CVE-2021-39311: llm.php in link-list-manager/tags/1.0 – WordPress Plugin Repository

1<?php2/*3Plugin Name: link-list-manager4Plugin URI: http://www.zetrider.ru5Description: Планин для составления листов ссылок, партнеров, баннеров6Version: 1.07Author: ZetRider8Author URI: http://www.zetrider.ru9Author Email: [email protected]*/11/* Copyright 2011 zetrider (email: [email protected])1213 This program is free software; you can redistribute it and/or modify14 it under the terms of the GNU General Public License as published by15 the Free Software Foundation; either version 2 of the License, or16 (at your option) any later version.1718 This program is distributed in the hope that it will be useful,19 but WITHOUT ANY WARRANTY; without even the implied warranty of20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the21 GNU General Public License for more details.2223 You should have received a copy of the GNU General Public License24 along with this program; if not, write to the Free Software25 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA26*/2728load_plugin_textdomain('link-list-manager’, PLUGINDIR.’/’.dirname(plugin_basename(__FILE__)). ‘/lang/’);2930global $wpdb;31$db_llm = $wpdb->prefix.’llm’;32$llm_url = WP_PLUGIN_URL.’/’.str_replace(basename( __FILE__),"",plugin_basename(__FILE__));3334function llm_style() {35 global $llm_url;36 echo '<link rel="stylesheet" href="’.$llm_url.’style.css" type="text/css" />’."\n";37}38add_action('admin_head’, ‘llm_style’);3940$sql = sprintf(“41CREATE TABLE IF NOT EXISTS $db_llm (42 id INT NOT NULL AUTO_INCREMENT,43 PRIMARY KEY(id),44 category INT,45 name VARCHAR(255),46 alt VARCHAR(255),47 link VARCHAR(255),48 target VARCHAR(255),49 images VARCHAR(255),50 imagestype VARCHAR(255),51 imagesfloat VARCHAR(255),52 orderby INT53) ENGINE=MyISAM CHARACTER SET=utf8;54”);55$result = $wpdb->query($sql);5657function llm_menu(){58 add_options_page('Link List Manager’, 'LL Manager’, 8, basename(__FILE__), ‘llm_setting’);59}60add_action('admin_menu’, ‘llm_menu’);6162$get_category = $_GET[‘category’];6364$wpuploadsdir = wp_upload_dir();6566$patch_folder = $wpuploadsdir[‘basedir’]."/llm";67$url_folder = $wpuploadsdir[‘baseurl’]."/llm";6869function llm_setting() {70 global $wpdb, $db_llm, $get_category, $patch_folder, $url_folder, $llm_url;7172 $res_max_id = $wpdb->get_results(“SELECT category FROM $db_llm ORDER BY ‘orderby’ DESC LIMIT 1”);73 if (empty($res_max_id)) {74 $max_id = “1";75 }76 foreach ($res_max_id as $row_max_id) {77 $max_id = $row_max_id->category + 1;78 }79?>8081 <h2>Link List Manager</h2>82 <table class="widefat” style="width:100% !important;"><thead><tr><th scope="col">83 <img src="<?php echo $llm_url; ?>images/ttweb.png" class="logo">84 <?php _e(“Studio TTWeb","link-list-manager”);?><br>85 <?php _e(“Creation, website promotion","link-list-manager”);?><br>86 <?php _e(“Development of site design, logos, business cards, etc.","link-list-manager”);?><br>87 <?php _e(“Development and translation of plugins","link-list-manager”);?><br>88 <a href="http://www.TTWeb.ru" target="_blank">http://www.TTWeb.ru</a> | 89 <a href="http://www.zetrider.ru" target="_blank">http://www.ZetRider.ru (free help)</a> 90 <th scope="col" style="border-left:1px #c0c0c0 solid">91 <a href="http://www.facebook.com/zetriderman" target="_blank"><img src="<?php echo $llm_url; ?>images/facebook.png"></a>92 <a href="https://twitter.com/#!/zetrider" target="_blank"><img src="<?php echo $llm_url; ?