From f1a7413e2004b7ec97a084464475614bcfd1aaee Mon Sep 17 00:00:00 2001 From: erwanlr Date: Fri, 5 Jul 2019 09:34:13 +0100 Subject: [PATCH] Adds Theme DFs --- lib/wpscan/db/dynamic_finders/base.rb | 5 +- lib/wpscan/db/dynamic_finders/plugin.rb | 2 +- lib/wpscan/db/dynamic_finders/theme.rb | 2 +- lib/wpscan/db/dynamic_finders/wordpress.rb | 2 +- spec/fixtures/db/dynamic_finders.yml | 7 + spec/fixtures/dynamic_finders/expected.yml | 7 + .../theme_version/zoner/readme/readme.txt | 629 ++++++++++++++++++ spec/lib/db/dynamic_finders/theme_spec.rb | 1 + .../dynamic_finder/plugin_version_spec.rb | 2 +- .../dynamic_finder/theme_version_spec.rb | 146 ++++ .../dynamic_finders/wp_items.rb | 4 +- 11 files changed, 798 insertions(+), 9 deletions(-) create mode 100644 spec/fixtures/dynamic_finders/theme_version/zoner/readme/readme.txt create mode 100644 spec/lib/finders/dynamic_finder/theme_version_spec.rb diff --git a/lib/wpscan/db/dynamic_finders/base.rb b/lib/wpscan/db/dynamic_finders/base.rb index e4203688..7390ece5 100644 --- a/lib/wpscan/db/dynamic_finders/base.rb +++ b/lib/wpscan/db/dynamic_finders/base.rb @@ -10,9 +10,8 @@ module WPScan end # @return [ Hash ] - def self.db_data - # true allows aliases to be loaded - @db_data ||= YAML.safe_load(File.read(db_file), [Regexp], [], true) + def self.raw_db_data + @raw_db_data ||= YAML.safe_load(File.read(db_file), [Regexp]) end # @return [ Array ] diff --git a/lib/wpscan/db/dynamic_finders/plugin.rb b/lib/wpscan/db/dynamic_finders/plugin.rb index 2e5671b2..1fc59363 100644 --- a/lib/wpscan/db/dynamic_finders/plugin.rb +++ b/lib/wpscan/db/dynamic_finders/plugin.rb @@ -6,7 +6,7 @@ module WPScan class Plugin < Base # @return [ Hash ] def self.db_data - @db_data ||= super['plugins'] || {} + @db_data ||= raw_db_data['plugins'] || {} end def self.version_finder_module diff --git a/lib/wpscan/db/dynamic_finders/theme.rb b/lib/wpscan/db/dynamic_finders/theme.rb index 8d8d9d4e..4cdeff7a 100644 --- a/lib/wpscan/db/dynamic_finders/theme.rb +++ b/lib/wpscan/db/dynamic_finders/theme.rb @@ -6,7 +6,7 @@ module WPScan class Theme < Plugin # @return [ Hash ] def self.db_data - @db_data ||= super['themes'] || {} + @db_data ||= raw_db_data['themes'] || {} end def self.version_finder_module diff --git a/lib/wpscan/db/dynamic_finders/wordpress.rb b/lib/wpscan/db/dynamic_finders/wordpress.rb index 8896453f..66f6f799 100644 --- a/lib/wpscan/db/dynamic_finders/wordpress.rb +++ b/lib/wpscan/db/dynamic_finders/wordpress.rb @@ -6,7 +6,7 @@ module WPScan class Wordpress < Base # @return [ Hash ] def self.db_data - @db_data ||= super['wordpress'] || {} + @db_data ||= raw_db_data['wordpress'] || {} end # @return [ Constant ] diff --git a/spec/fixtures/db/dynamic_finders.yml b/spec/fixtures/db/dynamic_finders.yml index b00f9005..f5140c01 100644 --- a/spec/fixtures/db/dynamic_finders.yml +++ b/spec/fixtures/db/dynamic_finders.yml @@ -120,6 +120,13 @@ wordpress: xpath: //comment()[contains(., "Strong Testimonials")] pattern: !ruby/regexp '/versions: WordPress (?\d+\.[\.\d]+) \|/i' version: true +themes: + zoner: + Readme: + class: BodyPattern + path: readme.txt + pattern: !ruby/regexp /= (?\d+\.[\.\d]+) =/ + version: true plugins: 10centmail-subscription-management-and-analytics: MetaTag: diff --git a/spec/fixtures/dynamic_finders/expected.yml b/spec/fixtures/dynamic_finders/expected.yml index 16d0d7b8..0a53cb87 100644 --- a/spec/fixtures/dynamic_finders/expected.yml +++ b/spec/fixtures/dynamic_finders/expected.yml @@ -103,6 +103,13 @@ wordpress: found_by: Strong Testimonials Comment (Passive Detection) interesting_entries: - 'http://wp.lab/, Match: ''versions: WordPress 4.0 |''' +themes: + zoner: + Readme: + number: 4.1.1 + found_by: Readme (Aggressive Detection) + interesting_entries: + - 'http://wp.lab/wp-content/themes/zoner/readme.txt, Match: ''= 4.1.1 =''' plugins: 10centmail-subscription-management-and-analytics: MetaTag: diff --git a/spec/fixtures/dynamic_finders/theme_version/zoner/readme/readme.txt b/spec/fixtures/dynamic_finders/theme_version/zoner/readme/readme.txt new file mode 100644 index 00000000..38272951 --- /dev/null +++ b/spec/fixtures/dynamic_finders/theme_version/zoner/readme/readme.txt @@ -0,0 +1,629 @@ +Thank you for purchasing this theme. +==================================== + +If you have any questions, please visit the support forums: +http://support.fruitfulcode.com/ + + +Changelog +==================================== += 4.1.1 = +04.07.2019 +- New: Added Google reCAPTCHA v3 +- Improvements: Message forms on the agency and property pages now have preloader spinner during sending +- Improvements: Widgets styles + += 4.1 = +12.11.2018 +- New: San-Francisco redesign (add demo content and theme options) +- Update: Social login (Google, Facebook) +- Update: Change version google map +- Update: Languages files +- Update: Zoner options update +- Update: Updating libs: murkerclusterer, markerwithlabel +- Improvements: Currency Calculator Widget functionality, new option section Currency conversion +- Improvements: Remove rel=nofollow from internal links +- Improvements: Styles improvements +- Improvements: Add pagination to archive page of Agencies +- Improvements: Multiple properties in one location' functionality +- Bugfix: Property Gallery functionality +- Bugfix: Agent Profile - My Properties +- Bugfix: Add(edit) property on front not uploaded images with upper case file extension +- Bugfix: Sign-in jquery.validate.min.js error in forgot password mode + + += 4.0 = +27.04.2018 +- New: Tested on Wordpress 4.9.5 +- New: AMP version of property pages, post pages +- Update: WPBakery Page Builder 5.4.7 +- Improvements: 'properties listing' shortcode : limitation of the number of properties +- Improvements: The Email about invite to agency : Agency name added to the subject +- Improvements: Added 'bookmark' and 'compare' buttons to the property box on the map +- Improvements: make phone numbers be link +- Bug fix: Agencies listing shortcode - warning on php7.2 +- Bug fix: Search box fields 'Property type' and 'garages' +- Bug fix: Profile upload avatar +- Bug fix: fileinput.min.css enqueue on all pages +- Bug fix: e-mail wrong user role after user registration with social login +- Bug fix: Facebook share link +- Bug fix: Get invoice info by id error +- Bug fix: Styling/Color Scheme +- Bug fix: Padding on the top of the page in mobile version on some header variations +- Bug fix: Notices and compatibility 'fun number' shortcode script +- Bug fix: vc_row template update +- Bug fix: Dummy data +- Bug fix: Theme Styles + + += 3.8 = +21.11.2017 +- New: Tested on Wordpress 4.9 +- New: Tested on PHP 7.2 +- Improvements: Header options in pages - change taxonomies checkboxes to multiselect +- Improvements: E-mail template contact-agent +- Improvements: Better WPML support +- Improvements: Renew dummy data +- Improvements: Remove paid status in membership mode +- Bug fix: Conversation system - wrong link to target user profile +- Bug fix: Timeline image width +- Bug fix: Some Warnings on PHP 7.2 +- Bug fix: Fatal error on search on PHP 7.1 +- Bug fix: RTL styles +- Bug fix: Agents listing shortcode wrong pagination and markup +- Bug fix: Wrong 'Unlimited' mark for current package in profile +- Bug fix: Not visible all packages in user profile in back-end +- Bug fix: Properties sorting - redirect page wrong params +- Bug fix: Calculator api url +- Bug fix: Property grid listing image holder +- Bug fix: 'Header map type' functionality on pages +- Bug fix: SMTP support + + += 3.7.1 = +24.08.2017 + +- New: Italian translation +- Improvements: Front-end agent profile +- Improvements: Visual Composer 5.2.1 support +- Bug fix: Deprecated function vc_generate_dependencies_attributes + + += 3.7 = +16.06.2017 + +- Bug fix: If permalink structure is plain +- Bug fix: Position of geo-location button on mobile +- Bug fix: Zoner_properties_listing_shortcode wrong query on multiselect +- Bug fix: Blog page enabling layout options +- Bug fix: Print property wrong image +- Bug fix: Choose location on front-end Add Property page with OpenStreet maps +- Bug fix: JS error on properties archive page +- Bug fix: Uncaught ReferenceError: initSubmitMap is not defined +- Bug fix: Syntax error: "Flor Plans" -> "Floor Plans" +- Bug fix: Phone number display error in agents listing page +- Improvements: Update Facebook