Version Description
- Cross-site scripting (XSS) vulnerability fixed: Only possible for sub-domain, sub-directory paid options with hreflang tags enabled: An attacker can generate a malicious link and if followed by a victim then javascript code can be executed on victim's computer
Download this release
Release Info
| Developer | edo888 |
| Plugin |  Translate WordPress with GTranslate |
| Version | 2.8.52 |
| Comparing to | |
| See all releases | |
Code changes from version 2.8.51 to 2.8.52
- gtranslate.php +20 -21
- readme.txt +5 -1
gtranslate.php
CHANGED
|
@@ -3,14 +3,14 @@
|
|
| 3 |
Plugin Name: GTranslate
|
| 4 |
Plugin URI: https://gtranslate.io/?xyz=998
|
| 5 |
Description: Makes your website <strong>multilingual</strong> and available to the world using Google Translate. For support visit <a href="https://wordpress.org/support/plugin/gtranslate">GTranslate Support</a>.
|
| 6 |
-
Version: 2.8.
|
| 7 |
Author: Translate AI Multilingual Solutions
|
| 8 |
Author URI: https://gtranslate.io
|
| 9 |
Text Domain: gtranslate
|
| 10 |
|
| 11 |
*/
|
| 12 |
|
| 13 |
-
/* Copyright 2010 -
|
| 14 |
|
| 15 |
This program is free software; you can redistribute it and/or modify
|
| 16 |
it under the terms of the GNU General Public License as published by
|
|
@@ -1959,11 +1959,11 @@ if($data['add_hreflang_tags'] and ($data['pro_version'] or $data['enterprise_ver
|
|
| 1959 |
if($current_url !== false) {
|
| 1960 |
// adding default language
|
| 1961 |
if($data['default_language'] === 'iw')
|
| 1962 |
-
echo '<link rel="alternate" hreflang="he" href="'
|
| 1963 |
elseif($data['default_language'] === 'jw')
|
| 1964 |
-
echo '<link rel="alternate" hreflang="jv" href="'
|
| 1965 |
else
|
| 1966 |
-
echo '<link rel="alternate" hreflang="'.$data['default_language'].'" href="'
|
| 1967 |
|
| 1968 |
// adding enabled languages
|
| 1969 |
foreach($enabled_languages as $lang) {
|
|
@@ -1977,11 +1977,11 @@ if($data['add_hreflang_tags'] and ($data['pro_version'] or $data['enterprise_ver
|
|
| 1977 |
|
| 1978 |
if(!empty($href) and $lang != $data['default_language']) {
|
| 1979 |
if($lang === 'iw')
|
| 1980 |
-
echo '<link rel="alternate" hreflang="he" href="'
|
| 1981 |
elseif($lang === 'jw')
|
| 1982 |
-
echo '<link rel="alternate" hreflang="jv" href="'
|
| 1983 |
else
|
| 1984 |
-
echo '<link rel="alternate" hreflang="'.$lang.'" href="'
|
| 1985 |
}
|
| 1986 |
}
|
| 1987 |
}
|
|
@@ -2266,8 +2266,6 @@ if($data['pro_version'] or $data['enterprise_version']) {
|
|
| 2266 |
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) and !empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
| 2267 |
$headers[] = 'X-GT-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
|
| 2268 |
|
| 2269 |
-
//file_put_contents(dirname(__FILE__) . '/url_addon/debug.txt', 'Request URL: ' . $protocol.'://'.$server.'.tdn.gtranslate.net'.wp_make_link_relative(plugins_url('gtranslate/url_addon/gtranslate-email.php')) . "\n", FILE_APPEND);
|
| 2270 |
-
|
| 2271 |
$ch = curl_init();
|
| 2272 |
curl_setopt($ch, CURLOPT_URL, $protocol.'://'.$server.'.tdn.gtranslate.net'.wp_make_link_relative(plugins_url('gtranslate/url_addon/gtranslate-email.php').'?glang='.$_SERVER['HTTP_X_GT_LANG']));
|
| 2273 |
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
|
|
@@ -2278,19 +2276,18 @@ if($data['pro_version'] or $data['enterprise_version']) {
|
|
| 2278 |
curl_setopt($ch, CURLOPT_POST, 1);
|
| 2279 |
