myCRED - Version 2.4.4.2

Version Description

  • Code Improvements
Download this release

Release Info

Developer wpexpertsio
Plugin Icon 128x128 myCRED
Version 2.4.4.2
Comparing to
See all releases

Code changes from version 2.4.4.2-beta.3 to 2.4.4.2

Files changed (8) hide show
  1. addons/buy-creds/gateways/netbilling.php +2 -2
  2. addons/buy-creds/gateways/skrill.php +1 -1
  3. addons/buy-creds/modules/buycred-module-core.php +1 -1
  4. addons/cash-creds/modules/cashcred-module-withdrawal.php +3 -3
  5. addons/ranks/myCRED-addon-ranks.php +1 -1
  6. addons/stats/includes/mycred-stats-object.php +1 -1
  7. addons/transfer/myCRED-addon-transfer.php +2 -2
  8. readme.txt +10 -6
addons/buy-creds/gateways/netbilling.php CHANGED
@@ -63,13 +63,13 @@ if (! class_exists('myCRED_NETbilling') ) :
63
  $result = true;
64
 
65
  // Accounts Match
66
- $account = explode(':', $_REQUEST['Ecom_Ezic_AccountAndSitetag']);
67
  if ($account[0] != $this->prefs['account'] || $account[1] != $this->prefs['site_tag'] ) {
68
  $result = false;
69
  }
70
 
71
  // Crypto Check
72
- $crypto_check = md5($this->prefs['cryptokey'] . $_REQUEST['Ecom_Cost_Total'] . $_REQUEST['Ecom_Receipt_Description']);
73
  if ($crypto_check != $_REQUEST['Ecom_Ezic_Security_HashValue_MD5'] ) {
74
  $result = false;
75
  }
63
  $result = true;
64
 
65
  // Accounts Match
66
+ $account = explode(':', sanitize_text_field( $_REQUEST['Ecom_Ezic_AccountAndSitetag'] ));
67
  if ($account[0] != $this->prefs['account'] || $account[1] != $this->prefs['site_tag'] ) {
68
  $result = false;
69
  }
70
 
71
  // Crypto Check
72
+ $crypto_check = md5($this->prefs['cryptokey'] . sanitize_text_field($_REQUEST['Ecom_Cost_Total']) . sanitize_text_field($_REQUEST['Ecom_Receipt_Description']));
73
  if ($crypto_check != $_REQUEST['Ecom_Ezic_Security_HashValue_MD5'] ) {
74
  $result = false;
75
  }
addons/buy-creds/gateways/skrill.php CHANGED
@@ -60,7 +60,7 @@ if (! class_exists('myCRED_Skrill') ) :
60
 
61
  $result = true;
62
 
63
- $check = $_POST['merchant_id'] . $_POST['transaction_id'] . strtoupper(md5($this->prefs['word'])) . $_POST['mb_amount'] . $_POST['mb_currency'] . $_POST['status'];
64
  if (strtoupper(md5($check)) !== $_POST['md5sig'] ) {
65
  $result = false;
66
  }
60
 
61
  $result = true;
62
 
63
+ $check = sanitize_text_field($_POST['merchant_id']) . sanitize_text_field($_POST['transaction_id']) . strtoupper(md5($this->prefs['word'])) . sanitize_text_field($_POST['mb_amount']) . sanitize_text_field($_POST['mb_currency']) . sanitize_text_field($_POST['status']);
64
  if (strtoupper(md5($check)) !== $_POST['md5sig'] ) {
65
  $result = false;
66
  }
addons/buy-creds/modules/buycred-module-core.php CHANGED
@@ -1036,7 +1036,7 @@ jQuery(function($) {
1036
  public function purchase_log_page()
1037
  {
1038
 
1039
- $point_type = str_replace('mycred-purchases-', '', $_GET['page']);
1040
  $installed = $this->get();
1041
 
1042
  $mycred = $this->core;
1036
  public function purchase_log_page()
1037
  {
1038
 
1039
+ $point_type = str_replace('mycred-purchases-', '', sanitize_key( $_GET['page'] ) );
1040
  $installed = $this->get();
1041
 
1042
  $mycred = $this->core;
addons/cash-creds/modules/cashcred-module-withdrawal.php CHANGED
@@ -117,7 +117,7 @@ if (! class_exists('cashCRED_Pending_Payments') ) :
117
 
118
  $current_plugin = '';
119
  if(isset($_GET['Status']) ) {
120
- $current_plugin = $_GET['Status'];
121
  }
122
  ?>
123
  <select name="Status" id="Status">
@@ -133,7 +133,7 @@ if (! class_exists('cashCRED_Pending_Payments') ) :
133
  <?php
134
  $current_selected = '';
135
  if(isset($_GET['gateway']) ) {
136
- $current_selected = $_GET['gateway']; // Check if option has been selected
137
  }
138
  ?>
139
  <select name="gateway" id="gateway">
@@ -150,7 +150,7 @@ if (! class_exists('cashCRED_Pending_Payments') ) :
150
  <?php
151
  $current_user = '';
152
  if(isset($_GET['user_id']) ) {
153
- $current_user = $_GET['user_id']; // Check if option has been selected
154
  }
155
  $users = get_users(array( 'fields' => array( 'ID' , 'user_nicename') ));
156
  ?>
117
 
