Google Doc Embedder - Version 2.5.17

Version Description

  • Fixed: Potential security vulnerability in disabled enhanced viewer code
Download this release

Release Info

Developer k3davis
Plugin Icon wp plugin Google Doc Embedder
Version 2.5.17
Comparing to
See all releases

Code changes from version 2.5.16 to 2.5.17

Files changed (6) hide show
  1. gviewer.php +2 -2
  2. libs/lib-formsubmit.php +3 -0
  3. libs/tab-support.php +3 -0
  4. options.php +3 -3
  5. readme.txt +3 -0
  6. ~view.php +4 -0
gviewer.php CHANGED
@@ -8,7 +8,7 @@ Author: Kevin Davis
8
  Author URI: http://www.davistribe.org/
9
  Text Domain: gde
10
  Domain Path: /languages/
11
- Version: 2.5.16
12
  License: GPLv2
13
  */
14
 
@@ -38,7 +38,7 @@ License: GPLv2
38
  */
39
 
40
  // boring init junk
41
- $gde_ver = "2.5.16.98";
42
  $gde_db_ver = "1.2"; // update also in gde_activate()
43
 
44
  require_once( plugin_dir_path( __FILE__ ) . 'functions.php' );
8
  Author URI: http://www.davistribe.org/
9
  Text Domain: gde
10
  Domain Path: /languages/
11
+ Version: 2.5.17
12
  License: GPLv2
13
  */
14
 
38
  */
39
 
40
  // boring init junk
41
+ $gde_ver = "2.5.17.98";
42
  $gde_db_ver = "1.2"; // update also in gde_activate()
43
 
44
  require_once( plugin_dir_path( __FILE__ ) . 'functions.php' );
libs/lib-formsubmit.php CHANGED
@@ -1,5 +1,8 @@
1
  <?php
2
 
 
 
 
3
  // access wp functions externally
4
  require_once('lib-bootstrap.php');
5
  include_once(ABSPATH . 'wp-includes/pluggable.php'); // required for wp_mail
1
  <?php
2
 
3
+ // don't use this form - direct to WP public forums
4
+ exit;
5
+
6
  // access wp functions externally
7
  require_once('lib-bootstrap.php');
8
  include_once(ABSPATH . 'wp-includes/pluggable.php'); // required for wp_mail
libs/tab-support.php CHANGED
@@ -4,6 +4,9 @@
4
  * Support tab content
5
  */
6
 
 
 
 
7
  if ( ! defined( 'ABSPATH' ) ) {
8
  exit;
9
  }
4
  * Support tab content
5
  */
6
 
7
+ // bypass for now - directed to support forums
8
+ exit;
9
+
10
  if ( ! defined( 'ABSPATH' ) ) {
11
  exit;
12
  }
options.php CHANGED
@@ -203,11 +203,11 @@ if ( ! $import ) {
203
  <span><?php _e('Advanced', 'gde'); ?></span>
204
  </a>
205
  </li>
206
- <li id="suptab" class="ui-state-default ui-corner-top">
207
  <a href="#support" class="nav-tab">
208
  <span><?php _e('Support', 'gde'); ?></span>
209
  </a>
210
- </li>
211
  </ul>
212
  </div>
213
 
@@ -241,7 +241,7 @@ if ( ! $import ) {
241
  </div>
242
 
243
  <div id="supcontent" class="gde-tab">
244
- <?php gde_show_tab('support'); ?>
245
  </div>
246
  </div>
247
 
203
  <span><?php _e('Advanced', 'gde'); ?></span>
204
  </a>
205
  </li>
206
+ <!--li id="suptab" class="ui-state-default ui-corner-top">
207
  <a href="#support" class="nav-tab">
208
  <span><?php _e('Support', 'gde'); ?></span>
209
  </a>
210
+ </li-->
211
  </ul>
212
  </div>
213
 
241
  </div>
242
 
243
  <div id="supcontent" class="gde-tab">
244
+ <?php //gde_show_tab('support'); ?>
245
  </div>
246
  </div>
247
 
readme.txt CHANGED
@@ -141,6 +141,9 @@ More common questions are answered on the GDE web site [here](http://www.davistr
141
 
142
  (E) Enhanced Viewer
143
 
 
 
 
144
  = 2.5.16 =
145
  * Removed: Masked URL ability, pending rewrite after Google breakage
146
 
141
 
142
  (E) Enhanced Viewer
143
 
144
+ = 2.5.17 =
145
+ * Fixed: Potential security vulnerability in disabled enhanced viewer code
146
+
147
  = 2.5.16 =
148
  * Removed: Masked URL ability, pending rewrite after Google breakage
149
 
~view.php CHANGED
@@ -4,6 +4,10 @@
4
  * Enhanced Viewer
5
  */
6
 
 
 
 
 
7
  // access wp functions externally
8
  require_once('libs/lib-bootstrap.php');
9
 
4
  * Enhanced Viewer
5
  */
6
 
7
+ // disable if adddressed. $_GET['gpid'] below has SQL injection vulnerability and should
8
+ // be replaced if this file is used again.
9
+ exit;
10
+
11
  // access wp functions externally
12
  require_once('libs/lib-bootstrap.php');
13