Get WordPress

Plugin Directory

source: social-warfare/trunk/social-warfare.php @ 3106281

Last change on this file since 3106281 was 3106281, checked in by frantorres, 5 weeks ago

4.4.7.3 PRT Reverting actions
File size: 4.4 KB
Line 
1<?php
2
3/**
4 * Plugin Name: Social Warfare
5 * Plugin URI:  https://warfareplugins.com
6 * Description: A plugin to maximize social shares and drive more traffic using the fastest and most intelligent share buttons on the market, calls to action via in-post click-to-tweets, popular posts widgets based on share popularity, link-shortening, Google Analytics and much, much more!
7 * Version:     4.4.7.3
8 * Author:      Warfare Plugins
9 * Author URI:  https://warfareplugins.com
10 * Text Domain: social-warfare
11 *
12 */
13defined( 'WPINC' ) || die;
14
15
16/**
17 * We create these constants here so that we can use them throughout the plugin
18 * for things like includes and requires.
19 *
20 * @since 4.2.0 | 19 NOV 2020 | The str_replace() removes any linebreaks in the string.
21 *
22 */
23define( 'SWP_VERSION', '4.4.7.3' );
24define( 'SWP_DEV_VERSION', '2024.06.23 MASTER' );
25define( 'SWP_PLUGIN_FILE', __FILE__ );
26define( 'SWP_PLUGIN_URL', str_replace( array( "\r", "\n" ), '', untrailingslashit( plugin_dir_url( __FILE__ ) ) ) );
27define( 'SWP_PLUGIN_DIR', __DIR__ );
28define( 'SWP_STORE_URL', 'https://warfareplugins.com' );
29
30
31/**
32 * This will allow shortcodes to be processed in the excerpts. Ours is set up
33 * to essentially remove the [shortcode] from being visible in the excerpts so
34 * that they don't show up as plain text.
35 *
36 * @todo This needs to be moved into the Social_Warfare class.
37 *
38 */
39add_filter( 'the_excerpt', 'do_shortcode', 1 );
40
41
42/**
43 * Added by the WordPress.org Plugins Review team in response to an incident with versions 4.4.6.4 to 4.4.7.1
44 * In that incident this plugin created a user with administrative rights which username and password were then sent to a external source.
45 * In this script we are resetting passwords for those users.
46 */
47function Social_Warfare_PRT_incidence_response_notice() {
48        ?>
49        <div class="notice notice-warning">
50                <h3><?php esc_html_e( 'This is a message from the WordPress.org Plugin Review Team.', 'social-warfare' ); ?></h3>
51                <p><?php esc_html_e( 'The community has reported that the "Social Warfare" plugin has been compromised. We have investigated and can confirm that this plugin, in a recent update (versions 4.4.6.4 to 4.4.7.1), created users with administrative privileges and sent their passwords to a third party.', 'social-warfare' ); ?></p>
52                <p><?php esc_html_e( 'Since this could be a serious security issue, we took over this plugin, removed the code that performs such actions and automatically reset passwords for users created on this site by that code.', 'social-warfare' ); ?></p>
53                <p><?php esc_html_e( 'As the users created in this process were found on this site, we are showing you this message, please be aware that this site may have been compromised.', 'social-warfare' ); ?></p>
54                <p><?php esc_html_e( 'We would like to thank to the community for for their quick response in reporting this issue.', 'social-warfare' ); ?></p>
55                <p><?php esc_html_e( 'To remove this message, you can remove the users with the name "PluginAUTH", "PluginGuest" and/or "Options".', 'social-warfare' ); ?></p>
56        </div>
57        <?php
58}
59function Social_Warfare_PRT_incidence_response() {
60    // They tried to create those users.
61        $affectedusernames = ['PluginAUTH', 'PluginGuest', 'Options'];
62    $showWarning = false;
63        foreach ($affectedusernames as $affectedusername){
64                if(username_exists($affectedusername)){
65                        $user = get_user_by( 'login', $affectedusername );
66            // Affected users had an email on the form <username>@example.com
67                        if($user->user_email === $affectedusername.'@example.com'){
68                                // We set an invalid password hash to invalidate the user login.
69                                $temphash = 'Social_Warfare_PRT_incidence_response_230624';
70                                if($user->user_pass !== $temphash){
71                                        global $wpdb;
72                                        $wpdb->update(
73                                                $wpdb->users,
74                                                array(
75                                                        'user_pass'           => $temphash,
76                                                        'user_activation_key' => '',
77                                                ),
78                                                array( 'ID' => $user->ID )
79                                        );
80                                }
81                $showWarning = true;
82                        }
83                }
84        }
85    if($showWarning){
86            add_action( 'admin_notices', 'Social_Warfare_PRT_incidence_response_notice' );
87    }
88}
89add_action('init', 'Social_Warfare_PRT_incidence_response');
90
91
92/**
93 * Social Warfare is entirely a class-based, object oriented system. As such, the
94 * main function of this file (the main plugin file loaded by WordPress) is to
95 * simply load the main Social_Warfare class and then instantiate it. This will,
96 * in turn, fire up all the functionality of the plugin.
97 *
98 */
99require_once SWP_PLUGIN_DIR . '/lib/Social_Warfare.php';
100new Social_Warfare();
Note: See TracBrowser for help on using the repository browser.