projects / WP-Plugins / glm-employment.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ad29671)
Security Bug Fix
authorSteve Sutton <steve@gaslightmedia.com>
Fri, 24 Apr 2015 20:31:18 +0000 (16:31 -0400)
committerSteve Sutton <steve@gaslightmedia.com>
Fri, 24 Apr 2015 20:31:18 +0000 (16:31 -0400)
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS)
due to the misuse of the add_query_arg() and remove_query_arg()
functions. These are popular functions used by developers to modify and
add query strings to URLs within WordPress.
wrapping this call with esc_url or esc_url_raw to prevent the attack.

controllers/front.php patch | blob | history
glm-employment.php patch | blob | history
models/class-glm-list-table.php patch | blob | history
models/job.php patch | blob | history

diff --git a/controllers/front.php b/controllers/front.php
index 5f023f3..30aea10 100644 (file)
--- a/controllers/front.php
+++ b/controllers/front.php
@@ -415,8 +415,7 @@ class glm_employment_front
         $job->glm_jobs_email     = $custom['glm_jobs_email'][0];
         $job->glm_jobs_comments  = $custom['glm_jobs_comments'][0];
         $job->glm_jobs_code      = $custom['glm_jobs_code'][0];
-        $current_url             = add_query_arg($wp->query_string, '',
-            home_url($wp->request));
+        $current_url             = esc_url(add_query_arg($wp->query_string, '', home_url($wp->request)));
         $applyOnlineHref         = $current_url
                 . ((strpos($current_url, '?')) ? '&' : '?')
                 . self::FORM_VAR . "=1&job=" . $job->ID;
@@ -479,7 +478,7 @@ class glm_employment_front
         }
         $jobs = get_posts($args);
         $totalJobs = count($jobs);
-        $current_url = add_query_arg($wp->query_string, '', home_url($wp->request));
+        $current_url = esc_url(add_query_arg($wp->query_string, '', home_url($wp->request)));
         $iterator = 1;
         foreach ($jobs as $job) {
             $custom = get_post_custom($job->ID);
diff --git a/glm-employment.php b/glm-employment.php
index bfd4238..1778b43 100644 (file)
--- a/glm-employment.php
+++ b/glm-employment.php
@@ -2,7 +2,7 @@
 /**
  * Plugin Name: Gaslight Media Employment
  * Description: Online Employment Application for Gaslight Media Clients.
- * Version: 1.0.3
+ * Version: 1.0.4
  * Author: Steve Sutton
  * Author URI: http://www.gaslightmedia.com
  * License: All right reserved
diff --git a/models/class-glm-list-table.php b/models/class-glm-list-table.php
index 8d99638..c713a20 100644 (file)
--- a/models/class-glm-list-table.php
+++ b/models/class-glm-list-table.php
@@ -224,7 +224,7 @@ class GLM_List_Table {
 
         // Redirect if page number is invalid and headers are not already sent.
         if ( ! headers_sent() && ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ) && $args['total_pages'] > 0 && $this->get_pagenum() > $args['total_pages'] ) {
-            wp_redirect( add_query_arg( 'paged', $args['total_pages'] ) );
+            wp_redirect( esc_url_raw(add_query_arg( 'paged', $args['total_pages'] ) ) );
             exit;
         }
 
@@ -636,7 +636,7 @@ class GLM_List_Table {
 
         $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
 
-        $current_url = remove_query_arg( array( 'hotkeys_highlight_last', 'hotkeys_highlight_first' ), $current_url );
+        $current_url = esc_url_raw(remove_query_arg( array( 'hotkeys_highlight_last', 'hotkeys_highlight_first' ), $current_url ) );
 
         $page_links = array();
 
@@ -806,7 +806,7 @@ class GLM_List_Table {
         list( $columns, $hidden, $sortable ) = $this->get_column_info();
 
         $current_url = set_url_scheme( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
-        $current_url = remove_query_arg( 'paged', $current_url );
+        $current_url = esc_url_raw( remove_query_arg( 'paged', $current_url ) );
 
         if ( isset( $_GET['orderby'] ) )
             $current_orderby = $_GET['orderby'];
@@ -852,7 +852,7 @@ class GLM_List_Table {
                     $class[] = $desc_first ? 'asc' : 'desc';
                 }
 
-                $column_display_name = '<a href="' . esc_url( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
+                $column_display_name = '<a href="' . esc_url_raw( add_query_arg( compact( 'orderby', 'order' ), $current_url ) ) . '"><span>' . $column_display_name . '</span><span class="sorting-indicator"></span></a>';
             }
 
             $id = $with_id ? "id='$column_key'" : '';
diff --git a/models/job.php b/models/job.php
index 5f35ba7..21eb477 100644 (file)
--- a/models/job.php
+++ b/models/job.php
@@ -56,7 +56,7 @@ class glm_employment_job
                     'taxonomy'        => $tax_slug,
                     'name'            => $tax_obj->name,
                     'orderby'         => 'name',
-                    'selected'        => $_GET[$tax_slug],
+                    'selected'        => (isset($_GET[$tax_slug]) ? $_GET[$tax_slug] : ''),
                     'hierarchical'    => $tax_obj->hierarchical,
                     'show_count'      => true,
                     'hide_empty'      => true