Version Description
Download this release
Release Info
| Developer | donncha |
| Plugin |  WP Super Cache |
| Version | 1.7.3 |
| Comparing to | |
| See all releases | |
Code changes from version 1.7.2 to 1.7.3
- readme.txt +7 -3
- wp-cache.php +13 -8
readme.txt
CHANGED
|
@@ -1,8 +1,8 @@
|
|
| 1 |
# WP Super Cache #
|
| 2 |
* Contributors: donncha, automattic
|
| 3 |
* Tags: performance, caching, wp-cache, wp-super-cache, cache
|
| 4 |
-
* Tested up to: 5.7
|
| 5 |
-
* Stable tag: 1.7.
|
| 6 |
* Requires at least: 3.1
|
| 7 |
* Requires PHP: 5.2.4
|
| 8 |
* License: GPLv2 or later
|
|
@@ -269,6 +269,10 @@ Your theme is probably responsive which means it resizes the page to suit whatev
|
|
| 269 |
|
| 270 |
## Changelog ##
|
| 271 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 272 |
### 1.7.2 ###
|
| 273 |
* Fixed authenticated RCE in the settings page. Props @m0ze
|
| 274 |
* Small bug fixes.
|
|
@@ -757,4 +761,4 @@ Your theme is probably responsive which means it resizes the page to suit whatev
|
|
| 757 |
|
| 758 |
|
| 759 |
## Upgrade Notice ##
|
| 760 |
-
Security and bugfix release.
|
| 1 |
# WP Super Cache #
|
| 2 |
* Contributors: donncha, automattic
|
| 3 |
* Tags: performance, caching, wp-cache, wp-super-cache, cache
|
| 4 |
+
* Tested up to: 5.7.1
|
| 5 |
+
* Stable tag: 1.7.3
|
| 6 |
* Requires at least: 3.1
|
| 7 |
* Requires PHP: 5.2.4
|
| 8 |
* License: GPLv2 or later
|
| 269 |
|
| 270 |
## Changelog ##
|
| 271 |
|
| 272 |
+
### 1.7.3 ###
|
| 273 |
+
* Sanitize the settings that are written to the config file #763
|
| 274 |
+
* Fix the display of "direct cached" example urls in some circumstance. #766
|
| 275 |
+
|
| 276 |
### 1.7.2 ###
|
| 277 |
* Fixed authenticated RCE in the settings page. Props @m0ze
|
| 278 |
* Small bug fixes.
|
| 761 |
|
| 762 |
|
| 763 |
## Upgrade Notice ##
|
| 764 |
+
Security and bugfix release. Security issue isn't too serious but you should upgrade.
|
wp-cache.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: WP Super Cache
|
| 4 |
Plugin URI: https://wordpress.org/plugins/wp-super-cache/
|
| 5 |
Description: Very fast caching plugin for WordPress.
|
| 6 |
-
Version: 1.7.
|
| 7 |
Author: Automattic
|
| 8 |
Author URI: https://automattic.com/
|
| 9 |
License: GPL2+
|
|
@@ -598,7 +598,7 @@ function wp_cache_manager_updates() {
|
|
| 598 |
if ( $new_cache_path != $cache_path ) {
|
| 599 |
if ( file_exists( $new_cache_path ) == false )
|
| 600 |
rename( $cache_path, $new_cache_path );
|
| 601 |
-
$cache_path = $new_cache_path;
|
| 602 |
wp_cache_replace_line('^ *\$cache_path', "\$cache_path = " . var_export( $cache_path, true ) . ";", $wp_cache_config_file);
|
| 603 |
}
|
| 604 |
|
|
@@ -1553,7 +1553,7 @@ function wpsc_update_direct_pages() {
|
|
| 1553 |
$expiredfiles = array_diff( $cached_direct_pages, $_POST[ 'direct_pages' ] );
|
| 1554 |
unset( $cached_direct_pages );
|
| 1555 |
foreach( $_POST[ 'direct_pages' ] as $page ) {
|
| 1556 |
-
$page = str_replace( '..', '', preg_replace('/[ <>\'\"\r\n\t\(\)]/', '', $page ) );
