WordPress.org
Get WordPress

Plugin Directory

Changeset 3344512


Ignore:
Timestamp:
08/14/2025 09:36:16 AM (6 months ago)
Author:
glenwpcoder
Message:

Version 1.3.9.1

  • Fixed security issues related to cookie
  • Fixed or Replace crypto.randomUUID() error on non https.
Location:
drag-and-drop-multiple-file-upload-contact-form-7
Files:
33 added
3 edited

Legend:

Unmodified
Added
Removed

  • drag-and-drop-multiple-file-upload-contact-form-7/trunk/drag-n-drop-upload-cf7.php

    r3310153 r3344512  
    77    * Text Domain: drag-and-drop-multiple-file-upload-contact-form-7
    88    * Domain Path: /languages
    9     * Version: 1.3.9.0
     9    * Version: 1.3.9.1
    1010    * Author: Glen Don L. Mongaya
    1111    * Author URI: http://codedropz.com
     
    2222
    2323    /**  Define plugin Version */
    24     define( 'dnd_upload_cf7_version', '1.3.9.0' );
     24    define( 'dnd_upload_cf7_version', '1.3.9.1' );
    2525
    2626    /**  Define constant Plugin Directories  */

  • drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php

    r3310153 r3344512  
    255255        // Add random folder.
    256256        if ( true === $dir ) {
    257             $random_folder = dnd_cf7_get_unique_id();
    258             if ( $random_folder ) {
    259                 $uploads_dir   = $uploads_dir .'/'. $random_folder;
     257            $unique_id = dnd_cf7_get_unique_id();
     258            if ( $unique_id ) {
     259                $random_folder = preg_replace( '/[^a-zA-Z0-9_-]/', '', $unique_id );
     260                $uploads_dir   = $uploads_dir .'/'. sanitize_file_name( $random_folder ); // Sanitize File Name Aug 2025
    260261            }
    261262        }
     
    10491050            // Validate path if it's match on the current folder
    10501051            $unique_id      = dnd_cf7_get_unique_id();
    1051             $current_folder = dirname( $path );
    1052             $current_path   = $dir['upload_dir'] .'/'. $unique_id .'/'. wp_basename( $path );
     1052            $current_folder = trim( dirname( $path ) );
     1053            $file_name      = wp_basename( $path ); // added Aug 2025
     1054            $current_path   = $dir['upload_dir'] .'/'. sanitize_file_name( $unique_id ) .'/'. $file_name;
    10531055
    10541056            // Show an error
    10551057            if ( 'yes' !== dnd_cf7_settings('drag_n_drop_mail_attachment') ) {
    1056                 if ( ( $unique_id && $unique_id !== trim( $current_folder ) ) || ! file_exists( $current_path ) ) {
     1058                if ( ( $unique_id && $unique_id !== $current_folder ) || ! file_exists( $current_path ) || preg_match( '#\.\.[/\\\\]#', $path ) ) {
    10571059                    wp_send_json_error( 'Error: Unauthorized Request!' );
    10581060                }
     
    10601062
    10611063            // Concatenate path and upload directory
    1062             $file_path = realpath( trailingslashit( $dir['upload_dir'] ) . trim( $path ) );
     1064            $path      = trailingslashit( $current_folder ) . sanitize_file_name( $file_name ); // fixed traversal attack. (Aug 2025)
     1065            $file_path = realpath( trailingslashit( $dir['upload_dir'] ) . $path );
    10631066
    10641067            // Check if is in the correct upload_dir
    1065             if ( ! preg_match("/". wpcf7_dnd_dir ."/i", $file_path ) ) {
     1068            if ( ! preg_match( '#(?:^|/)' . preg_quote( wpcf7_dnd_dir, '#' ) . '(/|$)#i', $file_path ) ) {
    10661069                wp_send_json_error('It\'s not a valid upload directory');
    10671070            }
     
    13841387        ?>
    13851388        <script type="text/javascript">
     1389            function dnd_cf7_generateUUIDv4() {
     1390                const bytes = new Uint8Array(16);
     1391                crypto.getRandomValues(bytes);
     1392                bytes[6] = (bytes[6] & 0x0f) | 0x40; // version 4
     1393                bytes[8] = (bytes[8] & 0x3f) | 0x80; // variant 10
     1394                const hex = Array.from(bytes, b => b.toString(16).padStart(2, "0")).join("");
     1395                return hex.replace(/^(.{8})(.{4})(.{4})(.{4})(.{12})$/, "$1-$2-$3-$4-$5");
     1396            }
     1397
    13861398            document.addEventListener("DOMContentLoaded", function() {
    13871399                if ( ! document.cookie.includes("wpcf7_guest_user_id")) {
    1388                     document.cookie = "wpcf7_guest_user_id=" + crypto.randomUUID() + "; path=/; max-age=" + (12 * 3600) + "; samesite=Lax";
     1400                    document.cookie = "wpcf7_guest_user_id=" + dnd_cf7_generateUUIDv4() + "; path=/; max-age=" + (12 * 3600) + "; samesite=Lax";
    13891401                }
    13901402            });

  • drag-and-drop-multiple-file-upload-contact-form-7/trunk/readme.txt

    r3310153 r3344512  
    55Requires at least: 3.0.1
    66Tested up to: 6.8
    7 Stable tag: 1.3.9.0
     7Stable tag: 1.3.9.1
    88Requires PHP: 5.2.4
    99License: GPLv2 or later
     
    179179
    180180== Changelog ==
     181= 1.3.9.1 =
     182- Fixed : Security issues related to cookie (Thanks to WordFence)
     183- Bug : Fixed or Replace crypto.randomUUID() error on non https. [Support Link](https://wordpress.org/support/topic/crypto-randomuuid-error/)
     184
    181185= 1.3.9.0 =
    182186- Security: Fixed security issues reported by Wordfence "Remote Code Execution via PHAR File Upload if changing the filename something like poc.&#112;har".
Note: See TracChangeset for help on using the changeset viewer.