Version Description
(2012.08.10) = * Fixed possible XSS attack vulnerability
Download this release
Release Info
| Developer | robfelty |
| Plugin |  Postie |
| Version | 1.4.4 |
| Comparing to | |
| See all releases | |
Code changes from version 1.4.3 to 1.4.4
- Revision +2 -2
- get_mail.php +7 -1
- postie.php +2 -2
- readme.txt +9 -3
Revision
CHANGED
|
@@ -1,2 +1,2 @@
|
|
| 1 |
-
Revision:
|
| 2 |
-
Last Changed Date: 2011-
|
| 1 |
+
Revision: 584134
|
| 2 |
+
Last Changed Date: 2011-12-12 23:28:29 -0500 (Mon, 12 Dec 2011)
|
get_mail.php
CHANGED
|
@@ -33,6 +33,12 @@ foreach ($emails as $email) {
|
|
| 33 |
"\n";
|
| 34 |
continue;
|
| 35 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 36 |
$message='';
|
| 37 |
$mimeDecodedEmail = DecodeMIMEMail($email, true);
|
| 38 |
$from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"]));
|
|
@@ -61,4 +67,4 @@ print("</pre>\n");
|
|
| 61 |
/* END PROGRAM */
|
| 62 |
|
| 63 |
// end of script
|
| 64 |
-
?>
|
| 33 |
"\n";
|
| 34 |
continue;
|
| 35 |
}
|
| 36 |
+
// check for XSS attacks - we disallow any javascript, meta, onload, or base64
|
| 37 |
+
if (preg_match("/.*(script|onload|meta|base64).*/is", $email)) {
|
| 38 |
+
echo "possible XSS attack - ignoring email\n";
|
| 39 |
+
continue;
|
| 40 |
+
}
|
| 41 |
+
|
| 42 |
$message='';
|
| 43 |
$mimeDecodedEmail = DecodeMIMEMail($email, true);
|
| 44 |
$from = RemoveExtraCharactersInEmailAddress(trim($mimeDecodedEmail->headers["from"]));
|
| 67 |
/* END PROGRAM */
|
| 68 |
|
| 69 |
// end of script
|
| 70 |
+
?>
|
postie.php
CHANGED
|
@@ -3,13 +3,13 @@
|
|
| 3 |
Plugin Name: Postie
|
| 4 |
Plugin URI: http://blog.robfelty.com/plugins/postie
|
| 5 |
Description: Signifigantly upgrades the posting by mail features of Word Press (See <a href='options-general.php?page=postie/postie.php'>Settings and options</a>) to configure your e-mail settings. See the <a href='http://wordpress.org/extend/plugins/postie/other_notes'>Readme</a> for usage. Visit the <a href='http://forum.robfelty.com/forum/postie'>postie forum</a> for support.
|
| 6 |
-
Version: 1.4.
|
| 7 |
Author: Robert Felty
|
| 8 |
Author URI: http://blog.robfelty.com/
|
| 9 |
*/
|
| 10 |
|
| 11 |
/*
|
| 12 |
-
$Id: postie.php
|
| 13 |
* -= Requests Pending =-
|
| 14 |
* German Umlats don't work
|
| 15 |
* Problems under PHP5
|
| 3 |
Plugin Name: Postie
|
| 4 |
Plugin URI: http://blog.robfelty.com/plugins/postie
|
| 5 |
Description: Signifigantly upgrades the posting by mail features of Word Press (See <a href='options-general.php?page=postie/postie.php'>Settings and options</a>) to configure your e-mail settings. See the <a href='http://wordpress.org/extend/plugins/postie/other_notes'>Readme</a> for usage. Visit the <a href='http://forum.robfelty.com/forum/postie'>postie forum</a> for support.
|
| 6 |
+
Version: 1.4.4
|
| 7 |
Author: Robert Felty
|
| 8 |
Author URI: http://blog.robfelty.com/
|
| 9 |
*/
|
| 10 |
|
| 11 |
/*
|
| 12 |
+
$Id: postie.php 584135 2012-08-11 04:02:39Z robfelty $
|
| 13 |
* -= Requests Pending =-
|
| 14 |
* German Umlats don't work
|
| 15 |
* Problems under PHP5
|
readme.txt
CHANGED
|
@@ -4,8 +4,8 @@ Donate link: http://blog.robfelty.com/plugins/postie
|
|
| 4 |
Plugin URI: http://blog.robfelty.com/plugins/postie
|
| 5 |
Tags: e-mail, email
|
| 6 |
Requires at least: 2.8
|
| 7 |
-
Tested up to: 3.
|
| 8 |
-
Stable tag: 1.4.
|
| 9 |
|
| 10 |
The Postie plugin allows you to blog via e-mail, including many advanced
|
| 11 |
features not found in wordpress's default post by e-mail feature.
|
|
@@ -19,6 +19,9 @@ imap and pop3, with the option for ssl with both. For usage notes, see the
|
|
| 19 |
|
| 20 |
= What's new? =
|
| 21 |
|
|
|
|
|
|
|
|
|
|
| 22 |
* 1.4.3 (2011.12.12)
|
| 23 |
* Removed get_user_by function to make compatible with wp 3.3 - now requires
|
| 24 |
2.8+
|
|
@@ -354,12 +357,15 @@ option to convert url into links turned on)
|
|
| 354 |
|
| 355 |
== CHANGELOG ==
|
| 356 |
|
| 357 |
-
= 1.4.
|
| 358 |
* TODO - fix corruption of rtf attachments
|
| 359 |
* TODO - add port checking in tests
|
| 360 |
* TODO - non-image uploads get ignored in content when using autogallery - see
|
| 361 |
replaceimageplaceholders
|
| 362 |
|
|
|
|
|
|
|
|
|
|
| 363 |
= 1.4.3 =
|
| 364 |
* Removed get_user_by function to make compatible with wp 3.3 - now requires
|
| 365 |
2.8+
|
| 4 |
Plugin URI: http://blog.robfelty.com/plugins/postie
|
| 5 |
Tags: e-mail, email
|
| 6 |
Requires at least: 2.8
|
| 7 |
+
Tested up to: 3.4.1
|
| 8 |
+
Stable tag: 1.4.4
|
| 9 |
|
| 10 |
The Postie plugin allows you to blog via e-mail, including many advanced
|
| 11 |
features not found in wordpress's default post by e-mail feature.
|
| 19 |
|
| 20 |
= What's new? =
|
| 21 |
|
| 22 |
+
* 1.4.4 (2012.08.10)
|
| 23 |
+
* Fixed possible XSS attack vulnerability
|
| 24 |
+
|
| 25 |
* 1.4.3 (2011.12.12)
|
| 26 |
* Removed get_user_by function to make compatible with wp 3.3 - now requires
|
| 27 |
2.8+
|
| 357 |
|
| 358 |
== CHANGELOG ==
|
| 359 |
|
| 360 |
+
= 1.4.5 =
|
| 361 |
* TODO - fix corruption of rtf attachments
|
| 362 |
* TODO - add port checking in tests
|
| 363 |
* TODO - non-image uploads get ignored in content when using autogallery - see
|
| 364 |
replaceimageplaceholders
|
| 365 |
|
| 366 |
+
= 1.4.4 (2012.08.10) =
|
| 367 |
+
* Fixed possible XSS attack vulnerability
|
| 368 |
+
|
| 369 |
= 1.4.3 =
|
| 370 |
* Removed get_user_by function to make compatible with wp 3.3 - now requires
|
| 371 |
2.8+
|
