Google Apps Login - Version 2.8.17

Version Description

Added filter gal_login_button_text so developers can customize the 'Login with Google' button in all versions (in Premium/Enterprise, it is possible to set the button text in settings, and that will always take priority if set).

Fixed a text injection vulnerability whereby it was possible for a third party to trick a user into viewing a version of the login page containing an error message entirely of their own choosing - all sites should upgrade to this plugin version.

Download this release

Release Info

Developer danlester
Plugin Icon 128x128 Google Apps Login
Version 2.8.17
Comparing to
See all releases

Code changes from version 2.8.16 to 2.8.17

core/core_google_apps_login.php CHANGED
@@ -242,7 +242,8 @@ class core_google_apps_login {
242
  }
243
 
244
  protected function get_login_button_text() {
245
- return __( 'Login with Google' , 'google-apps-login');
 
246
  }
247
 
248
  protected function should_hidewplogin($options) {
@@ -272,8 +273,12 @@ class core_google_apps_login {
272
  .'<a href="http://wp-glogin.com/installing-google-apps-login/#main-settings"'
273
  .' target="_blank">instructions here</a>' , 'google-apps-login');
274
  break;
 
 
 
 
275
  default:
276
- $error_message = htmlentities2($_REQUEST['error']);
277
  break;
278
  }
279
  $user = new WP_Error('ga_login_error', $error_message);
@@ -366,7 +371,6 @@ class core_google_apps_login {
366
  }
367
 
368
  if (is_wp_error($user)) {
369
- $this->checkRegularWPError($user, $username, $password); // May exit
370
  $this->displayAndReturnError($user);
371
  }
372
 
@@ -382,10 +386,6 @@ class core_google_apps_login {
382
  return $user;
383
  }
384
 
385
- // Has content in Premium
386
- protected function checkRegularWPError($user, $username, $password) {
387
- }
388
-
389
  // Has content in Enterprise
390
  protected function check_groups($client, $userinfo, $user, $userdidnotexist) {
391
  }
242
  }
243
 
244
  protected function get_login_button_text() {
245
+ $login_button_text = __('Login with Google', 'google-apps-login');
246
+ return apply_filters('gal_login_button_text', $login_button_text);
247
  }
248
 
249
  protected function should_hidewplogin($options) {
273
  .'<a href="http://wp-glogin.com/installing-google-apps-login/#main-settings"'
274
  .' target="_blank">instructions here</a>' , 'google-apps-login');
275
  break;
276
+ case 'ga_user_must_glogin':
277
+ $error_message = sprintf(__( 'The user must use <i>%s</i> to access the site' , 'google-apps-login'),
278
+ htmlentities($this->get_login_button_text()));
279
+ break;
280
  default:
281
+ $error_message = __( 'Unrecognized error message' , 'google-apps-login');
282
  break;
283
  }
284
  $user = new WP_Error('ga_login_error', $error_message);
371
  }
372
 
373
  if (is_wp_error($user)) {
 
374
  $this->displayAndReturnError($user);
375
  }
376
 
386
  return $user;
387
  }
388
 
 
 
 
 
389
  // Has content in Enterprise
390
  protected function check_groups($client, $userinfo, $user, $userdidnotexist) {
391
  }
google_apps_login.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Simple secure login for Wordpress through users' Google Apps accounts (uses secure OAuth2, and MFA if enabled)
7
- * Version: 2.8.16
8
  * Author: Dan Lester
9
  * Author URI: http://wp-glogin.com/
10
  * License: GPL3
@@ -17,7 +17,7 @@ require_once( plugin_dir_path(__FILE__).'/core/core_google_apps_login.php' );
17
 
18
  class basic_google_apps_login extends core_google_apps_login {
19
 
20
- protected $PLUGIN_VERSION = '2.8.16';
21
 
22
  // Singleton
23
  private static $instance = null;
4
  * Plugin Name: Google Apps Login
5
  * Plugin URI: http://wp-glogin.com/
6
  * Description: Simple secure login for Wordpress through users' Google Apps accounts (uses secure OAuth2, and MFA if enabled)
7
+ * Version: 2.8.17
8
  * Author: Dan Lester
9
  * Author URI: http://wp-glogin.com/
10
  * License: GPL3
17
 
