Easy Digital Downloads - Version 2.4.10

Version Description

Download this release

Release Info

Developer mordauk
Plugin Icon 128x128 Easy Digital Downloads
Version 2.4.10
Comparing to
See all releases

Code changes from version 2.4.9 to 2.4.10

Files changed (4) hide show
  1. easy-digital-downloads.php +3 -3
  2. includes/libraries/class-wp-session.php +21 -2
  3. includes/libraries/wp-session.php +5 -3
  4. readme.txt +5 -1
easy-digital-downloads.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: Serve Digital Downloads Through WordPress
6
  * Author: Pippin Williamson
7
  * Author URI: https://pippinsplugins.com
8
- * Version: 2.4.9
9
  * Text Domain: easy-digital-downloads
10
  * Domain Path: languages
11
  *
@@ -25,7 +25,7 @@
25
  * @package EDD
26
  * @category Core
27
  * @author Pippin Williamson
28
- * @version 2.4.8
29
  */
30
 
31
  // Exit if accessed directly
@@ -187,7 +187,7 @@ final class Easy_Digital_Downloads {
187
 
188
  // Plugin version
189
  if ( ! defined( 'EDD_VERSION' ) ) {
190
- define( 'EDD_VERSION', '2.4.9' );
191
  }
192
 
193
  // Plugin Folder Path
5
  * Description: Serve Digital Downloads Through WordPress
6
  * Author: Pippin Williamson
7
  * Author URI: https://pippinsplugins.com
8
+ * Version: 2.4.10
9
  * Text Domain: easy-digital-downloads
10
  * Domain Path: languages
11
  *
25
  * @package EDD
26
  * @category Core
27
  * @author Pippin Williamson
28
+ * @version 2.4.10
29
  */
30
 
31
  // Exit if accessed directly
187
 
188
  // Plugin version
189
  if ( ! defined( 'EDD_VERSION' ) ) {
190
+ define( 'EDD_VERSION', '2.4.10' );
191
  }
192
 
193
  // Plugin Folder Path
includes/libraries/class-wp-session.php CHANGED
@@ -76,8 +76,17 @@ final class WP_Session extends Recursive_ArrayAccess implements Iterator, Counta
76
  $cookie = stripslashes( $_COOKIE[WP_SESSION_COOKIE] );
77
  $cookie_crumbs = explode( '||', $cookie );
78
 
79
- $this->session_id = $cookie_crumbs[0];
80
- $this->expires = $cookie_crumbs[1];
 
 
 
 
 
 
 
 
 
81
  $this->exp_variant = $cookie_crumbs[2];
82
 
83
  // Update the session expiration if we're past the variant time
@@ -139,6 +148,16 @@ final class WP_Session extends Recursive_ArrayAccess implements Iterator, Counta
139
  return md5( $hasher->get_random_bytes( 32 ) );
140
  }
141
 
 
 
 
 
 
 
 
 
 
 
142
  /**
143
  * Read data from a transient for the current session.
144
  *
76
  $cookie = stripslashes( $_COOKIE[WP_SESSION_COOKIE] );
77
  $cookie_crumbs = explode( '||', $cookie );
78
 
79
+ if( $this->is_valid_md5( $cookie_crumbs[0] ) ) {
80
+
81
+ $this->session_id = $cookie_crumbs[0];
82
+
83
+ } else {
84
+
85
+ $this->regenerate_id( true );
86
+
87
+ }
88
+
89
+ $this->expires = $cookie_crumbs[1];
90
  $this->exp_variant = $cookie_crumbs[2];
91
 
92
  // Update the session expiration if we're past the variant time
148
  return md5( $hasher->get_random_bytes( 32 ) );
149
  }
150
 
151
+ /**
152
+ * Checks if is valid md5 string
153
+ *
154
+ * @param string $md5
155
+ * @return int
156
+ */
157
+ protected function is_valid_md5( $md5 = '' ){
158
+ return preg_match( '/^[a-f0-9]{32}$/', $md5 );
159
+ }
160
+
161
  /**
162
  * Read data from a transient for the current session.
163
  *
includes/libraries/wp-session.php CHANGED
@@ -139,24 +139,26 @@ function wp_session_cleanup() {
139
  $expired_sessions = array();
140
 
141
  foreach( $expiration_keys as $expiration ) {
 
142
  // If the session has expired
143
  if ( $now > intval( $expiration->option_value ) ) {
 
144
  // Get the session ID by parsing the option_name
145
  $session_id = substr( $expiration->option_name, 20 );
146
 
147
- if( (int) -1 === (int) $session_id ) {
148
  continue;
149
  }
150
 
151
  $expired_sessions[] = $expiration->option_name;
152
- $expired_sessions[] = "_wp_session_$session_id";
153
  }
154
  }
155
 
156
  // Delete all expired sessions in a single query
157
  if ( ! empty( $expired_sessions ) ) {
158
  $option_names = implode( "','", $expired_sessions );
159
- $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name IN ('$option_names')" );
160
  }
161
  }
162
 
139
  $expired_sessions = array();
140
 
141
  foreach( $expiration_keys as $expiration ) {
142
+
143
  // If the session has expired
144
  if ( $now > intval( $expiration->option_value ) ) {
145
+
146
  // Get the session ID by parsing the option_name
147
  $session_id = substr( $expiration->option_name, 20 );
148
 
149
+ if( (int) -1 === (int) $session_id || ! preg_match( '/^[a-f0-9]{32}$/', $session_id ) ) {
150
  continue;
151
  }
152
 
153
  $expired_sessions[] = $expiration->option_name;
154
+ $expired_sessions[] = esc_sql( "_wp_session_$session_id" );
155
  }
156
  }
157
 
158
  // Delete all expired sessions in a single query
159
  if ( ! empty( $expired_sessions ) ) {
160
  $option_names = implode( "','", $expired_sessions );
161
+ $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name IN ('$option_names')" );
162
  }
163
  }
164
 
readme.txt CHANGED
@@ -7,7 +7,7 @@ Tags: download, downloads, e-store, eshop, digital downloads, e-downloads, ecomm
7
  Requires at least: 3.9.2
8
  Tested up to: 4.4
9
 
10
- Stable Tag: 2.4.9
11
 
12
  License: GNU Version 2 or Any Later Version
13
 
@@ -191,6 +191,10 @@ Yes, through the addition of one or more of the add-on payment gateways, you can
191
 
192
  == Changelog ==
193
 
 
 
 
 
194
  = 2.4.9, October 14, 2015 =
195
 
196
  * Fix: Importing payments caused payments to be associated with customer of user doing the import
7
  Requires at least: 3.9.2
8
  Tested up to: 4.4
9
 
10
+ Stable Tag: 2.4.10
11
 
12
  License: GNU Version 2 or Any Later Version
13
 
191
 
192
  == Changelog ==
193
 
194
+ = 2.4.10, December 12, 2015 =
195
+
196
+ * Fix: Security vulnerability related to session IDs
197
+
198
  = 2.4.9, October 14, 2015 =
199
 
200
  * Fix: Importing payments caused payments to be associated with customer of user doing the import