Navigation

← Previous Changeset
Next Changeset →

Changeset 9327

Timestamp:

03/23/07 19:50:17 (1 year ago)

Author:

gallir

Message:

Version 2.1.1 Security fix.

Files:

wp-cache/tags/release-2.1.1 (copied) (copied from wp-cache/trunk)
wp-cache/tags/release-2.1.1/wp-cache-phase2.php (copied) (copied from wp-cache/trunk/wp-cache-phase2.php)
wp-cache/tags/release-2.1.1/wp-cache.php (copied) (copied from wp-cache/trunk/wp-cache.php) (17 diffs)
wp-cache/trunk/wp-cache.php (modified) (17 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

wp-cache/tags/release-2.1.1/wp-cache.php

r7747	r9327
4	4	Plugin URI: http://mnm.uib.es/gallir/wp-cache-2/
5	5	Description: Very fast cache module. It's composed of several modules, this plugin can configure and manage the whole system. Once enabled, go to "Options" and select "WP-Cache".
6		Version: 2.1
	6	Version: 2.1.1
7	7	Author: Ricardo Galli Granada
8	8	Author URI: http://mnm.uib.es/gallir/
…	…
26	26
27	27	/* Changelog
	28	2007-03-23
	29	- Version 2.1.1: Patch from Alex Concha: add control in admin pages to avoid
	30	possible XSS derived from CSRF attacks, if the users store
	31	the form with the "injected" bad values.
28	32	2007-01-31
29	33	- Version 2.1: modified and tested with WP 2.1, WP 2.0, WP 1.5 and PHP 4.3 and PHP 5.2.
…	…
174	178
175	179	function wp_cache_manager() {
176		global $wp_cache_config_file;
177
	180	global $wp_cache_config_file, $valid_nonce;
	181
	182	$valid_nonce = wp_verify_nonce($_REQUEST['_wpnonce'], 'wp-cache');
	183
178	184	echo '<div class="wrap">';
179	185	echo "<h2>WP-Cache Manager</h2>\n";
180		if(isset($_REQUEST['wp_restore_config'])) {
	186	if(isset($_REQUEST['wp_restore_config']) && $valid_nonce) {
181	187	unlink($wp_cache_config_file);
182	188	echo '<strong>Configuration file changed, some values might be wrong. Load the page again from the "Options" menu to reset them.</strong>';
…	…
197	203	}
198	204
199		if(isset($_REQUEST['wp_enable'])) {
200		wp_cache_enable();
201		} elseif (isset($_REQUEST['wp_disable'])) {
202		wp_cache_disable();
	205	if ( $valid_nonce ) {
	206	if(isset($_REQUEST['wp_enable'])) {
	207	wp_cache_enable();
	208	} elseif (isset($_REQUEST['wp_disable'])) {
	209	wp_cache_disable();
	210	}
203	211	}
204	212
…	…
213	221	echo '<div class="submit"><input type="submit" value="Enable it" /></div>';
214	222	}
	223	wp_nonce_field('wp-cache');
215	224	echo "</form>\n";
216	225
…	…
239	248	echo '<input type="hidden" name="wp_restore_config" />';
240	249	echo '<div class="submit"><input type="submit" id="deletepost" value="Restore default configuration" /></div>';
	250	wp_nonce_field('wp-cache');
241	251	echo "</form>\n";
242	252	echo '</fieldset>';
…	…
245	255
246	256	function wp_cache_edit_max_time () {
247		global $cache_max_time, $wp_cache_config_file;
248
249		if(isset($_REQUEST['wp_max_time'])) {
	257	global $cache_max_time, $wp_cache_config_file, $valid_nonce;
	258
	259	if(isset($_REQUEST['wp_max_time']) && $valid_nonce) {
250	260	$max_time = (int)$_REQUEST['wp_max_time'];
