Merge pull request #263 from fpcorso/security/4.2.3

Security Release 4.2.3
QuizandSurveyMaster · Jul 16, 2015 · 40bf9b2 · 40bf9b2
2 parents 090b9ec + ce56bee
commit 40bf9b2
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 16 deletions.
diff --git a/mlw_quizmaster2.php b/mlw_quizmaster2.php
@@ -2,7 +2,7 @@
 /**
 * Plugin Name: Quiz Master Next
 * Description: Use this plugin to add multiple quizzes, tests, or surveys to your website.
-* Version: 4.4.2
+* Version: 4.4.3
 * Author: Frank Corso
 * Author URI: http://www.mylocalwebstop.com/
 * Plugin URI: http://www.quizmasternext.com/
@@ -16,7 +16,7 @@
 * You understand that you install, operate, and unistall the plugin at your own discretion and risk.
 *
 * @author Frank Corso
-* @version 4.4.2
+* @version 4.4.3
 */
 if ( ! defined( 'ABSPATH' ) ) exit;
 /**
@@ -34,7 +34,7 @@ class MLWQuizMasterNext
 	 * @var string
 	 * @since 4.0.0
 	 */
-	public $version = '4.4.2';
+	public $version = '4.4.3';
 
 	/**
 	 * QMN Alert Manager Object

diff --git a/php/qmn_credits.php b/php/qmn_credits.php
@@ -56,10 +56,9 @@ function mlw_generate_about_page()
 			<br />
 		</div>
 		<div id="mlw_quiz_changelog" style="display: none;">
-		<h3><?php echo $mlw_quiz_version; ?> (June 20, 2015)</h3>
+		<h3><?php echo $mlw_quiz_version; ?> (July 17, 2015)</h3>
 		<ul>
-			<li>* Bug Fix: Fixed bug that caused issues with validation<a href="https://github.com/fpcorso/quiz_master_next/issues/254">Github Issue #254</a></li>
-			<li>* Bug Fix: Fixed a rare permalink issue<a href="https://github.com/fpcorso/quiz_master_next/issues/253">Github Issue #253</a></li>
+			<li>* Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs</li>
 		</ul>
 		</div>
 	</div>

diff --git a/php/qmn_options_text_tab.php b/php/qmn_options_text_tab.php
@@ -24,7 +24,7 @@ function mlw_options_text_tab_content()
 {
 	global $wpdb;
 	global $mlwQuizMasterNext;
-	$quiz_id = $_GET["quiz_id"];
+	$quiz_id = intval($_GET["quiz_id"]);
 	//Submit saved templates into database
 	if ( isset($_POST["save_templates"]) && $_POST["save_templates"] == "confirmation")
 	{
@@ -46,7 +46,7 @@ function mlw_options_text_tab_content()
 		$qmn_social_media_text = serialize(array('twitter' => $_POST["mlw_quiz_twitter_text_template"], 'facebook' => $_POST["mlw_quiz_facebook_text_template"]));
 
 		$mlw_question_answer_template = htmlspecialchars($_POST["mlw_quiz_question_answer_template"], ENT_QUOTES);
-		$quiz_id = $_POST["quiz_id"];
+		$quiz_id = intval($_POST["quiz_id"]);
 
 		$update = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET message_before='".$mlw_before_message."', message_comment='".$mlw_before_comments."', message_end_template='".$mlw_qmn_message_end."', comment_field_text='".$mlw_comment_field_text."', question_answer_template='".$mlw_question_answer_template."', submit_button_text='".$mlw_submit_button_text."', name_field_text='".$mlw_name_field_text."', business_field_text='".$mlw_business_field_text."', email_field_text='".$mlw_email_field_text."', phone_field_text='".$mlw_phone_field_text."', total_user_tries_text='".$mlw_user_tries_text."', social_media_text='".$qmn_social_media_text."', pagination_text='".$mlw_qmn_pagination_field."', require_log_in_text='".$mlw_require_log_in_text."', limit_total_entries_text='".$mlw_limit_total_entries_text."', last_activity='".date("Y-m-d H:i:s")."', scheduled_timeframe_text='".$mlw_scheduled_timeframe_text."' WHERE quiz_id=".$quiz_id;
 		$results = $wpdb->query( $update );
@@ -72,7 +72,7 @@ function mlw_options_text_tab_content()
 	if (isset($_GET["quiz_id"]))
 	{
 		$table_name = $wpdb->prefix . "mlw_quizzes";
-		$mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $_GET["quiz_id"]));
+		$mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $quiz_id));
 	}
 
