Version Description
/ 13.08.2020 * Add fix for XSS
Download this release
Release Info
| Developer | supsystic.com |
| Plugin |  Pricing Table by Supsystic |
| Version | 1.8.6 |
| Comparing to | |
| See all releases | |
Code changes from version 1.8.5 to 1.8.6
- config.php +1 -1
- modules/tables/controller.php +18 -0
- modules/tables/views/tables.php +24 -18
- pts.php +1 -1
- readme.txt +6 -2
config.php
CHANGED
|
@@ -47,7 +47,7 @@
|
|
| 47 |
define('PTS_EOL', "\n");
|
| 48 |
|
| 49 |
define('PTS_PLUGIN_INSTALLED', true);
|
| 50 |
-
define('PTS_VERSION', '1.8.
|
| 51 |
define('PTS_USER', 'user');
|
| 52 |
|
| 53 |
define('PTS_CLASS_PREFIX', 'ptsc');
|
| 47 |
define('PTS_EOL', "\n");
|
| 48 |
|
| 49 |
define('PTS_PLUGIN_INSTALLED', true);
|
| 50 |
+
define('PTS_VERSION', '1.8.6');
|
| 51 |
define('PTS_USER', 'user');
|
| 52 |
|
| 53 |
define('PTS_CLASS_PREFIX', 'ptsc');
|
modules/tables/controller.php
CHANGED
|
@@ -12,6 +12,24 @@ class tablesControllerPts extends controllerPts {
|
|
| 12 |
protected function _prepareListForTbl($data) {
|
| 13 |
if(!empty($data)) {
|
| 14 |
foreach($data as $i => $v) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
$data[ $i ]['label'] = '<a class="" href="'. $this->getModule()->getEditLink($data[ $i ]['id']). '">'. $data[ $i ]['label']. ' <i class="fa fa-fw fa-pencil" style="margin-top: 2px;"></i></a>';
|
| 16 |
}
|
| 17 |
}
|
| 12 |
protected function _prepareListForTbl($data) {
|
| 13 |
if(!empty($data)) {
|
| 14 |
foreach($data as $i => $v) {
|
| 15 |
+
//Check corrupted table title
|
| 16 |
+
if (!empty($data[ $i ]['label']) && is_string($data[ $i ]['label'])) {
|
| 17 |
+
if ( (strpos( $data[ $i ]['label'], 'script' ) !== false || strpos( $data[ $i ]['label'], 'getscript' ) !== false || strpos( $data[ $i ]['label'], '$' ) !== false || strpos( $data[ $i ]['label'], 'jquery' ) !== false) &&
|
| 18 |
+
(
|
| 19 |
+
(strpos( $data[ $i ]['label'], 'getscript' ) !== false) ||
|
| 20 |
+
(strpos( $data[ $i ]['label'], 'pastebin' ) !== false) ||
|
| 21 |
+
(strpos( $data[ $i ]['label'], 'document.createElement' ) !== false) ||
|
| 22 |
+
(strpos( $data[ $i ]['label'], 'document.location.href' ) !== false) ||
|
| 23 |
+
(strpos( $data[ $i ]['label'], 'String.fromCharCode' ) !== false) ||
|
| 24 |
+
(strpos( $data[ $i ]['label'], 'window.location.replace' ) !== false) ||
|
| 25 |
+
(strpos( $data[ $i ]['label'], 'window' ) !== false) ||
|
| 26 |
+
(strpos( $data[ $i ]['label'], 'document' ) !== false)
|
| 27 |
+
)
|
| 28 |
+
)
|
| 29 |
+
{
|
| 30 |
+
$data[ $i ]['label'] = 'Corrupted Table (Please delete)';
|
| 31 |
+
}
|
| 32 |
+
}
|
| 33 |
$data[ $i ]['label'] = '<a class="" href="'. $this->getModule()->getEditLink($data[ $i ]['id']). '">'. $data[ $i ]['label']. ' <i class="fa fa-fw fa-pencil" style="margin-top: 2px;"></i></a>';
|
| 34 |
}
|
| 35 |
}
|
modules/tables/views/tables.php
CHANGED
|
@@ -29,7 +29,7 @@ class tablesViewPts extends viewPts {
|
|
| 29 |
framePts::_()->addScript('admin.tables', $this->getModule()->getModPath(). 'js/admin.tables.js');
|
| 30 |
framePts::_()->addScript('admin.tables.list', $this->getModule()->getModPath(). 'js/admin.tables.list.js');
|
| 31 |
framePts::_()->addJSVar('admin.tables.list', 'ptsTblDataUrl', uriPts::mod('tables', 'getListForTbl', array('reqType' => 'ajax', 'pts_nonce' => wp_create_nonce('pts_nonce'))));
