WP Live Chat Support - Version 8.0.29

Version Description

It is highly recommended that you upgrade to WP Live Chat Support version 8.0.29 for security reasons.

Release Info

Developer	WP-LiveChat
Plugin	WP Live Chat Support
Version	8.0.29
Comparing to
See all releases

Code changes from version 8.0.27 to 8.0.29

Files changed (20) hide show

config.php +2 -2
css/font-awesome.min.css +0 -0
css/node_history_styles.css +0 -0
css/remote_dash_styles.css +0 -0
fonts/FontAwesome.otf +0 -0
fonts/fontawesome-webfont.eot +0 -0
fonts/fontawesome-webfont.svg +0 -0
fonts/fontawesome-webfont.ttf +0 -0
fonts/fontawesome-webfont.woff +0 -0
functions.php +12 -8
images/48px.png +0 -0
images/48px_n.png +0 -0
js/wplc_heartbeat.js +0 -0
js/wplc_u_admin_events.js +0 -0
js/wplc_u_events.js +0 -0
js/wplc_u_node_events.js +0 -0
modules/gdpr.php +14 -10
modules/webhooks_manager.php +0 -0
readme.txt +12 -0
wp-live-chat-support.php +19 -10

config.php CHANGED Viewed

	@@ -3,12 +3,12 @@
3	* Define important constants
4	*/
5
6	- $wplc_version = "8.0.27";
7
8	define('WPLC_PLUGIN_DIR', dirname(__FILE__));
9	define('WPLC_PLUGIN_URL', plugins_url( '/', __FILE__ ) );
10	define('WPLC_PLUGIN', plugin_basename( __FILE__ ) );
11	- define( 'WLPC_UPDATE_SERVER', 'https://update.wp-livechat.com' );
12
13	global $wplc_plugin_url;
14	$wplc_plugin_url = WPLC_PLUGIN_URL;


3	* Define important constants
4	*/
5
6	+ $wplc_version = "8.0.29";
7
8	define('WPLC_PLUGIN_DIR', dirname(__FILE__));
9	define('WPLC_PLUGIN_URL', plugins_url( '/', __FILE__ ) );
10	define('WPLC_PLUGIN', plugin_basename( __FILE__ ) );
11	+ define('WLPC_UPDATE_SERVER', 'https://update.wp-livechat.com' );
12
13	global $wplc_plugin_url;
14	$wplc_plugin_url = WPLC_PLUGIN_URL;

css/font-awesome.min.css CHANGED Viewed

File without changes

css/node_history_styles.css CHANGED Viewed

File without changes

css/remote_dash_styles.css CHANGED Viewed

File without changes

fonts/FontAwesome.otf CHANGED Viewed

File without changes

fonts/fontawesome-webfont.eot CHANGED Viewed

File without changes

fonts/fontawesome-webfont.svg CHANGED Viewed

File without changes

fonts/fontawesome-webfont.ttf CHANGED Viewed

File without changes

fonts/fontawesome-webfont.woff CHANGED Viewed

File without changes

functions.php CHANGED Viewed

	@@ -2813,14 +2813,18 @@ if (!function_exists("wplc_choose_hook_control_action_callback")) {
2813	if( $_POST['action'] == 'wplc_upload_file' ){
2814	$upload_dir = wp_upload_dir();
2815	$user_dirname = $upload_dir['basedir'];




2816
2817	if( !file_exists( $user_dirname."/wp_live_chat/" ) ){
2818	@mkdir($user_dirname.'/wp_live_chat/');
2819	}
2820
2821	- if( !file_exists( $user_dirname."/wp_live_chat/" . $~~_POST['~~cid'] ) ){
2822	- @mkdir($user_dirname.'/wp_live_chat/'.$~~_POST['~~cid']);
2823	- }
2824
2825	if (isset($_FILES['file']) && isset($_POST['timestamp'])) {
2826
	@@ -2829,20 +2833,20 @@ if (!function_exists("wplc_choose_hook_control_action_callback")) {
2829
2830	if(!wplc_check_file_name_for_unsafe_extension($file_name)){
2831	if(wplc_check_file_name_for_safe_extension($file_name)){
2832	- if( file_exists($user_dirname . "/wp_live_chat/" . $~~_POST['~~cid'] . "/" . $_FILES['file']['name'] ) ){
2833	$file_name = rand(0, 10) . "-" . $file_name;
2834	}
2835
2836	- if(move_uploaded_file($_FILES['file']['tmp_name'], $user_dirname."/wp_live_chat/" . $~~_POST['~~cid'] . "/" . $file_name)){
2837
2838	//File has been uploaded, let's now go ahead and check the mime type
2839	- if(wplc_check_file_mime_type($user_dirname. "/wp_live_chat/" ~~. $_POST['~~cid'] . "/" . $file_name)){
2840
2841	- $response = $upload_dir['baseurl']."/wp_live_chat/" . $~~_POST['~~cid'] . "/" . $file_name;
2842	echo $response;
2843	} else {
2844	//Failed, lets delete this file to be safe
2845	- @unlink($user_dirname. "/wp_live_chat/" . $~~_POST['~~cid'] . "/" . $file_name);
2846	echo 'MIME Type not allowed';
2847	}
2848	} else {


