Commits · c9320272e0d6aafc2ed40777c8d63f0302fcc41a · Markus Hermann / wp-polls

19 Jan, 2017 1 commit
- Fixed #84. Added vosts cast to poll answer sort · c9320272
  Lester Chan authored Jan 19, 2017
  
  c9320272
18 Jan, 2017 1 commit
- Fix do not display poll if poll is closed · f723ca40
  Lester Chan authored Jan 19, 2017
  
  f723ca40
08 Dec, 2016 1 commit
- Bump WordPress 4.7 · 28ea63e2
  Lester Chan authored Dec 08, 2016
  
  28ea63e2
19 Oct, 2016 4 commits

Refactor a little · 3985890c
Lester Chan authored Oct 19, 2016

3985890c
Merge pull request #81 from monroeclinton/master · f8b0093d
Lester Chan authored Oct 19, 2016
```
 preventing cross site voting & validating answers [Updated]
```
f8b0093d
Update wp-polls.php · 11424251
Monroe Clinton authored Oct 18, 2016

11424251

preventing cross site voting & validating answers · d4f9ff6b

Monroe Clinton authored Oct 18, 2016

There is a current flaw in wp-polls that allows people to embed the following into a page:
http://example.com/wp-admin/admin-ajax.php?action=polls&view=process&poll_id=POLLID&poll_POLLID=ANSWER&poll_POLLID_nonce=POLLNONCE

This allows exploiters to get votes from people who have not even visited the WordPress site. I exploited this on a WordPress site, and got 318k votes by embedding the link into various forum signatures. However, since the poll answer is a GET variable, the actual answers went to 0%. It is because the votes were not counted as answers, but still added to the total votes. I added an if statement that checks if the poll answer is legitimate. This prevents fraudulent answers, and cross site voting.

d4f9ff6b

18 Oct, 2016 1 commit

preventing cross site voting & validating answers · 0f40065f

Monroe Clinton authored Oct 18, 2016

0f40065f

30 Aug, 2016 1 commit
- Add hourly to cron · dd7bf2c2
  Lester Chan authored Aug 30, 2016
  
  dd7bf2c2
29 Jun, 2016 4 commits
- Bump tested up to · 952bbc00
  Lester authored Jun 29, 2016
  
  952bbc00
- Bump version · ea282893
  Lester authored Jun 29, 2016
  
  ea282893
- More whitelisting · d80822d3
  Lester authored Jun 29, 2016
  
  d80822d3
- Whitelist poll option styles · df94d9f2
  Lester authored Jun 29, 2016
  
  df94d9f2
08 Jun, 2016 1 commit
- esc_js and esc_attr · 24b088dc
  Lester authored Jun 08, 2016
  
  24b088dc
17 Apr, 2016 3 commits
- Update README.md · ed91d0f6
  Lester Chan authored Apr 17, 2016
  
  ed91d0f6
- Cleanup older chanelog · d2cc730d
  Lester Chan authored Apr 17, 2016
  
  d2cc730d
- Fixed #65. Allow local IPs · 3b29a823
  Lester Chan authored Apr 17, 2016
  
  3b29a823
14 Apr, 2016 1 commit
- Bump 4.5 · dc013820
  Lester authored Apr 14, 2016
  
  dc013820
12 Apr, 2016 4 commits
- Merge pull request #69 from afragen/patch-1 · c9b53072
  Lester Chan authored Apr 12, 2016
```
Add question to Log and correct error if using hooks
```
  c9b53072
- create $polla_answer if using hook · d97699e4
  Andy Fragen authored Apr 11, 2016
```
poll_log_show_log_filter
```
  d97699e4
- display poll question at top of table · 3891f3bb
  Andy Fragen authored Apr 11, 2016
  
  3891f3bb
- initialize variables · 086841c1
  Andy Fragen authored Apr 11, 2016
```
prevents PHP error under certain circumstances
```
  086841c1
15 Mar, 2016 2 commits

Revert "When using the poll on mobile, this message gets lost "You Had Already... · c8c8e996

Lester authored Mar 15, 2016

Revert "When using the poll on mobile, this message gets lost "You Had Already Voted For This Poll" because poll total height shrinks."

This reverts commit ad2b7d5d.

c8c8e996

Merge pull request #67 from eduardoarandah/master · e6e9a21a
Lester Chan authored Mar 15, 2016
```
When using the poll on mobile, this message gets lost "You Had Alread…
```
e6e9a21a

14 Mar, 2016 1 commit

When using the poll on mobile, this message gets lost "You Had Already Voted... · ad2b7d5d

Eduardo authored Mar 14, 2016

When using the poll on mobile, this message gets lost "You Had Already Voted For This Poll" because poll total height shrinks.

Added a wrapper class to help style this message

ad2b7d5d

06 Jan, 2016 1 commit
- removeslashes() · da055d06
  Lester authored Jan 06, 2016
  
  da055d06
11 Dec, 2015 9 commits
- Space between order_by and sort_order · befae07d
  Lester authored Dec 12, 2015
  
  befae07d
- Remove sort order from prepare and move it into the query string · 595dc952
  Lester authored Dec 12, 2015
  
  595dc952
- Update README.md · 1c3c3c8b
  Lester authored Dec 12, 2015
  
  1c3c3c8b
- Use wpdb->prepare & wpdb->insert & wpdb->update & wpdb->delete for wp-polls.php · 12dda379
  Lester authored Dec 12, 2015
  
  12dda379
- Use wpdb->prepare & wpdb->update for polls-manager.php · 7aac0ce1
  Lester authored Dec 12, 2015
  
  7aac0ce1
- Use wpdb->prepare for polls-logs.php · c18abbd3
  Lester authored Dec 12, 2015
  
  c18abbd3
- Use wpdb->insert for polls-add.php · edea8c62
  Lester authored Dec 12, 2015
  
  edea8c62
- Merge pull request #61 from jaydansand/master · 19776959
  Lester Chan authored Dec 11, 2015
```
SQL injection fixes.
```
  19776959
- Fix possible rDNS SQL injection. Use ->prepare() where appropriate. Use... · 7c38280b
  Jay Dansand authored Dec 11, 2015
```
Fix possible rDNS SQL injection. Use ->prepare() where appropriate. Use esc_sql() instead of addslashes(). Whitelist ORDER BY and SORT BY SQL injection vectors.
```
  7c38280b
03 Dec, 2015 1 commit
- Fixed #60 Remove poll_archive_show option from UI · 13c61aad
  Lester authored Dec 03, 2015
  
  13c61aad
02 Dec, 2015 3 commits
- Merge pull request #59 from afragen/future-poll-id · 903ba15b
  Lester Chan authored Dec 02, 2015
```
get correct poll ID for a poll starting in the future
```
  903ba15b
- Merge pull request #58 from afragen/fix-notices · 641b2326
  Lester Chan authored Dec 02, 2015
```
fix PHP notices
```
  641b2326
- get correct poll ID for a poll starting in the future · b54e5d5d
  Andy Fragen authored Dec 01, 2015
```
Correctly display poll ID and shortcode for poll starting in the future.
```
  b54e5d5d
01 Dec, 2015 1 commit
- fix PHP notices · 62065915
  Andy Fragen authored Dec 01, 2015
  
  62065915