GeoIP Detection - Version 3.0.3

Version Description

The Plugin was renamed to Geolocation IP Detection in order to prevent trademark issues.

Release Info

Developer	benjamin4
Plugin	GeoIP Detection
Version	3.0.3
Comparing to
See all releases

Code changes from version 3.0.2 to 3.0.3

Files changed (9) hide show

admin-ui.php +12 -8
data-sources/auto.php +1 -1
data-sources/header.php +1 -1
data-sources/ipstack.php +4 -3
data-sources/manual.php +1 -1
data-sources/precision.php +5 -3
geoip-detect.php +2 -2
readme.txt +5 -2
views/lookup.php +9 -7

admin-ui.php CHANGED Viewed

	@@ -45,7 +45,7 @@ add_filter( "plugin_action_links_" . GEOIP_PLUGIN_BASENAME, 'geoip_detect_add_se
45	// ------------- Admin GUI --------------------
46
47	function geoip_detect_verify_nonce($action) {
48	- $nonce = isset($_POST['_wpnonce']) ? $_POST['_wpnonce'] : '';
49	return wp_verify_nonce( $nonce, 'geoip_detect_' . $action );
50	}
51
	@@ -56,20 +56,22 @@ function geoip_detect_lookup_page()
56
57	$ip_lookup_result = false;
58	$message = '';
59	- $action = isset($_POST['action']) ? $_POST['action'] : '';

60
61	if (geoip_detect_verify_nonce($action)) {
62	switch($action) {
63	case 'lookup':
64	- if (~~isset(~~$~~_POST['~~ip']))
65	{
66	- $request_ip = geoip_detect_is_ip($~~_POST['~~ip']) ? $~~_POST['~~ip'] : '';
67	$request_skipCache = !empty($_POST['skip_cache']);
68	$options = array('skipCache' => $request_skipCache);
69
70	$request_locales = null;
71	- if (!empty($_POST['locales']))
72	- $request_locales = explode(',', $_POST['locales']);

73
74	$start = microtime(true);
75	$ip_lookup_result = geoip_detect2_get_info_from_ip($request_ip, $request_locales, $options);
	@@ -84,6 +86,7 @@ function geoip_detect_lookup_page()
84	}
85
86	function geoip_detect_sanitize_option($opt_name, $opt_value, &$message = '') {

87	switch($opt_name) {
88	case 'external_ip':
89	if (!geoip_detect_is_ip($opt_value)) {
	@@ -125,7 +128,7 @@ function geoip_detect_option_page() {
125	$text_options = array('external_ip', 'trusted_proxy_ips');
126	$option_names = array_merge($numeric_options, $text_options);
127
128	- $action = isset($_POST['action']) ? $_POST['action'] : '';
129
130	if (geoip_detect_verify_nonce($action)) {
131	switch($action)
	@@ -144,7 +147,8 @@ function geoip_detect_option_page() {
144	break;
145
146	case 'choose':
147	- $~~registry->setCurrentSource~~($_POST['options']['source']);

148	break;
149
150


45	// ------------- Admin GUI --------------------
46
47	function geoip_detect_verify_nonce($action) {
48	+ $nonce = isset($_POST['_wpnonce']) ? sanitize_text_field($_POST['_wpnonce']) : '';
49	return wp_verify_nonce( $nonce, 'geoip_detect_' . $action );
50	}
51

56
57	$ip_lookup_result = false;
58	$message = '';
59	+ $action = isset($_POST['action']) ? sanitize_key($_POST['action']) : '';
60	+ $ip = isset($_POST['ip']) ? sanitize_text_field($_POST['ip']) : '';
61
62	if (geoip_detect_verify_nonce($action)) {
63	switch($action) {
64	case 'lookup':
65	+ if ($ip)
66	{
67	+ $request_ip = geoip_detect_is_ip($ip) ? $ip : '';
68	$request_skipCache = !empty($_POST['skip_cache']);
69	$options = array('skipCache' => $request_skipCache);
70
71	$request_locales = null;
72	+ if (!empty($_POST['locales'])) {
73	+ $request_locales = explode(',', sanitize_text_field($_POST['locales']));
74	+ }
75
76	$start = microtime(true);
77	$ip_lookup_result = geoip_detect2_get_info_from_ip($request_ip, $request_locales, $options);

