Version Description
This is a maintenance and security release, with thanks to RIPS Technologies for the responsible disclosure of several security concerns.
- Fixed an escaped URL that should've allowed some HTML links.
- Patched a potential security vulnerability with file path traversals.
- Patched a potential security vulnerability that allowed writing to arbitrary files.
- Patched a few Cross Site Scripting (XSS) vulnerabilities.
- Removed unused code that might allow file creation.
Download this release
Release Info
| Developer | Clorith |
| Plugin |  String locator |
| Version | 2.3.1 |
| Comparing to | |
| See all releases | |
Code changes from version 2.3.0 to 2.3.1
- editor.php +14 -7
- options.php +4 -0
- readme.txt +10 -1
- string-locator.php +32 -23
editor.php
CHANGED
|
@@ -1,7 +1,14 @@
|
|
| 1 |
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
global $string_locator;
|
| 3 |
$editor_content = "";
|
|
|
|
|
|
|
| 4 |
$file = $_GET['string-locator-path'];
|
|
|
|
| 5 |
$details = array();
|
| 6 |
$this_url = admin_url( ( is_multisite() ? 'network/admin.php' : 'tools.php' ) . '?page=string-locator' );
|
| 7 |
|
|
@@ -74,20 +81,20 @@
|
|
| 74 |
<a href="<?php echo esc_url( $this_url . '&restore=true' ); ?>" class="button button-primary"><?php esc_html_e( 'Return to search results', 'string-locator' ); ?></a>
|
| 75 |
</h1>
|
| 76 |
|
| 77 |
-
<form action="<?php echo (
|
| 78 |
<div class="string-locator-edit-wrap">
|
| 79 |
-
<textarea name="string-locator-editor-content" class="string-locator-editor" id="code-editor" data-editor-goto-line="<?php echo $_GET['string-locator-line']; ?>" data-editor-language="<?php echo $string_locator->string_locator_language; ?>" autofocus="autofocus"><?php echo esc_html( $editor_content ); ?></textarea>
|
| 80 |
</div>
|
| 81 |
|
| 82 |
<div class="string-locator-sidebar-wrap">
|
| 83 |
<div class="string-locator-details">
|
| 84 |
<div class="string-locator-theme-details">
|
| 85 |
-
<h2><?php echo $details['name']; ?> <small>v. <?php echo $details['version']; ?></small></h2>
|
| 86 |
<p>
|
| 87 |
-
<?php esc_html_e( 'By', 'string-locator' ); ?> <a href="<?php echo $details['author']['uri']; ?>" target="_blank"><?php echo $details['author']['name']; ?></a>
|
| 88 |
</p>
|
| 89 |
<p>
|
| 90 |
-
<?php echo $details['description'] ?>
|
| 91 |
</p>
|
| 92 |
</div>
|
| 93 |
|
|
@@ -107,7 +114,7 @@
|
|
| 107 |
</p>
|
| 108 |
|
| 109 |
<p>
|
| 110 |
-
<?php
|
| 111 |
</p>
|
| 112 |
</div>
|
| 113 |
|
|
@@ -122,7 +129,7 @@
|
|
| 122 |
<strong><?php esc_html_e( 'Warning:', 'string-locator' ); ?></strong> <?php esc_html_e( 'You appear to be editing a Core file.', 'string-locator' ); ?>
|
| 123 |
</p>
|
| 124 |
<p>
|
| 125 |
-
<?php
|
| 126 |
</p>
|
| 127 |
</div>
|
| 128 |
<?php } ?>
|
| 1 |
<?php
|
| 2 |
+
if ( ! defined( 'ABSPATH' ) ) {
|
| 3 |
+
die();
|
| 4 |
+
}
|
| 5 |
+
|
| 6 |
global $string_locator;
|
| 7 |
$editor_content = "";
|
| 8 |
+
|
| 9 |
+
// $file is validated in String_Locator::is_valid_location() before this page can be loaded through String_Locator::options_page().
