WP Live Chat Support - Version 7.1.05

Version Description

It is highly recommended that you upgrade to WP Live Chat Support version 7.1.05 for security reasons.

Files changed (10) hide show

	@@ -672,6 +672,8 @@ function wplc_push_message_to_chatbox(the_message, aoru, next) {
672	}
673
674	if(message_content !== ""){


675	var concatenated_message = "<span class='" + message_class + "'>";
676	if (typeof wplc_show_chat_detail !== "undefined") {
677	if (typeof wplc_show_chat_detail.avatar !== "undefined" && wplc_show_chat_detail.avatar === "1") {
	@@ -707,6 +709,17 @@ function wplc_push_message_to_chatbox(the_message, aoru, next) {
707	next();
708	}
709











710	jQuery(function(){
711	jQuery(document).ready(function(){
712	var wplc_node_searchTimeout;


672	}
673
674	if(message_content !== ""){
675	+ message_content = wplc_sanitize_attributes(message_content);
676	+
677	var concatenated_message = "<span class='" + message_class + "'>";
678	if (typeof wplc_show_chat_detail !== "undefined") {
679	if (typeof wplc_show_chat_detail.avatar !== "undefined" && wplc_show_chat_detail.avatar === "1") {

709	next();
710	}
711
712	+ function wplc_sanitize_attributes( str ){
713	+ var wplc_allowed_attributes = "onload,onclick,alert,onerror,dalert";
714	+ var allowed_attr = wplc_allowed_attributes.split(",");
715	+ for( i = 0; i < allowed_attr.length; i++ ){
716	+ str = str.replace(allowed_attr[i], '');
717	+ }
718	+
719	+ return str;
720	+
721	+ }
722	+
723	jQuery(function(){
724	jQuery(document).ready(function(){
725	var wplc_node_searchTimeout;

	@@ -135,7 +135,7 @@ function wplc_loop_response_handler(response){
135	wplc_run = false;
136	} else {
137	jQuery(".end_chat_div").empty();
138	- jQuery('#admin_chat_box').empty().append("<h2>~~This~~ chat has already been answered. Please close the chat window</h2>");
139	wplc_run = false;
140	}
141	}


135	wplc_run = false;
136	} else {
137	jQuery(".end_chat_div").empty();
138	+ jQuery('#admin_chat_box').empty().append("<h2>1This chat has already been answered. Please close the chat window</h2>");
139	wplc_run = false;
140	}
141	}

	@@ -206,6 +206,9 @@ If the live chat box still does not appear on your website, please go through th
206
207	== Upgrade Notice ==
208



209	= 7.1.03 =
210	It is highly recommended that you upgrade to WP Live Chat Support version 7.1.04 for security reasons.
211
	@@ -223,6 +226,9 @@ It is highly recommended that you upgrade to WP Live Chat Support version 4.4.0
223
224	== Changelog ==
225



226	= 7.1.04 - 2017-07-10 - Medium Priority =
227	* Fixed a fatal error when trying to delete chat history
228


206
207	== Upgrade Notice ==
208
209	+ = 7.1.05 =
210	+ It is highly recommended that you upgrade to WP Live Chat Support version 7.1.05 for security reasons.
211	+
212	= 7.1.03 =
213	It is highly recommended that you upgrade to WP Live Chat Support version 7.1.04 for security reasons.
214

226
227	== Changelog ==
228
229	+ = 7.1.05 - 2017-08-01 - High Priority =
230	+ * XSS Vulenrability Fixed - Thank you Omaid Faizyar
231	+
232	= 7.1.04 - 2017-07-10 - Medium Priority =
233	* Fixed a fatal error when trying to delete chat history
234

	@@ -3,7 +3,7 @@
3	Plugin Name: WP Live Chat Support
4	Plugin URI: http://www.wp-livechat.com
5	Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support. No third party connection required!
6	- Version: 7.1.04
7	Author: WP-LiveChat
8	Author URI: http://www.wp-livechat.com
9	Text Domain: wplivechat
	@@ -11,6 +11,9 @@
11	*/
12
13	/**



14	* 7.1.04 - 2017-07-10 - Medium Priority
15	* Fixed a fatal error when trying to delete chat history
16	*
	@@ -559,7 +562,7 @@ global $debug_start;
559	$wplc_tblname_offline_msgs = $wpdb->prefix . "wplc_offline_messages";
560	$wplc_tblname_chats = $wpdb->prefix . "wplc_chat_sessions";
561	$wplc_tblname_msgs = $wpdb->prefix . "wplc_chat_msgs";
562	- $wplc_version = "7.1.03";
563
564	define('WPLC_BASIC_PLUGIN_DIR', dirname(__FILE__));
565	define('WPLC_BASIC_PLUGIN_URL', plugins_url() . "/wp-live-chat-support/");