86	}
87
88	function geoip_detect_sanitize_option($opt_name, $opt_value, &$message = '') {
89	+ $opt_value = sanitize_text_field($opt_value);
90	switch($opt_name) {
91	case 'external_ip':
92	if (!geoip_detect_is_ip($opt_value)) {

128	$text_options = array('external_ip', 'trusted_proxy_ips');
129	$option_names = array_merge($numeric_options, $text_options);
130
131	+ $action = isset($_POST['action']) ? sanitize_key($_POST['action']) : '';
132
133	if (geoip_detect_verify_nonce($action)) {
134	switch($action)

147	break;
148
149	case 'choose':
150	+ $sourceId = sanitize_text_field($_POST['options']['source']);
151	+ $registry->setCurrentSource($sourceId);
152	break;
153
154

data-sources/auto.php CHANGED Viewed

	@@ -104,7 +104,7 @@ HTML;
104	$message = '';
105
106	if (isset($post['options_auto']['license_key'])) {
107	- $key = ~~trim~~($post['options_auto']['license_key']);
108	$validationResult = $this->validateApiKey($key);
109	if (\is_string($validationResult)) {
110	$message .= $validationResult;


104	$message = '';
105
106	if (isset($post['options_auto']['license_key'])) {
107	+ $key = sanitize_text_field($post['options_auto']['license_key']);
108	$validationResult = $this->validateApiKey($key);
109	if (\is_string($validationResult)) {
110	$message .= $validationResult;

data-sources/header.php CHANGED Viewed

	@@ -106,7 +106,7 @@ HTML;
106	public function saveParameters($post) {
107	$message = '';
108
109	- $value = isset($post['options_header']['provider']) ? $post['options_header']['provider'] : '';
110	if (!empty($value)) {
111	update_option('geoip-detect-header-provider', $value);
112	}


106	public function saveParameters($post) {
107	$message = '';
108
109	+ $value = isset($post['options_header']['provider']) ? sanitize_key($post['options_header']['provider']) : '';
110	if (!empty($value)) {
111	update_option('geoip-detect-header-provider', $value);
112	}

data-sources/ipstack.php CHANGED Viewed

	@@ -214,14 +214,15 @@ HTML;
214	$message = '';
215
216	if (isset($post['options_ipstack']['key'])) {
217	- ~~update_option~~(~~'geoip-detect-ipstack_key',~~ $post['options_ipstack']['key']);
218	- ~~$this->params[~~'~~key~~']= $~~post['options_ipstack']['~~key'];

219	}
220
221	if (isset($post['options_ipstack']['ssl'])) {
222	$ssl = (int) $post['options_ipstack']['ssl'];
223	update_option('geoip-detect-ipstack_ssl', $ssl);
224	- $this->params['ssl'] = $~~post['options_ipstack']['~~ssl'];
225	}
226
227	if (geoip_detect2_is_source_active('ipstack') && !$this->isWorking())


214	$message = '';
215
216	if (isset($post['options_ipstack']['key'])) {
217	+ $key = sanitize_key($post['options_ipstack']['key']);
218	+ update_option('geoip-detect-ipstack_key', $key);
219	+ $this->params['key']= $key;
220	}
221
222	if (isset($post['options_ipstack']['ssl'])) {
223	$ssl = (int) $post['options_ipstack']['ssl'];
224	update_option('geoip-detect-ipstack_ssl', $ssl);
225	+ $this->params['ssl'] = $ssl;
226	}
227
228	if (geoip_detect2_is_source_active('ipstack') && !$this->isWorking())

data-sources/manual.php CHANGED Viewed

	@@ -82,7 +82,7 @@ HTML;
82	public function saveParameters($post) {
83	$message = '';
84
85	- $file = isset($post['options_manual']['manual_file']) ? $post['options_manual']['manual_file'] : '';
86	if (!empty($file)) {
87	update_option('geoip-detect-manual_file', $file);
88