|
| 10 |
$file = $_GET['string-locator-path'];
|
| 11 |
+
|
| 12 |
$details = array();
|
| 13 |
$this_url = admin_url( ( is_multisite() ? 'network/admin.php' : 'tools.php' ) . '?page=string-locator' );
|
| 14 |
|
| 81 |
<a href="<?php echo esc_url( $this_url . '&restore=true' ); ?>" class="button button-primary"><?php esc_html_e( 'Return to search results', 'string-locator' ); ?></a>
|
| 82 |
</h1>
|
| 83 |
|
| 84 |
+
<form action="<?php echo esc_url( String_Locator::get_edit_form_url() ); ?>" id="string-locator-edit-form" method="post">
|
| 85 |
<div class="string-locator-edit-wrap">
|
| 86 |
+
<textarea name="string-locator-editor-content" class="string-locator-editor" id="code-editor" data-editor-goto-line="<?php echo esc_attr( $_GET['string-locator-line'] ); ?>" data-editor-language="<?php echo esc_attr( $string_locator->string_locator_language ); ?>" autofocus="autofocus"><?php echo esc_html( $editor_content ); ?></textarea>
|
| 87 |
</div>
|
| 88 |
|
| 89 |
<div class="string-locator-sidebar-wrap">
|
| 90 |
<div class="string-locator-details">
|
| 91 |
<div class="string-locator-theme-details">
|
| 92 |
+
<h2><?php echo esc_html( $details['name'] ); ?> <small>v. <?php echo esc_html( $details['version'] ); ?></small></h2>
|
| 93 |
<p>
|
| 94 |
+
<?php esc_html_e( 'By', 'string-locator' ); ?> <a href="<?php echo esc_url( $details['author']['uri'] ); ?>" target="_blank"><?php echo esc_html( $details['author']['name'] ); ?></a>
|
| 95 |
</p>
|
| 96 |
<p>
|
| 97 |
+
<?php echo esc_html( $details['description'] ); ?>
|
| 98 |
</p>
|
| 99 |
</div>
|
| 100 |
|
| 114 |
</p>
|
| 115 |
|
| 116 |
<p>
|
| 117 |
+
<?php _e( 'When making changes to a theme, it is recommended you make a <a href="https://codex.wordpress.org/Child_Themes">Child Theme</a>.', 'string-locator' ); ?>
|
| 118 |
</p>
|
| 119 |
</div>
|
| 120 |
|
| 129 |
<strong><?php esc_html_e( 'Warning:', 'string-locator' ); ?></strong> <?php esc_html_e( 'You appear to be editing a Core file.', 'string-locator' ); ?>
|
| 130 |
</p>
|
| 131 |
<p>
|
| 132 |
+
<?php _e( 'Keep in mind that edits to core files will be lost when WordPress is updated. Please consider <a href="https://make.wordpress.org/core/handbook/">contributing to WordPress core</a> instead.', 'string-locator' ); ?>
|
| 133 |
</p>
|
| 134 |
</div>
|
| 135 |
<?php } ?>
|
options.php
CHANGED
|
@@ -1,4 +1,8 @@
|
|
| 1 |
<?php
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2 |
$this_url = admin_url( ( is_multisite() ? 'network/admin.php' : 'tools.php' ) . '?page=string-locator' );
|
| 3 |
|
| 4 |
$search_string = '';
|
| 1 |
<?php
|
| 2 |
+
if ( ! defined( 'ABSPATH' ) ) {
|
| 3 |
+
die();
|
| 4 |
+
}
|
| 5 |
+
|
| 6 |
$this_url = admin_url( ( is_multisite() ? 'network/admin.php' : 'tools.php' ) . '?page=string-locator' );
|
| 7 |
|
| 8 |
$search_string = '';
|
readme.txt
CHANGED
|
@@ -6,7 +6,7 @@ Donate link: https://www.paypal.me/clorith
|
|
| 6 |
Tags: theme, plugin, text, search, find, editor, syntax, highlight
|
| 7 |
Requires at least: 4.9
|
| 8 |
Tested up to: 4.9
|
| 9 |
-
Stable tag: 2.3.
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
|
@@ -44,6 +44,15 @@ When writing your search string, make sure to wrap your search in forward slashe
|
|
| 44 |
|
| 45 |
== Changelog ==
|
| 46 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 47 |
= 2.3.0 =
|
| 48 |
* Upped version requirement to 4.9 as we now use the bundled CodeMirror in WordPress core.
|
| 49 |
* Converted translation functions to the escaping versions to avoid accidental output from translations.
|
| 6 |
Tags: theme, plugin, text, search, find, editor, syntax, highlight
|
| 7 |
Requires at least: 4.9
|
| 8 |
Tested up to: 4.9
|
| 9 |
+
Stable tag: 2.3.1
|
| 10 |
License: GPLv2 or later
|
| 11 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 12 |
|
| 44 |
|
| 45 |
== Changelog ==
|
| 46 |
|
| 47 |
+
= 2.3.1 =
|
| 48 |
+
This is a maintenance and security release, with thanks to [RIPS Technologies](https://www.ripstech.com) for the responsible disclosure of several security concerns.
