ) return $cau_info->versions;
236
+ if( $what == 'version' ) return $cau_info->version;
237
+ if( $what == 'name' ) return $cau_info->name;
238
+
239
+ }
240
+
241
+ // Get plugin information of currently installed plugins
242
+ function cau_active_plugin_info( $slug, $what ) {
243
+
244
+ $allPlugins = get_plugins();
245
+
246
+ foreach ($allPlugins as $key => $value) {
247
+ $thisSlug = explode('/',$key)[0];
248
+ if( $thisSlug == $slug ) {
249
+
250
+ if( $what == 'version' ) return $value['Version'];
251
+
252
+ }
253
+ }
254
+
255
+ }
256
+
257
  ?>
companion-auto-update.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Companion Auto Update
4
  * Plugin URI: http://codeermeneer.nl/portfolio/companion-auto-update/
5
  * Description: This plugin auto updates all plugins, all themes and the wordpress core.
6
- * Version: 3.2.0
7
  * Author: Papin Schipper
8
  * Author URI: http://codeermeneer.nl/
9
  * Contributors: papin
@@ -182,7 +182,14 @@ function cau_frontend() { ?>
182
 
183
  } else {
184
 
185
- require_once( 'admin/'.$_GET['tab'].'.php' );
 
 
 
 
 
 
 
186
 
187
  } ?>
188
 
3
  * Plugin Name: Companion Auto Update
4
  * Plugin URI: http://codeermeneer.nl/portfolio/companion-auto-update/
5
  * Description: This plugin auto updates all plugins, all themes and the wordpress core.
6
+ * Version: 3.2.1
7
  * Author: Papin Schipper
8
  * Author URI: http://codeermeneer.nl/
9
  * Contributors: papin
182
 
183
  } else {
184
 
185
+ $requestedPage = $_GET['tab'];
186
+ $allowedPages = array( 'dashboard', 'log', 'pluginlist', 'rollback', 'schedule', 'status', 'support' );
187
+
188
+ if( in_array( $requestedPage, $allowedPages) ) {
189
+ require_once( 'admin/'.$requestedPage.'.php' );
190
+ } else {
191
+ wp_die( 'You\'re not allowed to view <strong>'.$requestedPage.'</strong>.' );
192
+ }
193
 
194
  } ?>
195
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.me/dakel/2
4
  Tags: auto, automatic, background, update, updates, updating, automatic updates, automatic background updates, easy update, wordpress update, theme update, plugin update, up-to-date, security, update latest version, update core, update wp, update wp core, major updates, minor updates, update to new version, update core, update plugin, update plugins, update plugins automatically, update theme, plugin, theme, advance, control, mail, notifations, enable
5
  Requires at least: 3.5.0
6
  Tested up to: 4.9
7
- Stable tag: 3.2.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -71,6 +71,9 @@ For some reason this plugin seems to have trouble with updating themes by Elegan
71
 
72
  == Changelog ==
73
 
 
 
 
74
  = 3.2.0 (August 11, 2018) =
75
  * Improved: Email notifications just got better and now contain version numbers.
76
  * Improved: Explained the difference between major and minor WordPress core updates.
4
  Tags: auto, automatic, background, update, updates, updating, automatic updates, automatic background updates, easy update, wordpress update, theme update, plugin update, up-to-date, security, update latest version, update core, update wp, update wp core, major updates, minor updates, update to new version, update core, update plugin, update plugins, update plugins automatically, update theme, plugin, theme, advance, control, mail, notifations, enable
5
  Requires at least: 3.5.0
6
  Tested up to: 4.9
7
+ Stable tag: 3.2.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
71
 
72
  == Changelog ==
73
 
74
+ = 3.2.1 ( October 2, 2018) =
75
+ * Fix: Cross-site request forgery (CSRF)/local file inclusion (LFI) vulnerability.
76
+
77
  = 3.2.0 (August 11, 2018) =
78
  * Improved: Email notifications just got better and now contain version numbers.
79
  * Improved: Explained the difference between major and minor WordPress core updates.