82	public function saveParameters($post) {
83	$message = '';
84
85	+ $file = isset($post['options_manual']['manual_file']) ? sanitize_file_name($post['options_manual']['manual_file']) : '';
86	if (!empty($file)) {
87	update_option('geoip-detect-manual_file', $file);
88

data-sources/precision.php CHANGED Viewed

	@@ -131,12 +131,14 @@ HTML;
131	update_option('geoip-detect-precision-user_id', $user_id);
132	}
133	if (isset($post['options_precision']['user_secret'])) {
134	- $user_secret = ~~trim~~($post['options_precision']['user_secret']);
135	update_option('geoip-detect-precision-user_secret', $user_secret);
136	}
137	if (isset($post['options_precision']['api_type'])) {
138	- if (~~isset(~~$~~this->known_api_types[$~~post['options_precision']['api_type']]))
139	- ~~update_option~~(~~'geoip-detect-precision_api_type',~~ $~~post~~[~~'options_precision'~~]~~['api_type']~~);


140	}
141
142	if (geoip_detect2_is_source_active('precision') && !$this->isWorking())


131	update_option('geoip-detect-precision-user_id', $user_id);
132	}
133	if (isset($post['options_precision']['user_secret'])) {
134	+ $user_secret = sanitize_text_field($post['options_precision']['user_secret']);
135	update_option('geoip-detect-precision-user_secret', $user_secret);
136	}
137	if (isset($post['options_precision']['api_type'])) {
138	+ $type = sanitize_text_field($post['options_precision']['api_type']);
139	+ if (isset($this->known_api_types[$type])) {
140	+ update_option('geoip-detect-precision_api_type', $type);
141	+ }
142	}
143
144	if (geoip_detect2_is_source_active('precision') && !$this->isWorking())

geoip-detect.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: http://www.yellowtree.de
5	Description: Retrieving Geo-Information using the Maxmind GeoIP (Lite) Database.
6	Author: Yellow Tree (Benjamin Pick)
7	Author URI: http://www.yellowtree.de
8	- Version: 3.0.2
9	License: GPLv3 or later
10	License URI: http://www.gnu.org/licenses/gpl-3.0.html
11	Text Domain: geoip-detect
	@@ -16,7 +16,7 @@ Requires WP: 4.0
16	Requires PHP: 5.6
17	*/
18
19	- define('GEOIP_DETECT_VERSION', '3.0.2');
20
21	/*
22	Copyright 2013-2020 Yellow Tree, Siegen, Germany


5	Description: Retrieving Geo-Information using the Maxmind GeoIP (Lite) Database.
6	Author: Yellow Tree (Benjamin Pick)
7	Author URI: http://www.yellowtree.de
8	+ Version: 3.0.3
9	License: GPLv3 or later
10	License URI: http://www.gnu.org/licenses/gpl-3.0.html
11	Text Domain: geoip-detect

16	Requires PHP: 5.6
17	*/
18
19	+ define('GEOIP_DETECT_VERSION', '3.0.3');
20
21	/*
22	Copyright 2013-2020 Yellow Tree, Siegen, Germany

readme.txt CHANGED Viewed

	@@ -111,7 +111,7 @@ Does `geoip_detect2_get_info_from_current_ip()` return the same country, regardl
111
112	== Upgrade Notice ==
113
114	- = 3.0.2 =
115	The Plugin was renamed to Geolocation IP Detection in order to prevent trademark issues.
116
117	= 3.0.1 =
	@@ -149,11 +149,14 @@ New: Shortcode for showing/hiding content!
149
150	== Changelog ==
151
152	- = 3.0.2 =
153	* The Plugin has been renamed to "Geolocation IP Detection" in order to prevent trademark issues
154	* FIX: Minor improvements in the backend UI
155	* FIX: Security hardening against XSS
156



157	= 3.0.1 =
158	* FIX: Button "Update now" now works also on the lookup page.
159	* FIX: Reverted the vendor code to the one used in 2.13 because it broke installations with the WooCommerce-plugin. I will update the vendor code again once we found a long-term solution for this interdepency.


