garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: garfield:2.6
Branches Tags
garfield:master garfield:dependabot/bundler/rubocop-tw-1.59.0 garfield:dfs garfield:fix/handle-invalid-wp-json-response garfield:fix/non-latin-character-slugs garfield:dependabot/bundler/rubocop-performance-tw-1.19.1 garfield:dependabot/github_actions/docker/login-action-3.0.0 garfield:dependabot/github_actions/docker/setup-qemu-action-3 garfield:dependabot/github_actions/docker/build-push-action-5 garfield:dependabot/github_actions/docker/setup-buildx-action-3 garfield:fix/gem-push garfield:revert-1757-master garfield:dependabot/bundler/simplecov-tw-0.22.0 garfield:gh-pages garfield:3.9.0 garfield:v2 garfield:plugin-backup-folder
garfield:v3.8.25 garfield:v3.8.24 garfield:v3.8.23 garfield:v3.8.22 garfield:v3.8.21 garfield:v3.8.20 garfield:v3.8.19 garfield:v3.8.18 garfield:v3.8.17 garfield:v3.8.16 garfield:v3.8.15 garfield:v3.8.14 garfield:v3.8.13 garfield:v3.8.12 garfield:v3.8.11 garfield:v3.8.10 garfield:v3.8.9 garfield:v3.8.8 garfield:v3.8.7 garfield:v3.8.6 garfield:v3.8.5 garfield:v3.8.4 garfield:v3.8.3 garfield:v3.8.2 garfield:v3.8.1 garfield:v3.8.0 garfield:v3.7.11 garfield:v3.7.10 garfield:v3.7.9 garfield:v3.7.8 garfield:v3.7.7 garfield:v3.7.6 garfield:v3.7.5 garfield:v3.7.4 garfield:v3.7.3 garfield:v3.7.2 garfield:v3.7.1 garfield:v3.7.0 garfield:v3.6.3 garfield:v3.6.2 garfield:v3.6.1 garfield:v3.6.0 garfield:v3.5.5 garfield:v3.5.4 garfield:v3.5.3 garfield:v3.5.2 garfield:v3.5.1 garfield:v3.5.0 garfield:v3.4.5 garfield:v3.4.4 garfield:v3.4.3 garfield:v3.4.2 garfield:v3.4.1 garfield:v3.4.0 garfield:v3.3.3 garfield:v3.3.2 garfield:v3.3.1 garfield:3.3.0 garfield:2.9.4 garfield:2.9.3 garfield:2.9.2 garfield:2.9.1 garfield:2.9 garfield:2.8 garfield:2.7 garfield:2.6 garfield:2.5.1 garfield:2.5 garfield:2.4.1 garfield:2.4 garfield:2.3 garfield:2.2 garfield:2.1
..
compare: garfield:2.8
Branches Tags
garfield:dependabot/bundler/rubocop-tw-1.59.0 garfield:master garfield:dfs garfield:fix/handle-invalid-wp-json-response garfield:fix/non-latin-character-slugs garfield:dependabot/bundler/rubocop-performance-tw-1.19.1 garfield:dependabot/github_actions/docker/login-action-3.0.0 garfield:dependabot/github_actions/docker/setup-qemu-action-3 garfield:dependabot/github_actions/docker/build-push-action-5 garfield:dependabot/github_actions/docker/setup-buildx-action-3 garfield:fix/gem-push garfield:revert-1757-master garfield:dependabot/bundler/simplecov-tw-0.22.0 garfield:gh-pages garfield:3.9.0 garfield:v2 garfield:plugin-backup-folder
garfield:v3.8.25 garfield:v3.8.24 garfield:v3.8.23 garfield:v3.8.22 garfield:v3.8.21 garfield:v3.8.20 garfield:v3.8.19 garfield:v3.8.18 garfield:v3.8.17 garfield:v3.8.16 garfield:v3.8.15 garfield:v3.8.14 garfield:v3.8.13 garfield:v3.8.12 garfield:v3.8.11 garfield:v3.8.10 garfield:v3.8.9 garfield:v3.8.8 garfield:v3.8.7 garfield:v3.8.6 garfield:v3.8.5 garfield:v3.8.4 garfield:v3.8.3 garfield:v3.8.2 garfield:v3.8.1 garfield:v3.8.0 garfield:v3.7.11 garfield:v3.7.10 garfield:v3.7.9 garfield:v3.7.8 garfield:v3.7.7 garfield:v3.7.6 garfield:v3.7.5 garfield:v3.7.4 garfield:v3.7.3 garfield:v3.7.2 garfield:v3.7.1 garfield:v3.7.0 garfield:v3.6.3 garfield:v3.6.2 garfield:v3.6.1 garfield:v3.6.0 garfield:v3.5.5 garfield:v3.5.4 garfield:v3.5.3 garfield:v3.5.2 garfield:v3.5.1 garfield:v3.5.0 garfield:v3.4.5 garfield:v3.4.4 garfield:v3.4.3 garfield:v3.4.2 garfield:v3.4.1 garfield:v3.4.0 garfield:v3.3.3 garfield:v3.3.2 garfield:v3.3.1 garfield:3.3.0 garfield:2.9.4 garfield:2.9.3 garfield:2.9.2 garfield:2.9.1 garfield:2.9 garfield:2.8 garfield:2.7 garfield:2.6 garfield:2.5.1 garfield:2.5 garfield:2.4.1 garfield:2.4 garfield:2.3 garfield:2.2 garfield:2.1

117 Commits
2.6 ... 2.8

Author SHA1 Message Date
ethicalhack3r
5902a483b4 Ready for release version 2.8 #834 2015-06-22 18:56:37 +02:00
Christian Mehlmauer
ca73e4b93e fix some code styling issues 2015-06-21 11:05:25 +02:00
Christian Mehlmauer
ace64d88ce Merge branch 'master' of github.com:wpscanteam/wpscan 2015-06-21 11:03:55 +02:00
Christian Mehlmauer
4cc9f7c8b5 merge 2015-06-21 11:03:51 +02:00
Christian Mehlmauer
f4f1390b67 fix some code styling issues 2015-06-21 10:59:57 +02:00
erwanlr
14115761f9 Uses the URI.join to determine the redirection URL - Fix #829 2015-06-18 20:48:43 +01:00
Peter
ac3409e376 Update CHANGELOG 2015-06-18 21:07:12 +02:00
Ryan Dewhurst
2657e5050f Merge pull request #830 from mrnfrancesco/fix-issue-815 
Fix issue 815
 2015-06-04 09:46:26 +02:00
ethicalhack3r
3d6e5b2b9e Continue if user chooses not to update + db exists 2015-06-03 16:42:23 +02:00
ethicalhack3r
bdd6b9727d Dont update if user chooses default + no DBs exist 2015-06-03 16:40:04 +02:00
Francesco Marano
6c8172c7cf Removed Time.parse('2000-01-01') expedient 2015-06-03 16:03:01 +02:00
Francesco Marano
ae5bae9899 Capitalised 'Last db update' in 'Last DB update' 2015-06-03 15:52:33 +02:00
Francesco Marano
b6bf306042 Removed unnecessary 'return' and '()' 2015-06-03 15:43:58 +02:00
Francesco Marano
9c5196dfec Added last db update to --version option (see #815) 2015-06-03 15:33:14 +02:00
Francesco Marano
3d7b8592ea Defined function to get last db update and removed redundant code 2015-06-03 15:32:34 +02:00
Christian Mehlmauer
e03f7691f2 switch to mitre 2015-05-24 09:02:26 +02:00
Christian Mehlmauer
7a54ac62d6 output path 2015-05-21 23:16:33 +02:00
Christian Mehlmauer
8db06d37d2 check if method exist 2015-05-16 08:21:32 +02:00
Christian Mehlmauer
5ee5e76544 new link types 2015-05-15 22:34:24 +02:00
Christian Mehlmauer
090cd999cb fix rspec 2015-05-12 22:36:07 +02:00
Christian Mehlmauer
50b75354e0 #796, do not swallow exit code 2015-05-12 21:51:15 +02:00
Christian Mehlmauer
c7b6b25851 removed debug output 2015-05-12 21:29:21 +02:00
Christian Mehlmauer
b931df654d fix #796 2015-05-12 21:28:12 +02:00
erwanlr
b5d5c4177d Removes potential spaces in robots.txt entries - Ref #819 2015-05-08 09:50:51 +01:00
Christian Mehlmauer
b22550ea55 fix #814 2015-05-01 22:15:58 +02:00
Christian Mehlmauer
04d50ebea5 more logic 2015-05-01 13:14:23 +02:00
Christian Mehlmauer
202180909c warn the user to update his DB files 2015-05-01 11:29:03 +02:00
erwanlr
0d806e6d74 Ignores potential non version chars in theme version detection - Fixes #816 2015-05-01 09:56:18 +01:00
erwanlr
54f31ebe7f Merge branch 'master' of github.com:wpscanteam/wpscan 2015-05-01 09:50:45 +01:00
erwanlr
227a39d2fa Updates the theme detection pattern - Ref #816 2015-05-01 09:50:20 +01:00
Christian Mehlmauer
99d8faa38b switch from gnutls to openssl 2015-04-30 23:45:10 +02:00
Christian Mehlmauer
9a7afe1549 option to hide banner 2015-04-30 21:39:03 +02:00
erwanlr
e6751e0d89 Remove potential new line at the end of .sha512 files during the update 2015-04-25 15:27:13 +01:00
ethicalhack3r
371f1df830 Remove www subdomain from wpvulndb.com link 2015-04-24 10:12:15 +02:00
Peter
8e1ba352ee Singular and plural sentences 2015-04-21 20:33:32 +02:00
ethicalhack3r
7ebfe42eb2 Install bundler gem README 2015-04-17 16:25:17 +02:00
ethicalhack3r
df514d3b9f Update to Ruby 2.2.2 2015-04-16 18:52:25 +02:00
erwanlr
acae16e7ee Adds the missing spec file - Ref #804 2015-04-15 18:38:57 +01:00
erwanlr
deb8508ea5 Updates the Theme detection pattern - Fixes #804 2015-04-15 18:37:23 +01:00
erwanlr
a4bbf41086 Forces UTF-8 encoding when enumerating usernames - Fixes #801 2015-04-11 12:26:15 +01:00
erwanlr
4fbc535b0c Increases default connect-timeout to 10s - Fixes #803 2015-04-10 16:58:21 +01:00
Ryan Dewhurst
36f6f98ce7 Merge pull request #802 from wpscanteam/remove_wpstoools 
Remove wpstools #793
 2015-04-10 14:29:57 +02:00
ethicalhack3r
21cc7d604c Remove wpstools #793 2015-04-10 13:43:11 +02:00
erwanlr
44207161e6 Also check for potential timed out requests when updating - Ref #797 2015-04-03 17:48:59 +01:00
erwanlr
dc20ef0754 Increases the timeout values - Ref #797 2015-04-03 17:10:07 +01:00
erwanlr
413ee7a6d3 Adds the HttpError exception - Fixes #792 2015-04-03 16:22:28 +01:00
Christian Mehlmauer
5b94714ca7 remove GHOST warning, fixes #795 2015-04-03 17:00:17 +02:00
Christian Mehlmauer
3675fe1ed7 whitespace 2015-04-03 16:45:41 +02:00
erwanlr
e074a03c40 Fixes Indentation 2015-04-03 12:29:27 +01:00
erwanlr
a7860f72a2 Merge pull request #798 from surfer190/master 
Add db checksum to verbose logging during update
 2015-04-03 12:25:16 +01:00
surfer190
4b587593ee Add db checksum to verbose logging during update 2015-04-03 10:27:26 +02:00
Christian Mehlmauer
0aa8a97070 additional output 2015-04-02 07:17:58 +02:00
Christian Mehlmauer
3c16f84853 even more output 2015-04-02 00:34:44 +02:00
Christian Mehlmauer
346898e549 more output 2015-04-02 00:21:53 +02:00
erwanlr
bcef4b2de7 Fixes #791 - Rogue character causing the scan of non-wordpress site to crash 2015-04-01 13:09:10 +01:00
erwanlr
e42bf7fd7c Consider the target down after 30 requests timed out requests instead of 10 - Fixes 790 2015-04-01 09:25:17 +01:00
Christian Mehlmauer
48cd0602d8 do not build gh-pages branch 2015-03-30 22:00:39 +02:00
Christian Mehlmauer
814e837ae5 No rdoc and no ri for gems 2015-03-30 21:58:28 +02:00
erwanlr
a58b34eba8 Updates request timeout values to realistic ones (and in seconds) 2015-03-30 16:08:49 +01:00
ethicalhack3r
7d790f8f79 Add blackarch to readme. Fix #789 2015-03-30 16:44:27 +02:00
ethicalhack3r
7cf06f4989 Updated data file #784 2015-03-16 18:35:57 +01:00
ethicalhack3r
61381b7168 Update changelog, change version number #784 2015-03-16 10:49:54 +01:00
Christian Mehlmauer
df598c5900 fix for custom content dir 2015-03-14 16:03:48 +01:00
ethicalhack3r
aed74e029a Update Ruby to 2.2.1 2015-03-03 15:09:32 +01:00
erwanlr
6e01e1b9da Merge pull request #774 from berotti3/berotti3-wpscan 
Updates the Username detection pattern
 2015-02-21 12:56:06 +00:00
berotti3
42f278aafe Available take username for wordpress 3.0 or lower. 2015-02-21 15:48:28 +09:00
Christian Mehlmauer
884f64addb move version detection to seperate function and change line endings 2015-02-18 18:37:47 +01:00
erwanlr
0c9cf4ddd5 Changes the GHOST warning message to a notice one - Fixes #771 2015-02-13 16:54:02 +01:00
erwanlr
f6dfe0e8dd Avoid iterating over all the vuln items once the right one has been found 2015-02-12 18:57:16 +01:00
ethicalhack3r
9f4ca1add7 Update databases from wpvulnsb.com 2015-02-06 00:21:13 +01:00
ethicalhack3r
1f6edc5852 Add link to ghost msf module #763 2015-02-02 15:36:27 +01:00
ethicalhack3r
a74017f595 Fix #764 2015-01-30 16:18:28 +01:00
Ryan Dewhurst
89bc7609ea Merge pull request #762 from Pablohn26/patch-1 
Add patch dependency to fedora installation
 2015-01-30 15:45:20 +01:00
ethicalhack3r
2c93c8ef6d Update Ruby version in RVM docs 2015-01-30 15:32:03 +01:00
erwanlr
bfe370fa50 Adds a line about GHOST when XMLRPC is enabled, Fixes #763 2015-01-30 12:02:59 +01:00
Pablo Hinojosa
3b4850e1ba Add patch dependency to fedora installation 2015-01-28 18:52:02 +01:00
erwanlr
b2d1c25b8e Uses inline if 2015-01-26 18:19:49 +01:00
erwanlr
093598ac99 Fixes #760 2015-01-26 18:16:50 +01:00
erwanlr
585d22be46 Adds security-protection plugin detection - Fixes #747 2015-01-25 15:16:11 +01:00
erwanlr
9361cf4b00 Adds a global requests counter - Fixes #746 2015-01-22 21:08:09 +01:00
erwanlr
298e9130dd Fixes #754 2015-01-22 19:48:01 +01:00
Christian Mehlmauer
41ae47f065 sync license 2015-01-21 21:53:54 +01:00
ethicalhack3r
41f7fe1554 Markdown formatting 2015-01-21 17:57:06 +01:00
ethicalhack3r
965be1c0f3 New license 2015-01-21 17:52:34 +01:00
Ryan Dewhurst
fa8ac37e8b New LICENSE 2015-01-21 17:50:02 +01:00
Christian Mehlmauer
d7975b6192 version detection 2015-01-20 15:14:32 +01:00
Christian Mehlmauer
0a0fe55427 improve regex and more samples 2015-01-20 00:35:46 +01:00
Christian Mehlmauer
8e08a20178 missing ? 2015-01-20 00:06:34 +01:00
Christian Mehlmauer
9dd44808ec detect even more 2015-01-20 00:04:49 +01:00
Christian Mehlmauer
507cf1d511 fix regex 2015-01-19 23:41:51 +01:00
Christian Mehlmauer
53f3ce8b1f advanced version detection 2015-01-19 23:38:26 +01:00
erwanlr
2d39e5b1fa Ensures timeouts given to Typhoeus are Integers - Fixes #753 2015-01-18 20:14:41 +01:00
ethicalhack3r
60716dcf81 Update CREDITS 2015-01-11 12:06:51 +01:00
Christian Mehlmauer
82141c2535 refine version detection regex 2015-01-08 23:42:15 +01:00
Christian Mehlmauer
3d6de3fe75 refine version detection regex 2015-01-08 23:34:19 +01:00
erwanlr
03ab396353 Ensures that the version detected by stylesheets is present more than once. Ref #478 2015-01-08 23:26:36 +01:00
erwanlr
6221601376 Fixes a typo 2015-01-08 22:53:14 +01:00
erwanlr
71fdef45c9 Adds passive WP version detection from stylesheets. Fix #478 - Ref #750 2015-01-08 20:45:15 +01:00
ethicalhack3r
147a9e4968 Recommend random-agent on 403 2015-01-08 15:07:02 +01:00
ethicalhack3r
8f7b56da32 Fix typo 2015-01-08 14:15:34 +01:00
ethicalhack3r
4ef2452083 Update Typhoeus to 0.7.0 2015-01-08 14:14:07 +01:00
erwanlr
70cfa03ee8 Adds Addressable to the Gemfile 2015-01-07 10:35:26 +01:00
erwanlr
5bd3d4fd96 Merge pull request #749 from dctabuyz/master 
wp_must_use_plugins.rb fix page hash calculation & encode IDN
 2015-01-07 10:33:36 +01:00
dctabuyz
c0fe02efb9 Merge pull request #2 from dctabuyz/useActualRubyVersion 
use actual ruby interpreter
 2015-01-07 14:03:54 +05:00
dctabuyz
b0f4843526 Merge pull request #1 from dctabuyz/encodeIDN 
IDN support: encode non-ascii domain names
 2015-01-07 14:03:50 +05:00
dctabuyz
a9e161268c IDN support: encode non-ascii domain names 2015-01-07 12:55:26 +05:00
dctabuyz
cbad8857bd use actual ruby interpreter 2015-01-07 12:34:27 +05:00
dctabuyz
5adefda286 Digest::MD5.hexdigest replaced by WebSite.page_hash 2015-01-06 23:05:57 +03:00
dctabuyz
265bfcd7c8 calculate page hash only if response code is valid 2015-01-06 19:11:57 +03:00
dctabuyz
b81a4987d9 fix page hash calculation 2015-01-06 19:10:22 +03:00
ethicalhack3r
6b9c9eb0ed Build icon pointing to CMSScanner 2015-01-02 18:57:14 +01:00
ethicalhack3r
4f82d618dc Ruby 2.2.0 changes #748 2015-01-02 18:19:07 +01:00
ethicalhack3r
b7f7bdb9ac Fix specs #748 2015-01-02 18:17:45 +01:00
ethicalhack3r
c5136fd330 Update copyright date range 2015-01-02 17:00:13 +01:00
Peter
e7e0e886fc Better readable sentence 2015-01-02 13:09:11 +01:00
erwanlr
42e8ab1680 Updates the version pattern to allow letters in the format - Ref #745 2015-01-01 20:13:33 +01:00
erwanlr
ab7b7de60a Detects version in a release date format - Fixes #745 2015-01-01 19:45:10 +01:00
92 changed files with 4973 additions and 1461 deletions
Expand all files Collapse all files

2
.ruby-version
View File

@@ -1 +1 @@
2.1.5
2.2.2

9
.travis.yml
View File

@@ -9,6 +9,11 @@ rvm:
- 2.1.3
- 2.1.4
- 2.1.5
- 2.2.0
- 2.2.1
- 2.2.2
before_install:
- "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
script: bundle exec rspec
notifications:
email:
@@ -16,3 +21,7 @@ notifications:
matrix:
allow_failures:
- rvm: 1.9.2
# do not build gh-pages branch
branches:
except:
- gh-pages

89
CHANGELOG.md
View File

@@ -1,6 +1,93 @@
# Changelog
## Master
[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.6...master)
[Work in progress](https://github.com/wpscanteam/wpscan/compare/2.8...master)
## Version 2.8
Released: 2015-06-22
New
* Warn the user to update his DB files
* Added last db update to --version option (see #815)
* Add db checksum to verbose logging during update
* Option to hide banner
* Continue if user chooses not to update + db exists
* Don't update if user chooses default + no DBs exist
* Updates request timeout values to realistic ones (and in seconds)
Removed
* Removed `Time.parse('2000-01-01')` expedient
* Removed unnecessary 'return' and '()'
* Removed debug output
* Removed wpstools
General core
* Update to Ruby 2.2.2
* Switch to mitre
* Install bundler gem README
* Switch from gnutls to openssl
Fixed issues
* Fix #789 - Add blackarch to readme
* Fix #790 - Consider the target down after 30 requests timed out requests instead of 10
* Fix #791 - Rogue character causing the scan of non-wordpress site to crash
* Fix #792 - Adds the HttpError exception
* Fix #795 - Remove GHOST warning
* Fix #796 - Do not swallow exit code
* Fix #797 - Increases the timeout values
* Fix #801 - Forces UTF-8 encoding when enumerating usernames
* Fix #803 - Increases default connect-timeout to 10s
* Fix #804 - Updates the Theme detection pattern
* Fix #816 - Ignores potential non version chars in theme version detection
* Fix #819 - Removes potential spaces in robots.txt entries
WPScan Database Statistics:
* Total vulnerable versions: 98
* Total vulnerable plugins: 1076
* Total vulnerable themes: 361
* Total version vulnerabilities: 1104
* Total plugin vulnerabilities: 1763
* Total theme vulnerabilities: 443
## Version 2.7
Released: 2015-03-16
New
* Detects version in release date format
* Copyrights updated
* WP version detection from stylesheets
* New license
* Global HTTP request counter
* Add security-protection plugin detection
* Add GHOST warning if XMLRPC enabled
* Update databases from wpvulndb.com
* Enumerate usernames from WP <= 3.0 (thanks berotti3)
Removed
* README.txt
General core
* Update to Ruby 2.2.1
* Update to Ruby 2.2.0
* Add addressable gem
* Update Typhoeus gem to 0.7.0
* IDN support: encode non-ascii domain names (thanks dctabuyz)
* Improve page hash calculation (thanks dctabuyz)
* Version detection regex improved
Fixed issues
* Fix #745 - Plugin version pattern in readme.txt file not detected
* Fix #746 - Add a global counter for all active requests to server.
* Fix #747 - Add 'security-protection' plugin to wp_login_protection module
* Fix #753 - undefined method `round' for "10":String for request or connect timeouts
* Fix #760 - typhoeus issue (infinite loop)
WPScan Database Statistics:
* Total vulnerable versions: 89
* Total vulnerable plugins: 953
* Total vulnerable themes: 329
* Total version vulnerabilities: 1070
* Total plugin vulnerabilities: 1451
* Total theme vulnerabilities: 378
## Version 2.6
Released: 2014-12-19

6
CREDITS
View File

@@ -1,12 +1,12 @@
**CREDITS**
This file is to give credit to WPScan's contributors. If you feel your name should be in here, email ryandewhurst at gmail.
This file is used to state the individual WPScan Team members (core developers) and give credit to WPScan's other contributors. If you feel your name should be in here email wpscanteam@gmail.com.
*WPScan Team*
Erwan.LR - @erwan_lr - (Project Developer)
Christian Mehlmauer - @_FireFart_ - (Project Developer)
Peter van der Laan - pvdl - (Vuln Hunter and Code Cleaner)
Peter van der Laan - pvdl - (Project Developer)
Ryan Dewhurst - @ethicalhack3r (Project Lead)
*Other Contributors*
@@ -18,4 +18,4 @@ Callum Pember - Implemented proxy support - callumpember at gmail.com
g0tmi1k - Additional timthumb checks + bug reports
Melvin Lammerts - Reported a couple of fake vulnerabilities - melvin at 12k.nl
Paolo Perego - @thesp0nge - Basic authentication
Gianluca Brindisi - @gbrindisi - Project Developer
Gianluca Brindisi - @gbrindisi - Ex Project Developer

5
Gemfile
View File

@@ -1,7 +1,8 @@
source 'https://rubygems.org'
gem 'typhoeus', '~>0.6.8'
gem 'typhoeus', '~>0.7.0'
gem 'nokogiri'
gem 'addressable'
gem 'json'
gem 'terminal-table'
gem 'ruby-progressbar', '>=1.6.0'
@@ -9,6 +10,6 @@ gem 'ruby-progressbar', '>=1.6.0'
group :test do
gem 'webmock', '>=1.17.2'
gem 'simplecov'
gem 'rspec', '>=3.0'
gem 'rspec', '>= 3.3.0'
gem 'rspec-its'
end

75
LICENSE
View File

@@ -1,21 +1,70 @@
The WPScan software and its data (henceforth both referred to simply as "WPScan") is dual-licensed - copyright 2011-2014 The WPScan Team.
WPScan Public Source License
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, the system can be used under the terms of the GNU General Public License.
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
Cases of commercialization are:
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
- Using WPScan to provide commercial managed/Software-as-a-Service services.
- Distributing WPScan as a commercial product or as part of one.
- Using WPScan as a value added service/product.
1. Definitions
Cases which do not require a commercial license, and thus fall under the terms of GNU General Public License, include (but are not limited to):
1.1 “License” means this document.
1.2 “Contributor” means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
1.3 “WPScan Team” means WPScans core developers, an updated list of whom can be found within the CREDITS file.
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit. So long as that does not conflict with the commercialization clause.
- Using WPScan to test your own systems.
- Any non-commercial use of WPScan.
2. Commercialization
If you need to acquire a commercial license or are unsure about whether you need to acquire a commercial license, please get in touch, we will be happy to clarify things for you and work with you to accommodate your requirements.
A commercial use is one intended for commercial advantage or monetary compensation.
wpscanteam at gmail.com
Example cases of commercialization are:
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
- Using WPScan to provide commercial managed/Software-as-a-Service services.
- Distributing WPScan as a commercial product or as part of one.
- Using WPScan as a value added service/product.
Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
- Using WPScan to test your own systems.
- Any non-commercial use of WPScan.
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - wpscanteam@gmail.com.
We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
Free-use Terms and Conditions;
3. Redistribution
Redistribution is permitted under the following conditions:
- Unmodified License is provided with WPScan.
- Unmodified Copyright notices are provided with WPScan.
- Does not conflict with the commercialization clause.
4. Copying
Copying is permitted so long as it does not conflict with the Redistribution clause.
5. Modification
Modification is permitted so long as it does not conflict with the Redistribution clause.
6. Contributions
Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
7. Support
WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
8. Disclaimer of Warranty
WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
9. Limitation of Liability
To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
10. Disclaimer
Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.

292
README
View File

@@ -1,292 +0,0 @@
__________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
__________________________________________________
==LICENSE==
The WPScan software and its data (henceforth both referred to simply as "WPScan") is dual-licensed - copyright 2011-2014 The WPScan Team.
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, the system can be used under the terms of the GNU General Public License.
Cases of commercialization are:
- Using WPScan to provide commercial managed/Software-as-a-Service services.
- Distributing WPScan as a commercial product or as part of one.
- Using WPScan as a value added service/product.
Cases which do not require a commercial license, and thus fall under the terms of GNU General Public License, include (but are not limited to):
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit. So long as that does not conflict with the commercialization clause.
- Using WPScan to test your own systems.
- Any non-commercial use of WPScan.
If you need to acquire a commercial license or are unsure about whether you need to acquire a commercial license, please get in touch, we will be happy to clarify things for you and work with you to accommodate your requirements.
wpscanteam at gmail.com
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
==INSTALL==
WPScan comes pre-installed on the following Linux distributions:
* BackBox Linux
* Kali Linux
* Pentoo
* SamuraiWTF
* ArchAssault
Prerequisites:
* Windows not supported
* Ruby >= 1.9.2 - Recommended: 2.1.4
* Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
* RubyGems - Recommended: latest
* Git
Windows is not supported.
If installed from Github update the code base with git pull. The databases are updated with wpscan.rb --update.
-> Installing on Ubuntu:
Before Ubuntu 14.04:
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
From Ubuntu 14.04:
sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
-> Installing on Debian:
sudo apt-get install git ruby ruby-dev libcurl4-gnutls-dev make
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler
bundle install --without test --path vendor/bundle
-> Installing on Fedora:
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
-> Installing on Archlinux:
pacman -Syu ruby
pacman -Syu libyaml
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
gem install typhoeus
gem install nokogiri
-> Installing on Mac OS X:
Apple Xcode, Command Line Tools and the libffi are needed (to be able to install the FFI gem), See http://stackoverflow.com/questions/17775115/cant-setup-ruby-environment-installing-fii-gem-error
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && sudo bundle install --without test
-> Installing with RVM:
cd ~
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
rvm install 2.1.4
rvm use 2.1.4 --default
echo "gem: --no-ri --no-rdoc" > ~/.gemrc
gem install bundler
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
bundle install --without test
==KNOWN ISSUES==
- Typhoeus segmentation fault:
Update cURL to version => 7.21 (may have to install from source)
- Proxy not working:
Update cURL to version => 7.21.7 (may have to install from source).
Installation from sources :
- Grab the sources from http://curl.haxx.se/download.html
- Decompress the archive
- Open the folder with the extracted files
- Run ./configure
- Run make
- Run sudo make install
- Run sudo ldconfig
- cannot load such file -- readline:
Run sudo aptitude install libreadline5-dev libncurses5-dev
Then, open the directory of the readline gem (you have to locate it)
cd ~/.rvm/src/ruby-1.9.2-p180/ext/readline
ruby extconf.rb
make
make install
See http://vvv.tobiassjosten.net/ruby-on-rails/fixing-readline-for-the-ruby-on-rails-console/ for more details
- no such file to load -- rubygems
Run update-alternatives --config ruby
And select your ruby version
See https://github.com/wpscanteam/wpscan/issues/148
==WPSCAN ARGUMENTS==
--update Update the databases.
--url | -u <target url> The WordPress URL/domain to scan.
--force | -f Forces WPScan to not check if the remote site is running WordPress.
--enumerate | -e [option(s)] Enumeration.
option :
u usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you must write [] chars)
p plugins
vp only vulnerable plugins
ap all plugins (can take a long time)
tt timthumbs
t themes
vt only vulnerable themes
at all themes (can take a long time)
Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
If no option is supplied, the default is "vt,tt,u,vp"
--exclude-content-based "<regexp or string>" Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied
You do not need to provide the regexp delimiters, but you must write the quotes (simple or double)
--config-file | -c <config file> Use the specified config file, see the example.conf.json
--user-agent | -a <User-Agent> Use the specified User-Agent
--random-agent | -r Use a random User-Agent
--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specified it. Subdirectories are allowed
--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory. If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
--proxy <[protocol://]host:port> Supply a proxy (will override the one from conf/browser.conf.json).
HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given (format host:port), HTTP will be used
--proxy-auth <username:password> Supply the proxy login credentials.
--basic-auth <username:password> Set the HTTP Basic authentication.
--wordlist | -w <wordlist> Supply a wordlist for the password brute forcer.
--threads | -t <number of threads> The number of threads to use when multi-threading requests.
--username | -U <username> Only brute force the supplied username.
--usernames <path-to-file> Only brute force the usernames from the file.
--cache-ttl <cache-ttl> Typhoeus cache TTL.
--request-timeout <request-timeout> Request Timeout.
--connect-timeout <connect-timeout> Connect Timeout.
--max-threads <max-threads> Maximum Threads.
--help | -h This help screen.
--verbose | -v Verbose output.
--batch Never ask for user input, use the default behaviour.
--no-color Do not use colors in the output.
--log Save STDOUT to log.txt
==WPSCAN EXAMPLES==
Do 'non-intrusive' checks...
ruby wpscan.rb --url www.example.com
Do wordlist password brute force on enumerated users using 50 threads...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --threads 50
Do wordlist password brute force on the 'admin' username only...
ruby wpscan.rb --url www.example.com --wordlist darkc0de.lst --username admin
Enumerate installed plugins...
ruby wpscan.rb --url www.example.com --enumerate p
Run all enumeration tools...
ruby wpscan.rb --url www.example.com --enumerate
Use custom content directory...
ruby wpscan.rb -u www.example.com --wp-content-dir custom-content
Update WPScan's databases...
ruby wpscan.rb --update
Debug output...
ruby wpscan.rb --url www.example.com --debug-output 2>debug.log
==WPSTOOLS ARGUMENTS==
-v, --verbose Verbose output
--check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404
--check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
s, --stats Show WpScan Database statistics.
--spellcheck, --sc Check all files for common spelling mistakes.
==WPSTOOLS EXAMPLES==
Locally scan a wordpress installation for vulnerable files or shells:
ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/
===PROJECT HOME===
www.wpscan.org
===REPOSITORY===
https://github.com/wpscanteam/wpscan
===ISSUES===
https://github.com/wpscanteam/wpscan/issues
===DEVELOPER DOCUMENTATION===
http://rdoc.info/github/wpscanteam/wpscan/frames
===SPECIAL THANKS===
RandomStorm - https://www.randomstorm.com

114
README.md
View File

@@ -1,33 +1,84 @@
![alt text](https://raw.githubusercontent.com/wpscanteam/wpscan/gh-pages/wpscan_logo_407x80.png "WPScan - WordPress Security Scanner")
[![Build Status](https://travis-ci.org/wpscanteam/CMSScanner.svg?branch=master)](https://travis-ci.org/wpscanteam/CMSScanner)
[![Build Status](https://travis-ci.org/wpscanteam/wpscan.svg?branch=master)](https://travis-ci.org/wpscanteam/wpscan)
[![Code Climate](https://img.shields.io/codeclimate/github/wpscanteam/wpscan.svg)](https://codeclimate.com/github/wpscanteam/wpscan)
[![Dependency Status](https://img.shields.io/gemnasium/wpscanteam/wpscan.svg)](https://gemnasium.com/wpscanteam/wpscan)
#### LICENSE
The WPScan software and its data (henceforth both referred to simply as "WPScan") is dual-licensed - copyright 2011-2014 The WPScan Team.
#### WPScan Public Source License
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, the system can be used under the terms of the GNU General Public License.
The WPScan software (henceforth referred to simply as "WPScan") is dual-licensed - Copyright 2011-2015 WPScan Team.
Cases of commercialization are:
Cases that include commercialization of WPScan require a commercial, non-free license. Otherwise, WPScan can be used without charge under the terms set out below.
- Using WPScan to provide commercial managed/Software-as-a-Service services.
- Distributing WPScan as a commercial product or as part of one.
- Using WPScan as a value added service/product.
##### 1. Definitions
Cases which do not require a commercial license, and thus fall under the terms of GNU General Public License, include (but are not limited to):
1.1 "License" means this document.
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit. So long as that does not conflict with the commercialization clause.
- Using WPScan to test your own systems.
- Any non-commercial use of WPScan.
1.2 "Contributor" means each individual or legal entity that creates, contributes to the creation of, or owns WPScan.
If you need to acquire a commercial license or are unsure about whether you need to acquire a commercial license, please get in touch, we will be happy to clarify things for you and work with you to accommodate your requirements.
1.3 "WPScan Team" means WPScans core developers, an updated list of whom can be found within the CREDITS file.
wpscanteam at gmail.com
##### 2. Commercialization
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
A commercial use is one intended for commercial advantage or monetary compensation.
Example cases of commercialization are:
- Using WPScan to provide commercial managed/Software-as-a-Service services.
- Distributing WPScan as a commercial product or as part of one.
- Using WPScan as a value added service/product.
Example cases which do not require a commercial license, and thus fall under the terms set out below, include (but are not limited to):
- Penetration testers (or penetration testing organizations) using WPScan as part of their assessment toolkit.
- Penetration Testing Linux Distributions including but not limited to Kali Linux, SamuraiWTF, BackBox Linux.
- Using WPScan to test your own systems.
- Any non-commercial use of WPScan.
If you need to purchase a commercial license or are unsure whether you need to purchase a commercial license contact us - wpscanteam@gmail.com.
We may grant commercial licenses at no monetary cost at our own discretion if the commercial usage is deemed by the WPScan Team to significantly benefit WPScan.
Free-use Terms and Conditions;
##### 3. Redistribution
Redistribution is permitted under the following conditions:
- Unmodified License is provided with WPScan.
- Unmodified Copyright notices are provided with WPScan.
- Does not conflict with the commercialization clause.
##### 4. Copying
Copying is permitted so long as it does not conflict with the Redistribution clause.
##### 5. Modification
Modification is permitted so long as it does not conflict with the Redistribution clause.
##### 6. Contributions
Any Contributions assume the Contributor grants the WPScan Team the unlimited, non-exclusive right to reuse, modify and relicense the Contributor's content.
##### 7. Support
WPScan is provided under an AS-IS basis and without any support, updates or maintenance. Support, updates and maintenance may be given according to the sole discretion of the WPScan Team.
##### 8. Disclaimer of Warranty
WPScan is provided under this License on an “as is” basis, without warranty of any kind, either expressed, implied, or statutory, including, without limitation, warranties that the WPScan is free of defects, merchantable, fit for a particular purpose or non-infringing.
##### 9. Limitation of Liability
To the extent permitted under Law, WPScan is provided under an AS-IS basis. The WPScan Team shall never, and without any limit, be liable for any damage, cost, expense or any other payment incurred as a result of WPScan's actions, failure, bugs and/or any other interaction between WPScan and end-equipment, computers, other software or any 3rd party, end-equipment, computer or services.
##### 10. Disclaimer
Running WPScan against websites without prior mutual consent may be illegal in your country. The WPScan Team accept no liability and are not responsible for any misuse or damage caused by WPScan.
#### INSTALL
@@ -38,10 +89,11 @@ WPScan comes pre-installed on the following Linux distributions:
- [Pentoo](http://www.pentoo.ch/)
- [SamuraiWTF](http://samurai.inguardians.com/)
- [ArchAssault](https://archassault.org/)
- [BlackArch](http://blackarch.org/)
Prerequisites:
- Ruby >= 1.9.2 - Recommended: 2.1.4
- Ruby >= 1.9.2 - Recommended: 2.2.2
- Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
- RubyGems - Recommended: latest
- Git
@@ -53,21 +105,21 @@ If installed from Github update the code base with ```git pull```. The databases
Before Ubuntu 14.04:
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
sudo apt-get install libcurl4-openssl-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
From Ubuntu 14.04:
sudo apt-get install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
####Installing on Debian:
sudo apt-get install git ruby ruby-dev libcurl4-gnutls-dev make
sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler
@@ -75,7 +127,7 @@ From Ubuntu 14.04:
####Installing on Fedora:
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
@@ -104,12 +156,13 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
rvm install 2.1.4
rvm use 2.1.4 --default
rvm install 2.2.2
rvm use 2.2.2 --default
echo "gem: --no-ri --no-rdoc" > ~/.gemrc
gem install bundler
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler
bundle install --without test
#### KNOWN ISSUES
@@ -219,7 +272,7 @@ Apple Xcode, Command Line Tools and the libffi are needed (to be able to install
--verbose | -v Verbose output.
--batch Never ask for user input, use the default behaviour.
--batch Never ask for user input, use the default behavior.
--no-color Do not use colors in the output.
@@ -259,28 +312,13 @@ Debug output...
```ruby wpscan.rb --url www.example.com --debug-output 2>debug.log```
#### WPSTOOLS ARGUMENTS
-v, --verbose Verbose output
--check-vuln-ref-urls, --cvru Check all the vulnerabilities reference urls for 404
--check-local-vulnerable-files, --clvf LOCAL_DIRECTORY Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells
-s, --stats Show WpScan Database statistics.
--spellcheck, --sc Check all files for common spelling mistakes.
#### WPSTOOLS EXAMPLES
Locally scan a wordpress installation for vulnerable files or shells:
```ruby wpstools.rb --check-local-vulnerable-files /var/www/wordpress/```
#### PROJECT HOME
[http://www.wpscan.org](http://www.wpscan.org)
#### VULNERABILITY DATABASE
[https://www.wpvulndb.com](https://www.wpvulndb.com)
[https://wpvulndb.com](https://wpvulndb.com)
#### GIT REPOSITORY

BIN
data.zip
View File

Binary file not shown.