2813	if( $_POST['action'] == 'wplc_upload_file' ){
2814	$upload_dir = wp_upload_dir();
2815	$user_dirname = $upload_dir['basedir'];
2816	+ $cid=0;
2817	+ if (isset($_POST['cid'])){
2818	+ $cid=intval($_POST['cid']);
2819	+ }
2820
2821	if( !file_exists( $user_dirname."/wp_live_chat/" ) ){
2822	@mkdir($user_dirname.'/wp_live_chat/');
2823	}
2824
2825	+ if( !file_exists( $user_dirname."/wp_live_chat/" . $cid ) ){
2826	+ @mkdir($user_dirname.'/wp_live_chat/'.$cid);
2827	+ }
2828
2829	if (isset($_FILES['file']) && isset($_POST['timestamp'])) {
2830

2833
2834	if(!wplc_check_file_name_for_unsafe_extension($file_name)){
2835	if(wplc_check_file_name_for_safe_extension($file_name)){
2836	+ if( file_exists($user_dirname . "/wp_live_chat/" . $cid . "/" . $_FILES['file']['name'] ) ){
2837	$file_name = rand(0, 10) . "-" . $file_name;
2838	}
2839
2840	+ if(move_uploaded_file($_FILES['file']['tmp_name'], $user_dirname."/wp_live_chat/" . $cid . "/" . $file_name)){
2841
2842	//File has been uploaded, let's now go ahead and check the mime type
2843	+ if(wplc_check_file_mime_type($user_dirname. "/wp_live_chat/" .$cid . "/" . $file_name)){
2844
2845	+ $response = $upload_dir['baseurl']."/wp_live_chat/" . $cid . "/" . $file_name;
2846	echo $response;
2847	} else {
2848	//Failed, lets delete this file to be safe
2849	+ @unlink($user_dirname. "/wp_live_chat/" . $cid . "/" . $file_name);
2850	echo 'MIME Type not allowed';
2851	}
2852	} else {

images/48px.png CHANGED Viewed

File without changes

images/48px_n.png CHANGED Viewed

File without changes

js/wplc_heartbeat.js CHANGED Viewed

File without changes

js/wplc_u_admin_events.js CHANGED Viewed

File without changes

js/wplc_u_events.js CHANGED Viewed

File without changes

js/wplc_u_node_events.js CHANGED Viewed

File without changes

modules/gdpr.php CHANGED Viewed

@@ -240,17 +240,21 @@ add_action('wplc_gdpr_page_process_actions_hook', 'wplc_gdpr_page_process_action
              * Handles the magic processing of the GDPR page
             */
             function wplc_gdpr_page_process_actions(){
-            -
              if(isset($_GET['action']) && isset($_GET['filter']) && isset($_GET['id'])){
-            -
                $action = sanitize_text_field($_GET['action']);
-            -
                $filter = sanitize_text_field($_GET['filter']);
-            -
                $id = sanitize_text_field($_GET['id']);
-            -
-            -
                if($action === 'delete'){
-            -
                  wplc_gdpr_delete_chat($filter, $id);
-            -
                } else if($action === 'download'){
-            -
                  wplc_gdpr_download_chat($filter, $id);
+                }
-            -
              }
+            }
             /**


240	* Handles the magic processing of the GDPR page
241	*/
242	function wplc_gdpr_page_process_actions(){
243	+ if (current_user_can('export')) {
244	+ if(isset($_GET['action']) && isset($_GET['filter']) && isset($_GET['id'])){
245	+ $action = sanitize_text_field($_GET['action']);
246	+ $filter = sanitize_text_field($_GET['filter']);
247	+ $id = sanitize_text_field($_GET['id']);
248	+
249	+ if($action === 'delete'){
250	+ wplc_gdpr_delete_chat($filter, $id);
251	+ } else if($action === 'download'){
252	+ wplc_gdpr_download_chat($filter, $id);
253	+ }
254	+ }
255	+ } else {
256	+ wp_die(__("You do not have permission do perform this action", "wplivechat"));
257	}

258	}
259
260	/**

modules/webhooks_manager.php CHANGED Viewed

File without changes

readme.txt CHANGED Viewed

	@@ -189,6 +189,12 @@ If the live chat box still does not appear on your website, please go through th
189
190
191	== Upgrade Notice ==