>images/twitter.png"></a>93 <a href="http://vkontakte.ru/zetrider" target="_blank"><img src="<?php echo $llm_url; ?>images/vkontakte.png"></a><br>94 <b>Donate me:</b><br>95 WMZ -    Z280634834547<br>96 WMR -    R240220810962<br>97 Yandex - 41001637137755<br>98 <small><?php _e(“We need a new version of the plugin? thanked the author","link-list-manager”); ?><br><br>99 <b><?php _e(“Any ideas? Send me an email: “,"link-list-manager”); ?> <a href="mailto:[email protected]">[email protected]</a></b><br><br>100 </ul>101 </small>102 </th></th></tr></thead></table>103 <br>104 <div style="float:left;"><a href="http://www.zetrider.ru/link-list-manager.html” class="ablock llmradius" target="_blank"><?php _e(“Instruction","link-list-manager”); ?></a> <a href="http://wordpress.org/extend/plugins/link-list-manager/" class="ablock llmradius" target="_blank">FAQ / English instruction</a></div>105 <div style="float:right;"><object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="468" height="60" align="middle"><param name="movie" value="http://img.sape.ru/bn/sape_002.swf?myID=ZwoFuGbBkC" /><param name="quality" value="high" /><param name="bgcolor" value="#ffffff" /><embed src="http://img.sape.ru/bn/sape_002.swf?myID=ZwoFuGbBkC" quality="high" bgcolor="#ffffff" width="468" height="60" align="middle" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer" /></object></div>106 <br class="clear"><br class="clear">107 108<div style="float:left;">109 <br class="clear">110 <a href="admin.php?page=llm.php&category=<?php echo $max_id; ?>" class="ablock llmradius"><?php _e(“Add a new category +","link-list-manager”); ?></a>111<?php112$res_id_list = $wpdb->get_results(“SELECT category FROM $db_llm GROUP BY category ORDER BY category”);113foreach ($res_id_list as $row_id_list) {114 if ($row_id_list->category){115 echo '<a href="admin.php?page=llm.php&category=’.$row_id_list->category.’" class="ablock llmradius" style="margin-right:5px;">id=’.$row_id_list->category.’</a>’;116 }117}118119if($_POST[‘addllm’] || $_POST[‘update’]) {120121if (!is_dir($patch_folder)) {122 mkdir ($patch_folder, 0700);123}124125$category = $_GET[‘category’];126$name = $_POST[‘name’];127$alt = $_POST[‘alt’];128$link = $_POST[‘link’];129$target = $_POST[‘target’];130$images = $_FILES[“images”][‘tmp_name’];131$imagesfloat = $_POST[“imagesfloat”];132$resize = $_POST[‘resize’];133$orderby = $_POST[‘orderby’];134135if ($_FILES[“images”][‘type’] == ‘image/gif’) { $imagestype = '.gif’; }136elseif ($_FILES[“images”][‘type’] == ‘image/jpeg’) { $imagestype = '.jpg’; }137elseif ($_FILES[“images”][‘type’] == ‘image/png’) { $imagestype = '.png’; }138elseif ($_FILES[“images”][‘type’] == ‘image/bmp’) { $imagestype = '.bmp’; }139else { $imagestype = ‘false’; }140141if($_POST[‘update’]) {142 $images_id = $_GET[‘id’];143 if ($_POST[“imagestype”]) { $imagestype = $_POST[‘imagestype’]; }144}145else {146 $nextidtable = $wpdb->get_results(“SHOW TABLE STATUS LIKE '$db_llm’”); /* next id Auto_increment*/147 foreach ($nextidtable as $nextidtableAuto_increment) { $images_id = $nextidtableAuto_increment->Auto_increment; }148}149150$imagepatchlist = $patch_folder."/".$images_id.$imagestype;151152if ($imagestype != ‘false’) { // upload images153 if(!file_exists($imagepatchlist) && !is_file($imagepatchlist)) {154 move_uploaded_file($images, $imagepatchlist);155 $patch_images = $patch_folder."/".$images_id.$imagestype;156 $trueresult .