2
dev/pre-commit-hook.rb
View File

@@ -23,7 +23,7 @@ end
html = open(html_path).read
examples = html.match(/(\d+) examples/)[0].to_i rescue 0
errors = html.match(/(\d+) errors/)[0].to_i rescue 0
if errors == 0 then
if errors == 0
errors = html.match(/(\d+) failure/)[0].to_i rescue 0
end
pending = html.match(/(\d+) pending/)[0].to_i rescue 0

4
example.conf.json
View File

@@ -10,9 +10,9 @@
"cache_ttl": 600, // 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
"request_timeout": 2000, // 2s
"request_timeout": 60, // 1min
"connect_timeout": 1000, // 1s
"connect_timeout": 10, // 10s
"max_threads": 20
}

6
lib/common/browser.rb
View File

@@ -73,10 +73,8 @@ class Browser
@max_threads = 20
# 10 minutes, at this time the cache is cleaned before each scan. If this value is set to 0, the cache will be disabled
@cache_ttl = 600
# 2s
@request_timeout = 2000
# 1s
@connect_timeout = 1000
@request_timeout = 60 # 60s
@connect_timeout = 10 # 10s
@user_agent = "WPScan v#{WPSCAN_VERSION} (http://wpscan.org)"
end

4
lib/common/browser/options.rb
View File

@@ -82,7 +82,7 @@ class Browser
#
# @return [ void ]
def request_timeout=(timeout)
@request_timeout = timeout
@request_timeout = timeout.to_i
end
# Sets the connect timeout
@@ -90,7 +90,7 @@ class Browser
#
# @return [ void ]
def connect_timeout=(timeout)
@connect_timeout = timeout
@connect_timeout = timeout.to_i
end
protected

2
lib/common/collections/wp_items.rb
View File

@@ -14,7 +14,7 @@ class WpItems < Array
self.wp_target = wp_target
end
# @param [String] argv
# @param [String] args
#
# @return [ void ]
def add(*args)

2
lib/common/collections/wp_items/detectable.rb
View File

@@ -32,7 +32,7 @@ class WpItems < Array
progress_bar.progress += 1 if options[:show_progression]
if target_item.exists?(exist_options, response)
if !results.include?(target_item)
unless results.include?(target_item)
if !options[:only_vulnerable] || options[:only_vulnerable] && target_item.vulnerable?
results << target_item
end

33
lib/common/common_helper.rb
View File

@@ -6,7 +6,6 @@ DATA_DIR = File.join(ROOT_DIR, 'data')
CONF_DIR = File.join(ROOT_DIR, 'conf')
CACHE_DIR = File.join(ROOT_DIR, 'cache')
WPSCAN_LIB_DIR = File.join(LIB_DIR, 'wpscan')
WPSTOOLS_LIB_DIR = File.join(LIB_DIR, 'wpstools')
UPDATER_LIB_DIR = File.join(LIB_DIR, 'updater')
COMMON_LIB_DIR = File.join(LIB_DIR, 'common')
MODELS_LIB_DIR = File.join(COMMON_LIB_DIR, 'models')
@@ -17,7 +16,6 @@ LOG_FILE = File.join(ROOT_DIR, 'log.txt')
# Plugins directories
COMMON_PLUGINS_DIR = File.join(COMMON_LIB_DIR, 'plugins')
WPSCAN_PLUGINS_DIR = File.join(WPSCAN_LIB_DIR, 'plugins') # Not used ATM
WPSTOOLS_PLUGINS_DIR = File.join(WPSTOOLS_LIB_DIR, 'plugins')
# Data files
PLUGINS_FILE = File.join(DATA_DIR, 'plugins.txt')
@@ -33,8 +31,9 @@ LOCAL_FILES_FILE = File.join(DATA_DIR, 'local_vulnerable_files.xml')
WP_VERSIONS_XSD = File.join(DATA_DIR, 'wp_versions.xsd')
LOCAL_FILES_XSD = File.join(DATA_DIR, 'local_vulnerable_files.xsd')
USER_AGENTS_FILE = File.join(DATA_DIR, 'user-agents.txt')
LAST_UPDATE_FILE = File.join(DATA_DIR, '.last_update')
WPSCAN_VERSION = '2.6'
WPSCAN_VERSION = '2.8'
$LOAD_PATH.unshift(LIB_DIR)
$LOAD_PATH.unshift(WPSCAN_LIB_DIR)
@@ -42,7 +41,7 @@ $LOAD_PATH.unshift(MODELS_LIB_DIR)
def kali_linux?
begin
File.readlines("/etc/debian_version").grep(/^kali/i).any?
File.readlines('/etc/debian_version').grep(/^kali/i).any?
rescue
false
end
@@ -55,7 +54,7 @@ def require_files_from_directory(absolute_dir_path, files_pattern = '*.rb')
files = Dir[File.join(absolute_dir_path, files_pattern)]
# Files in the root dir are loaded first, then those in the subdirectories
files.sort_by { |file| [file.count("/"), file] }.each do |f|
files.sort_by { |file| [file.count('/'), file] }.each do |f|
f = File.expand_path(f)
#puts "require #{f}" # Used for debug
require f
@@ -80,6 +79,20 @@ def missing_db_file?
false
end
def last_update
date = nil
if File.exists?(LAST_UPDATE_FILE)
content = File.read(LAST_UPDATE_FILE)
date = Time.parse(content) rescue nil
end
date
end
def update_required?
date = last_update
(true if date.nil?) or (date < 5.days.ago)
end
# Define colors
def colorize(text, color_code)
if $COLORSWITCH
@@ -110,19 +123,21 @@ def blue(text)
end
def critical(text)
red(text)
$exit_code += 1 if defined?($exit_code) # hack for undefined var via rspec
"#{red('[!]')} #{text}"
end
def warning(text)
amber(text)
$exit_code += 1 if defined?($exit_code) # hack for undefined var via rspec
"#{amber('[!]')} #{text}"
end
def info(text)
green(text)
"#{green('[+]')} #{text}"
end
def notice(text)
blue(text)
"#{blue('[i]')} #{text}"
end
# our 1337 banner

14
lib/common/db_updater.rb
View File

@@ -6,7 +6,7 @@ class DbUpdater
local_vulnerable_files.xml local_vulnerable_files.xsd
plugins_full.txt plugins.txt themes_full.txt themes.txt
timthumbs.txt user-agents.txt wp_versions.xml wp_versions.xsd
plugin_vulns.json theme_vulns.json wp_vulns.json
plugin_vulns.json theme_vulns.json wp_vulns.json LICENSE
)
attr_reader :repo_directory
@@ -28,7 +28,7 @@ class DbUpdater
# @return [ String ] The raw file URL associated with the given filename
def remote_file_url(filename)
"https://raw.githubusercontent.com/wpscanteam/vulndb/master/#{filename}"
"https://wpvulndb.com/data/#{filename}"
end
# @return [ String ] The checksum of the associated remote filename
@@ -36,8 +36,8 @@ class DbUpdater
url = "#{remote_file_url(filename)}.sha512"
res = Browser.get(url, request_params)
fail "Unable to get #{url}" unless res.code == 200
res.body
fail DownloadError, res if res.timed_out? || res.code != 200
res.body.chomp
end
def local_file_path(filename)
@@ -72,7 +72,7 @@ class DbUpdater
file_url = remote_file_url(filename)
res = Browser.get(file_url, request_params)
fail "Error while downloading #{file_url}" unless res.code == 200
fail DownloadError, res if res.timed_out? || res.code != 200
File.open(file_path, 'wb') { |f| f.write(res.body) }
local_file_checksum(filename)
@@ -96,6 +96,7 @@ class DbUpdater
puts ' [i] Downloading new file' if verbose
dl_checksum = download(filename)
puts " [i] Downloaded File Checksum: #{dl_checksum}" if verbose
puts " [i] Database File Checksum : #{db_checksum}" if verbose
unless dl_checksum == db_checksum
fail "#{filename}: checksums do not match"
@@ -111,5 +112,8 @@ class DbUpdater
end
end
end
# write last_update date to file
File.write(LAST_UPDATE_FILE, Time.now)
end
end

33
lib/common/errors.rb Normal file
View File

@@ -0,0 +1,33 @@
# HTTP Error
class HttpError < StandardError
attr_reader :response
# @param [ Typhoeus::Response ] response
def initialize(response)
@response = response
end
def failure_details
msg = response.effective_url
if response.code == 0 || response.timed_out?
msg += " (#{response.return_message})"
else
msg += " (status: #{response.code})"
end
msg
end
def message
"HTTP Error: #{failure_details}"
end
end
# Used in the Updater
class DownloadError < HttpError
def message
"Unable to get #{failure_details}"
end
end

17
lib/common/hacks.rb
View File

@@ -78,7 +78,7 @@ module Terminal
class Style
@@defaults = {
:border_x => "-", :border_y => "|", :border_i => "+",
:border_x => '-', :border_y => '|', :border_i => '+',
:padding_left => 1, :padding_right => 1,
:margin_left => '',
:width => nil, :alignment => nil
@@ -102,7 +102,20 @@ class Numeric
def bytes_to_human
units = %w{B KB MB GB TB}
e = (Math.log(self)/Math.log(1024)).floor
s = "%.3f" % (to_f / 1024**e)
s = '%.3f' % (to_f / 1024**e)
s.sub(/\.?0*$/, ' ' + units[e])
end
end
# time calculations
class Fixnum
SECONDS_IN_DAY = 24 * 60 * 60
def days
self * SECONDS_IN_DAY
end
def ago
Time.now - self
end
end

7
lib/common/models/vulnerability/output.rb
View File

@@ -6,16 +6,17 @@ class Vulnerability
# output the vulnerability
def output(verbose = false)
puts
puts "#{critical('[!]')} Title: #{title}"
puts critical("Title: #{title}")
references.each do |key, urls|
methodname = "url_#{key}"
urls.each do |u|
next unless respond_to?(methodname)
url = send(methodname, u)
puts " Reference: #{url}" if url
end
end
if !fixed_in.nil?
puts "#{notice('[i]')} Fixed in: #{fixed_in}"
unless fixed_in.nil?
puts notice("Fixed in: #{fixed_in}")
end
end
end

20
lib/common/models/vulnerability/urls.rb
View File

@@ -6,31 +6,39 @@ class Vulnerability
def url_metasploit(module_path)
# remove leading slash
module_path = module_path.sub(/^\//, '')
"http://www.rapid7.com/db/modules/#{module_path}"
"https://www.rapid7.com/db/modules/#{module_path}"
end
def url_url(url)
url
end
def url_cve(cve)
"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-#{cve}"
def url_cve(id)
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-#{id}"
end
def url_osvdb(id)
"http://osvdb.org/#{id}"
"http://osvdb.org/show/osvdb/#{id}"
end
def url_secunia(id)
"https://secunia.com/advisories/#{id}"
"https://secunia.com/advisories/#{id}/"
end
def url_exploitdb(id)
"http://www.exploit-db.com/exploits/#{id}/"
"https://www.exploit-db.com/exploits/#{id}/"
end
def url_id(id)
"https://wpvulndb.com/vulnerabilities/#{id}"
end
def url_packetstorm(id)
"http://packetstormsecurity.com/files/#{id}/"
end
def url_securityfocus(id)
"http://www.securityfocus.com/bid/#{id}/"
end
end
end

8
lib/common/models/wp_item/output.rb
View File

@@ -6,19 +6,19 @@ class WpItem
# @return [ Void ]
def output(verbose = false)
puts
puts "#{info('[+]')} Name: #{self}" #this will also output the version number if detected
puts info("Name: #{self}") #this will also output the version number if detected
puts " | Location: #{url}"
#puts " | WordPress: #{wordpress_url}" if wordpress_org_item?
puts " | Readme: #{readme_url}" if has_readme?
puts " | Changelog: #{changelog_url}" if has_changelog?
puts "#{warning('[!]')} Directory listing is enabled: #{url}" if has_directory_listing?
puts "#{warning('[!]')} An error_log file has been found: #{error_log_url}" if has_error_log?
puts warning("Directory listing is enabled: #{url}") if has_directory_listing?
puts warning("An error_log file has been found: #{error_log_url}") if has_error_log?
additional_output(verbose) if respond_to?(:additional_output)
if version.nil? && vulnerabilities.length > 0
puts
puts "#{warning('[+]')} We could not determine a version so all vulnerabilities are printed out"
puts warning('We could not determine a version so all vulnerabilities are printed out')
end
vulnerabilities.output

28
lib/common/models/wp_item/versionable.rb
View File

@@ -13,7 +13,7 @@ class WpItem
# This check is needed because readme_url can return nil
if has_readme?
response = Browser.get(readme_url)
@version = response.body[%r{(?:stable tag|version): #{WpVersion.version_pattern}}i, 1]
@version = extract_version(response.body)
end
end
@version
@@ -22,7 +22,31 @@ class WpItem
# @return [ String ]
def to_s
item_version = self.version
"#@name#{' - v' + item_version.strip if item_version}"
"#{@name}#{' - v' + item_version.strip if item_version}"
end
# Extracts the version number from a given string/body
#
# @return [ String ] detected version
def extract_version(body)
version = body[/\b(?:stable tag|version):\s*(?!trunk)([0-9a-z\.-]+)/i, 1]
if version.nil? || version !~ /[0-9]+/
extracted_versions = body.scan(/[=]+\s+(?:v(?:ersion)?\s*)?([0-9\.-]+)[ \ta-z0-9\(\)\.-]*[=]+/i)
return if extracted_versions.nil? || extracted_versions.length == 0
extracted_versions.flatten!
# must contain at least one number
extracted_versions = extracted_versions.select { |x| x =~ /[0-9]+/ }
sorted = extracted_versions.sort { |x,y|
begin
Gem::Version.new(x) <=> Gem::Version.new(y)
rescue
0
end
}
return sorted.last
else
return version
end
end
end

12
lib/common/models/wp_item/vulnerable.rb
View File

@@ -15,12 +15,14 @@ class WpItem
json.each do |item|
asset = item[identifier]
if asset
asset['vulnerabilities'].each do |vulnerability|
vulnerability = Vulnerability.load_from_json_item(vulnerability)
vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
next unless asset
asset['vulnerabilities'].each do |vulnerability|
vulnerability = Vulnerability.load_from_json_item(vulnerability)
vulnerabilities << vulnerability if vulnerable_to?(vulnerability)
end
break # No need to iterate any further
end
vulnerabilities

2
lib/common/models/wp_theme/childtheme.rb
View File

@@ -14,7 +14,7 @@ class WpTheme < WpItem
def get_parent_theme_style_url
if is_child_theme?
return style_url.sub("/#{name}/style.css", "/#@theme_template/style.css")
return style_url.sub("/#{name}/style.css", "/#{@theme_template}/style.css")
end
nil
end

26
lib/common/models/wp_theme/findable.rb
View File

@@ -30,17 +30,14 @@ class WpTheme < WpItem
response = Browser.get_and_follow_location(target_uri.to_s)
# https + domain is optional because of relative links
matches = /(?:https?:\/\/[^"']+)?\/([^\/]+)\/themes\/([^"'\/]+)[^"']*\/style.css/i.match(response.body)
if matches
return new(
target_uri,
{
name: matches[2],
referenced_url: matches[0],
wp_content_dir: matches[1]
}
)
end
return unless response.body =~ %r{(?:https?://[^"']+/)?([^/\s]+)/themes/([^"'/]+)[^"']*/style.css}i
new(
target_uri,
name: Regexp.last_match[2],
referenced_url: Regexp.last_match[0],
wp_content_dir: Regexp.last_match[1]
)
end
# @param [ URI ] target_uri
@@ -50,7 +47,6 @@ class WpTheme < WpItem
body = Browser.get(target_uri.to_s).body
regexp = %r{<meta name="generator" content="([^\s"]+)\s?([^"]+)?" />\s+<meta name="generator" content="WooFramework\s?([^"]+)?" />}
if matches = regexp.match(body)
woo_theme_name = matches[1]
woo_theme_version = matches[2]
@@ -58,10 +54,8 @@ class WpTheme < WpItem
return new(
target_uri,
{
name: woo_theme_name,
version: woo_theme_version
}
name: woo_theme_name,
version: woo_theme_version
)
end
end

18
lib/common/models/wp_theme/output.rb
View File

@@ -10,16 +10,16 @@ class WpTheme
theme_desc = verbose ? @theme_description : truncate(@theme_description, 100)
puts " | Style URL: #{style_url}"
puts " | Referenced style.css: #{referenced_url}" if referenced_url && referenced_url != style_url
puts " | Theme Name: #@theme_name" if @theme_name
puts " | Theme URI: #@theme_uri" if @theme_uri
puts " | Theme Name: #{@theme_name}" if @theme_name
puts " | Theme URI: #{@theme_uri}" if @theme_uri
puts " | Description: #{theme_desc}"
puts " | Author: #@theme_author" if @theme_author
puts " | Author URI: #@theme_author_uri" if @theme_author_uri
puts " | Template: #@theme_template" if @theme_template and verbose
puts " | License: #@theme_license" if @theme_license and verbose
puts " | License URI: #@theme_license_uri" if @theme_license_uri and verbose
puts " | Tags: #@theme_tags" if @theme_tags and verbose
puts " | Text Domain: #@theme_text_domain" if @theme_text_domain and verbose
puts " | Author: #{@theme_author}" if @theme_author
puts " | Author URI: #{@theme_author_uri}" if @theme_author_uri
puts " | Template: #{@theme_template}" if @theme_template and verbose
puts " | License: #{@theme_license}" if @theme_license and verbose
puts " | License URI: #{@theme_license_uri}" if @theme_license_uri and verbose
puts " | Tags: #{@theme_tags}" if @theme_tags and verbose
puts " | Text Domain: #{@theme_text_domain}" if @theme_text_domain and verbose
end
end

2
lib/common/models/wp_theme/versionable.rb
View File

@@ -3,7 +3,7 @@
class WpTheme < WpItem
module Versionable
def version
@version ||= Browser.get(style_url).body[%r{Version:\s*([^\s]+)}i, 1]
@version ||= Browser.get(style_url).body[%r{Version:\s*(?!trunk)([0-9a-z\.-]+)}i, 1]
end
end
end

2
lib/common/models/wp_timthumb/output.rb
View File

@@ -5,7 +5,7 @@ class WpTimthumb < WpItem
def output(verbose = false)
puts
puts "#{info('[+]')} #{self}" #this will also output the version number if detected
puts info("#{self}") #this will also output the version number if detected
vulnerabilities.output
end

4
lib/common/models/wp_timthumb/vulnerable.rb
View File

@@ -15,7 +15,7 @@ class WpTimthumb < WpItem
end
def check_rce_132
return rce_132_vuln unless VersionCompare.lesser_or_equal?('1.33', version)
rce_132_vuln unless VersionCompare.lesser_or_equal?('1.33', version)
end
# Vulnerable versions : > 1.35 (or >= 2.0) and < 2.8.14
@@ -24,7 +24,7 @@ class WpTimthumb < WpItem
response = Browser.get(uri.merge('?webshot=1&src=http://' + default_allowed_domains.sample))
return rce_webshot_vuln unless response.body =~ /WEBSHOT_ENABLED == true/
rce_webshot_vuln unless response.body =~ /WEBSHOT_ENABLED == true/
end
# @return [ Array<String> ] The default allowed domains (between the 2.0 and 2.8.13)

2
lib/common/models/wp_user.rb
View File

@@ -15,7 +15,7 @@ class WpUser < WpItem
# @return [ URI ] The uri to the author page
def uri
if id
return @uri.merge("?author=#{id}")
@uri.merge("?author=#{id}")
else
raise 'The id is nil'
end

12
lib/common/models/wp_user/brute_forcable.rb
View File

@@ -34,7 +34,7 @@ class WpUser < WpItem
# Generate a random one on each request
unless redirect_url
random = (0...8).map { 65.+(rand(26)).chr }.join
redirect_url = "#@uri#{random}/"
redirect_url = "#{@uri}#{random}/"
end
request = login_request(password, redirect_url)
@@ -66,7 +66,7 @@ class WpUser < WpItem
puts if options[:show_progression] # mandatory to avoid the output of the progressbar to be overriden
end
# @param [ Integer ] targets_size
# @param [ Integer ] passwords_size
# @param [ Hash ] options
#
# @return [ ProgressBar ]
@@ -109,13 +109,13 @@ class WpUser < WpItem
elsif response.body =~ /login_error/i
verbose = "\n Incorrect login and/or password."
elsif response.timed_out?
progression = "#{critical('ERROR:')} Request timed out."
progression = critical('ERROR: Request timed out.')
elsif response.code == 0
progression = "#{critical('ERROR:')} No response from remote server. WAF/IPS?"
progression = critical("ERROR: No response from remote server. WAF/IPS? (#{response.return_message})")
elsif response.code.to_s =~ /^50/
progression = "#{critical('ERROR:')} Server error, try reducing the number of threads."
progression = critical('ERROR: Server error, try reducing the number of threads.')
else
progression = "#{critical('ERROR:')} We received an unknown response for #{password}..."
progression = critical("ERROR: We received an unknown response for #{password}...")
verbose = critical(" Code: #{response.code}\n Body: #{response.body}\n")
end

7
lib/common/models/wp_user/existable.rb
View File

@@ -39,7 +39,9 @@ class WpUser < WpItem
#
# @return [ String ] The login
def self.login_from_author_pattern(text)
text[%r{/author/([^/\b]+)/?}i, 1]
return unless text =~ %r{/author/([^/\b]+)/?}i
Regexp.last_match[1].force_encoding('UTF-8')
end
# @param [ String ] body
@@ -51,7 +53,8 @@ class WpUser < WpItem
unless login
# No Permalinks
login = body[%r{<body class="archive author author-([^\s]+) author-(\d+)}i, 1]
login = body[%r{<body class="archive author author-([^\s]+)[ "]}i, 1]
login ? login.force_encoding('UTF-8') : nil
end
login

7
lib/common/models/wp_version.rb
View File

@@ -23,4 +23,11 @@ class WpVersion < WpItem
number == other.number
end
# @return [ Array<String> ] All the stable versions from version_file
def self.all(versions_file = WP_VERSIONS_FILE)
Nokogiri.XML(File.open(versions_file)).css('version').reduce([]) do |a, node|
a << node.text.to_s
end
end
end

28
lib/common/models/wp_version/findable.rb
View File

@@ -114,6 +114,34 @@ class WpVersion < WpItem
)
end
def find_from_stylesheets_numbers(target_uri)
wp_versions = WpVersion.all
found = {}
pattern = /\bver=([0-9\.]+)/i
Nokogiri::HTML(Browser.get(target_uri.to_s).body).css('link,script').each do |tag|
%w(href src).each do |attribute|
attr_value = tag.attribute(attribute).to_s
next if attr_value.nil? || attr_value.empty?
uri = Addressable::URI.parse(attr_value)
next unless uri.query && uri.query.match(pattern)
version = Regexp.last_match[1].to_s
found[version] ||= 0
found[version] += 1
end
end
found.delete_if { |v, _| !wp_versions.include?(v) }
best_guess = found.sort_by(&:last).last
# best_guess[0]: version number, [1] numbers of occurences
best_guess && best_guess[1] > 1 ? best_guess[0] : nil
end
# Uses data/wp_versions.xml to try to identify a
# wordpress version.
#

9
lib/common/models/wp_version/output.rb
View File

@@ -5,13 +5,16 @@ class WpVersion < WpItem
def output(verbose = false)
puts
puts "#{info('[+]')} WordPress version #{self.number} identified from #{self.found_from}"
puts info("WordPress version #{self.number} identified from #{self.found_from}")
vulnerabilities = self.vulnerabilities
unless vulnerabilities.empty?
puts "#{critical('[!]')} #{vulnerabilities.size} vulnerabilities identified from the version number"
if vulnerabilities.size == 1
puts critical("#{vulnerabilities.size} vulnerability identified from the version number")
else
puts critical("#{vulnerabilities.size} vulnerabilities identified from the version number")
end
vulnerabilities.output
end
end

1
lib/environment.rb
View File

@@ -35,6 +35,7 @@ begin
require 'nokogiri'
require 'terminal-table'
require 'ruby-progressbar'
require 'addressable/uri'
# Custom libs
require 'common/browser'
require 'common/custom_option_parser'

7
lib/wpscan/web_site.rb
View File

@@ -54,10 +54,9 @@ class WebSite
redirected_uri = URI.parse(add_trailing_slash(add_http_protocol(url)))
if response.code == 301 || response.code == 302
redirection = response.headers_hash['location']
if redirection[0] == '/'
redirection = "#{redirected_uri.scheme}://#{redirected_uri.host}#{redirection}"
end
redirection = redirected_uri.merge(response.headers_hash['location']).to_s
return redirection if url == redirection # prevents infinite loop
# Let's check if there is a redirection in the redirection
if other_redirection = redirection(redirection)

5
lib/wpscan/web_site/robots_txt.rb
View File

@@ -15,7 +15,6 @@ class WebSite
@uri.clone.merge('robots.txt').to_s
end
# Parse robots.txt
# @return [ Array ] URLs generated from robots.txt
def parse_robots_txt
@@ -40,9 +39,9 @@ class WebSite
entries.each do |d|
begin
temp = @uri.clone
temp.path = d
temp.path = d.strip
rescue URI::Error
temp = d
temp = d.strip
end
return_object << temp.to_s
end

17
lib/wpscan/wp_target.rb
View File

@@ -21,6 +21,7 @@ class WpTarget < WebSite
attr_reader :verbose
def initialize(target_url, options = {})
raise Exception.new('target_url can not be nil or empty') if target_url.nil? || target_url == ''
super(target_url)
@verbose = options[:verbose]
@@ -40,10 +41,16 @@ class WpTarget < WebSite
# Note: in the future major WPScan version, change the user-agent to see
# if the response is a 200 ?
fail "The target is responding with a 403, this might be due to a WAF or a plugin\n" \
'You should try to supply a valid user-agent via the --user-agent option' if response.code == 403
fail "The target is responding with a 403, this might be due to a WAF or a plugin.\n" \
'You should try to supply a valid user-agent via the --user-agent option or use the --random-agent option' if response.code == 403
if response.body =~ /["'][^"']*\/wp-content\/[^"']*["']/i
if wp_content_dir
dir = wp_content_dir
else
dir = 'wp-content'
end
if response.body =~ /["'][^"']*\/#{Regexp.escape(dir)}\/[^"']*["']/i
wordpress = true
else
@@ -70,9 +77,7 @@ class WpTarget < WebSite
# Let's check if the login url is redirected (to https url for example)
redirection = redirection(url)
if redirection
url = redirection
end
url = redirection if redirection
url
end

2
lib/wpscan/wp_target/wp_custom_directories.rb
View File

@@ -23,9 +23,9 @@ class WpTarget < WebSite
# @return [ Boolean ]
def default_wp_content_dir_exists?
response = Browser.get(@uri.merge('wp-content').to_s)
hash = Digest::MD5.hexdigest(response.body)
if WpTarget.valid_response_codes.include?(response.code)
hash = WebSite.page_hash(response)
return true if hash != error_404_hash and hash != homepage_hash
end

7
lib/wpscan/wp_target/wp_full_path_disclosure.rb
View File

@@ -7,10 +7,15 @@ class WpTarget < WebSite
#
# @return [ Boolean ]
def has_full_path_disclosure?
response = Browser.get(full_path_disclosure_url())
response = Browser.get(full_path_disclosure_url)
response.body[%r{Fatal error}i] ? true : false
end
def full_path_disclosure_data
return nil unless has_full_path_disclosure?
Browser.get(full_path_disclosure_url).body[%r{<b>([^<]+\.php)</b>}, 1]
end
# @return [ String ]
def full_path_disclosure_url
@uri.merge('wp-includes/rss-functions.php').to_s

11
lib/wpscan/wp_target/wp_login_protection.rb
View File

@@ -8,7 +8,7 @@ class WpTarget < WebSite
@login_protection_plugin = nil
def has_login_protection?
!login_protection_plugin().nil?
!login_protection_plugin.nil?
end
# Checks if a login protection plugin is enabled
@@ -74,7 +74,7 @@ class WpTarget < WebSite
# http://wordpress.org/extend/plugins/login-security-solution/
def has_login_security_solution_protection?
Browser.get(login_security_solution_url()).code != 404
Browser.get(login_security_solution_url).code != 404
end
def login_security_solution_url
@@ -99,5 +99,12 @@ class WpTarget < WebSite
plugin_url('bluetrait-event-viewer')
end
# https://wordpress.org/plugins/security-protection/
def has_security_protection_protection?
Nokogiri::HTML(Browser.get(login_url).body).css('script').each do |node|
return true if node['src'] =~ /security-protection.js/i
end
false
end
end
end

2
lib/wpscan/wp_target/wp_must_use_plugins.rb
View File

@@ -10,7 +10,7 @@ class WpTarget < WebSite
response = Browser.get(must_use_url)
if response && WpTarget.valid_response_codes.include?(response.code)
hash = WebSite.page_hash(response.body)
hash = WebSite.page_hash(response)
return true if hash != error_404_hash && hash != homepage_hash
end

2
lib/wpscan/wp_target/wp_readme.rb
View File

@@ -10,7 +10,7 @@ class WpTarget < WebSite
#
# @return [ Boolean ]
def has_readme?
response = Browser.get(readme_url())
response = Browser.get(readme_url)
unless response.code == 404
return response.body =~ %r{wordpress}i ? true : false

11
lib/wpscan/wpscan_helper.rb
View File

@@ -112,9 +112,14 @@ def help
end
# Hook to check if the target if down during the scan
# The target is considered down after 10 requests with status = 0
down = 0
# And have the number of requests performed to display at the end of the scan
# The target is considered down after 30 requests with status = 0
down = 0
@total_requests_done = 0
Typhoeus.on_complete do |response|
down += 1 if response.code == 0
fail 'The target seems to be down' if down >= 10
@total_requests_done += 1
fail 'The target seems to be down' if down >= 30
end

10
lib/wpscan/wpscan_options.rb
View File

@@ -41,7 +41,8 @@ class WpscanOptions
:cache_ttl,
:request_timeout,
:connect_timeout,
:max_threads
:max_threads,
:no_banner
]
attr_accessor *ACCESSOR_OPTIONS
@@ -53,7 +54,9 @@ class WpscanOptions
end
def url=(url)
raise 'Empty URL given' if !url
raise Exception.new('Empty URL given') if url.nil? || url == ''
url = Addressable::URI.parse(url).normalize.to_s unless url.ascii_only?
@url = URI.parse(add_http_protocol(url)).to_s
end
@@ -271,7 +274,8 @@ class WpscanOptions
['--batch', GetoptLong::NO_ARGUMENT],
['--no-color', GetoptLong::NO_ARGUMENT],
['--cookie', GetoptLong::REQUIRED_ARGUMENT],
['--log', GetoptLong::NO_ARGUMENT]
['--log', GetoptLong::NO_ARGUMENT],
['--no-banner', GetoptLong::NO_ARGUMENT]
)
end

138
lib/wpstools/plugins/checker/checker_plugin.rb
View File

@@ -1,138 +0,0 @@
# encoding: UTF-8
class CheckerPlugin < Plugin
def initialize
super(author: 'WPScanTeam - @erwanlr')
register_options(
['--check-vuln-ref-urls', '--cvru', 'Check all the vulnerabilities reference urls for 404'],
['--check-local-vulnerable-files LOCAL_DIRECTORY', '--clvf', 'Perform a recursive scan in the LOCAL_DIRECTORY to find vulnerable files or shells']
)
end
def run(options = {})
if options[:check_vuln_ref_urls]
check_vuln_ref_urls
end
if options[:check_local_vulnerable_files]
check_local_vulnerable_files(options[:check_local_vulnerable_files])
end
end
def check_vuln_ref_urls
vuln_ref_files = [PLUGINS_VULNS_FILE, THEMES_VULNS_FILE, WP_VULNS_FILE]
error_codes = [404, 500, 403]
not_found_regexp = %r{No Results Found|error 404|ID Invalid or Not Found}i
puts '[+] Checking vulnerabilities reference urls'
vuln_ref_files.each do |vuln_ref_file|
json = json(vuln_ref_file)
urls = []
json.each do |asset|
asset[asset.keys.inject]['vulnerabilities'].each do |url|
unless url['url'].nil?
url['url'].each do |url|
urls << url
end
end
end
end
urls.uniq!
puts "[!] No URLs found in #{vuln_ref_file}!" if urls.empty?
dead_urls = []
queue_count = 0
request_count = 0
browser = Browser.instance
hydra = browser.hydra
number_of_urls = urls.size
urls.each do |url|
request = browser.forge_request(url, { cache_ttl: 0, followlocation: true })
request_count += 1
request.on_complete do |response|
print "\r [+] Checking #{vuln_ref_file} #{number_of_urls} total ... #{(request_count * 100) / number_of_urls}% complete."
if error_codes.include?(response.code) or not_found_regexp.match(response.body)
dead_urls << url
end
end
hydra.queue(request)
queue_count += 1
if queue_count == browser.max_threads
hydra.run
queue_count = 0
end
end
hydra.run
puts
unless dead_urls.empty?
dead_urls.each { |url| puts " Not Found #{url}" }
end
end
end
def check_local_vulnerable_files(dir_to_scan)
if Dir.exist?(dir_to_scan)
xml_file = LOCAL_FILES_FILE
local_hashes = {}
file_extension_to_scan = '*.{js,php,swf,html,htm}'
print '[+] Generating local hashes ... '
Dir[File.join(dir_to_scan, '**', file_extension_to_scan)]
.select { |f| File.file?(f) }
.each do |filename|
sha1sum = Digest::SHA1.file(filename).hexdigest
if local_hashes.key?(sha1sum)
local_hashes[sha1sum] << filename
else
local_hashes[sha1sum] = [filename]
end
end
puts 'done.'
puts '[+] Checking for vulnerable files ...'
xml = xml(xml_file)
xml.xpath('//hash').each do |node|
sha1sum = node.attribute('sha1').text
if local_hashes.has_key?(sha1sum)
local_filenames = local_hashes[sha1sum]
vuln_title = node.search('title').text
vuln_filename = node.search('file').text
vuln_refrence = node.search('reference').text
puts " #{vuln_filename} found :"
puts ' | Location(s):'
local_filenames.each do |file|
puts " | - #{file}"
end
puts ' |'
puts " | Title: #{vuln_title}"
puts " | Refrence: #{vuln_refrence}" if !vuln_refrence.empty?
puts
end
end
puts 'done.'
else
puts "The supplied directory '#{dir_to_scan}' does not exist"
end
end
end