sdk v.2.8 +- Improvements: All properties page sidebar, Quick Summary widget description, Property sidebar description + += 3.6 = +05.04.2017 + +- New: Theme Options: add enabled/disabled fields on property pages +- Improvements: Add custom filter for address line +- Improvements: Add custom user role capabilities +- Bug fix: Change property slug for tags +- Bug fix: Print property information (pdf) +- Bug fix: Adding images on front-end (add/edit property) +- Bug fix: Currency Calculator +- Bug fix: Color scheme +- Bug fix: RTL +- Bug fix: Google Map draggable on mobile +- Bug fix: Search box on full height map + += 3.5 = +18.01.2017 + +- New: Improved actions
 for adding custom fields +- New: Property page, left sidebar +- Update: Translation files +- Improvements: WPML adaptations +- Improvements: jQuery Validate translation file +- Bug fix: Problem with Advanced search Zoner +- Bug fix: Empty list of states in Nigeria +- Bug fix: select2/selectpicker conflict resolved +- Bug fix: Membership, featured properties for package don't change to empty + + += 3.4 = +14.10.2016 + +- New: Advanced color scheme +- New: Property page print button +- Improvements: Send messages on enter button +- Update: Arabic translation +- Bug fix: Agent's page items in one geographic location on map + += 3.3 = +21.09.2016 + +- New: Translation for Nederlands +- Improvements:On\off share buttons in sigle property +- Improvements: SignIn shortcode notification moved to bottom +- Bug fix: List styles in widgets +- Bug fix: Grid listing action buttons paddings and positions +- Bug fix: Dropdown error when not created menu +- Bug fix: Map style type for property & contact pages +- Bug fix: Zoner map with properties shortcode search block position in mobile +- Bug fix: Idx not correct items count + += 3.2 = +18.07.2016 + +- New: Fixed header option +- New: Properties approved by admin option +- New: Property VC shortcode auto-play option +- New: Bookmark and compare property inside in listings +- New: Share listing +- Update: TGM plugins on remove server +- Improvements: Page maps headers system +- Bug fix: Admin profile page +- Bug fix: Choose type for map add property page +- Bug fix: Sidebar selects dots style remove + += 3.1 = +01.07.2016 + +- New: Message system between users +- New: Languages for Google maps api +- New: About the Author option +- New: Add property page, step 1) and step 2) add options to add own text +- New: Spanish translation es_ES +- New: Google Maps API Key +- Update: Visual composer 4.12 +- Update: Slider Revolution 5.2.5.4 +- Update: Envato WordPress Toolkit 1.7.3 +- Update: Slider revolution export file +- Update: dummy_data.xml +- Improvements: Zoner map with properties, new option "Search form layout type: vertical search" +- Improvements: Add agent to your agency if agent exist +- Improvements: Register form shortcode +- Improvements: wp_get_current_user instead of get_currentuserinfo() +- Improvements: Additional styles for header variations on responsive +- Improvements: Rename Properties id -> Post id +- Improvements: Price on require in search results +- Bug fix: Sorting +- Bug fix: Get user name +- Bug fix: Delete account error fix +- Bug fix: Add property page, google map display in Firefox +- Bug fix: Zoner Map with properties
 shortcode on iPad +- Bug fix: Search box with carousel +- Bug fix: Packages price in email +- Bug fix: Property type icon size +- Bug fix: Change package if BACS invoice is approved by admin +- Bug fix: Empty image for open street map +- Bug fix: Revolution slider for all pages is the same as for main page +- Bug fix: Read only for map location metabox + += 3.0 = +12.04.2016 + +- New: Redux framework moved to plugin territory +- New: Visual Composer shortcode "Zoner Map with Properties" +- New: Payment method "Direct Bank Transfer" +- New: Global type of the map (Google Map or Open Street Map) +- New: Option for display property on map +- New: Popup window on map, if properties have the same address map +- New: Search by reference id in dashboard +- Improvements: Visual Composer shortcode "Property listing", Pagenavi on/off +- Improvements: Visual Composer shortcode "Property listing", Sorting on/off +- Improvements: Advanced search, Query Operator "OR, AND" +- Update: Slider Revolution 5.2.4.1 +- Update: Visual Composer 4.11.1 +- Bug fix: Properties 1px gap +- Bug fix: Agent's mobile phone +- Bug fix: Sorting by price +- Bug fix: Property sub category +- Bug fix: WPML and search results if link format /?lang=en +- Bug fix: when property approved don't send email to agent accounts + + += 2.9.1 = +12.12.2015 + +- New: Property listing shortcode, filter by city +- New: Property listing shortcode, show/hide "all properties" link +- Update: Slider Revolution 5.1.4 +- Bug fix: Add property page, add video button +- Bug fix: Add property page, css for gallery + += 2.9 = +10.12.2015 + +- New: Options for similar properties +- Update: WordPress 4.4 ready +- Update: Visual composer 4.9 +- Improvements: Gallery on frontend +- Improvements: it is not possible to delete just 1 photo in the submit property form. +- Bug fix: OSM stopped working +- Bug fix: Dashboard categories title display +- Bug fix: Map not working on mobiles after update to 2.8 +- Bug fix: RTL mobile menu position +- Bug fix: RTL and map problem +- Bug fix: Jquery validate translation file +- Bug fix: thumbnail images in footer + += 2.8.1 = +18.11.2015 + +- New: add property category in search box +- Update: Slider Revolution 5.1.1 +- Update: en_US.mo and en_US.po +- Improvements: magnific-popup with arrows +- Improvements: query criteria for similar properties +- Improvements: Print css hide sidebar on property page +- Improvements: Currency converter with google api https://www.google.com/finance/converter +- Bug fix: add_option was called with an argument that is deprecated +- Bug fix: image align +- Bug fix: empty space in owl.carousel property items +- Bug fix: WPML language switcher for RTL +- Bug fix: map and touch menu conflict + + += 2.8 = +09.11.2015 + +- New: Cities becomes a taxonomy +- Update: Visual composer 4.8.1 +- Update: demo content .xml file +- Improvements: Safe post insert add property +- Improvements: add quick edit for admin panel on property post type +- Improvements: add bulk edit for admin panel on property post type +- Bug fix: adaptive vc_row for new plugin version +- Bug fix: parse error on add property page +- Bug fix: filter by status and type in dashboard +- Bug fix: property loop page not selected +- Bug fix: Depressed function +- Bug fix: Default values in shortcode +- Bug fix: Icon shortcode, position right +- Bug fix: Agencies listing shortcode +- Bug fix: Navigation buttons not showing at Google maps on small screens +- Bug fix: open drop down menu on touch devices + += 2.7 = +06.10.2015 + +- New: Show/Hide breadcrumbs +- New: Show/Hide Page title +- Update: Visual composer 4.7.4 +- Improvement: Antispam for comments +- Bug fix: gravatar for comments +- Bug fix: reverse keyword search +- Bug fix: Rating system +- Bug fix: Images on 404 page + += 2.6 = +09.09.2015 + +- New: Propery ID metabox field. +- Improvements: Correct display if property page not choosen +- Bug fix: Grid layout featured posts first +- Bug fix: Price range for some languages +- Bug fix: Comments reply +- Update: TGM Plugin activation 2.5.2 +- Update: Visual composer 4.7 +- Update: Revolution Slider 5.0.7 +- Update: WordPress 4.3 support +- Update: Demo content .xml + + += 2.5 = +13.08.2015 + +- New: PHP validation for pages "Add property", "Create agency" +- New: Ability to delete account on front-end +- New: Featured properties, display first in listing +- New: Map with properties for agent profile +- New: Map with properties for agency profile +- New: Zoner options > General - Currency calculator, field for API key (https://currencylayer.com) +- New: Zoner options > Property - Contact agent on/off +- New: Zoner options > Header - Compare - On/Off +- New: Zoner options > Header - Add property - On/Off +- Improvements: Add subsets for Google fonts +- Improvements: WPML drop down styles +- Improvements: New comments approvement +- Improvements: Print CSS for property page +- Improvements: Welcome admin page for Redux framework +- Improvements: Social login +- Imrovements: add esc_attr and esc_url