Version Description
- fixed XSS security vulnerability on LWA settings page allowing code injection if an authorized user follows a properly structured url to that page, this does not affect the security of the login forms, only the settings page. Kudos Neven Biruski from DefenceCode for responsible disclosure.
- changed our hooks logout_url and login_redirect added as actions to filters which prevented functionality in some situations
Download this release
Release Info
Developer | netweblogic |
Plugin | Login With Ajax |
Version | 3.1.7 |
Comparing to | |
See all releases |
Code changes from version 3.1.6 to 3.1.7
- login-with-ajax-admin.php +1 -1
- login-with-ajax.php +4 -4
- readme.txt +6 -2
login-with-ajax-admin.php
CHANGED
@@ -145,7 +145,7 @@ class LoginWithAjaxAdmin{
|
|
145 |
</div>
|
146 |
<div id="post-body">
|
147 |
<div id="post-body-content">
|
148 |
-
<form method="post" action="
|
149 |
<h2><?php _e("General Settings", 'login-with-ajax'); ?></h2>
|
150 |
<table class="form-table">
|
151 |
<?php if( count(LoginWithAjax::$templates) > 1 ) : ?>
|
145 |
</div>
|
146 |
<div id="post-body">
|
147 |
<div id="post-body-content">
|
148 |
+
<form method="post" action="">
|
149 |
<h2><?php _e("General Settings", 'login-with-ajax'); ?></h2>
|
150 |
<table class="form-table">
|
151 |
<?php if( count(LoginWithAjax::$templates) > 1 ) : ?>
|
login-with-ajax.php
CHANGED
@@ -4,7 +4,7 @@ Plugin Name: Login With Ajax
|
|
4 |
Plugin URI: http://wordpress.org/extend/plugins/login-with-ajax/
|
5 |
Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area.
|
6 |
Author: Marcus Sykes
|
7 |
-
Version: 3.1.
|
8 |
Author URI: http://msyk.es
|
9 |
Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
|
10 |
Text Domain: login-with-ajax
|
@@ -24,7 +24,7 @@ GNU General Public License for more details.
|
|
24 |
You should have received a copy of the GNU General Public License
|
25 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
26 |
*/
|
27 |
-
define('LOGIN_WITH_AJAX_VERSION', '3.1.
|
28 |
class LoginWithAjax {
|
29 |
|
30 |
/**
|
@@ -113,8 +113,8 @@ class LoginWithAjax {
|
|
113 |
|
114 |
//Add logout/in redirection
|
115 |
add_action('wp_logout', 'LoginWithAjax::logoutRedirect');
|
116 |
-
|
117 |
-
|
118 |
add_shortcode('login-with-ajax', 'LoginWithAjax::shortcode');
|
119 |
add_shortcode('lwa', 'LoginWithAjax::shortcode');
|
120 |
}
|
4 |
Plugin URI: http://wordpress.org/extend/plugins/login-with-ajax/
|
5 |
Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area.
|
6 |
Author: Marcus Sykes
|
7 |
+
Version: 3.1.7
|
8 |
Author URI: http://msyk.es
|
9 |
Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
|
10 |
Text Domain: login-with-ajax
|
24 |
You should have received a copy of the GNU General Public License
|
25 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
26 |
*/
|
27 |
+
define('LOGIN_WITH_AJAX_VERSION', '3.1.7');
|
28 |
class LoginWithAjax {
|
29 |
|
30 |
/**
|
113 |
|
114 |
//Add logout/in redirection
|
115 |
add_action('wp_logout', 'LoginWithAjax::logoutRedirect');
|
116 |
+
add_filter('logout_url', 'LoginWithAjax::logoutUrl');
|
117 |
+
add_filter('login_redirect', 'LoginWithAjax::loginRedirect', 1, 3);
|
118 |
add_shortcode('login-with-ajax', 'LoginWithAjax::shortcode');
|
119 |
add_shortcode('lwa', 'LoginWithAjax::shortcode');
|
120 |
}
|
readme.txt
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
Contributors: netweblogic
|
3 |
Tags: login, ajax, ajax login, registration, redirect redirect, buddypress, multi site, sidebar, admin, widget
|
4 |
Requires at least: 3.7
|
5 |
-
Tested up to: 4.7
|
6 |
-
Stable tag: 3.1.
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
Add smooth ajax login/registration effects and choose where users get redirected upon log in/out. Supports SSL, MultiSite, and BuddyPress.
|
@@ -173,6 +173,10 @@ For further questions and answers (or to submit one yourself) go to our [http://
|
|
173 |
|
174 |
|
175 |
== Changelog ==
|
|
|
|
|
|
|
|
|
176 |
= 3.1.6 =
|
177 |
* added Persian translation, thanks to Mohammad Akbari
|
178 |
* fixed PHP 7 deprecated construct error
|
2 |
Contributors: netweblogic
|
3 |
Tags: login, ajax, ajax login, registration, redirect redirect, buddypress, multi site, sidebar, admin, widget
|
4 |
Requires at least: 3.7
|
5 |
+
Tested up to: 4.7.2
|
6 |
+
Stable tag: 3.1.7
|
7 |
License: GPLv2 or later
|
8 |
|
9 |
Add smooth ajax login/registration effects and choose where users get redirected upon log in/out. Supports SSL, MultiSite, and BuddyPress.
|
173 |
|
174 |
|
175 |
== Changelog ==
|
176 |
+
= 3.1.7 =
|
177 |
+
* fixed XSS security vulnerability on LWA settings page allowing code injection if an authorized user follows a properly structured url to that page, this does not affect the security of the login forms, only the settings page. Kudos Neven Biruski from DefenceCode for responsible disclosure.
|
178 |
+
* changed our hooks logout_url and login_redirect added as actions to filters which prevented functionality in some situations
|
179 |
+
|
180 |
= 3.1.6 =
|
181 |
* added Persian translation, thanks to Mohammad Akbari
|
182 |
* fixed PHP 7 deprecated construct error
|