91
lib/wpstools/plugins/checker/checker_spelling.rb
View File

@@ -1,91 +0,0 @@
# encoding: UTF-8
class CheckerSpelling < Plugin
def initialize
super(author: 'WPScanTeam - @ethicalhack3r')
register_options(['--spellcheck', '--sc', 'Check all files for common spelling mistakes.'])
end
def run(options = {})
spellcheck if options[:spellcheck]
end
def spellcheck
mistakes = 0
puts '[+] Checking for spelling mistakes'
puts
files.each do |file_name|
if File.exists?(file_name)
file = File.open(file_name, 'r')
misspellings.each_key do |misspelling|
begin
file.read.scan(/#{misspelling}/).each do |match|
mistakes += 1
puts "[MISSPELLING] File: #{file_name} Bad: #{match} Good: #{misspellings[misspelling]}"
end
rescue => e
puts "Error in #{file_name} #{e}"
next
end
end
file.close
end
end
puts
puts "[+] Found #{mistakes} spelling mistakes"
mistakes
end
def misspellings
{
/databse/i => 'database',
/whith/i => 'with',
/wich/i => 'which',
/verions/i => 'versions',
/vulnerabilitiy/i => 'vulnerability',
/unkown/i => 'unknown',
/recieved/i => 'received',
/acheive/i => 'achieve',
/wierd/i => 'weird',
/untill/i => 'until',
/alot/i => 'a lot',
/randomstorm/ => 'RandomStorm',
/wpscan/ => 'WPScan',
/Wordpress/ => 'WordPress'
}
end
def files
files = Dir['**/*'].reject {|fn| File.directory?(fn) }
ignore.each do |ignore|
files.delete_if { |data| data.match(ignore) }
end
files
end
def ignore
ignore = []
ignore << File.basename(__FILE__)
ignore << 'spec/cache/'
ignore << 'spec/spec_session/'
ignore << 'cache/'
ignore << 'coverage/'
ignore << 'wordlist-iso-8859-1'
ignore << 'log.txt'
ignore << 'debug.log'
ignore << 'wordlist.txt'
ignore
end
end

106
lib/wpstools/plugins/stats/stats_plugin.rb
View File

@@ -1,106 +0,0 @@
# encoding: UTF-8
class StatsPlugin < Plugin
def initialize
super(author: 'WPScanTeam - Christian Mehlmauer')
register_options(
['--stats', '-s', 'Show WpScan Database statistics.']
)
end
def run(options = {})
if options[:stats]
date_wp = File.mtime(WP_VULNS_FILE)
date_plugins = File.mtime(PLUGINS_VULNS_FILE)
date_themes = File.mtime(THEMES_VULNS_FILE)
date_plugins_full = File.mtime(PLUGINS_FULL_FILE)
date_themes_full = File.mtime(THEMES_FULL_FILE)
puts "WPScan Database Statistics:"
puts "---------------------------"
puts
puts "[#] Total vulnerable versions: #{vuln_core_count}"
puts "[#] Total vulnerable plugins: #{vuln_plugin_count}"
puts "[#] Total vulnerable themes: #{vuln_theme_count}"
puts
puts "[#] Total version vulnerabilities: #{version_vulns_count}"
puts "[#] Total fixed vulnerabilities: #{fix_version_count}"
puts
puts "[#] Total plugin vulnerabilities: #{plugin_vulns_count}"
puts "[#] Total fixed vulnerabilities: #{fix_plugin_count}"
puts
puts "[#] Total theme vulnerabilities: #{theme_vulns_count}"
puts "[#] Total fixed vulnerabilities: #{fix_theme_count}"
puts
puts "[#] Total plugins to enumerate: #{total_plugins}"
puts "[#] Total themes to enumerate: #{total_themes}"
puts
puts "[+] WordPress DB modified: #{date_wp.strftime('%Y-%m-%d %H:%M:%S')}"
puts "[+] Plugins DB modified: #{date_plugins.strftime('%Y-%m-%d %H:%M:%S')}"
puts "[+] Themes DB modified: #{date_themes.strftime('%Y-%m-%d %H:%M:%S')}"
puts "[+] Enumeration plugins: #{date_plugins_full.strftime('%Y-%m-%d %H:%M:%S')}"
puts "[+] Enumeration themes: #{date_themes_full.strftime('%Y-%m-%d %H:%M:%S')}"
puts
puts "[+] Report generated: #{Time.now.strftime('%Y-%m-%d %H:%M:%S')}"
end
end
def vuln_core_count(file=WP_VULNS_FILE)
json(file).size
end
def vuln_plugin_count(file=PLUGINS_VULNS_FILE)
json(file).size
end
def vuln_theme_count(file=THEMES_VULNS_FILE)
json(file).size
end
def version_vulns_count(file=WP_VULNS_FILE)
asset_vulns_count(json(file))
end
def fix_version_count(file=WP_VULNS_FILE)
asset_fixed_in_count(json(file))
end
def plugin_vulns_count(file=PLUGINS_VULNS_FILE)
asset_vulns_count(json(file))
end
def fix_plugin_count(file=PLUGINS_VULNS_FILE)
asset_fixed_in_count(json(file))
end
def theme_vulns_count(file=THEMES_VULNS_FILE)
asset_vulns_count(json(file))
end
def fix_theme_count(file=THEMES_VULNS_FILE)
asset_fixed_in_count(json(file))
end
def total_plugins(file=PLUGINS_FULL_FILE)
lines_in_file(file)
end
def total_themes(file=THEMES_FULL_FILE)
lines_in_file(file)
end
def lines_in_file(file)
IO.readlines(file).size
end
def asset_vulns_count(json)
json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].size }.inject(:+)
end
def asset_fixed_in_count(json)
json.map { |asset| asset[asset.keys.inject]['vulnerabilities'].map {|a| a['fixed_in'].nil? ? 0 : 1 }.inject(:+) }.inject(:+)
end
end

20
lib/wpstools/wpstools_helper.rb
View File

@@ -1,20 +0,0 @@
# encoding: UTF-8
require File.expand_path(File.dirname(__FILE__) + '/../common/common_helper')
require_files_from_directory(WPSTOOLS_LIB_DIR)
require_files_from_directory(WPSTOOLS_PLUGINS_DIR, '**/*.rb')
def usage
script_name = $0
puts
puts '-h for further help.'
puts
puts 'Examples:'
puts
puts 'Locally scan a wordpress installation for vulnerable files or shells'
puts "ruby #{script_name} --check-local-vulnerable-files /var/www/wordpress/"
puts
puts 'See README for further information.'
puts
end

15
spec/lib/common/browser_spec.rb
View File

@@ -64,7 +64,7 @@ describe Browser do
it 'raises an error' do
File.symlink('./testfile', config_file)
expect { browser.load_config(config_file) }.to raise_error("[ERROR] Config file is a symlink.")
expect { browser.load_config(config_file) }.to raise_error('[ERROR] Config file is a symlink.')
File.unlink(config_file)
end
end
@@ -130,7 +130,7 @@ describe Browser do
headers: { 'User-Agent' => 'SomeUA' },
ssl_verifypeer: false, ssl_verifyhost: 0,
cookiejar: cookie_jar, cookiefile: cookie_jar,
timeout: 2000, connecttimeout: 1000,
timeout: 60, connecttimeout: 10,
maxredirs: 3,
referer: nil
}
@@ -147,7 +147,6 @@ describe Browser do
@expected = default_expectation
end
context 'when @proxy' do
let(:proxy) { '127.0.0.1:9050' }
let(:proxy_expectation) { default_expectation.merge(proxy: proxy) }
@@ -166,11 +165,19 @@ describe Browser do
end
end
context 'when @request_timeout' do
it 'gives an Integer' do
browser.request_timeout = '10'
@expected = default_expectation.merge(timeout: 10)
end
end
context 'when @basic_auth' do
it 'appends the basic_auth' do
browser.basic_auth = 'user:pass'
@expected = default_expectation.merge(
headers: default_expectation[:headers].merge('Authorization' => 'Basic '+Base64.encode64('user:pass').chomp)
headers: default_expectation[:headers].merge('Authorization' => 'Basic ' + Base64.encode64('user:pass').chomp)
)
end
end

2
spec/lib/common/cache_file_store_spec.rb
View File

@@ -92,7 +92,7 @@ describe CacheFileStore do
it 'should create a unique storage dir' do
storage_dirs = []
(1..5).each do |i|
(1..5).each do |_|
storage_dirs << CacheFileStore.new(cache_dir).storage_path
end

20
spec/lib/common/models/wp_theme/findable_spec.rb
View File

@@ -17,10 +17,9 @@ describe 'WpTheme::Findable' do
wp_theme = WpTheme.send(:find_from_css_link, uri)
if @expected
expect(wp_theme).to be_a WpTheme
end
expect(wp_theme).to be_a WpTheme if @expected
expect(wp_theme).to eq @expected
expect(wp_theme.wp_content_dir).to eql 'wp-content' if @expected
end
context 'when theme is not present' do
@@ -59,6 +58,13 @@ describe 'WpTheme::Findable' do
end
end
# This one might introduce FP btw
context 'when leaked from comments' do
it 'returns the WpTheme' do
@file = 'comments.html'
@expected = WpTheme.new(uri, name: 'debug')
end
end
end
describe '::find_from_wooframework' do
@@ -96,7 +102,6 @@ describe 'WpTheme::Findable' do
@expected = WpTheme.new(uri, name: 'Editorial', version: '1.3.5')
end
end
end
describe '::find' do
@@ -109,7 +114,6 @@ describe 'WpTheme::Findable' do
context 'when a method is named s_find_from_s' do
it 'does not call it' do
class WpTheme
module Findable
extend self
@@ -117,7 +121,7 @@ describe 'WpTheme::Findable' do
end
end
stub_all_to_nil()
stub_all_to_nil
expect { WpTheme.find(uri) }.to_not raise_error
end
@@ -125,7 +129,7 @@ describe 'WpTheme::Findable' do
context 'when the theme is not found' do
it 'returns nil' do
stub_all_to_nil()
stub_all_to_nil
expect(WpTheme.find(uri)).to be_nil
end
@@ -133,7 +137,7 @@ describe 'WpTheme::Findable' do
context 'when the theme is found' do
it 'returns it, with the :found_from set' do
stub_all_to_nil()
stub_all_to_nil
stub_request(:get, /.+\/the-oracle\/style.css$/).to_return(status: 200)
expected = WpTheme.new(uri, name: 'the-oracle')

6
spec/lib/common/models/wp_version/findable_spec.rb
View File

@@ -178,7 +178,7 @@ describe 'WpVersion::Findable' do
context 'when no version found' do
it 'returns nil' do
stub_all_to_nil()
stub_all_to_nil
@expected = nil
end
end
@@ -188,8 +188,8 @@ describe 'WpVersion::Findable' do
found_from = method[/^find_from_(.*)/, 1].sub('_', ' ')
context "when found from #{found_from}" do
it "returns the correct WpVersion" do
stub_all_to_nil()
it 'returns the correct WpVersion' do
stub_all_to_nil
allow(WpVersion).to receive(method).and_return(number)

8
spec/lib/common/models/wp_version_spec.rb
View File

@@ -29,4 +29,12 @@ describe WpVersion do
end
end
describe '#all' do
let(:versions_file) { File.join(MODELS_FIXTURES, 'wp_version', 'findable', 'advanced_fingerprinting', 'wp_versions.xml') }
it 'returns the array containign the two versions' do
expect(WpVersion.all(versions_file)).to eq ['3.2.1', '3.2']
end
end
end

22
spec/lib/wpscan/web_site_spec.rb
View File

@@ -17,7 +17,7 @@ describe 'WebSite' do
)
end
describe "#new" do
describe '#new' do
its(:url) { is_expected.to be === 'http://example.localhost/' }
end
@@ -68,14 +68,14 @@ describe 'WebSite' do
describe '#xml_rpc_url' do
it 'returns the xmlrpc url' do
expect(web_site.xml_rpc_url).to be === "http://example.localhost/xmlrpc.php"
expect(web_site.xml_rpc_url).to be === 'http://example.localhost/xmlrpc.php'
end
end
describe '#has_xml_rpc?' do
it 'returns true' do
stub_request(:get, web_site.xml_rpc_url).
to_return(status: 200, body: "XML-RPC server accepts POST requests only")
to_return(status: 200, body: 'XML-RPC server accepts POST requests only')
expect(web_site).to have_xml_rpc
end
@@ -116,12 +116,24 @@ describe 'WebSite' do
expect(web_site.redirection).to eql absolute_location
end
context 'when starts with a ?' do
it 'returns the absolute URI' do
relative_location = '?p=blog'
absolute_location = web_site.uri.merge(relative_location).to_s
stub_request(:get, web_site.url).to_return(status: 301, headers: { location: relative_location })
stub_request(:get, absolute_location)
expect(web_site.redirection).to eql absolute_location
end
end
end
context 'when multiple redirections' do
it 'returns the last redirection' do
first_redirection = 'www.redirection.com'
last_redirection = 'redirection.com'
first_redirection = 'http://www.redirection.com'
last_redirection = 'http://redirection.com'
stub_request(:get, web_site.url).to_return(status: 301, headers: { location: first_redirection })
stub_request(:get, first_redirection).to_return(status: 302, headers: { location: last_redirection })

16
spec/lib/wpscan/wp_target_spec.rb
View File

@@ -4,6 +4,7 @@ require File.expand_path(File.dirname(__FILE__) + '/wpscan_helper')
describe WpTarget do
subject(:wp_target) { WpTarget.new(target_url, options) }
subject(:wp_target_custom) { WpTarget.new(target_url, options_custom) }
let(:target_url) { 'http://example.localhost/' }
let(:fixtures_dir) { SPEC_FIXTURES_WPSCAN_WP_TARGET_DIR }
let(:login_url) { wp_target.uri.merge('wp-login.php').to_s }
@@ -15,6 +16,14 @@ describe WpTarget do
wp_plugins_dir: 'wp-content/plugins'
}
}
let(:options_custom) {
{
config_file: SPEC_FIXTURES_CONF_DIR + '/browser.conf.json',
cache_ttl: 0,
wp_content_dir: 'custom-content',
wp_plugins_dir: 'custom-content/plugins'
}
}
before { Browser::reset }
@@ -69,6 +78,11 @@ describe WpTarget do
expect(wp_target).to be_wordpress
end
it 'returns true if a custom content directory is detected' do
stub_request_to_fixture(url: wp_target_custom.url, fixture: fixtures_dir + '/wp_content_dir/wordpress-3.4.1-custom.htm')
expect(wp_target_custom).to be_wordpress
end
it 'returns true if the xmlrpc is found' do
stub_request(:get, wp_target.xml_rpc_url).
to_return(status: 200, body: File.new(fixtures_dir + '/xmlrpc.php'))
@@ -135,7 +149,7 @@ describe WpTarget do
after :each do
allow(wp_target).to receive_messages(wp_content_dir: 'wp-content')
stub_request_to_fixture(url: wp_target.debug_log_url(), fixture: @fixture)
stub_request_to_fixture(url: wp_target.debug_log_url, fixture: @fixture)
expect(wp_target.has_debug_log?).to be === @expected
end

5
spec/lib/wpscan/wpscan_options_spec.rb
View File

@@ -32,6 +32,11 @@ describe 'WpscanOptions' do
@wpscan_options.url = url
expect(@wpscan_options.url).to be === url
end
it 'should encode IDN' do
@wpscan_options.url = 'http://пример.испытание/'
expect(@wpscan_options.url).to be === 'http://xn--e1afmkfd.xn--80akhbyknj4f/'
end
end
describe '#threads=' do

47
spec/lib/wpstools/plugins/stats/stats_plugin_spec.rb
View File

@@ -1,47 +0,0 @@
# encoding: UTF-8
require File.expand_path(File.dirname(__FILE__) + '/../../wpstools_helper')
describe 'StatsPlugin' do
subject(:stats) { StatsPlugin.new }
let(:plugins_vulns) { MODELS_FIXTURES + '/wp_plugin/vulnerable/plugins_vulns.json' }
let(:themes_vulns) { MODELS_FIXTURES + '/wp_theme/vulnerable/themes_vulns.json' }
let(:plugins_file) { COLLECTIONS_FIXTURES + '/wp_plugins/detectable/targets.txt' }
let(:themes_file) { COLLECTIONS_FIXTURES + '/wp_themes/detectable/targets.txt'}
describe '#vuln_plugin_count' do
it 'returns the correct number' do
expect(stats.vuln_plugin_count(plugins_vulns)).to eq 2
end
end
describe '#vuln_theme_count' do
it 'returns the correct number' do
expect(stats.vuln_theme_count(themes_vulns)).to eq 2
end
end
describe '#plugin_vulns_count' do
it 'returns the correct number' do
expect(stats.plugin_vulns_count(plugins_vulns)).to eq 3
end
end
describe '#theme_vulns_count' do
it 'returns the correct number' do
expect(stats.theme_vulns_count(themes_vulns)).to eq 3
end
end
describe '#total_plugins' do
it 'returns the correct numer' do
expect(stats.total_plugins(plugins_file)).to eq 3
end
end
describe '#total_themes' do
it 'returns the correct numer' do
expect(stats.total_themes(themes_file)).to eq 3
end
end
end

4
spec/lib/wpstools/wpstools_helper.rb
View File

@@ -1,4 +0,0 @@
# encoding: UTF-8
require 'spec_helper'
require WPSTOOLS_LIB_DIR + '/wpstools_helper'

103
spec/samples/common/models/wp_item/versionable/a-lead-capture-contact-form-and-tab-button-by-awebvoicecom.txt Normal file
View File

@@ -0,0 +1,103 @@
=== A Capture Contact Form (and tab) by AWebVoice.com ===
Contributors: AWebVoice
Donate link:
Tags: contact form, web form, capture contact form, response forms, captcha form, get response, contact me, contact form 7
Requires at least: 2.0.2
Tested up to: 3.1.1
Stable tag: trunk
Get a contact form and a contact button. Capture your visitors and turn them into customers!
== Description ==
A fully customizable contact form on your WordPress blog. And a contact tab to increase customer interaction. Join our fast growing users base who have chosen AWebVoice as their contact form of choice!
= Get your FREE Contact Form plugin for Wordpress =
Our Contact Form plugin is full of features that no other wordpress contact form can offer. See for yourself, below are a few of the features we offer:
* Add a customized contact form to your Wordpress blog which includes a message, contact's email, name, phone number and more!
* Create and customize your contact form settings right from within your Wordpress Admin Panel
* Include your logo, business contact info, even social links right on your contact form
* Notifications: Get a contacts message notifications to your inbox!
* Setup multiple autoresponder for your contact form so your visitors get an instant message from you
* Take your autoresponders to the next level, and ask your contact to join your email list.
* Setup a custom success message or URL for your contact form
* Each form has built in ROI tracking
* Increases conversion: Include a custom “Contact” tab to the side of your wordpress blog that pops up your contact form.
* ...these features will always be free, but go to the next level and get many more features for your contact form!
= More than a Contact Form =
Behind the AWebVoice wordpress plugin contact form is a suite of online tools to effectively manage all of your leads, contacts, and marketing ROI needs. As leads come in from your contact form, those contacts are automatically added to your online contacts database. From there, access information about each contact, send emails to each contact, and fully track, organize, and manage your communications. AWebVoice.com is designed to scale from single person offices to Fortune 500 companies -- and it is created on the very largest online database has to offer.
= And it is easy to get start =
AWebVoice.com’s contact form is FREE and is the easiest wordpress contact form to use. We think you will agree, give it a try sign up now:
www.awebvoice.com.
== Installation ==
= Option 1: Install the plugin via your Wordpress admin panel =
1. Login to your Wordpress system which should take you to the Dashboard of your Wordpress account.
1. Click the "Plugins" menu on the left menu bar. The choose "Add New".
1. Search for "AWebVoice", "Contact " or "contact form".
1. Click Install Now, the "Contact Form" by AWebVoice.com.
1. After installation has finished, you need to activate the plugin.
1. You should see the AWebVoice plugin listed in the available plugins. Click the "Activate" link.
1. Next, click the "Settings" menu on the left menu bar and choose "AWebVoice Form"
1. A form will be presented. Enter the e-mail address to receive contact form messages, and click "Create Account".
1. Your AWebVoice tab-button and contact form have been installed and are working on your blog.
= Option 2: Manual plugin installation =
1. Click on the red "Download Version x.x" button on the right side of this page.
1. After the download has finished, extract the files.
1. Upload the "awebvoivce" folder to your server in "/wp-content/plugins" directory
1. Login to you Wordpress system which should take you to the admin panel or Dashboard. Click on "Plugins" menu.
1. You should see the AWebVoice plugin listed in the available plugins. Click the "Activate" link.
1. Then click on the "Settings" menu in the left side menu bar. Choose "AWebVoice Form"
1. A form will be presented. Enter the e-mail address to receive contact form messages, and click "Create Account".
1. Your AWebVoice tab-button and contact form have been installed and are working on your blog.
== Frequently Asked Questions ==
= What is Contact Form by AWebVoice.com? =
Unlike other contact form providers like contact form 7, you will never have to touch a line of code to create, edit, or modify your contact form. Just install the Awebvoice.com contact form plugin, choose the email address you want your form submissions to go to, and that is it. Your new contacts are delivered to the specified email address AND stored in an online database under your name. Your contacts are yours and not shared with others. How you use your new contacts is up to you.
= Can I customize my contact form? =
Yes. Editing a form is quick and easy. In your WordPress administration page, click on Settings. Click on the AWebVoice plugin and click the modify button to edit your contact form. (You may have to login first to AWebVoice.com) With the AWebVoice contact form editor, you can create a beautiful and customized contact forms, including your logo, your address and phone, and more.
= What is the AWebVoice tab-button? =
The tab-button is a button that sits on the side of your blog and maintains position even as your visitors scroll. Your potential new contacts or existing contacts are only one click away from sending you a message! When the button is clicked, your contact form pops right up in a nice modal window, darkening the rest of the screen and focusing the user on completing your contact form. This AWebVoice tab-button and contact form combination has been proven improve conversions on a website by over 45%.
= What other unique features do you offer? =
Many more features. AWebVoice is a full featured email, newsletter, coupon marketing system. The tab-button and contact form will always be free. But if you need more, such as self-managed email lists, we have it. We also have ROI reports so you can track your contact form and blog success rate. The AWebVoice Email/Newsletter management system is a subscription based system. We want to help you get started, and once the task of managing your contact list get too large, we are there to support your efforts. AWebVoice is the most effective marketing tool a small or large business can have.
Get your free AWebVoice contact form today and start watching your leads grow!
== Screenshots ==
1. Contact Form Admin Panel
2. A Contact Form
3. Contact Tab-Button on the Blog (click opens contact form)
== Change Log ==
= Coming Soon =
* Contact Form: More custom from fields for your contact form
* Contact Form: More languages for button and contact form
= 3.1 =
* Initial WordPress Release.
* Analytics included in Contact Form
* Custom form fields for your contact form
* Form title is editable
== Upgrade Notice ==
= 1.0 =
Upgrade notices when available will be described in this section.
= Languages =
* English: Available contact form and button

13
spec/samples/common/models/wp_item/versionable/aa-health-calculator.txt Normal file
View File

@@ -0,0 +1,13 @@
=== Plugin Name ===
AA health calculator
Tags:aa ,health,calculator
Requires at least:4.0
Tested up to:4.0
Stable tag:aahealthcalculator
License: GPL
Contributors :A and A
==Description==
use [health] shortcode

215
spec/samples/common/models/wp_item/versionable/advanced-most-recent-posts-mod.txt Normal file
View File

@@ -0,0 +1,215 @@
=== Advanced Most Recent Posts Mod ===
Contributors: yakuphan, trepmal
Tags: Advanced, recent, recent posts, most recent, category posts, thumbnail
Donate link: http://kaileylampert.com/donate/
Requires at least: 2.8
Tested up to: 3.2.1
Stable tag: trunk
Based off the Advanced Most Recent Posts plugin by Yakup GÃVLER. Display most recent posts from selected categories or current category or all categories with thumbnail images (optional).
== Description ==
Advanced Most Recent Posts Widget displays your recent posts with thumbnail images (optional). It gets posts from selected categories or current category or all categories. When your visitors are at home, it gets posts from all posts or selected category. If you set 'Get posts from current category', when visitors see single post, widget lists posts in the same category of single post or when visitors click a category link, it gets posts from current category.
Check out a brand new plugin inspired by this one: [Mini Loops](http://wordpress.org/extend/plugins/mini-loops/)
I'm bad at support (not intentionally). If you have questions: check the forums, then check [my blog post's comment thread](http://trepmal.com/plugins/advanced-most-recent-posts-mod/#comments). If that doesn't work, post to the forums (there are awesome volunteers out there!) and get my attention by pinging me on twitter [@trepmal](http://twitter.com/trepmal).
== Installation ==
= Installation =
1. Make sure you are running WordPress version 2.8 or better. It won't work with older versions.
2. Download the zip file and extract the contents.
3. Upload the 'advanced-most-recent-posts' folder (wp-content/plugins/).
4. Activate the plugin through the 'plugins' page in WP.
5. See 'Appearance'->'Widgets' to place it on your sidebar. Set the settings.
== Frequently Asked Questions ==
= How can I set it to get posts from current category? =
Select checkbox on widget's settings called 'Get posts from current category'.
= I want to display only the posts in two categories. =
You have to write their category's ids -separated with a comma- to 'Categories' textbox.
= I don't use Widgets. How can use this widget? =
template tag: `yg_recentposts( $args )`
shortcode: `[amrp]` with args
Original author's [website](http://www.yakupgovler.com/?p=1033).
= .... Image alignment .... =
If you need serious customization, please go learn CSS. I will not provide extensive CSS support. (Sorry - there are just far too many variations, and I do all this in my spare time)
The most frequest request I get has to do with aligning the image to the right or left. To get started with customization, create a file called amrp-styles.php (really, any name will do) and upload it to `wp-content/mu-plugins` (you may need to create this directory).
In that file, paste the following
`<?php
/*
AMRP Styles
*/
add_action('wp_head', 'amrp_styles');
function amrp_styles() {
?>
<style type="text/css">
.advanced-recent-posts {
/* remove bullet points */
list-style-type: none;
}
.advanced-recent-posts li {
}
.advanced-recent-posts li a {
}
.advanced-recent-posts li img {
float: right; /* change to left if you'd prefer */
margin: 3px;
}
</style>
<?php
}`
Of course, if you have the skills, feel free to relocate that CSS.
== Screenshots ==
1. Widget's screenshot in 'Appearance'->'Widgets'
2. (original version) Widget's screenshot in 'Appearance'->'Widgets'
== Options ==
Widget's options allow you to change your recent posts list displaying.
= Title: =
Your recent posts widget's title on your sidebar.
= Title Link: =
The page the title should link to.
= Hide Post Title: =
Check to hide post title in output. useful for thumbnail-only displays
= Separator: =
The character to use to separate the title from the excerpt.
= After Excerpt: =
What should appear after the excerpt
= After Excerpt Link: =
should the 'after excerpt' text link to the post? useful if 'after excerpt' read like "read more..."
= Show: =
The post type to be displayed.
= Number of posts to show: =
How many posts to display
= Excerpt length (letters) =
You know that
= Thumbnail Custom Field Name =
If you want to display the thumbnail of your posts via a custom field, write its name.
= Height - Width =
Images size.
= Get first image of post =
If you don't want to use custom field, plugin will get first image from your post content.
= Get first attached image of post =
Plugin gets first attached image of post.
= Default image =
If post has no image, plugin display this image. Ex: http://www.yakupgovler.com/default-image.png
Notice: If you use three options, plugin uses custom field image firstly. If the post has no custom field, it gets first image from content. At last it gets first attached image. I suggest not to use "Get first image of post" for performance. It queries much more.
= Show Author =
If checked, shows author next to title
= Show Post Timestamp =
If checked, shows post timestamp
= Time format =
The format to be used when displaying the timestamp
= Put time =
A placement option for the post timestamp
= Categories =
Plugin gets posts in these categories. (Category IDs, separated by commas.)
= Get posts from current category: =
Posts will be get from current category (single post's category or current category).
== Upgrade Notice ==
= 1.6.5 =
bugfix: 'after excerpt' now appears as it should even if the link option is unchecked
Have you tried [Mini Loops](http://wordpress.org/extend/plugins/mini-loops/)?
= 1.6.4 =
moved image outside of title so it won't disappear if 'hide title' is checked
undefined variable bug fix
= 1.6.3 =
fixed after-excerpt-link bug
= 1.6 =
Future updates will assume you have at least this release.
== Changelog ==
= 1.6.5.2 =
* it title is empty, show nothing not default
= 1.6.5.1 =
* updated POT file
= 1.6.5 =
* bugfix: 'after excerpt' now appears as it should even if the link option is unchecked
= 1.6.4 =
* moved image outside of title so it won't disappear if 'hide title' is checked
* undefined variable bug fix
= 1.6.3 =
* fixed after-excerpt-link bug
= 1.6.2 =
* shortcode fixes for 'limit' (really should be 'shownum' - now both work) and height/width
= 1.6.1 =
* author fix
= 1.6 =
* remove 20 post limit
* option to display posts in reverse order
* excerpt by *word* count option
* post-offset option
= 1.5 =
* *dev release*
* option to hide post title
* option to specify the '...' after excerpt
= 1.4.1 =
* fixed double echo issue
= 1.4 =
* added support for shortcodes, show author option and post-type choice
= 1.3 =
* fixed timestamp bug, added timestamp placement option
= 1.2 =
* added support for setting a title link, choosing a title/content separator, and displaying post timestamp
= 1.1 =
* (original plugin) Fixed a bug. If you don't set image dimensions, it displays thumbnail wrong.
= Version 1.0 =
* Initial release version.

39
spec/samples/common/models/wp_item/versionable/all-in-one-facebook.txt Normal file
View File

@@ -0,0 +1,39 @@
=== All In One Facebook ===
Contributors: rahadgp
Donate link:
Tags: facebook,Social Networking,Wordpress Facebook widget, twiter widget
Requires at least: 3.3
Tested up to: 3.8
Stable tag: all in one facebook
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
With this widget and plugin combination , you can display a customizable JQUERY accordion which gathers Facebook social plugins together with option which to be display or which you don't want to display in your side bar or widget area, and by the plugin you can set short code for each and every thing what you want to put in your post on your website .
== Description ==
With this widget , you can display a customizable frame which gathers Facebook social plugins together with option which to be display or which you don't want to display in your side bar or widget area, and by the plugin you can set short code for each and every thing what you want to put in your post on your website . As a whole new feature like and share feature has been implemented with like box, recommends and twitter feed integration.
== Installation ==
1. Upload `plugin-name.php` to the `/wp-content/plugins/` directory
1. Activate the plugin through the 'Plugins' menu in WordPress
== Frequently asked questions ==
== Screenshots ==
1. Setting Page for the facebook plugin
2. Setting page
3. Setting Page
== Changelog ==
== Upgrade notice ==
== Arbitrary section 1 ==

224
spec/samples/common/models/wp_item/versionable/backup-scheduler.txt Normal file
View File

@@ -0,0 +1,224 @@
=== Backup Scheduler ===
Author: SedLex
Contributors: SedLex
Author URI: http://www.sedlex.fr/
Plugin URI: http://wordpress.org/plugins/backup-scheduler/
Tags: backup, schedule, plugin, save, database, zip
Requires at least: 3.0
Tested up to: 4.2
Stable tag: trunk
License: GPLv3
With this plugin, you may plan the backup of your entire website (folders, files and/or database).
== Description ==
With this plugin, you may plan the backup of your entire website (folders, files and/or database).
You can choose:
* which folders you want to save;
* the frequency of the backup process;
* whether your database should be saved;
* whether the backup is stored on the local website, sent by email or stored on a distant FTP (support of multipart zip files)
This plugin is under GPL licence
= Multisite - Wordpress MU =
This plugin is compatible with Multisite installation.
Each blog administrator may save their own data.
The super-admin may save either its data or the whole website. By saving the whole site, the admin may create different SQL files for the subsite in order to ease the restoration of a single sub-site.
= Localization =
* German (Switzerland) translation provided by PeterDbbert, BernhardKnab, scream
* German (Germany) translation provided by agent-test, agent, bartdev2000, Ditoran, GLassnig
* English (United States), default language
* Spanish (Spain) translation provided by Javier, AVfoto, charliechin, IgnacioCalvo, JordiVives, FelipeJAG
* Farsi (Iran) translation provided by sehrama.ir
* Finnish (Finland) translation provided by AnttiSilvola
* French (France) translation provided by SedLex, wkpixearts, Matthieu, mutmut, anonymous, noaneo, TonyLand
* Indonesian (Indonesia) translation provided by ceceparif
* Indonesian (Indonesia) translation provided by Faleddo
* Italian (Italy) translation provided by PuntoCon
* Dutch (Netherlands) translation provided by Matrix, WybAnema, Jay
* Polish (Poland) translation provided by Opti, Lukasz, pablo, Misiek, MarekMackiewicz, Darbo
* Portuguese (Brazil) translation provided by RainilsonRodriguis, GuiBeloto
* Portuguese (Portugal) translation provided by FranciscoRocha
* Russian (Russia) translation provided by GerinG, Slawka, Berdych
* Swedish (Sweden) translation provided by
* Thai (Thailand) translation provided by tontan
* Turkish (Turkey) translation provided by UfukArt
* Chinese (People's Republic of China) translation provided by YiscaJoe, jeffli
= Features of the framework =
This plugin uses the SL framework. This framework eases the creation of new plugins by providing tools and frames (see dev-toolbox plugin for more info).
You may easily translate the text of the plugin and submit it to the developer, send a feedback, or choose the location of the plugin in the admin panel.
Have fun !
== Installation ==
1. Upload this folder backup-scheduler to your plugin directory (for instance '/wp-content/plugins/')
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Navigate to the 'SL plugins' box
4. All plugins developed with the SL core will be listed in this box
5. Enjoy !
== Screenshots ==
1. A list of all backup files
2. The configuration page of the plugin
== Changelog ==
= 1.5.9 =
* NEW: Add icons
= 1.5.8 =
* NEW: Exclusion folder is now possible with regexp
= 1.5.7 =
* NEW: Exclusion folder enabled
* NEW: Detailed HOW TO
= 1.5.6 =
* BUG : Problem of activation with version of PHP below 5.2
= 1.5.5 =
* NEW : Take into account blogs.dir and site
= 1.5.4 =
* NEW : By saving the whole site, the admin may create different SQL files for the subsite in order to ease the restoration of a single sub-site.
= 1.5.3 =
* BUG: On some configuration, &lt;? is not supported
= 1.5.2 =
* NEW: You may now create subfolder in the FTP directory
* NEW: improve the look of the configuration page
= 1.5.1 =
* BUG: improve the summary mail
* NEW: indicate if the FTP transfer has been successful in the backend
* NEW: few enhancement in the framework
= 1.5.0 =
* Major improvement of the database backup
* the summary mail now displays the issues with the ftp transfer
= 1.4.0 -&gt; 1.4.4 =
* Change the URL of the plugin on Wordpress
* Some modification
* Some issues in the framework
* Cleaning the framework to avoid unnecessarly code
* A bug that do not delete the lock file when reseting the backup process
* Enhance the performance of the backup process and ensure error protection
* Improve the mail summary
* Enhance the feedback tab
* Improve the core
= 1.3.0 -&gt; 1.3.7 =
* FTP bug with some webhosting service
* FTP port may be changed
* The error message is muck more explicit
* Add a drop if exist in SQL table
* Bug with multisite and remove a false positive error with wordfence
* There was a bug in the regexp when the ftp were directed to the root folder without any slash at the end.
* Add deletion features when uninstalling the plugin
* Multisite compatible
* Improve the zip compatibilities
* Add log features
= 1.2.0 -&gt; 1.2.8 =
* Some spanned zip files were corrupted due to a bug in the index
* Remove short_open_tag
* Tuning to be able to work with very huge database
* Bug with NULL values in the database
* FTP support
* Full site backup is now possible
* Bug correction when SQL has NULL value
* Add a link to delete manually the backup (feature requested by Mirza)
* You can also force a new update without sending the emails
* Improve error management and memory leakage
= 1.1.0 -&gt; 1.1.5 =
* Bug in the sql file : date and time managements were incorrect
* Add a time option for choosing the best moment to perform an automatic backup
* Display bug correction
* Add instructions to restore the backup :)
* Improve memory and time management for database extraction
* Add error messages if it is impossible to read/delete/modify files
* Add time and memory management for constrained configuration
* Improving zip decompression and path
* Correction of a bug that occurs when server refuse to access / directory "open_basedir" restriction
* Update of the core
= 1.0.1 =
* First release in the wild web (enjoy)
== Frequently Asked Questions ==
= Forced backup never ends (but there is no displayed error) =
Be sure to stay on the configuration page : if you quit the page, the forced backup process will be killed !
= Scheduled backup is stucked =
Scheduled backup only works on website that have traffic.
Indeed, each visits triggers a piece of the backup process.
Thus, if there is no traffic, the schedule backup process wont't occur. If there is very little traffic, the backup will be very long, etc
= I have an error message indicating that another backup is running =
This message may happen if the chunk size is set quite high. For instance, 40 Mo is clearly too big and server server configuration of many webhosters will kill scripts which use too much memory.
Most of the case 5Mo is ok.
If you get this error, set the chunk size to 1Mo and if it solves your problem, increase this chunk size.
= Compatible Archive Software =
The backup will be in a multi-part format. In order to uncompress it, you should put all the backup in the same folder and open the .zip file with Winzip.
You may experience some "corruption" error. It is mainly due that archive software are not compatible with multi-part archives. I have tried with success:
* Winzip (version 16.0 tested),
* WinRar (some issue with UTF8 characters), and
* IZArc (some issue with UTF8 characters).
= NOT-Compatible Archive Software =
These software are *not* compatible with multi-part archives:
* 7-zip, and
* the Windows Explorer embedded function.
Do not hesitate to contact me if you face some issues.
= To restore the backups =
* install a fresh version of Wordpress on your server ;
* unzip the backup (actually, the zip file comprises a plurality of files i.e. a multi-part zip (zip, z01, z02, etc.). These files should be saved in a same folder and your zip program (such as IZArc, Winzip, Winrar, ...) will do the job for you...
* If you have configured to save the entire installation, replace all the wordpress files by the one in the zip file and import the SQL files (at the root of the zip file, the files named *.sql1, *sql2, etc.) in your database (with for instance phpmyadmin). It is recommended to save your database first ;
* In other cases, replace the 'plugins', 'themes', 'uploads' folders (in the wp-content folder) with the one in the archive, replace the wp-config.php (at the root of your wordpress repository) with the one at the root of the zip file and import the SQL files (at the root of the zip file, the files named *.sql1, *sql2, etc.) in your database (with for instance phpmyadmin). It is recommended to save your database first.
= The backup files are corrupted =
Be sure that all thz zip files (i.e. .zip, .z01, z02, etc.) are in the same folder.
If you have still this issue, please try with Winzip software.
* Where can I read more?
Visit http://www.sedlex.fr/cote_geek/
InfoVersion:f450b43eebb7570fb1ec0ce188b82e8eebae57cd

8
spec/samples/common/models/wp_item/versionable/beta1.txt Normal file
View File

@@ -0,0 +1,8 @@
Contributors: Ramoonus
Donate link: http://www.ramoonus.nl
Tags: Glow, javascript, bbc,
Requires at least: 3.9
Tested up to: 4.1
Stable tag: 2.0.0-beta1
This plugin adds BBCs Glow Javascript library to your set-up.

