WP Live Chat Support - Version 6.2.02

Version Description

It is highly recommended that you upgrade to WP Live Chat Support version 6.2.02 for security reasons.

Release Info

Developer	WP-LiveChat
Plugin	WP Live Chat Support
Version	6.2.02
Comparing to
See all releases

Code changes from version 6.2.01 to 6.2.02

Files changed (3) hide show

functions.php +18 -18
readme.txt +6 -0
wp-live-chat-support.php +8 -5

functions.php CHANGED Viewed

	@@ -48,7 +48,7 @@ function wplc_log_user_on_page($name,$email,$session) {
48	'email' => $email,
49	'session' => $session,
50	'ip' => maybe_serialize($user_data),
51	- 'url' => $_SERVER['HTTP_REFERER'],
52	'last_active_timestamp' => current_time('mysql'),
53	'other' => maybe_serialize($other),
54	),
	@@ -80,18 +80,18 @@ function wplc_update_user_on_page($cid, $status = 5,$session) {
80	if(isset($wplc_settings['wplc_record_ip_address']) && $wplc_settings['wplc_record_ip_address'] == 1){
81
82	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
83	- $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
84	} else {
85	- $ip_address = $_SERVER['REMOTE_ADDR'];
86	}
87	$user_data = array(
88	'ip' => $ip_address,
89	- 'user_agent' => $_SERVER['HTTP_USER_AGENT']
90	);
91	} else {
92	$user_data = array(
93	'ip' => "",
94	- 'user_agent' => $_SERVER['HTTP_USER_AGENT']
95	);
96	}
97
	@@ -113,7 +113,7 @@ function wplc_update_user_on_page($cid, $status = 5,$session) {
113	$query = $wpdb->update(
114	$wplc_tblname_chats,
115	array(
116	- 'url' => $_SERVER['HTTP_REFERER'],
117	'last_active_timestamp' => current_time('mysql'),
118	'ip' => maybe_serialize($user_data),
119	'status' => $status,
	@@ -325,7 +325,7 @@ function wplc_list_chats() {
325	<div class='admin_visitor_advanced_info'>
326	<strong>" . __("Site Info", "wplivechat") . "</strong>
327	<hr />
328	- <span class='part1'>" . __("Chat initiated on:", "wplivechat") . "</span> <span class='part2'> <a href='".$result->url."' target='_BLANK'>" . $result->url . "</a></span>
329	</div>
330
331	<div class='admin_visitor_advanced_info'>
	@@ -1211,9 +1211,9 @@ function wplc_store_offline_message($name, $email, $message){
1211
1212	if(isset($wplc_settings['wplc_record_ip_address']) && $wplc_settings['wplc_record_ip_address'] == 1){
1213	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
1214	- $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
1215	} else {
1216	- $ip_address = $_SERVER['REMOTE_ADDR'];
1217	}
1218	$offline_ip_address = $ip_address;
1219	} else {
	@@ -1227,7 +1227,7 @@ function wplc_store_offline_message($name, $email, $message){
1227	'email' => $email,
1228	'message' => $message,
1229	'ip' => $offline_ip_address,
1230	- 'user_agent' => $_SERVER['HTTP_USER_AGENT']
1231	);
1232
1233	$rows_affected = $wpdb->insert( $wplc_tblname_offline_msgs, $ins_array );
	@@ -1250,19 +1250,19 @@ function wplc_user_initiate_chat($name,$email,$cid = null,$session) {
1250
1251	if(isset($wplc_settings['wplc_record_ip_address']) && $wplc_settings['wplc_record_ip_address'] == 1){
1252	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
1253	- $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
1254	} else {
1255	- $ip_address = $_SERVER['REMOTE_ADDR'];
1256	}
1257	$user_data = array(
1258	'ip' => $ip_address,
1259	- 'user_agent' => $_SERVER['HTTP_USER_AGENT']
1260	);
1261	$wplc_ce_ip = $ip_address;
1262	} else {
1263	$user_data = array(
1264	'ip' => "",
1265	- 'user_agent' => $_SERVER['HTTP_USER_AGENT']
1266	);
1267	$wplc_ce_ip = null;
1268	}
	@@ -1270,7 +1270,7 @@ function wplc_user_initiate_chat($name,$email,$cid = null,$session) {
1270	if(function_exists('wplc_ce_activate')){
1271	/* Log the chat for statistical purposes as well */
1272	if(function_exists('wplc_ce_record_initial_chat')){
1273	- wplc_ce_record_initial_chat($name, $email, $cid, $wplc_ce_ip, $_SERVER['HTTP_REFERER']);
1274	}
1275	}
1276
	@@ -1285,7 +1285,7 @@ function wplc_user_initiate_chat($name,$email,$cid = null,$session) {
1285	'email' => $email,
1286	'session' => $session,
1287	'ip' => maybe_serialize($user_data),
1288	- 'url' => $_SERVER['HTTP_REFERER'],
1289	'last_active_timestamp' => current_time('mysql')
1290	),
1291	array('id' => $cid),
	@@ -1314,7 +1314,7 @@ function wplc_user_initiate_chat($name,$email,$cid = null,$session) {
1314	'email' => $email,
1315	'session' => $session,
1316	'ip' => maybe_serialize($user_data),
1317	- 'url' => $_SERVER['HTTP_REFERER'],
1318	'last_active_timestamp' => current_time('mysql')
1319	),
1320	array(
	@@ -1593,7 +1593,7 @@ function wplc_admin_display_missed_chats() {
1593	echo "<td class='chat_id column-chat_d'>" . $result->timestamp . "</td>";
1594	echo "<td class='chat_name column_chat_name' id='chat_name_" . $result->id . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=30\" class='wplc-user-message-avatar' /> " . $result->name . "</td>";
1595	echo "<td class='chat_email column_chat_email' id='chat_email_" . $result->id . "'><a href='mailto:" . $result->email . "' title='Email " . ".$result->email." . "'>" . $result->email . "</a></td>";
1596	- echo "<td class='chat_name column_chat_url' id='chat_url_" . $result->id . "'>" . $result->url . "</td>";
1597	echo "</tr>";
1598	}
1599	}