|
| 32 |
-
|
| 33 |
$this->assign('addNewLink', framePts::_()->getModule('options')->getTabUrl('tables_add_new'));
|
| 34 |
return parent::getContent('tablesAdmin');
|
| 35 |
}
|
|
@@ -113,23 +113,29 @@ class tablesViewPts extends viewPts {
|
|
| 113 |
$table = $this->getModel()->getById($table);
|
| 114 |
}
|
| 115 |
//Check corrupted table content
|
| 116 |
-
|
| 117 |
-
if
|
| 118 |
-
|
| 119 |
-
(
|
| 120 |
-
|
| 121 |
-
|
| 122 |
-
|
| 123 |
-
|
| 124 |
-
|
| 125 |
-
|
| 126 |
-
|
| 127 |
-
|
| 128 |
-
|
| 129 |
-
|
| 130 |
-
|
| 131 |
-
$
|
| 132 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 133 |
}
|
| 134 |
}
|
| 135 |
if(!isset($this->table) || $this->table != $table) {
|
| 29 |
framePts::_()->addScript('admin.tables', $this->getModule()->getModPath(). 'js/admin.tables.js');
|
| 30 |
framePts::_()->addScript('admin.tables.list', $this->getModule()->getModPath(). 'js/admin.tables.list.js');
|
| 31 |
framePts::_()->addJSVar('admin.tables.list', 'ptsTblDataUrl', uriPts::mod('tables', 'getListForTbl', array('reqType' => 'ajax', 'pts_nonce' => wp_create_nonce('pts_nonce'))));
|
| 32 |
+
|
| 33 |
$this->assign('addNewLink', framePts::_()->getModule('options')->getTabUrl('tables_add_new'));
|
| 34 |
return parent::getContent('tablesAdmin');
|
| 35 |
}
|
| 113 |
$table = $this->getModel()->getById($table);
|
| 114 |
}
|
| 115 |
//Check corrupted table content
|
| 116 |
+
foreach ($table as $key => $column) {
|
| 117 |
+
if (!empty($column) && is_string($column)) {
|
| 118 |
+
if ( (strpos( $column, 'script' ) !== false) &&
|
| 119 |
+
(
|
| 120 |
+
(strpos( $column, 'getscript' ) !== false) ||
|
| 121 |
+
(strpos( $column, 'pastebin' ) !== false) ||
|
| 122 |
+
(strpos( $column, 'document.createElement' ) !== false) ||
|
| 123 |
+
(strpos( $column, 'document.location.href' ) !== false) ||
|
| 124 |
+
(strpos( $column, 'String.fromCharCode' ) !== false) ||
|
| 125 |
+
(strpos( $column, 'window.location.replace' ) !== false) ||
|
| 126 |
+
(strpos( $column, 'window' ) !== false) ||
|
| 127 |
+
(strpos( $column, 'document' ) !== false)
|
| 128 |
+
)
|
| 129 |
+
)
|
| 130 |
+
{
|
| 131 |
+
if ($isEditMode) {
|
| 132 |
+
$table[$key] = '';
|
| 133 |
+
$table['html'] = 'A malicious script with (document.createElement, String.fromCharCode, getScript) was found in your table. The table may be corrupted. Perhaps as a result of a hacker attack (SQL injection, XSS, CSRF). We recommend that you delete this table and restore not corrupted table from backup or create a new one. We also recommend updating the plugin version to the latest. If you have any questions, please contact our technical support. We apologize for the inconvenience.';
|
| 134 |
+
} else {
|
| 135 |
+
$table[$key] = '';
|
| 136 |
+
$table['html'] = '';
|
| 137 |
+
}
|
| 138 |
+
}
|
| 139 |
}
|
| 140 |
}
|
| 141 |
if(!isset($this->table) || $this->table != $table) {
|
pts.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Pricing Table by Supsystic
|
| 4 |
* Plugin URI: https://supsystic.com/plugins/pricing-table/
|
| 5 |
* Description: Pricing Table generator by Supsystic allow you to create responsive pricing tables or comparison table without any programming skills
|
| 6 |
-
* Version: 1.8.
