CVE-2023-3977: misc.php in pop-up-pop-up/tags/1.1.9/modules/banner – WordPress Plugin Repository

1<?php23 /**4 * File for our cool Carousel in the footer5 *6 * @category Child Plugin7 * @version v0.2.08 * @since v0.1.09 * @author iClyde [email protected]10 */1112 // Namespace13 namespace Inisev\Subs;1415 // Disallow direct access16 if (defined(‘ABSPATH’)) {1718 /**19 * Main class for handling the Carousel20 */21 if (!class_exists(‘Inisev\Subs\Inisev_Carousel’)) {22 class Inisev_Carousel {2324 // Should hide it for good i.e. styles may be broken?25 private $error = 0;2627 // Slugs of plugins28 private $usm_premium = 'usm-premium/usm_premium_icons.php’;29 private $usm_slug = 'ultimate-social-media-icons/ultimate_social_media_icons.php’;30 private $bmi_premium = 'backup-backup-pro/backup-backup-pro.php’;31 private $bmi_slug = 'backup-backup/backup-backup.php’;32 private $cdp_premium = 'copy-delete-posts-premium/copy-delete-posts-premium.php’;33 private $cdp_slug = 'copy-delete-posts/copy-delete-posts.php’;34 private $mpu_slug = 'pop-up-pop-up/pop-up-pop-up.php’;35 private $redi_slug = 'redirect-redirection/redirect-redirection.php’;3637 /*38 * Compile some variables for "future us"39 * Such as slug of current plugin, root dir of plugin40 */41 function __construct($root_file, $root_dir) {4243 // This roots44 $this->_root_file = $root_file;45 $this->_root_dir = $root_dir;4647 // Add handler for Ajax request48 if (isset($_SERVER[‘REQUEST_METHOD’]) && $_SERVER[‘REQUEST_METHOD’] === ‘POST’) {4950 // Check if slug is defined51 if (isset($_POST[‘slug’]) && !empty($_POST[‘slug’])) {5253 // Handle the request54 add_action('wp_ajax_inisev_installation’, [&$this, ‘handle_installation’]);5556 }5758 // Stop for POST59 return;6061 }6263 // WordPress globals64 global $menu;6566 // Make sure WP_PLUGIN_DIR is defined67 if (!defined(‘WP_PLUGIN_DIR’)) return $this->fail(1);68 if (!function_exists(‘trailingslashit’)) return $this->fail(2);69 if (!defined(‘DIRECTORY_SEPARATOR’)) define('DIRECTORY_SEPARATOR’, ‘/’);7071 // That’s in case the developer moved this file somewhere else72 $tmp_slug = trailingslashit($this->_root_dir);73 $tmp_root = trailingslashit(WP_PLUGIN_DIR);74 $tmp_name = explode(DIRECTORY_SEPARATOR, substr($tmp_slug, strlen($tmp_root)));7576 // Make the “probably” slug name77 $this->page = sanitize_text_field($_GET[‘page’]);78 $this->slug = $tmp_name[0];79 $this->root = $tmp_root . $this->slug;8081 // Make lowercase slug82 $this->slug_low = $this->makelower($this->slug);8384 // We don’t need those anymore85 unset($tmp_slug, $tmp_root, $tmp_name);8687 // Check if the guess is correct enough88 if (!is_dir($this->root)) return $this->fail(3);8990 // Check if the script requires to be in hook91 if (!function_exists(‘current_action’)) return $this->fail(4);92 $this->hooked = (current_action() == ‘’ ? false : true);9394 // Add hook if it’s required95 if (!$this->hooked) {9697 // Hook the script to init98 add_action('admin_menu’, [&$this, ‘setup’], PHP_INT_MAX);99100 } else {101102 // The child plugin is already hooked, check if correctly103 if (current_action() == ‘admin_menu’ || isset($menu)) {104105 // If the hook is correct continue106 $this->setup();107108 } else {109110 // Hook the script to init if it’s not hooked to it already111 add_action('admin_menu’, [&$this, ‘setup’], PHP_INT_MAX);112113 }114115 }116117 }118119 /*120 * Main setup of this child plugin121 */122 public function setup() {123124 // WordPress Global Variables125 global $menu;126127 // Make sure $menu exists128 if (!isset($menu) || !is_array($menu)) return $this->fail(5);129130 // Get menu slug name131 if (!