22
spec/samples/common/models/wp_item/versionable/blog-reordering.txt Normal file
View File

@@ -0,0 +1,22 @@
=== Blog Reordering ===
Contributors: The HungryCoder
Donate link: http://hungrycoder.xenexbd.com/payme
Tags: blog, ordering, reordering, arrangment, sorting
Requires at least: 2.6.2
Tested up to: 2.6.5
Stable Tag:
Rearrange you blog ordering.
== Description ==
Reorder your blog posts in multiple ways including custom ordering instead of typical datewise post display. You can also mark any post as sticky that will be always placed at top.
== Installation ==
This plugin is yet to finalize. Please do not install in live sites.
1. Upload archive to the `/wp-content/plugins/` directory and unzip.
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Make your ordering settings from Settings -> Blog Reordering
I am new to SVN. pardon my mistakes.

70
spec/samples/common/models/wp_item/versionable/changelog_version.txt Normal file
View File

@@ -0,0 +1,70 @@
=== Like This ===
Contributors: RosemarieP
Tags: karma, likes, post
Requires at least: 3.0
Tested up to: 3.1
Stable tag: trunk
A simple 'I like this' plugin inspired by the facebook 'like' functionality.
== Description ==
A simple 'I like this' plugin inspired by the facebook 'like' functionality. For visitors who don't want to bother with commenting.
http://lifeasrose.ca/2011/03/wordpress-plugin-i-like-this
has a blog entry all about it :)
A big thanks to Dong (ddliuhb@gmail.com) for finding a syntactical error that was causing problems for some people. And thanks to Raphael (ressoosnowdon@googlemail.com) for noticing this error and working hard to figure out what it was.
== Installation ==
1. Upload the files into a folder named `roses-like-this` to the `/wp-content/plugins/` directory
2. Activate the plugin through the 'Plugins' menu in WordPress
3. Place `<?php printLikes(get_the_ID()); ?>` in 'the loop' of your posts wherever you want the 'like this' link to appear.
IMPORTANT!!!!
PLEASE MAKE SURE THAT YOUR THEME HAS THE FOLLOWING LINE IN ITS HEADER FILE:
`<?php wp_print_scripts(); ?>`
...Most high quality themes should have this already but if you're writing your own theme or using a custom theme that doesn't include this line, please make sure you include it in header.php, somewhere between `<head>` and `</head>`
== Frequently Asked Questions ==
= How can I make the 'like this' link look prettier? =
With CSS :) Here is the code that I use:
`a.done {
background:url("http://yoururl.com/wordpress/plugins/roses-like-this/action_check.png") bottom right no-repeat;
padding-right:18px;
color:#8bcb46;
}`
= The javascript is not working! =
IMPORTANT!!!!
PLEASE MAKE SURE THAT YOUR THEME HAS THE FOLLOWING LINE IN ITS HEADER FILE:
`<?php wp_print_scripts(); ?>`
= The javascript is STILL not working!!! =
Do you call get_header() in your theme? This is also needed, although almost certainly there anyway.
= The javascript is STILL not working AGAIN!!! =
The plugin expects to find the javascript file in a folder called `roses-like-this` under /plugins. So if you have named the folder something else, you're probably getting a 404 error!
To fix, you can either rename your folder `roses-like-this` OR you can edit the `likethis.php` file and edit line `112` roses-like-this/ to yourfoldername/
== Changelog ==
= 1.0 =
* The very first version of this plugin :)
= 1.01 =
* Made a small change for those of you installing directly from wordpress.org. This changes the default directory from `likeThis` to `roses-like-this` in order to coincide with what wordpress will install. Should lead to less confusion!
= 1.1 =
* Major bug fix! :) Anyone having an issue where the likeThis link clicking wasn't saving in the database should find it fixed.
= 1.2 =
* Bug Fix for those having issues with cookies not being saved correctly.
= 1.3 =
* Added sidebar widget for displaying most liked posts

994
spec/samples/common/models/wp_item/versionable/my_calendar.txt Normal file
View File

@@ -0,0 +1,994 @@
=== My Calendar ===
Contributors: joedolson
Donate link: http://www.joedolson.com/donate.php
Tags: calendar, dates, times, events, scheduling, event manager, event calendar
Requires at least: 3.0.6
Tested up to: 3.5.0
License: GPLv2 or later
Stable tag: trunk
Accessible WordPress event calendar plugin. Show events from multiple calendars on pages, in posts, or in widgets.
== Description ==
My Calendar provides event management and numerous methods to display your events. The plug-in can support individual site calendars within WordPress Multi-User, or multiple calendars displayed by categories of or locations for events.
* [User's Guide available for purchase](http://www.joedolson.com/articles/my-calendar/users-guide/) with extensive assistance in set up and use.
* [Paid plug-in to add front-end event contributions](https://www.joedolson.com/articles/my-calendar/submissions/)
=Basic Features:=
* Standard calendar grid or list views of events
* Show events in monthly, weekly, or daily view.
* Mini-calendar view for compact displays (as widget or as shortcode)
* Widget to show today's events
* Widget to show upcoming or past events
* Custom templates for event output
* Limit by category/categories
* Limit by location
* Limit by author
* Disable default CSS and default JavaScript or display only on specific Pages/Posts
* Editable CSS styles and JavaScript behaviors
* Schedule a wide variety of recurring events.
* Individual occurrences of recurring events can be edited individually
* Access to most aspects of My Calendar can be restricted by role. (Adding events, editing events, editing styles, changing settings, etc.)
* Choose which of the following fields you want to enter and display for each event:
* title,
* description,
* event image,
* alternate description,
* event host,
* event category,
* URL,
* registration status (open, closed or irrelevant),
* event location
* Email notification to administrator when events are scheduled or reserved
* Location Manager for storing frequently used venues
* Fetch events from a remote MySQL database. (Sharing events in a network of sites.)
* Import from [Kieran O'Shea's Calendar plugin](http://wordpress.org/extend/plugins/calendar/)
* Integrated Help page to guide in use of shortcodes and template tags
=Translations=
Available languages (in order of completeness):
Japanese, Spanish, Danish, Czech, Hindi, Turkish, Dutch, French, Italian, German, Portuguese, Russian, Swedish, Finnish, Basque, Persian
Visit the [My Calendar translations site](http://translate.joedolson.com/projects/my-calendar) to check how complete a translation is.
Translating my plug-ins is always appreciated. Visit <a href="http://translate.joedolson.com">my translations site</a> to start getting your language into shape!
Translator Credits (in no particular order)*:
[Ale Gonzalez](http://60rpm.tv/i), [Outshine Solutions](http://outshinesolutions.com), [Jakob Smith](http://www.omkalfatring.dk/),, [globus2008](http://wordpress.org/support/profile/globus2008), Frederic Escallier, Luud Heck, Wim Strijbos, [Daisuke Abe](http://www.alter-ego.jp/), [Alex](http://blog.sotvoril.ru/), Mehmet Ko&ccedil;ali, Uwe Jonas, Florian Edelmann, Efva Nyberg, [Sabir Musta](http://mustaphasabir.altervista.org), Massimo Sgobino, Leonardo Kfoury, Alexandre Carvalho, Amir Khalilnejad, [Aurelio De Rosa](http://www.audero.it/), Bayram Dede, Dani Locasati, Dario Nunez, Dirk Ginader, Evren Erten, Fl&aacute;vio Pereira, Francois-Xavier Benard, [Gianni Diurno](http://www.gidibao.net), Giksi, Heinz Ochsner, Kazuyuki Kumai, Liam Boogar, Maks, Mano, Massimo Sgobino, Mohsen Aghaei, Oscar, [Rashid Niamat](http://niamatmediagroup.nl/), Stefan Wikstrom, Thomas Meyer, Vedar Ozdemir, [Vikas Arora](http://www.wiznicworld.com), [Miriam de Paula](http://wpmidia.com.br), [HostUCan](http://www.hostucan.com), [Alex Alexandrov](http://www.webhostingrating.com), [Alyona Lompar](http://www.webhostinggeeks.com), [David Gil P&eacute;rez](http://www.sohelet.com), [Burkov Boris](http://chernobog.ru), [Raivo Ratsep](http://raivoratsep.com), [Jibo](http://jibo.ro), [Rasmus Himmelstrup](http://seoanalyst.dk), [kndb](http://blog.layer8.sh/)
* Translators may not have contributed to this plug-in; but have contributed to my [translation repository](http://translate.joedolson.com).
== Installation ==
1. Upload the `/my-calendar/` directory into your WordPress plugins directory.
2. Activate the plugin on your WordPress plugins page
3. Configure My Calendar using the following pages in the admin panel:
My Calendar -> Add/Edit Events
My Calendar -> Manage Categories
My Calendar -> Manage Locations
My Calendar -> Settings
My Calendar -> Style Editor
My Calendar -> Behavior Editor
My Calendar -> Template Editor
4. Edit or create a page on your blog which includes the shortcode [my_calendar] and visit
the page you have edited or created. You should see your calendar. Visit My Calendar -> Help for assistance
with shortcode options or widget configuration.
== Changelog ==
= 2.1.5 =
* Bug fix: upcoming events timestamps were converted to UTC.
= 2.1.4 =
* Bug fix: weekly view when crossing years jumped to next year
* Bug fix: Upcoming events sorting fix
* Bug fix: Upcoming events count fix
* Bug fix: print stylesheet directory fix.
= 2.1.3 =
* Bug fix: My Calendar stripped title elements from singular posts unless an SEO plug-in was installed.
= 2.1.2 =
* Bug fix: Miscounted number of events in upcoming events view when events were multiple days.
* Bug fix: My Calendar URL guessing now only selects from published Pages/posts
* Tweak: Minor change to HTML output in print view
* Added: Option to display current month or current year using Upcoming Events widget.
* Added: Filter to display a custom <title> on single event details pages with settings field to configure that title. (Improves SEO)
* Language updates: Italian, Russian, Basque
= 2.1.1 =
* Bug fix: users without 'Approve Event' ability submitted unapproved events even when event approval was disabled.
= 2.1.0 =
* Miscellaneous filepath fixes for custom icons
* Fixed filepath issue for custom content directory in loading calendar generator
* Added templating options to RSS feed event format
* Added two new template tags: description_stripped and shortdesc_stripped; returns the description fields with HTML removed.
* Re-organized settings to provide better grouping.
* Removed jumpbox default setting; jumpbox now only configurable via shortcode.
* Bug fix: titles missing in list view when open to details link enabled.
* Bug fix: Multi-day events listed only once in upcoming events lists.
* Minor stylesheet tweaks.
= 2.0.12 =
* I horribly screwed up the Upcoming Events widget in 2.0.11. Please accept my apologies.
= 2.0.11 =
* Fixed Broken custom stylesheets editing/selection.
* Added Custom links for widget title links
* Fixed issue with event links expiring immediately
* Fixed issue with holiday collisions restricted in Upcoming Events/events only when holiday category is displayed.
* Added full year output option for iCal downloads.
* Added setting for calendar heading month formatting.
* Updated language files: Japanese, Italian, German, Turkish
= 2.0.10 =
* Updated Japanese, Turkish, and Italian translations
* Bug fix: Upcoming Events list could not be limited to a single author.
* Bug fix: Un-approved events were being displayed in some public contexts.
* Bug fix: Problem with RSS feed template elements not rendering in some cases.
* Bug fix: Upcoming Events removed events inappropriately in certain situations when 'skip on holidays' was checked
* Bug fix: Updated method for getting current plugin URL.
* Deprecated support for WordPress versions before 3.0.6.
= 2.0.9 =
* Bug fix: Email notification on event addition to admin did not receive event data.
* Bug fix: Accidentally eliminated weekend class. Now it's back!
* Bug fix: Events crossing multiple dates need per-date unique IDs
* Code change: Some code simplification for current URL and plugin URL references.
* Updated languages: Portuguese, Dutch, Italian
= 2.0.8 =
* Re-written (simplified) holiday exclusion mechanism.
* Performance improvements to templating and event processing.
* Bug fix: Import from Kieran's "Calendar" plug-in was broken.
* Bug fix: 'nextmonth' class was attached to events in weekly view; not appropriate to view.
* Bug fix: Deleting single instance deleted entire event series.
* Added option: number of events per page in admin events list
= 2.0.7 =
* Bug fix: Show list view on mobile devices option did not work.
* Bug fix: No longer forcing links on titles in list or mini view.
* Bug fix: All-day events came up with random end times.
* Change: All-day checkbox added.
* Change: All-day events automatically forced to hide end times.
* Change: removed X-WR-CALNAME field from iCal output for improved compatibility
* Updates: Partial updates to Spanish, Italian, and Dutch translations.
= 2.0.6 =
* Bug fix: Mini calendar links pointed to current display month regardless of current display date.
* Bug fix: if day parameter was set, the main calendar views showed events for month starting from that date.
* Bug fix: if day view was targeted from mini calendar with default cid parameter set, would not react
* Bug fix: Calendar could not show events which had start and end dates which spanned the displayed period but were not included in the displayed period.
* Moved screenshots into assets folder in version repository.
* Translation source updated at http://translate.joedolson.com/ - now the translations need refreshing!
= 2.0.5 =
* Bug fix: Date links were eliminated in mini calendar if option to link to day-view was enabled.
* Bug fix: Today's events drew events based on UTC instead of current timezone.
= 2.0.4 =
* Bug fix: template variable misassigned in the Today's Events shortcode.
* Change: Added option to output iCal either in UTC or with times as entered. (Previously only UTC)
= 2.0.3 =
* Bug fix: Upcoming events widget did not support the "show_today's events" option correctly.
* Bug fix: Was not possible to set 12:00 am as the end time for an event.
* Bug fix: prevented blank title in main calendar due to faulty template.
= 2.0.2 =
* Bug fix: My Calendar did not enqueue jQuery
* Bug fix: Grid view did not display last day of month if first day of week and last day of month were both Sunday
= 2.0.1 =
* Bug fix: Error in default settings for event titles.
* Bug fix: Single Event iCal export broken
* Bug fix: Today's Events shortcode broken if author not specified
* Change: Deleting or updating categories now refreshes the cache.
= 2.0.0 =
* Completely re-written database model for events.
* Added: pagination on event manager list of events.
* Added: Restrict groups manager lists to currently grouped/ungrouped lists of events.
* Added links to other event instances visible when editing events with multiple instances.
* Added default category selection.
* Added feature: limit calendar views by event author.
* Added feature: filter event manager view by location, author, or category.
* Added feature: mark categories as private, to only show those events to logged-in users.
* Added templating to locations list so user can produce list of any set of location data.
* Added option in event manager to copy location data into Locations table
* Added [my_calendar_event] shortcode to fetch information for a single event.
* Added template tag {timerange} to display start-end times.
* Change: all events now have an end time. Option to hide end times to maintain current display.
* Bug fix: iCal had missing newline; events now return labeled UTC time
* Bug fix: RSS does better job of clearing non-XML special characters.
* Bug fix: If preset location was selected, no other edits to locations could be done.
* Bug fix: when copying an event, the new event was grouped in the same group as the source event.
* Bug fix: if stylesheet was disabled, stylesheet was erased on next save of style settings.
* Bug fix to category limiting which matched category names like 'baseball' to show 'all' categories.
= 1.11.3 =
* Fatal error in PHP 5.4+ https://bugs.php.net/bug.php?id=54657
* Bug fix: {date} and {time} template tags not rendered in details link when run in a template.
* Bug fix: upgrade database button placement off-screen
* Bug fix: layout on stylesheet editor caused usability problems
* Bug fix: added line break in iCal output.
* Change: added alt attribute to category icons in appropriate contexts.
* [My Calendar 2.0 beta](http://downloads.wordpress.org/plugin/my-calendar.2.0.0.zip) added to subversion repository. Here there be bugs.
= 1.11.2 =
* Bug fix: Called wp_editor on versions below 3.3
* Bug fix: assorted PHP notices cleaned up.
= 1.11.1 =
* HTML validation issue fixed in calendar output.
* Added option to hide display of external event links in calendar output.
* Bug fix: Mini calendar should not toggle from mini view when main view switched.
* Bug fix: Week time frame of list view did not return the 'no events' message.
* Feature: No events message can be customized by using an enclosing shortcode: [my_calendar]No events this week![/my_calendar]
= 1.11.0 =
* Added option to use {date} in Today's Events widget title.
* Events with the same time are now sub-sorted by title in Upcoming Events lists.
* Template tag {endtime} returns empty string if same as start time
* Standard event output returns empty string for event end time if same as start time.
* Can only check 'multi-day event' option if event has multiple occurrences.
* Categories in editor now sortable by either ID or category name.
* Categories in input now sorted by category name.
* Updated mobile detection class.
* Major revision to permissions handling to use custom capabilities
* Redesign of settings pages.
* Can target tablet devices with CSS by adding a stylesheet called mc-tablet.css to your theme directory.
* Can target other mobile devices with CSS by adding a stylesheet called mc-mobile.css to your theme directory.
* Template tags now support before and after attributes: {tag before=&quot;&lt;p&gt;&quot; after=&quot;&lt;/p&gt;&quot;}
* Added option to retrieve events, categories, and locations from a remote database. (e.g., to share calendar information between 3 related sites.)
* Eliminated details arrow; forcing anchor element on clickable title.
* Added 'id' attribute to My Calendar shortcode, to customize unique ID for calendar and avoid non-compliant duplication of IDs
* Added 'template' attribute to My Calendar shortcode, so specific calendars can use their own individual custom templates. Templates should be text files (.txt) placed in your theme directory.
* Reduced specificity in stylesheets by eliminating ID-based references.
* Fixed bug with day/date consistency in 5-day grid calendars.
* Added day class to date boxes without dates.
* Jumpbox is now switchable from the shortcode.
* Fixed google maps link to use the correct directions targeting method
* Various changes for WP 3.4 compatibility.
* Updated Danish Translation
* Updated Czech Translation
* Added Hindi Translation
= 1.10.12 =
* Bug fix: List format showed all dates, regardless of whether there were events for that date.
* Bug fix: List format showed incorrect classes.
* Bug fix: Pipe separator for categories not supported with caching.
* ARRRRGGGGHHHH!!! I'm sure you're as frustrated about all these little releases as I am. But who wants to sit on known bugs?
= 1.10.11 =
* Bug fix: Variable not checked for type threw usort warning.
* Bug fix: Details links rendered incorrect page if linked from a single post location with permalinks not enabled.
* Bug fix: Fixed bug where calendar returned no information if cache reached max size.
* Settings change: Caching is now defaulted to off.
= 1.10.10 =
* Bug fix: Upcoming events list did not respect category limits.
* Validation error/bug fix: Date for ID for first of month was incorrect.
* Validation error: unencoded ampersand in iCal link if permalinks disabled.
= 1.10.9 =
* Added option to clear cache from settings.
* Bug fix: Error in caching where cache returned false for multi-category limited calendars.
* Bug fix: Error in caching where cache returned false for category limited calendars using category name as delimiter. Thanks to [Antti Palosaari](crope@iki.fi) for reporting this bug and for testing fixes.
* Bug fix: Error notices if user is deleted who is assigned as host of some events. Thanks to Florian Edelmann for reporting this bug and contributing solution.
* Bug fix: Upcoming events in dates mode returned null for cached dates.
= 1.10.8 =
* Bug fix: upcoming events list breaks if 'This is a multi-day event' is checked for an event with only a single occurrence.
* Bug fix: Upcoming events caching did not cache correct data.
* Modification: eliminated some extraneous database calls
* Modified: clarifying text edits
* Added: category classes on calendar date cells
= 1.10.7 =
* Made 'to' value in Google Maps links a translatable value.
* Feature change: iCal download now respects currently selected month.
* Added a phone number field to the Location manager
* Added a setting to display only the core site's calendar on child sites in multisite mode.
* Added a setting for the link target for mini calendar dates
* Re-wrote labels for URL link target settings fields.
* Bug fix: Location selector did not respect currently selected categories.
* Bug fix: "Add another occurrence" option available in Edit mode, but not functional. Removed option.
* Bug fix: Limiting by categories didn't trim whitespace from category names.
* Bug fix: Fixed RSS/ICS/Print permalinks if PATHINFO permalinks are enabled.
* Improved cache handling. Cache limit relative to amount of memory available to PHP. Cache stores information more efficiently.
* Revised RSS/iCal handling to avoid .htaccess problems.
= 1.10.6 =
* Revised template tags so the description tags are run through wpautop(), and added _raw versions which are not.
* Fixed a bug in URL generation so that URLs with ports are correctly constructed.
* Fixed a bug iin Print output which did not allow restriction to multiple categories
* Added option to use {date} in previous/next navigation links to indicate what date set is being navigated to.
= 1.10.5 =
* I made a truly bone-headed error in the last update, and I'm not even going to say what. If you didn't notice it, lucky for you!
= 1.10.4 =
* In my rush to fix the security issue, I broke an aspect of the event navigation. Apologies for this! Now fixed.
= 1.10.3 =
* Incorrectly called wp_kses(). Apologies for the frequent updates!
= 1.10.2 =
* Critical security update. Please upgrade promptly. Big thank you to Dean Batha for the bug report.
= 1.10.1 =
* Bug fix: undeclared array in widget manager
* Renamed overly-generic constant.
= 1.10.0 =
* New feature: option to link dates in mini calendar to separate daily view instead of pop-up.
* New feature: no longer necessary to manually edit behaviors in order to open main calendar event titles to separate page.
* New feature: Ability to define grouped events as a single multi-day event and remove duplicates from events lists (upcoming events and today's events widgets)
* New feature: group-association classes assigned to multi-day events in grid display.
* New template tags: {daterange} and {multidate} for displaying a beginning and ending date range for a single event and for displaying each date in a multi-day event, respectively.
* Week-view calendar caption now editable.
* Added printable version.
* Submit buttons in forms are now duplicated at top and bottom of long editing sections, to improve usability.
* Minor style change to group editor to avoid group list colliding with editor textarea.
* Removed angle brackets from Previous/Next events links.
* Added custom action hooks for event save and event delete
* Added ability to prevent today's events from showing up in upcoming events listings.
* Added categories to iCal output.
* iCal should return times in local time, not in UTC.
* Bug fix: iCal output not correctly encoded
* Bug fix: mc_next_link filter did not exist.
* Bug fix: placed limit on maximum size of cached calendar data.
* Bug fix: Upcoming events list will no longer occasionally display more items than expected.
* Bug fix: menu icon not aware of custom content locations
= 1.9.8 =
* This is just a convenience update due to a warning appearing in 1.9.7 that I missed.
= 1.9.7 =
* Cache was not cleared when events were approved, rejected, or deleted.
* Fixed bug with slashed characters in time and date formats
* Fixed bug where previous/next links did not work on category pages
* Fixed bug where event description was deleted if edited in groups manager.
* Easydrag.js now respects conditional loading by page ID.
* Small change to upcoming events list: events with an end time specifie and not crossing days will move off the list after they end rather than after they start.
= 1.9.6 =
* Fixed bug in Event Manager where information about whether an event was open for registration saved incorrectly.
* Added raw details_link template tag.
* Fixed Google Maps link error when using Long/Lat coordinates.
* Associated image option was not available if HTML editor was enabled.
= 1.9.5 =
* Bug fix: Caching of Today's events did not account for category limits
* Bug fix: Upcoming events listed by day duplication
= 1.9.4 =
* Bug fix: month-by-day recurring events in upcoming events list
* Bug fix: duplication of events in upcoming events list
* Bug fix: when editing a single event with indefinite recurrences, future events set up without continuing recurrence.
* Function error when data not present fixed.
* Added display of sending name/address for support messages
= 1.9.3 =
* Stylesheet saving can write longer files. Solves problem with occasional truncation of stylesheets.
* Added transient caching for calendar events to improve performance, plus other various performance improvements
* Small html output change.
* 1.9.0 made details boxes draggable; made this optional.
* Added plug-in support request form.
* Added updated French translation to 1.9.2
* Fixed bug with date switcher duplicating/skipping months.
* Updated User's Guide (not included with plug-in)
= 1.9.2 =
* Bug fix: Fixed sort error returned by calendar if no events are in array.
* Bug fix: Fixed incorrect URLs for icons in custom directory in category key.
* Bug fix: Caption text did not display.
* Added {date} and {time} to details link text templating.
* Bug fix: Fixed {icon} URL in template output.
* Bug fix: Fixed bug with table layout of dates when weekends are disabled on grid calendar.
* Bug fix: Fixed bug with generation of details link when not using permalinks.
* Bug fix: Fixed bug with HTML editor converting HTML entities.
* Bug fix: Fixed bug where weekly view showed the wrong dates if the current week started in the previous month.
= 1.9.1 =
* Bug fix: Incorrect title template tag auto-generated if title template is empty.
* Bug fix: Create events permissions broken
* Bug fix: Host list broken in WordPress versions lower than 3.1
* Bug fix: My Calendar not using WordPress defaults for customizable date and time settings if not set by user.
* Bug fix: Turning off calendar icons did not turn off icons in key
* Bug fix: details links used current URL instead of stored URL
* Bug fix: default widget settings not loaded on upgrade.
* Bug fix: next/previous links not working on home page if permalinks not set.
* Bug fix: event title shown in date field in list mode was not for the first event of the day.
* Style change: Minor change to my-calendar.css to adjust for the green background on weekends. (Which showed up as the result of a fix to an HTML problem in 1.8.9.)
* Bug fix/Option add: Added option to remove individual iCal link
* Option add: Added option to conceal first event title/number of events with date in list mode.
= 1.9.0 =
Additions:
* template editing for list, grid, mini, and single event output.
* pop-up box is now draggable.
* date format option for grid mode, week view.
* templating for details link text.
* templating for event URL link text.
* location filtering from shortcode.
* image upload option for events
* day class to calendar date headings and cells
* individual instances of repeating events can be edited
* feature to add multiple occurrences of an event simultaneously. (concept from Dave Heitzman)
* feature to mass edit information for groups of events (concept from Dave Heitzman)
* stored URL for locations (contrib by John Colvin)
* recurring daily events on weekdays only (based on contrib by John Colvin)
* optional templating for all event output formats
* individual event occurrence iCal export
* numerous additional template tags
* Option to use custom location filter fields as data control
* Shortcode to generate list of saved locations
* Network administrators can control whether sub-site calendars contribute only to a central calendar, only to their own calendar, or whether site administrators can make that choice.
* Upgrade notice information in dashboard for future upgrades.
* implementation of WordPress text diff to compare your styles and scripts against my current released versions
* Option to skip a defined number of events in upcoming events lists.
Bug fixes:
* jump box was displaying in week/grid view.
* some potentially repeatable IDs (code validation).
* 'Administrators see all options' did not work.
* Fixed timestamps on main calendar objects
* Squashed e_notice errors.
* category limiting did not work without permalinks due to GET variable conflict with WordPress core
* Missing nonce in database upgrade routine
* Mini calendar simultaneously displayed single event view when visited.
* Link generation for details view did not work if calendar link parameterized
* Issue with weekdays only calendar if day of week set to start on Sunday
* Issue with retrieval of user-specific settings
* Issue with accessing styles and javascript if My Calendar installed in non-standard directory.
* Problem in Today's Events widget when Holiday restrictions are enabled.
Changes:
* replaced all default icons with 24-bit transparent PNGs
* jumpbox output to automatically scope to the oldest dates in the database.
* iCal output changed to output all events for complete current month
* RSS output to prioritze newly added events
* holiday skipping/fifth week customization moved into event manager function
* new 'close' icon for pop-up box; added close icon and scripting to mini calendar pop-up
* copy in several places; updated template tags.
* location lists sorted by location label (contrib by John Colvin)
* Eliminated calendar heading option
* default style resets no longer stored in global variables, instead stored as files.
* Map links now trigger the driving directions dialog in Google Maps
* New default stylesheet, refresh.css
= 1.8.9 =
* Fixed bug with database upgrade in multi-user additional calendars
* Fixed bug where calendar picked up current month labeling using current day of the month
* Added French translation
= 1.8.8 =
* Fixed bug in locations filtering that disabled feature if user not logged in.
* Re-arranged settings and added notices about options which will be removed in a future release.
* Revised RSS feed to use event permalinks when they are available.
= 1.8.7 =
* One very minor change in 1.8.6 caused some plug-in conflicts, so I rolled that change back. Will find another solution to the problem it solved. This change affects very few users.
= 1.8.6 =
* Fixed bug with {details} template tag when Upcoming widgets configured as Events
* Location and category filters now do not display forms/lists if there isn't more than one choice.
* Extended details link feature to main calendar output and added to output options.
* Minor changes to time-entry jQuery plug-in to improve usability.
* Updated Japanese translation to 1.8.5
* Added Russian translation to 1.8.5
= 1.8.5 =
* Another bug fix to monthly-by-day recurrence.
* Fixed minor problem with default template not being visible in widget.
* Fixed 'widget title linked' bug.
* Added Turkish translation by Mehmet Ko&231;ali
= 1.8.4 =
* Mini calendar widget had a mis-labeled option field
* Custom User settings for event region didn't function correctly.
* A variety of bug fixes applied to events repeating on a monthly-by-day basis
= 1.8.3 =
* Turned on spam flag toggle, which I had commented out and failed to restore...
* Default return false ('not spam') for privileged users when checking Akismet
= 1.8.2 =
* Fixed bug with {icon} template tag, for real.
* Fixed RSS missing argument
* Fixed empty list rendering in upcoming events widget
= 1.8.1 =
* Fixed bug with region saving on edit of location
* Fixed bug with single-event view receiving date as array
* Fixed bug with {icon} template tag
* Fixed bug with calendar output if user settings are enabled but not applied by user
* Fixed bug with list/grid format toggle
* Fixed bug with upcoming events limited by category names
= 1.8.0 =
* Added event region as a location field
* Added time selector and altered calendar range selector.
* Added visual editor for event description textarea.
* Added templating tag to add a link to the single event view.
* Added option to not display weekends in grid format.
* Added unique ID for each event in calendar.
* Added default sort order option for admin events list.
* Added admin events list to screen while editing or copying event.
* Added shortcode generator for Page and Post editor.
* Added spam protection: New events are now checked through Akismet if installed and configured.
* Added category selection shortcode.
* Added mini calendar widget.
* Added external link class.
* Added list/grid view toggle.
* Added mobile detection so mobile devices receive list format without JavaScript for easier reading.
* Added Upcoming Events widget sort order option.
* Added Option to link widget title to main calendar page.
* Change: Minor reorganization of settings page.
* Change: Altered time input to use non-military format time, added JavaScript time input.
* Change: Moved My Calendar menu items into the content menu.
* Change: When calendar is limited by categories, only the displayed categories are listed in the category key.
* Change: If widget title is left blank, widget will have no title.
* Change: Moved translation files into a subdirectory (/lang/)
* Bug fix: hcal dates
* Bug fix: problem where restoring styles referenced out of date styles
* Bug fix: error in primary stylesheet
* Bug fix: issue with month-by-day recurring events when recurrance set at 0
* Bug fix: issue with end dates when recurrance set at 0
* Bug fix: DB installed to match WPDB chararacter set and collation.
* Bug fix: turn-of-year page navigation in week view.
* Bug fix: entries not remembered in error condition post
* Updated German Translation to version 1.7.0 (Christopher Schauer)
* Updated German Translation to version 1.7.8 (Uwe Jonas)
* Note: during this update cycle, I received two German translations, and am using the most up to date version.
* Added Swedish Translation to version 1.7.8
= 1.7.8 =
* Bug fix: Behaviors page limits lost on settings refresh
* Bug fix: Fix {enddate} shortcode output.
* Bug fix: iCal output improvements
* Modification: RSS and iCal output are disabled entirely when turned off, rather than just hidden.
* Modification: Added styles for days out of current month
= 1.7.7 =
* Bug fix: Upcoming Events widget fault in 'dates' mode.
= 1.7.6 =
* Bug fix: Upcoming Events widget in days mode was not offsetting time using GMT reference. (Committed silently in 1.7.5)
* Bug fix: Default template not rendered in Today's Events when template left blank
* Bug fix: Slashes not stripped in category key.
* Bug fix: Upcoming Events widget if no upcoming events
* Bug fix: Error with retrieval of Author's ID
* Fixed some non-translatable text strings
* Logic change: Upcoming Events now bases choice on time rather than date (events happening later today are future, rather than only events happening tomorrow or later.)
* Enhancement: respects custom wp-content location definitions
= 1.7.5 =
* Bug fix: Error with upcoming events when selected by dates and holiday skipping enabled.
* Bug fix: Upcoming Events widget title defaulted to 'Today's Events'
* Change: Reversed order of Latitude/Longitude on forms to match Google's implementation.
= 1.7.4 =
* Bug fix: Upcoming events templates ran htmlentities on output
= 1.7.3 =
* Bug fix: upcoming events substitute text still not appearing in some contexts.
* Bug fix: Today's event substitute text had assignment in place of comparison
* Bug fix: Event location not saved properly on edit if Location Fields are disabled on input
* Bug fix: Fixed date and time issues in iCal output
* Bug fix: Fixed character set issue in RSS output
* Bug fix: Major problem with Holiday category event delimiting
* Danish translation updated to 1.7.0
* Japanese translation updated to 1.7.1
* Minor documentation and readme.txt updates
* Added additional fallback settings for widgets
* Fixed minor installation issue with version detection.
* Added CSS hook .nextmonth on dates occurring past the end of the currently displayed month.
* Added check for '#' symbol on hex colors in category management.
= 1.7.2 =
* Bug fix: Fixed import from Calendar feature.
* Bug fixed: Upcoming events widget default text fixed
* Italian translation updated to 1.7.0
= 1.7.1 =
* Default setting for custom user location type not set
* Reset for inherit.css styles missing
* Widget shortcodes stripped HTML
* Added a fallback function for exif_imagetype 'cuz some servers don't have it available by default.
* Nonce missing in database upgrade
* Ability to edit text for shortcode fallback (No events text) lost.
* Widget defaults not installed on new installation
* Mini and List jQuery did not prevent default link action
* Changed install action to default User settings to off.
= 1.7.0 =
* Fix in AJAX navigation for IE
* Fix in JavaScript to re-activate close button
* Fixed bug with locations list not registering current location type in form mode
* Fixed bug with upcoming events and today's events output when regions limits were set
* Fixed bug with upcoming events producing incorrect dates for events recurring on a specific day of the month.
* Revision of Widgeting setup to offer multi-widget support (will require you to re-setup your widgets)
* Revision of style editor to use external stylesheets.
* Revision of style support to add option for custom stylesheets stored outside of plugin directory
* Added: multiple base stylesheets
* Added: Event markup in hCal format
* Added Weekly mode for list and grid view
* Added RSS and iCal exports for upcoming events (enable and disable in settings)
* Added option to block display of an event if there is an event that day which is in a designated 'Holiday' category.
* Added permission setting to allow non-administrators to edit or delete any event.
* Added Czech translation (to 1.6.3)
* Updated Italian and Danish translations
* Security: Implemented nonces
= 1.6.3 =
* Updated jQuery to fix conflicts in previous versions and so behaviors would work with AJAX navigation. Not updated by upgrade; use Behaviors reset to apply.
* Incorporated option to enable AJAX navigation for next/previous navigation.
* Fixed bug with multi-month display in list format where January could not be displayed.
* Revised settings page for clarity.
* Fixed some default settings issues.
* Fixed a bug where the locations lists didn't respect the datatype parameter.
* Added templating to event titles for calendar grid or list output.
= 1.6.2 =
* Fixed broken style editor. (The way it was broken was awfully weird...kinda wonder how I did it!)
* Fixed missing div in calendar list output.
* Removed debugging call which had been left from testing.
* Fixed storage of initial settings for user settings (array did not store probably initially.)
* Added Italian translation by [Sabir Musta](http://mustaphasabir.altervista.org)
= 1.6.1 =
* Bug fix in event saving
= 1.6.0 =
* Feature: User profile defined time zone preference
* Feature: User profile defined location preference
* Feature: Define event host as separate from event author
* Feature: Added ability to hide Prev/Next links as shortcode attribute
* Change: Separated Style editing from JS editing
= 1.5.4 =
* Fixed: Bug with permissions in event approval process.
= 1.5.3 =
* Fixed: Bug which broke the {category} template tag
* Fixed: Bug which moved extra parameters before the "?" in URLs
* Fixed: Bug which produced an incorrect date with day/month recurring events on dates with no remainder
* Added: Japanese translation by [Daisuke Abe](http://www.alter-ego.jp/)
= 1.5.2 =
* Fixed: Bug where event data wasn't remembered if an error was triggered on submission.
= 1.5.1 =
* Fixed: Bug where events recurring monthly by days appeared on wrong date when month begins on Sunday.
* Fixed: Bug where events recurring monthly by days appeared on dates prior to the scheduled event start.
* Performance improvement: Added SQL join to incorporate category data in event object
* Added quicktag to provide access to category color and icon in widget templates
* Changed link expiration to be associated with the end date of events rather than the beginning date.
* Updated readme plugin description, help files, and screenshots.
= 1.5.0 =
* Added: German translation.
* Updated: Danish translation.
* Added: Administrator notification by email feature [Contributions by Roland]
* Added: Reservations and Approval system for events. [Contributions by Roland]
* Added: Events can be recurring on x day of month, e.g. 3rd Monday of the month.
= 1.4.10 =
* Fixed: Failed to increment internal version pointer in previous version.
* Fixed: Invalid styles created if category color set to default.
* Fixed: (Performance) Default calendar view attempted to select invalid category.
* Updated: Danish translation.
= 1.4.9 =
* Fixed: Bug where location edits couldn't be saved if location fields were on and dropdown was off
* Fixed: Bug where latitude and longitude were switched on Google Maps links
* Fixed: Bug where map link would not be provided if no location data was entered except Lat/Long coordinates.
= 1.4.8 =
* Added: Ability to copy events to create a new instance of that event
* Added: Customization of which input elements are visible separate from what output is shown.
* Fixed: Issue where one JS element could not be fully disabled
* Fixed: Internationalization fault with Today's Events showing events from previous day
* Fixed some assorted text errors and missing internationalization strings.
* Fixed issue where the 'Help' link was added to all plug-in listings.
* Reorganized settings page UI.
= 1.4.7 =
* Fixed: Bug where infinitely recurring events whose first occurrence was in the future were not rendered in upcoming events
* Fixed: Bug where infinitely recurring bi-weekly events only rendered their first event in calendar view
* Added: Option to indicate whether registration for an event is open or closed, with customizable text.
* Added: Option to supply a short description alternative to the full description.
= 1.4.6 =
* Fixed: Flash of unstyled content prevention scripts weren't disabled when other scripting was disabled.
* Fixed: Categories which started with numerals couldn't have custom styles.
* Fixed: Locations required valid 0 float value to save records on some servers; now supplied by default.
= 1.4.5 =
* Fixed a bug with editing and adding locations
* Fixed a bug with error messages when adding categories
* Fixed a bug with identification of current day (again?)
* Added Danish translation (Thanks to Jakob Smith)
= 1.4.4 =
* Fixed a bug where event end times tags were not rendered when blank in widget templates
* Fixed a bug with event adding and updating for Windows IIS
* Fixed a bug with international characters
* Reduced number of SQL queries made.
* Moved JavaScript output to footer.
* Improved error messages.
* Significant edits to basic codebase to improve efficiency.
* Fixed bug where full default styles didn't initially load on new installs.
* Re-organized default styles to make it easier for users to customize colors.
= 1.4.3 =
* Fixed a bug where event end times were displaying the start time instead when editing.
* Fixed a bug introduced by the mini calendar option which displayed titles twice in list format.
* Fixed a bunch of typos.
* Added a loop which automatically adds the mini calendar styles if you don't already have them.
* Fixed a bug where JS didn't run if the 'show only on certain pages' option was used.
* Added a qualifier for upgrading databases when you haven't added any events.
= 1.4.2 =
* Fixed a bug in the widget display code which caused problems displaying multiple categories.
= 1.4.1 =
* Database upgrade didn't run for some users in 1.4.0. Added manual check and upgrade if necessary.
= 1.4.0 =
* Bug fixed: Today's Events widget was not taking internationalized time as it's argument
* Added end time field for events
* Added option for links to expire after events have occurred.
* Added options for alternate applications of category colors in output.
* Added ability to use My Calendar shortcodes in text widgets.
* Added GPS location option for locations
* Added zoom selection options for map links
* Lengthened maximum length for category and event titles
* Added a close link on opened events details boxes.
* Added an option for a mini calendar display type in shortcode
* Optimized some SQL queries and reduced total number of queries significantly.
* Extended the featured to show CSS only on certain pages to include JavaScript as well.
* Upcoming events widget only allowed up to 99 events to be shown forward or back. Changed to 999.
* Attempted to solve a problem with infinitely recurring events not appearing in upcoming events. Let me know.
* Added setting to change Previous Month/Next Month text.
* Yeah, that's enough for now.
= 1.3.8 =
* Fixed problem with CSS editing which effectively disabled CSS unless a specific choice had been made for pages to show CSS
= 1.3.7 =
* Aren't you enjoying the daily upgrades? I made a mistake in 1.3.5 which hid text in an incorrect way, causing problems in some contexts.
= 1.3.6 =
* Fixed an issue where not having defined Pages to show CSS resulted in a PHP warning for some configs.
= 1.3.5 =
* Fix for flash of unstyled content issue.
* Added configuration for time text on events with non-specific time.
* Fixed bug where, in list views with multiple months, events occurring on days which did not exist in the previous month were not rendered. (Such as March 30th where previous month was February.)
* Fixed bug where the multi-month view setting for lists caused previous/next events buttons to skip months in calendar view.
* Added option to disable category icons.
* Added option to insert text in calendar caption/title area, appended to the month/year information.
* Fixed a bug where it was not possible to choose the "Show by days" option in the upcoming events widget.
* Updated documentation to match
* Fixed a bug where upcoming events in Days mode did not display correct date
* Added an option to define text to be displayed in place of Today's Events widget if there are no events scheduled.
* Minor changes to default CSS
* Ability to show CSS and JavaScript only on selected pages.
= 1.3.4 =
* Fixed a bug with map link and address display which I forgot to deal with in previous release.
= 1.3.3 =
* Fixed bug with upgrade path which caused locations database to be created on every activation (also cause of errors with some other plugins). (Thanks to Steven J. Kiernan)
* Made clone object PHP 4 compatible (Thanks to Peder Lindkvist)
* Corrected errors in shortcode functions for today's events
* Corrected rendering of non-specific time events as happening at midnight in widget output
= 1.3.2 =
* Fixed bugs with unstripped slashes in output
* Fixed a bug where users could not add location information in events if they had not added any recurring locations
* Removed requirement that address string must be five characters to display a link
= 1.3.1 =
* Corrected incorrect primary key in upgrade path.
* Added version incrementing in upgrade path.
= 1.3.0 =
* Fixed a CSS class which was applied to an incorrect element.
* Revisions to the Calendar import methods
* Moved style editing to its own page
* Added JavaScript editing to allow for customization of jQuery behaviors.
* Internationalized date formats
* Shortcode support for multiple categories.
* Shortcode support for custom templates in upcoming and today's events
* Added a settings option to eliminate the heading in list format display.
* Fixed a bug which treated the event repetition value as a string on event adding or updating, not allowing some users to use '0' as an event repetition.
* Made events listing sortable in admin view
* Minor revisions in admin UI.
* Added database storage for frequently used venues or event locations.
* Modified JavaScript for list display to automatically expand events scheduled for today.
= 1.2.1 =
* Corrected a typo which broke the upcoming events widget.
= 1.2.0 =
* Added shortcodes to support inserting upcoming events and todays events lists into page/post content.
* Added option to restrict upcoming events widgets by category
* More superficial CSS changes
* Added Brazilian Portuguese language files
* Fixed bug where I reversed the future and past variable values for upcoming events widgets
* Fixed bug in multi-user permissions.
* Added feature to look for a custom location for icons to prevent overwriting of custom icons on upgrade.
= 1.1.0 =
* Fixed some problems with Upcoming Events past events not scrolling off; hopefully all!
* Fixed some problems with fuzzy interpretations of the numbers of past/future events displayed in Upcoming Events.
* Added Bi-weekly events
* Added restrictions so that admin level users can edit any events but other users can only edit their own events
* Removed character restrictions on event titles
* Revised default stylesheet
= 1.0.2 =
* Fixed problems with editing and deleting events or categories in multiblog installation
* Fixed escaping/character set issue
* Fixed issue when blog address and wp address did not match (introduced in 1.0.1)
* Added import method to transfer events and categories from Kieran O'Shea's Calendar plugin
= 1.0.1 =
* Added missing template code for event end dates.
* Changed defaults so that styles and javascript are initially turned on.
* Removed function collisions with Calendar
* Fixed bug where My Calendar didn't respect the timezone offset in identifying the current day.
* Fixed bug where multiblog installations in WP 3.0 were unable to save events and settings.
* Added Spanish translation, courtesy of [Esteban Truelsegaard](http://www.netmdp.com). Thanks!
= 1.0.0 =
* Initial launch.
== Frequently Asked Questions ==
= Hey! Why don't you have any Frequently Asked Questions here! =
Because the majority of users end up on my web site asking for help anyway -- and it's simply more difficult to maintain two copies of my Frequently Asked Questions. Please visit [my web site FAQ](http://www.joedolson.com/articles/my-calendar/faq/) to read my Frequently Asked Questions!
= This plug-in is really complicated. Why can't you personally help me figure out how to use it? =
I can! Just not in person. I've written a User's Guide for My Calendar, which you can [purchase at my web site](https://www.joedolson.com/articles/my-calendar/users-guide/) for $23. ($19 if you're not interested in getting updates.) This helps defray the thousand plus hours I've spent in developing the plug-in and providing support. Please, consider buying the User's Guide or [making a donation](https://www.joedolson.com/donate.php) before asking for support!
= How can visitors to my site submit events? =
I've written a paid plug-in that adds this feature to My Calendar, called My Calendar: Submissions. You can [buy it at my web site](https://www.joedolson.com/articles/my-calendar/submissions/)!
== Screenshots ==
1. Calendar using calendar list format.
2. Calendar using monthly calendar format.
3. Event management page
4. Category management page
5. Settings page
6. Location management
7. Style editing
8. Mini calendar
9. Script/behavior editing
10. Template editing
== Upgrade Notice ==
= 2.0.0 =
Major database redesign. Some new features, including single event view and pagination in events lists. Database update is non-destructive; no data will be deleted.

