Version Description
- fixed XSS security vulnerability on LWA settings page allowing code injection if an authorized user follows a properly structured url to that page, this does not affect the security of the login forms, only the settings page. Kudos Neven Biruski from DefenceCode for responsible disclosure.
- changed our hooks logout_url and login_redirect added as actions to filters which prevented functionality in some situations
Download this release
Release Info
| Developer | netweblogic |
| Plugin |  Login With Ajax |
| Version | 3.1.7 |
| Comparing to | |
| See all releases | |
Code changes from version 3.1.6 to 3.1.7
- login-with-ajax-admin.php +1 -1
- login-with-ajax.php +4 -4
- readme.txt +6 -2
login-with-ajax-admin.php
CHANGED
|
@@ -145,7 +145,7 @@ class LoginWithAjaxAdmin{
|
|
| 145 |
</div>
|
| 146 |
<div id="post-body">
|
| 147 |
<div id="post-body-content">
|
| 148 |
-
<form method="post" action="
|
| 149 |
<h2><?php _e("General Settings", 'login-with-ajax'); ?></h2>
|
| 150 |
<table class="form-table">
|
| 151 |
<?php if( count(LoginWithAjax::$templates) > 1 ) : ?>
|
| 145 |
</div>
|
| 146 |
<div id="post-body">
|
| 147 |
<div id="post-body-content">
|
| 148 |
+
<form method="post" action="">
|
| 149 |
<h2><?php _e("General Settings", 'login-with-ajax'); ?></h2>
|
| 150 |
<table class="form-table">
|
| 151 |
<?php if( count(LoginWithAjax::$templates) > 1 ) : ?>
|
login-with-ajax.php
CHANGED
|
@@ -4,7 +4,7 @@ Plugin Name: Login With Ajax
|
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/login-with-ajax/
|
| 5 |
Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area.
|
| 6 |
Author: Marcus Sykes
|
| 7 |
-
Version: 3.1.
|
| 8 |
Author URI: http://msyk.es
|
| 9 |
Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
|
| 10 |
Text Domain: login-with-ajax
|
|
@@ -24,7 +24,7 @@ GNU General Public License for more details.
|
|
| 24 |
You should have received a copy of the GNU General Public License
|
| 25 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
| 26 |
*/
|
| 27 |
-
define('LOGIN_WITH_AJAX_VERSION', '3.1.
|
| 28 |
class LoginWithAjax {
|
| 29 |
|
| 30 |
/**
|
|
@@ -113,8 +113,8 @@ class LoginWithAjax {
|
|
| 113 |
|
| 114 |
//Add logout/in redirection
|
| 115 |
add_action('wp_logout', 'LoginWithAjax::logoutRedirect');
|
| 116 |
-
|
| 117 |
-
|
| 118 |
add_shortcode('login-with-ajax', 'LoginWithAjax::shortcode');
|
| 119 |
add_shortcode('lwa', 'LoginWithAjax::shortcode');
|
| 120 |
}
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/login-with-ajax/
|
| 5 |
Description: Ajax driven login widget. Customisable from within your template folder, and advanced settings from the admin area.
|
| 6 |
Author: Marcus Sykes
|
| 7 |
+
Version: 3.1.7
|
| 8 |
Author URI: http://msyk.es
|
| 9 |
Tags: Login, Ajax, Redirect, BuddyPress, MU, WPMU, sidebar, admin, widget
|
| 10 |
Text Domain: login-with-ajax
|
| 24 |
You should have received a copy of the GNU General Public License
|
| 25 |
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
| 26 |
*/
|
| 27 |
+
define('LOGIN_WITH_AJAX_VERSION', '3.1.7');
|
| 28 |
class LoginWithAjax {
|
| 29 |
|
| 30 |
/**
|
| 113 |
|
| 114 |
//Add logout/in redirection
|
| 115 |
add_action('wp_logout', 'LoginWithAjax::logoutRedirect');
|
| 116 |
+
add_filter('logout_url', 'LoginWithAjax::logoutUrl');
|
| 117 |
+
add_filter('login_redirect', 'LoginWithAjax::loginRedirect', 1, 3);
|
| 118 |
add_shortcode('login-with-ajax', 'LoginWithAjax::shortcode');
|
| 119 |
add_shortcode('lwa', 'LoginWithAjax::shortcode');
|
| 120 |
}
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: netweblogic
|
| 3 |
Tags: login, ajax, ajax login, registration, redirect redirect, buddypress, multi site, sidebar, admin, widget
|
| 4 |
Requires at least: 3.7
|
| 5 |
-
Tested up to: 4.7
|
| 6 |
-
Stable tag: 3.1.
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Add smooth ajax login/registration effects and choose where users get redirected upon log in/out. Supports SSL, MultiSite, and BuddyPress.
|
|
@@ -173,6 +173,10 @@ For further questions and answers (or to submit one yourself) go to our [http://
|
|
| 173 |
|
| 174 |
|
| 175 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
| 176 |
= 3.1.6 =
|
| 177 |
* added Persian translation, thanks to Mohammad Akbari
|
| 178 |
* fixed PHP 7 deprecated construct error
|
| 2 |
Contributors: netweblogic
|
| 3 |
Tags: login, ajax, ajax login, registration, redirect redirect, buddypress, multi site, sidebar, admin, widget
|
| 4 |
Requires at least: 3.7
|
| 5 |
+
Tested up to: 4.7.2
|
| 6 |
+
Stable tag: 3.1.7
|
| 7 |
License: GPLv2 or later
|
| 8 |
|
| 9 |
Add smooth ajax login/registration effects and choose where users get redirected upon log in/out. Supports SSL, MultiSite, and BuddyPress.
|
| 173 |
|
| 174 |
|
| 175 |
== Changelog ==
|
| 176 |
+
= 3.1.7 =
|
| 177 |
+
* fixed XSS security vulnerability on LWA settings page allowing code injection if an authorized user follows a properly structured url to that page, this does not affect the security of the login forms, only the settings page. Kudos Neven Biruski from DefenceCode for responsible disclosure.
|
| 178 |
+
* changed our hooks logout_url and login_redirect added as actions to filters which prevented functionality in some situations
|
| 179 |
+
|
| 180 |
= 3.1.6 =
|
| 181 |
* added Persian translation, thanks to Mohammad Akbari
|
| 182 |
* fixed PHP 7 deprecated construct error
|
