From 648b9a5ed0490b9f4140a269eb960af879a6d42e Mon Sep 17 00:00:00 2001
From: Lwangaman <Lwangaman@b8457f37-d9ea-0310-8a92-e5e31aec5664>
Date: Tue, 16 May 2017 22:04:21 +0000
Subject: [PATCH] fix for possible vulnerability in savecss.php

---
 bibleget-io.php |  4 ++--
 readme.txt      | 10 ++++++++--
 savecss.php     |  8 ++++----
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/bibleget-io.php b/bibleget-io.php
index 99e58d2..43b9572 100644
--- a/bibleget-io.php
+++ b/bibleget-io.php
@@ -1,7 +1,7 @@
 <?php
 /*
  * Plugin Name: BibleGet I/O
- * Version: 3.4
+ * Version: 3.5
  * Plugin URI: http://www.bibleget.io/
  * Description: Easily insert Bible quotes from a choice of Bible versions into your articles or pages with the shortcode[bibleget].
  * Author: John Romano D'Orazio
@@ -27,7 +27,7 @@
  * along with this program. If not, see <http://www.gnu.org/licenses/>.
  */
 
-define( "PLUGINVERSION", "v3_4" );
+define( "PLUGINVERSION", "v3_5" );
 
 if(! defined( 'ABSPATH' )) {
 	header( 'Status: 403 Forbidden' );
diff --git a/readme.txt b/readme.txt
index ad7430c..5963ff4 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,8 +3,8 @@ Contributors: Lwangaman
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=HDS7XQKGFHJ58
 Tags: bible,shortcode,quote,citation
 Requires at least: 3.3
-Tested up to: 4.3
-Stable tag: 3.4
+Tested up to: 4.7.4
+Stable tag: 3.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -128,6 +128,9 @@ Almeno la prima query deve indicare il nome del libro sul quale effettuare la ri
 
 == Changelog ==
 
+= 3.5 =
+* Fix possible vulnerability in the script that saves the custom css file
+
 = 3.4 =
 * Better error handling: server errors from the BibleGet server will only be shown in backend notifications, and will not be saved in any transients. (this update is thanks to user feedback from Mr. D.N., user feedback is very helpful!)
 
@@ -212,6 +215,9 @@ Almeno la prima query deve indicare il nome del libro sul quale effettuare la ri
 
 == Upgrade Notice ==
 
+= 3.5 =
+This is a minor update with a bugfix for a possible vulnerability
+
 = 3.4 =
 Minor update with better error handling, errors from the bibleget server will only show in backend
 
diff --git a/savecss.php b/savecss.php
index b4a53ca..b24c150 100644
--- a/savecss.php
+++ b/savecss.php
@@ -1,10 +1,10 @@
 <?php 
 	/* AJAX check  */
 	if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
-		$file = $_POST["file"];
-		$contents = $_POST["contents"];
-		
-		if(file_exists($file)){
+		$contents = preg_replace('/<\\?.*(\\?>|$)/Us', '',$_POST["contents"]);
+
+		$file = $_POST["file"];		
+		if(basename($file)=="styles.css" && file_exists($file)){			
 			if(file_put_contents ($file,$contents)){
 				echo "UPDATE SUCCESSFUL";
 			}