WP Super Cache - Version 1.3

Version Description

Fixed mfunc exploit due to user input, add support for LOGGED_IN_COOKIE

Release Info

Developer	donncha
Plugin	WP Super Cache
Version	1.3
Comparing to
See all releases

Code changes from version 1.2 to 1.3

Files changed (5) hide show

Changelog.txt +43 -0
readme.txt +9 -5
wp-cache-phase1.php +5 -1
wp-cache-phase2.php +3 -3
wp-cache.php +35 -4

Changelog.txt CHANGED Viewed

@@ -1,3 +1,46 @@
 -10-05 11:36  donncha
             	* readme.txt, wp-cache.php: * Updated version to 1.2 and bumped


1	+ 2013-04-11 11:14 donncha
2	+
3	+ * readme.txt, wp-cache.php: Bump version tested to 3.5.1 and
4	+ version to 1.3
5	+
6	+ 2013-04-11 11:07 donncha
7	+
8	+ * readme.txt: Updated changelog
9	+
10	+ 2013-04-11 10:39 donncha
11	+
12	+ * wp-cache.php: Remove mfunc, mclude and dynamic-cached-content
13	+ tags from comments. Props Frank Goossen
14	+ (http://blog.futtta.be/2013/04/10/wp-safer-cache-stopgap-for-wordpress-cache-plugins-vulnerability/)
15	+ and kisscsaby
16	+ (http://wordpress.org/support/topic/pwn3d?replies=6)
17	+
18	+ 2012-12-13 08:17 donncha
19	+
20	+ * readme.txt: Bumped tested version to 3.5
21	+
22	+ 2012-12-03 09:59 donncha
23	+
24	+ * wp-cache-phase2.php: Hide these fs warnings from the logs
25	+
26	+ 2012-10-24 06:17 donncha
27	+
28	+ * wp-cache.php: Don't mention GoDaddy in the 304 warning, it's
29	+ hopefully fixed.
30	+
31	+ 2012-10-08 10:07 donncha
32	+
33	+ * wp-cache-phase1.php, wp-cache.php: * Use LOGGED_IN_COOKIE in more
34	+ places, props askapache
35	+ * Make sure to check if that constant is defined before using it
36	+ to avoid fatal errors
37	+ * Added wpsc_get_logged_in_cookie() to get cookie value without
38	+ requiring rewrites of the .htaccess file
39	+
40	+ 2012-10-05 11:39 donncha
41	+
42	+ * Changelog.txt: Updated changelog for version 1.2
43	+
44	2012-10-05 11:36 donncha
45
46	* readme.txt, wp-cache.php: * Updated version to 1.2 and bumped

readme.txt CHANGED Viewed

	@@ -1,8 +1,8 @@
1	=== WP Super Cache ===
2	Contributors: donncha, automattic
3	Tags: performance,caching,wp-cache,wp-super-cache,cache
4	- Tested up to: 3.5
5	- Stable tag: 1.2
6	Requires at least: 3.0
7
8	A very fast caching engine for WordPress that produces static html files.
	@@ -56,16 +56,20 @@ The cache directory, usually wp-content/cache/ is only for temporary files. Do n
56
57	== Upgrade Notice ==
58
59	- = 1.2 =
60	- ~~Lots~~ of ~~bugfixes,~~ ~~garbage~~ ~~collection~~ ~~improved~~, ~~more~~ ~~details~~ at ~~http://ocaoimh.ie/y/3i~~
61
62	== Changelog ==
63




64	= 1.2 =
65	* Garbage collection of old cache files is significantly improved. I added a scheduled job that keeps an eye on things and restarts the job if necessary. Also, if you enable caching from the Easy page garbage collection will be enabled too.
66	* Editors can delete single cached files from the admin bar now.
67	* Fixed the cached page counter on the settings page.
68	- * Some sites that updated to 1.0 experienced too much garbage collection. There are still stragglers out there who haven.t upgraded but that.s fixed now!
69	* Supercached mobile files are now used as there was a tiny little typo that needed fixing.
70	* If your site is in a directory and you saw problems updating a page then that should be fixed now.
71	* The deactivate hook has been changed so your configuration isn.t hosed when you upgrade. Unfortunately this will only happen after you do this upgrade.