curl_setopt($ch, CURLOPT_POSTFIELDS, array('body' => do_shortcode("<subject>$subject</subject><message>$message</message>"), 'access_key' => md5(substr(NONCE_SALT, 0, 10) . substr(NONCE_KEY, 0, 5))));
|
| 2280 |
|
| 2281 |
-
|
| 2282 |
-
|
| 2283 |
-
|
| 2284 |
-
curl_setopt($ch, CURLOPT_VERBOSE, true);
|
| 2285 |
-
curl_setopt($ch, CURLOPT_STDERR, $fh);
|
| 2286 |
-
}
|
| 2287 |
|
| 2288 |
$response = curl_exec($ch);
|
| 2289 |
$response_info = curl_getinfo($ch);
|
| 2290 |
curl_close($ch);
|
| 2291 |
|
| 2292 |
-
|
| 2293 |
-
|
|
|
|
|
|
|
| 2294 |
|
| 2295 |
if(isset($response_info['http_code']) and $response_info['http_code'] == 200) {
|
| 2296 |
if($data['pro_version'])
|
|
@@ -2303,8 +2300,10 @@ if($data['pro_version'] or $data['enterprise_version']) {
|
|
| 2303 |
$subject = $matches[1][0];
|
| 2304 |
$message = $matches[2][0];
|
| 2305 |
|
| 2306 |
-
|
| 2307 |
-
|
|
|
|
|
|
|
| 2308 |
|
| 2309 |
$args['subject'] = $subject;
|
| 2310 |
$args['message'] = $message;
|
|
@@ -2316,7 +2315,7 @@ if($data['pro_version'] or $data['enterprise_version']) {
|
|
| 2316 |
return $args;
|
| 2317 |
}
|
| 2318 |
|
| 2319 |
-
add_filter('wp_mail', 'gt_translate_emails',
|
| 2320 |
}
|
| 2321 |
}
|
| 2322 |
|
| 3 |
Plugin Name: GTranslate
|
| 4 |
Plugin URI: https://gtranslate.io/?xyz=998
|
| 5 |
Description: Makes your website <strong>multilingual</strong> and available to the world using Google Translate. For support visit <a href="https://wordpress.org/support/plugin/gtranslate">GTranslate Support</a>.
|
| 6 |
+
Version: 2.8.52
|
| 7 |
Author: Translate AI Multilingual Solutions
|
| 8 |
Author URI: https://gtranslate.io
|
| 9 |
Text Domain: gtranslate
|
| 10 |
|
| 11 |
*/
|
| 12 |
|
| 13 |
+
/* Copyright 2010 - 2020 Edvard Ananyan (email : edo888@gmail.com)
|
| 14 |
|
| 15 |
This program is free software; you can redistribute it and/or modify
|
| 16 |
it under the terms of the GNU General Public License as published by
|
| 1959 |
if($current_url !== false) {
|
| 1960 |
// adding default language
|
| 1961 |
if($data['default_language'] === 'iw')
|
| 1962 |
+
echo '<link rel="alternate" hreflang="he" href="'.esc_url($current_url).'" />'."\n";
|
| 1963 |
elseif($data['default_language'] === 'jw')
|
| 1964 |
+
echo '<link rel="alternate" hreflang="jv" href="'.esc_url($current_url).'" />'."\n";
|
| 1965 |
else
|
| 1966 |
+
echo '<link rel="alternate" hreflang="'.$data['default_language'].'" href="'.esc_url($current_url).'" />'."\n";
|
| 1967 |
|
| 1968 |
// adding enabled languages
|
| 1969 |
foreach($enabled_languages as $lang) {
|
| 1977 |
|
| 1978 |
if(!empty($href) and $lang != $data['default_language']) {
|
| 1979 |
if($lang === 'iw')
|
| 1980 |
+
echo '<link rel="alternate" hreflang="he" href="'.esc_url($href).'" />'."\n";
|
| 1981 |
elseif($lang === 'jw')
|
| 1982 |
+
echo '<link rel="alternate" hreflang="jv" href="'.esc_url($href).'" />'."\n";
|
| 1983 |
else
|
| 1984 |
+
echo '<link rel="alternate" hreflang="'.$lang.'" href="'.esc_url($href).'" />'."\n";
|
| 1985 |
}
|
| 1986 |
}
|
| 1987 |
}
|
| 2266 |
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) and !empty($_SERVER['HTTP_X_FORWARDED_FOR']))
|
| 2267 |
$headers[] = 'X-GT-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
|
| 2268 |
|
|
|
|
|
|
|
| 2269 |
$ch = curl_init();
|
| 2270 |
curl_setopt($ch, CURLOPT_URL, $protocol.'://'.$server.'.tdn.gtranslate.net'.wp_make_link_relative(plugins_url('gtranslate/url_addon/gtranslate-email.php').'?glang='.$_SERVER['HTTP_X_GT_LANG']));
|
| 2271 |
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
|
| 2276 |
curl_setopt($ch, CURLOPT_POST, 1);
