WordPress File Upload - Version 2.4.4

Version Description

Files changed (4) hide show

lib/wfu_ajaxactions.php CHANGED Viewed

	@@ -67,19 +67,19 @@ function wfu_ajax_action_callback() {
67	//check referer using server sessions to avoid CSRF attacks
68	if ( $_SESSION["wfu_token_".$arr['shortcode_id']] != $_POST['session_token'] ) {
69	echo "Session failed!<br/><br/>Session Data:<br/>";
70	- print_r($_SESSION);
71	echo "<br/><br/>Post Data:<br/>";
72	- print_r($_POST);
73	die();
74	}
75
76	if ( $user->user_login != $arr['user_login'] ) {
77	echo "User failed!<br/><br/>User Data:<br/>";
78	- print_r($user);
79	echo "<br/><br/>Post Data:<br/>";
80	- print_r($_POST);
81	echo "<br/><br/>Params Data:<br/>";
82	- print_r($arr);
83	die();
84	}
85


67	//check referer using server sessions to avoid CSRF attacks
68	if ( $_SESSION["wfu_token_".$arr['shortcode_id']] != $_POST['session_token'] ) {
69	echo "Session failed!<br/><br/>Session Data:<br/>";
70	+ print_r(wfu_sanitize($_SESSION));
71	echo "<br/><br/>Post Data:<br/>";
72	+ print_r(wfu_sanitize($_POST));
73	die();
74	}
75
76	if ( $user->user_login != $arr['user_login'] ) {
77	echo "User failed!<br/><br/>User Data:<br/>";
78	+ print_r(wfu_sanitize($user));
79	echo "<br/><br/>Post Data:<br/>";
80	+ print_r(wfu_sanitize($_POST));
81	echo "<br/><br/>Params Data:<br/>";
82	+ print_r(wfu_sanitize($arr));
83	die();
84	}
85

lib/wfu_functions.php CHANGED Viewed

@@ -103,6 +103,24 @@ function wfu_array_remove_nulls(&$arr) {
             			array_splice($arr, $key, 1);
+            }
             function wfu_shortcode_string_to_array($shortcode) {
             	function _wfu_preg_replace_callback_alt($contents, $token) {
             		$in_block = false;


103	array_splice($arr, $key, 1);
104	}
105
106	+ function wfu_safe_array($arr) {
107	+ return array_map("htmlspecialchars", $arr);
108	+ }
109	+
110	+ function wfu_sanitize($var) {
111	+ $typ = gettype($var);
112	+ if ( $typ == "boolean" \|\| $typ == "integer" \|\| $typ == "double" \|\| $typ == "resource" \|\| $typ == "NULL" )
113	+ return $var;
114	+ elseif ( $typ == "string" )
115	+ return htmlspecialchars($var);
116	+ elseif ( $typ == "array" \|\| $typ == "object" ) {
117	+ foreach ( $var as &$item ) $item = wfu_sanitize($item);
118	+ return $var;
119	+ }
120	+ else
121	+ return $typ;
122	+ }
123	+
124	function wfu_shortcode_string_to_array($shortcode) {
125	function _wfu_preg_replace_callback_alt($contents, $token) {
126	$in_block = false;

readme.txt CHANGED Viewed

	@@ -110,6 +110,9 @@ Administrators can view and manage the uploaded files from the File Browser that
110
111	== Changelog ==
112



113	= 2.4.3 =
114	* correction of bug to allow uploadpath to receive userdata as parameter
115
	@@ -313,7 +316,10 @@ Initial version.
313
314	== Upgrade Notice ==
315
316	- = 2.4.2 =



317	Upgrade to address some functionality issues.
318
319	= 2.4.2 =


110
111	== Changelog ==
112
113	+ = 2.4.4 =
114	+ * intermediate update to make the plugin more immune to hackers
115	+
116	= 2.4.3 =
117	* correction of bug to allow uploadpath to receive userdata as parameter
118

316
317	== Upgrade Notice ==
318
319	+ = 2.4.4 =
320	+ Important upgrade to address some vulnerability issues.
321	+
322	+ = 2.4.3 =
323	Upgrade to address some functionality issues.
324
325	= 2.4.2 =

wordpress_file_upload.php CHANGED Viewed

	@@ -4,7 +4,7 @@ session_start();
4	/*
5	Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6	Description: Simple interface to upload files from a page.
7	- Version: 2.4.3
8	Author: Nickolas Bossinas
9	Author URI: http://www.iptanus.com
10	*/


4	/*
5	Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6	Description: Simple interface to upload files from a page.
7	+ Version: 2.4.4
8	Author: Nickolas Bossinas
9	Author URI: http://www.iptanus.com
10	*/