|
| 1557 |
if ( $page != '' ) {
|
| 1558 |
$cached_direct_pages[] = $page;
|
| 1559 |
$out .= "'$page', ";
|
|
@@ -1564,7 +1564,7 @@ function wpsc_update_direct_pages() {
|
|
| 1564 |
}
|
| 1565 |
if ( $valid_nonce && array_key_exists('new_direct_page', $_POST) && $_POST[ 'new_direct_page' ] && '' != $_POST[ 'new_direct_page' ] ) {
|
| 1566 |
$page = str_replace( get_option( 'siteurl' ), '', $_POST[ 'new_direct_page' ] );
|
| 1567 |
-
$page = str_replace( '..', '', preg_replace('/[ <>\'\"\r\n\t\(\)]/', '', $page ) );
|
| 1568 |
if ( substr( $page, 0, 1 ) != '/' )
|
| 1569 |
$page = '/' . $page;
|
| 1570 |
if ( $page != '/' || false == is_array( $cached_direct_pages ) || in_array( $page, $cached_direct_pages ) == false ) {
|
|
@@ -1693,7 +1693,7 @@ function wp_lock_down() {
|
|
| 1693 |
) . '</p>';
|
| 1694 |
if ( 'READONLY' !== $readonly ) {
|
| 1695 |
echo '<p>' . sprintf( __( 'For example: to cache <em>%1$sabout/</em>, you would enter %1$sabout/ or /about/. The cached file will be generated the next time an anonymous user visits that page.', 'wp-super-cache' ),
|
| 1696 |
-
esc_attr( trailingslashit( get_option( '
|
| 1697 |
) . '</p>';
|
| 1698 |
echo '<p>' . esc_html__( 'Make the textbox blank to remove it from the list of direct pages and delete the cached file.', 'wp-super-cache' ) . '</p>';
|
| 1699 |
|
|
@@ -1786,7 +1786,12 @@ function wp_cache_time_update() {
|
|
| 1786 |
":" != substr( $_POST[ 'cache_scheduled_time' ], 2, 1 )
|
| 1787 |
)
|
| 1788 |
$_POST[ 'cache_scheduled_time' ] = '00:00';
|
|
|
|
| 1789 |
$cache_scheduled_time = $_POST[ 'cache_scheduled_time' ];
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1790 |
$schedules = wp_get_schedules();
|
| 1791 |
if ( !isset( $cache_schedule_interval ) )
|
| 1792 |
$cache_schedule_interval = 'daily';
|
|
@@ -2074,8 +2079,8 @@ function wpsc_update_debug_settings() {
|
|
| 2074 |
wp_cache_setting( 'wp_cache_debug_log', $wp_cache_debug_log );
|
| 2075 |
$wp_super_cache_comments = isset( $_POST[ 'wp_super_cache_comments' ] ) ? 1 : 0;
|
| 2076 |
wp_cache_setting( 'wp_super_cache_comments', $wp_super_cache_comments );
|
| 2077 |
-
if ( isset( $_POST[ 'wp_cache_debug_ip' ] ) ) {
|
| 2078 |
-
$wp_cache_debug_ip = esc_html( $_POST[ 'wp_cache_debug_ip' ] );
|
| 2079 |
} else {
|
| 2080 |
$wp_cache_debug_ip = '';
|
| 2081 |
}
|
|
@@ -2085,7 +2090,7 @@ function wpsc_update_debug_settings() {
|
|
| 2085 |
$wp_super_cache_front_page_clear = isset( $_POST[ 'wp_super_cache_front_page_clear' ] ) ? 1 : 0;
|
| 2086 |
wp_cache_setting( 'wp_super_cache_front_page_clear', $wp_super_cache_front_page_clear );
|
| 2087 |
if ( isset( $_POST[ 'wp_super_cache_front_page_text' ] ) ) {
|
| 2088 |
-
$wp_super_cache_front_page_text = esc_html( $_POST[ 'wp_super_cache_front_page_text' ] );
|
| 2089 |
} else {
|
| 2090 |
$wp_super_cache_front_page_text = '';
|
| 2091 |
}
|
| 3 |
Plugin Name: WP Super Cache
|
| 4 |
Plugin URI: https://wordpress.org/plugins/wp-super-cache/
|
| 5 |
Description: Very fast caching plugin for WordPress.