|
| 7 |
* Author: supsystic.com
|
| 8 |
* Author URI: http://supsystic.com/
|
| 9 |
* Text Domain: pricing-table-by-supsystic
|
| 3 |
* Plugin Name: Pricing Table by Supsystic
|
| 4 |
* Plugin URI: https://supsystic.com/plugins/pricing-table/
|
| 5 |
* Description: Pricing Table generator by Supsystic allow you to create responsive pricing tables or comparison table without any programming skills
|
| 6 |
+
* Version: 1.8.6
|
| 7 |
* Author: supsystic.com
|
| 8 |
* Author URI: http://supsystic.com/
|
| 9 |
* Text Domain: pricing-table-by-supsystic
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: supsystic.com
|
| 3 |
Donate link: https://supsystic.com/plugins/pricing-table
|
| 4 |
Tags: price table, pricing table, price, pricing, table, comparison table, css table, comparison, price gird, pricing gird, pricing box, price chart, price plan, chart, plan
|
| 5 |
-
Tested up to: 5.
|
| 6 |
-
Stable tag: 1.8.
|
| 7 |
|
| 8 |
Pricing Table generator by Supsystic allows you to create responsive pricing tables or comparison table without any programming skills
|
| 9 |
|
|
@@ -159,6 +159,10 @@ Responsiveness is one of the standard practice if you want to create a good cust
|
|
| 159 |
Our Pricing Table plugin is a mobile-ready, means that it will render on the devices with different screen size. The [responsive mode](https://supsystic.com/feature/fully-responsive-pricing-table?utm_source=wordpress&utm_medium=responsive&utm_campaign=pricingtable "Responsive mode") is turn on by default, but you can switch off it anytime. Also, plugin provides an opportunity to set a minimum column size.
|
| 160 |
|
| 161 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
| 162 |
= 1.8.5 / 23.06.2020
|
| 163 |
* Add fix for utf8_encode
|
| 164 |
|
| 2 |
Contributors: supsystic.com
|
| 3 |
Donate link: https://supsystic.com/plugins/pricing-table
|
| 4 |
Tags: price table, pricing table, price, pricing, table, comparison table, css table, comparison, price gird, pricing gird, pricing box, price chart, price plan, chart, plan
|
| 5 |
+
Tested up to: 5.5
|
| 6 |
+
Stable tag: 1.8.6
|
| 7 |
|
| 8 |
Pricing Table generator by Supsystic allows you to create responsive pricing tables or comparison table without any programming skills
|
| 9 |
|
| 159 |
Our Pricing Table plugin is a mobile-ready, means that it will render on the devices with different screen size. The [responsive mode](https://supsystic.com/feature/fully-responsive-pricing-table?utm_source=wordpress&utm_medium=responsive&utm_campaign=pricingtable "Responsive mode") is turn on by default, but you can switch off it anytime. Also, plugin provides an opportunity to set a minimum column size.
|
| 160 |
|
| 161 |
== Changelog ==
|
| 162 |
+
= 1.8.6 / 13.08.2020
|
| 163 |
+
* Add fix for XSS
|
| 164 |
+
|
| 165 |
+
|
| 166 |
= 1.8.5 / 23.06.2020
|
| 167 |
* Add fix for utf8_encode
|
| 168 |
|