$this->menu_name($menu)) return false;132133 if (/*$this->page === $this->menu && */!defined(‘INISEV_CAROUSEL’)) {134135 // Initialize Carousel constant136 define('INISEV_CAROUSEL’, true);137138 // Root URL for assets139 $this->url = trailingslashit(plugins_url(null, $this->_root_file));140141 // Load styles142 wp_enqueue_script('inisev-carousel-script’, ($this->url . ‘assets/index.min.js’), [], filemtime($this->_root_dir . ‘/assets/index.min.js’), true);143 wp_enqueue_style('inisev-carousel-style’, ($this->url . ‘assets/style.min.css’), [], filemtime($this->_root_dir . ‘/assets/style.min.css’));144145 // Print the footer146 if (!has_action(‘ins_global_print_carrousel’)) {147 add_action('ins_global_print_carrousel’, [&$this, ‘_print’], 1);148 }149150 }151152 }153154 /*155 * This function may be used for debugging purposes156 */157 private function fail($code = false) {158159 if ($code === false) {160161 // Return error code if specified as request ($code === false)162 return $this->error;163164 } else {165166 // Set the error code and return167 error_log($code);168 $this->error = $code;169 return false;170171 }172173 }174175 /*176 * Helper function remove _ -/ characters and make lowercase177 */178 private function makelower($str) {179180 $str = str_replace('_’, '’, $str);181 $str = str_replace('-', '’, $str);182 $str = str_replace('/’, '’, $str);183 $str = str_replace('\/’, '’, $str);184 $str = str_replace(' ', '’, $str);185 $str = strtolower($str);186187 return $str;188189 }190191 /*192 * This function will find slug of menu page193 */194 private function menu_name(&$menu) {195196 // Find the menu slug197 // IMPORTANT: It requires the plugin to use own icon (own assets)198 foreach ($menu as $priority => $details) {199 if (is_array($details) && sizeof($details) >= 6) {200 for ($i = 0; $i < sizeof($details); ++$i) {201 if ($this->makelower($details[$i]) == $this->slug_low) {202 $this->menu = $details[2];203 break;204 }205 }206 if (isset($this->menu)) break;207 }208 }209210 // MyPopUps exception211 if (!isset($this->menu)) {212 $mpu = ['wpmypopups’, 'mypopups’, ‘popuppopup’];213 if (in_array($this->slug_low, $mpu)) {214 $this->menu = 'wp-mypopups’;215 }216 }217218 if (!isset($this->menu)) {219 $bmi = ['backupbackup’, 'backup-backup’, 'backup-migration’, ‘backupmigration’];220 if (in_array($this->slug_low, $bmi)) {221 $this->menu = 'backup-migration’;222 }223 }224225 if (!isset($this->menu)) {226 $hhr = ['httpsremover’, ‘httphttpsremover’];227 if (in_array($this->slug_low, $hhr)) {228 $this->menu = 'httphttpsRemoval’;229 }230 }231232 if (!isset($this->menu)) {233 $wpc = ['wp-clone’, 'wp-clone’, ‘wpclonebywpacademy’];234 if (in_array($this->slug_low, $wpc)) {235 $this->menu = 'wp-clone’;236 }237 }238239 // Make sure it found something240 if (isset($this->menu)) return true;241 else return true;242 // else return $this->fail(6);243244 }245246 /*247 * Helper: Include file248 */249 private function _include($path) {250251 include_once trailingslashit($this->_root_dir) . ‘views/’ . $path . '.php’;252253 }254255 /*256 * Helper: Get asset URL257 */258 private function get_asset($file) {259260 return $this->url . $file;261262 }263264 /*265 * Helper: Get asset and print URL266 */267 private function _asset($file) {268269 echo $this->get_asset(‘views/’ . $file);270271 }272273 /*274 * Upgrade plugin, this function probably will never be fired275 */276 private function upgrade_plugin($plugin_slug) {277278 // Include upgrader279 include_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php’;280 wp_cache_flush();281282 // Initialize & upgrade the plugin283 $upgrader = new \Plugin_Upgrader();284 $upgraded = $upgrader->upgrade($plugin_slug);285286 // Return status or WP Error287 return $upgraded;288289 }290291 /*292 * Check if plugin is installed by slug293 */294 private function is_plugin_installed($slug) {295296 // Get all plugins297 $all_plugins = get_plugins();298299 // Make sure all slugs are in lowercase.300 foreach ($all_plugins as $plug => $v) {301302 // Once something match return success303 if (strtolower($plug) == strtolower($slug)) return true;304305 }306307 // If nothing just fail308 return false;309310 // When I exactly know