Update to allow custom file version creation with GET parameter

mattyrob · Feb 7, 2018 · 9f701d2 · 9f701d2
1 parent a4d99a7
commit 9f701d2
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/esahg/esahg.php b/esahg/esahg.php
@@ -28,7 +28,11 @@ function eashg_menu() {
 		$exit_msg = sprintf( __( '%s is not active on this site, please download and activate it.', 'esahg' ), '<a href="https://wordpress.org/plugins/exploit-scanner/">Exploit Scanner</a>' );
 		wp_die( $exit_msg );
 	}
-	require( ABSPATH . WPINC . '/version.php' );
+	if ( isset( $_GET['wp'] ) ) {
+		$wp_version = $_GET['wp'];
+	} else {
+		require( ABSPATH . WPINC . '/version.php' );
+	}
 	$es_path = WP_CONTENT_DIR . '/plugins/exploit-scanner/';
 	$hash_filename = sanitize_file_name( 'hashes-' . $wp_version . '.php' );
 	$file = $es_path . $hash_filename;
@@ -42,12 +46,12 @@ function eashg_menu() {
 
 	if ( ! is_readable( $file ) ) {
 		// attempt to get hashes from Wordpress.org API
-		$response = wp_safe_remote_get( esc_url( 'https://api.wordpress.org/core/checksums/1.0/?version=' . $GLOBALS['wp_version'] ) );
+		$response = wp_safe_remote_get( esc_url( 'https://api.wordpress.org/core/checksums/1.0/?version=' . $wp_version] ) );
 		$checksums = json_decode( wp_remote_retrieve_body( $response ) );
 
-		if ( false !== $checksums->{'checksums'}->{$GLOBALS['wp_version']} ) {
+		if ( false !== $checksums->{'checksums'}->{$wp_version]} ) {
 			$hashes_arr = array();
-			foreach ( $checksums->{'checksums'}->{$GLOBALS['wp_version']} as $filename => $checksum ) {
+			foreach ( $checksums->{'checksums'}->{$wp_version]} as $filename => $checksum ) {
 				if ( false === strstr( $filename, 'wp-content/plugins/' ) && false === strstr( $filename, 'wp-content/themes/' ) ) {
 					$hashes_arr[ $filename ] = $checksum;
 				}