Advisory: https://www.exploit-db.com/exploits/16218/
diff -uwdBrN z-vote.orig/zvote.php z-vote/zvote.php
--- z-vote.orig/zvote.php 2011-02-25 21:05:44.000000000 +0200
+++ z-vote/zvote.php 2011-02-25 21:10:46.531798756 +0200
@@ -9,6 +9,8 @@
License: GPL
*/
+ defined('ABSPATH') or die();
+
// --- DEFINITIONS
//define where zvote is installed on the wordpres system. In 99.9% of the case the path below is correct.
@@ -271,7 +273,7 @@
function zVote_getEntry($postid) {
global $wpdb;
- $entries = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . ""));
+ $entries = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d", $postid));
return $entries;
}
@@ -282,7 +284,7 @@
global $wpdb;
$votes = 0;
- $votes = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . ""));
+ $votes = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d", $postid));
return $votes;
}
@@ -292,7 +294,7 @@
global $wpdb;
- $votes = $wpdb->get_var($wpdb->prepare("DELETE FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . ""));
+ $votes = $wpdb->get_var($wpdb->prepare("DELETE FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d", $postid));
return $votes;
}
@@ -353,7 +355,7 @@
global $wpdb;
//ipcheck for now, will expand to userid-check, based on the user setting in version 1.5
- $ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . " AND userip = \"" . $_SERVER['REMOTE_ADDR'] . "\""));
+ $ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d AND userip = %s", $postid, $_SERVER['REMOTE_ADDR']));
$wpdb->insert( $wpdb->prefix . 'zvotedata', array( 'postid' => $postid, 'userip' => $_SERVER['REMOTE_ADDR'], 'userid' => 0, 'time' => time() ), array( '%d','%s', '%d', '%d' ) );
@@ -365,7 +367,7 @@
global $wpdb, $wp_query, $redirect_meta_key;
//ipcheck for now, will expand to userid-check, based on the user setting in version 1.5
- $ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = " . $postid . " AND userip = \"" . $_SERVER['REMOTE_ADDR'] . "\""));
+ $ipcheck = $wpdb->get_var($wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "zvotedata WHERE postid = %d AND userip = %d", $postid, $_SERVER['REMOTE_ADDR']));
if (!$ipcheck) {
//ok to vote, register vote
@@ -382,7 +384,7 @@
}
//send user to post
- header('Location: ' .$injectionPoint);
+ wp_redirect($injectionPoint);
exit;
} else {
//user already registered, push to entry-page and inform the user.
@@ -394,7 +396,7 @@
$injectionPoint = $post . '?zvoters=2';
}
- header('Location: ' .$injectionPoint);
+ wp_redirect($injectionPoint);
exit;
}
exit;
]]>
I’m testing it on my localhost. After activation and accessing the plugin settings, I see.
Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\wp\wp-content\plugins\z-vote\zvote.php on line 175
And I can’t select the voting restriction; IP address and User ID, although I’ve already enabled registration in WordPress.
]]>Hello Everybody!
Z-Vote for WordPress has been released, we hope you enjoy our plugin!
The plugin allows you to enroll voters and capture their votes on any post or page you create in your WP website.
]]>