18
  class basic_google_apps_login extends core_google_apps_login {
19
 
20
+ protected $PLUGIN_VERSION = '2.8.17';
21
 
22
  // Singleton
23
  private static $instance = null;
lang/google-apps-login.pot CHANGED
@@ -1,14 +1,14 @@
1
- # Copyright (C) 2015
2
  # This file is distributed under the same license as the package.
3
  msgid ""
4
  msgstr ""
5
  "Project-Id-Version: \n"
6
  "Report-Msgid-Bugs-To: http://wordpress.org/tag/googleappslogin\n"
7
- "POT-Creation-Date: 2015-11-05 16:29:07+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=UTF-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
11
- "PO-Revision-Date: 2015-MO-DA HO:MI+ZONE\n"
12
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
  "Language-Team: LANGUAGE <LL@li.org>\n"
14
 
@@ -52,129 +52,125 @@ msgstr ""
52
  msgid "Error"
53
  msgstr ""
54
 
55
- #: core/commercial_google_apps_login.php:43
56
- msgid "User with email address %s must use Login with Google"
57
- msgstr ""
58
-
59
- #: core/commercial_google_apps_login.php:71
60
  msgid "User %s does not exist"
61
  msgstr ""
62
 
63
- #: core/commercial_google_apps_login.php:80
64
  msgid "Invalid email address"
65
  msgstr ""
66
 
67
- #: core/commercial_google_apps_login.php:88
68
  msgid "Email address needs to be in %s."
69
  msgstr ""
70
 
71
- #: core/commercial_google_apps_login.php:91
72
  msgid "%s not authorized - <a href=\"%s\">Sign out of Google</a> to switch accounts"
73
  msgstr ""
74
 
75
- #: core/commercial_google_apps_login.php:148
76
  #: core/core_google_apps_login.php:197
77
  msgid "Redirecting to <a href=\"%s\">Login via Google</a>..."
78
  msgstr ""
79
 
80
- #: core/commercial_google_apps_login.php:167
81
  msgid "By default, any existing account can authenticate either via Google (if a Gmail/Google Apps account), or by WordPress username/password."
82
  msgstr ""
83
 
84
- #: core/commercial_google_apps_login.php:169
85
  msgid "To allow special behaviour on your Google Apps domain (auto-create users who don't yet exist, or disable regular WordPress username/password access for your users), fill in the following section."
86
  msgstr ""
87
 
88
- #: core/commercial_google_apps_login.php:171
89
  msgid "Please read the <a href=\"%s\" target=\"gainstr\">instructions here</a> first."
90
  msgstr ""
91
 
92
- #: core/commercial_google_apps_login.php:176
93
  msgid "My Google Apps domain"
94
  msgstr ""
95
 
96
- #: core/commercial_google_apps_login.php:181
97
  msgid "Auto-create new users on my domain"
98
  msgstr ""
99
 
100
- #: core/commercial_google_apps_login.php:185
101
  msgid "Default role for new users"
102
  msgstr ""
103
 
104
- #: core/commercial_google_apps_login.php:193
105
  msgid "Disable WordPress username/password login for my domain"
106
  msgstr ""
107
 
108
- #: core/commercial_google_apps_login.php:198
109
  msgid "Completely hide WordPress username and password boxes"
110
  msgstr ""
111
 
112
- #: core/commercial_google_apps_login.php:203
113
  msgid "Tick the last two with caution - leave unchecked until you are confident Google Login is working for your own admin account"
114
  msgstr ""
115
 
116
- #: core/commercial_google_apps_login.php:225
117
  msgid "Automatically logout of Google when logging out of WordPress"
118
  msgstr ""
119
 
120
- #: core/commercial_google_apps_login.php:228
121
  msgid "Login button text (optional)"
122
  msgstr ""
123
 
124
- #: core/commercial_google_apps_login.php:231
125
  #: core/core_google_apps_login.php:245
126
  msgid "Login with Google"
127
  msgstr ""
128
 
129
- #: core/commercial_google_apps_login.php:239
130
  msgid "You should have received a license key when you purchased this professional version of Google Apps Login."
131
  msgstr ""
132
 