|
| 49 |
+
|
| 50 |
+
* Fixed an escaped URL that should've allowed some HTML links.
|
| 51 |
+
* Patched a potential security vulnerability with file path traversals.
|
| 52 |
+
* Patched a potential security vulnerability that allowed writing to arbitrary files.
|
| 53 |
+
* Patched a few Cross Site Scripting (XSS) vulnerabilities.
|
| 54 |
+
* Removed unused code that might allow file creation.
|
| 55 |
+
|
| 56 |
= 2.3.0 =
|
| 57 |
* Upped version requirement to 4.9 as we now use the bundled CodeMirror in WordPress core.
|
| 58 |
* Converted translation functions to the escaping versions to avoid accidental output from translations.
|
string-locator.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: String Locator
|
| 4 |
* Plugin URI: http://www.clorith.net/wordpress-string-locator/
|
| 5 |
* Description: Scan through theme and plugin files looking for text strings
|
| 6 |
-
* Version: 2.3.
|
| 7 |
* Author: Clorith
|
| 8 |
* Author URI: http://www.clorith.net
|
| 9 |
* Text Domain: string-locator
|
|
@@ -25,6 +25,10 @@
|
|
| 25 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
| 26 |
*/
|
| 27 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 |
/**
|
| 29 |
* Class String_Locator
|
| 30 |
*/
|
|
@@ -44,7 +48,7 @@ class String_Locator {
|
|
| 44 |
* @var int $max_memory_consumption The server-configured max amount of memory a script can use.
|
| 45 |
*/
|
| 46 |
public $string_locator_language = '';
|
| 47 |
-
public $version = '2.3.
|
| 48 |
public $notice = array();
|
| 49 |
public $failed_edit = false;
|
| 50 |
private $plugin_url = '';
|
|
@@ -179,6 +183,22 @@ class String_Locator {
|
|
| 179 |
return $options;
|
| 180 |
}
|
| 181 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 182 |
/**
|
| 183 |
* Create a set of drop-down options for picking one of the available plugins.
|
| 184 |
*
|
|
@@ -727,6 +747,11 @@ class String_Locator {
|
|
| 727 |
$path = str_replace( array( '/' ), array( DIRECTORY_SEPARATOR ), stripslashes( $path ) );
|
| 728 |
$abspath = str_replace( array( '/' ), array( DIRECTORY_SEPARATOR ), ABSPATH );
|
| 729 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 730 |
if ( empty( $path ) ) {
|
| 731 |
$valid = false;
|
| 732 |
}
|
|
@@ -979,10 +1004,6 @@ class String_Locator {
|
|
| 979 |
|
| 980 |
$original = file_get_contents( $path );
|
| 981 |
|
| 982 |
-
if ( isset( $_POST['string-locator-make-child-theme'] ) ) {
|
| 983 |
-
$child_theme = $this->create_child_theme( $_GET['file-reference'] );
|
| 984 |
-
}
|
| 985 |
-
|
| 986 |
$this->write_file( $path, $content );
|
| 987 |
|
| 988 |
/**
|
|
@@ -1014,23 +1035,6 @@ class String_Locator {
|
|
| 1014 |
}
|
| 1015 |
}
|
| 1016 |
|
| 1017 |
-
/**
|
| 1018 |
-
* GCreate a child theme for our edits, instead of overwriting the original files.
|
| 1019 |
-
*
|
| 1020 |
-
* @param string $theme Slug of the theme being edited.
|
| 1021 |
-
*
|
| 1022 |
-
* @return string
|
| 1023 |
-
*/
|
| 1024 |
-
private function create_child_theme( $theme ) {
|
| 1025 |
-
$child_theme = sprintf( '%s/%s-child', get_theme_root(), $theme );
|
| 1026 |
-
mkdir( $child_theme );
|
| 1027 |
-
|
| 1028 |
-
touch( $child_theme . '/functions.php' );
|
| 1029 |
-
touch( $child_theme . '/style.css' );
|
| 1030 |
-
|
| 1031 |
-
return $child_theme;
|
| 1032 |
-
}
|
| 1033 |
-
|
| 1034 |
/**
|
| 1035 |
* When editing a file, this is where we write all the new content.
|
| 1036 |
* We will break early if the user isn't allowed to edit files.