1	=== WP Super Cache ===
2	Contributors: donncha, automattic
3	Tags: performance,caching,wp-cache,wp-super-cache,cache
4	+ Tested up to: 3.5.1
5	+ Stable tag: 1.3
6	Requires at least: 3.0
7
8	A very fast caching engine for WordPress that produces static html files.

56
57	== Upgrade Notice ==
58
59	+ = 1.3 =
60	+ Fixed mfunc exploit due to user input, add support for LOGGED_IN_COOKIE
61
62	== Changelog ==
63
64	+ = 1.3 =
65	+ * mfunc tags could be executed in comments. Fixed.
66	+ * More support for sites that use the LOGGED_IN_COOKIE constant and custom cookies.
67	+
68	= 1.2 =
69	* Garbage collection of old cache files is significantly improved. I added a scheduled job that keeps an eye on things and restarts the job if necessary. Also, if you enable caching from the Easy page garbage collection will be enabled too.
70	* Editors can delete single cached files from the admin bar now.
71	* Fixed the cached page counter on the settings page.
72	+ * Some sites that updated to 1.0 experienced too much garbage collection. There are still stragglers out there who haven't upgraded but that's fixed now!
73	* Supercached mobile files are now used as there was a tiny little typo that needed fixing.
74	* If your site is in a directory and you saw problems updating a page then that should be fixed now.
75	* The deactivate hook has been changed so your configuration isn.t hosed when you upgrade. Unfortunately this will only happen after you do this upgrade.

wp-cache-phase1.php CHANGED Viewed

	@@ -337,8 +337,12 @@ function wp_cache_late_loader() {
337
338	function wp_cache_get_cookies_values() {
339	$string = '';




340	while ($key = key($_COOKIE)) {
341	- if ( preg_match( "/^wp-postpass\|^~~wordpress_logged_in~~\|^comment_author_/", $key ) ) {
342	if ( isset( $GLOBALS[ 'wp_super_cache_debug' ] ) && $GLOBALS[ 'wp_super_cache_debug' ] ) wp_cache_debug( "Cookie detected: $key", 5 );
343	$string .= $_COOKIE[ $key ] . ",";
344	}


337
338	function wp_cache_get_cookies_values() {
339	$string = '';
340	+ if ( defined( 'LOGGED_IN_COOKIE' ) )
341	+ $logged_in_cookie = preg_quote( constant( 'LOGGED_IN_COOKIE' ) );
342	+ else
343	+ $logged_in_cookie = 'wordpress_logged_in';
344	while ($key = key($_COOKIE)) {
345	+ if ( preg_match( "/^wp-postpass\|^" . $logged_in_cookie . "\|^comment_author_/", $key ) ) {
346	if ( isset( $GLOBALS[ 'wp_super_cache_debug' ] ) && $GLOBALS[ 'wp_super_cache_debug' ] ) wp_cache_debug( "Cookie detected: $key", 5 );
347	$string .= $_COOKIE[ $key ] . ",";
348	}

wp-cache-phase2.php CHANGED Viewed

	@@ -602,11 +602,11 @@ function wp_cache_get_ob(&$buffer) {
602	if ( isset( $GLOBALS[ 'wp_super_cache_debug' ] ) && $GLOBALS[ 'wp_super_cache_debug' ] ) wp_cache_debug( "Warning! The file $tmp_wpcache_filename was empty. Did not rename to {$blog_cache_dir}{$cache_filename}", 5 );
603	@unlink( $tmp_wpcache_filename );
604	} else {
605	- if ( !rename( $tmp_wpcache_filename, $blog_cache_dir . $cache_filename ) ) {
606	if ( false == is_dir( $blog_cache_dir ) )
607	@wp_mkdir_p( $blog_cache_dir );
608	- unlink( $blog_cache_dir . $cache_filename );
609	- rename( $tmp_wpcache_filename, $blog_cache_dir . $cache_filename );
610	}
611	if ( isset( $GLOBALS[ 'wp_super_cache_debug' ] ) && $GLOBALS[ 'wp_super_cache_debug' ] ) wp_cache_debug( "Renamed temp wp-cache file to {$blog_cache_dir}$cache_filename", 5 );
612	$added_cache = 1;