843
spec/samples/common/models/wp_item/versionable/nextgen_gallery.txt Normal file
View File

@@ -0,0 +1,843 @@
=== NextGEN Gallery ===
Contributors: photocrati
Tags:gallery,image,images,photo,photos,picture,pictures,slideshow,flash,media,thumbnails,photo-albums,nextgen-gallery,nextgen
Requires at least: 3.6.1
Tested up to: 4.0
Stable tag: trunk
License: GPLv2
The most popular WordPress gallery plugin and one of the most popular plugins of all time with over 10 million downloads.
== Description ==
= WordPress Gallery Plugin =
NextGEN Gallery is the most popular **WordPress gallery plugin**, and one of the most popular WordPress plugins of all time, with over 10 million downloads.
It provides a powerful engine for uploading and managing galleries of images, with the ability to batch upload, import meta data, add/delete/rearrange/sort images, edit thumbnails, group galleries into albums, and more. It also provides two front-end display styles (slideshows and thumbnail galleries), both of which come with a wide array of options for controlling size, style, timing, transitions, controls, lightbox effects, and more.
*The NextGEN Gallery WordPress gallery plugin is now proudly maintained by <a href='http://www.photocrati.com'>Photocrati Media</a>. Special thanks to Alex Rabe who created and maintained NextGEN from 2007 through 2011.*
**NEXTGEN GALLERY 2.0: MAJOR UPDATE IN JULY 2013.** *We released a major update and overhaul to NextGEN Gallery in July 2013. NextGEN Gallery 2.0 presents a completely reworked interface, both for the central options panel and for adding galleries to pages and posts. It's dramatically more powerful and flexible.*
**INTRODUCING NEXTGEN GALLERY PRO.** *Along with NextGEN 2.0, we're happy to announce a "Pro" upgrade to NextGEN. NextGEN Pro offers 6 new gallery displays, including Pro Masonry, Pro Filmstrip, Pro Film, Pro Thumbnail Grid, Pro Slideshow, and Pro Blogstyle galleries. It also includes a responsive, fullscreen, mobile-friendly Pro Lightbox with commenting and social sharing for individual images within galleries. And it includes premium one-on-one email support for both NextGEN Gallery and NextGEN Pro.*
**<a href="http://www.nextgen-gallery.com/nextgen-pro">LEARN MORE ABOUT NEXTGEN PRO</a>**
= NextGEN WordPress Gallery Plugin Features =
*Upload Galleries*
* Our WordPress gallery plugin offers diverse and powerful functionality for getting images from your desktop to your website. You can easily upload batches of images via a standard WordPress-style uploader, or upload images via zip file or FTP. NextGEN will automatically import your images meta data.
*Manage Galleries*
* Centralized gallery management. Enjoy a single location where you can see and manage all your galleries.
* Edit galleries. Add or exclude images, change gallery title and description, reorder of images, resize thumbnails.
* Thumbnail Management. Turn thumbnail cropping on and off, customize how individual thumbnails are cropped, and bulk resize thumbnails across one or more galleries.
* Edit Individual Images. Edit meta data and image tags, rotate images, and exclude images.
* Watermarks. Quickly add watermarks to batches or galleries of images.
* Albums. Create and organize collections of galleries, and display them in either compact or extended format.
*Display Galleries*
* Multiple Gallery Types. Choose between two main display styles: Slideshow and Thumbnail, and allow visitors to toggle between the two. Or display Imagebrowser galleries and Singlepics.
* Slideshow Galleries. Choose from a vast array of options for slideshows, including slideshow size, transition style, speed, image order, and optional navigation bar.
* Thumbnail Galleries. Choose from a wide range of options to customize thumbnail galleries, including 5 different lightboxes for individual images, optional thumbnail cropping and editing, thumbnail styles, captions, and more.
* Single Image Displays. Display and format single images.
* Work with Options Panel or Shortcodes.
= NextGEN WordPress Gallery Plugin Community & Extensions =
NextGEN has been the dominant WordPress gallery plugin for years. As a result, there is large and great community of users and developers, as well as a large number of dedicated extension plugins. For a list of extension plugins, just search for NextGEN in the WordPress.org plugin repository, or visit our <a href="http://www.nextgen-gallery.com/nextgen-gallery-extension-plugins/">Complete List of NextGEN Extension Plugins</a>.
= NextGEN WordPress Gallery Plugin Resources =
*Visit the NextGEN <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a> official homepage<br>
*Visit the <a href="http://www.nextgen-gallery.com/nextgen-pro" target="_blank">NextGEN Pro official landing page</a><br>
*See <a href="http://www.nextgen-gallery.com/help/" target="_blank">NextGEN Gallery Documentation</a><br>
*Get <a href="http://wordpress.org/tags/nextgen-gallery?forum_id=10" target="_blank">NextGEN Support</a> via the WordPress.org forums<br>
*Get <a href="http://www.nextgen-gallery.com/languages/" target="_blank">Translations</a> for your own language<br>
*See <a href="http://www.photocrati.com/photography-wordpress-themes" target="_blank">WordPress Photography Themes</a> by the same author<br>
*Follow NextGEN Gallery on <a title="Follow NextGEN Gallery on Facebook" href="http://www.facebook.com/NextGENGallery" target="_blank">Facebook</a>, <a title="Follow NextGEN Gallery on Twitter" href="http://twitter.com/NextGENGallery" target="_blank">Twitter</a>, and <a title="Follow NextGEN Gallery on Google +" href="http://plus.google.com/101643895780935290171" target="_blank">Google +</a><br>
== Credits ==
Copyright:<br>
Photocrati Media 2012-2013<br>
Alex Rabe 2007-2011
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
** Please note **
NextGEN Gallery's flash slideshow option is powered by the JW Image Rotator from Long Tail Video. The Image Rotator is provided free as part of our plugin package thanks to a special arrangement with Long Tail Video. Over time, we will be moving away from reliance on this file. For more information, see the Long Tail Video website: http://www.longtailvideo.com.
== Installation ==
INSTALLATION: The easiest way to enjoy NextGEN Gallery is to login to you WordPress dashboard, go to Plugins >> Add New, search for NextGEN Gallery, and click to install. You can also download the zip file from this page and upload it from the Plugins >> Add New > Upload page.
HOW TO USE: Just go to a page or post and click the NextGEN Gallery icon. From our Attach to Post interface, you can create, manage, customize, and display your galleries. You can also manage your galleries and gallery settings from the central options area under the "Gallery" tab on your dashboard menu.
DOCUMENTATION: See <a href="http://www.nextgen-gallery.com/help/" target="_blank">NextGEN Gallery Documentation</a>.
That's it ... have fun! For more information, feel free to visit the official website for the NextGEN Gallery <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a>.
http://www.youtube.com/watch?v=Le_ZsNSuIvM
== Screenshots ==
1. NextGEN Thumbnail Gallery
2. NextGEN Slideshow Gallery
3. NextGEN Imagebrowser Gallery
4. NextGEN Central Gallery Settings Page
5. NextGEN Other Options Page - Watermarking
6. NextGEN Manage Gallery Page - Edit Thumbnails
7. NextGEN Manage Gallery Page - Edit Image Tags
8. NextGEN Interface for Adding Galleries to a Page or Post
9. NextGEN NextGEN Placeholder Image When Editing a Page or Post
== Shortcode ==
NextGEN Gallery 2.0 introduces our new Attach to Post interface, which means you never need to work with shortcodes again if you would prefer not too.
If you do want to work with shortcodes, we've also introduce a new, more powerful, and more flexible shortcode system with NextGEN Gallery 2.0.
**<a href="http://www.nextgen-gallery.com/nextgen-gallery-shortcodes">Learn About NextGEN Gallery 2.0 Shortcodes</a>**
Legacy shortcodes? For reference, we're also maintaining documentation on NextGEN Legacy shortcodes used in NextGEN 1.9.x and earlier. <a href="http://www.nextgen-gallery.com/shortcodes">See more on Legacy shortcodes</a>.
For more information, feel free to visit the official website for the NextGEN Gallery <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a>.
== Frequently Asked Questions ==
= Why are my galleries not opening up in a lightbox after I move my site? =
This is often due to the URL paths to the CSS and JavaScript files used by the Lightbox Effects not being changed to relevant addresses based on the new site. This article will help sort out this issue if that is the case: <a href="http://www.nextgen-gallery.com/galleries-opening-lightbox/" target="_blank">Why are my galleries not opening up in a lightbox?</a>.
= Do you have documentation or tutorials? =
Yes. See <a href="http://www.nextgen-gallery.com/help/" target="_blank">NextGEN Gallery Documentation</a>.
= Will NextGEN Gallery work with my theme? =
Part of what makes the NextGEN Gallery WordPress gallery plugin so popular is its flexibility - it works with the vast majority of premium and free themes, without requiring any coding.
= Are the galleries flash based? =
No, NextGEN Gallery uses Javascript (J-Query) based displays to ensure compatibility across the widest range of displays possible.
= Are the galleries mobile friendly? =
Yes, since we use Javascript rather than flash, NextGEN Gallery is compatible with Android, iOS, and Blackberry. As of July 2013, all galleries are responsive. NextGEN Pro also includes a full screen, responsive Pro Lightbox with mobile gesture support.
= What is the difference between a gallery and an album? =
In the simplest of terms, Galleries contain your images and Albums contain your Galleries. Albums act as links and placeholders to quickly and easily navigate your galleries - Galleries will actually display your images.
= Can I upload multiple images at once? =
Yes, you can batch upload entire galleries at a time.
= Can I password protect galleries? =
Yes, WordPress allows you to password protect pages by default - which includes all galleries and content for the entire page. Password protection of pages can be turned on and off at any time, with just a few clicks.
= Can I add a watermark to the images/slideshows? =
Yes, you can add text or image watermarks to your gallery images.
= Can I crop thumbnails? =
Yes, each thumbnail image can be individually adjusted to suit your needs.
= Is there pagination for galleries? =
Yes, and you can adjust the amount of images to be shown on a page at any time.
= Can I customize the lightbox? =
Yes, the lightbox can be configured with multiple options directly from the Dashboard, and there are multiple CSS styles which can be applied and modified as well.
= Can I add HTML to the captions? =
Yes, caption areas are fully HMTL capable.
= Can I add an external links to galleries? =
Since the captions are fully HTML capable, you can add external links and any other type of mark up you wish.
= Is NextGEN Gallery available in foreign languages? =
Yes, the NextGEN Gallery WordPress gallery plugin has been translated into dozens of languages - <a href="http://www.nextgen-gallery.com/languages/" target="_blank">click here to find out more.</a>
= More Information =
For more information, feel free to visit the official website for the NextGEN Gallery <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a>.
== Changelog ==
= V2.0.66.33 - 11.24.2014 =
* Fixed: Broken NextGEN Pro ecommerce-related shortcodes
* Fixed: Spanish PO file
= V2.0.66.31 - 11.21.2014 =
* Fixed: Broken shortcodes with WordPress 4.0.1
= V2.0.66.29 - 09.17.2014 =
* NEW: Added skip_excluding_globally_excluded_images property to displayed gallery objects
* Fixed: SQL generation for random image selection
* Fixed: Adjust regex for replacing displayed gallery placeholder images
* Fixed: Removed filters to home_url needed previously for WMPL compatibility
* Fixed: Use canonical redirects when appropriate
* Fixed: Ability to override image files using XML-RPC
= V2.0.66.27 - 08.18.2014 =
* Fixed: Missing class.frame_communication_option_handerl.php error
= V2.0.66.26 - 08.18.2014 =
* NEW: Added fault tolerance to bulk action AJAX requests
* Changed: Moved some settings from DB to in-memory
* Fixed: Compatibility with BuddyPress plugin in multisite environments
* Fixed: Ability to find static resources outside of WP_PLUGIN_DIR
* Fixed: Autoupdate conflict with Photocrati Theme
* Fixed: Workaround GoDaddy's throttling of consecutive AJAX requests
* Fixed: Issue with settings manager in multisite enviroments
= V2.0.66.17 - 08.08.2014 =
* NEW: Added french translations
* Secured: XSS vulnerability in jQuery Plupload Queue (thanks Codevigilant Team)
* Secured: XSS vulnerability in thumbnail/slideshow integration links
* Secured: XSS vulnerability on Manage Albums page
= V2.0.66.16 - 07.30.2014 =
* NEW: Added new "limit" setting to Slideshow widgets
* NEW: Added a "ngg_routes" action for other plugins to hook into to provide new routes
* NEW: Added NGG_SKIP_LOAD_SCRIPTS constant, which existed in 1.9.x
* NEW: Added NGG_GALLERY_ROOT_TYPE constant. Set to 'content' to load galleries from the content_dir / content_url
* NEW: Bosnian (bs_BA) language thanks to Nevesin Srdoc
* NEW: Chinese (zh_CN) language thanks to Vahi Chen, http://www.vahichen.com
* NEW: Dutch (nl_NL) language thanks to Taeke Kooiker
* NEW: Filipino (fil) language thanks to Find Hold, http://www.findhold.dk/
* NEW: French (fr_FR) language thanks to Jean-Yves Dumaine & Le Blog de Lise
* NEW: Hungarian (hu_HU) language thanks to Zoltán Varanka
* NEW: Italian (it_IT) language thanks to Jacopo Caggiano, @tizz
* NEW: Russian (ru_RU) language thanks to SnakeD3
* NEW: Spanish (es_ES) language thanks to Andrew Kurtis at WebHostingHub
* Changed: Updated Czech language thanks to Separatista; additional thanks to Martin Krizek for the original translation who was mistakenly unaccredited
* Changed: "Upgrade to Pro" page has new design, advertises for NextGEN Plus
* Changed: Basic Albums templates now given the image counter P element the class 'ngg-album-gallery-image-counter' (by user request)
* Changed: Gallery widgets now apply height:auto to their element; fixes compatibility with some themes
* Changed: Random galleries should be substantially faster now (1000% or more for large image tables)
* Fixed: Complete WPML compatibility
* Fixed: Disable Buddypress 'bp_do_redirect_canonical' filter as it ruins our routing system
* Fixed: Use plugins_url() content_url() when appropriate rather than just site_url() and home_url()
* Fixed: WP Cron job will remove not only displayed gallery transients, but rendering transients as well
* Fixed: NGG_RENDERING_CACHE_TTL constant is honored properly
* Fixed: If using the caption template for Basic Thumbnails, only show the image caption when appropriate
* Fixed: If NGG is uninstalled, so are it's custom capabilities
* Fixed: Translate "Attach NextGEN Gallery to Post" ATP icon alt text when translations are active
* Fixed: Multisite gallery path tooltip gave a wrong default setting
* Fixed: Flush 'all' caches when pope_module_list setting changes
* Fixed: Don't enqueue related images css in the admin
* Fixed: Basic Slideshows fixes WP creating extraneous P element above the slideshow display
* Fixed: Basic Singlepic will now display images marked 'excluded' in the admin
* Fixed: Admin pages can now update when the "Save" button text has been translated
= V2.0.66 - 05.20.2014 =
* Secured: Check mime type of image files using a variety of mechanisms
= V2.0.65 - 05.04.2014 =
* Secured: Limit uploads to images and zips
= V2.0.63 - 04.29.2014 =
* NEW: Translation ready
* NEW: Including German translation by Roland Stumpp
* NEW: Including Czech translation by Separatista
* NEW: Including Finnish translation by Vesa Tiirikainen
* NEW: WPML / qTranslate support
* NEW: Bundled Browser+ JavaScript library
* NEW: Added NGG_DISABLE_FILTER_THE_CONTENT constant to manage conflicts
* Changed: Moved jquery.nextgen_radio_toggle.js to NextGEN Admin Module
* Changed: Original display settings are passed to secondary display types
* Fixed: Thumbnail dimension calculations are inaccurate by 1px when maintaining aspect ratio
* Fixed: Copy IPTC data from original to new image when creating new sizes / thumbnails
* Fixed: Use correct absolute path when importing images in a multisite environment
* Fixed: Incorrect display of disk space quotas in multisite environments
* Fixed: Removed redundant roles form in multisite environments
* Fixed: Insert Gallery Window support for multisite environments
* Fixed: Incorrect handling of NextGEN Styles in multisite environments
* Fixed: Not honouring NGG_IMPORT_ROOT constant
* Fixed: Fixed inability to edit gallery properties using XMLRPC's edit_gallery method
* Fixed: Alignment issues in Basic Compact Albums caused by subalbums not displaying image 'counter'
* Fixed: Display setting forms compatibility issue with WordPress 3.9
* Fixed; Compability with jQuery Dialogs in WordPress 3.9
* Fixed: Maximum entity code should be a displayed gallery property for recent/random sources only
* Fixed: Problems with zlib compression: https://core.trac.wordpress.org/ticket/18525
* Fixed: Support for web servers which use a document root of '//'
* Fixed: Compatibility with WPML Translation Management
* Fixed: use 'del' for function name in ngg_store.js, 'delete' is a reserved keyword
* Fixed: Enqueue fontawesome only when necessary
* Fixed: Suhosin compatibility issue when overriding PHP memory limit
* Fixed: Handle images of wrong image type correctly when trying to create cropped thumbnails
* Fixed: Datamapper entities not allowed to have properties with a value of 0
* Fixed: Resource manager is manipulating feeds
* Fixed: Convert absolute urls to relative urls for lightboxes
* Fixed: Start the resource manager as early as we can within the init action
* Fixed: Routing problem for galleries with images named 1.jpg, 2.jpg, 3.jpg, etc.
* Fixed: Added tooltips to basic slideshow settings
* Fixed: Remove CKEditor's NextGEN button, which is incompatible with NextGEN Gallery 2.x
= V2.0.61 - 04.01.2014 =
* Fixed: Compatibility with WP 3.9
* Fixed: Exception thrown when using Reset button
= V2.0.59 - 03.18.2014 =
* Changed: Separated pope_module_list from ngg_options record in options table
* Fixed: Removed code causing jQuery compatibility issues in WP Admin
* Fixed: Allow third-parties to override jQuery with Google's CDN
* Fixed: When resetting the 'jquery' handle, ensure that jquery-migrate is a dependency
* Fixed: Silenced many PHP warnings
* Fixed: Datamapper->count() not returning the correct count
* Fixed: Compatibility with Gravity Forms
= V2.0.58 - 03.09.2014 =
* Fixed: Reset jQuery to WP defaults when modified by a third-party
* Fixed: Compatibility with WP jQuery Lightbox plugin
* Fixed: Compatibility with Peekaboo theme
= V2.0.57 - 03.05.2014 =
* NEW: Re-introduced the Reset button
* NEW: Tooltip added for Page Link to functionality
* NEW: Displayed Gallery Triggers moved from NextGEN Pro to NextGEN Gallery (not in use)
* NEW: Added NGG_Store, a client-side persistence layer (not in use)
* NEW: Added NGG_CRON_SCHEDULE constant. Set to the number of seconds between the execution of NextGEN Gallery cron jobs
* NEW: Added NGG_RENDERING_CACHE_TTL constant. TTL measured in seconds.
* NEW: Added NGG_DISPLAYED_GALLERY_CACHE_TTL constant. TTL measured in seconds.
* NEW: Added NGG_DISABLE_LEGACY_SHORTCODES constant. When TRUE, [slideshow] becomes [nggslideshow].
* NEW: Added Font Awesome, available for NextGEN Gallery extensions
* Changed: Transients are removed every 30 minutes instead of 60 minutes
* Changed: Admin Page & Form components refactored to allow custom POST processing
* Changed: Default path for NEW multisite installations to wp-content/uploads/sites/%BLOG_ID%/nggallery/
* Fixed: Ability to upload ZIP files on Windows hosts
* Fixed: Support for filenames with non-ASCII characters
* Fixed: Dynamic updates in the Attach to Post interface (interframe communication)
* Fixed: Attach to Post interface freezing in IE11
* Fixed: Path issues on Windows Servers
* Fixed: Module installer integrity
* Fixed: Database query performance. No more joins to the WP options table
* Fixed: Lightboxes storing absolute paths for static resources
* Fixed: Displayed gallery cache not regularly flushed
* Fixed: SQL query performance problems. Honor max_packet_allowed variable for MySQL
* Fixed: Multiple database queries generated for determining next available image slug
* Fixed: Corrupted MediaRSS feeds
* Fixed: Padding on Gallery Settings and Other Options pages
* Fixed: Routing issues on subdirectory installs
* Fixed: Importing galleries using the Attach to Post Interface
* Fixed: Gallery path calculations on Windows web servers
* Fixed: Sub-album urls not processed correctly
* Fixed: Apply maximum entity count to existing displayed galleries
* Fixed: NextGEN Gallery Thumbnail Widget shouldn't use ImageBrowser effect
* Fixed: Ability to set shuffle parameter for ImageRotator slideshows
* Fixed: PHP warning about HTMLDocument when displaying a SinglePic
* Fixed: Sanitization of gallery title
* Fixed: Home URL now used instead of Site URL in MediaRSS feed
* Fixed: Attach to Post interface broken when WPML is installed
* Fixed: Attach to Post interface instructing browser to cache the page
* Fixed: Watermarking not working in low-memory environments
* Fixed: Maximum images limit not being applied for galleries already created.
* Fixed: Double forward slashes in static urls
* Fixed: Don't sleep when checking if the installer is running
* Fixed: Don't enforce Pope interface contracts
* Fixed: Remove custom table extra records from wp_options table
* Fixed: Scan folder for new images not working
* Fixed: Incorrect page permalink used for "Page Link To" functionality
* Fixed: Pagination broken when Basic Thumbnail gallery on the same page as Basic Album
* Fixed: parse_url() warnings generated for PHP 5.3.3 and earlier
* Fixed: Compatibility with Headway Themes
* Fixed: Compatibility with web servers which don't provide PHP a document root
* Fixed: Third-party incompatibilities caused by the Photocrati Resource Manager
* Fixed: Compatibility with the Flattr plugin
* Fixed: Compatibility with the Weaver II theme
* Fixed: Interface tweaks for WordPress 3.8
= V2.0.40 - 11.26.2013 =
* NEW: Added the ability to apply lightbox effects to non-NGG images
* NEW: Added NGG_HIDE_STRICT_ERRORS constant. Define and set to TRUE to hide strict errors
* NEW: Added NGG_IMPORT_ROOT constant. Define and set to TRUE to browse from a custom directory
* NEW: Added NGG_DEBUG constant. Define and set to TRUE to display helpful messages for debugging
* NEW: Each custom table record will have an associated custom post record for expansion
* NEW: Display helpful error messages when there's a problem uploading images
* NEW: Add data-(src|thumbnail|image-id|title|description) attribute to gallery image anchors
* NEW: Variant support for displayed gallery sources. Random images is limited to 5 variations
* Fixed: Excessive creation of transients for random galleries
* Fixed: Many issues prohibiting the ability to upload images
* Fixed: Compatibility with NextGEN Gallery Export Plugin for Adobe Lightroom (thanks Vladimir!)
* Fixed: Sorting in the Attach to Post interface
* Fixed: HTML allowed in gallery/album descriptions
* Fixed: Requests for galleries within albums that have numeric names are broken
* Fixed: Call to a non-member function get() on WP_Query
* Fixed: Ability to sort by Image ID in the Attach to Post interface
* Fixed: Isolate the Attach to Post from implicit third-party script inclusion
* Fixed: Check for the existance of thumbnails when generating urls, and if missing, generate new ones
* Fixed: Compatibility with NextGEN Facebook OpenGraph+ plugin
* Fixed: Various XML-RPC issues