 	//Load Pagination Text

diff --git a/php/qmn_options_tools_tab.php b/php/qmn_options_tools_tab.php
@@ -24,12 +24,12 @@ function mlw_options_tools_tab_content()
 {
 	global $wpdb;
 	global $mlwQuizMasterNext;
-	$quiz_id = $_GET["quiz_id"];
+	$quiz_id = intval($_GET["quiz_id"]);
 	//Update Quiz Table
 	if (isset($_POST["mlw_reset_quiz_stats"]) && $_POST["mlw_reset_quiz_stats"] == "confirmation")
 	{
 		//Variables from reset stats form
-		$mlw_reset_stats_quiz_id = $_POST["mlw_reset_quiz_id"];
+		$mlw_reset_stats_quiz_id = intval($_POST["mlw_reset_quiz_id"]);
 		$mlw_reset_update_sql = "UPDATE " . $wpdb->prefix . "mlw_quizzes" . " SET quiz_views=0, quiz_taken=0, last_activity='".date("Y-m-d H:i:s")."' WHERE quiz_id=".$mlw_reset_stats_quiz_id;
 		$mlw_reset_sql_results = $wpdb->query( $mlw_reset_update_sql );
 		if ($mlw_reset_sql_results != false)
@@ -42,7 +42,7 @@ function mlw_options_tools_tab_content()
 			$table_name = $wpdb->prefix . "mlw_qm_audit_trail";
 			$insert = "INSERT INTO " . $table_name .
 				"(trail_id, action_user, action, time) " .
-				"VALUES (NULL , '" . $current_user->display_name . "' , 'Quiz Stats Have Been Reset For Quiz Number ".$mlw_leaderboard_quiz_id."' , '" . date("h:i:s A m/d/Y") . "')";
+				"VALUES (NULL , '" . $current_user->display_name . "' , 'Quiz Stats Have Been Reset For Quiz Number $mlw_reset_stats_quiz_id' , '" . date("h:i:s A m/d/Y") . "')";
 			$results = $wpdb->query( $insert );
 		}
 		else
@@ -54,7 +54,7 @@ function mlw_options_tools_tab_content()
 	if (isset($_GET["quiz_id"]))
 	{
 		$table_name = $wpdb->prefix . "mlw_quizzes";
-		$mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $_GET["quiz_id"]));
+		$mlw_quiz_options = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE quiz_id=%d LIMIT 1", $quiz_id));
 	}
 	?>
 	<div id="tabs-8" class="mlw_tab_content">

diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Donate link: http://mylocalwebstop.com/downloads/donation-service-payment/
 Tags: quiz, test, score, exam, survey, contact, form, email, answer, question, certificate, points, results, math
 Requires at least: 3.8.1
 Tested up to: 4.2
-Stable tag: 4.4.2
+Stable tag: 4.4.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -121,10 +121,14 @@ Feel free to use the widget on the help page within the plugin or from our [cont
 8. Example Quiz With Styling
 
 == Changelog ==
+
+= 4.4.3 (July 17, 2015) =
+  * Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs
+
 = 4.4.2 (June 26, 2015) =
   * Bug Fix: Fixed bug that caused issues with validation ([Github Issue #254](https://github.com/fpcorso/quiz_master_next/issues/254))
   * Bug Fix: Fixed a rare permalink issue ([Github Issue #253](https://github.com/fpcorso/quiz_master_next/issues/253))
- 
+
 
 = 4.4.1 (June 21, 2015) =
   * Bug Fix: Fixes validation bug from missing first page
@@ -689,10 +693,12 @@ Feel free to use the widget on the help page within the plugin or from our [cont
 
 == Upgrade Notice ==
 
+= 4.4.3 =
+Security Fix: Fixed possible sql injection from authenticated users on text and tools tabs. Please update immediately.
+
 = 4.4.2 =
 Upgrade for a variety of bug fixes
 
-
 = 4.4.1 =
 Upgrade for a variety of bug fixes