133
- #: core/commercial_google_apps_login.php:241
134
  msgid "Please enter it below to enable automatic updates, or <a href=\"mailto:contact@wp-glogin.com\">email us</a> if you do not have one."
135
  msgstr ""
136
 
137
- #: core/commercial_google_apps_login.php:245
138
  msgid "License Key"
139
  msgstr ""
140
 
141
- #: core/commercial_google_apps_login.php:364
142
  msgid "Domain name should be a space-separated list of valid domains, in lowercase letters (or blank)"
143
  msgstr ""
144
 
145
- #: core/commercial_google_apps_login.php:365
146
  msgid "License key is too short"
147
  msgstr ""
148
 
149
- #: core/commercial_google_apps_login.php:367
150
  msgid "License key failed to activate"
151
  msgstr ""
152
 
153
- #: core/commercial_google_apps_login.php:368
154
  msgid "License key does not exist in our system at all"
155
  msgstr ""
156
 
157
- #: core/commercial_google_apps_login.php:369
158
  msgid "License key entered is for the wrong product"
159
  msgstr ""
160
 
161
- #: core/commercial_google_apps_login.php:370
162
  msgid "License key has expired"
163
  msgstr ""
164
 
165
- #: core/commercial_google_apps_login.php:371
166
  msgid "License key is not permitted for this website"
167
  msgstr ""
168
 
169
- #: core/commercial_google_apps_login.php:372
170
  msgid "License key is not active for this website"
171
  msgstr ""
172
 
173
- #: core/commercial_google_apps_login.php:373
174
  msgid "License key has been disabled"
175
  msgstr ""
176
 
177
- #: core/commercial_google_apps_login.php:374
178
  msgid "License key was not provided"
179
  msgstr ""
180
 
@@ -186,31 +182,39 @@ msgstr ""
186
  msgid "or"
187
  msgstr ""
188
 
189
- #: core/core_google_apps_login.php:268
190
  msgid "You did not grant access"
191
  msgstr ""
192
 
193
- #: core/core_google_apps_login.php:287
 
 
 
 
 
 
 
 
194
  msgid "Session mismatch - try again, but there could be a problem setting state"
195
  msgstr ""
196
 
197
- #: core/core_google_apps_login.php:293
198
  msgid "Session mismatch - try again, but there could be a problem passing state"
199
  msgstr ""
200
 
201
- #: core/core_google_apps_login.php:300
202
  msgid "Session mismatch - try again, but there could be a problem setting cookies"
203
  msgstr ""
204
 
205
- #: core/core_google_apps_login.php:334
206
  msgid "Email needs to be verified on your Google Account"
207
  msgstr ""
208
 
209
- #: core/core_google_apps_login.php:358
210
  msgid "User authenticated OK, but error fetching user details from Google"
211
  msgstr ""
212
 
213
- #: core/core_google_apps_login.php:377
214
  msgid "User %s not registered in Wordpress"
215
  msgstr ""
216
 
1
+ # Copyright (C) 2016
2
  # This file is distributed under the same license as the package.
3
  msgid ""
4
  msgstr ""
5
  "Project-Id-Version: \n"
6
  "Report-Msgid-Bugs-To: http://wordpress.org/tag/googleappslogin\n"
7
+ "POT-Creation-Date: 2016-01-20 10:28:20+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=UTF-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
11
+ "PO-Revision-Date: 2016-MO-DA HO:MI+ZONE\n"
12
  "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13
  "Language-Team: LANGUAGE <LL@li.org>\n"
14
 
52
  msgid "Error"
53
  msgstr ""
54
 
55
+ #: core/commercial_google_apps_login.php:60
 
 
 
 
56
  msgid "User %s does not exist"
57
  msgstr ""
58
 
59
+ #: core/commercial_google_apps_login.php:69
60
  msgid "Invalid email address"
61
  msgstr ""
62
 
63
+ #: core/commercial_google_apps_login.php:77
64
  msgid "Email address needs to be in %s."
65
  msgstr ""
66
 