602	if ( isset( $GLOBALS[ 'wp_super_cache_debug' ] ) && $GLOBALS[ 'wp_super_cache_debug' ] ) wp_cache_debug( "Warning! The file $tmp_wpcache_filename was empty. Did not rename to {$blog_cache_dir}{$cache_filename}", 5 );
603	@unlink( $tmp_wpcache_filename );
604	} else {
605	+ if ( !@rename( $tmp_wpcache_filename, $blog_cache_dir . $cache_filename ) ) {
606	if ( false == is_dir( $blog_cache_dir ) )
607	@wp_mkdir_p( $blog_cache_dir );
608	+ @unlink( $blog_cache_dir . $cache_filename );
609	+ @rename( $tmp_wpcache_filename, $blog_cache_dir . $cache_filename );
610	}
611	if ( isset( $GLOBALS[ 'wp_super_cache_debug' ] ) && $GLOBALS[ 'wp_super_cache_debug' ] ) wp_cache_debug( "Renamed temp wp-cache file to {$blog_cache_dir}$cache_filename", 5 );
612	$added_cache = 1;

wp-cache.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: WP Super Cache
4	Plugin URI: http://ocaoimh.ie/wp-super-cache/
5	Description: Very fast caching plugin for WordPress.
6	- Version: 1.2
7	Author: Donncha O Caoimh
8	Author URI: http://ocaoimh.ie/
9	*/
	@@ -321,7 +321,7 @@ function wp_cache_manager_error_checks() {
321	<ol><li> <?php _e( 'Set the plugin to legacy mode and enable mobile support.', 'wp-super-cache' ); ?></li>
322	<li> <?php _e( 'Scroll down the Advanced Settings page and click the <strong>Update Mod_Rewrite Rules</strong> button.', 'wp-super-cache' ); ?></li>
323	<li> <?php printf( __( 'Delete the plugin mod_rewrite rules in %s.htaccess enclosed by <code># BEGIN WPSuperCache</code> and <code># END WPSuperCache</code> and let the plugin regenerate them by reloading this page.', 'wp-super-cache' ), $home_path ); ?></li>
324	- <li> <?php printf( __( 'Add the rules yourself. Edit %s.htaccess and find the block of code enclosed by the lines <code># BEGIN WPSuperCache</code> and <code># END WPSuperCache</code>. There are two sections that look very similar. Just below the line <code>%%{HTTP:Cookie} !^.(comment_author_\|~~wordpress_logged_in\|~~wp-postpass_).$</code> add these lines: (do it twice, once for each section)', 'wp-super-cache' ), $home_path ); ?></p>
325	<div style='padding: 2px; margin: 2px; border: 1px solid #333; width:400px; overflow: scroll'><pre><?php echo "RewriteCond %{HTTP_user_agent} !^.(" . addcslashes( implode( '\|', $wp_cache_mobile_browsers ), ' ' ) . ").\nRewriteCond %{HTTP_user_agent} !^(" . addcslashes( implode( '\|', $wp_cache_mobile_prefixes ), ' ' ) . ").*"; ?></pre></div></li></ol></div><?php
326	}
327
	@@ -957,7 +957,7 @@ jQuery(document).ready(function(){
957	echo "</strike>";
958	echo "<p><strong>" . __( 'Warning! 304 browser caching is only supported when not using mod_rewrite caching.', 'wp-super-cache' ) . "</strong></p>";
959	} else {
960	- ?><em><?php _e( '304 support is disabled by default because in ~~the~~ ~~past~~ ~~GoDaddy~~ had problems with ~~some of~~ the headers used.', 'wp-super-cache' ); ?></em><br /><?php
961	}
962	?><label><input type='checkbox' name='wp_cache_not_logged_in' <?php if( $wp_cache_not_logged_in ) echo "checked"; ?> value='1'> <?php _e( 'Don’t cache pages for <acronym title="Logged in users and those that comment">known users</acronym>.', 'wp-super-cache' ); echo " <em>(" . __( "Recommended", "wp-super-cache" ) . ")</em>"; ?></label><br />
963	<label><input type='checkbox' name='wp_cache_no_cache_for_get' <?php if( $wp_cache_no_cache_for_get ) echo "checked"; ?> value='1'> <?php _e( 'Don’t cache pages with GET parameters. (?x=y at the end of a url)', 'wp-super-cache' ); ?></label><br />
	@@ -2724,6 +2724,17 @@ function wpsc_update_htaccess_form( $short_form = true ) {
2724	}
2725	}
2726