for 404 page template +- Bug fix: Default permalinks +- Bug fix: User avatar url +- Bug fix: Hide icon if property type is empty +- Bug fix: Advanced search in widget open advanced search in header +- Bug fix: Thumbnails in footer without images +- Bug fix: Loading icon on map in IE10, IE11 +- Bug fix: "Property listing shortcode" if title empty +- Update: Visual composer 4.6.2 +- Update: Slider Revolution 5.0.4 + + += 2.4.1 = +23.06.2015 + +- Bug fix: OwlCarousel after update +- Bug fix: Retina logo +- Bug fix: RTL subnavigation styles + += 2.4 = +22.06.2015 + +- New: Search by keywords +- Improvements: RTL support +- Update: Visual composer 4.5.3 +- Bug fix: Additional SMTP options +- Bug fix: Display comments for pages + += 2.3.1 = +05.06.2015 + +- Update: Visual composer 4.5.2 +- Bug fix: Theme option, home page variation +- Bug fix: Paid type "Pay for each Property" +- Bug fix: Property map, after latest update + += 2.3 = +04.06.2015 + +- New: Email SMTP options +- New: Cache for property pins on home page +- Update: TGM plugin activation 2.4.1 +- Update: Redux Framework 3.5.4.3 +- Update: Visual composer 4.5.1 +- Update: Revolution slider 4.6.93 +- Bug fix: Currency exchange +- Bug fix: Paypal packages purchase +- Bug fix: Advanced search + += 2.2 = +02.04.2015 + +- New: Additional filters for display and sorting properties on map +- New: Order by value in search fields +- New: Hide membership tab for "subsriber" role +- New: Property listing shortocde, link url added +- Update: Russial translation +- Improvements: Css styles +- Bug fix: Package limits + += 2.1.1 = +30.03.2015 + +- New: Theme options, admin bar display +- Improvements: CSS styles +- Bug fix: Membership + += 2.1 = +20.03.2015 + +- Update: Visual composer 4.4.3 +- Improvements: CSS styles +- Bug fix: Package limit +- Bug fix: Masonry grid loading + + += 2.0.1 = +04.03.2015 + +- Improvements: Timeline added sorting by ASC DESC +- Update: Visual composer 4.4.2 +- Bug fix: Frontpage and sidebar +- Bug fix: Property listing shortcode, sorting by category not working +- Bug fix: Remove recurring payment if payment system is not available +- Bug fix: Visual composer GRID elements +- Bug fix: Allow rating checked + + += 2.0 = +20.02.2015 + +- New: 14 layered PSD files +- New: Custom post type, "Membership" +- New: Custom post type, "Invoice" +- New: Paid property options +- New: Payments via Paypal & Stripe +- New: Appearance > Zoner options, "Maps" +- New: Header options for pages. +- New: Option "Allow the user to use currency localization" +- New: Widget "Currency Calculator" +- New: Slider revolution in Zoner options > Home > Variations of homepage +- New: Email template when property is approved +- New: Email template for invoice +- New: Email template for Membership packages +- New: Qatar states +- Improvements: "Property listing" shortcode, now possible to choose "type, features, status, categories" +- Improvements: Pricing filter for small prices +- Improvements: Infinite scroll for masonry grid +- Bug fix: Deleting an agency on the frontend doesn't work +- Bug fix: Drop down menu at the end +- Bug fix: Add property page, "state" field +- Bug fix: Holder images on google maps +- Bug fix: Dashboard > Properties, order by +- Bug fix: If property loop page not selected in admin panel +- Bug fix: Area units on add property page +- Update: Translations files +- Update: Documentation + += 1.9 = +14.01.15 + +- New: Currency added "Chilean Unit of Account" +- Improvements: Zoner Search property shortcode, show advanced search items +- Improvements: Agency listing shortcode new options, "show only those agencies which exist property" +- Improvements: Sign in shortcode, choose user role for login with social media +- Improvements: WPML for some special pages +- Bug fix: Delete invited agent from agency (frontend) +- Bug fix: Sorting drop down + += 1.8 = +07.01.15 + +- New: dsIDXpress support +- New: Theme option, Property, Gallery image crop on/off +- New: Chile regions +- Improvements: Area units +- Improvements: Default images added to translations +- Update: Translations files +- Bug fix: Zoner property categories ‘Show hierarchy’ +- Bug