= __(“Images uploaded","link-list-manager”)."<br>"; 157 $uploadresult = “ok";158 }159}160161if ($resize && file_exists($imagepatchlist) && is_file($imagepatchlist)) { // resize images162 $llms_size = GetImageSize ($imagepatchlist);163 $src = ImageCreateFromJPEG ($imagepatchlist); 164 $iw = $llms_size[0]; 165 $ih = $llms_size[1]; 166 $koe=$iw/$resize;167 $new_h=ceil ($ih/$koe); 168 $dst = ImageCreateTrueColor ($resize, $new_h);169 ImageCopyResampled ($dst, $src, 0, 0, 0, 0, $resize, $new_h, $iw, $ih); 170 ImageJPEG ($dst, $imagepatchlist, 100);171 imagedestroy($src);172 $trueresult .= __(“File successfully scaled down to fit the width of the","link-list-manager”).” $resize px. <br>";173 $trueresult .= “<small>".__(“If the image has not changed in size, so it is cached by your browser. Please refresh the page.", “link-list-manager”)."</small><br>";174}175176if($_POST[‘update’] && $falseresult == ‘’) { // update row177 $res = $wpdb->query(“UPDATE $db_llm SET category = '$category’, name = '$name’, alt = '$alt’, link = '$link’, target = '$target’, images = '$images_id’, imagestype = '$imagestype’, imagesfloat = ‘$imagesfloat’, orderby = ‘$orderby’ WHERE (id=’$images_id’)");178 $trueresult .= __(“Record updated successfully.","link-list-manager”)."<br>";179}180elseif ($falseresult == ‘’) { // write base181 $res = $wpdb->query(“INSERT INTO $db_llm (category, name, alt, link, target, images, imagestype, imagesfloat, orderby) VALUES('$category’, '$name’, '$alt’, '$link’, '$target’, '$images_id’, '$imagestype’, '$imagesfloat’, ‘$orderby’)");182 $trueresult .= __(“Record was successfully added to the database.","link-list-manager”)."<br>";183}184else { echo “Error…"; }185186187}188?>189190 <br class="clear"><br class="clear">191<?php if ($get_category) {192 echo __(“Category","link-list-manager”).” $get_category<br>";193 echo '[llm category="’.$get_category.’”]<hr>’;194?>195</div>196197<br class="clear">198199<?php if($trueresult || $falseresult) {?>200<div class="llmresult” style="<?php if($falseresult) { echo “color:red; font-weight:bold; border-color:red;"; } if($trueresult) { echo “color:green; font-weight:bold; border-color:green;"; }?>">201 <?php echo $trueresult; echo $falseresult; ?>202</div>203<?php }204if ($_GET[‘action’] == ‘edit’) { $llmnone = 'style="display:none;"’; }205if ($_GET[‘action’] != ‘edit’) { $llmpreview = 'style="display:none;"’; } else { $llmpreview = 'style="margin-left:15px;"’; }206?>207208<div class="llmmenu” <?php echo $llmnone; ?>>209 <?php _e(“Add a new entry:","link-list-manager”); ?><br><br>210 <form method="post” enctype="multipart/form-data” name="add">211 <small>212 <?php _e(“Name of reference (Anchor):","link-list-manager”); ?><br><input type="text” name="name" class="inputtext"><br><br>213 <?php _e(“Description of the link:","link-list-manager”); ?><br><input type="text" name="alt" class="inputtext"><br><br>214 <?php _e(“URL:","link-list-manager”); ?><br><input type="text" name="link" value="http://www." class="inputtext"><br><br>215 <?php _e(“Behavior:","link-list-manager”); ?><br>216 <input type="radio" name="target" id="_self" value="_self" checked> <label for=’_self’><?php _e(“In this window","link-list-manager”); ?></label>217 <input type="radio" name="target" id="_blank" value="_blank"> <label for=’_blank’><?php _e(“In a new window","link-list-manager”); ?></label><br><br>218 <?php _e(“Image","link-list-manager”); ?