Version Description
Fixed problem of Directory-Traversal. ThanksPlugin Vulnerabilities.
Download this release
Release Info
| Developer | Katsushi Kawamori |
| Plugin |  Media from FTP |
| Version | 9.86 |
| Comparing to | |
| See all releases | |
Code changes from version 9.85 to 9.86
- mediafromftp.php +1 -1
- readme.txt +7 -1
- req/MediaFromFtpAdmin.php +4 -8
mediafromftp.php
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
/*
|
| 3 |
Plugin Name: Media from FTP
|
| 4 |
Plugin URI: https://wordpress.org/plugins/media-from-ftp/
|
| 5 |
-
Version: 9.
|
| 6 |
Description: Register to media library from files that have been uploaded by FTP.
|
| 7 |
Author: Katsushi Kawamori
|
| 8 |
Author URI: https://riverforest-wp.info/
|
| 2 |
/*
|
| 3 |
Plugin Name: Media from FTP
|
| 4 |
Plugin URI: https://wordpress.org/plugins/media-from-ftp/
|
| 5 |
+
Version: 9.86
|
| 6 |
Description: Register to media library from files that have been uploaded by FTP.
|
| 7 |
Author: Katsushi Kawamori
|
| 8 |
Author URI: https://riverforest-wp.info/
|
readme.txt
CHANGED
|
@@ -5,7 +5,7 @@ Tags: files, ftp, import, media, sync, uploads
|
|
| 5 |
Requires at least: 3.6.0
|
| 6 |
Requires PHP: 5.3.0
|
| 7 |
Tested up to: 4.9
|
| 8 |
-
Stable tag: 9.
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
|
@@ -116,6 +116,9 @@ Register to media library from files that have been uploaded by FTP.
|
|
| 116 |
|
| 117 |
== Changelog ==
|
| 118 |
|
|
|
|
|
|
|
|
|
|
| 119 |
= 9.85 =
|
| 120 |
Fixed problem of Directory-Traversal. Thanks[wpl0v3r](https://wordpress.org/support/users/wpl0v3r/).
|
| 121 |
|
|
@@ -136,6 +139,9 @@ Fixed [PHP Object Injection Vulnerability](https://www.pluginvulnerabilities.com
|
|
| 136 |
|
| 137 |
== Upgrade Notice ==
|
| 138 |
|
|
|
|
|
|
|
|
|
|
| 139 |
= 9.85 =
|
| 140 |
Fixed problem of Directory-Traversal. Thanks[wpl0v3r](https://wordpress.org/support/users/wpl0v3r/).
|
| 141 |
|
| 5 |
Requires at least: 3.6.0
|
| 6 |
Requires PHP: 5.3.0
|
| 7 |
Tested up to: 4.9
|
| 8 |
+
Stable tag: 9.86
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
| 116 |
|
| 117 |
== Changelog ==
|
| 118 |
|
| 119 |
+
= 9.86 =
|
| 120 |
+
Fixed problem of Directory-Traversal. Thanks[Plugin Vulnerabilities](https://www.pluginvulnerabilities.com/).
|
| 121 |
+
|
| 122 |
= 9.85 =
|
| 123 |
Fixed problem of Directory-Traversal. Thanks[wpl0v3r](https://wordpress.org/support/users/wpl0v3r/).
|
| 124 |
|
| 139 |
|
| 140 |
== Upgrade Notice ==
|
| 141 |
|
| 142 |
+
= 9.86 =
|
| 143 |
+
Fixed problem of Directory-Traversal. Thanks[Plugin Vulnerabilities](https://www.pluginvulnerabilities.com/).
|
| 144 |
+
|
| 145 |
= 9.85 =
|
| 146 |
Fixed problem of Directory-Traversal. Thanks[wpl0v3r](https://wordpress.org/support/users/wpl0v3r/).
|
| 147 |
|
req/MediaFromFtpAdmin.php
CHANGED
|
@@ -1638,14 +1638,10 @@ class MediaFromFtpAdmin {
|
|
| 1638 |
}
|
| 1639 |
$basedir = $mediafromftp_settings['basedir'];
|
| 1640 |
if (!empty($_POST['searchdir'])){
|
| 1641 |
-
|
| 1642 |
-
|
| 1643 |
-
|
| 1644 |
-
|
| 1645 |
-
$basedir = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
|
| 1646 |
-
}
|
| 1647 |
-
} else {
|
| 1648 |
-
$searchdir = urldecode($_POST['searchdir']);
|
| 1649 |
}
|
| 1650 |
} else {
|
| 1651 |
$searchdir = $mediafromftp_settings['searchdir'];
|
| 1638 |
}
|
| 1639 |
$basedir = $mediafromftp_settings['basedir'];
|
| 1640 |
if (!empty($_POST['searchdir'])){
|
| 1641 |
+
$searchdir = urldecode($_POST['searchdir']);
|
| 1642 |
+
if ( strpos( realpath(wp_normalize_path(ABSPATH.$searchdir)), MEDIAFROMFTP_PLUGIN_UPLOAD_DIR) === FALSE ) {
|
| 1643 |
+
$searchdir = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
|
| 1644 |
+
$basedir = MEDIAFROMFTP_PLUGIN_UPLOAD_PATH;
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1645 |
}
|
| 1646 |
} else {
|
| 1647 |
$searchdir = $mediafromftp_settings['searchdir'];
|
