Version Description
- Restrict custom template paths to theme directory (prevent directory traversal attacks).
Download this release
Release Info
| Developer | figureone |
| Plugin |  Insert Pages |
| Version | 3.2.4 |
| Comparing to | |
| See all releases | |
Code changes from version 3.2.3 to 3.2.4
- insert-pages.php +9 -3
- readme.txt +7 -1
insert-pages.php
CHANGED
|
@@ -9,7 +9,7 @@ Author URI: http://www.linkedin.com/in/paulrryan
|
|
| 9 |
Text Domain: insert-pages
|
| 10 |
Domain Path: /languages
|
| 11 |
License: GPL2
|
| 12 |
-
Version: 3.2.
|
| 13 |
*/
|
| 14 |
|
| 15 |
/* Copyright 2011 Paul Ryan (email: prar@hawaii.edu)
|
|
@@ -352,7 +352,10 @@ if ( !class_exists( 'InsertPagesPlugin' ) ) {
|
|
| 352 |
$inserted_page = query_posts( $args );
|
| 353 |
if ( have_posts() ) {
|
| 354 |
$template = locate_template( $attributes['display'] );
|
| 355 |
-
|
|
|
|
|
|
|
|
|
|
| 356 |
include $template; // execute the template code
|
| 357 |
} else { // Couldn't find template, so fall back to printing a link to the page.
|
| 358 |
the_post();
|
|
@@ -459,7 +462,10 @@ if ( !class_exists( 'InsertPagesPlugin' ) ) {
|
|
| 459 |
break;
|
| 460 |
default: // display is either invalid, or contains a template file to use
|
| 461 |
$template = locate_template( $attributes['display'] );
|
| 462 |
-
|
|
|
|
|
|
|
|
|
|
| 463 |
include $template; // execute the template code
|
| 464 |
} else { // Couldn't find template, so fall back to printing a link to the page.
|
| 465 |
the_post();
|
| 9 |
Text Domain: insert-pages
|
| 10 |
Domain Path: /languages
|
| 11 |
License: GPL2
|
| 12 |
+
Version: 3.2.4
|
| 13 |
*/
|
| 14 |
|
| 15 |
/* Copyright 2011 Paul Ryan (email: prar@hawaii.edu)
|
| 352 |
$inserted_page = query_posts( $args );
|
| 353 |
if ( have_posts() ) {
|
| 354 |
$template = locate_template( $attributes['display'] );
|
| 355 |
+
// Only allow templates that don't have any directory traversal in
|
| 356 |
+
// them (to prevent including php files that aren't in the active
|
| 357 |
+
// theme directory or the /wp-includes/theme-compat/ directory).
|
| 358 |
+
if ( strlen( $template ) > 0 && $template === realpath( $template ) ) {
|
| 359 |
include $template; // execute the template code
|
| 360 |
} else { // Couldn't find template, so fall back to printing a link to the page.
|
| 361 |
the_post();
|
| 462 |
break;
|
| 463 |
default: // display is either invalid, or contains a template file to use
|
| 464 |
$template = locate_template( $attributes['display'] );
|
| 465 |
+
// Only allow templates that don't have any directory traversal in
|
| 466 |
+
// them (to prevent including php files that aren't in the active
|
| 467 |
+
// theme directory or the /wp-includes/theme-compat/ directory).
|
| 468 |
+
if ( strlen( $template ) > 0 && $template === realpath( $template ) ) {
|
| 469 |
include $template; // execute the template code
|
| 470 |
} else { // Couldn't find template, so fall back to printing a link to the page.
|
| 471 |
the_post();
|
readme.txt
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
Contributors: figureone, the_magician
|
| 3 |
Tags: insert, pages, shortcode, embed
|
| 4 |
Requires at least: 3.0.1
|
| 5 |
-
Tested up to: 4.
|
| 6 |
Stable tag: trunk
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
|
@@ -86,6 +86,9 @@ Just one! The plugin prevents you from embedding a page in itself, but you can t
|
|
| 86 |
|
| 87 |
== Changelog ==
|
| 88 |
|
|
|
|
|
|
|
|
|
|
| 89 |
= 3.2.3 =
|
| 90 |
* Fix for loading inline CSS from SiteOrigin Page Builder version 2.5 or later. Props @alexgso for the pull request!
|
| 91 |
|
|
@@ -301,6 +304,9 @@ add_action( 'init', 'theme_init' );`
|
|
| 301 |
|
| 302 |
== Upgrade Notice ==
|
| 303 |
|
|
|
|
|
|
|
|
|
|
| 304 |
= 2.3 =
|
| 305 |
Warning: If you apply CSS rules to #insertPages_Content, this update will require you to modify those styles. The element id "insertPages_Content" was removed so multiple pages can be embedded on a single page. You may apply styles instead to the "insert-page" class.
|
| 306 |
|
| 2 |
Contributors: figureone, the_magician
|
| 3 |
Tags: insert, pages, shortcode, embed
|
| 4 |
Requires at least: 3.0.1
|
| 5 |
+
Tested up to: 4.8.2
|
| 6 |
Stable tag: trunk
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 86 |
|
| 87 |
== Changelog ==
|
| 88 |
|
| 89 |
+
= 3.2.4 =
|
| 90 |
+
* Restrict custom template paths to theme directory (prevent directory traversal attacks).
|
| 91 |
+
|
| 92 |
= 3.2.3 =
|
| 93 |
* Fix for loading inline CSS from SiteOrigin Page Builder version 2.5 or later. Props @alexgso for the pull request!
|
| 94 |
|
| 304 |
|
| 305 |
== Upgrade Notice ==
|
| 306 |
|
| 307 |
+
= 3.2.4 =
|
| 308 |
+
Security notice: this update fixes a potential directory traversal attack where a WordPress user with Editor role or higher could include any php file by specifying it as a custom template in the Insert Pages shortcode. This vulnerability is limited because the attacker already needs to be an Editor or higher on your WordPress site. Example: [insert page='your-page' display='../../../../../../../../xampp/apache/logs/access.log']
|
| 309 |
+
|
| 310 |
= 2.3 =
|
| 311 |
Warning: If you apply CSS rules to #insertPages_Content, this update will require you to modify those styles. The element id "insertPages_Content" was removed so multiple pages can be embedded on a single page. You may apply styles instead to the "insert-page" class.
|
| 312 |
|