48	'email' => $email,
49	'session' => $session,
50	'ip' => maybe_serialize($user_data),
51	+ 'url' => sanitize_text_field($_SERVER['HTTP_REFERER']),
52	'last_active_timestamp' => current_time('mysql'),
53	'other' => maybe_serialize($other),
54	),

80	if(isset($wplc_settings['wplc_record_ip_address']) && $wplc_settings['wplc_record_ip_address'] == 1){
81
82	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
83	+ $ip_address = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
84	} else {
85	+ $ip_address = sanitize_text_field($_SERVER['REMOTE_ADDR']);
86	}
87	$user_data = array(
88	'ip' => $ip_address,
89	+ 'user_agent' => sanitize_text_field($_SERVER['HTTP_USER_AGENT'])
90	);
91	} else {
92	$user_data = array(
93	'ip' => "",
94	+ 'user_agent' => sanitize_text_field($_SERVER['HTTP_USER_AGENT'])
95	);
96	}
97

113	$query = $wpdb->update(
114	$wplc_tblname_chats,
115	array(
116	+ 'url' => sanitize_text_field($_SERVER['HTTP_REFERER']),
117	'last_active_timestamp' => current_time('mysql'),
118	'ip' => maybe_serialize($user_data),
119	'status' => $status,

325	<div class='admin_visitor_advanced_info'>
326	<strong>" . __("Site Info", "wplivechat") . "</strong>
327	<hr />
328	+ <span class='part1'>" . __("Chat initiated on:", "wplivechat") . "</span> <span class='part2'> <a href='".esc_url($result->url)."' target='_BLANK'>" . esc_url($result->url) . "</a></span>
329	</div>
330
331	<div class='admin_visitor_advanced_info'>

1211
1212	if(isset($wplc_settings['wplc_record_ip_address']) && $wplc_settings['wplc_record_ip_address'] == 1){
1213	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
1214	+ $ip_address = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
1215	} else {
1216	+ $ip_address = sanitize_text_field($_SERVER['REMOTE_ADDR']);
1217	}
1218	$offline_ip_address = $ip_address;
1219	} else {

1227	'email' => $email,
1228	'message' => $message,
1229	'ip' => $offline_ip_address,
1230	+ 'user_agent' => sanitize_text_field($_SERVER['HTTP_USER_AGENT'])
1231	);
1232
1233	$rows_affected = $wpdb->insert( $wplc_tblname_offline_msgs, $ins_array );