|
| 6 |
+
Version: 1.7.3
|
| 7 |
Author: Automattic
|
| 8 |
Author URI: https://automattic.com/
|
| 9 |
License: GPL2+
|
| 598 |
if ( $new_cache_path != $cache_path ) {
|
| 599 |
if ( file_exists( $new_cache_path ) == false )
|
| 600 |
rename( $cache_path, $new_cache_path );
|
| 601 |
+
$cache_path = preg_replace('/[ <>\'\"\r\n\t\(\)\$\[\];#]/', '', $new_cache_path );
|
| 602 |
wp_cache_replace_line('^ *\$cache_path', "\$cache_path = " . var_export( $cache_path, true ) . ";", $wp_cache_config_file);
|
| 603 |
}
|
| 604 |
|
| 1553 |
$expiredfiles = array_diff( $cached_direct_pages, $_POST[ 'direct_pages' ] );
|
| 1554 |
unset( $cached_direct_pages );
|
| 1555 |
foreach( $_POST[ 'direct_pages' ] as $page ) {
|
| 1556 |
+
$page = str_replace( '..', '', preg_replace( '/[ <>\'\"\r\n\t\(\)\$\[\];#]/', '', $page ) );
|
| 1557 |
if ( $page != '' ) {
|
| 1558 |
$cached_direct_pages[] = $page;
|
| 1559 |
$out .= "'$page', ";
|
| 1564 |
}
|
| 1565 |
if ( $valid_nonce && array_key_exists('new_direct_page', $_POST) && $_POST[ 'new_direct_page' ] && '' != $_POST[ 'new_direct_page' ] ) {
|
| 1566 |
$page = str_replace( get_option( 'siteurl' ), '', $_POST[ 'new_direct_page' ] );
|
| 1567 |
+
$page = str_replace( '..', '', preg_replace( '/[ <>\'\"\r\n\t\(\)\$\[\];#]/', '', $page ) );
|
| 1568 |
if ( substr( $page, 0, 1 ) != '/' )
|
| 1569 |
$page = '/' . $page;
|
| 1570 |
if ( $page != '/' || false == is_array( $cached_direct_pages ) || in_array( $page, $cached_direct_pages ) == false ) {
|
| 1693 |
) . '</p>';
|
| 1694 |
if ( 'READONLY' !== $readonly ) {
|
| 1695 |
echo '<p>' . sprintf( __( 'For example: to cache <em>%1$sabout/</em>, you would enter %1$sabout/ or /about/. The cached file will be generated the next time an anonymous user visits that page.', 'wp-super-cache' ),
|
| 1696 |
+
esc_attr( trailingslashit( get_option( 'home' ) ) )
|
| 1697 |
) . '</p>';
|
| 1698 |
echo '<p>' . esc_html__( 'Make the textbox blank to remove it from the list of direct pages and delete the cached file.', 'wp-super-cache' ) . '</p>';
|
| 1699 |
|
| 1786 |
":" != substr( $_POST[ 'cache_scheduled_time' ], 2, 1 )
|
| 1787 |
)
|
| 1788 |
$_POST[ 'cache_scheduled_time' ] = '00:00';
|
| 1789 |
+
|
| 1790 |
$cache_scheduled_time = $_POST[ 'cache_scheduled_time' ];
|
| 1791 |
+
|
| 1792 |
+
if ( ! preg_match( '/[0-9][0-9]:[0-9][0-9]/', $cache_scheduled_time ) ) {
|
| 1793 |
+
$cache_scheduled_time = '00:00';
|
| 1794 |
+
}
|
| 1795 |
$schedules = wp_get_schedules();
|
| 1796 |
if ( !isset( $cache_schedule_interval ) )
|
| 1797 |
$cache_schedule_interval = 'daily';
|
| 2079 |
wp_cache_setting( 'wp_cache_debug_log', $wp_cache_debug_log );
|
| 2080 |
$wp_super_cache_comments = isset( $_POST[ 'wp_super_cache_comments' ] ) ? 1 : 0;
|
| 2081 |
wp_cache_setting( 'wp_super_cache_comments', $wp_super_cache_comments );
|
| 2082 |
+
if ( isset( $_POST[ 'wp_cache_debug_ip' ] ) && filter_var( $_POST[ 'wp_cache_debug_ip' ], FILTER_VALIDATE_IP ) ) {
|
| 2083 |
+
$wp_cache_debug_ip = esc_html( preg_replace( '/[ <>\'\"\r\n\t\(\)\$\[\];#]/', '', $_POST[ 'wp_cache_debug_ip' ] ) );
|
| 2084 |
} else {
|
| 2085 |
$wp_cache_debug_ip = '';
|
| 2086 |
}
|
| 2090 |
$wp_super_cache_front_page_clear = isset( $_POST[ 'wp_super_cache_front_page_clear' ] ) ? 1 : 0;
|
| 2091 |
wp_cache_setting( 'wp_super_cache_front_page_clear', $wp_super_cache_front_page_clear );
|
| 2092 |
if ( isset( $_POST[ 'wp_super_cache_front_page_text' ] ) ) {
|
| 2093 |
+
$wp_super_cache_front_page_text = esc_html( preg_replace( '/[ <>\'\"\r\n\t\(\)\$\[\];#]/', '', $_POST[ 'wp_super_cache_front_page_text' ] ) );
|
| 2094 |
} else {
|
| 2095 |
$wp_super_cache_front_page_text = '';
|
| 2096 |
}
|