2727	function wpsc_get_htaccess_info() {
2728	global $wp_cache_mobile_enabled, $wp_cache_mobile_prefixes, $wp_cache_mobile_browsers, $wp_cache_disable_utf8;
2729	if ( isset( $_SERVER[ "PHP_DOCUMENT_ROOT" ] ) ) {
	@@ -2767,7 +2778,7 @@ function wpsc_get_htaccess_info() {
2767	}
2768	$condition_rules[] = "RewriteCond %{REQUEST_METHOD} !POST";
2769	$condition_rules[] = "RewriteCond %{QUERY_STRING} !.=.";
2770	- $condition_rules[] = "RewriteCond %{HTTP:Cookie} !^.(comment_author_\|~~wordpress_logged_in~~\|wp-postpass_).$";
2771	$condition_rules[] = "RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\\\"]+ [NC]";
2772	$condition_rules[] = "RewriteCond %{HTTP:Profile} !^[a-z0-9\\\"]+ [NC]";
2773	if ( $wp_cache_mobile_enabled ) {
	@@ -3126,4 +3137,24 @@ function supercache_admin_bar_render() {
3126	}
3127	add_action( 'wp_before_admin_bar_render', 'supercache_admin_bar_render' );
3128




















3129	?>


3	Plugin Name: WP Super Cache
4	Plugin URI: http://ocaoimh.ie/wp-super-cache/
5	Description: Very fast caching plugin for WordPress.
6	+ Version: 1.3
7	Author: Donncha O Caoimh
8	Author URI: http://ocaoimh.ie/
9	*/

321	<ol><li> <?php _e( 'Set the plugin to legacy mode and enable mobile support.', 'wp-super-cache' ); ?></li>
322	<li> <?php _e( 'Scroll down the Advanced Settings page and click the <strong>Update Mod_Rewrite Rules</strong> button.', 'wp-super-cache' ); ?></li>
323	<li> <?php printf( __( 'Delete the plugin mod_rewrite rules in %s.htaccess enclosed by <code># BEGIN WPSuperCache</code> and <code># END WPSuperCache</code> and let the plugin regenerate them by reloading this page.', 'wp-super-cache' ), $home_path ); ?></li>
324	+ <li> <?php printf( __( 'Add the rules yourself. Edit %s.htaccess and find the block of code enclosed by the lines <code># BEGIN WPSuperCache</code> and <code># END WPSuperCache</code>. There are two sections that look very similar. Just below the line <code>%%{HTTP:Cookie} !^.(comment_author_\|%s\|wp-postpass_).$</code> add these lines: (do it twice, once for each section)', 'wp-super-cache' ), $home_path, wpsc_get_logged_in_cookie() ); ?></p>
325	<div style='padding: 2px; margin: 2px; border: 1px solid #333; width:400px; overflow: scroll'><pre><?php echo "RewriteCond %{HTTP_user_agent} !^.(" . addcslashes( implode( '\|', $wp_cache_mobile_browsers ), ' ' ) . ").\nRewriteCond %{HTTP_user_agent} !^(" . addcslashes( implode( '\|', $wp_cache_mobile_prefixes ), ' ' ) . ").*"; ?></pre></div></li></ol></div><?php
326	}
327

