WordPress.org

1. Vladimir Kolesnikov
   Member
   Posted 1 year ago #

   Advisory: http://www.exploit-db.com/exploits/15808/

   Patch:

   diff -uwdBrN accept-signups.orig/accept-signups.php accept-signups/accept-signups.php
   --- accept-signups.orig/accept-signups.php  2010-12-21 11:07:21.000000000 +0200
   +++ accept-signups/accept-signups.php   2011-02-09 06:06:33.612991546 +0200
   @@ -223,7 +223,7 @@
       $r = $wpdb->get_results($sql, ARRAY_A);
       $xml = '<accept-signups>';
       foreach($r as $k=>$v) {
   -       $xml .= '<signup email="' . $v["email"] . '" ip="' . $v["ip"] . '" timestamp="' . $v["timestamp"] . '" />';
   +       $xml .= '<signup email="' . esc_attr($v["email"]) . '" ip="' . $v["ip"] . '" timestamp="' . $v["timestamp"] . '" />';
       }
       $xml .= '</accept-signups>';
       file_put_contents(ABSPATH . 'wp-content/plugins/accept-signups/accept-signups.xml', $xml);
   @@ -290,7 +290,7 @@
               if (strpos($v1, '@')) {
                   $email = $v1;
               }
   -           $html .= '<td valign="top" align="center" class="acceptSignupsCell">&nbsp;&nbsp;' . $v1 . '&nbsp;&nbsp;</td>';
   +           $html .= '<td valign="top" align="center" class="acceptSignupsCell">&nbsp;&nbsp;' . esc_html($v1) . '&nbsp;&nbsp;</td>';
           }
           $html .= '<td valign="top" align="center" class="acceptSignupsCell" valign="bottom"><input type="checkbox" name="acceptSignupsDeleteCB?' . acceptSignupsEncode($email) . '" id="acceptSignupsDeleteCB"></td>';
           $html .= '</tr>';
   diff -uwdBrN accept-signups.orig/accept-signups_submit.php accept-signups/accept-signups_submit.php
   --- accept-signups.orig/accept-signups_submit.php   2010-12-21 11:07:21.000000000 +0200
   +++ accept-signups/accept-signups_submit.php    2011-02-09 06:03:04.017742924 +0200
   @@ -1,6 +1,5 @@
    <?php
   -require_once('../../../wp-config.php');
   -require_once('../../../wp-includes/wp-db.php');
   +require_once('../../../wp-load.php');
   
    if (true) {
       if (isset($_GET['email'])) {
   @@ -9,6 +8,16 @@
               if (hasEmail($_GET['email'])) {
                   echo get_option('accept-signups-email-already-exists');
               } else {
   +               $email = stripslashes($_GET['email']);
   +               if (function_exists('filter_var')) {
   +                   if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
   +                       die('-1');
   +                   }
   +               }
   +               elseif (!preg_match('/^([a-z0-9_\-\.])+\@([a-z0-9_\-\.])+\.([a-z]{2,4})$/i', $email)) {
   +                   die('-1');
   +               }
   +
                   saveEmail($_GET['email']);
                   echo get_option('accept-signups-email-saved');
               }

   Description (Russian)

   http://wordpress.org/extend/plugins/accept-signups/

Topic Closed

This topic has been closed to new replies.