Every registered user can change livefyre_site_id and livefyre_site_key. File: livefyre-comments\src\admin\Livefyre_Admin.php ``` function __construct( $lf_core ) { $this->lf_core = $lf_core; $this->ext = $lf_core->ext; add_action( 'admin_menu', array( &$this, 'register_admin_page' ) ); add_action( 'admin_notices', array( &$this, 'lf_install_warning') ); add_action( 'admin_init', array( &$this->lf_core->Admin, 'plugin_upgrade' ) ); add_action( 'admin_init', array( &$this, 'site_options_init' ) ); add_action( 'network_admin_menu', array(&$this, 'register_network_admin_page' ) ); add_action( 'admin_init', array( &$this, 'network_options_init' ) ); add_action( 'network_admin_edit_save_network_options', array($this, 'do_save_network_options'), 10, 0); } function site_options_init() { $name = 'livefyre'; $section_name = 'lf_site_settings'; $settings_section = 'livefyre_site_options'; register_setting( $settings_section, 'livefyre_site_id' ); register_setting( $settings_section,...
Every registered user can change livefyre_site_id and livefyre_site_key. File: livefyre-comments\src\admin\Livefyre_Admin.php ``` function __construct( $lf_core ) { $this->lf_core = $lf_core; $this->ext = $lf_core->ext; add_action( 'admin_menu', array( &$this, 'register_admin_page' ) ); add_action( 'admin_notices', array( &$this, 'lf_install_warning') ); add_action( 'admin_init', array( &$this->lf_core->Admin, 'plugin_upgrade' ) ); add_action( 'admin_init', array( &$this, 'site_options_init' ) ); add_action( 'network_admin_menu', array(&$this, 'register_network_admin_page' ) ); add_action( 'admin_init', array( &$this, 'network_options_init' ) ); add_action( 'network_admin_edit_save_network_options', array($this, 'do_save_network_options'), 10, 0); } function site_options_init() { $name = 'livefyre'; $section_name = 'lf_site_settings'; $settings_section = 'livefyre_site_options'; register_setting( $settings_section, 'livefyre_site_id' ); register_setting( $settings_section, 'livefyre_site_key' ); register_setting( $settings_section, 'livefyre_domain_name' ); register_setting( $settings_section, 'livefyre_domain_key' ); register_setting( $settings_section, 'livefyre_auth_delegate_name' ); register_setting( $settings_section, 'livefyre_environment' ); if( $this->returned_from_setup() ) { $this->ext->update_option( "livefyre_site_id", $_GET["site_id"] ); $this->ext->update_option( "livefyre_site_key", $_GET["secretkey"] ); } } function returned_from_setup() { return ( isset($_GET['lf_login_complete']) && $_GET['lf_login_complete']=='1' ); } ``` Because datas are not escaped we have XSS: File: livefyre-comments\src\admin\settings-template.php ``` <h1>Site Settings</h1> <p class="lf_label">Livefyre Site ID: </p> <?php echo '<p class="lf_text">' .get_option('livefyre_site_id'). '</p>'; ?> <br /> <p class="lf_label">Livefyre Site Key: </p> <?php echo '<p class="lf_text">' .get_option('livefyre_site_key'). '</p>'; ?> ```