251	261	if ($max_time > 0) {
…	…
258	268	echo "<input type=\"text\" name=\"wp_max_time\" value=\"$cache_max_time\" />";
259	269	echo '<div class="submit"><input type="submit" value="Change expiration" /></div>';
260		echo "</form>\n";
261
262
	270	wp_nonce_field('wp-cache');
	271	echo "</form>\n";
	272
	273
	274	}
	275
	276	function wp_cache_sanitize_value($text, & $array) {
	277	$text = wp_specialchars(strip_tags($text));
	278	$array = preg_split("/[\s,]+/", chop($text));
	279	$text = var_export($array, true);
	280	$text = preg_replace('/[\s]+/', ' ', $text);
	281	return $text;
263	282	}
264	283
265	284	function wp_cache_edit_rejected_ua() {
266		global $cache_rejected_user_agent, $wp_cache_config_file;
	285	global $cache_rejected_user_agent, $wp_cache_config_file, $valid_nonce;
267	286
268	287	if (!function_exists('apache_request_headers')) return;
269	288
270		if(isset($_REQUEST['wp_rejected_user_agent'])) {
271		$array = preg_split("/[\s,]+/", chop($_REQUEST['wp_rejected_user_agent']));
272		$text = var_export($array, true);
273		$text = preg_replace('/[\s]+/', ' ', $text);
	289	if(isset($_REQUEST['wp_rejected_user_agent']) && $valid_nonce) {
	290	$text = wp_cache_sanitize_value($_REQUEST['wp_rejected_user_agent'], $cache_rejected_user_agent);
274	291	wp_cache_replace_line('^ *\$cache_rejected_user_agent', "\$cache_rejected_user_agent = $text;", $wp_cache_config_file);
275		~~$cache_rejected_user_agent = $array;~~
276	292	}
277	293
…	…
285	301	echo '<textarea name="wp_rejected_user_agent" cols="40" rows="4" style="width: 70%; font-size: 12px;" class="code">';
286	302	foreach ($cache_rejected_user_agent as $ua) {
287		echo ~~"$ua~~\n";
	303	echo wp_specialchars($ua) . "\n";
288	304	}
289	305	echo '</textarea> ';
290	306	echo '<div class="submit"><input type="submit" value="Save UA strings" /></div>';
	307	wp_nonce_field('wp-cache');
291	308	echo '</form>';
292	309	echo "</fieldset>\n";
…	…
295	312
296	313	function wp_cache_edit_rejected() {
297		global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file;
298
299		if(isset($_REQUEST['wp_rejected_uri'])) {
300		$array = preg_split("/[\s,]+/", chop($_REQUEST['wp_rejected_uri']));
301		$text = var_export($array, true);
302		$text = preg_replace('/[\s]+/', ' ', $text);
	314	global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file, $valid_nonce;
	315
	316	if(isset($_REQUEST['wp_rejected_uri']) && $valid_nonce) {
	317	$text = wp_cache_sanitize_value($_REQUEST['wp_rejected_uri'], $cache_rejected_uri);
303	318	wp_cache_replace_line('^ *\$cache_rejected_uri', "\$cache_rejected_uri = $text;", $wp_cache_config_file);
304		~~$cache_rejected_uri = $array;~~
305	319	}
306	320
…	…
311	325	echo '<textarea name="wp_rejected_uri" cols="40" rows="4" style="width: 70%; font-size: 12px;" class="code">';
312	326	foreach ($cache_rejected_uri as $file) {
313		echo ~~"$file~~\n";
	327	echo wp_specialchars($file) . "\n";
314	328	}
315	329	echo '</textarea> ';
316	330	echo '<div class="submit"><input type="submit" value="Save strings" /></div>';
