Version Description
- Possible Cross-site scripting (XSS) vulnerability fixed, only possible for sub-domain, sub-directory paid options: An attacker can generate a malicious link and if followed by a victim with an old browser without proper URL encoding support (<
Download this release
Release Info
| Developer | edo888 |
| Plugin |  Translate WordPress with GTranslate |
| Version | 2.8.65 |
| Comparing to | |
| See all releases | |
Code changes from version 2.8.64 to 2.8.65
- gtranslate.php +2 -3
- readme.txt +6 -1
gtranslate.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: GTranslate
|
| 4 |
Plugin URI: https://gtranslate.io/?xyz=998
|
| 5 |
Description: Makes your website <strong>multilingual</strong> and available to the world using Google Translate. For support visit <a href="https://wordpress.org/support/plugin/gtranslate">GTranslate Support</a>.
|
| 6 |
-
Version: 2.8.
|
| 7 |
Author: Translate AI Multilingual Solutions
|
| 8 |
Author URI: https://gtranslate.io
|
| 9 |
Text Domain: gtranslate
|
|
@@ -2030,7 +2030,6 @@ GTranslate::load_defaults($data);
|
|
| 2030 |
|
| 2031 |
if($data['pro_version']) { // gtranslate redirect rules with PHP (for environments with no .htaccess support (pantheon, flywheel, etc.), usually .htaccess rules override this)
|
| 2032 |
|
| 2033 |
-
//@list($request_uri, $query_params) = explode('?', $_SERVER['REQUEST_URI']);
|
| 2034 |
$url_params = explode('?', $_SERVER['REQUEST_URI']);
|
| 2035 |
$request_uri = $url_params[0];
|
| 2036 |
if(isset($url_params[1]))
|
|
@@ -2148,7 +2147,7 @@ if($data['pro_version'] or $data['enterprise_version']) {
|
|
| 2148 |
add_action('admin_head', 'gtranslate_request_uri_var');
|
| 2149 |
|
| 2150 |
function gtranslate_request_uri_var() {
|
| 2151 |
-
echo "<script>var gt_request_uri = '".addslashes($_SERVER['REQUEST_URI'])."';</script>";
|
| 2152 |
}
|
| 2153 |
}
|
| 2154 |
|
| 3 |
Plugin Name: GTranslate
|
| 4 |
Plugin URI: https://gtranslate.io/?xyz=998
|
| 5 |
Description: Makes your website <strong>multilingual</strong> and available to the world using Google Translate. For support visit <a href="https://wordpress.org/support/plugin/gtranslate">GTranslate Support</a>.
|
| 6 |
+
Version: 2.8.65
|
| 7 |
Author: Translate AI Multilingual Solutions
|
| 8 |
Author URI: https://gtranslate.io
|
| 9 |
Text Domain: gtranslate
|
| 2030 |
|
| 2031 |
if($data['pro_version']) { // gtranslate redirect rules with PHP (for environments with no .htaccess support (pantheon, flywheel, etc.), usually .htaccess rules override this)
|
| 2032 |
|
|
|
|
| 2033 |
$url_params = explode('?', $_SERVER['REQUEST_URI']);
|
| 2034 |
$request_uri = $url_params[0];
|
| 2035 |
if(isset($url_params[1]))
|
| 2147 |
add_action('admin_head', 'gtranslate_request_uri_var');
|
| 2148 |
|
| 2149 |
function gtranslate_request_uri_var() {
|
| 2150 |
+
echo "<script>var gt_request_uri = '".addslashes(esc_url_raw($_SERVER['REQUEST_URI']))."';</script>";
|
| 2151 |
}
|
| 2152 |
}
|
| 2153 |
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Author: Translate AI Multilingual Solutions
|
|
| 4 |
Tags: translate, translate wordpress, multilingual, translation, translate language, bilingual, localization, translation proxy, localisation, multilanguage, google translate
|
| 5 |
Requires at least: 2.8.1
|
| 6 |
Tested up to: 5.7
|
| 7 |
-
Stable tag: 2.8.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
Donate link: https://gtranslate.io/?xyz=998#pricing
|
|
@@ -251,6 +251,11 @@ If you want us to translate your website professionally or provide you a proofre
|
|
| 251 |
8. User Dashboard
|
| 252 |
|
| 253 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 254 |
= 2.8.64 =
|
| 255 |
* New server added into our Translation Delivery Network
|
| 256 |
|
| 4 |
Tags: translate, translate wordpress, multilingual, translation, translate language, bilingual, localization, translation proxy, localisation, multilanguage, google translate
|
| 5 |
Requires at least: 2.8.1
|
| 6 |
Tested up to: 5.7
|
| 7 |
+
Stable tag: 2.8.65
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
Donate link: https://gtranslate.io/?xyz=998#pricing
|
| 251 |
8. User Dashboard
|
| 252 |
|
| 253 |
== Changelog ==
|
| 254 |
+
= 2.8.65 =
|
| 255 |
+
* Possible Cross-site scripting (XSS) vulnerability fixed, only possible for sub-domain, sub-directory paid options:
|
| 256 |
+
An attacker can generate a malicious link and if followed by a victim with an old browser without proper URL encoding support (<= IE 9) then javascript code can be executed on victim's computer.
|
| 257 |
+
Kudos to Ram Gall @ Wordfence for notifying
|
| 258 |
+
|
| 259 |
= 2.8.64 =
|
| 260 |
* New server added into our Translation Delivery Network
|
| 261 |
|