* Fixed: Widgets stylesheet not included
* Fixed: Issue with color not being pre-selected when previewing Watermark
* Fixed: E_NOTICE emitted when cleaning up cached image files
* Fixed: E_NOTICE emitted when viewing display type settings
* Fixed: Typo adjusting pcre.backtrack_limit for shortcodes
* Fixed: Content within the tabs of the Attach to Post interface cut-off
* Fixed: Routing problem which would cause conflicts with different display types on the same page
* Fixed: Broken Dynamic CSS links on GoDaddy
* Fixed: Ability to use HTML in gallery/album descriptions
* Fixed: Sub-album requests conflicting with paginated galleries on the same page
* Merged: Pull request from andreasE (https://bitbucket.org/photocrati/nextgen-gallery/pull-request/6/)
= V2.0.33 - 10.21.2013 =
* NEW: Requests /ngg_tag/[tagname] will create a displayed gallery
* NEW: Option added to "Import Gallery" tab to use original images
* Fixed: Links are broken on the ngg_tags-sitemap.xml file by WordPress SEO
* Fixed: PHP notice: Attempt to assign property of non-object
* Fixed: Undefined property warnings when using NextGEN Basic Thumbnails
* Fixed: Detect if an applying a transient to a displayed gallery was successful
* Fixed: Compatibility issues with BJ-Lazy-Load and Colorbox
* Fixed: Pagination conflicts for multiple Imagebrowsers on the same page
* Fixed: Ability to display previous exception with debug mode
* Fixed: Tagclouds not working in multisite instances
* Fixed: Load widgets.css when a widget is being used
* Fixed: Installer should remove all instances of the component factory
* Fixed: Widget settings interface not intuitive
* Fixed: Inability to upload images in some Windows host environments
* Fixed: Sorting images/galleries using the Attach To Post interface
* Fixed: Fix detection of HTTPS (pull request by Leonhardt Wille)
* Fixed: Compilation errors of regular expressions
* Fixed: Pro galleries wouldn't display in environments using PHP 5.3.3 or less
* Fixed: Scanning of router slug is now limited to the uri, not the url
* Fixed: Show slideshow link isn't required for thumbnail/imagebrowser integration
* Fixed: WordPress media-upload with 'singlepic' image size
* Fixed: Use target=_blank when the link setting is provided for NextGEN Basic Singlepic
* Fixed: Only display rendering errors if WP_DEBUG is enabled
= V2.0.31 - 10.03.2013 =
* NEW: Restored AJAX pagination for NextGEN Basic ImageBrowser display type
* Fixed: Compatibility with WordPress Local SEO by Yoast
* Fixed: Inability to upload images if image_slug field was missing in database
* Fixed: Integration of NextGEN Basic Thumbnail and NextGEN Basic Slideshow display types
* Fixed: Photocrati Resource Manager further adjusted to be third-party friendly
* Fixed: Added the ability to find legacy templates in both the child/parent theme directories
* Fixed: JavaScript errors in Attach to Post interface
* Fixed: Router can handle port numbers in urls
* Fixed: Carousel template was linking to NextGEN Basic ImageBrowser view
* Fixed: SQL query generated for displayed galleries using tags as source
* Fixed: 3rd party compat: raise & never lower pcre.backtrack_limit
= V2.0.30 - 09.25.2013 =
* NEW: Restored the ability to use imagebrowser display type instead of a lightbox effect
* Changed: Displayed galleries are no longer rendered in RSS feeds
* Changed: Removed "Plugin Check" widget from overview page
* Fixed: Silence PHP warnings/errors in an output buffer for AJAX actions
* Fixed: Compatibility issue with WordPress SEO and broken site maps (and large error_logs)
* Fixed: Compatibility issue with AJAX Event Calendar (and possibly others)
* Fixed: Adjusted Photocrati Resource Manager to be third-party friendly
* Fixed: Fixed empty result set for displayed galleries selecting 'All' tags
* Fixed: URL generation for imagebrowser pagination links
* Fixed: Ensure that image meta is imported on creation
* Fixed: Ensure that transients are removed when an external object cache is used
* Fixed: Don't load pluggable.php. This will fix plugin conflicts
* Fixed: In Attach to Post interface, galleries created in one tab weren't showing in another
* Fixed: Don't output frame events cookie for XML-RPC requests
= V2.0.27 - 09.18.2013 =
* Fixed: Reduce performance impact of purging displayed gallery transients
= V2.0.25 - 09.18.2013 =
* Reverting to the 2.0.21 codebase, due to major performance issues in 2.0.23 and 2.0.24
= V2.0.23 - 09.16.2013 =
* NEW: WP-Cron job to periodically clean-up displayed gallery transients
* NEW: Added "excluded_container_ids" as parameter for ngg_images shortcode
* Fixed: Lightbox effect is honoured by all display types
* Fixed: Highslide displays images from the correct displayed galleries
* Fixed: Ensure that sub-albums display correctly when the word "album" is part of a slug
* Fixed: Ensure that sub-albums display correctly when numerical slugs are used
* Fixed: Related images heading only added when Related Images functionality is enabled
* Fixed: PHP Warning about undefined index when viewing basic albums
* Fixed: AJAX handling is third-party compatible
* Fixed: Image date is no longer overwritten when an image is modified
* Fixed: Fixed issue with displayed galleries using source='tags'
* Fixed: Problem with transient cache not getting flushed properly from Other Options page
* Fixed: Use correct gallery/transient ID when ajax pagination is used
= V2.0.21 - 09.09.2013 =
* NEW: Multisite support
* Changed: Default image quality set to 100 for generated images
* Changed: Removed dependence on simplehtmldom library
* Fixed: Related images functionality works as it did in 1.9.x
* Fixed: Don't compress inline JavaScript in post/page content
* Fixed: Click-to-advance slideshow behavior for slideshows
* Fixed: Security warnings from VaultPress
* Fixed: View as Slideshow link works with AJAX pagination
* Fixed: Broken links on Overview page
* Fixed: Backup images option
* Fixed: Stylesheet url generated correctly for Windows hosts
* Fixed: Compatibility with NextGen Custom Fields plugin
* Fixed: Compatibility with Adsense Explosion plugin
* Fixed: Suppress wp_footer notices unless WP_DEBUG is set to TRUE
= V2.0.17 - 08.30.2013 =
Fixed: Match legacy behaviour when changing gallery path, i.e. don't move files
= V2.0.14 - 08.27.2013 =
* NEW: Added the ability to override thumbnail settings for NextGEN Basic Albums
* NEW: Shortcode Manager API, which ensures that shortcodes are outputted as intended
* Changed: Re-added the ability to select the original image size for widgets
* Fixed: Ensure that stylesheet url returned is correct for Windows hosts
* Fixed: Broken links and lightbox effects with AJAX pagination
* Fixed: Try to ensure that third party plugins don't add content to our dynamic JS
* Fixed: Improved reliability of iframely.js
* Fixed: Ensure that urls are generated correctly in HTTPs environments
* Fixed: Datamapper works correctly in environments where temporary tables aren't supported
* Fixed: Fixed an issue with thickbox loading animation when home url differs from site url
= V2.0.11 - 08.19.2013 =
* NEW: Added "run_ngg_resource_manager" hook to by-pass our resource manager
* Changed: Removed "Reset & Uninstall" tab, for now
* Fixed: Compatibility with W3 Total Cache. Please flush cache after updating.
* Fixed: Conflicts with Photocrati Theme Galleries
* Fixed: Blank Attach to Post interface window
* Fixed: Fixed ability to change Lightbox Effect settings
* Fixed: Implemented techniques to ensure WP_Query variables aren't overwritten
* Fixed: Enqueuing AJAX JS libraries twice in wp-admin
* Fixed: Encoding issues
* Fixed: PHP warnings caused by accessing unserialized data as array
* Fixed: Fixed installer issues
= V2.0.7 - 08.09.2013 =
* NEW: New resource manager that fixes many plugin and theme incompatibilities
* NEW: Styles (custom stylesheets) should reside in wp-content/ngg_styles
* NEW: Added option to "Other Options -> Misc" to control maximum images returned
* Secured: Removed default connector for jQuery FileTree library
* Changed: Updated the simplehtmldom library to version 1.5
* Changed: jQuery is now enqueued at the beginning of every request
* Fixed: Incompatibilities with BuddyPress
* Fixed: Incompatibilities with Events+, bbPress, Custom Permalinks, and many other plugins
* Fixed: Incompcatibilities with Member Access, AMember, Magic Fields, and More Fields
* Fixed: Incompatibilities with Elegant Themes, Oxygen, Responsive, and many other themes
* Fixed: Ensure that gallery images don't have a border by default
* Fixed: Conflict between imagebrowser and album urls
* Fixed: Reverted default gallerypath to wp-content/gallery/
* Fixed: Upgrade-safe way of overriding Styles
* Fixed: Generation of AJAX url is now based on slug
* Fixed: Restore nggShowGallery and nggShowSlideshow as wrappers to new API
* Fixed: Always use domain as specified by WordPress Site URL
* Fixed: Use WordPress Home URL over Site URL when appropriate
* Fixed: Numerous pagination issues
* Fixed: Adjusted our forms to comply with WordPress Firewalls
* Fixed: Correct use of select2 DOM selector for maximum compatibility
* Fixed: Path and URL calculations for Windows and UNIX environments
* Fixed: Ensure that pluggable.php is loaded at the start of every request
* Fixed: Fancybox: adjust CSS for further box-sizing protection from themes
* Fixed: Use PHP 5.2.1 compatible named pattern matching syntax
* Fixed: Remove usage of __DIR__ constant not supported by PHP 5.2.x
* Fixed: Removed dependency on mb_string PHP module
* Fixed: Allow "No Lightbox" as an option for Lightbox Effects
* Fixed: Warning: "Invalid CRT parameters detected" for Windows environments
= V2.0 - 07.30.2013 =
* NEW: Improved user experience throughout the plugin, settings and usage.
* NEW: Plupload queue uploader that allows for bulk and zip uploads within the same interface.
* NEW: Complete redesign of the NextGEN options panel
* NEW: Added new interface for adding galleries from pages and posts.
* NEW: Galleries are now mobile friendly and responsive, which is most noticeable with a responsive theme.
* NEW: Streamlined functionality for displaying galleries based on tags.
* NEW: Architecture based on Pope Framework (http://bitbucket.org/photocrati/pope-framework)
* NEW: New shortcode, “ngg_images”, and corresponding Attach to Post interface
* NEW: Galleries have now global and instance settings
* NEW: Support for FastCGI environments
* Changed: Replaces shortcodes with placeholder images, however still supports legacy shortcodes.
* Changed: Introduced new Growl-like notifications
* Changed: The container and it’s images are centered for slideshows
* Changed: NextGEN styles now override vs replace default styles
* Changed: NextGEN legacy templates have been deprecated (but still function)
* FIXED: The ability to use NextGEN image as a Featured Image.
* FIXED: Many bugs and annoyances, such as PHP warnings, errors, etc.
= V1.9.13 - 06.11.2013 =
* NEW: Slideshows are now centered to their content area
* Secured: Ensure that only logged in users can upload images
* Fixed: Import date is presered are no longer Jan 1 1970
* Fixed: Removed mention of upgrade.php, which no longer exists
= V1.9.12 - 02.15.2013 =
* Fixed: jQuery Conflict Detection was trying to dequeue irremovable scripts
= V1.9.11 - 02.12.2013 =
* NEW: Added the ability to detect JQuery conflicts on NGG Admin Pages and auto-resolve
* Changed: Added "nggalbum" shortcode. Use this when Jetpack is installed.
* Changed: Using natural sorting algorithm for alphanumeric values
* Changed: Database schema is automatically updated when out-of-date
* Fixed: Fixed several incompatibility issues with Jetpack
* Fixed: Empty drop-down for "Page Link To"
* Fixed: Alphabetical image sorting
* Fixed: Compatibility with Arjuna X theme
* Fixed: ââ¬Å“Creating default object from empty valueââ¬Â on album page
* Fixed: Compatibility issues with PHP 5.4 on album page
* Fixed: E_DEPRECATED warning when using get_userdatabylogin() function
* Fixed: Removed many E_NOTICE errors
* Fixed: Correct use of register_uninstall_hook across all PHP versions
= V1.9.10 - 12.18.2012 =
* Fixed: XML-RPC error displayed when authenticating using WordPress 3.5
* Fixed: Restored compatibility with NextGEN Gallery Export Plugin
* Fixed: Removed some remaining references to database upgrade code
* Fixed: Deleted galleries within an album are handed gracefully without warning messages
* Fixed: Correct use of register_uninstall_hook
* Fixed: CSS and usability issues with the TinyMCE window used to display galleries
* NEW: JW ImageRotator v3.17 is now bundled with the plugin and used by default.
* Changed: Removed database upgrade code for versions of NextGEN Gallery earlier than 1.9.3
* Fixed: Compatibility with WordPress v3.5 ( wpdb->prepare() warnings )
* Fixed: Sorting by filename now produces expected results using a natural sorting algorithm
= V1.9.8 - 12.05.2012 =
* Secured: Removed bundled version of swfupload. See fix below for SCM information.
* Changed: All transients created by NextGEN are flushed when the plugin is activated.
* Fixed: Our primary SCM is conducted at http://bitbucket.org/photocrati/nextgen-gallery, but was not synchronizing correctly with the WordPress Plugin SVN Repository
* Fixed: The transient adjustment fixes: http://wordpress.org/support/topic/plugin-nextgen-gallery-_transient_ngg_request-entry-in-wp_options
= V1.9.7 - 11.13.2012 =
* Secured: Removed bundled version of swfupload; using WordPress-bundled version instead for WordPress 3.2 instances
* Changed: Using JQuery UI for the image sorting interface (thanks Tomás Soler)
* Bugfix: Image uploads work in WP 3.2 when using Safari
* Bugfix: Adjusted TinyMCE window to use built-in JavaScript libraries
* Bugfix: Removed Photocrati acquisition announcement
* Bugfix: Fixed incorrect usage of ImageJpeg() function
* Bugfix: Switched from "template_redirect" to "wp_enqueue_script" hook to load scripts and styles
= V1.9.6 - 07.21.2012 =
* Changed: Implemented workaround for bug found in WordPress SEO, resulting in no images being added to sitemap
* Bugfix: Fixed an issue with users not being able to dismiss the "Photocrati Acquisition Notice"
* Bugfix: Adjusted Javascript for activating social media pages to load on NextGEN Gallery pages only.
* Bugfix: Fixed compatibility issue with Simple Facebook Connect
* Bugfix: Using correct Facebook Page ID in Like button
= V1.9.5 - 18.07.2012 =
* Changed: Branding changes following Photocrati acquisition (removed donation messages and updated links)
* Secured: Use WordPress-bundled JavaScript libraries for swfobject and swfupload instead of bundling our own
* Bugfix: Adjusted thickbox effect styling to ensure that the lightbox is always displayed in the foreground
* Bugfix: Fixed compatibility issues with Contact Form 7 and other plugins by following WordPress Plugin conventions
* Bugfix: Fixed network-wide activation in WordPress 3.4
* Bugfix: Plugin is no longer dependent on it's folder name
= V1.9.3 - 26.02.2012 =
* Bugfix : Ensure to set the slug for "all" albums
* Bugfix : Updated german translation ( THX to Roger Hunziker )
* Bugfix : Ensure error checking on IPTC array (THX to Kristian Edlund)
* Bugfix : Handle IE8 cached images better in slideshow
* Bugfix : Show album preview image if selected (THX to Kristian Edlund)
= V1.9.2 - 17.01.2012 =
* NEW : Added more XMLRPC commands (THX to Vladimir Vinogradsky)
* Changed : Rework Post-thumbnail function (THX to Kristian Edlund)
* Bugfix : Check first for valid images on unzip (only Mac OS zip-files)
* Bugfix : Increase z-index for twenty eleven theme
* Bugfix : Support non latin chars in tagcloud
* Bugfix : Allow other tinymce intance
* Bugfix : Better support for WPML translation
= V1.9.1 - 10.12.2011 =
* Bugfix : Security hardness for untrusted filenames/meta data (THX to Brian St. Pierre)
* Bugfix : Fixed security vulnerability (TXH to Jon Cave)
* Bugfix : Load piclens script via other function
* Bugfix : IE7 script fix for add gallery
* Bugfix : IE7/IE8 width set correctly for edit album autocomplete field
= V1.9.0 - 27.11.2011 =
* NEW : Keep images transparency for PNG and GIF format
* NEW : Switch to Plupload, support now HTML5 Upload (only with WordPress 3.3)
* NEW : Added client side resize feature (only with WordPress 3.3)
* NEW : Support for gallery templates in album shortcodes [ album id=x template="name" gallery="templatename" ]
* NEW : Added new hook ngg_delete_picture
* Changed : Updated to jQuery Cycle Version 2.9995
* Changed : Always cache the single pictures, remove option
* Bugfix : Couldn't use bulk operation for search results
* Bugfix : Bugfix for Edit thumbnails under IE 8 + 9
* Bugfix : Allow empty altext in ngg.editImage
* Bugfix : Various PHP notice fixes
* Bugfix : Resize fix for Shutter effect and mobile Browser
* Bugfix : FTP Import missing slug field into database
* Bugfix : Check also EXIF field "DateTimeOriginal" for timestamp
= V1.8.4 - 26.10.2011 =
* Bugfix : Fixed security vulnerability (TXH to Alain Schneider)
= V1.8.3 - 07.08.2011 =
* Changed : Support for simple custom permalink structures (i.e. /%category%/%postname%/)
* Bugfix : Sub-Albums in Albums didn't create the correct link
* Bugfix : AJAX Pagination didn't work anymore
* Bugfix : Adding index.php to home_url()
* Bugfix : Preview picture lost on backend gallery page 2 or higher
= V1.8.2 - 12.07.2011 =
* Bugfix : Set pagination variables for search result, otherwise update failed
* Bugfix : Update failed for paged galleries since WordPress 3.2
= V1.8.1 - 18.06.2011 =
* Bugfix : Special case for pagination, instead of showing page-1, we show the clean url
* Bugfix : Various PHP notice fixes
* Bugfix : Typo in rewrite rules
* Bugfix : Flush rewrite rules during upgrade later
= V1.8.0 - 12.06.2011 =
* NEW : Full rework of permalink url structure
* NEW : Adding Google Sitemaps for Images (require WordPress SEO plugin by YOAST )
* NEW : Support for WPML ( WordPress Multilingual Plugin )
* NEW : Adding support for arrow key in shutter effect (THX to Flyvans)
* NEW : Adding sort operation for galleries overview page
* Changed : Updated pagination to new WP3.1 style
* Bugfix : Create unique slug in a better way
* Bugfix : Rework screen options filter for gallery and image table
* Bugfix : Empty values in XMLRPC update calls are ignored
* Bugfix : Create gallery failed when safe-mode on
* Bugfix : Permalink didn't work in combination with album & imagebrowser
= V1.7.4 - 15.02.2011 =
* Bugfix : Disallow direct call of ajax file to avoid path disclosure (THX to High-Tech Bridge SA)
* Bugfix : Rework jQuery Cycle slideshow for IE compat reason (THX to Justin Dickenson)
* Bugfix : Resize only larger images in slideshow
* Bugfix : Improved image format detection in gd.thumbnail class (THX to Kupar.b)
= V1.7.3 - 20.01.2011 =
* NEW : Introduce plugin health check for conflicts with other plugins/themes
* NEW : Adding new XMLRPC method ngg.deleteImage
* NEW : Adding new XMLRPC method ngg.editImage
* Changed : Rework register script for autocomplete feature
* Bugfix : Bugfix for Multisite setup and flash upload
* Bugfix : WP3.1 compat issue, show site admin page only on Multisite installation
= V1.7.2 - 13.12.2010 =
* Bugfix : Adding images to database require slug (NOT NULL)
= V1.7.1 - 13.12.2010 =
* Changed : Disable upgrade for PHP4 user
* Changed : Disable colorpicker for option page
* Bugfix : Compat fix for upgrade
= V1.7.0 - 11.12.2010 =
* NEW : Publish a new post direct from the gallery admin page
* NEW : Added filter hook 'ngg_get_image_metadata' to add more exif/iptc information
* NEW : Adding Autocomplete field to TinyMCE Popup and Album page
* NEW : More methods for XMLRPC interface
* Changed : New hooks for gallery table (THX to Alexander Schneider)
* Changed : Introduce jQuery dialog as new UI element
* Changed : Call TinyMCE window via admin-ajax
* Bugfix : Better support for SSL blogs
* Bugfix : Install/Upgrade failed when table prefix contain captial letters
* Bugfix : Fix validation issues in Media-RSS
* Bugfix : Empty tags in XMP Meta causes PHP error
* Bugfix : Rework load mechanism for slideshow
* Bugfix : Copy meta data when image is copied
* Bugfix : Icon Support for Ozh' Admin Drop Down Menu
* Bugfix : Use correct sort order in slideshow
= V1.6.2 - 19.09.2010 =
* NEW : Added constant NGG_SKIP_LOAD_SCRIPTS to avoid script load
* Bugfix : Load Tags library with core files
* Bugfix : Slideshow script failed in IE7, load script now in header
* Bugfix : Load slideshow widget always
* Changed : New admin notice for database upgrade
* Changed : Rework crop feature for featured images
* Changed : Use site_url() instead get_option ('siteurl'), required for SSL support
= V1.6.1 - 08.09.2010 =
* Bugfix : Script load of swfobject.js failed
* Bugfix : Show sideshow also with 1 or 2 images
* Bugfix : Rework null byte check in zip upload
= V1.6.0 - 07.09.2010 =
* NEW : Wordpress 3.0 Network (Multi-Site) support
* NEW : Integrate jQuery Cycle as NON-Flash slideshow
* NEW : Adding jQuery File Tree for import folder (THX to Sergey Pasyuk )
* NEW : Added action hook 'ngg_show_imagebrowser_first' on custom request
* NEW : Added filter hook 'ngg_slideshow_size' to resize sildeshow for mobile browser plugins
* Changed : Reorder tabs for upload
* Changed : New menu icon and screen icon (THX to Ben Dunkle)
* Changed : Load frontend libs always
* Changed : Rework of overview page
* Bugfix : Security bugfix for Zip-Upload (THX to Dominic Szablewski)
* Bugfix : Allow JPG, PNG, GIF extension
* Bugfix : New German translation (THX to Martin Kramarz)
* Bugfix : Copy/Move also backup file
* Bugfix : Calculate correct ratio for fix thumbnail size (THX to Alekz Keck)
= V1.5.5 - 14.06.2010 =
* Bugfix : Compat issue for post thumbnails with WP2.9
* NEW : Adding more hooks for custom fields plugin
= V1.5.4 - 14.06.2010 =
* Bugfix : No resize of smaller images
* Bugfix : Compat issues for Post Thumbnails under WP3.0
* Bugfix : Esc_URL in Media RSS
= V1.5.3 - 11.04.2010 =
* New : Adding pagination to footer
* Changed : Perpare new filter to replace slideshow
* Bugfix : Remove non-breaking space from navigation
* Bugfix : Pagination of galleries
* Bugfix : Fixed brackets position for old shortcode query
* Bugfix : Slideshow option 'Show next image on click" has wrong default value
= V1.5.2 - 25.03.2010 =
* Bugfix : XSS security vulnerability (THX to Core Security Advisories Team , Pedro Varangot)
* Bugfix : Missing $wpdb in shortcodes.php
= V1.5.1 - 23.03.2010 =
* Bugfix : PHP4 compat issue for Add gallery & options page
* Bugfix : Gallery widget can now have a empty title
* Bugfix : Adding correct stripslash for gallery title
= V1.5.0 - 18.03.2010 =
* NEW : Support for Post thumbnail feature
* NEW : Backup and Recover function for images (THX to Simone Fumagalli)
* NEW : Resize images after upload (THX to Simone Fumagalli)
* NEW : Added a JSON class for fetching galleries in a RESTful way (see xml/json.php)
* NEW : Adding various new capabilities for user roles
* NEW : Auto downloader for translation file
* Changed : Rename query var from slideshow to callback for compat reason with other plugin
* Changed : Convert widget function to new WP structure
* Changed : Include lookup for tags into the backend search
* Changed : Restructure addgallery and settings page to enable custom tabs
* Bugfix : Select album preview from gallery preview pics instead random list
* Bugfix : Keep fix dimension in edit thumbnail operation
* Bugfix : Import meta data didn't work correct for existing images
* Bugfix : Fix onload bug for Chrome 4 in Shutter script
* Bugfix : Remove various PHP notices for a better world
* Removed : Canonical link is now part of Wordpress 2.9
== Upgrade Notice ==
= 1.5.5 =
* Compatibility issue for post thumbnails with WP2.9 and WP3.0. No Database changes...

460
spec/samples/common/models/wp_item/versionable/nextgen_gallery_2.txt Normal file
View File

