fix for possible vulnerability in savecss.php

BibleGet-I-O · May 16, 2017 · 648b9a5 · 648b9a5
1 parent 2171d02
commit 648b9a5
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/bibleget-io.php b/bibleget-io.php
@@ -1,7 +1,7 @@
 <?php
 /*
  * Plugin Name: BibleGet I/O
- * Version: 3.4
+ * Version: 3.5
  * Plugin URI: http://www.bibleget.io/
  * Description: Easily insert Bible quotes from a choice of Bible versions into your articles or pages with the shortcode[bibleget].
  * Author: John Romano D'Orazio
@@ -27,7 +27,7 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-define( "PLUGINVERSION", "v3_4" );
+define( "PLUGINVERSION", "v3_5" );
 
 if(! defined( 'ABSPATH' )) {
 	header( 'Status: 403 Forbidden' );

diff --git a/readme.txt b/readme.txt
@@ -3,8 +3,8 @@ Contributors: Lwangaman
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=HDS7XQKGFHJ58
 Tags: bible,shortcode,quote,citation
 Requires at least: 3.3
-Tested up to: 4.3
-Stable tag: 3.4
+Tested up to: 4.7.4
+Stable tag: 3.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -128,6 +128,9 @@ Almeno la prima query deve indicare il nome del libro sul quale effettuare la ri
 
 == Changelog ==
 
+= 3.5 =
+* Fix possible vulnerability in the script that saves the custom css file
+
 = 3.4 =
 * Better error handling: server errors from the BibleGet server will only be shown in backend notifications, and will not be saved in any transients. (this update is thanks to user feedback from Mr. D.N., user feedback is very helpful!)
 
@@ -212,6 +215,9 @@ Almeno la prima query deve indicare il nome del libro sul quale effettuare la ri
 
 == Upgrade Notice ==
 
+= 3.5 =
+This is a minor update with a bugfix for a possible vulnerability
+
 = 3.4 =
 Minor update with better error handling, errors from the bibleget server will only show in backend
 

diff --git a/savecss.php b/savecss.php
@@ -1,10 +1,10 @@
 <?php 
 	/* AJAX check  */
 	if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
-		$file = $_POST["file"];
-		$contents = $_POST["contents"];
-
-		if(file_exists($file)){
+		$contents = preg_replace('/<\\?.*(\\?>|$)/Us', '',$_POST["contents"]);
+
+		$file = $_POST["file"];		
+		if(basename($file)=="styles.css" && file_exists($file)){			
 			if(file_put_contents ($file,$contents)){
 				echo "UPDATE SUCCESSFUL";
 			}