192	= 8.0.27 =
193	It is highly recommended that you upgrade to WP Live Chat Support version 8.0.27 for performance reasons. If you have the PRO addon installed please remove it prior updating.
194
	@@ -237,6 +243,12 @@ We have patched the PHPMailer vulnerability. Please update to version 7.0.02.
237
238	== Changelog ==
239






240	= 8.0.27 - 2019-05-15 - High priority =
241	* Free and PRO plugins are now merged
242	* All previously "PRO" features are now unlocked


189
190
191	== Upgrade Notice ==
192	+ = 8.0.29 =
193	+ It is highly recommended that you upgrade to WP Live Chat Support version 8.0.29 for security reasons.
194	+
195	+ = 8.0.28 =
196	+ It is highly recommended that you upgrade to WP Live Chat Support version 8.0.28 for security reasons.
197	+
198	= 8.0.27 =
199	It is highly recommended that you upgrade to WP Live Chat Support version 8.0.27 for performance reasons. If you have the PRO addon installed please remove it prior updating.
200

243
244	== Changelog ==
245
246	+ = 8.0.29 - 2019-05-17 - High priority =
247	+ * Security fix in Custom JS configuration
248	+
249	+ = 8.0.28 - 2019-05-17 - High priority =
250	+ * Security fix in GDPR configuration
251	+
252	= 8.0.27 - 2019-05-15 - High priority =
253	* Free and PRO plugins are now merged
254	* All previously "PRO" features are now unlocked

wp-live-chat-support.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: WP Live Chat Support
4	Plugin URI: http://www.wp-livechat.com
5	Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support.
6	- Version: 8.0.27
7	Author: WP-LiveChat
8	Author URI: http://www.wp-livechat.com
9	Text Domain: wplivechat
	@@ -11,7 +11,13 @@
11	*/
12
13	/*
14	- * = 8.0.27 - 2019-05-15 - High priority =






15	* Free and PRO plugins are now merged
16	* All previously "PRO" features are now unlocked
17	* Legacy Code cleanup for version < 8
	@@ -4943,18 +4949,21 @@ add_action( "wplc_hook_head", "wplc_custom_scripts_save" );
4943	* Saves the custom scripts into the options table
4944	* @return void
4945	*/

4946	function wplc_custom_scripts_save(){
4947
4948	if( isset( $_POST['wplc_save_settings'] ) ){




4949
4950	- if( isset( $_POST['~~wplc_custom_css~~'] ) ){
4951	- update_option( "~~WPLC_CUSTOM_CSS~~", nl2br( $_POST['~~wplc_custom_css~~'] ) );
4952	- }
4953	-
4954	- if( ~~isset~~( ~~$_POST['wplc_custom_js']~~ ) ){
4955	- ~~update_option(~~ ~~"WPLC_CUSTOM_JS", nl2br( $_POST['wplc_custom_js'] ) );~~
4956	- }
4957	-
4958	}
4959
4960	}


3	Plugin Name: WP Live Chat Support
4	Plugin URI: http://www.wp-livechat.com
5	Description: The easiest to use website live chat plugin. Let your visitors chat with you and increase sales conversion rates with WP Live Chat Support.
6	+ Version: 8.0.29
7	Author: WP-LiveChat
8	Author URI: http://www.wp-livechat.com
9	Text Domain: wplivechat

11	*/
12
13	/*
14	+ * 8.0.29 - 2019-05-17 - High priority
15	+ * Security fix in Custom JS configuration
16	+ *
17	+ * 8.0.28 - 2019-05-17 - High priority
18	+ * Security fix in GDPR configuration
19	+ *
20	+ * 8.0.27 - 2019-05-15 - High priority
21	* Free and PRO plugins are now merged
22	* All previously "PRO" features are now unlocked
23	* Legacy Code cleanup for version < 8

4949	* Saves the custom scripts into the options table
4950	* @return void
4951	*/
4952	+
4953	function wplc_custom_scripts_save(){
4954
4955	if( isset( $_POST['wplc_save_settings'] ) ){
4956	+ if (current_user_can('manage_options')) {
4957	+ if( isset( $_POST['wplc_custom_css'] ) ){
4958	+ update_option( "WPLC_CUSTOM_CSS", nl2br( $_POST['wplc_custom_css'] ) );
4959	+ }
4960
4961	+ if( isset( $_POST['wplc_custom_js'] ) ){
4962	+ update_option( "WPLC_CUSTOM_JS", nl2br( $_POST['wplc_custom_js'] ) );
4963	+ }
4964	+ }else {
4965	+ wp_die(__("You do not have permission do perform this action", "wplivechat"));
4966	+ }


4967	}
4968
4969	}