Version Description
- Fix potential local file include vulnerability in templating system
Download this release
Release Info
Developer | jfarthing84 |
Plugin | Theme My Login |
Version | 6.3.10 |
Comparing to | |
See all releases |
Code changes from version 6.3.9 to 6.3.10
- includes/class-theme-my-login-template.php +24 -13
- readme.txt +5 -2
- theme-my-login.php +1 -1
includes/class-theme-my-login-template.php
CHANGED
@@ -451,25 +451,36 @@ class Theme_My_Login_Template extends Theme_My_Login_Abstract {
|
|
451 |
|
452 |
extract( apply_filters_ref_array( 'tml_template_args', array( $args, &$this ) ) );
|
453 |
|
454 |
-
|
455 |
-
|
456 |
-
|
457 |
-
|
458 |
-
|
459 |
-
|
460 |
-
|
461 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
462 |
}
|
463 |
}
|
464 |
}
|
465 |
|
466 |
-
$
|
467 |
|
468 |
-
if ( $load && $
|
469 |
-
include( $
|
470 |
-
}
|
471 |
|
472 |
-
return $
|
473 |
}
|
474 |
|
475 |
/**
|
451 |
|
452 |
extract( apply_filters_ref_array( 'tml_template_args', array( $args, &$this ) ) );
|
453 |
|
454 |
+
$template_paths = apply_filters( 'tml_template_paths', array(
|
455 |
+
get_stylesheet_directory() . '/theme-my-login',
|
456 |
+
get_stylesheet_directory(),
|
457 |
+
get_template_directory() . '/theme-my-login',
|
458 |
+
get_template_directory(),
|
459 |
+
WP_PLUGIN_DIR . '/theme-my-login/templates'
|
460 |
+
) );
|
461 |
+
|
462 |
+
foreach ( (array) $template_names as $template_name ) {
|
463 |
+
|
464 |
+
if ( ! $template_name )
|
465 |
+
continue;
|
466 |
+
|
467 |
+
if ( preg_match( '/\/|\\\\/', $template_name ) )
|
468 |
+
continue;
|
469 |
+
|
470 |
+
foreach ( $template_paths as $template_path ) {
|
471 |
+
if ( file_exists( $template_path . '/' . $template_name ) ) {
|
472 |
+
$located = $template_path . '/' . $template_name;
|
473 |
+
break 2;
|
474 |
}
|
475 |
}
|
476 |
}
|
477 |
|
478 |
+
$located = apply_filters_ref_array( 'tml_template', array( $located, $template_names, &$this ) );
|
479 |
|
480 |
+
if ( $load && '' != $located )
|
481 |
+
include( $located );
|
|
|
482 |
|
483 |
+
return $located;
|
484 |
}
|
485 |
|
486 |
/**
|
readme.txt
CHANGED
@@ -2,8 +2,8 @@
|
|
2 |
Contributors: jfarthing84
|
3 |
Tags: widget, login, registration, theme, custom, log in, register, sidebar, gravatar, redirection, e-mail
|
4 |
Requires at least: 3.1
|
5 |
-
Tested up to: 3.
|
6 |
-
Stable tag: 6.3.
|
7 |
|
8 |
Themes the WordPress login pages according to your theme.
|
9 |
|
@@ -56,6 +56,9 @@ Please visit http://www.jfarthing.com/development/theme-my-login first and then
|
|
56 |
|
57 |
== Changelog ==
|
58 |
|
|
|
|
|
|
|
59 |
= 6.3.9 =
|
60 |
* Fix strict standards errors
|
61 |
* Replace deprecated functions
|
2 |
Contributors: jfarthing84
|
3 |
Tags: widget, login, registration, theme, custom, log in, register, sidebar, gravatar, redirection, e-mail
|
4 |
Requires at least: 3.1
|
5 |
+
Tested up to: 3.9.1
|
6 |
+
Stable tag: 6.3.10
|
7 |
|
8 |
Themes the WordPress login pages according to your theme.
|
9 |
|
56 |
|
57 |
== Changelog ==
|
58 |
|
59 |
+
= 6.3.10 =
|
60 |
+
* Fix potential local file include vulnerability in templating system
|
61 |
+
|
62 |
= 6.3.9 =
|
63 |
* Fix strict standards errors
|
64 |
* Replace deprecated functions
|
theme-my-login.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: Theme My Login
|
4 |
Plugin URI: http://www.jfarthing.com/extend/wordpress-plugins/theme-my-login/
|
5 |
Description: Themes the WordPress login, registration and forgot password pages according to your theme.
|
6 |
-
Version: 6.3.
|
7 |
Author: Jeff Farthing
|
8 |
Author URI: http://www.jfarthing.com
|
9 |
Text Domain: theme-my-login
|
3 |
Plugin Name: Theme My Login
|
4 |
Plugin URI: http://www.jfarthing.com/extend/wordpress-plugins/theme-my-login/
|
5 |
Description: Themes the WordPress login, registration and forgot password pages according to your theme.
|
6 |
+
Version: 6.3.10
|
7 |
Author: Jeff Farthing
|
8 |
Author URI: http://www.jfarthing.com
|
9 |
Text Domain: theme-my-login
|