67
+ #: core/commercial_google_apps_login.php:80
68
  msgid "%s not authorized - <a href=\"%s\">Sign out of Google</a> to switch accounts"
69
  msgstr ""
70
 
71
+ #: core/commercial_google_apps_login.php:137
72
  #: core/core_google_apps_login.php:197
73
  msgid "Redirecting to <a href=\"%s\">Login via Google</a>..."
74
  msgstr ""
75
 
76
+ #: core/commercial_google_apps_login.php:156
77
  msgid "By default, any existing account can authenticate either via Google (if a Gmail/Google Apps account), or by WordPress username/password."
78
  msgstr ""
79
 
80
+ #: core/commercial_google_apps_login.php:158
81
  msgid "To allow special behaviour on your Google Apps domain (auto-create users who don't yet exist, or disable regular WordPress username/password access for your users), fill in the following section."
82
  msgstr ""
83
 
84
+ #: core/commercial_google_apps_login.php:160
85
  msgid "Please read the <a href=\"%s\" target=\"gainstr\">instructions here</a> first."
86
  msgstr ""
87
 
88
+ #: core/commercial_google_apps_login.php:165
89
  msgid "My Google Apps domain"
90
  msgstr ""
91
 
92
+ #: core/commercial_google_apps_login.php:170
93
  msgid "Auto-create new users on my domain"
94
  msgstr ""
95
 
96
+ #: core/commercial_google_apps_login.php:174
97
  msgid "Default role for new users"
98
  msgstr ""
99
 
100
+ #: core/commercial_google_apps_login.php:182
101
  msgid "Disable WordPress username/password login for my domain"
102
  msgstr ""
103
 
104
+ #: core/commercial_google_apps_login.php:187
105
  msgid "Completely hide WordPress username and password boxes"
106
  msgstr ""
107
 
108
+ #: core/commercial_google_apps_login.php:192
109
  msgid "Tick the last two with caution - leave unchecked until you are confident Google Login is working for your own admin account"
110
  msgstr ""
111
 
112
+ #: core/commercial_google_apps_login.php:214
113
  msgid "Automatically logout of Google when logging out of WordPress"
114
  msgstr ""
115
 
116
+ #: core/commercial_google_apps_login.php:217
117
  msgid "Login button text (optional)"
118
  msgstr ""
119
 
120
+ #: core/commercial_google_apps_login.php:220
121
  #: core/core_google_apps_login.php:245
122
  msgid "Login with Google"
123
  msgstr ""
124
 
125
+ #: core/commercial_google_apps_login.php:228
126
  msgid "You should have received a license key when you purchased this professional version of Google Apps Login."
127
  msgstr ""
128
 
129
+ #: core/commercial_google_apps_login.php:230
130
  msgid "Please enter it below to enable automatic updates, or <a href=\"mailto:contact@wp-glogin.com\">email us</a> if you do not have one."
131
  msgstr ""
132
 
133
+ #: core/commercial_google_apps_login.php:234
134
  msgid "License Key"
135
  msgstr ""
136
 
137
+ #: core/commercial_google_apps_login.php:353
138
  msgid "Domain name should be a space-separated list of valid domains, in lowercase letters (or blank)"
139
  msgstr ""
140
 
141
+ #: core/commercial_google_apps_login.php:354
142
  msgid "License key is too short"
143
  msgstr ""
144
 
145
+ #: core/commercial_google_apps_login.php:356
146
  msgid "License key failed to activate"
147
  msgstr ""
148
 
149
+ #: core/commercial_google_apps_login.php:357
150
  msgid "License key does not exist in our system at all"
151
  msgstr ""
152
 
153
+ #: core/commercial_google_apps_login.php:358
154
  msgid "License key entered is for the wrong product"
155
  msgstr ""
156
 
157
+ #: core/commercial_google_apps_login.php:359
158
  msgid "License key has expired"
159
  msgstr ""
160
 
161
+ #: core/commercial_google_apps_login.php:360
162
  msgid "License key is not permitted for this website"
163
  msgstr ""
164
 
165
+ #: core/commercial_google_apps_login.php:361
166
  msgid "License key is not active for this website"
167
  msgstr ""
168
 