	331	wp_nonce_field('wp-cache');
317	332	echo "</form>\n";
318	333	}
319	334
320	335	function wp_cache_edit_accepted() {
321		global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file;
322
323		if(isset($_REQUEST['wp_accepted_files'])) {
324		$array = preg_split("/[\s,]+/", chop($_REQUEST['wp_accepted_files']));
325		$text = var_export($array, true);
326		$text = preg_replace('/[\s]+/', ' ', $text);
	336	global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file, $valid_nonce;
	337
	338	if(isset($_REQUEST['wp_accepted_files']) && $valid_nonce) {
	339	$text = wp_cache_sanitize_value($_REQUEST['wp_accepted_files'], $cache_acceptable_files);
327	340	wp_cache_replace_line('^ *\$cache_acceptable_files', "\$cache_acceptable_files = $text;", $wp_cache_config_file);
328		~~$cache_acceptable_files = $array;~~
329	341	}
330	342
…	…
335	347	echo '<textarea name="wp_accepted_files" cols="40" rows="8" style="width: 70%; font-size: 12px;" class="code">';
336	348	foreach ($cache_acceptable_files as $file) {
337		echo ~~"$file~~\n";
	349	echo wp_specialchars($file) . "\n";
338	350	}
339	351	echo '</textarea> ';
340	352	echo '<div class="submit"><input type="submit" value="Save files" /></div>';
	353	wp_nonce_field('wp-cache');
341	354	echo "</form>\n";
342	355	}
…	…
504	517
505	518	function wp_cache_files() {
506		global $cache_path, $file_prefix, $cache_max_time;
	519	global $cache_path, $file_prefix, $cache_max_time, $valid_nonce;
507	520
508	521	if ( '/' != substr($cache_path, -1)) {
…	…
510	523	}
511	524
512
513		if(isset($_REQUEST['wp_delete_cache'])) {
514		wp_cache_clean_cache($file_prefix);
515		}
516		if(isset($_REQUEST['wp_delete_cache_file'])) {
517		wp_cache_clean_cache($_REQUEST['wp_delete_cache_file']);
518		}
519		if(isset($_REQUEST['wp_delete_expired'])) {
520		wp_cache_clean_expired($file_prefix);
	525	if ( $valid_nonce ) {
	526	if(isset($_REQUEST['wp_delete_cache'])) {
	527	wp_cache_clean_cache($file_prefix);
	528	}
	529	if(isset($_REQUEST['wp_delete_cache_file'])) {
	530	wp_cache_clean_cache($_REQUEST['wp_delete_cache_file']);
	531	}
	532	if(isset($_REQUEST['wp_delete_expired'])) {
	533	wp_cache_clean_expired($file_prefix);
	534	}
521	535	}
522	536	if(isset($_REQUEST['wp_list_cache'])) {
…	…
565	579	echo '<input type="hidden" name="wp_delete_cache_file" value="'.preg_replace("/^(.*)\.meta$/", "$1", $file).'" />';
566	580	echo '<div class="submit"><input id="deletepost" type="submit" value="Remove" /></div>';
	581	wp_nonce_field('wp-cache');
567	582	echo "</form></td></tr>\n";
568	583	}
…	…
579	594	echo '<input type="hidden" name="wp_list_cache" />';
580	595	echo '<div class="submit"><input type="submit" value="Delete expired" /></div>';
	596	wp_nonce_field('wp-cache');
581	597	echo "</form>\n";
582	598
…	…
585	601	echo '<input type="hidden" name="wp_delete_cache" />';
586	602	echo '<div class="submit"><input id="deletepost" type="submit" value="Delete cache" /></div>';
	603	wp_nonce_field('wp-cache');
587	604	echo "</form>\n";
588	605