1250
1251	if(isset($wplc_settings['wplc_record_ip_address']) && $wplc_settings['wplc_record_ip_address'] == 1){
1252	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
1253	+ $ip_address = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
1254	} else {
1255	+ $ip_address = sanitize_text_field($_SERVER['REMOTE_ADDR']);
1256	}
1257	$user_data = array(
1258	'ip' => $ip_address,
1259	+ 'user_agent' => sanitize_text_field($_SERVER['HTTP_USER_AGENT'])
1260	);
1261	$wplc_ce_ip = $ip_address;
1262	} else {
1263	$user_data = array(
1264	'ip' => "",
1265	+ 'user_agent' => sanitize_text_field($_SERVER['HTTP_USER_AGENT'])
1266	);
1267	$wplc_ce_ip = null;
1268	}

1270	if(function_exists('wplc_ce_activate')){
1271	/* Log the chat for statistical purposes as well */
1272	if(function_exists('wplc_ce_record_initial_chat')){
1273	+ wplc_ce_record_initial_chat($name, $email, $cid, $wplc_ce_ip, sanitize_text_field($_SERVER['HTTP_REFERER']));
1274	}
1275	}
1276

1285	'email' => $email,
1286	'session' => $session,
1287	'ip' => maybe_serialize($user_data),
1288	+ 'url' => sanitize_text_field($_SERVER['HTTP_REFERER']),
1289	'last_active_timestamp' => current_time('mysql')
1290	),
1291	array('id' => $cid),

1314	'email' => $email,
1315	'session' => $session,
1316	'ip' => maybe_serialize($user_data),
1317	+ 'url' => sanitize_text_field($_SERVER['HTTP_REFERER']),
1318	'last_active_timestamp' => current_time('mysql')
1319	),
1320	array(

1593	echo "<td class='chat_id column-chat_d'>" . $result->timestamp . "</td>";
1594	echo "<td class='chat_name column_chat_name' id='chat_name_" . $result->id . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=30\" class='wplc-user-message-avatar' /> " . $result->name . "</td>";
1595	echo "<td class='chat_email column_chat_email' id='chat_email_" . $result->id . "'><a href='mailto:" . $result->email . "' title='Email " . ".$result->email." . "'>" . $result->email . "</a></td>";
1596	+ echo "<td class='chat_name column_chat_url' id='chat_url_" . $result->id . "'>" . esc_url($result->url) . "</td>";
1597	echo "</tr>";
1598	}
1599	}

readme.txt CHANGED Viewed

	@@ -198,6 +198,9 @@ If the live chat box still does not appear on your website, please go through th
198
199	== Upgrade Notice ==
200



201	= 4.4.1 =
202	It is highly recommended that you upgrade to WP Live Chat Support version 4.4.0 for security reasons.
203
	@@ -206,6 +209,9 @@ It is highly recommended that you upgrade to WP Live Chat Support version 4.1.4
206
207	== Changelog ==
208



209	= 6.2.01 - 2016-07-06 - High priority =
210	* Surveys/Polls added - you can now add a survey/poll to your chat box either before or after a chat session
211


198
199	== Upgrade Notice ==
200
201	+ = 6.2.02 =
202	+ It is highly recommended that you upgrade to WP Live Chat Support version 6.2.02 for security reasons.
203	+
204	= 4.4.1 =
205	It is highly recommended that you upgrade to WP Live Chat Support version 4.4.0 for security reasons.
206

209
210	== Changelog ==
211
212	+ = 6.2.02 - 2016-07-11 - High priority =
213	+ * XSS Security patch - Thank you Han Sahin!
214	+
215	= 6.2.01 - 2016-07-06 - High priority =
216	* Surveys/Polls added - you can now add a survey/poll to your chat box either before or after a chat session
217

wp-live-chat-support.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: WP Live Chat Support
4	Plugin URI: http://www.wp-livechat.com
5	Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support. No third party connection required!
6	- Version: 6.2.01
7	Author: WP-LiveChat
8	Author URI: http://www.wp-livechat.com
9	Text Domain: wplivechat
	@@ -11,7 +11,10 @@
11	*/
12
13	/*
14	- * 6.2.01 - 2016-06-07 - ~~Low~~ priority



