From 63b3147305409f855407cde70d258c13e805e035 Mon Sep 17 00:00:00 2001
From: gau1991 <gaurav.astikar@rtcamp.com>
Date: Thu, 7 May 2015 15:19:03 +0530
Subject: [PATCH 1/4] Fixes WordPress XSS Vulnerability found in themes and
 plugins of example.html

---
 ee/cli/templates/locations.mustache | 4 ++--
 install                             | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ee/cli/templates/locations.mustache b/ee/cli/templates/locations.mustache
index 9fd1ef25..21e18f82 100644
--- a/ee/cli/templates/locations.mustache
+++ b/ee/cli/templates/locations.mustache
@@ -33,8 +33,8 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$
   access_log off;
   log_not_found off;
 }
-# Return 403 forbidden for readme.(txt|html) or license.(txt|html)
-if ($request_uri ~* "^.+(readme|license)\.(txt|html)$") {
+# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html)
+if ($request_uri ~* "^.+(readme|license|example)\.(txt|html)$") {
   return 403;
 }
 # Status pages
diff --git a/install b/install
index 788dcacb..0d1247e4 100644
--- a/install
+++ b/install
@@ -305,6 +305,14 @@ function ee_update_latest()
     if [ $? -eq 0 ]; then
         update-rc.d hhvm defaults &>> /dev/null
     fi
+
+    # Fix WordPress example.html issue
+    # Ref: http://wptavern.com/xss-vulnerability-in-jetpack-and-the-twenty-fifteen-default-theme-affects-millions-of-wordpress-users
+    dpkg --get-selections | grep -v deinstall | grep nginx &>> /dev/null
+    if [ $? -eq 0 ]; then
+        cp /usr/lib/ee/templates/locations.mustache /etc/nginx/common/locations.conf &>> /dev/null
+    fi
+
 }
 
 # Do git intialisation

From c5cb0e7261218510d49df06c98a01eeff11e8bf9 Mon Sep 17 00:00:00 2001
From: gau1991 <gaurav.astikar@rtcamp.com>
Date: Thu, 7 May 2015 15:22:29 +0530
Subject: [PATCH 2/4] Dump version 3.1.4, updated changelog

---
 CHANGELOG.txt        | 3 +++
 ee/core/variables.py | 2 +-
 install              | 2 +-
 setup.py             | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 3839fd15..96fcf0d8 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,6 @@
+v 3.1.4 - May 7, 2015
+- Fixed XSS Vulnerability found is some WordPress themes and plugins
+
 v 3.1.3 - May 6, 2015
 - EasyEngine now fixes missing GPG keys automatically, fixes #470
 - Fixed Nginx hash bucket issue, fixes #449
diff --git a/ee/core/variables.py b/ee/core/variables.py
index 62f78327..7c4cb57f 100644
--- a/ee/core/variables.py
+++ b/ee/core/variables.py
@@ -12,7 +12,7 @@ class EEVariables():
     """Intialization of core variables"""
 
     # EasyEngine version
-    ee_version = "3.1.3"
+    ee_version = "3.1.4"
 
     # EasyEngine packages versions
     ee_wp_cli = "0.19.0"
diff --git a/install b/install
index 0d1247e4..28cd6596 100644
--- a/install
+++ b/install
@@ -48,7 +48,7 @@ fi
 # Define variables for later use
 ee_branch=$1
 readonly ee_version_old="2.2.3"
-readonly ee_version_new="3.1.3"
+readonly ee_version_new="3.1.4"
 readonly ee_log_dir=/var/log/ee/
 readonly ee_install_log=/var/log/ee/install.log
 readonly ee_linux_distro=$(lsb_release -i | awk '{print $3}')
diff --git a/setup.py b/setup.py
index 43660d82..e79d3a23 100644
--- a/setup.py
+++ b/setup.py
@@ -54,7 +54,7 @@ except Exception as e:
     os.system("git config --global user.email {0}".format(ee_email))
 
 setup(name='ee',
-      version='3.1.3',
+      version='3.1.4',
       description=long_description,
       long_description=long_description,
       classifiers=[],

From ccd584bdbeafb58e46079da63b5f6e7d24eff7ae Mon Sep 17 00:00:00 2001
From: gau1991 <gaurav.astikar@rtcamp.com>
Date: Thu, 7 May 2015 15:25:14 +0530
Subject: [PATCH 3/4] Fixed typos in changelog

---
 CHANGELOG.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 96fcf0d8..f79e33a5 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,5 +1,5 @@
 v 3.1.4 - May 7, 2015
-- Fixed XSS Vulnerability found is some WordPress themes and plugins
+- Fixed XSS Vulnerability found in some WordPress themes and plugins
 
 v 3.1.3 - May 6, 2015
 - EasyEngine now fixes missing GPG keys automatically, fixes #470

From c9deb487d5f29f68ed9901ee3a691a1e3364d806 Mon Sep 17 00:00:00 2001
From: gau1991 <gaurav.astikar@rtcamp.com>
Date: Thu, 7 May 2015 15:44:58 +0530
Subject: [PATCH 4/4] Fixed install script not updating old config

---
 install | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install b/install
index 28cd6596..2ca76cf7 100644
--- a/install
+++ b/install
@@ -369,8 +369,8 @@ else
             ee_install_dep | tee -ai $ee_install_log
             ee_sync_db 2&>>1 $EE_INSTALL_LOG
             secure_ee_db | tee -ai $EE_INSTALL_LOG
-            ee_update_latest | tee -ai $ee_install_log
             ee_install | tee -ai $ee_install_log
+            ee_update_latest | tee -ai $ee_install_log
             ee_git_init | tee -ai $ee_install_log
             service nginx reload &>> /dev/null
             service php5-fpm restart &>> /dev/null