wp-cache/trunk/wp-cache.php

r7747	r9327
4	4	Plugin URI: http://mnm.uib.es/gallir/wp-cache-2/
5	5	Description: Very fast cache module. It's composed of several modules, this plugin can configure and manage the whole system. Once enabled, go to "Options" and select "WP-Cache".
6		Version: 2.1
	6	Version: 2.1.1
7	7	Author: Ricardo Galli Granada
8	8	Author URI: http://mnm.uib.es/gallir/
…	…
26	26
27	27	/* Changelog
	28	2007-03-23
	29	- Version 2.1.1: Patch from Alex Concha: add control in admin pages to avoid
	30	possible XSS derived from CSRF attacks, if the users store
	31	the form with the "injected" bad values.
28	32	2007-01-31
29	33	- Version 2.1: modified and tested with WP 2.1, WP 2.0, WP 1.5 and PHP 4.3 and PHP 5.2.
…	…
174	178
175	179	function wp_cache_manager() {
176		global $wp_cache_config_file;
177
	180	global $wp_cache_config_file, $valid_nonce;
	181
	182	$valid_nonce = wp_verify_nonce($_REQUEST['_wpnonce'], 'wp-cache');
	183
178	184	echo '<div class="wrap">';
179	185	echo "<h2>WP-Cache Manager</h2>\n";
180		if(isset($_REQUEST['wp_restore_config'])) {
	186	if(isset($_REQUEST['wp_restore_config']) && $valid_nonce) {
181	187	unlink($wp_cache_config_file);
182	188	echo '<strong>Configuration file changed, some values might be wrong. Load the page again from the "Options" menu to reset them.</strong>';
…	…
197	203	}
198	204
199		if(isset($_REQUEST['wp_enable'])) {
200		wp_cache_enable();
201		} elseif (isset($_REQUEST['wp_disable'])) {
202		wp_cache_disable();
	205	if ( $valid_nonce ) {
	206	if(isset($_REQUEST['wp_enable'])) {
	207	wp_cache_enable();
	208	} elseif (isset($_REQUEST['wp_disable'])) {
	209	wp_cache_disable();
	210	}
203	211	}
204	212
…	…
213	221	echo '<div class="submit"><input type="submit" value="Enable it" /></div>';
214	222	}
	223	wp_nonce_field('wp-cache');
215	224	echo "</form>\n";
216	225
…	…
239	248	echo '<input type="hidden" name="wp_restore_config" />';
240	249	echo '<div class="submit"><input type="submit" id="deletepost" value="Restore default configuration" /></div>';
	250	wp_nonce_field('wp-cache');
241	251	echo "</form>\n";
242	252	echo '</fieldset>';
…	…
245	255
246	256	function wp_cache_edit_max_time () {
247		global $cache_max_time, $wp_cache_config_file;
248
249		if(isset($_REQUEST['wp_max_time'])) {
	257	global $cache_max_time, $wp_cache_config_file, $valid_nonce;
	258
	259	if(isset($_REQUEST['wp_max_time']) && $valid_nonce) {
250	260	$max_time = (int)$_REQUEST['wp_max_time'];
251	261	if ($max_time > 0) {
…	…
258	268	echo "<input type=\"text\" name=\"wp_max_time\" value=\"$cache_max_time\" />";
259	269	echo '<div class="submit"><input type="submit" value="Change expiration" /></div>';
260		echo "</form>\n";
261
262
	270	wp_nonce_field('wp-cache');
	271	echo "</form>\n";
	272
	273
	274	}
	275
	276	function wp_cache_sanitize_value($text, & $array) {
	277	$text = wp_specialchars(strip_tags($text));
	278	$array = preg_split("/[\s,]+/", chop($text));
	279	$text = var_export($array, true);
	280	$text = preg_replace('/[\s]+/', ' ', $text);
	281	return $text;
263	282	}
264	283
265	284	function wp_cache_edit_rejected_ua() {
266		global $cache_rejected_user_agent, $wp_cache_config_file;
	285	global $cache_rejected_user_agent, $wp_cache_config_file, $valid_nonce;
267	286
268	287	if (!function_exists('apache_request_headers')) return;
269	288
270		if(isset($_REQUEST['wp_rejected_user_agent'])) {
271		$array = preg_split("/[\s,]+/", chop($_REQUEST['wp_rejected_user_agent']));
272		$text = var_export($array, true);
273		$text = preg_replace('/[\s]+/', ' ', $text);
	289	if(isset($_REQUEST['wp_rejected_user_agent']) && $valid_nonce) {
	290	$text = wp_cache_sanitize_value($_REQUEST['wp_rejected_user_agent'], $cache_rejected_user_agent);
274	291	wp_cache_replace_line('^ *\$cache_rejected_user_agent', "\$cache_rejected_user_agent = $text;", $wp_cache_config_file);
275		~~$cache_rejected_user_agent = $array;~~
276	292	}
277	293
…	…
285	301	echo '<textarea name="wp_rejected_user_agent" cols="40" rows="4" style="width: 70%; font-size: 12px;" class="code">';
286	302	foreach ($cache_rejected_user_agent as $ua) {
287		echo ~~"$ua~~\n";
	303	echo wp_specialchars($ua) . "\n";
288	304	}
289	305	echo '</textarea> ';
290	306	echo '<div class="submit"><input type="submit" value="Save UA strings" /></div>';
	307	wp_nonce_field('wp-cache');