fix: Stars rating if 4 star + += 1.7.1 = +24.12.14 + +- New: Header options for pages +- New: Price format on "Add your property" page +- Improvements: Payment per month/day etc. +- Improvements: Advanced search, new ability to choose "property features" +- Bug fix: Body background +- Bug fix: Breadcrumbs +- Bug fix: Price filter + += 1.7 = +20.12.14 + +- Update: Visual composer 4.3.5 +- Update: Compatibility with WP 4.1 +- New: Option for Google map: Roadmap, Satellite, Hybrid, Terrain +- New: Option for maps in the "Add your property" page +- New: Price on request, if price is empty or 0 +- New: Email notification for administrator, when someone register on the website. +- Bug fix: Duplicates when adding agent to a agency (Backend) +- Bug fix: Agents listing shortcode, page navigation +- Bug fix: Property loop page and WPML +- Bug fix: Sign in page, click on "enter" button +- Bug fix: "Add your property" page, fields validation in Safari +- Bug fix: Drop down menu +- Bug fix: Countries select (Backend) +- Bug fix: Google map position +- Bug fix: Address field and coordinates (Frontend and Backend) + + += 1.6 = +08.12.14 + +- New: styling option 8 color schemes +- New: option create agency on/off +- New: property page, new field "Rooms" +- New: "Search location" field (front-end) +- New: option zoom for maps in General tab +- Improvements: Default maps settings now in General tab +- Improvements: add filters to property fields +- Improvements: google place property modification +- Bug fix: path to lib for Child theme +- Bug fix: remove check null value on property fields +- Bug fix: layout-property remove view all + + += 1.5 = +25.11.14 + +- New: Social login (Facebook, Google) +- New: Add Property page, Location field with map and marker for administrator (backend) +- New: Add property page, Add files field (.pdf, .doc, etc.) +- New: Currency, Venezuelan bolivar +- New: Translation Dutch Belgium (nl_BE) +- New: Slider Revolution (included as plugin) +- Improvements: Property listing shortcode, different types of display. Grid, masonry, listing +- Improvements: Agents Listing shortcode, if agent without properties (0) hide it from list +- Improvements: Property page, display payment type information +- Improvements: Email templates notifications, additional information added +- Update: ru_Ru translations +- Update: dummy_data.xml +- Bug fix: Hide border if comments off +- Bug fix: If video presentation empty, hide headline +- Bug fix: email template, message to client. Mistake in name +- Bug fix: Agents Listing shortcode, post cout desc +- Bug fix: Admin bar and thank you message in right corner position +- Bug fix: last menu item drop down +- Bug fix: Property gallery, drag and drop +- Bug fix: Theme activation, zoner.class-emails.php on line 80 + += 1.4 = +14.11.14 + +- New: Email notification for admin after new property submitted. +- New: Child theme included +- New: zoner.pot included +- New: Sort by random for "Properties page" +- Update: Russian translation +- Bug fix: Breadcrumbs on specific pages +- Bug fix: Drop down menu in top position +- Bug fix: Carousel responsive version + + += 1.3 = +10.11.14 + +- New: Compare properties +- New: Theme options, new tab "Bookmarks". Information about who from users added property to bookmarks, for admin. +- New: Theme options, new tab "Advanced Search" +- New: Value for area, ft2 +- New: Thank you page, after submit property via frontend. +- New: Administrator should approve property before they will be available in directory. +- New: Disctrict field for search form. +- Improvements: Theme options, "Home page" new template switcher. +- Improvements: Registration form, password field removed. +- Improvements: Registration form, password will be send on registered user email. +- Improvements: Code optimization +- Bug fix: Different email templates for user and agent +- Bug fix: Drop downs max height +- Update: Demo content .xml file + + += 1.2 = +30.10.14 + +- New: Property page, new field "District" +- New: Theme options, specific country option +- New: Search form, new option field "Area" +- New: Additional options for slider on home page +- Improvements: Theme options, new section for "Search form" +- Improvements: "Property listing" shortcode, Order by "asc" "desc" +- Improvements: Css optimization +- Bug fix: Price filter, curency symbol removed +- Bug fix: Price filter, changed minimum value +- Bug fix: Agency name + + += 1.1 = +23.10.14 + +- New: Search box fields, drag and drop configuration +- New: Theme options tab "Home page" +- New: Variation of home page, "Google Map with Horizontal Search Box" +- New: Variation of home page, "Google Map with Advanced Horizontal Search Box" +- New: Variation of home page, "Open street map with Horizontal Search Box" +- New: Variation of home page, "Open street with Advanced Horizontal Search Box" +- New: Variation of home page, "Property Slider with Horizontal Search Box" +- New: Variation of home page, "Property Slider with Advanced Horizontal Search Box" +- Improvements: "Property listing" shortcode, Property typed added +- Improvements: "Property listing" shortcode, Property ID added +- Bug fix: Pricing filter with big amounts +- Bug fix: favourites for admin +- Bug fix: carousel on resize +- Bug fix: email newsletter, update images +- Bug fix: Crop thumbnail for agency profile +- Update: Documentation + + += 1.0.1 = +19.10.14 + +- Bug fix: Add property, front-end marker display. +- Bug fix: Add to Bookmarks, display for admin. +- Bug fix: Display carousel on laptops +- Imrovements: Css optimization + + += 1.0 = +03.10.14 + +- Initial release diff --git a/spec/lib/db/dynamic_finders/theme_spec.rb b/spec/lib/db/dynamic_finders/theme_spec.rb index 0950b144..ceb6c8c3 100644 --- a/spec/lib/db/dynamic_finders/theme_spec.rb +++ b/spec/lib/db/dynamic_finders/theme_spec.rb @@ -3,5 +3,6 @@ describe WPScan::DB::DynamicFinders::Theme do subject(:dynamic_finders) { described_class } + # Most of it is done in the Plugin specs xit end diff --git a/spec/lib/finders/dynamic_finder/plugin_version_spec.rb b/spec/lib/finders/dynamic_finder/plugin_version_spec.rb index bf68fd87..18d84811 100644 --- a/spec/lib/finders/dynamic_finder/plugin_version_spec.rb +++ b/spec/lib/finders/dynamic_finder/plugin_version_spec.rb @@ -4,7 +4,7 @@ # When adding one to the spec/fixtures/db/dynamic_finder.yml, a few files have # to be edited/created # -# - spec/fixtures/dynamic_finder/plugin_version/expected.yml with the expected result/s +# - spec/fixtures/dynamic_finder/expected.yml with the expected result/s # - Then, depending on the finder class used: spec/fixtures/dynamic_finder/plugin_version/ # # Furthermore, the fixtures files _passive_all.html are also used by plugins/themes diff --git a/spec/lib/finders/dynamic_finder/theme_version_spec.rb b/spec/lib/finders/dynamic_finder/theme_version_spec.rb new file mode 100644 index 00000000..8d25ef83 --- /dev/null +++ b/spec/lib/finders/dynamic_finder/theme_version_spec.rb @@ -0,0 +1,146 @@ +# frozen_string_literal: true + +# All Theme Dynamic Finders returning a Version are tested here. +# When adding one to the spec/fixtures/db/dynamic_finder.yml, a few files have +# to be edited/created +# +# - spec/fixtures/dynamic_finder/expected.yml with the expected result/s +# - Then, depending on the finder class used: spec/fixtures/dynamic_finder/theme_version/ +# +# Furthermore, the fixtures files _passive_all.html are also used by plugins/themes +# finders in spec/app/finders/plugins|themes to check the items existence from the homepage +# +# In case of a failure, it's recommended to use rspec -e "" while fixing. +# e.g: rspec -e "WPScan::Finders::ThemeVersion::Cardealerpress::HeaderPattern#passive" +# The -e option can also be used to test all HeaderPattern, for example: rspec -e "::HeaderPattern" + +expected_all = df_expected_all['themes'] + +WPScan::DB::DynamicFinders::Theme.create_versions_finders + +describe 'Try to create the finders twice' do + it 'does not raise an error when the class already exists' do + expect { WPScan::DB::DynamicFinders::Theme.create_versions_finders }.to_not raise_error + end +end + +WPScan::DB::DynamicFinders::Theme.versions_finders_configs.each do |slug, configs| + configs.each do |finder_class, config| + finder_super_class = config['class'] || finder_class + + # The QueryParameter specs are slow given the huge fixture file + # If someone find a fix for that, please share! + describe df_tested_class_constant('ThemeVersion', finder_class, slug), slow: true do + subject(:finder) { described_class.new(theme) } + let(:theme) { WPScan::Model::Theme.new(slug, target) } + let(:target) { WPScan::Target.new('http://wp.lab/') } + let(:fixtures) { DYNAMIC_FINDERS_FIXTURES.join('theme_version') } + + let(:expected) do + if expected_all[slug][finder_class].is_a?