> (*.gif, *.jpg, *.png, *.bmp):<br><input type="file" name="images"><br><br>219 <?php _e(“The location of the image of the text:","link-list-manager”); ?><br>220 <input type="radio" name="imagesfloat" id="left" value="left" checked> <label for=’left’><?php _e(“Left","link-list-manager”); ?></label>221 <input type="radio" name="imagesfloat" id="right" value="right"> <label for=’right’><?php _e(“Right","link-list-manager”); ?></label><br><br>222 <?php _e(“Poprotsionalno reduce the width of the image (numbers indicate size in PX, if you do not need to leave blank):","link-list-manager”); ?> <br><input type="text" name="resize" class="inputtext"><br><br>223 <?php _e(“Sort order:","link-list-manager”); ?><br><input type="text" name="orderby" class="inputtext"><br><br>224 <input type="submit" value="<?php _e(“Add","link-list-manager”); ?>" name="addllm"><br>225 </small>226 </form>227</div>228229<div class="llmcontent">230<?php231$idllm = $_GET[‘id’];232if (!isset($idllm)) {233 $res = $wpdb->get_results("SELECT * FROM $db_llm WHERE category=’$get_category’ ORDER BY orderby");234 if(count($res) == ‘0’) {235 echo __(“You have not added any entries in the category","link-list-manager”)." $get_category.";236 }237 foreach ($res as $row) {238 echo '<a href="admin.php?page=llm.php&category=’.$get_category.’&id=’.$row->id.’" title="Edit">[id = ‘.$row->id.’] '.$row->name.’</a><br>’;239 }240} elseif ($_GET[‘action’] == ‘edit’){241242if ($_GET[‘delimages’]) {243 $imagepatch = $patch_folder."/".$_GET[‘delimages’].$_GET[‘typeimages’];244 if(file_exists($imagepatch)) {245 $res = $wpdb->query(“UPDATE $db_llm SET images = ‘’, imagestype = ‘’ WHERE (id=’$idllm’)");246 unlink($imagepatch);247 echo “<b>".__(“Image removed.","link-list-manager”)."</b><br><br>";248 }249250}251 echo '<a href="admin.php?page=llm.php&category=’.$get_category.’” class="ablock llmradius">’.__(“Back to the list of links","link-list-manager”).’</a><br><br>’;252 $res = $wpdb->get_results(“SELECT * FROM $db_llm WHERE id=’$idllm’”);253 foreach ($res as $row) {254 $imagepatchlist = $patch_folder."/".$row->images.$row->imagestype;255?>256 <form method="post” enctype="multipart/form-data" action="admin.php?page=llm.php&category=<?php echo $_GET[‘category’]; ?>&id=<?php echo $_GET[‘id’]; ?>&action=edit" name="upd">257 <small>258 <?php _e(“Name of reference:","link-list-manager”); ?><br><input type="text" name="name" value="<?php echo $row->name; ?>" class="inputtext"><br><br>259 <?php _e(“Description of the link:","link-list-manager”); ?><br><input type="text" name="alt" value="<?php echo $row->alt; ?>" class="inputtext"><br><br>260 <?php _e(“URL:","link-list-manager”); ?><br><input type="text" name="link" value="<?php echo $row->link; ?>" class="inputtext"><br><br>261 <?php _e(“Behavior:","link-list-manager”); ?><br>262<?php263if ($row->target == ‘_self’) { $selfchecked = “checked"; }264if ($row->target == ‘_blank’) { $blankchecked = “checked"; }265?>266 <input type="radio” name="target” id="_selfupd" value="_self" <?php echo $selfchecked;?>> <label for=’_selfupd’><?php _e(“In this window","link-list-manager”); ?></label>267 <input type="radio" name="target" id="_blankupd" value="_blank" <?php echo $blankchecked;?>> <label for=’_blankupd’><?php _e(“In a new window","link-list-manager”); ?></label><br><br>268<?php269if(file_exists($imagepatchlist) && is_file($imagepatchlist)) {270 echo __(“Loaded image:", “link-list-manager”).’<br>’;271 echo $imageurllist = '<img src="’.$url_folder."/".$row->images.