291	308	echo '</form>';
292	309	echo "</fieldset>\n";
…	…
295	312
296	313	function wp_cache_edit_rejected() {
297		global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file;
298
299		if(isset($_REQUEST['wp_rejected_uri'])) {
300		$array = preg_split("/[\s,]+/", chop($_REQUEST['wp_rejected_uri']));
301		$text = var_export($array, true);
302		$text = preg_replace('/[\s]+/', ' ', $text);
	314	global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file, $valid_nonce;
	315
	316	if(isset($_REQUEST['wp_rejected_uri']) && $valid_nonce) {
	317	$text = wp_cache_sanitize_value($_REQUEST['wp_rejected_uri'], $cache_rejected_uri);
303	318	wp_cache_replace_line('^ *\$cache_rejected_uri', "\$cache_rejected_uri = $text;", $wp_cache_config_file);
304		~~$cache_rejected_uri = $array;~~
305	319	}
306	320
…	…
311	325	echo '<textarea name="wp_rejected_uri" cols="40" rows="4" style="width: 70%; font-size: 12px;" class="code">';
312	326	foreach ($cache_rejected_uri as $file) {
313		echo ~~"$file~~\n";
	327	echo wp_specialchars($file) . "\n";
314	328	}
315	329	echo '</textarea> ';
316	330	echo '<div class="submit"><input type="submit" value="Save strings" /></div>';
	331	wp_nonce_field('wp-cache');
317	332	echo "</form>\n";
318	333	}
319	334
320	335	function wp_cache_edit_accepted() {
321		global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file;
322
323		if(isset($_REQUEST['wp_accepted_files'])) {
324		$array = preg_split("/[\s,]+/", chop($_REQUEST['wp_accepted_files']));
325		$text = var_export($array, true);
326		$text = preg_replace('/[\s]+/', ' ', $text);
	336	global $cache_acceptable_files, $cache_rejected_uri, $wp_cache_config_file, $valid_nonce;
	337
	338	if(isset($_REQUEST['wp_accepted_files']) && $valid_nonce) {
	339	$text = wp_cache_sanitize_value($_REQUEST['wp_accepted_files'], $cache_acceptable_files);
327	340	wp_cache_replace_line('^ *\$cache_acceptable_files', "\$cache_acceptable_files = $text;", $wp_cache_config_file);
328		~~$cache_acceptable_files = $array;~~
329	341	}
330	342
…	…
335	347	echo '<textarea name="wp_accepted_files" cols="40" rows="8" style="width: 70%; font-size: 12px;" class="code">';
336	348	foreach ($cache_acceptable_files as $file) {
337		echo ~~"$file~~\n";
	349	echo wp_specialchars($file) . "\n";
338	350	}
339	351	echo '</textarea> ';
340	352	echo '<div class="submit"><input type="submit" value="Save files" /></div>';
	353	wp_nonce_field('wp-cache');
341	354	echo "</form>\n";
342	355	}
…	…
504	517
505	518	function wp_cache_files() {
506		global $cache_path, $file_prefix, $cache_max_time;
	519	global $cache_path, $file_prefix, $cache_max_time, $valid_nonce;
507	520
508	521	if ( '/' != substr($cache_path, -1)) {
…	…
510	523	}
511	524
512
513		if(isset($_REQUEST['wp_delete_cache'])) {
514		wp_cache_clean_cache($file_prefix);
515		}
516		if(isset($_REQUEST['wp_delete_cache_file'])) {
517		wp_cache_clean_cache($_REQUEST['wp_delete_cache_file']);
518		}
519		if(isset($_REQUEST['wp_delete_expired'])) {
520		wp_cache_clean_expired($file_prefix);
	525	if ( $valid_nonce ) {
	526	if(isset($_REQUEST['wp_delete_cache'])) {
	527	wp_cache_clean_cache($file_prefix);
	528	}
	529	if(isset($_REQUEST['wp_delete_cache_file'])) {
	530	wp_cache_clean_cache($_REQUEST['wp_delete_cache_file']);
	531	}
	532	if(isset($_REQUEST['wp_delete_expired'])) {
	533	wp_cache_clean_expired($file_prefix);
	534	}
521	535	}
522	536	if(isset($_REQUEST['wp_list_cache'])) {
…	…
565	579	echo '<input type="hidden" name="wp_delete_cache_file" value="'.preg_replace("/^(.*)\.meta$/", "$1", $file).'" />';
566	580	echo '<div class="submit"><input id="deletepost" type="submit" value="Remove" /></div>';
	581	wp_nonce_field('wp-cache');
567	582	echo "</form></td></tr>\n";
568	583	}
…	…
579	594	echo '<input type="hidden" name="wp_list_cache" />';
580	595	echo '<div class="submit"><input type="submit" value="Delete expired" /></div>';
	596	wp_nonce_field('wp-cache');
581	597	echo "</form>\n";
582	598
…	…
585	601	echo '<input type="hidden" name="wp_delete_cache" />';
586	602	echo '<div class="submit"><input id="deletepost" type="submit" value="Delete cache" /></div>';
	603	wp_nonce_field('wp-cache');
587	604	echo "</form>\n";
588	605

Navigation

Changeset 9327

Legend:

wp-cache/tags/release-2.1.1/wp-cache.php

wp-cache/trunk/wp-cache.php

Download in other formats: