YOP Poll - Version 4.9.3

Version Description

Fixed security issue. Many thanks to Antonio Sanchez for all his help.

Release Info

Developer	yourownprogrammer
Plugin	YOP Poll
Version	4.9.3
Comparing to
See all releases

Code changes from version 4.9.2 to 4.9.3

Files changed (5) hide show

inc/admin.php +12 -0
inc/plugin-functions.php +36 -0
inc/yop_poll_model.php +6 -4
readme.txt +3 -0
yop_poll.php +2 -2

inc/admin.php CHANGED Viewed

	@@ -474,6 +474,10 @@
474
475	if ( version_compare( $installed_version, '4.9.1', '<=' ) ){
476




477	update_option( "yop_poll_version", $wpdb->yop_poll_version );
478	}
479	}
	@@ -7814,6 +7818,8 @@ EOT;
7814	$poll_id = isset ( $_REQUEST ['poll_id'] ) ? $_REQUEST ['poll_id'] : NULL;
7815	$unique_id = isset ( $_REQUEST ['unique_id'] ) ? $_REQUEST ['unique_id'] : NULL;
7816	$location = isset ( $_REQUEST ['location'] ) ? $_REQUEST ['location'] : NULL;


7817	if ( $poll_id ){
7818	require_once( $this->_config->plugin_inc_dir . '/yop_poll_model.php' );
7819	$yop_poll_model = new YOP_POLL_MODEL ( $poll_id );
	@@ -7846,6 +7852,9 @@ EOT;
7846	$unique_id = isset ( $_REQUEST ['unique_id'] ) ? $_REQUEST ['unique_id'] : '';
7847	$location = isset ( $_REQUEST ['location'] ) ? $_REQUEST ['location'] : 'page';
7848	$tr_id = isset ( $_REQUEST ['tr_id'] ) ? $_REQUEST ['tr_id'] : '';



7849	if ( wp_verify_nonce( $_REQUEST['yop-poll-nonce-' . $poll_id . $unique_id], 'yop_poll-' . $poll_id . $unique_id . '-user-actions' ) ){
7850	if ( $poll_id ){
7851	require_once( $this->_config->plugin_inc_dir . '/yop_poll_model.php' );
	@@ -7886,6 +7895,9 @@ EOT;
7886	$unique_id = isset ( $_REQUEST ['unique_id'] ) ? $_REQUEST ['unique_id'] : '';
7887	$location = isset ( $_REQUEST ['location'] ) ? $_REQUEST ['location'] : 'page';
7888	$tr_id = isset ( $_REQUEST ['tr_id'] ) ? $_REQUEST ['tr_id'] : '';



7889	if ( $poll_id ){
7890	require_once( $this->_config->plugin_inc_dir . '/yop_poll_model.php' );
7891	$yop_poll_model = new YOP_POLL_MODEL ( $poll_id );


474
475	if ( version_compare( $installed_version, '4.9.1', '<=' ) ){
476
477	+ update_option( "yop_poll_version", $wpdb->yop_poll_version );
478	+ }
479	+ if ( version_compare( $installed_version, '4.9.2', '<=' ) ){
480	+
481	update_option( "yop_poll_version", $wpdb->yop_poll_version );
482	}
483	}

7818	$poll_id = isset ( $_REQUEST ['poll_id'] ) ? $_REQUEST ['poll_id'] : NULL;
7819	$unique_id = isset ( $_REQUEST ['unique_id'] ) ? $_REQUEST ['unique_id'] : NULL;
7820	$location = isset ( $_REQUEST ['location'] ) ? $_REQUEST ['location'] : NULL;
7821	+ $unique_id =strip_tags(xss_clean($unique_id));
7822	+ $location = strip_tags(xss_clean($location));
7823	if ( $poll_id ){
7824	require_once( $this->_config->plugin_inc_dir . '/yop_poll_model.php' );
7825	$yop_poll_model = new YOP_POLL_MODEL ( $poll_id );

7852	$unique_id = isset ( $_REQUEST ['unique_id'] ) ? $_REQUEST ['unique_id'] : '';
7853	$location = isset ( $_REQUEST ['location'] ) ? $_REQUEST ['location'] : 'page';
7854	$tr_id = isset ( $_REQUEST ['tr_id'] ) ? $_REQUEST ['tr_id'] : '';
7855	+ $unique_id =strip_tags(xss_clean($unique_id));
7856	+ $location = strip_tags(xss_clean($location));
7857	+ $tr_id = strip_tags(xss_clean($tr_id));
7858	if ( wp_verify_nonce( $_REQUEST['yop-poll-nonce-' . $poll_id . $unique_id], 'yop_poll-' . $poll_id . $unique_id . '-user-actions' ) ){
7859	if ( $poll_id ){
7860	require_once( $this->_config->plugin_inc_dir . '/yop_poll_model.php' );

7895	$unique_id = isset ( $_REQUEST ['unique_id'] ) ? $_REQUEST ['unique_id'] : '';
7896	$location = isset ( $_REQUEST ['location'] ) ? $_REQUEST ['location'] : 'page';
7897	$tr_id = isset ( $_REQUEST ['tr_id'] ) ? $_REQUEST ['tr_id'] : '';
7898	+ $unique_id =strip_tags(xss_clean($unique_id));
7899	+ $location = strip_tags(xss_clean($location));
7900	+ $tr_id = strip_tags(xss_clean($tr_id));
7901	if ( $poll_id ){
7902	require_once( $this->_config->plugin_inc_dir . '/yop_poll_model.php' );
7903	$yop_poll_model = new YOP_POLL_MODEL ( $poll_id );

inc/plugin-functions.php CHANGED Viewed

@@ -31,7 +31,43 @@
                  * @param bool   $unique      Optional, default is false. Whether the same key should not be added.
+                 *
                  * @return bool False for failure. True for success.
                  */
                 function add_yop_poll_meta( $poll_id, $meta_key, $meta_value, $unique = false ) {
                     return add_metadata( 'yop_poll', $poll_id, $meta_key, $meta_value, $unique );
+                }


31	* @param bool $unique Optional, default is false. Whether the same key should not be added.
32	*
33	* @return bool False for failure. True for success.
34	+ *
35	*/
36	+ function xss_clean($data)
37	+ {
38	+ // Fix &entity\n;
39	+ $data = str_replace(array('&','<','>'), array('&amp;','&lt;','&gt;'), $data);
40	+ $data = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $data);
41	+ $data = preg_replace('/(&#x[0-9A-F]+);/iu', '$1;', $data);
42	+ $data = html_entity_decode($data, ENT_COMPAT, 'UTF-8');
43	+
44	+ // Remove any attribute starting with "on" or xmlns
45	+ $data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on\|xmlns)[^>]*+>#iu', '$1>', $data);
46	+
47	+ // Remove javascript: and vbscript: protocols
48	+ $data = preg_replace('#([a-z])[\x00-\x20]=[\x00-\x20]([`\'"])[\x00-\x20]j[\x00-\x20]a[\x00-\x20]v[\x00-\x20]a[\x00-\x20]s[\x00-\x20]c[\x00-\x20]r[\x00-\x20]i[\x00-\x20]p[\x00-\x20]t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data);
49	+ $data = preg_replace('#([a-z])[\x00-\x20]=([\'"])[\x00-\x20]v[\x00-\x20]b[\x00-\x20]s[\x00-\x20]c[\x00-\x20]r[\x00-\x20]i[\x00-\x20]p[\x00-\x20]t[\x00-\x20]:#iu', '$1=$2novbscript...', $data);
50	+ $data = preg_replace('#([a-z])[\x00-\x20]=([\'"])[\x00-\x20]-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data);
51	+
52	+ // Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
53	+ $data = preg_replace('#(<[^>]+?)style[\x00-\x20]=[\x00-\x20][`\'"].?expression[\x00-\x20]\([^>]+>#i', '$1>', $data);
54	+ $data = preg_replace('#(<[^>]+?)style[\x00-\x20]=[\x00-\x20][`\'"].?behaviour[\x00-\x20]\([^>]+>#i', '$1>', $data);
55	+ $data = preg_replace('#(<[^>]+?)style[\x00-\x20]=[\x00-\x20][`\'"].?s[\x00-\x20]c[\x00-\x20]r[\x00-\x20]i[\x00-\x20]p[\x00-\x20]t[\x00-\x20]:[^>]+>#iu', '$1>', $data);
56	+
57	+ // Remove namespaced elements (we do not need them)
58	+ $data = preg_replace('#</\w+:\w[^>]+>#i', '', $data);
59	+
60	+ do
61	+ {
62	+ // Remove really unwanted tags
63	+ $old_data = $data;
64	+ $data = preg_replace('#</(?:applet\|b(?:ase\|gsound\|link)\|embed\|frame(?:set)?\|i(?:frame\|layer)\|l(?:ayer\|ink)\|meta\|object\|s(?:cript\|tyle)\|title\|xml)[^>]+>#i', '', $data);
65	+ }
66	+ while ($old_data !== $data);
67	+ $data=filter_var($data, FILTER_SANITIZE_STRING);
68	+ // we are done...
69	+ return $data;
70	+ }
71	function add_yop_poll_meta( $poll_id, $meta_key, $meta_value, $unique = false ) {
72	return add_metadata( 'yop_poll', $poll_id, $meta_key, $meta_value, $unique );
73	}

