Changeset 1516997

Timestamp:

10/17/2016 10:07:41 PM (9 years ago)

Author:

sethta

Message:

PHP 7 support and security fix

Location:

no-page-comment/trunk

Files:

• no-page-comment-settings.php (modified) (2 diffs)
• no-page-comment.php (modified) (5 diffs)

no-page-comment/trunk/no-page-comment-settings.php

@@ -6 +6 @@
 ?>
 
-<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>" class="wrap npc-settings">
+<form method="post" action="<?php echo esc_url( $_SERVER['REQUEST_URI'] ); ?>" class="wrap npc-settings">
+
+<?php
+// Add nonce to prevent CSRF
+wp_nonce_field( 'sta_npc_csrf_nonce' );
+$nonce = ( isset( $_REQUEST['_wpnonce'] ) ) ? $_REQUEST['_wpnonce'] : false;
+?>
 
 <?php
 // Prints out the admin settings page
-$sta_npc_nonce = wp_create_nonce('sta_npc_nonce');
+$sta_npc_nonce = wp_create_nonce( 'sta_npc_nonce' );
 $sta_npc_options = $this->sta_npc_get_admin_options();
 
-if ( isset($_POST['update_sta_npc_plugin_settings']) ) {
+if ( wp_verify_nonce( $nonce, 'sta_npc_csrf_nonce' ) && isset( $_POST['update_sta_npc_plugin_settings'] ) ) {
 
-    foreach ( get_post_types('','objects') as $posttype ) {
+    foreach ( get_post_types( '', 'objects' ) as $posttype ) {
         if ( in_array( $posttype->name, $this->excluded_posttypes ) )
             continue;
 
-        if ( isset($_POST['sta_npc_disable_comments_' . $posttype->name]) ) {
+        if ( isset( $_POST['sta_npc_disable_comments_' . $posttype->name] ) ) {
             $sta_npc_options['disable_comments_' . $posttype->name] = $_POST['sta_npc_disable_comments_' . $posttype->name];
         } else {
@@ -25 +31 @@
         }
 
-        if ( isset($_POST['sta_npc_disable_trackbacks_' . $posttype->name]) ) {
+        if ( isset( $_POST['sta_npc_disable_trackbacks_' . $posttype->name] ) ) {
             $sta_npc_options['disable_trackbacks_' . $posttype->name] = $_POST['sta_npc_disable_trackbacks_' . $posttype->name];
         } else {

no-page-comment/trunk/no-page-comment.php

@@ -4 +4 @@
 Plugin URI: http://sethalling.com/plugins/no-page-comment
 Description: An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.
-Version: 1.1
+Version: 1.2
 Author: Seth Alling
 Author URI: http://sethalling.com/
@@ -57 +57 @@
 
 if ( ! function_exists( 'sta_npc_load' ) ) {
+
     function sta_npc_load() {
+
         if ( ! class_exists( 'STA_NPC_Plugin' ) ) {
+
             class STA_NPC_Plugin {
+
                 var $admin_options_name     = 'sta_npc_options',
                     $admin_options_name_old = 'sta_npc_admin_options_name',
@@ -73 +77 @@
                     'attachment'
                 );
+
                 public $excluded_posttypes = array(
                     'revision',
                     'nav_menu_item',
                 );
-                public $plugin_ver = '1.0.7';
+
+                public $plugin_ver = '1.2';
 
                 // Plugin Constructor
-                function sta_npc_plugin() {
+                function __construct() {
                     $this->plugin_dir = plugins_url( '/', __FILE__ );
                     $this->plugin_file = $this->plugin_name . '.php';
@@ -122 +128 @@
                             $sta_npc_admin_options[$key] = $option;
                     }
+
                     update_option( $this->admin_options_name, $sta_npc_admin_options );
                     return $sta_npc_admin_options;
@@ -450 +457 @@
 
         }
+
     }
+
 }