118
  $current_plugin = '';
119
  if(isset($_GET['Status']) ) {
120
+ $current_plugin = sanitize_key( $_GET['Status'] );
121
  }
122
  ?>
123
  <select name="Status" id="Status">
133
  <?php
134
  $current_selected = '';
135
  if(isset($_GET['gateway']) ) {
136
+ $current_selected = sanitize_key( $_GET['gateway'] ); // Check if option has been selected
137
  }
138
  ?>
139
  <select name="gateway" id="gateway">
150
  <?php
151
  $current_user = '';
152
  if(isset($_GET['user_id']) ) {
153
+ $current_user = absint( $_GET['user_id'] ); // Check if option has been selected
154
  }
155
  $users = get_users(array( 'fields' => array( 'ID' , 'user_nicename') ));
156
  ?>
addons/ranks/myCRED-addon-ranks.php CHANGED
@@ -1211,7 +1211,7 @@ if ( ! class_exists( 'myCRED_Ranks_Module' ) ) :
1211
  $query->set( 'meta_query', array(
1212
  array(
1213
  'key' => 'ctype',
1214
- 'value' => $_GET['ctype'],
1215
  'compare' => '='
1216
  )
1217
  ) );
1211
  $query->set( 'meta_query', array(
1212
  array(
1213
  'key' => 'ctype',
1214
+ 'value' => sanitize_key( $_GET['ctype'] ),
1215
  'compare' => '='
1216
  )
1217
  ) );
addons/stats/includes/mycred-stats-object.php CHANGED
@@ -437,7 +437,7 @@ if (! class_exists('myCRED_Chart') ) :
437
 
438
  $element_id = $this->generate_element_id();
439
  $element_style = $this->get_canvas_styling();
440
- $output = '<div class="chart-container ' . MYCRED_SLUG . '-chart-container"><canvas class="' . MYCRED_SLUG . '-chart-canvas" ' . $element_style . ' id="' . $element_id . '"></canvas></div>';
441
 
442
  $mycred_charts[ $element_id ] = $chart;
443
 
437
 
438
  $element_id = $this->generate_element_id();
439
  $element_style = $this->get_canvas_styling();
440
+ $output = '<div class="chart-container ' . MYCRED_SLUG . '-chart-container"><canvas class="' . MYCRED_SLUG . '-chart-canvas" ' . $element_style . ' id="' . $element_id . '" height="'. $this->args['height'] . ' "></canvas></div>';
441
 
442
  $mycred_charts[ $element_id ] = $chart;
443
 
addons/transfer/myCRED-addon-transfer.php CHANGED
@@ -324,10 +324,10 @@ if (! class_exists('myCRED_Transfer_Module') ) :
324
  <?php
325
 
326
  foreach ( $yes_no as $value => $label ) {
327
- echo '<option value="' . $value . '"';
328
  if ($settings['reload'] == $value ) { echo ' selected="selected"';
329
  }
330
- echo '>' . $label . '</option>';
331
  }
332
 
333
  ?>
324
  <?php
325
 
326
  foreach ( $yes_no as $value => $label ) {
327
+ echo '<option value="' . esc_attr( $value ) . '"';
328
  if ($settings['reload'] == $value ) { echo ' selected="selected"';
329
  }
330
+ echo '>' . esc_html( $label ) . '</option>';
331
  }
332
 
333
  ?>
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: mycred,wpexpertsio
3
  Tags: badges, gamification, loyalty, points, rewards
4
  Requires at least: 4.8
5
  Tested up to: 5.9.3
6
- Stable tag: 2.4.4.1
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -301,13 +301,10 @@ You can find a list of [frequently asked questions](https://mycred.me/about/faq/
301
  == Upgrade Notice ==
302
 
303
  = 2.4.4.2 =
304
- * **Improvements**
305
- * Patched security vulnerability.
306
 
307
  = 2.4.4.1 =
308
- * **Improvements**
309
- * Patched security vulnerability.
310
- * Badge UI Fix.
311
 
312
  = 2.4.4 =
313
  New features and Bug fixes.
@@ -366,6 +363,13 @@ The banking module have been replaced by Central deposite module, and interest r
366
 
367
  == Changelog ==
368
 
 
 
 
 
 
 
 
369
  = 2.4.4 =
370
  - **NEW** - All registered references will be listed on the support page.
371
  - **NEW** - Added Gutenberg blocks for the following shortcodes mycred_cahcred, mycred_badges_list, mycred_buy_pending, mycred_chart_circulation, mycred_chart_gain_loss, mycred_chart_history, mycred_chart_balance_history, mycred_chart_top_balance, mycred_chart_instance_history and mycred_chart_top_instance.
3
  Tags: badges, gamification, loyalty, points, rewards
4
  Requires at least: 4.8
5
  Tested up to: 5.9.3
6
+ Stable tag: 2.4.4.2
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
301
  == Upgrade Notice ==
302
 
303
  = 2.4.4.2 =
304
+ * Code Improvements
 
305
 
306
  = 2.4.4.1 =
307
+ * Code Improvements
 
 
308
 
309
  = 2.4.4 =
310
  New features and Bug fixes.
363
 
364
  == Changelog ==
365
 
366
+ = 2.4.4.2 =
367
+ * **TWEAK** - Patched security vulnerability.
368
+
369
+ = 2.4.4.1 =
370
+ * **TWEAK** - Patched security vulnerability.
371
+ * **FIX** - Badge UI Fix.
372
+
373
  = 2.4.4 =
374
  - **NEW** - All registered references will be listed on the support page.
375
  - **NEW** - Added Gutenberg blocks for the following shortcodes mycred_cahcred, mycred_badges_list, mycred_buy_pending, mycred_chart_circulation, mycred_chart_gain_loss, mycred_chart_history, mycred_chart_balance_history, mycred_chart_top_balance, mycred_chart_instance_history and mycred_chart_top_instance.