169
+ #: core/commercial_google_apps_login.php:362
170
  msgid "License key has been disabled"
171
  msgstr ""
172
 
173
+ #: core/commercial_google_apps_login.php:363
174
  msgid "License key was not provided"
175
  msgstr ""
176
 
182
  msgid "or"
183
  msgstr ""
184
 
185
+ #: core/core_google_apps_login.php:269
186
  msgid "You did not grant access"
187
  msgstr ""
188
 
189
+ #: core/core_google_apps_login.php:277
190
+ msgid "The user must use <i>%s</i> to access the site"
191
+ msgstr ""
192
+
193
+ #: core/core_google_apps_login.php:281
194
+ msgid "Unrecognized error message"
195
+ msgstr ""
196
+
197
+ #: core/core_google_apps_login.php:292
198
  msgid "Session mismatch - try again, but there could be a problem setting state"
199
  msgstr ""
200
 
201
+ #: core/core_google_apps_login.php:298
202
  msgid "Session mismatch - try again, but there could be a problem passing state"
203
  msgstr ""
204
 
205
+ #: core/core_google_apps_login.php:305
206
  msgid "Session mismatch - try again, but there could be a problem setting cookies"
207
  msgstr ""
208
 
209
+ #: core/core_google_apps_login.php:339
210
  msgid "Email needs to be verified on your Google Account"
211
  msgstr ""
212
 
213
+ #: core/core_google_apps_login.php:363
214
  msgid "User authenticated OK, but error fetching user details from Google"
215
  msgstr ""
216
 
217
+ #: core/core_google_apps_login.php:381
218
  msgid "User %s not registered in Wordpress"
219
  msgstr ""
220
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: danlester
3
  Tags: login, google, authentication, oauth2, oauth, google login, google apps, sso, single-sign-on, auth, intranet
4
  Requires at least: 3.7
5
  Tested up to: 4.4
6
- Stable tag: 2.8.16
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
@@ -133,7 +133,7 @@ The plugin will work whether your site is configured for HTTP or HTTPS.
133
  However, you may have configured your site to run so that the login pages
134
  can be accessed by *either* HTTP *or* HTTPS. In that case, you may run into problems.
135
  We recommend that you set [FORCE_SSL_ADMIN](http://codex.wordpress.org/Administration_Over_SSL)
136
- or at least FORCE_SSL_LOGIN to true. This will ensure that all users are consistently using HTTPS
137
  for login.
138
 
139
  You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are
@@ -226,6 +226,14 @@ please [click here](http://wp-glogin.com/installing-google-apps-login/basic-setu
226
 
227
  == Changelog ==
228
 
 
 
 
 
 
 
 
 
229
  = 2.8.16 =
230
 
231
  Updated to work correctly alongside some plugins that change the login URL from /wp-login.php to something else.
3
  Tags: login, google, authentication, oauth2, oauth, google login, google apps, sso, single-sign-on, auth, intranet
4
  Requires at least: 3.7
5
  Tested up to: 4.4
6
+ Stable tag: 2.8.17
7
  License: GPLv3
8
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
9
 
133
  However, you may have configured your site to run so that the login pages
134
  can be accessed by *either* HTTP *or* HTTPS. In that case, you may run into problems.
135
  We recommend that you set [FORCE_SSL_ADMIN](http://codex.wordpress.org/Administration_Over_SSL)
136
+ to true. This will ensure that all users are consistently using HTTPS
137
  for login.
138
 
139
  You may then need to ensure the Redirect URL and Web Origin in the Google Cloud Console are
226
 
227
  == Changelog ==
228
 
229
+ = 2.8.17 =
230
+
231
+ Added filter gal_login_button_text so developers can customize the 'Login with Google' button in all versions (in Premium/Enterprise,
232
+ it is possible to set the button text in settings, and that will always take priority if set).
233
+
234
+ Fixed a text injection vulnerability whereby it was possible for a third party to trick a user into viewing a version of the login page
235
+ containing an error message entirely of their own choosing - all sites should upgrade to this plugin version.
236
+
237
  = 2.8.16 =
238
 
239
  Updated to work correctly alongside some plugins that change the login URL from /wp-login.php to something else.