957	echo "</strike>";
958	echo "<p><strong>" . __( 'Warning! 304 browser caching is only supported when not using mod_rewrite caching.', 'wp-super-cache' ) . "</strong></p>";
959	} else {
960	+ ?><em><?php _e( '304 support is disabled by default because some hosts have had problems with the headers used in the past.', 'wp-super-cache' ); ?></em><br /><?php
961	}
962	?><label><input type='checkbox' name='wp_cache_not_logged_in' <?php if( $wp_cache_not_logged_in ) echo "checked"; ?> value='1'> <?php _e( 'Don’t cache pages for <acronym title="Logged in users and those that comment">known users</acronym>.', 'wp-super-cache' ); echo " <em>(" . __( "Recommended", "wp-super-cache" ) . ")</em>"; ?></label><br />
963	<label><input type='checkbox' name='wp_cache_no_cache_for_get' <?php if( $wp_cache_no_cache_for_get ) echo "checked"; ?> value='1'> <?php _e( 'Don’t cache pages with GET parameters. (?x=y at the end of a url)', 'wp-super-cache' ); ?></label><br />

2724	}
2725	}
2726
2727	+ /*
2728	+ * Return LOGGED_IN_COOKIE if it doesn't begin with wordpress_logged_in
2729	+ * to avoid having people update their .htaccess file
2730	+ */
2731	+ function wpsc_get_logged_in_cookie() {
2732	+ $logged_in_cookie = 'wordpress_logged_in';
2733	+ if ( defined( 'LOGGED_IN_COOKIE' ) && substr( constant( 'LOGGED_IN_COOKIE' ), 0, 19 ) != 'wordpress_logged_in' )
2734	+ $logged_in_cookie = constant( 'LOGGED_IN_COOKIE' );
2735	+ return $logged_in_cookie;
2736	+ }
2737	+
2738	function wpsc_get_htaccess_info() {
2739	global $wp_cache_mobile_enabled, $wp_cache_mobile_prefixes, $wp_cache_mobile_browsers, $wp_cache_disable_utf8;
2740	if ( isset( $_SERVER[ "PHP_DOCUMENT_ROOT" ] ) ) {

2778	}
2779	$condition_rules[] = "RewriteCond %{REQUEST_METHOD} !POST";
2780	$condition_rules[] = "RewriteCond %{QUERY_STRING} !.=.";
2781	+ $condition_rules[] = "RewriteCond %{HTTP:Cookie} !^.(comment_author_\|" . wpsc_get_logged_in_cookie() . "\|wp-postpass_).$";
2782	$condition_rules[] = "RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\\\"]+ [NC]";
2783	$condition_rules[] = "RewriteCond %{HTTP:Profile} !^[a-z0-9\\\"]+ [NC]";
2784	if ( $wp_cache_mobile_enabled ) {

3137	}
3138	add_action( 'wp_before_admin_bar_render', 'supercache_admin_bar_render' );
3139
3140	+ add_filter( 'preprocess_comment','no_mfunc_in_comments' );
3141	+ add_filter( 'comment_text','no_mfunc_in_comments' );
3142	+ add_filter( 'comment_excerpt','no_mfunc_in_comments' );
3143	+ add_filter( 'comment_text_rss','no_mfunc_in_comments' );
3144	+
3145	+ function no_mfunc_in_comments( $comment_data ) {
3146	+ if ( is_array( $comment_data ) )
3147	+ $text = $comment_data[ 'comment_content' ];
3148	+ else
3149	+ $text = $comment_data;
3150	+
3151	+ if ( preg_match( '/<!--\smclude\|<!--\smfunc\|<!--\s*dynamic-cached-content/i', $text )) {
3152	+ $text = preg_replace( '#(<!--\s(mclude\|mfunc\|dynamic-cached-content).<!-+\s/\s(mfunc\|mclude\|dynamic-cached-content)\s*-+>)#ism','<!-- unsafe comment zapped -->', $text );
3153	+ if ( is_array( $comment_data ) )
3154	+ $comment_data[ 'comment_content' ] = $text;
3155	+ else
3156	+ $comment_data = $text;
3157	+ }
3158	+ return $comment_data;
3159	+ }
3160	?>