Get WordPress

Plugin Directory

Changeset 1188388

Timestamp:
06/26/2015 11:16:50 PM (9 years ago)
Author:
drrobotnik
Message:

XSS Hardening

Location:
wp-rollback/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • wp-rollback/trunk/assets/js/themes-wp-rollback.js

    r1159162 r1188388  
    9696
    9797
    98                 var rollback_btn_html = '<a href="' + encodeURI( 'index.php?page=wp-rollback&type=theme&theme_file=' + theme + '&current_version=' + theme_data.version + '&rollback_name=' + theme_data.name + '' ) + '" style="position:absolute;right: ' + (active_theme === true ? '5px' : '80px') + '; bottom: 5px;" class="button wpr-theme-rollback">' + wpr_vars.text_rollback_label + '</a>';
     98                var rollback_btn_html = '<a href="' + encodeURI( 'index.php?page=wp-rollback&type=theme&theme_file=' + theme + '&current_version=' + theme_data.version + '&rollback_name=' + theme_data.name + ' ) + '" style="position:absolute;right: ' + (active_theme === true ? '5px' : '80px') + '; bottom: 5px;" class="button wpr-theme-rollback">' + wpr_vars.text_rollback_label + '</a>';
    9999
    100100                $( '.theme-wrap' ).find( '.theme-actions' ).append( rollback_btn_html );

  • wp-rollback/trunk/includes/rollback-action.php

    r1159162 r1188388  
    1010
    1111$nonce   = 'upgrade-plugin_' . $this->plugin_slug;
    12 $url     = 'index.php?page=wp-rollback&plugin_file=' . $args['plugin_file'] . 'action=upgrade-plugin';
     12$url     = 'index.php?page=wp-rollback&plugin_file=' . . 'action=upgrade-plugin';
    1313$plugin  = $this->plugin_slug;
    1414$version = $args['plugin_version'];
    1515
    1616//Theme rollback
    17 if ( isset( $_GET['theme_file'] ) ) {
     17if ( ) {
    1818
    1919    //theme specific vars
     
    2727    $upgrader->rollback( $_GET['theme_file'] );
    2828
    29 } elseif ( isset( $_GET['plugin_file'] ) ) {
     29} elseif ( $_GET['plugin_file'] ) ) {
    3030    //This is a plugin rollback
    3131    $upgrader = new WP_Rollback_Plugin_Upgrader( new Plugin_Upgrader_Skin( compact( 'title', 'nonce', 'url', 'plugin', 'version' ) ) );

  • wp-rollback/trunk/includes/rollback-menu.php

    r1160921 r1188388  
    2323        <h2><img src="<?php echo WP_ROLLBACK_PLUGIN_URL; ?>/assets/images/wprb-icon-final.svg" onerror="this.onerror=null; this.src='<?php echo WP_ROLLBACK_PLUGIN_URL; ?>/assets/images/wprb-logo.png'"><?php _e( 'WP Rollback', 'wpr' ); ?></h2>
    2424
    25         <p><?php echo apply_filters( 'wpr_rollback_description', sprintf( __( 'Please select which %1$s version you would like to rollback to from the releases listed below. You currently have version %2$s installed of %3$s.', 'wpr' ), '<span class="type">' . ( $theme_rollback == true ? 'theme' : 'plugin' ) . '</span>', '<span class="current-version">' . $args['current_version'] . '</span>', '<span class="rollback-name">' . $args['rollback_name'] . '</span>' ) ); ?></p>
     25        <p><?php echo apply_filters( 'wpr_rollback_description', sprintf( __( 'Please select which %1$s version you would like to rollback to from the releases listed below. You currently have version %2$s installed of %3$s.', 'wpr' ), '<span class="type">' . ( $theme_rollback == true ? 'theme' : 'plugin' ) . '</span>', '<span class="current-version">' . . '</span>' ) ); ?></p>
    2626
    2727    </div>
     
    6969        //Important: We need the appropriate file to perform a rollback
    7070        if ( $plugin_rollback == true ) { ?>
    71             <input type="hidden" name="plugin_file" value="<?php echo $args['plugin_file']; ?>">
     71            <input type="hidden" name="plugin_file" value="<?php echo ; ?>">
    7272        <?php } else { ?>
    73             <input type="hidden" name="theme_file" value="<?php echo $_GET['theme_file']; ?>">
     73            <input type="hidden" name="theme_file" value="<?php echo ; ?>">
    7474        <?php } ?>
    75         <input type="hidden" name="rollback_name" value="<?php echo $args['rollback_name']; ?>">
    76         <input type="hidden" name="installed_version" value="<?php echo $args['current_version']; ?>">
     75        <input type="hidden" name="rollback_name" value="<?php echo esc_attr( $args['rollback_name'] ); ?>">
     76        <input type="hidden" name="installed_version" value="<?php echo esc_attr( $args['current_version'] ); ?>">
     77        <?php wp_nonce_field( 'wpr_rollback_nonce' ); ?>
    7778
    7879

  • wp-rollback/trunk/readme.txt

    r1167290 r1188388  
    55Donate Link: https://wordimpress.com
    66Tested up to: 4.2.2
    7 Stable tag: 1.2.2
     7Stable tag: 1.2.
    88License: GPLv3
    99License URI: http://www.gnu.org/licenses/gpl-3.0.html
     
    110110== Changelog ==
    111111
     112
     113
     114
     115
    112116= 1.2.2 =
    113117* New: Russian translations from @Flector - thanks!

  • wp-rollback/trunk/wp-rollback.php

    r1167290 r1188388  
    66 * Author: WordImpress
    77 * Author URI: http://wordimpress.com
    8  * Version: 1.2.2
     8 * Version: 1.2.
    99 * Text Domain: wpr
    1010 * Domain Path: languages
     
    204204                    'ajaxurl'               => admin_url(),
    205205                    'ajax_loader'           => admin_url( 'images/spinner.gif' ),
     206
    206207                    'text_rollback_label'   => __( 'Rollback', 'wpr' ),
    207208                    'text_not_rollbackable' => __( 'No Rollback Available: This is a non-WordPress.org theme.', 'wpr' ),
     
    291292            if ( ! empty( $args['plugin_version'] ) ) {
    292293                //Plugin: rolling back
     294
     295
    293296                include WP_ROLLBACK_PLUGIN_DIR . '/includes/class-rollback-plugin-upgrader.php';
    294297                include WP_ROLLBACK_PLUGIN_DIR . '/includes/rollback-action.php';
    295298            } elseif ( ! empty( $args['theme_version'] ) ) {
    296299                //Theme: rolling back
     300
     301
    297302                include WP_ROLLBACK_PLUGIN_DIR . '/includes/class-rollback-theme-upgrader.php';
    298303                include WP_ROLLBACK_PLUGIN_DIR . '/includes/rollback-action.php';
    299304            } else {
    300305                //This is the menu
     306
     307
    301308                include WP_ROLLBACK_PLUGIN_DIR . '/includes/rollback-menu.php';
    302309            }
     
    391398            foreach ( $this->versions as $version ) {
    392399
    393                 $versions_html .= '<label><input type="radio" value="' . $version . '" name="' . $type . '_version">' . $version;
     400                $versions_html .= '<label><input type="radio" value="' . . '" name="' . $type . '_version">' . $version;
    394401
    395402                //Is this the current version?
     
    425432
    426433            $plugin_file = WP_PLUGIN_DIR . '/' . $_GET['plugin_file'];
     434
     435
     436
    427437
    428438            $plugin_data = get_plugin_data( $plugin_file, false, false );
     
    504514                    'current_version' => urlencode( $plugin_data['Version'] ),
    505515                    'rollback_name'   => urlencode( $plugin_data['Name'] ),
     516
    506517                ) ), $rollback_url );
    507518            }
Note: See TracChangeset for help on using the changeset viewer.