the letter case…311 // if (!empty($all_plugins[$slug])) return true;312 // else return false;313314 }315316 /*317 * Install the plugin by slug318 */319 private function install_plugin($plugin_zip) {320321 // Include upgrader322 include_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php’;323 wp_cache_flush();324325 // Initialize WP upgrader & install the plugin326 $upgrader = new \Plugin_Upgrader();327 $installed = $upgrader->install($plugin_zip);328329 // Return status or WP Error330 return $installed;331332 }333334 /*335 * Install file336 */337 private function install($slug, $directory_slug) {338339 // Prepare the URLs and full slug340 $plugin_slug = $slug;341 $plugin_zip = ‘https://downloads.wordpress.org/plugin/’ . $directory_slug . '.latest-stable.zip’;342343 // Make sure the plugin is not installed344 if ($this->is_plugin_installed($plugin_slug)) {345346 // Upgrade the plugin if it’s installed somehow347 $this->upgrade_plugin($plugin_slug);348 $installed = true;349350 // Install instead351 } else $installed = $this->install_plugin($plugin_zip);352353 // Check if there was any error354 if (!is_wp_error($installed) && $installed) {355 $activate = activate_plugin($plugin_slug);356357 if (is_null($activate)) {358359 $url = admin_url('’, ‘admin’);360361 // CDP has special alert when installed with quick-install module362 if ($_POST[‘slug’] === ‘cdp’) {363 update_option('_cdp_cool_installation’, true);364 update_option('_cdp_redirect’, true);365 $url = admin_url() . 'admin.php?page=copy-delete-posts’;366 }367368 // Redirection for MPU369 if ($_POST[‘slug’] === ‘mpu’) {370 update_option('wp_mypopups_do_activation_redirect’, true);371 $url = admin_url() . 'admin.php?page=wp-mypopups’;372 }373374 // Redirection for USM375 if ($_POST[‘slug’] === ‘usm’) {376 update_option('sfsi_plugin_do_activation_redirect’, true);377 $url = admin_url() . 'admin.php?page=sfsi-options’;378 }379380 // Redirection for BMI381 if ($_POST[‘slug’] === ‘bmi’) {382 update_option('_bmi_redirect’, true);383 $url = admin_url() . 'admin.php?page=backup-migration’;384 }385386 // Redirection for RED387 if ($_POST[‘slug’] === ‘redi’) {388 update_option('irrp_activation_redirect’, true);389 $url = admin_url() . 'admin.php?page=irrp-redirection’;390 }391392 // Send success393 wp_send_json_success([ ‘installed’ => true, ‘url’ => $url ]);394395 // I don’t know what happened here and if it’s even possible396 } else wp_send_json_error();397398 // Send fail399 } else wp_send_json_error();400401 }402403 /*404 * Add/print the Carousel405 */406 public function _print() {407408 try {409410 include_once trailingslashit($this->_root_dir) . 'views/index.php’;411412 } catch (\Exception $e) {413414 return $this->fail(7);415416 } catch (\Exception $e) {417418 return $this->fail(8);419420 }421422 }423424 /*425 * Handle ajax request426 */427 public function handle_installation() {428429 // Handle the slug and install the plugin430 $slug = sanitize_text_field($_POST[‘slug’]);431 if ($slug === ‘usm’) {432433 $this->install($this->usm_slug, ‘ultimate-social-media-icons’);434435 } elseif ($slug === ‘bmi’) {436437 $this->install($this->bmi_slug, ‘backup-backup’);438439 } elseif ($slug === ‘cdp’) {440441 $this->install($this->cdp_slug, ‘copy-delete-posts’);442443 } elseif ($slug === ‘mpu’) {444445 $this->install($this->mpu_slug, ‘pop-up-pop-up’);446447 } elseif ($slug == ‘redi’) {448449 $this->install($this->redi_slug, ‘redirect-redirection’);450451 // Anything else error452 } else wp_send_json_error();453454 }455456 }457 }458459 // Disallow usage of multiple Carousels + allow only GET requests460 if (!defined(‘INISEV_CAROUSEL’)) {461462 // Make sure settings/menu page slug exsits463 if (!empty($_GET[‘page’]) || (isset($_SERVER[‘REQUEST_METHOD’]) && $_SERVER[‘REQUEST_METHOD’] === ‘POST’)) {464465 // Initialize the Carousel466 $carousel = new Inisev_Carousel(__FILE__, __DIR__);467468 }469470 }471472 }