|
| 2277 |
curl_setopt($ch, CURLOPT_POSTFIELDS, array('body' => do_shortcode("<subject>$subject</subject><message>$message</message>"), 'access_key' => md5(substr(NONCE_SALT, 0, 10) . substr(NONCE_KEY, 0, 5))));
|
| 2278 |
|
| 2279 |
+
//$fh = fopen(dirname(__FILE__) . '/url_addon/debug.txt', 'a');
|
| 2280 |
+
//curl_setopt($ch, CURLOPT_VERBOSE, true);
|
| 2281 |
+
//curl_setopt($ch, CURLOPT_STDERR, $fh);
|
|
|
|
|
|
|
|
|
|
| 2282 |
|
| 2283 |
$response = curl_exec($ch);
|
| 2284 |
$response_info = curl_getinfo($ch);
|
| 2285 |
curl_close($ch);
|
| 2286 |
|
| 2287 |
+
if($debug) {
|
| 2288 |
+
file_put_contents(dirname(__FILE__) . '/url_addon/debug.txt', 'Response: ' . $response . "\n", FILE_APPEND);
|
| 2289 |
+
file_put_contents(dirname(__FILE__) . '/url_addon/debug.txt', 'Response_info: ' . print_r($response_info, true) . "\n", FILE_APPEND);
|
| 2290 |
+
}
|
| 2291 |
|
| 2292 |
if(isset($response_info['http_code']) and $response_info['http_code'] == 200) {
|
| 2293 |
if($data['pro_version'])
|
| 2300 |
$subject = $matches[1][0];
|
| 2301 |
$message = $matches[2][0];
|
| 2302 |
|
| 2303 |
+
if($debug) {
|
| 2304 |
+
file_put_contents(dirname(__FILE__) . '/url_addon/debug.txt', 'Translated Subject: ' . $subject . "\n", FILE_APPEND);
|
| 2305 |
+
file_put_contents(dirname(__FILE__) . '/url_addon/debug.txt', 'Translated Message: ' . $message . "\n", FILE_APPEND);
|
| 2306 |
+
}
|
| 2307 |
|
| 2308 |
$args['subject'] = $subject;
|
| 2309 |
$args['message'] = $message;
|
| 2315 |
return $args;
|
| 2316 |
}
|
| 2317 |
|
| 2318 |
+
add_filter('wp_mail', 'gt_translate_emails', 10000, 1);
|
| 2319 |
}
|
| 2320 |
}
|
| 2321 |
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Author: Translate AI Multilingual Solutions
|
|
| 4 |
Tags: translate, translate wordpress, multilingual, translation, translate language, bilingual, localization, translation proxy, localisation, multilanguage, google translate
|
| 5 |
Requires at least: 2.8.1
|
| 6 |
Tested up to: 5.3
|
| 7 |
-
Stable tag: 2.8.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
Donate link: https://gtranslate.io/?xyz=998#pricing
|
|
@@ -247,6 +247,10 @@ If you want us to translate your website professionally or provide you a proofre
|
|
| 247 |
8. User Dashboard
|
| 248 |
|
| 249 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
| 250 |
= 2.8.51 =
|
| 251 |
* Translate WooCommerce Emails feature added, now we are in beta testing stage.
|
| 252 |
* Minor issue solved related to http request headers in Sub-directory URL structure
|
| 4 |
Tags: translate, translate wordpress, multilingual, translation, translate language, bilingual, localization, translation proxy, localisation, multilanguage, google translate
|
| 5 |
Requires at least: 2.8.1
|
| 6 |
Tested up to: 5.3
|
| 7 |
+
Stable tag: 2.8.52
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
Donate link: https://gtranslate.io/?xyz=998#pricing
|
| 247 |
8. User Dashboard
|
| 248 |
|
| 249 |
== Changelog ==
|
| 250 |
+
= 2.8.52 =
|
| 251 |
+
* Cross-site scripting (XSS) vulnerability fixed: Only possible for sub-domain, sub-directory paid options with hreflang tags enabled:
|
| 252 |
+
An attacker can generate a malicious link and if followed by a victim then javascript code can be executed on victim's computer
|
| 253 |
+
|
| 254 |
= 2.8.51 =
|
| 255 |
* Translate WooCommerce Emails feature added, now we are in beta testing stage.
|
| 256 |
* Minor issue solved related to http request headers in Sub-directory URL structure
|