$row->imagestype.’” alt="’.$row->alt.’" style="llmimages llmimages’.$row->id.’">’;272 echo ‘<br>273 <a href="http://’.$_SERVER[‘SERVER_NAME’].$_SERVER[‘REQUEST_URI’].’&delimages=’.$row->images.’&typeimages=’.$row->imagestype.’">’.__(“Remove","link-list-manager”).’</a>274 <br>275 <input type="hidden" value="’.$row->imagestype.’" name="imagestype">276 ‘;277} else {?>278 <?php _e(“Upload a new picture","link-list-manager”); ?> (*.gif, *.jpg, *.png, *.bmp):<br><input type="file" name="images">279<?php } ?><br><br>280 <?php _e(“The location of the image of the text:","link-list-manager”); ?><br>281<?php282if ($row->imagesfloat == ‘left’) { $leftchecked = “checked"; }283if ($row->imagesfloat == ‘right’) { $rightchecked = “checked"; }284?>285 <input type="radio” name="imagesfloat” id="leftupd" value="left" <?php echo $leftchecked;?>> <label for=’leftupd’><?php _e(“Left","link-list-manager”); ?></label>286 <input type="radio" name="imagesfloat" id="rightupd" value="right" <?php echo $rightchecked;?>> <label for=’rightupd’><?php _e(“Right","link-list-manager”); ?></label><br><br>287 <?php _e(“Poprotsionalno reduce the width of the image (numbers indicate size in PX, if you do not need to leave blank):","link-list-manager”); ?> <br><input type="text" name="resize" class="inputtext"><br><br>288 <?php _e(“Sort order:","link-list-manager”); ?><br><input type="text" name="orderby" value="<?php echo $row->orderby; ?>" class="inputtext"><br><br>289 <input type="submit" value="<?php _e(“Update","link-list-manager”); ?>" name="update"><br>290 </small>291</form>292 <?php293 }294295296} elseif ($_GET[‘action’] == ‘del’){297 $res = $wpdb->query("DELETE FROM “.$db_llm.” WHERE (id=’$idllm’)");298 $imagepatch = $patch_folder."/".$_GET[‘id’].$_GET[‘typeimages’];299 if(file_exists($imagepatch) && is_file($imagepatch)) {300 unlink($imagepatch);301 }302 echo __(“Record with an ID","link-list-manager”)." “.$idllm.” “.__(“removed","link-list-manager”)."<br><br>";303 echo '<a href="admin.php?page=llm.php&category=’.$get_category.’” class="ablock llmradius">’.__(“Back to the list of links","link-list-manager”).’</a><br><br>’;304}305306else {307 echo ‘<a href="admin.php?page=llm.php&category=’.$get_category.’" class="ablock llmradius">’.__(“Back to the list of links","link-list-manager”).’</a><br><br>’;308 $res = $wpdb->get_results("SELECT * FROM $db_llm WHERE category=’$get_category’ AND id=’$idllm’ ORDER BY orderby");309 foreach ($res as $row) {310 echo '<a href="admin.php?page=llm.php&category=’.$get_category.’&id=’.$row->id.’&action=edit" class="ablock llmradius">’.__(“Edit","link-list-manager”).’</a> <a href="admin.php?page=llm.php&category=’.$get_category.’&id=’.$row->id.’&action=del&typeimages=’.$row->imagestype.’" class="ablock llmradius">’.__(“Remove","link-list-manager”).’</a><br><br>’.__(“Preview:","link-list-manager”).’<hr>’;311 $imagepatchlist = $patch_folder."/".$row->images.$row->imagestype;312 if(file_exists($imagepatchlist) && is_file($imagepatchlist)) {313 $imageurllist = '<img src="’.$url_folder."/".$row->images.$row->imagestype.’" alt="’.$row->alt.’" class="llmimages llmimages’.$row->id.’">’;314 }315316 if ($row->imagesfloat == ‘left’) {317 echo '<a href="’.$row->link.’" title="’.$row->alt.’" target="’.$row->target.’" class="llma llma’.$row->id.’">’.$imageurllist.’’.$row->name.’</a>’;318 }319 elseif ($row->imagesfloat == ‘right’) {320 echo ‘<a href="’.$row->link.’" title="’.$row->alt.’" target="’.