inc/yop_poll_model.php CHANGED Viewed

	@@ -2412,14 +2412,16 @@
2412	$poll_id = $this->poll['id'];
2413	$unique_id = $this->unique_id;
2414	$location = $request['location'];
2415	- ~~yop_poll_dump~~($~~request['yop-poll-nonce-'~~ . $~~poll_id . $unique_id]~~);



2416	if( wp_verify_nonce( $request['yop-poll-nonce-' . $poll_id . $unique_id], 'yop_poll-' . $poll_id . $unique_id . '-user-actions' ) ) {
2417	$poll_details = $this->poll;
2418	$poll_options = $this->poll_options;
2419	$vote_id = uniqid( 'vote_id_' );
2420	- $vote_type = $request['vote_type'];
2421	- $tr_id = $request['yop_poll_tr_id'];
2422	-
2423	$facebook_error = $request['facebook_error'];
2424	$facebook_user_details = json_decode( self::base64_decode( $request['facebook_user_details'] ), true );
2425


2412	$poll_id = $this->poll['id'];
2413	$unique_id = $this->unique_id;
2414	$location = $request['location'];
2415	+ if($location!="page" && $location!="widget"){
2416	+ $this->error = __( 'Bad request!', 'yop_poll' );
2417	+ return false;
2418	+ }
2419	if( wp_verify_nonce( $request['yop-poll-nonce-' . $poll_id . $unique_id], 'yop_poll-' . $poll_id . $unique_id . '-user-actions' ) ) {
2420	$poll_details = $this->poll;
2421	$poll_options = $this->poll_options;
2422	$vote_id = uniqid( 'vote_id_' );
2423	+ $vote_type = strip_tags(xss_clean($request['vote_type']));
2424	+ $tr_id = strip_tags(xss_clean( $request['yop_poll_tr_id']));

2425	$facebook_error = $request['facebook_error'];
2426	$facebook_user_details = json_decode( self::base64_decode( $request['facebook_user_details'] ), true );
2427

readme.txt CHANGED Viewed

	@@ -143,6 +143,9 @@ You can have only one question per poll. If you want to ask more than one questi
143
144	== Changelog ==
145



146	= 4.9.2 =
147	* Fixed security issue
148


143
144	== Changelog ==
145
146	+ = 4.9.3 =
147	+ * Fixed security issue. Many thanks to Antonio Sanchez for all his help.
148	+
149	= 4.9.2 =
150	* Fixed security issue
151

yop_poll.php CHANGED Viewed

	@@ -5,11 +5,11 @@
5	* Description: Use a full option polling functionality to get the answers you need. YOP Poll is the perfect, easy to use plugin for your WordPress website.
6	* Author: yourownprogrammer
7	* Author URL: http://www.yop-poll.com/thankyou/
8	- * Version: 4.9.2
9	* Network: false
10	*/
11	define ( 'YOP_POLL_WP_VERSION', '3.3' );
12	- define ( 'YOP_POLL_VERSION', '4.9.2' );
13	define ( 'YOP_POLL_PATH', plugin_dir_path( __FILE__ ) );
14	define ( 'YOP_POLL_URL', plugins_url( '', __FILE__ ) );
15	define ( 'YOP_POLL_PLUGIN_FILE', plugin_basename( __FILE__ ) );


5	* Description: Use a full option polling functionality to get the answers you need. YOP Poll is the perfect, easy to use plugin for your WordPress website.
6	* Author: yourownprogrammer
7	* Author URL: http://www.yop-poll.com/thankyou/
8	+ * Version: 4.9.3
9	* Network: false
10	*/
11	define ( 'YOP_POLL_WP_VERSION', '3.3' );
12	+ define ( 'YOP_POLL_VERSION', '4.9.3' );
13	define ( 'YOP_POLL_PATH', plugin_dir_path( __FILE__ ) );
14	define ( 'YOP_POLL_URL', plugins_url( '', __FILE__ ) );
15	define ( 'YOP_POLL_PLUGIN_FILE', plugin_basename( __FILE__ ) );