111
112	== Upgrade Notice ==
113
114	+ = 3.0.3 =
115	The Plugin was renamed to Geolocation IP Detection in order to prevent trademark issues.
116
117	= 3.0.1 =

149
150	== Changelog ==
151
152	+ = 3.0.3 =
153	* The Plugin has been renamed to "Geolocation IP Detection" in order to prevent trademark issues
154	* FIX: Minor improvements in the backend UI
155	* FIX: Security hardening against XSS
156
157	+ = 3.0.2 =
158	+ (Was not released)
159	+
160	= 3.0.1 =
161	* FIX: Button "Update now" now works also on the lookup page.
162	* FIX: Reverted the vendor code to the one used in 2.13 because it broke installations with the WooCommerce-plugin. I will update the vendor code again once we found a long-term solution for this interdepency.

views/lookup.php CHANGED Viewed

	@@ -57,7 +57,7 @@ function var_export_short($data, $return=true)
57	<form method="post" action="#">
58	<?php wp_nonce_field( 'geoip_detect_lookup' ); ?>
59	<input type="hidden" name="action" value="lookup" />
60	- <?php _e('IP', 'geoip-detect')?>: <input type="text" placeholder="<?php _e('Enter an IP (v4 or v6)', 'geoip-detect')?>" name="ip" value="<?php echo isset($_REQUEST['ip']) ? esc_attr($~~_REQUEST['~~ip']) : esc_attr(geoip_detect2_get_client_ip()); ?>" /><br />
61	<label><?php _e('Use these locales:', 'geoip-detect'); ?>
62	<select name="locales">
63	<option value="" <?php if (empty($_POST['locales'])) echo 'selected="selected"'?>><?php _e('Default (Current site language, English otherwise)', 'geoip-detect')?></option>
	@@ -146,11 +146,13 @@ function var_export_short($data, $return=true)
146	$value = var_export_short($value, true);
147	}
148
149	- ~~switch~~($_POST['~~syntax~~']) {


150	case 'shortcode':
151	$extra = '';
152	- if (~~!empty(~~$~~_POST['~~locales~~'])~~ && $key_2 === 'name') {
153	- $extra .= ' lang="' . esc_attr($~~_POST['~~locales']) . '"';
154	}
155	if (!empty($_POST['skip_cache'])) {
156	$extra .= ' skip_cache="true"';
	@@ -161,13 +163,13 @@ function var_export_short($data, $return=true)
161
162	case 'js':
163	$prop = '"' . $key_1 . '.' . $key_2 . '"';
164	- if (~~!empty(~~$~~_POST['~~locales~~'])~~ && $key_2 === 'name') {
165	$locales_to_js = array(
166	'en' => '"en"',
167	'fr,en' => '["fr", "en"]',
168	);
169	- if (isset($locales_to_js[$~~_POST['~~locales']])) {
170	- $locales_js = $locales_to_js[$~~_POST['~~locales']];
171	} else {
172	$locales_js = 'NULL';
173	}


57	<form method="post" action="#">
58	<?php wp_nonce_field( 'geoip_detect_lookup' ); ?>
59	<input type="hidden" name="action" value="lookup" />
60	+ <?php _e('IP', 'geoip-detect')?>: <input type="text" placeholder="<?php _e('Enter an IP (v4 or v6)', 'geoip-detect')?>" name="ip" value="<?php echo isset($_REQUEST['ip']) ? esc_attr($ip) : esc_attr(geoip_detect2_get_client_ip()); ?>" /><br />
61	<label><?php _e('Use these locales:', 'geoip-detect'); ?>
62	<select name="locales">
63	<option value="" <?php if (empty($_POST['locales'])) echo 'selected="selected"'?>><?php _e('Default (Current site language, English otherwise)', 'geoip-detect')?></option>

146	$value = var_export_short($value, true);
147	}
148
149	+ $locales = sanitize_text_field(@$_POST['locales']);
150	+
151	+ switch(sanitize_key($_POST['syntax'])) {
152	case 'shortcode':
153	$extra = '';
154	+ if ($locales && $key_2 === 'name') {
155	+ $extra .= ' lang="' . esc_attr($locales) . '"';
156	}
157	if (!empty($_POST['skip_cache'])) {
158	$extra .= ' skip_cache="true"';

163
164	case 'js':
165	$prop = '"' . $key_1 . '.' . $key_2 . '"';
166	+ if ($locales && $key_2 === 'name') {
167	$locales_to_js = array(
168	'en' => '"en"',
169	'fr,en' => '["fr", "en"]',
170	);
171	+ if (isset($locales_to_js[$locales])) {
172	+ $locales_js = $locales_to_js[$locales];
173	} else {
174	$locales_js = 'NULL';
175	}