$row->target.’" class="llma llma’.$row->id.’">’.$row->name.’’.$imageurllist.’</a>’;321 }322 else {323 echo ‘<a href="’.$row->link.’" title="’.$row->alt.’" target="’.$row->target.’" class="llma llma’.$row->id.’">’.$row->name.’</a>’;324 }325 }326}327?>328</div>329330<div class="alignleft" <?php echo $llmpreview; ?>>331<strong><?php _e(“Preview:","link-list-manager”); ?></strong><br class="clear"><br class="clear">332<?php333$prevcategory = $_GET[‘category’];334$previd = $_GET[‘id’];335echo do_shortcode('[llm category="’.$prevcategory .’" id="’.$previd.’"]'); ?>336</div>337<br class="clear">338<?php339}340}341342/* shortcode */343function llmshortcode($atts) {344global $wpdb, $db_llm, $patch_folder, $url_folder;345extract(shortcode_atts(array(‘category’ => "1", ‘id’ => ‘’), $atts));346 if ($id) { $whereid = "AND id=’$id’";}347 $res = $wpdb->get_results("SELECT * FROM $db_llm WHERE category=’$category’ $whereid ORDER BY orderby");348 $return .= "\n".’<ul class="llm llm’.$category.’">’."\n";349 foreach ($res as $row) {350 $imagepatchlist = $patch_folder."/".$row->images.$row->imagestype;351 if(file_exists($imagepatchlist) && is_file($imagepatchlist)) {352 $imageurllist = "\n".’ <img src="’.$url_folder."/".$row->images.$row->imagestype.’" alt="’.$row->alt.’" class="llm-images llm-images’.$row->id.’">’."\n";353 }354 $return .= ‘<li class="llm-list llm-list’.$row->id.’">’."\n";355 if ($row->imagesfloat == ‘left’) {356 $return .= ' <a href="’.$row->link.’" title="’.$row->alt.’" target="’.$row->target.’" class="llm-link llm-link’.$row->id.’">’.$imageurllist.’ '.$row->name.’</a>’."\n";357 }358 elseif ($row->imagesfloat == ‘right’) {359 $return .= ‘<a href="’.$row->link.’" title="’.$row->alt.’" target="’.$row->target.’" class="llm-link llm-link’.$row->id.’">’.$row->name.’ '.$imageurllist.’</a>’."\n";360 }361 else {362 $return .= '<a href="’.$row->link.’" title="’.$row->alt.’" target="’.$row->target.’" class="llm-link llm-link’.$row->id.’">’.$row->name.’</a>’."\n";363 }364 $return .= “</li> \n";365 }366 $return .= '</ul>’."\n";367368return $return;369}370add_shortcode('llm’, ‘llmshortcode’);371372/* widget */373class LLM_Widget extends WP_Widget {374function LLM_Widget() {375parent::WP_Widget(false, $name = ‘LL Manager’);376}377378function widget($args, $instance) {379extract( $args );380echo $before_title;381echo $instance[‘title’];382echo $after_title;383echo $before_widget;384echo do_shortcode('[llm category="’.$instance[‘category’].’”]');385echo $after_widget;386}387388function update($new_instance, $old_instance) {389return $new_instance;390}391392function form($instance) {393$title = esc_attr($instance[‘title’]);394$category = esc_attr($instance[‘category’]);395?>396397<p>398<label for="<?php echo $this->get_field_id(‘title’); ?>"><?php _e(“Title","link-list-manager”); ?>399<input class="widefat" id="<?php echo $this->get_field_id(‘title’); ?>" name="<?php echo $this->get_field_name(‘title’); ?>" type="text" value="<?php echo $title; ?>" />400</label>401</p>402<p>403<label for="<?php echo $this->get_field_id(‘category’); ?>"><?php _e(“Category (ID)“,"link-list-manager”); ?>404<input class="widefat” id="<?php echo $this->get_field_id(‘category’); ?>" name="<?php echo $this->get_field_name(‘category’); ?>" type="text" value="<?php echo $category; ?>" />405</label>406</p>407408<?php409}410411}412add_action('widgets_init’, create_function('’, ‘return register_widget(“LLM_Widget”);’));413414?>