(Hash) + [expected_all[slug][finder_class]] + else + expected_all[slug][finder_class] + end + end + + let(:stubbed_response) { { body: 'aa' } } + + before do + allow(target).to receive(:content_dir).and_return('wp-content') + + # When creating a theme, the style.css is checked, let's stub that + stub_request(:get, target.url("wp-content/themes/#{slug}/style.css")) + end + + describe '#passive', slow: true do + before { stub_request(:get, target.url).to_return(stubbed_response) } + + if config['path'] + context 'when PATH' do + it 'returns nil' do + expect(finder.passive).to eql nil + end + end + else + context 'when no PATH' do + context 'when the version is detected' do + let(:stubbed_response) do + df_stubbed_response( + fixtures.join("#{finder_super_class.underscore}_passive_all.html"), + finder_super_class + ) + end + + it 'returns the expected version/s from the homepage' do + found = [*finder.passive] + + expect(found).to_not be_empty + + found.each_with_index do |version, index| + expected_version = expected.at(index) + + expect(version).to be_a WPScan::Model::Version + expect(version.number).to eql expected_version['number'].to_s + expect(version.found_by).to eql expected_version['found_by'] + expect(version.interesting_entries).to match_array expected_version['interesting_entries'] + + expect(version.confidence).to eql expected_version['confidence'] if expected_version['confidence'] + end + end + end + + context 'when the version is not detected' do + it 'returns nil or an empty array' do + expect(finder.passive).to eql finder_super_class == 'QueryParameter' ? [] : nil + end + end + end + end + end + + describe '#aggressive' do + let(:fixtures) { super().join(slug, finder_class.underscore) } + + before do + stub_request(:get, theme.url(config['path'])).to_return(stubbed_response) if config['path'] + end + + if config['path'] + context 'when the version is detected' do + let(:stubbed_response) do + df_stubbed_response(fixtures.join(config['path']), finder_super_class) + end + + it 'returns the expected version' do + found = [*finder.aggressive] + + expect(found).to_not be_empty + + found.each_with_index do |version, index| + expected_version = expected.at(index) + + expect(version).to be_a WPScan::Model::Version + expect(version.number).to eql expected_version['number'].to_s + expect(version.found_by).to eql expected_version['found_by'] + expect(version.interesting_entries).to match_array expected_version['interesting_entries'] + + expect(version.confidence).to eql expected_version['confidence'] if expected_version['confidence'] + end + end + end + + context 'when the version is not detected' do + it 'returns nil or an empty array' do + expect(finder.aggressive).to eql finder_super_class == 'QueryParameter' ? [] : nil + end + end + else + it 'returns nil' do + expect(finder.aggressive).to eql nil + end + end + end + end + end +end diff --git a/spec/shared_examples/dynamic_finders/wp_items.rb b/spec/shared_examples/dynamic_finders/wp_items.rb index 50241955..8d998a56 100644 --- a/spec/shared_examples/dynamic_finders/wp_items.rb +++ b/spec/shared_examples/dynamic_finders/wp_items.rb @@ -32,7 +32,7 @@ shared_examples WPScan::Finders::DynamicFinder::WpItems::Finder do context 'when matches' do let(:body) { File.read(passive_fixture) } - it 'contains the expected plugins' do + it 'contains the expected items' do expected = [] finder.passive_configs.each do |slug, configs| @@ -89,7 +89,7 @@ shared_examples WPScan::Finders::DynamicFinder::WpItems::Finder do end end - it 'returns the expected plugins' do + it 'returns the expected items' do expect(finder.aggressive).to match_array(@expected.map { |item| eql(item) }) end end