* Fixed: two stored XSS issues

wp-media · Feb 26, 2016 · 80c9643 · 80c9643
1 parent d471a20
commit 80c9643
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 11 deletions.
diff --git a/backwpup.php b/backwpup.php
@@ -5,7 +5,7 @@
  * Description: WordPress Backup Plugin
  * Author: Inpsyde GmbH
  * Author URI: http://inpsyde.com
- * Version: 3.2.4
+ * Version: 3.2.5
  * Text Domain: backwpup
  * Domain Path: /languages/
  * Network: true

diff --git a/inc/class-destination-email.php b/inc/class-destination-email.php
@@ -271,8 +271,10 @@ public function job_run_archive( BackWPup_Job $job_object ) {
 			// Create the Transport
 			if ( $emailmethod == 'smtp' ) {
 				$transport = Swift_SmtpTransport::newInstance( $emailhost, $emailhostport );
-				$transport->setUsername( $emailuser );
-				$transport->setPassword( $emailpass );
+				if ( $emailuser ) {
+					$transport->setUsername( $emailuser );
+					$transport->setPassword( $emailpass );
+				}
 				if ( $emailsecure == 'ssl' )
 					$transport->setEncryption( 'ssl' );
 				if ( $emailsecure == 'tls' )
@@ -395,8 +397,10 @@ public function edit_ajax() {
 			// Create the Transport
 			if ( $emailmethod == 'smtp' ) {
 				$transport = Swift_SmtpTransport::newInstance( $emailhost, $emailhostport );
-				$transport->setUsername( $emailuser );
-				$transport->setPassword( $emailpass );
+				if ( $emailuser ) {
+					$transport->setUsername( $emailuser );
+					$transport->setPassword( $emailpass );
+				}
 				if ( $emailsecure == 'ssl' )
 					$transport->setEncryption( 'ssl' );
 				if ( $emailsecure == 'tls' )

diff --git a/inc/class-page-editjob.php b/inc/class-page-editjob.php
@@ -443,7 +443,7 @@ public static function page() {
 						<th scope="row"><label for="name"><?php _e( 'Please name this job.', 'backwpup' ) ?></label></th>
 						<td>
 							<input name="name" type="text" id="name" data-empty="<?php _e( 'New Job', 'backwpup' ); ?>"
-								   value="<?php echo BackWPup_Option::get( $jobid, 'name' ); ?>" class="regular-text" />
+								   value="<?php echo esc_html( BackWPup_Option::get( $jobid, 'name' ) ); ?>" class="regular-text" />
 						</td>
 					</tr>
 				</table>
@@ -585,15 +585,15 @@ class="regular-text code help-tip" title="<?php
 						<th scope="row"><label for="mailaddresslog"><?php _e( 'Send log to email address', 'backwpup' ) ?></label></th>
 						<td>
 							<input name="mailaddresslog" type="text" id="mailaddresslog"
-								   value="<?php echo BackWPup_Option::get( $jobid, 'mailaddresslog' );?>"
+								   value="<?php echo esc_html( BackWPup_Option::get( $jobid, 'mailaddresslog' ) );?>"
 								   class="regular-text help-tip" title="<?php esc_attr_e( 'Leave empty to not have log sent. Or separate with , for more than one receiver.', 'backwpup' ); ?>" />
 						</td>
 					</tr>
 					<tr>
 						<th scope="row"><label for="mailaddresssenderlog"><?php _e( 'Email FROM field', 'backwpup' ) ?></label></th>
 						<td>
 							<input name="mailaddresssenderlog" type="text" id="mailaddresssenderlog"
-								   value="<?php echo BackWPup_Option::get( $jobid, 'mailaddresssenderlog' );?>"
+								   value="<?php echo esc_html( BackWPup_Option::get( $jobid, 'mailaddresssenderlog' ) );?>"
 								   class="regular-text help-tip" title="<?php esc_attr_e( 'Email "From" field (Name &lt;&#160;[email protected]&#160;&gt;)', 'backwpup' ); ?>" />
 						</td>
 					</tr>

diff --git a/inc/class-page-settings.php b/inc/class-page-settings.php
@@ -84,7 +84,7 @@ public static function save_post_form() {
 		update_site_option( 'backwpup_cfg_protectfolders', isset( $_POST[ 'protectfolders' ] ) ? 1 : 0 );
 		$_POST[ 'jobrunauthkey' ] = preg_replace( '/[^a-zA-Z0-9]/', '', trim( $_POST[ 'jobrunauthkey' ] ) );
 		update_site_option( 'backwpup_cfg_jobrunauthkey', $_POST[ 'jobrunauthkey' ] );
-		$_POST[ 'logfolder' ] = trailingslashit( str_replace( '\\', '/', trim( stripslashes( $_POST[ 'logfolder' ] ) ) ) );
+		$_POST[ 'logfolder' ] = trailingslashit( str_replace( '\\', '/', trim( stripslashes( esc_attr( $_POST[ 'logfolder' ] ) ) ) ) );
 		//set def. folders
 		if ( empty( $_POST[ 'logfolder' ] ) || $_POST[ 'logfolder' ] === '/' ) {
 			delete_site_option( 'backwpup_cfg_logfolder' );
@@ -196,7 +196,7 @@ public static function page() {
                     <th scope="row"><label for="logfolder"><?php _e( 'Log file folder', 'backwpup' ); ?></label></th>
                     <td>
                         <input name="logfolder" type="text" id="logfolder" title="<?php esc_attr_e( 'You can use absolute or relative path! Relative path is relative to WP_CONTENT_DIR.', 'backwpup' ); ?>"
-                               value="<?php echo get_site_option( 'backwpup_cfg_logfolder' );?>"
+                               value="<?php echo esc_attr( get_site_option( 'backwpup_cfg_logfolder' ) );?>"
                                class="regular-text code help-tip"/>
                     </td>
                 </tr>

diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: inpsyde, danielhuesken, Bueltge, nullbyte
 Tags: Amazon, Amazon S3, back up, backup, chinese, cloud, cloud files, database, db backup, dropbox, dump, file, french, ftp, ftps, german, migrate, multisite, russian, schedule, sftp, storage, S3, time, upload, xml
 Requires at least: 3.8
 Tested up to: 4.4.1
-Stable tag: 3.2.4
+Stable tag: 3.2.5
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -170,6 +170,9 @@ Please check all settings after the update:
 
 
 == Changelog ==
+= Version 3.2.5 =
+* Fixed: two stored XSS issues
+
 = Version 3.2.4 =
 * Added: Backup database triggers
 * Fixed: Charset issues on file names in archives