@@ -0,0 +1,460 @@
=== NextGEN Gallery ===
Contributors: photocrati
Tags:gallery,image,images,photo,photos,picture,pictures,slideshow,flash,media,thumbnails,photo-albums,nextgen-gallery,nextgen
Requires at least: 3.5
Tested up to: 3.5.1
Stable tag: trunk
License: GPLv2
The most popular WordPress gallery plugin and one of the most popular plugins of all time with over 6 million downloads.
== Description ==
= WordPress Gallery Plugin =
NextGEN Gallery is the most popular **WordPress gallery plugin**, and one of the most popular WordPress plugins of all time, with over 6 million downloads.
It provides a powerful engine for uploading and managing galleries of images, with the ability to batch upload, import meta data, add/delete/rearrange/sort images, edit thumbnails, group galleries into albums, and more. It also provides two front-end display styles (slideshows and thumbnail galleries), both of which come with a wide array of options for controlling size, style, timing, transitions, controls, lightbox effects, and more.
*The NextGEN Gallery WordPress gallery plugin is now proudly maintained by <a href='http://www.photocrati.com'>Photocrati Media</a>. Special thanks to Alex Rabe who created and maintained NextGEN from 2007 through 2011.*
= NextGEN WordPress Gallery Plugin Features =
*Upload Galleries*
* Our WordPress gallery plugin offers diverse and powerful functionality for getting images from your desktop to your website. You can easily upload batches of images via a standard WordPress-style uploader, or upload images via zip file or FTP. NextGEN will automatically import your images meta data.
*Manage Galleries*
* Centralized gallery management. Enjoy a single location where you can see and manage all your galleries.
* Edit galleries. Add or exclude images, change gallery title and description, reorder of images, resize thumbnails.
* Thumbnail Management. Turn thumbnail cropping on and off, customize how individual thumbnails are cropped, and bulk resize thumbnails across one or more galleries.
* Edit Individual Images. Edit meta data and image tags, rotate images, and exclude images.
* Watermarks. Quickly add watermarks to batches or galleries of images.
* Albums. Create and organize collections of galleries, and display them in either compact or extended format.
*Display Galleries*
* Two Gallery Types. Choose between two main display styles: Slideshow and Thumbnail, and allow visitors to toggle between the two.
* Slideshow Galleries. Choose from a vast array of options for slideshows, including slideshow size, transition style, speed, image order, and optional navigation bar.
* Thumbnail Galleries. Choose from a wide range of options to customize thumbnail galleries, including 5 different lightboxes for individual images, optional thumbnail cropping and editing, thumbnail styles, captions, and more.
* Single Image Displays. Display and format single images.
* Work with Options Panel or Shortcodes.
= NextGEN WordPress Gallery Plugin Community & Extensions =
NextGEN has been the dominant WordPress gallery plugin for years. As a result, there is large and great community of users and developers, as well as a large number of dedicated extension plugins. For a list of extension plugins, just search for NextGEN in the WordPress.org plugin repository, or visit our <a href="http://www.nextgen-gallery.com/nextgen-gallery-extension-plugins/">Complete List of NextGEN Extension Plugins</a>.
= NextGEN WordPress Gallery Plugin Resources =
*Visit the NextGEN <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a> official homepage<br>
*View <a href="http://www.nextgen-gallery.com/nextgen-gallery-demos/" target="_blank">NextGEN Gallery Demos</a><br>
*See the <a href="http://www.nextgen-gallery.com/nextgen-gallery-extension-plugins/">Complete List of NextGEN Extension Plugins</a><br>
*Get <a href="http://wordpress.org/tags/nextgen-gallery?forum_id=10" target="_blank">NextGEN Support</a> via the WordPress.org forums<br>
*Get <a href="http://www.nextgen-gallery.com/languages/" target="_blank">Translations</a> for your own language<br>
*See <a href="http://www.photocrati.com/photography-wordpress-themes" target="_blank">WordPress Photography Themes</a> by the same author<br>
*Follow NextGEN Gallery on <a title="Follow NextGEN Gallery on Facebook" href="http://www.facebook.com/NextGENGallery" target="_blank">Facebook</a>, <a title="Follow NextGEN Gallery on Twitter" href="http://twitter.com/NextGENGallery" target="_blank">Twitter</a>, and <a title="Follow NextGEN Gallery on Google +" href="http://plus.google.com/101643895780935290171" target="_blank">Google +</a><br>
== Credits ==
Copyright:<br>
Photocrati Media 2012<br>
Alex Rabe 2007-2011
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
** Please note **
NextGEN Gallery's flash slideshow option is powered by the JW Image Rotator from Long Tail Video. The Image Rotator is provided free as part of our plugin package thanks to a special commercial license with Long Tail Video. It is NOT released under GNU General Public License, and cannot be redistributed. A free version of the Image Rotator was previously available under a Creative Commons License, but it has been discontinued. Over time, we will be moving away from reliance on this file. For more information, see the Long Tail Video website: http://www.longtailvideo.com.
== Installation ==
1. Download, upload and install .zip under Plugins >> Add New > Upload, and activate the NextGEN Gallery WordPress gallery plugin.
2. From your Wordpress Dashboard, go to Gallery > Add Gallery/Images > Follow the on-screen cues.
3. Go to a post/page, and select the NextGEN Gallery button from the Kitchen Sink. Follow the on-screen cues to select, adjust, and publish your gallery.
That's it ... have fun! For more information, feel free to visit the official website for the NextGEN Gallery <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a>.
http://www.youtube.com/watch?v=Le_ZsNSuIvM
== Screenshots ==
1. Screenshot Admin Area
2. Screenshot Album Selection
3. Screenshot Shutter Effect
4. Screenshot Watermark function
5. Screenshot Flexible template layout
6. Screenshot Show Exif data
== Shortcode ==
= Examples =
*Use Image Tags to Create Galleries/Albums* - [ nggtags album=WordPress,Cologne,Ireland ]
*Display Captions in Thumbnail Galleries* - [ nggallery id=1 template=caption ]
*Basic Filmstrip Galleries* - [ nggallery id=2 template=carousel images=7 ]
*Display Exif Data* - [ imagebrowser id=28 template=exif ]
*Sort Images in a Gallery Based on Their Tags* - [ nggtags gallery=cologne,wordpress,.. ]
*Add Tag Clouds* - [ tagcloud]
*Single Pic Options* - [ singlepic id=x w=width h=height mode=web20|watermark float=left|right ]
*Template Engine for Gallery Types*<br>
[ nggallery id=1 template=sample1 ]<br>
[ nggallery id=1 template=sample2 ]<br>
[ nggallery id=1 template=sample3 ]<br>
[ nggallery id=1 template=sample4 ]<br>
[ nggallery id=1 template=sample5 ]<br>
[ nggallery id=1 template=sample6 ]<br>
*Integration with Third Party Plugins*<br>
[ monoslideshow id=1 w=450 h=350 ]<br>
[ nggallery id=1 template=galleryview images=0 ]<br>
[ media id=6 width=320 height=240 plugins=revolt-1 ]<br>
[ media id=3 width=320 height=240 plugins=rateit-2 ]<br>
For more information, feel free to visit the official website for the NextGEN Gallery <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a>.
== Frequently Asked Questions ==
= Will NextGEN Gallery work with my theme? =
Part of what makes the NextGEN Gallery WordPress gallery plugin so popular is its flexibility - it works with the vast majority of premium and free themes, without requiring any coding.
= Are the galleries flash based? =
No, NextGEN Gallery uses Javascript (J-Query) based displays to ensure compatibility across the widest range of displays possible.
= Are the galleries mobile friendly? =
Yes, since we use Javascript rather than flash, NextGEN Gallery is compatible with Android, iOS, and Blackberry.
= What is the difference between a gallery and an album? =
In the simplest of terms, Galleries contain your images and Albums contain your Galleries. Albums act as links and placeholders to quickly and easily navigate your galleries - Galleries will actually display your images.
= Can I upload multiple images at once? =
Yes, you can batch upload entire galleries at a time.
= Can I password protect galleries? =
Yes, WordPress allows you to password protect pages by default - which includes all galleries and content for the entire page. Password protection of pages can be turned on and off at any time, with just a few clicks.
= Can I add a watermark to the images/slideshows? =
Yes, you can add text or image watermarks to your gallery images.
= Can I crop thumbnails? =
Yes, each thumbnail image can be individually adjusted to suit your needs.
= Is there pagination for galleries? =
Yes, and you can adjust the amount of images to be shown on a page at any time.
= Can I customize the lightbox? =
Yes, the lightbox can be configured with multiple options directly from the Dashboard, and there are multiple CSS styles which can be applied and modified as well.
= Can I add HTML to the captions? =
Yes, caption areas are fully HMTL capable.
= Can I add an external links to galleries? =
Since the captions are fully HTML capable, you can add external links and any other type of mark up you wish.
= Is NextGEN Gallery available in foreign languages? =
Yes, the NextGEN Gallery WordPress gallery plugin has been translated into dozens of languages - <a href="http://www.nextgen-gallery.com/languages/" target="_blank">click here to find out more.</a>
= More Information =
For more information, feel free to visit the official website for the NextGEN Gallery <a href="http://www.nextgen-gallery.com" target="_blank">WordPress Gallery Plugin</a>.
== Changelog ==
= V1.9.13 - 06.11.2013 =
* NEW: Slideshows are now centered to their content area
* Secured: Ensure that only logged in users can upload images
* Fixed: Import date is presered are no longer Jan 1 1970
* Fixed: Removed mention of upgrade.php, which no longer exists
= V1.9.12 - 02.15.2013 =
* Fixed: jQuery Conflict Detection was trying to dequeue irremovable scripts
= V1.9.11 - 02.12.2013 =
* NEW: Added the ability to detect JQuery conflicts on NGG Admin Pages and auto-resolve
* Changed: Added "nggalbum" shortcode. Use this when Jetpack is installed.
* Changed: Using natural sorting algorithm for alphanumeric values
* Changed: Database schema is automatically updated when out-of-date
* Fixed: Fixed several incompatibility issues with Jetpack
* Fixed: Empty drop-down for "Page Link To"
* Fixed: Alphabetical image sorting
* Fixed: Compatibility with Arjuna X theme
* Fixed: “Creating default object from empty value” on album page
* Fixed: Compatibility issues with PHP 5.4 on album page
* Fixed: E_DEPRECATED warning when using get_userdatabylogin() function
* Fixed: Removed many E_NOTICE errors
* Fixed: Correct use of register_uninstall_hook across all PHP versions
= V1.9.10 - 12.18.2012 =
* Fixed: XML-RPC error displayed when authenticating using WordPress 3.5
* Fixed: Restored compatibility with NextGEN Gallery Export Plugin
* Fixed: Removed some remaining references to database upgrade code
* Fixed: Deleted galleries within an album are handed gracefully without warning messages
* Fixed: Correct use of register_uninstall_hook
* Fixed: CSS and usability issues with the TinyMCE window used to display galleries
* NEW: JW ImageRotator v3.17 is now bundled with the plugin and used by default.
* Changed: Removed database upgrade code for versions of NextGEN Gallery earlier than 1.9.3
* Fixed: Compatibility with WordPress v3.5 ( wpdb->prepare() warnings )
* Fixed: Sorting by filename now produces expected results using a natural sorting algorithm
= V1.9.8 - 12.05.2012 =
* Secured: Removed bundled version of swfupload. See fix below for SCM information.
* Changed: All transients created by NextGEN are flushed when the plugin is activated.
* Fixed: Our primary SCM is conducted at http://bitbucket.org/photocrati/nextgen-gallery, but was not synchronizing correctly with the WordPress Plugin SVN Repository
* Fixed: The transient adjustment fixes: http://wordpress.org/support/topic/plugin-nextgen-gallery-_transient_ngg_request-entry-in-wp_options
= V1.9.7 - 11.13.2012 =
* Secured: Removed bundled version of swfupload; using WordPress-bundled version instead for WordPress 3.2 instances
* Changed: Using JQuery UI for the image sorting interface (thanks Tomás Soler)
* Bugfix: Image uploads work in WP 3.2 when using Safari
* Bugfix: Adjusted TinyMCE window to use built-in JavaScript libraries
* Bugfix: Removed Photocrati acquisition announcement
* Bugfix: Fixed incorrect usage of ImageJpeg() function
* Bugfix: Switched from "template_redirect" to "wp_enqueue_script" hook to load scripts and styles
= V1.9.6 - 07.21.2012 =
* Changed: Implemented workaround for bug found in WordPress SEO, resulting in no images being added to sitemap
* Bugfix: Fixed an issue with users not being able to dismiss the "Photocrati Acquisition Notice"
* Bugfix: Adjusted Javascript for activating social media pages to load on NextGEN Gallery pages only.
* Bugfix: Fixed compatibility issue with Simple Facebook Connect
* Bugfix: Using correct Facebook Page ID in Like button
= V1.9.5 - 18.07.2012 =
* Changed: Branding changes following Photocrati acquisition (removed donation messages and updated links)
* Secured: Use WordPress-bundled JavaScript libraries for swfobject and swfupload instead of bundling our own
* Bugfix: Adjusted thickbox effect styling to ensure that the lightbox is always displayed in the foreground
* Bugfix: Fixed compatibility issues with Contact Form 7 and other plugins by following WordPress Plugin conventions
* Bugfix: Fixed network-wide activation in WordPress 3.4
* Bugfix: Plugin is no longer dependent on it's folder name
= V1.9.3 - 26.02.2012 =
* Bugfix : Ensure to set the slug for "all" albums
* Bugfix : Updated german translation ( THX to Roger Hunziker )
* Bugfix : Ensure error checking on IPTC array (THX to Kristian Edlund)
* Bugfix : Handle IE8 cached images better in slideshow
* Bugfix : Show album preview image if selected (THX to Kristian Edlund)
= V1.9.2 - 17.01.2012 =
* NEW : Added more XMLRPC commands (THX to Vladimir Vinogradsky)
* Changed : Rework Post-thumbnail function (THX to Kristian Edlund)
* Bugfix : Check first for valid images on unzip (only Mac OS zip-files)
* Bugfix : Increase z-index for twenty eleven theme
* Bugfix : Support non latin chars in tagcloud
* Bugfix : Allow other tinymce intance
* Bugfix : Better support for WPML translation
= V1.9.1 - 10.12.2011 =
* Bugfix : Security hardness for untrusted filenames/meta data (THX to Brian St. Pierre)
* Bugfix : Fixed security vulnerability (TXH to Jon Cave)
* Bugfix : Load piclens script via other function
* Bugfix : IE7 script fix for add gallery
* Bugfix : IE7/IE8 width set correctly for edit album autocomplete field
= V1.9.0 - 27.11.2011 =
* NEW : Keep images transparency for PNG and GIF format
* NEW : Switch to Plupload, support now HTML5 Upload (only with WordPress 3.3)
* NEW : Added client side resize feature (only with WordPress 3.3)
* NEW : Support for gallery templates in album shortcodes [ album id=x template="name" gallery="templatename" ]
* NEW : Added new hook ngg_delete_picture
* Changed : Updated to jQuery Cycle Version 2.9995
* Changed : Always cache the single pictures, remove option
* Bugfix : Couldn't use bulk operation for search results
* Bugfix : Bugfix for Edit thumbnails under IE 8 + 9
* Bugfix : Allow empty altext in ngg.editImage
* Bugfix : Various PHP notice fixes
* Bugfix : Resize fix for Shutter effect and mobile Browser
* Bugfix : FTP Import missing slug field into database
* Bugfix : Check also EXIF field "DateTimeOriginal" for timestamp
= V1.8.4 - 26.10.2011 =
* Bugfix : Fixed security vulnerability (TXH to Alain Schneider)
= V1.8.3 - 07.08.2011 =
* Changed : Support for simple custom permalink structures (i.e. /%category%/%postname%/)
* Bugfix : Sub-Albums in Albums didn't create the correct link
* Bugfix : AJAX Pagination didn't work anymore
* Bugfix : Adding index.php to home_url()
* Bugfix : Preview picture lost on backend gallery page 2 or higher
= V1.8.2 - 12.07.2011 =
* Bugfix : Set pagination variables for search result, otherwise update failed
* Bugfix : Update failed for paged galleries since WordPress 3.2
= V1.8.1 - 18.06.2011 =
* Bugfix : Special case for pagination, instead of showing page-1, we show the clean url
* Bugfix : Various PHP notice fixes
* Bugfix : Typo in rewrite rules
* Bugfix : Flush rewrite rules during upgrade later
= V1.8.0 - 12.06.2011 =
* NEW : Full rework of permalink url structure
* NEW : Adding Google Sitemaps for Images (require WordPress SEO plugin by YOAST )
* NEW : Support for WPML ( WordPress Multilingual Plugin )
* NEW : Adding support for arrow key in shutter effect (THX to Flyvans)
* NEW : Adding sort operation for galleries overview page
* Changed : Updated pagination to new WP3.1 style
* Bugfix : Create unique slug in a better way
* Bugfix : Rework screen options filter for gallery and image table
* Bugfix : Empty values in XMLRPC update calls are ignored
* Bugfix : Create gallery failed when safe-mode on
* Bugfix : Permalink didn't work in combination with album & imagebrowser
= V1.7.4 - 15.02.2011 =
* Bugfix : Disallow direct call of ajax file to avoid path disclosure (THX to High-Tech Bridge SA)
* Bugfix : Rework jQuery Cycle slideshow for IE compat reason (THX to Justin Dickenson)
* Bugfix : Resize only larger images in slideshow
* Bugfix : Improved image format detection in gd.thumbnail class (THX to Kupar.b)
= V1.7.3 - 20.01.2011 =
* NEW : Introduce plugin health check for conflicts with other plugins/themes
* NEW : Adding new XMLRPC method ngg.deleteImage
* NEW : Adding new XMLRPC method ngg.editImage
* Changed : Rework register script for autocomplete feature
* Bugfix : Bugfix for Multisite setup and flash upload
* Bugfix : WP3.1 compat issue, show site admin page only on Multisite installation
= V1.7.2 - 13.12.2010 =
* Bugfix : Adding images to database require slug (NOT NULL)
= V1.7.1 - 13.12.2010 =
* Changed : Disable upgrade for PHP4 user
* Changed : Disable colorpicker for option page
* Bugfix : Compat fix for upgrade
= V1.7.0 - 11.12.2010 =
* NEW : Publish a new post direct from the gallery admin page
* NEW : Added filter hook 'ngg_get_image_metadata' to add more exif/iptc information
* NEW : Adding Autocomplete field to TinyMCE Popup and Album page
* NEW : More methods for XMLRPC interface
* Changed : New hooks for gallery table (THX to Alexander Schneider)
* Changed : Introduce jQuery dialog as new UI element
* Changed : Call TinyMCE window via admin-ajax
* Bugfix : Better support for SSL blogs
* Bugfix : Install/Upgrade failed when table prefix contain captial letters
* Bugfix : Fix validation issues in Media-RSS
* Bugfix : Empty tags in XMP Meta causes PHP error
* Bugfix : Rework load mechanism for slideshow
* Bugfix : Copy meta data when image is copied
* Bugfix : Icon Support for Ozh' Admin Drop Down Menu
* Bugfix : Use correct sort order in slideshow
= V1.6.2 - 19.09.2010 =
* NEW : Added constant NGG_SKIP_LOAD_SCRIPTS to avoid script load
* Bugfix : Load Tags library with core files
* Bugfix : Slideshow script failed in IE7, load script now in header
* Bugfix : Load slideshow widget always
* Changed : New admin notice for database upgrade
* Changed : Rework crop feature for featured images
* Changed : Use site_url() instead get_option ('siteurl'), required for SSL support
= V1.6.1 - 08.09.2010 =
* Bugfix : Script load of swfobject.js failed
* Bugfix : Show sideshow also with 1 or 2 images
* Bugfix : Rework null byte check in zip upload
= V1.6.0 - 07.09.2010 =
* NEW : Wordpress 3.0 Network (Multi-Site) support
* NEW : Integrate jQuery Cycle as NON-Flash slideshow
* NEW : Adding jQuery File Tree for import folder (THX to Sergey Pasyuk )
* NEW : Added action hook 'ngg_show_imagebrowser_first' on custom request
* NEW : Added filter hook 'ngg_slideshow_size' to resize sildeshow for mobile browser plugins
* Changed : Reorder tabs for upload
* Changed : New menu icon and screen icon (THX to Ben Dunkle)
* Changed : Load frontend libs always
* Changed : Rework of overview page
* Bugfix : Security bugfix for Zip-Upload (THX to Dominic Szablewski)
* Bugfix : Allow JPG, PNG, GIF extension
* Bugfix : New German translation (THX to Martin Kramarz)
* Bugfix : Copy/Move also backup file
* Bugfix : Calculate correct ratio for fix thumbnail size (THX to Alekz Keck)
= V1.5.5 - 14.06.2010 =
* Bugfix : Compat issue for post thumbnails with WP2.9
* NEW : Adding more hooks for custom fields plugin
= V1.5.4 - 14.06.2010 =
* Bugfix : No resize of smaller images
* Bugfix : Compat issues for Post Thumbnails under WP3.0
* Bugfix : Esc_URL in Media RSS
= V1.5.3 - 11.04.2010 =
* New : Adding pagination to footer
* Changed : Perpare new filter to replace slideshow
* Bugfix : Remove non-breaking space from navigation
* Bugfix : Pagination of galleries
* Bugfix : Fixed brackets position for old shortcode query
* Bugfix : Slideshow option 'Show next image on click" has wrong default value
= V1.5.2 - 25.03.2010 =
* Bugfix : XSS security vulnerability (THX to Core Security Advisories Team , Pedro Varangot)
* Bugfix : Missing $wpdb in shortcodes.php
= V1.5.1 - 23.03.2010 =
* Bugfix : PHP4 compat issue for Add gallery & options page
* Bugfix : Gallery widget can now have a empty title
* Bugfix : Adding correct stripslash for gallery title
= V1.5.0 - 18.03.2010 =
* NEW : Support for Post thumbnail feature
* NEW : Backup and Recover function for images (THX to Simone Fumagalli)
* NEW : Resize images after upload (THX to Simone Fumagalli)
* NEW : Added a JSON class for fetching galleries in a RESTful way (see xml/json.php)
* NEW : Adding various new capabilities for user roles
* NEW : Auto downloader for translation file
* Changed : Rename query var from slideshow to callback for compat reason with other plugin
* Changed : Convert widget function to new WP structure
* Changed : Include lookup for tags into the backend search
* Changed : Restructure addgallery and settings page to enable custom tabs
* Bugfix : Select album preview from gallery preview pics instead random list
* Bugfix : Keep fix dimension in edit thumbnail operation
* Bugfix : Import meta data didn't work correct for existing images
* Bugfix : Fix onload bug for Chrome 4 in Shutter script
* Bugfix : Remove various PHP notices for a better world
* Removed : Canonical link is now part of Wordpress 2.9
== Upgrade Notice ==
= 1.5.5 =
* Compatibility issue for post thumbnails with WP2.9 and WP3.0. No Database changes...

5
spec/samples/common/models/wp_item/versionable/s2member.txt Normal file
View File

@@ -0,0 +1,5 @@
Version: 141007
Stable tag: 141007
Tested up to: 4.0
Requires at least: 3.3

395
spec/samples/common/models/wp_item/versionable/wp_polls.txt Normal file
View File

@@ -0,0 +1,395 @@
=== WP-Polls ===
Contributors: GamerZ
Donate link: http://lesterchan.net/site/donation/
Tags: poll, polls, polling, vote, booth, democracy, ajax, survey, post, widget
Requires at least: 2.8
Tested up to: 3.7
Stable tag: trunk
Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.
== Description ==
WP-Polls is extremely customizable via templates and css styles and there are tons of options for you to choose to ensure that WP-Polls runs the way you wanted. It now supports multiple selection of answers.
= Previous Versions =
* [WP-Polls 2.40 For WordPress 2.7.x](http://downloads.wordpress.org/plugin/wp-polls.2.40.zip "WP-Polls 2.40 For WordPress 2.7.x")
* [WP-Polls 2.31 For WordPress 2.5.x And 2.6.x](http://downloads.wordpress.org/plugin/wp-polls.2.31.zip "WP-Polls 2.31 For WordPress 2.5.x And 2.6.x")
* [WP-Polls 2.20 For WordPress 2.1.x, 2.2.x And 2.3.x](http://downloads.wordpress.org/plugin/wp-polls.2.20.zip "WP-Polls 2.20 For WordPress 2.1.x, 2.2.x And 2.3.x")
* [WP-Polls 2.13 For WordPress 2.0.x](http://downloads.wordpress.org/plugin/wp-polls.2.13.zip "WP-Polls 2.13 For WordPress 2.0.x")
* [WP-Polls 2.02a For WordPress 1.5.2](http://downloads.wordpress.org/plugin/wp-polls.2.02a.zip "WP-Polls 2.02a For WordPress 1.5.2")
= Development =
* [http://dev.wp-plugins.org/browser/wp-polls/](http://dev.wp-plugins.org/browser/wp-polls/ "http://dev.wp-plugins.org/browser/wp-polls/")
= Translations =
* [http://dev.wp-plugins.org/browser/wp-polls/i18n/](http://dev.wp-plugins.org/browser/wp-polls/i18n/ "http://dev.wp-plugins.org/browser/wp-polls/i18n/")
= Support Forums =
* [http://forums.lesterchan.net/index.php?board=15.0](http://forums.lesterchan.net/index.php?board=15.0 "http://forums.lesterchan.net/index.php?board=15.0")
= Credits =
* __ngetext() by [Anna Ozeritskaya](http://hweia.ru/ "Anna Ozeritskaya")
* Right To Left Language Support by [Kambiz R. Khojasteh](http://persian-programming.com/ "Kambiz R. Khojasteh")
= Donations =
* I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appericiate it. If not feel free to use it without any obligations.
== Changelog ==
= Version 2.64 =
* NEW: Add in various filters in the plugin. Props Machiel.
* FIXED: Deveral undefined variable / undefined index notices. Props Machiel.
= Version 2.63 (21-05-2012) =
* Move AJAX Request to wp-admin/admin-ajax.php
* Added nonce To AJAX Calls
* FIXED: PHP Notices/add_options() Deprecated Arguments ([Dewey Bushaw](http://www.parapxl.com/ "Dewey Bushaw"))
= Version 2.62 (31-08-2011) =
* FIXED: Escaped Hostname. Thanks to Renaud Feil ([Renaud Feil](http://www.stratsec.net "Renaud Feil"))
* FIXED: Ensure Poll ID In Shortcode Is An Integer. Thanks to Renaud Feil ([Renaud Feil](http://www.stratsec.net "Renaud Feil"))
= Version 2.61 (14-02-2011) =
* FIXED: XSS Vulnerability. Thanks to Dweeks, Leon Juranic and Chad Lavoie of the Swiftwill Security Team Inc ([www.swiftwill.com](http://www.swiftwill.com "www.swiftwill.com"))
= Version 2.60 (01-12-2009) =
* NEW: Uses WordPress nonce Throughout
* NEW: Display 2,000 Records In Poll Logs Instead Of 100
= Version 2.50 (01-06-2009) =
* NEW: Works For WordPress 2.8 Only
* NEW: Javascript Now Placed At The Footer
* NEW: Uses jQuery Instead Of tw-sack
* NEW: Minified Javascript Instead Of Packed Javascript
* NEW: Renamed polls-admin-js-packed.js To polls-admin-js.js
* NEW: Renamed polls-admin-js.js To polls-admin-js.dev.js
* NEW: Renamed polls-js-packed.js To polls-js.js
* NEW: Renamed polls-js.js To polls-js.dev.js
* NEW: Translate Javascript Variables Using wp_localize_script()
* NEW: Add "Add Poll" To WordPress Favourite Actions
* NEW: Minified editor_plugin.js And Added Non-Minified editor_plugin.dev.js
* NEW: Able To Remove Individual Answers When Adding Or Editing A Poll
* NEW: Use _n() Instead Of __ngettext() And _n_noop() Instead Of __ngettext_noop()
* NEW: Uses New Widget Class From WordPress
* NEW: Merge Widget Code To wp-polls.php And Remove wp-polls-widget.php
* FIXED: Uses $_SERVER['PHP_SELF'] With plugin_basename(__FILE__) Instead Of Just $_SERVER['REQUEST_URI']
* FIXED: Ensure That Percentage Always Add Up To 100%
* FIXED: More Efficient WP-Polls Archive
* FIXED: Logged By Username Now Shows Poll Results To Users Who Did Not Login
= Version 2.40 (12-12-2008) =
* NEW: Works For WordPress 2.7 Only
* NEW: Load Admin JS And CSS Only In WP-Polls Admin Pages
* NEW: Added polls-admin-css.css For WP-Polls Admin CSS Styles
* NEW: Right To Left Language Support by Kambiz R. Khojasteh
* NEW: Added "polls-css-rtl.css" by Kambiz R. Khojasteh
* NEW: Applied Output Of polls_archive() To "polls_archive" Filter by Kambiz R. Khojasteh
* NEW: Added Call To polls_textdomain() In create_poll_table() and vote_poll() functions by Kambiz R. Khojasteh
* NEW: Uses wp_register_style(), wp_print_styles(), plugins_url() And site_url()
* NEW: [poll id="-2"] or <?php get_poll(-2); ?> Will Randomize The Poll
* FIXED: SSL Support
* FIXED: Moved Call To update_pollbar() From onblur To onclick Event. It Was Showing The Last Selection Instead Of Current One by Kambiz R. Khojasteh
= Version 2.31 (16-07-2008) =
* NEW: Works For WordPress 2.6
* NEW: Better Translation Using __ngetext() by Anna Ozeritskaya
* FIXED: MYSQL Charset Issue Should Be Solved
= Version 2.30 (01-06-2008) =
* NEW: Works For WordPress 2.5 Only
* NEW: Added Paging Header And Footer Template For Polls Archive Page
* NEW: Uses WP-PageNavi Style Paging For Polls Archive Page
* NEW: WP-Polls Will Load 'polls-css.css' Inside Your Theme Directory If It Exists. If Not, It Will Just Load The Default 'polls-css.css' By WP-Polls
* NEW: Uses Shortcode API
* NEW: When Inserting Poll Into Post, It is Now [poll id="1"], Where 1 Is Your Poll ID
* NEW: When User Does Not Have Permission To Vote, The Voting Form Is Now Disabled Instead Of Showing Poll's Result
* NEW: Added A New Action Called "Display Disabled Poll's Voting Form" To Action Taken When A Poll Is Closed
* NEW: Updated WP-Polls TinyMCE Plugin To Work With TinyMCE 3.0
* NEW: Add Time Expiry For Cookie/Log
* NEW: Removed polls-usage.php
* NEW: Removed "Fade Anything Technique" In Polls Admin
* NEW: Uses /wp-polls/ Folder Instead Of /polls/
* NEW: Uses wp-polls.php Instead Of polls.php
* NEW: Uses wp-polls-widget.php Instead Of polls-widget.php
* NEW: Use number_format_i18n() Instead
* NEW: Renamed polls-admin-js.php To polls-admin-js.js and Move The Dynamic Javascript Variables To The PHP Pages
* NEW: Renamed polls-js.php To polls-js.js and Move The Dynamic Javascript Variables To The PHP Pages
* NEW: Uses polls-js-packed.js And polls-admin-js-packed.js
* FIXED: Unable To Delete Poll Or Poll Answers If There Is Quotes Within The Poll Or Poll Answer
* FIXED: number_format() Not Used In Polls Archive
* FIXED: Unable To Schedule Future Poll If The Year Is Different From Current Year
* FIXED: TinyMCE Tool Tip For Insert Poll Not Translated
* FIXED: Content-Type Not Being Sent Back When AJAX Return Results
= Version 2.21 (01-10-2007) =
* NEW: Works For WordPress 2.3 Only
* NEW: Added Quick Tag For Poll To Visual (TinyMCE) / Code Editor
* NEW: New CSS Style For WP-Polls Archive (.wp-polls-archive)
* NEW: Uses WP-Stats Filter To Add Stats Into WP-Stats Page
* NEW: Ability To Add Polls To Excerpt
* NEW: Added "Random Order" For Sorting Poll's Answers And Poll's Result Answers
* FIXED: Language Problem By Setting Database Table To UTF8
* FIXED: Some Text Not Translated In Polls Widget
* FIXED: 2 Wrong Options Name In Polls Uninstall
* FIXED: Some Translation Bug in polls-usage.php
= Version 2.20 (01-06-2007) =
* NEW: Poll Archive Link, Individual Poll Header And Footer In Poll Archive Template
* NEW: Poll Templates Has Now Its Own Page 'WP-Admin -> Polls -> Poll Templates'
* NEW: Poll Widget Can Now Display Multiple Polls
* NEW: Ability To Allow User To Select More Than 1 Poll Answer
* NEW: Added AJAX Style Option: "Show Loading Image With Text"
* NEW: Added AJAX Style Option: "Show Fading In And Fading Out Of Polls"
* NEW: Major Changes To The Administration Panel For WP-Polls
* NEW: AJAX Added To The Administration Panel For WP-Polls
* NEW: Default Poll's Result Template Will Now Show Number Of Votes Beside The Percentage
* NEW: Term "Total Votes" Changed To "Total Voters"
* NEW: Removed Polls From Feed If The Poll Is Embedded Into The Post Using [poll=ID]
* NEW: Filtering Of Individual Poll Logs
* FIXED: Poll Archive Will Now Show Only Polls Results
= Version 2.14 (01-02-2007) =
* NEW: Works For WordPress 2.1 Only
* NEW: Renamed polls-js.js to polls-js.php To Enable PHP Parsing
* NEW: Ability To Make A Poll Expire
* NEW: Ability To Make A Future Poll
* NEW: Future Poll Will Automatically Open When The Poll's Date Is Reached
* NEW: Expired Poll Will Automatically Closed When The Poll's Date Is Reached
* NEW: Ablity To Choose What To Do When The Poll Is Closed (Display Result, Remove Poll From Sidebar)
* FIXED: Future Dated Polls Will Not Appear In The Post/Sidebar/Polls Archive
= Version 2.13 (02-01-2007) =
* NEW: polls.php Now Handles The AJAX Processing Instead Of index.php
* NEW: Able To Modify The Style Of Poll Results Bar in 'Polls -> Poll Option'
* NEW: Usage Instructions Is Also Included Within The Plugin Itself
* NEW: Uninstaller Done By Philippe Corbes
* NEW: Localization Done By Ravan
* NEW: Ability To Add HTML Into Poll Question and Answers
* FIXED: AJAX Not Working On Servers Running On PHP CGI
* FIXED: Added Some Default Styles To polls-css.css To Ensure That WP-Polls Does Not Break
* FIXED: Other Languages Not Appearing Properly
* FIXED: Poll IP Logs Of Deleted Poll's Answer Did Not Get Deleted
* FIXED: There Is An Error In Voting If There Is Only 1 Poll's Answer
= Version 2.12 (01-10-2006) =
* NEW: Polls Archive Is Now Embedded Into A Page, And Hence No More Integrating Of Polls Archive
* NEW: WP-Polls Is Now Using DIV To Display The Poll's Results Instead Of The Image Bar
* NEW: Added Widget Title Option To WP-Polls Widget
* NEW: Ability To Logged By UserName
* NEW: Added CSS Class 'wp-polls-image' To All IMG Tags
* FIXED: If Site URL Doesn't Match WP Option's Site URL, WP-Polls Will Not Work
= Version 2.11 (08-06-2006) =
* NEW: You Can Now Place The Poll On The Sidebar As A Widget
* NEW: Moved wp-polls.php To wp-content/plugins/polls/ Folder
* FIXED: AJAX Not Working In Opera Browser
* FIXED: Poll Not Working On Physical Pages That Is Integrated Into WordPress
= Version 2.1 (01-06-2006) =
* NEW: Poll Is Now Using AJAX
* NEW: Ability To Close/Open Poll
* NEW: Added Poll Option For Logging Method
* NEW: Added Poll Option For Who Can Vote
* NEW: Added Poll Results Footer Template Variable (Used When User Click "View Results")
* NEW: Added The Ability To Delete All Poll Logs Or Logs From A Specific Poll
* NEW: Poll Administration Panel And The Code That WP-Polls Generated Is XHTML 1.0 Transitional
= Version 2.06b (26-04-2006) =
* FIXED: Bug In vote_poll();
= Version 2.06a (02-04-2006) =
* FIXED: Random Poll Not Working Correctly
= Version 2.06 (01-04-2006) =
* NEW: Poll Bar Is Slightly Nicer
* NEW: Got Rid Of Tables, Now Using List
* NEW: Added In Most Voted And Least Voted Answer/Votes/Percentage For Individual Poll As Template Variables
* NEW: Display Random Poll Option Under Poll -> Poll Options -> Current Poll
* FIXED: Totally Removed Tables In wp-polls.php
= Version 2.05 (01-03-2006) =
* NEW: Improved On 'manage_polls' Capabilities
* NEW: Neater Structure
* NEW: No More Install/Upgrade File, It Will Install/Upgrade When You Activate The Plugin
* NEW: Added Poll Stats Function
= Version 2.04 (01-02-2006) =
* NEW: Added 'manage_polls' Capabilities To Administrator Role
* NEW: [poll=POLL_ID] Tag To Insert Poll Into A Post
* NEW: Ability To Edit Poll's Timestamp
* NEW: Ability To Edit Individual Poll's Answer Votes
* NEW: %POLL_RESULT_URL% To Display Poll's Result URL
* FIXED: Cannot Sent Header Error
= Version 2.03 (01-01-2006) =
* NEW: Compatible With WordPress 2.0 Only
* NEW: Poll Administration Menu Added Automatically Upon Activating The Plugin
* NEW: Removed Add Poll Link From The Administration Menu
* NEW: GPL License Added
* NEW: Page Title Added To wp-polls.php
= Version 2.02a (17-11-2005) =
* FIXED: poll-install.php And poll-upgrade.php will Now Be Installed/Upgraded To 2.02 Instead Of 2.01
= Version 2.02 (05-11-2005) =
* FIXED: Showing 0 Vote On Poll Edit Page
* FIXED: Null Vote Being Counted As A Vote
* FIXED: Auto Loading Of Poll Option: Polls Per Page In Poll Archive Page Is Now "No"
* NEW: Host Column In Poll IP Table To Prevent Network Lagging When Resolving IP
* NEW: New Poll Error Template
= Version 2.01 (25-10-2005) =
* FIXED: Upgrade Script To Insert Lastest Poll ID Of User's Current Polls, Instead Of Poll ID 1
* FIXED: Replace All <?### With <?php
* FIXED: Added addalshes() To $pollip_user
* FIXED: Better Localization Support (80% Done, Will Leave It In The Mean Time)
= Version 2.0 (20-10-2005) =
* NEW: IP Logging
* NEW: Poll Options: Sorting Of Answers In Voting Form
* NEW: Poll Options: Sorting Of Answers In Results View
* NEW: Poll Options: Number Of Polls Per Page In Poll Archive
* NEW: Poll Options: Choose Poll To Display On Index Page
* NEW: Poll Options: Able To Disable Poll With Custom Message
* NEW: Poll Options: Poll Templates
* NEW: Display User's Voted Choice
* FIXED: Better Install/Upgrade Script
== Installation ==
1. Open `wp-content/plugins` Folder
2. Put: `Folder: wp-polls`
3. Activate `WP-Polls` Plugin
4. Go to `WP-Admin -> WP-Polls`
= General Usage (Without Widget) =
1. Open `wp-content/themes/<YOUR THEME NAME>/sidebar.php`
2. Add:
<code>
<?php if (function_exists('vote_poll') && !in_pollarchive()): ?>
<li>
<h2>Polls</h2>
<ul>
<li><?php get_poll();?></li>
</ul>
<?php display_polls_archive_link(); ?>
</li>
<?php endif; ?>
</code>
* To show specific poll, use `<?php get_poll(2); ?>` where 2 is your poll id.
* To show random poll, use `<?php get_poll(-2); ?>`
* To embed a specific poll in your post, use `[poll id="2"]` where 2 is your poll id.
* To embed a random poll in your post, use `[poll id="-2"]`
* To embed a specific poll's result in your post, use `[poll id="2" type="result"]` where 2 is your poll id.
= General Usage (With Widget) =
1. Go to `WP-Admin -> Appearance -> Widgets`.
2. You can add the Polls Widget by clicking on the 'Add' link besides it.
3. After adding, you can configure the Polls Widget by clicking on the 'Edit' link besides it.
4. Click 'Save Changes'.
5. Scroll down for instructions on how to create a Polls Archive.
== Upgrading ==
1. Deactivate `WP-Polls` Plugin
2. Open `wp-content/plugins` Folder
3. Put/Overwrite: `Folder: wp-polls`
4. Activate `WP-Polls` Plugin
5. Go to `WP-Admin -> Polls -> Polls Templates` and restore all the template variables to `Default`
6. Go to `WP-Admin -> Appearance -> Widgets` and re-add the Poll Widget
== Upgrade Notice ==
N/A
== Screenshots ==
1. Admin - All Poll
2. Admin - Manage Polls
3. Admin - Poll Options
4. Admin - Poll Templates
5. Admin - Poll Widget
6. Admin - Uninstall Poll
7. Poll - Single Poll Answer
8. Poll - Mutiple Poll Answers
9. Poll - Results
10. Poll - Archive
== Frequently Asked Questions ==
= How To Add A Polls Archive? =
1. Go to `WP-Admin -> Pages -> Add New`.
2. Type any title you like in the post's title area.
3. If you ARE using nice permalinks, after typing the title, WordPress will generate the permalink to the page. You will see an 'Edit' link just beside the permalink.
4. Click 'Edit' and type in `pollsarchive` in the text field and click 'Save'.
5. Type `[page_polls]` in the post's content area.
6. Click 'Publish'.
* If you ARE NOT using nice permalinks, you need to go to `WP-Admin -> Polls -> Poll Options` and under `Poll Archive -> Polls Archive URL`, you need to fill in the URL to the Polls Archive Page you created above.
= How Does WP-Polls Load CSS? =
* WP-Polls will load 'polls-css.css' from your theme's directory if it exists.
* If it doesn't exists, it will just load the default 'polls-css.css' that comes with WP-Polls.
* This will allow you to upgrade WP-Polls without worrying about overwriting your polls styles that you have created.
= Why In Internet Explorer (IE) The poll's Text Appear Jagged? =
* To solve this issue, Open poll-css.css
* Find: `/* background-color: #ffffff; */`
* Replace: `background-color: #ffffff;` (where #ffffff should be your background color for the poll.)
= How Do I Have Individual Colors For Each Poll's Bar? =
* Courtesy Of [TreedBox.com](http://treedbox.com "TreedBox.com")
* Open poll-css.css
* Add to the end of the file:
<code>
.wp-polls-ul li:nth-child(01) .pollbar{ background:#8FA0C5}
.wp-polls-ul li:nth-child(02) .pollbar{ background:#FF8}
.wp-polls-ul li:nth-child(03) .pollbar{ background:#ff8a3b}
.wp-polls-ul li:nth-child(04) .pollbar{ background:#a61e2a}
.wp-polls-ul li:nth-child(05) .pollbar{ background:#4ebbff}
.wp-polls-ul li:nth-child(06) .pollbar{ background:#fbca54}
.wp-polls-ul li:nth-child(07) .pollbar{ background:#aad34f}
.wp-polls-ul li:nth-child(08) .pollbar{ background:#66cc9a}
.wp-polls-ul li:nth-child(09) .pollbar{ background:#98CBCB}
.wp-polls-ul li:nth-child(10) .pollbar{ background:#a67c52}
.wp-polls-ul li .pollbar{-webkit-transition: background 0.7s ease-in-out}
.wp-polls-ul li .pollbar:hover{background:#F00}
</code>
= Polls Stats (Outside WP Loop) =
= To Display Total Polls =
* Use:
<code>
<?php if (function_exists('get_pollquestions')): ?>
<?php get_pollquestions(); ?>
<?php endif; ?>
</code>
= To Display Total Poll Answers =
* Use:
<code>
<?php if (function_exists('get_pollanswers')): ?>
<?php get_pollanswers(); ?>
<?php endif; ?>
</code>
= To Display Total Poll Votes =
* Use:
<code>
<?php if (function_exists('get_pollvotes')): ?>
<?php get_pollvotes(); ?>
<?php endif; ?>
</code>
= To Display Total Poll Voters =
* Use:
<code>
<?php if (function_exists('get_pollvoters')): ?>
<?php get_pollvoters(); ?>
<?php endif; ?>
</code>

235
spec/samples/common/models/wp_item/versionable/wp_user_frontend.txt Normal file
View File