15	* Surveys/Polls added - you can now add a survey/poll to your chat box either before or after a chat session
16	*
17	* 6.2.00 - 2016-06-10 - High priority
	@@ -381,7 +384,7 @@ global $wplc_tblname_offline_msgs;
381	$wplc_tblname_offline_msgs = $wpdb->prefix . "wplc_offline_messages";
382	$wplc_tblname_chats = $wpdb->prefix . "wplc_chat_sessions";
383	$wplc_tblname_msgs = $wpdb->prefix . "wplc_chat_msgs";
384	- $wplc_version = "6.2.01";
385
386	define('WPLC_BASIC_PLUGIN_DIR', dirname(__FILE__));
387	define('WPLC_BASIC_PLUGIN_URL', plugins_url() . "/wp-live-chat-support/");
	@@ -2410,7 +2413,7 @@ function wplc_draw_chat_area($cid) {
2410	echo " <div class='admin_visitor_advanced_info'>";
2411	echo " <strong>" . __("Site Info", "wplivechat") . "</strong>";
2412	echo " <hr />";
2413	- echo " <span class='part1'>" . __("Chat initiated on:", "wplivechat") . "</span> <span class='part2'>" . $result->url . "</span>";
2414	echo " </div>";
2415
2416	echo " <div class='admin_visitor_advanced_info'>";
	@@ -2949,7 +2952,7 @@ function wplc_hook_control_chat_history() {
2949	echo "<td class='chat_id column-chat_d'>" . $result->timestamp . "</td>";
2950	echo "<td class='chat_name column_chat_name' id='chat_name_" . $result->id . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=40\" /> " . $result->name . "</td>";
2951	echo "<td class='chat_email column_chat_email' id='chat_email_" . $result->id . "'><a href='mailto:" . $result->email . "' title='Email " . ".$result->email." . "'>" . $result->email . "</a></td>";
2952	- echo "<td class='chat_name column_chat_url' id='chat_url_" . $result->id . "'>" . $result->url . "</td>";
2953	echo "<td class='chat_status column_chat_status' id='chat_status_" . $result->id . "'><strong>" . wplc_return_status($result->status) . "</strong></td>";
2954	echo "<td class='chat_action column-chat_action' id='chat_action_" . $result->id . "'>$actions</td>";
2955	echo "</tr>";


3	Plugin Name: WP Live Chat Support
4	Plugin URI: http://www.wp-livechat.com
5	Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support. No third party connection required!
6	+ Version: 6.2.02
7	Author: WP-LiveChat
8	Author URI: http://www.wp-livechat.com
9	Text Domain: wplivechat

11	*/
12
13	/*
14	+ * 6.2.02 - 2016-07-11 - High priority
15	+ * XSS Security patch - Thank you Han Sahin!
16	+ *
17	+ * 6.2.01 - 2016-07-07 - Low priority
18	* Surveys/Polls added - you can now add a survey/poll to your chat box either before or after a chat session
19	*
20	* 6.2.00 - 2016-06-10 - High priority

384	$wplc_tblname_offline_msgs = $wpdb->prefix . "wplc_offline_messages";
385	$wplc_tblname_chats = $wpdb->prefix . "wplc_chat_sessions";
386	$wplc_tblname_msgs = $wpdb->prefix . "wplc_chat_msgs";
387	+ $wplc_version = "6.2.02";
388
389	define('WPLC_BASIC_PLUGIN_DIR', dirname(__FILE__));
390	define('WPLC_BASIC_PLUGIN_URL', plugins_url() . "/wp-live-chat-support/");

2413	echo " <div class='admin_visitor_advanced_info'>";
2414	echo " <strong>" . __("Site Info", "wplivechat") . "</strong>";
2415	echo " <hr />";
2416	+ echo " <span class='part1'>" . __("Chat initiated on:", "wplivechat") . "</span> <span class='part2'>" . esc_url($result->url) . "</span>";
2417	echo " </div>";
2418
2419	echo " <div class='admin_visitor_advanced_info'>";

2952	echo "<td class='chat_id column-chat_d'>" . $result->timestamp . "</td>";
2953	echo "<td class='chat_name column_chat_name' id='chat_name_" . $result->id . "'><img src=\"//www.gravatar.com/avatar/" . md5($result->email) . "?s=40\" /> " . $result->name . "</td>";
2954	echo "<td class='chat_email column_chat_email' id='chat_email_" . $result->id . "'><a href='mailto:" . $result->email . "' title='Email " . ".$result->email." . "'>" . $result->email . "</a></td>";
2955	+ echo "<td class='chat_name column_chat_url' id='chat_url_" . $result->id . "'>" . esc_url($result->url) . "</td>";
2956	echo "<td class='chat_status column_chat_status' id='chat_status_" . $result->id . "'><strong>" . wplc_return_status($result->status) . "</strong></td>";
2957	echo "<td class='chat_action column-chat_action' id='chat_action_" . $result->id . "'>$actions</td>";
2958	echo "</tr>";