|
|
@@ -1045,6 +1049,11 @@ class String_Locator {
|
|
| 1045 |
return;
|
| 1046 |
}
|
| 1047 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1048 |
if ( apply_filters( 'string-locator-filter-closing-php-tags', true ) ) {
|
| 1049 |
$content = preg_replace( "/\?>$/si", '', trim( $content ), - 1, $replaced_strings );
|
| 1050 |
|
| 3 |
* Plugin Name: String Locator
|
| 4 |
* Plugin URI: http://www.clorith.net/wordpress-string-locator/
|
| 5 |
* Description: Scan through theme and plugin files looking for text strings
|
| 6 |
+
* Version: 2.3.1
|
| 7 |
* Author: Clorith
|
| 8 |
* Author URI: http://www.clorith.net
|
| 9 |
* Text Domain: string-locator
|
| 25 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
| 26 |
*/
|
| 27 |
|
| 28 |
+
if ( ! defined( 'ABSPATH' ) ) {
|
| 29 |
+
die();
|
| 30 |
+
}
|
| 31 |
+
|
| 32 |
/**
|
| 33 |
* Class String_Locator
|
| 34 |
*/
|
| 48 |
* @var int $max_memory_consumption The server-configured max amount of memory a script can use.
|
| 49 |
*/
|
| 50 |
public $string_locator_language = '';
|
| 51 |
+
public $version = '2.3.1';
|
| 52 |
public $notice = array();
|
| 53 |
public $failed_edit = false;
|
| 54 |
private $plugin_url = '';
|
| 183 |
return $options;
|
| 184 |
}
|
| 185 |
|
| 186 |
+
public static function get_edit_form_url() {
|
| 187 |
+
$url_query = array(
|
| 188 |
+
'page' => ( isset( $_GET['page'] ) ? $_GET['page'] : '' ),
|
| 189 |
+
'edit-file' => ( isset( $_GET['edit-file'] ) ? $_GET['edit-file'] : '' ),
|
| 190 |
+
'file-reference' => ( isset( $_GET['file-reference'] ) ? $_GET['file-reference'] : '' ),
|
| 191 |
+
'file-type' => ( isset( $_GET['file-type'] ) ? $_GET['file-type'] : '' ),
|
| 192 |
+
'string-locator-line' => ( isset( $_GET['string-locator-line'] ) ? $_GET['string-locator-line'] : '' ),
|
| 193 |
+
'string-locator-path' => ( isset( $_GET['string-locator-path'] ) ? $_GET['string-locator-path'] : '' ),
|
| 194 |
+
);
|
| 195 |
+
|
| 196 |
+
return admin_url( sprintf(
|
| 197 |
+
'tools.php?%s',
|
| 198 |
+
build_query( $url_query )
|
| 199 |
+
) );
|
| 200 |
+
}
|
| 201 |
+
|
| 202 |
/**
|
| 203 |
* Create a set of drop-down options for picking one of the available plugins.
|
| 204 |
*
|
| 747 |
$path = str_replace( array( '/' ), array( DIRECTORY_SEPARATOR ), stripslashes( $path ) );
|
| 748 |
$abspath = str_replace( array( '/' ), array( DIRECTORY_SEPARATOR ), ABSPATH );
|
| 749 |
|
| 750 |
+
// Check that it is a valid file we are trying to access as well.
|
| 751 |
+
if ( ! file_exists( $path ) ) {
|
| 752 |
+
$valid = false;
|
| 753 |
+
}
|
| 754 |
+
|
| 755 |
if ( empty( $path ) ) {
|
| 756 |
$valid = false;
|
| 757 |
}
|
| 1004 |
|
| 1005 |
$original = file_get_contents( $path );
|
| 1006 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1007 |
$this->write_file( $path, $content );
|
| 1008 |
|
| 1009 |
/**
|
| 1035 |
}
|
| 1036 |
}
|
| 1037 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1038 |
/**
|
| 1039 |
* When editing a file, this is where we write all the new content.
|
| 1040 |
* We will break early if the user isn't allowed to edit files.
|
| 1049 |
return;
|
| 1050 |
}
|
| 1051 |
|
| 1052 |
+
// Verify the location is valid before we try using it.
|
| 1053 |
+
if ( ! $this->is_valid_location( $path ) ) {
|
| 1054 |
+
return;
|
| 1055 |
+
}
|
| 1056 |
+
|
| 1057 |
if ( apply_filters( 'string-locator-filter-closing-php-tags', true ) ) {
|
| 1058 |
$content = preg_replace( "/\?>$/si", '', trim( $content ), - 1, $replaced_strings );
|
| 1059 |
|