@@ -0,0 +1,235 @@
=== WP User Frontend ===
Contributors: tareq1988
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=tareq%40wedevs%2ecom&lc=US&item_name=WP%20User%20Frontend&item_number=Tareq%27s%20Planet&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted
Tags: frontend, post, edit, dashboard, restrict, content submission, guest post, guest, dashboard, registration, profile, anonymous post, gravity, gravity forms, formidable
Requires at least: 3.3
Tested up to: 3.5.2
Stable tag: trunk
Create, update, delete posts and edit profile from wordpress frontend.
== Description ==
Gives ability to the user to create new post, edit post, edit profile from site frontend.
So users doesn't need to enter the admin panel. Everything they need to do can be done from
the frontend.
= Features: =
So here is my plugin that solves your problem. This features of this plugin are follows:
* User can create a new post and edit from frontend
* They can view their page in the custom dashboard
* Users can edit their profile
* Administrator can restrict any user level to access the wordpress backend (/wp-admin)
* New posts status, submitted by users are configurable via admin panel. i.e. Published, Draft, Pending
* Admin can configure to receive notification mail when the users creates a new post.
* Configurable options if the user can edit or delete their posts.
* Users can upload attachments from the frontend
* Post featured image can be set
* Admins can manage their users from frontend
* Pay per post or subscription on posting is possible
= WP User Frontend PRO =
The <a href="http://wedevs.com/plugin/wp-user-frontend-pro">premium version</a> of WP User Frontend comes with tons of features:
[youtube http://www.youtube.com/watch?v=C0sInxx49Vg]
* Unlimited post type form creation
* Drag-n-drop form builder
* Custom taxonomy support
* 13 variations of custom fields
* Guest post support
* Custom Redirection
* Image upload on post content area
* Post status selection on new post and edited post separately
* New or edit post notification
* Custom fields are generated also in admin area
* <strong>Profile form builder</strong>
* Different profile edit forms for different user roles
* Drag-n-Drop profile form builder
* Profile fields are generated on backend too
* Avatar Upload
* Frontend profile edit
* <strong>Registration form</strong> builder
* Captcha Support
* Theme My Login compatible
* Much more...
<a href="http://wedevs.com/plugin/wp-user-frontend-pro">Try out the awesome Pro version</a> of bunch of features
= Translation =
* Italian translation by Gabriele Lamberti
== Installation ==
This section describes how to install the plugin and get it working.
1. Create a new Page “New Post” and insert shorcode `[wpuf_addpost]`.
For a custom post type **event**, use it like `[wpuf_addpost post_type="event"]`
1. Create a new Page “Edit” for editing posts and insert shorcode `[wpuf_edit]`
1. Create a new Page “Profile” for editing profile and insert shorcode `[wpuf_editprofile]`
1. Create a new Page “Dashboard” and insert shorcode `[wpuf_dashboard]`
To list custom post type **event**, use it like `[wpuf_dashboard post_type="event"]`
1. Set the *Edit Page* option from *Others* tab on settings page.
1. To show the subscription info, insert the shortcdoe `[wpuf_sub_info]`
1. To show the subscription packs, insert the shortcode `[wpuf_sub_pack]`
1. For subscription payment page, set the *Payment Page* from *Payments* tab on settings page.
1. To edit users, insert the shortcode `[wpuf-edit-users]`
== Screenshots ==
1. Admin panel
2. User Dashboard
3. Add Post
4. Edit Posts
5. Edit Profile
6. Custom Field Manager
7. Subscription Pack Manager
8. Subscription packs
9. Edit Users
== Frequently Asked Questions ==
= Can I create new posts from frontend =
Yes
= Can I Edit my posts from frontend =
Yes
= Can I delete my posts from frontend =
Yes
= Can I upload photo/image/video =
Yes
= I am having problem with uploading files =
Please check if you've specified the max upload size on setting
= Why "Edit Post" page shows "invalid post id"?=
This page is for the purpose of editing posts. You shouldn't access this page directly.
First you need to go to the dashboard, then when you click "edit", you'll be
redirected to the edit page with that post id. Then you'll see the edit post form.
== Changelog ==
= version 1.2.3 =
[fix] `has_shortcode()` brought back again by renaming as `wpuf_has_shortcode()`
[fix] all the labels now have a default text
= version 1.2.2 =
[fix] shortcode error fix for edit users
[fix] plugin css/js url
[fix] removed has_shortcode() call
= version 1.2.1 =
[fix] Performance problem with wp_list_users()
= version 1.2 =
* [fix] Subscription post publish
* [fix] Post delete fix in dashboard
* [fix] Silverlight in IE upload error
* [fix] Category checklist bug fix
* [new] Checkbox field in custom field
= version 1.1 =
* warning for multisite fix
* allow category bug fix
* fix ajaxurl in ajaxified category
* custom post type dropdown fix in admin
* post date bug fix
* category dropdown fix
= version 1.0 =
* Admin panel converted to settings API
* Ajax featured Image uploader added (using plupload)
* Ajax attachment uploader added (using plupload)
* Rich/full/normal text editor mode
* Editor button fix on twentyelven theme
* Massive Code rewrite and cleanup
* Dashboard replaced with WordPress loop
* Output buffering added for header already sent warning
* Redirect user on deleting a post
* Category checklist added
* Post publish date fix and post expirator changed from hours to day
* Subscription and payment rewrite. Extra payment gateways can be added as plugin
* Other payment currency added
= version 0.7 =
* admin ui improved
* updated new post notification mail template
* custom fields and attachment show/hide in posts
* post edit link override option
* ajax "posting..." changed
* attachment fields restriction in edit page
* localized ajaxurl and posting message
* improved action hooks and filter hooks
= version 0.6 =
---------------
* fixed error on attachment delete
* added styles on dashboard too
* fixed custom field default dropdown
* fixed output buffering for add_post/edit_post/dashboard/profile pages
* admin panel scripts are added wp_enqueue_script instead of echo
* fixed admin panel block logic
* filter hook added on edit post for post args
= version 0.5 =
* filters on add posting page for blocking the post capa
* subscription pack id added on user meta upon purchase
* filters on add posting page for blocking the post capa
* option for force pack purchase on add post. dropdown p
* subscription info on profile edit page
* post direction fix after payment
* filter added on form builder
= version 0.4 =
* missing custom meta field added on edit post form
* jQuery validation added on edit post form
= version 0.3 =
* rich/plain text on/off fixed
* ajax chained category added on add post form
* missing action added on edit post form
* stripslashes on admin/frontend meta field
* 404 error fix on add post
= version 0.2 =
* Admin settings page has been improved
* Header already sent warning messages has been fixed
* Now you can add custom post meta from the settings page
* A new pay per post and subscription based posting options has been introduced (Only paypal is supported now)
* You can upload attachment with post
* WYSIWYG editor has been added
* You can add and manage your users from frontend now (only having the capability to edit_users )
* Some action and filters has been added for developers to add their custom form elements and validation
* Pagination added in post dashboard
* You can use the form to accept "custom post type" posts. e.g: [wpuf_addpost post_type="event"]. It also applies for showing post on dashboard like "[wpuf_dashboard post_type="event"]"
* Changing the form labels of the add post form is now possible from admin panel.
* The edit post page setting is changed from URL to page select dropdown.
* You can lock certain users from posting from their edit profile page.
== Upgrade Notice ==
Nothing to say

11
spec/samples/common/models/wp_theme/findable/css_link/comments.html Normal file
View File

@@ -0,0 +1,11 @@
<script type='text/javascript' src="http://wp.lab/wp-content/themes/debug/scripts/debug.js"></script>
<!-- W3 Total Cache: Minify debug info:
Engine: apc
Theme: 88e17
Template: page-home
Replaced CSS files:
1. wp-content/themes/debug/style.css
2. wp-content/themes/debug/css/responsive.css
-->

2
spec/samples/common/models/wp_theme/versionable/twentyeleven-1.3.css
View File

@@ -4,7 +4,7 @@ Theme URI: http://wordpress.org/extend/themes/twentyeleven
Author: the WordPress team
Author URI: http://wordpress.org/
Description: The 2011 theme for WordPress is sophisticated, lightweight, and adaptable. Make it yours with a custom menu, header image, and background -- then go further with available theme options for light or dark color scheme, custom link colors, and three layout choices. Twenty Eleven comes equipped with a Showcase page template that transforms your front page into a showcase to show off your best content, widget support galore (sidebar, three footer areas, and a Showcase page widget area), and a custom "Ephemera" widget to display your Aside, Link, Quote, or Status posts. Included are styles for print and for the admin editor, support for featured images (as custom header images on posts and pages and as large images on featured "sticky" posts), and special styles for six different post formats.
Version: 1.3
Version: 1.3"
License: GNU General Public License
License URI: license.txt
Tags: dark, light, white, black, gray, one-column, two-columns, left-sidebar, right-sidebar, fixed-width, flexible-width, custom-background, custom-colors, custom-header, custom-menu, editor-style, featured-image-header, featured-images, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready

10
spec/samples/common/models/wp_user/existable/chinese_chars.html Normal file
View File

@@ -0,0 +1,10 @@
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8" />
<meta name="renderer" content="webkit">
<title>一路疯下去</title>
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="pingback" href="http://wp.lab/xmlrpc.php" />
<link rel="canonical" href="http://wp.lab/author/一路疯下去/">
<body class="archive author author-78">

4
spec/samples/conf/browser.conf.json
View File

@@ -1,7 +1,7 @@
{
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0",
"cache_ttl": 600,
"request_timeout": 2000,
"connect_timeout": 1000,
"request_timeout": 60,
"connect_timeout": 10,
"max_threads": 20
}

4
spec/samples/conf/browser.conf_proxy.json
View File

@@ -2,6 +2,6 @@
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0) Gecko/20100101 Firefox/11.0",
"proxy": "127.0.0.1:3038",
"cache_ttl": 300,
"request_timeout": 2000,
"connect_timeout": 1000
"request_timeout": 60,
"connect_timeout": 10
}

4
spec/samples/conf/browser.conf_proxy_auth.json
View File

@@ -3,6 +3,6 @@
"proxy": "127.0.0.1:3038",
"proxy_auth": "user:pass",
"cache_ttl": 300,
"request_timeout": 2000,
"connect_timeout": 1000
"request_timeout": 60,
"connect_timeout": 10
}

1
spec/samples/wpscan/web_site/robots_txt/robots.txt
View File

@@ -5,6 +5,7 @@ Disallow: /wordpress/admin/
Disallow: /wordpress/wp-admin/
Disallow: /wordpress/secret/
Disallow: /Wordpress/wp-admin/
Disallow: /wp-admin/tralling-space/
Allow: /asdf/
Sitemap: http://10.0.0.0/sitemap.xml.gz

71
spec/samples/wpscan/wp_target/wp_login_protection/wp-login-security_protection.php Normal file
View File

@@ -0,0 +1,71 @@
<!DOCTYPE html>
<!--[if IE 8]>
<html xmlns="http://www.w3.org/1999/xhtml" class="ie8" lang="en-US">
<![endif]-->
<!--[if !(IE 8) ]><!-->
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">
<!--<![endif]-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>WordPress 4.1 &rsaquo; Log In</title>
<link rel='stylesheet' id='buttons-css' href='http://wp.lab/wordpress-4.1/wp-includes/css/buttons.min.css?ver=4.1' type='text/css' media='all' />
<link rel='stylesheet' id='open-sans-css' href='//fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&#038;subset=latin%2Clatin-ext&#038;ver=4.1' type='text/css' media='all' />
<link rel='stylesheet' id='dashicons-css' href='http://wp.lab/wordpress-4.1/wp-includes/css/dashicons.min.css?ver=4.1' type='text/css' media='all' />
<link rel='stylesheet' id='login-css' href='http://wp.lab/wordpress-4.1/wp-admin/css/login.min.css?ver=4.1' type='text/css' media='all' />
<script type='text/javascript' src='http://wp.lab/wordpress-4.1/wp-includes/js/jquery/jquery.js?ver=1.11.1'></script>
<script type='text/javascript' src='http://wp.lab/wordpress-4.1/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1'></script>
<script type='text/javascript' src='http://wp.lab/wordpress-4.1/wp-content/plugins/security-protection/js/security-protection.js?ver=4.1'></script>
<meta name='robots' content='noindex,follow' />
</head>
<body class="login login-action-login wp-core-ui locale-en-us">
<div id="login">
<h1><a href="https://wordpress.org/" title="Powered by WordPress" tabindex="-1">WordPress 4.1</a></h1>
<form name="loginform" id="loginform" action="http://wp.lab/wordpress-4.1/wp-login.php" method="post">
<p>
<label for="user_login">Username<br />
<input type="text" name="log" id="user_login" class="input" value="" size="20" /></label>
</p>
<p>
<label for="user_pass">Password<br />
<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" /></label>
</p>
<p class="secprot-form-group secprot-form-group-code"><label>Copy this code "<span>asd321</span>" and paste it into input: <br /><input type="text" name="secprot-code" class="input" value="2.1" /></label></p>
<p class="secprot-form-group secprot-form-group-empty" style="display: none;"><label>Leave this field empty: <br /><input type="text" name="secprot-empty-email-url-website" class="input" value="" /></label></p>
<p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" /> Remember Me</label></p>
<p class="submit">
<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="Log In" />
<input type="hidden" name="redirect_to" value="http://wp.lab/wordpress-4.1/wp-admin/" />
<input type="hidden" name="testcookie" value="1" />
</p>
</form>
<p id="nav">
<a href="http://wp.lab/wordpress-4.1/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a>
</p>
<script type="text/javascript">
function wp_attempt_focus(){
setTimeout( function(){ try{
d = document.getElementById('user_login');
d.focus();
d.select();
} catch(e){}
}, 200);
}
wp_attempt_focus();
if(typeof wpOnload=='function')wpOnload();
</script>
<p id="backtoblog"><a href="http://wp.lab/wordpress-4.1/" title="Are you lost?">&larr; Back to WordPress 4.1</a></p>
</div>
<div class="clear"></div>
</body>
</html>

4
spec/shared_examples/web_site/robots_txt.rb
View File

@@ -5,7 +5,7 @@ shared_examples 'WebSite::RobotsTxt' do
describe '#robots_url' do
it 'returns the correct url' do
expect(web_site.robots_url).to be === 'http://example.localhost/robots.txt'
expect(web_site.robots_url).to eql 'http://example.localhost/robots.txt'
end
end
@@ -57,6 +57,7 @@ shared_examples 'WebSite::RobotsTxt' do
http://example.localhost/wordpress/wp-admin/
http://example.localhost/wordpress/secret/
http://example.localhost/Wordpress/wp-admin/
http://example.localhost/wp-admin/tralling-space/
http://example.localhost/asdf/
)
end
@@ -70,6 +71,7 @@ shared_examples 'WebSite::RobotsTxt' do
http://example.localhost/wordpress/admin/
http://example.localhost/wordpress/secret/
http://example.localhost/Wordpress/wp-admin/
http://example.localhost/wp-admin/tralling-space/
http://example.localhost/asdf/
)
stub_request_to_fixture(url: web_site_sub.robots_url, fixture: fixture)

98
spec/shared_examples/wp_item_versionable.rb
View File

@@ -40,6 +40,104 @@ shared_examples 'WpItem::Versionable' do
@expected = '5.1.15'
end
end
context 'when version is in a release date format' do
it 'detects and returns it' do
@file = '/s2member.txt'
@expected = '141007'
end
end
context 'when version contains letters' do
it 'returns it' do
@file = '/beta1.txt'
@expected = '2.0.0-beta1'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/changelog_version.txt'
@expected = '1.3'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/wp_polls.txt'
@expected = '2.64'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/nextgen_gallery.txt'
@expected = '2.0.66.33'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/wp_user_frontend.txt'
@expected = '1.2.3'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/my_calendar.txt'
@expected = '2.1.5'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/nextgen_gallery_2.txt'
@expected = '1.9.13'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/advanced-most-recent-posts-mod.txt'
@expected = '1.6.5.2'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/a-lead-capture-contact-form-and-tab-button-by-awebvoicecom.txt'
@expected = '3.1'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/aa-health-calculator.txt'
@expected = nil
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/all-in-one-facebook.txt'
@expected = nil
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/backup-scheduler.txt'
@expected = '1.5.9'
end
end
context 'when parsing the changelog for version numbers' do
it 'returns it' do
@file = '/blog-reordering.txt'
@expected = nil
end
end
end
end
end

52
spec/shared_examples/wp_target/wp_login_protection.rb
View File

@@ -11,15 +11,16 @@ shared_examples 'WpTarget::WpLoginProtection' do
describe '#has_.*_protection?' do
pattern = WpTarget::WpLoginProtection::LOGIN_PROTECTION_METHOD_PATTERN
fixtures = %w{
fixtures = %w(
wp-login-clean.php wp-login-login_lockdown.php wp-login-login_lock.php
wp-login-better_wp_security.php wp-login-simple_login_lockdown.php wp-login-login_security_solution.php
wp-login-limit_login_attempts.php wp-login-bluetrait_event_viewer.php
}
wp-login-better_wp_security.php wp-login-simple_login_lockdown.php
wp-login-login_security_solution.php wp-login-limit_login_attempts.php
wp-login-bluetrait_event_viewer.php wp-login-security_protection.php
)
# For plugins which are detected from the existence of their directory into wp-content/plugins/ (or one of their file)
# and not from a regex into the login page
special_plugins = %w{better_wp_security simple_login_lockdown login_security_solution limit_login_attempts bluetrait_event_viewer}
special_plugins = %w(better_wp_security simple_login_lockdown login_security_solution limit_login_attempts bluetrait_event_viewer)
after :each do
stub_request_to_fixture(url: login_url, fixture: @fixture)
@@ -33,10 +34,10 @@ shared_examples 'WpTarget::WpLoginProtection' do
stub_request(:get, wp_target.send(special_plugin_call_url_symbol).to_s).to_return(status: status_code)
end
expect(wp_target.send(@symbol_to_call)).to be === @expected
expect(wp_target.send(@symbol_to_call)).to eql @expected
end
self.protected_instance_methods.grep(pattern).each do |symbol_to_call|
protected_instance_methods.grep(pattern).each do |symbol_to_call|
plugin_name_from_symbol = symbol_to_call[pattern, 1].gsub('_', '-')
fixtures.each do |fixture|
@@ -45,7 +46,7 @@ shared_examples 'WpTarget::WpLoginProtection' do
it "#{symbol_to_call} with #{fixture} returns #{expected}" do
@plugin_name = plugin_name_from_fixture
@fixture = fixtures_dir + '/' + fixture
@fixture = File.join(fixtures_dir, fixture)
@symbol_to_call = symbol_to_call
@expected = expected
end
@@ -53,36 +54,37 @@ shared_examples 'WpTarget::WpLoginProtection' do
end
end
# Factorise this with the code above ? :D
describe '#login_protection_plugin' do
after :each do
stub_request(:get, /.*/).to_return(status: 404)
stub_request_to_fixture(url: login_url, fixture: @fixture)
stub_request(:get, wp_target.send(:better_wp_security_url).to_s).to_return(status: 404)
stub_request(:get, wp_target.send(:simple_login_lockdown_url).to_s).to_return(status: 404)
stub_request(:get, wp_target.send(:login_security_solution_url).to_s).to_return(status: 404)
stub_request(:get, wp_target.send(:limit_login_attempts_url).to_s).to_return(status: 404)
stub_request(:get, wp_target.send(:bluetrait_event_viewer_url).to_s).to_return(status: 404)
expect(wp_target.login_protection_plugin()).to eq @plugin_expected
expect(wp_target.has_login_protection?).to be === @has_protection_expected
expect(wp_target.login_protection_plugin).to eq @plugin_expected
expect(wp_target.has_login_protection?).to eql @protection_expected
end
it 'returns nil if no protection is present' do
@fixture = fixtures_dir + '/wp-login-clean.php'
@plugin_expected = nil
@has_protection_expected = false
@fixture = File.join(fixtures_dir, 'wp-login-clean.php')
@plugin_expected = nil
@protection_expected = false
end
it 'returns a login-lockdown WpPlugin object' do
@fixture = fixtures_dir + '/wp-login-login_lockdown.php'
@plugin_expected = WpPlugin.new(wp_target.uri, name: 'login-lockdown')
@has_protection_expected = true
@fixture = File.join(fixtures_dir, 'wp-login-login_lockdown.php')
@plugin_expected = WpPlugin.new(wp_target.uri, name: 'login-lockdown')
@protection_expected = true
end
it 'returns a login-lock WpPlugin object' do
@fixture = fixtures_dir + '/wp-login-login_lock.php'
@plugin_expected = WpPlugin.new(wp_target.uri, name: 'login-lock')
@has_protection_expected = true
@fixture = File.join(fixtures_dir, 'wp-login-login_lock.php')
@plugin_expected = WpPlugin.new(wp_target.uri, name: 'login-lock')
@protection_expected = true
end
it 'returns a security-protection WpPlugin object' do
@fixture = File.join(fixtures_dir, 'wp-login-security_protection.php')
@plugin_expected = WpPlugin.new(wp_target.uri, name: 'security-protection')
@protection_expected = true
end
end

4
spec/shared_examples/wp_target/wp_registrable.rb
View File

@@ -40,7 +40,7 @@ shared_examples 'WpTarget::WpRegistrable' do
end
it 'returns true' do
@stub = { status: 200, body: %{<form id="setupform" method="post" action="wp-signup.php">} }
@stub = { status: 200, body: '<form id="setupform" method="post" action="wp-signup.php">'}
@expected = true
end
end
@@ -54,7 +54,7 @@ shared_examples 'WpTarget::WpRegistrable' do
end
it 'returns true' do
@stub = { status: 200, body: %{<form name="registerform" id="registerform" action="wp-login.php"} }
@stub = { status: 200, body: '<form name="registerform" id="registerform" action="wp-login.php"'}
@expected = true
end

13
spec/shared_examples/wp_user/existable.rb
View File

@@ -2,7 +2,7 @@
shared_examples 'WpUser::Existable' do
let(:mod) { WpUser::Existable }
let(:fixtures_dir) { MODELS_FIXTURES + '/wp_user/existable' }
let(:fixtures_dir) { File.join(MODELS_FIXTURES, 'wp_user', 'existable') }
describe '::login_from_author_pattern' do
after do
@@ -145,7 +145,7 @@ shared_examples 'WpUser::Existable' do
end
context 'with a 200' do
let(:resp_opt) { { code: 200, body: File.new(fixtures_dir + '/admin.html').read } }
let(:resp_opt) { { code: 200, body: File.read(File.join(fixtures_dir, 'admin.html')) } }
it 'loads the correct values' do
@login = 'admin'
@@ -153,6 +153,15 @@ shared_examples 'WpUser::Existable' do
end
end
context 'when chinese chars' do
let(:resp_opt) { { code: 200, body: File.read(File.join(fixtures_dir, 'chinese_chars.html')) } }
it 'loads the correct values' do
@login = '一路疯下去'
@display_name = nil
end
end
context 'otherwise' do
it 'does not do anything' do
@resp_opt = { code: 404 }

2
spec/spec_helper.rb
View File

@@ -5,6 +5,8 @@ require 'webmock/rspec'
# Code Coverage (only works with ruby >= 1.9)
require 'simplecov' if RUBY_VERSION >= '1.9'
RSpec::Expectations.configuration.warn_about_potential_false_positives = false
require File.expand_path(File.dirname(__FILE__) + '/../lib/common/common_helper')
SPEC_DIR = ROOT_DIR + '/spec'

10
spec/wpscan_spec.rb
View File

@@ -5,16 +5,16 @@ require 'spec_helper'
describe 'wpscan main checks' do
it 'should check for errors on running the mainscript' do
a = %x[ruby #{ROOT_DIR}/wpscan.rb]
a = %x[#{RbConfig.ruby} #{ROOT_DIR}/wpscan.rb]
expect(a).to match /No argument supplied/
end
it 'should check for valid syntax' do
result = ""
Dir.glob("**/*.rb") do |file|
res = %x{ruby -c #{ROOT_DIR}/#{file} 2>&1}.split("\n")
result = ''
Dir.glob('**/*.rb') do |file|
res = %x{#{RbConfig.ruby} -c #{ROOT_DIR}/#{file} 2>&1}.split("\n")
ok = res.select {|msg| msg =~ /Syntax OK/}
result << ("####################\nSyntax error in #{file}:\n#{res.join("\n").strip()}\n") if ok.size != 1
result << ("####################\nSyntax error in #{file}:\n#{res.join("\n").strip}\n") if ok.size != 1
end
fail(result) unless result.empty?
end

160
wpscan.rb
View File

@@ -2,6 +2,9 @@
# encoding: UTF-8
$: << '.'
$exit_code = 0
require File.dirname(__FILE__) + '/lib/wpscan/wpscan_helper'
def main
@@ -13,7 +16,7 @@ def main
$log = wpscan_options.log
banner() # called after $log set
banner() unless wpscan_options.no_banner # called after $log set
unless wpscan_options.has_options?
# first parameter only url?
@@ -36,6 +39,8 @@ def main
if wpscan_options.version
puts "Current version: #{WPSCAN_VERSION}"
date = last_update
puts "Last DB update: #{date.strftime('%Y-%m-%d')}" unless date.nil?
exit(0)
end
@@ -45,10 +50,28 @@ def main
wpscan_options.to_h.merge(max_threads: wpscan_options.threads)
)
if wpscan_options.update || missing_db_file?
puts "#{notice('[i]')} Updating the Database ..."
# check if db file needs upgrade and we are not running in batch mode
# also no need to check if the user supplied the --update switch
if update_required? && !wpscan_options.batch && !wpscan_options.update
puts notice('It seems like you have not updated the database for some time.')
print '[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]'
if (input = Readline.readline) =~ /^y/i
wpscan_options.update = true
elsif input =~ /^a/i
puts 'Scan aborted'
exit(1)
else
if missing_db_file?
puts critical('You can not run a scan without any databases.')
exit(1)
end
end
end
if wpscan_options.update
puts notice('Updating the Database ...')
DbUpdater.new(DATA_DIR).update(wpscan_options.verbose)
puts "#{notice('[i]')} Update completed."
puts notice('Update completed.')
# Exit program if only option --update is used
exit(0) unless wpscan_options.url
end
@@ -74,20 +97,24 @@ def main
# Remote website has a redirection?
if (redirection = wp_target.redirection)
if wpscan_options.follow_redirection
puts "Following redirection #{redirection}"
if redirection =~ /\/wp-admin\/install\.php$/
puts critical('The Website is not fully configured and currently in install mode. Call it to create a new admin user.')
else
puts "#{notice('[i]')} The remote host tried to redirect to: #{redirection}"
print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
end
if wpscan_options.follow_redirection || !wpscan_options.batch
if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
wpscan_options.url = redirection
wp_target = WpTarget.new(redirection, wpscan_options.to_h)
if wpscan_options.follow_redirection
puts "Following redirection #{redirection}"
else
if input =~ /^a/i
puts 'Scan aborted'
exit(0)
puts notice("The remote host tried to redirect to: #{redirection}")
print '[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]'
end
if wpscan_options.follow_redirection || !wpscan_options.batch
if wpscan_options.follow_redirection || (input = Readline.readline) =~ /^y/i
wpscan_options.url = redirection
wp_target = WpTarget.new(redirection, wpscan_options.to_h)
else
if input =~ /^a/i
puts 'Scan aborted'
exit(1)
end
end
end
end
@@ -106,7 +133,7 @@ def main
# Remote website is wordpress?
unless wpscan_options.force
unless wp_target.wordpress?
raise "#{critical('[!]')} The remote website is up, but does not seem to be running WordPress."
raise critical('The remote website is up, but does not seem to be running WordPress.')
end
end
@@ -119,51 +146,51 @@ def main
puts 'You can specify one per command line option (don\'t forget to include the wp-content directory if needed)'
puts '[?] Continue? [Y]es [N]o, default: [N]'
if wpscan_options.batch || Readline.readline !~ /^y/i
exit(0)
exit(1)
end
end
# Output runtime data
start_time = Time.now
start_memory = get_memory_usage
puts "#{info('[+]')} URL: #{wp_target.url}"
puts "#{info('[+]')} Started: #{start_time.asctime}"
puts info("URL: #{wp_target.url}")
puts info("Started: #{start_time.asctime}")
puts
if wp_target.wordpress_hosted?
puts "#{critical('[!]')} We do not support scanning *.wordpress.com hosted blogs"
puts critical('We do not support scanning *.wordpress.com hosted blogs')
end
if wp_target.has_robots?
puts "#{info('[+]')} robots.txt available under: '#{wp_target.robots_url}'"
puts info("robots.txt available under: '#{wp_target.robots_url}'")
wp_target.parse_robots_txt.each do |dir|
puts "#{info('[+]')} Interesting entry from robots.txt: #{dir}"
puts info("Interesting entry from robots.txt: #{dir}")
end
end
if wp_target.has_readme?
puts "#{warning('[!]')} The WordPress '#{wp_target.readme_url}' file exists exposing a version number"
puts warning("The WordPress '#{wp_target.readme_url}' file exists exposing a version number")
end
if wp_target.has_full_path_disclosure?
puts "#{warning('[!]')} Full Path Disclosure (FPD) in: '#{wp_target.full_path_disclosure_url}'"
puts warning("Full Path Disclosure (FPD) in '#{wp_target.full_path_disclosure_url}': #{wp_target.full_path_disclosure_data}")
end
if wp_target.has_debug_log?
puts "#{critical('[!]')} Debug log file found: #{wp_target.debug_log_url}"
puts critical("Debug log file found: #{wp_target.debug_log_url}")
end
wp_target.config_backup.each do |file_url|
puts "#{critical('[!]')} A wp-config.php backup file has been found in: '#{file_url}'"
puts critical("A wp-config.php backup file has been found in: '#{file_url}'")
end
if wp_target.search_replace_db_2_exists?
puts "#{critical('[!]')} searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'"
puts critical("searchreplacedb2.php has been found in: '#{wp_target.search_replace_db_2_url}'")
end
wp_target.interesting_headers.each do |header|
output = "#{info('[+]')} Interesting header: "
output = info('Interesting header: ')
if header[1].class == Array
header[1].each do |value|
@@ -175,23 +202,23 @@ def main
end
if wp_target.multisite?
puts "#{info('[+]')} This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)"
puts info('This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)')
end
if wp_target.has_must_use_plugins?
puts "#{info('[+]')} This site has must use plugins (http://codex.wordpress.org/Must_Use_Plugins)"
puts info("This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)")
end
if wp_target.registration_enabled?
puts "#{warning('[+]')} Registration is enabled: #{wp_target.registration_url}"
puts warning("Registration is enabled: #{wp_target.registration_url}")
end
if wp_target.has_xml_rpc?
puts "#{info('[+]')} XML-RPC Interface available under: #{wp_target.xml_rpc_url}"
puts info("XML-RPC Interface available under: #{wp_target.xml_rpc_url}")
end
if wp_target.upload_directory_listing_enabled?
puts "#{warning('[!]')} Upload directory has directory listing enabled: #{wp_target.upload_dir_url}"
puts warning("Upload directory has directory listing enabled: #{wp_target.upload_dir_url}")
end
enum_options = {
@@ -203,13 +230,13 @@ def main
wp_version.output(wpscan_options.verbose)
else
puts
puts "#{notice('[i]')} WordPress version can not be detected"
puts notice('WordPress version can not be detected')
end
if wp_theme = wp_target.theme
puts
# Theme version is handled in #to_s
puts "#{info('[+]')} WordPress theme in use: #{wp_theme}"
puts info("WordPress theme in use: #{wp_theme}")
wp_theme.output(wpscan_options.verbose)
# Check for parent Themes
@@ -219,7 +246,7 @@ def main
parent = wp_theme.get_parent_theme
puts
puts "#{info('[+]')} Detected parent theme: #{parent}"
puts info("Detected parent theme: #{parent}")
parent.output(wpscan_options.verbose)
wp_theme = parent
end
@@ -228,22 +255,25 @@ def main
if wpscan_options.enumerate_plugins == nil and wpscan_options.enumerate_only_vulnerable_plugins == nil
puts
puts "#{info('[+]')} Enumerating plugins from passive detection ..."
puts info('Enumerating plugins from passive detection ...')
wp_plugins = WpPlugins.passive_detection(wp_target)
if !wp_plugins.empty?
puts " | #{wp_plugins.size} plugins found:"
if wp_plugins.size == 1
puts " | #{wp_plugins.size} plugin found:"
else
puts " | #{wp_plugins.size} plugins found:"
end
wp_plugins.output(wpscan_options.verbose)
else
puts "#{info('[+]')} No plugins found"
puts info('No plugins found')
end
end
# Enumerate the installed plugins
if wpscan_options.enumerate_plugins or wpscan_options.enumerate_only_vulnerable_plugins or wpscan_options.enumerate_all_plugins
puts
puts "#{info('[+]')} Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ..."
puts info("Enumerating installed plugins #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_plugins} ...")
puts
wp_plugins = WpPlugins.aggressive_detection(wp_target,
@@ -254,18 +284,18 @@ def main
)
puts
if !wp_plugins.empty?
puts "#{info('[+]')} We found #{wp_plugins.size} plugins:"
puts info("We found #{wp_plugins.size} plugins:")
wp_plugins.output(wpscan_options.verbose)
else
puts "#{info('[+]')} No plugins found"
puts info('No plugins found')
end
end
# Enumerate installed themes
if wpscan_options.enumerate_themes or wpscan_options.enumerate_only_vulnerable_themes or wpscan_options.enumerate_all_themes
puts
puts "#{info('[+]')} Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ..."
puts info("Enumerating installed themes #{'(only vulnerable ones)' if wpscan_options.enumerate_only_vulnerable_themes} ...")
puts
wp_themes = WpThemes.aggressive_detection(wp_target,
@@ -276,17 +306,17 @@ def main
)
puts
if !wp_themes.empty?
puts "#{info('[+]')} We found #{wp_themes.size} themes:"
puts info("We found #{wp_themes.size} themes:")
wp_themes.output(wpscan_options.verbose)
else
puts "#{info('[+]')} No themes found"
puts info('No themes found')
end
end
if wpscan_options.enumerate_timthumbs
puts
puts "#{info('[+]')} Enumerating timthumb files ..."
puts info('Enumerating timthumb files ...')
puts
wp_timthumbs = WpTimthumbs.aggressive_detection(wp_target,
@@ -297,22 +327,21 @@ def main
)
puts
if !wp_timthumbs.empty?
puts "#{info('[+]')} We found #{wp_timthumbs.size} timthumb file/s:"
puts info("We found #{wp_timthumbs.size} timthumb file/s:")
wp_timthumbs.output(wpscan_options.verbose)
else
puts "#{info('[+]')} No timthumb files found"
puts info('No timthumb files found')
end
end
# If we haven't been supplied a username/usernames list, enumerate them...
if !wpscan_options.username && !wpscan_options.usernames && wpscan_options.wordlist || wpscan_options.enumerate_usernames
puts
puts "#{info('[+]')} Enumerating usernames ..."
puts info('Enumerating usernames ...')
if wp_target.has_plugin?('stop-user-enumeration')
puts "#{warning('[!]')} Stop User Enumeration plugin detected, results might be empty. " \
"However a bypass exists, see stop_user_enumeration_bypass.rb in #{File.expand_path(File.dirname(__FILE__))}"
puts warning("Stop User Enumeration plugin detected, results might be empty. However a bypass exists for v1.2.8 and below, see stop_user_enumeration_bypass.rb in #{File.expand_path(File.dirname(__FILE__))}")
end
wp_users = WpUsers.aggressive_detection(wp_target,
@@ -323,7 +352,7 @@ def main
)
if wp_users.empty?
puts "#{info('[+]')} We did not enumerate any usernames"
puts info('We did not enumerate any usernames')
if wpscan_options.wordlist
puts 'Try supplying your own username with the --username option'
@@ -331,10 +360,10 @@ def main
exit(1)
end
else
puts "#{info('[+]')} Identified the following #{wp_users.size} user/s:"
puts info("Identified the following #{wp_users.size} user/s:")
wp_users.output(margin_left: ' ' * 4)
if wp_users[0].login == "admin"
puts "#{warning('[!]')} Default first WordPress username 'admin' is still used"
puts warning("Default first WordPress username 'admin' is still used")
end
end
@@ -358,14 +387,14 @@ def main
protection_plugin = wp_target.login_protection_plugin()
puts
puts "#{warning('[!]')} The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!"
puts warning("The plugin #{protection_plugin.name} has been detected. It might record the IP and timestamp of every failed login and/or prevent brute forcing altogether. Not a good idea for brute forcing!")
puts '[?] Do you want to start the brute force anyway ? [Y]es [N]o, default: [N]'
bruteforce = false if wpscan_options.batch || Readline.readline !~ /^y/i
end
if bruteforce
puts "#{info('[+]')} Starting the password brute forcer"
puts info('Starting the password brute forcer')
begin
wp_users.brute_force(
@@ -378,7 +407,7 @@ def main
wp_users.output(show_password: true, margin_left: ' ' * 2)
end
else
puts "#{critical('[!]')} Brute forcing aborted"
puts critical('Brute forcing aborted')
end
end
@@ -387,13 +416,13 @@ def main
used_memory = get_memory_usage - start_memory
puts
puts info("[+] Finished: #{stop_time.asctime}")
puts info("[+] Memory used: #{used_memory.bytes_to_human}")
puts info("[+] Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}")
exit(0) # must exit!
rescue SystemExit, Interrupt
puts info("Finished: #{stop_time.asctime}")
puts info("Requests Done: #{@total_requests_done}")
puts info("Memory used: #{used_memory.bytes_to_human}")
puts info("Elapsed time: #{Time.at(elapsed).utc.strftime('%H:%M:%S')}")
rescue Interrupt
# do nothing on interrupt
rescue => e
puts
puts critical(e.message)
@@ -412,3 +441,4 @@ def main
end
main()
exit($exit_code)

44
wpstools.rb
View File

@@ -1,44 +0,0 @@
#!/usr/bin/env ruby
# encoding: UTF-8
$: << '.'
require File.dirname(__FILE__) + '/lib/wpstools/wpstools_helper'
begin
# delete old logfile, check if it is a symlink first.
File.delete(LOG_FILE) if File.exist?(LOG_FILE) and !File.symlink?(LOG_FILE)
banner()
option_parser = CustomOptionParser.new('Usage: ./wpstools.rb [options]', 60)
option_parser.separator ''
option_parser.add(['-v', '--verbose', 'Verbose output'])
plugins = Plugins.new(option_parser)
plugins.register(
CheckerPlugin.new,
StatsPlugin.new,
CheckerSpelling.new
)
options = option_parser.results
if options.empty?
raise "No option supplied\n\n#{option_parser}"
end
plugins.each do |plugin|
plugin.run(options)
end
exit(0)
rescue => e
puts "[ERROR] #{e.message}"
unless e.backtrace[0] =~ /main/
puts 'Trace :'
puts e.backtrace.join("\n")
end
exit(1)
end