Changeset 2185703

Timestamp:

11/04/2019 05:06:03 PM (6 years ago)

Author:

burlingtonbytes

Message:

Fix potential security concern

Location:

wp-smartcrop/trunk

Files:

• js/jquery.wp-smartcrop.js (modified) (1 diff)
• js/jquery.wp-smartcrop.min.js (modified) (1 diff)
• readme.txt (modified) (1 diff)
• wp-smartcrop.php (modified) (3 diffs)

wp-smartcrop/trunk/js/jquery.wp-smartcrop.js

@@ -1 +1 @@
 /**
- * jQuery SmartCrop v2.0.4
+ * jQuery SmartCrop v2.0.5
  * Copyright (c) 2017 Greg Schoppe
  * License: http://www.opensource.org/licenses/mit-license.php

wp-smartcrop/trunk/js/jquery.wp-smartcrop.min.js

@@ -1 +1 @@
 /**
- * jQuery WP-SmartCrop v2.0.4
+ * jQuery WP-SmartCrop v2.0.5
  * Copyright (c) 2017 Greg Schoppe
  * License: http://www.opensource.org/licenses/mit-license.php

wp-smartcrop/trunk/readme.txt

@@ -112 +112 @@
 
 = 2.0.4 =
+* Fix potential security concern
+
+= 2.0.4 =
 * Update admin email
 

wp-smartcrop/trunk/wp-smartcrop.php

@@ -4 +4 @@
  * Plugin URI: https://www.wpsmartcrop.com/
  * Description: Style your images exactly how you want them to appear, for any screen size, and never get a cut-off face.
- * Version: 2.0.4
+ * Version: 2.0.5
  * Author: Bytes.co
  * Author URI: https://bytes.co
@@ -13 +13 @@
 if( !class_exists('WP_Smart_Crop') ) {
     class WP_Smart_Crop {
-        public  $version = '2.0.4';
+        public  $version = '2.0.5';
         private $plugin_dir_path;
         private $plugin_dir_url;
@@ -340 +340 @@
 
         function edit_attachment( $attachment_id ) {
-            if( isset( $_REQUEST['attachments'] ) && isset( $_REQUEST['attachments'][$attachment_id] ) ) {
-                $attachment = $_REQUEST['attachments'][$attachment_id];
-
-                $old_enabled = get_post_meta( $attachment_id, '_wpsmartcrop_enabled', true );
-                $old_focus   = get_post_meta( $attachment_id, '_wpsmartcrop_image_focus', true );
-
-                if( isset( $attachment['_wpsmartcrop_enabled'] ) && $attachment['_wpsmartcrop_enabled'] == 1 ) {
-                    $new_enabled = 1;
-                } else {
-                    $new_enabled = false;
-                }
-                if( isset( $attachment['_wpsmartcrop_image_focus'] ) ) {
-                    $new_focus = $attachment['_wpsmartcrop_image_focus'];
-                } else {
-                    $new_focus = false;
-                }
-                if( ( $new_enabled != $old_enabled ) || ( serialize( $new_focus ) != serialize( $old_focus ) ) ) {
-                    update_post_meta( $attachment_id, '_wpsmartcrop_enabled', $new_enabled );
-                    update_post_meta( $attachment_id, '_wpsmartcrop_image_focus', $new_focus );
-                    if( !( isset( $this->options['disable-thumbnails'] ) && $this->options['disable-thumbnails'] ) ) {
-                        $this->regenerate_thumbnails( $attachment_id );
-                    }
+            if( ! isset( $_REQUEST['attachments'] ) || ! isset( $_REQUEST['attachments'][$attachment_id] ) ) {
+                return;
+            }
+            $attachment = $_REQUEST['attachments'][$attachment_id];
+
+            $smartcrop_enabled = boolval( isset( $attachment['_wpsmartcrop_enabled'] ) && $attachment['_wpsmartcrop_enabled'] == 1 );
+            $smartcrop_image_focus = array(
+                'top'  => null,
+                'left' => null
+            );
+
+            if ( isset( $attachment['_wpsmartcrop_image_focus'] ) ) {
+                if ( isset( $attachment['_wpsmartcrop_image_focus']['top'] ) ) {
+                    $smartcrop_image_focus['top']   = number_format( $attachment['_wpsmartcrop_image_focus']['top'], 2 );
+                }
+                if ( isset( $attachment['_wpsmartcrop_image_focus']['left' ] )) {
+                    $smartcrop_image_focus['left']  = number_format ($attachment['_wpsmartcrop_image_focus']['left'], 2 );
+                }
+            }
+            if ( $smartcrop_image_focus['top'] === null && $smartcrop_image_focus['left'] === null ) {
+                $smartcrop_image_focus = false;
+            }
+
+            unset($attachment);
+
+            $old_enabled = get_post_meta( $attachment_id, '_wpsmartcrop_enabled', true );
+            $old_focus   = get_post_meta( $attachment_id, '_wpsmartcrop_image_focus', true );
+
+            $new_enabled = $smartcrop_enabled;
+            $new_focus   = $smartcrop_image_focus;
+
+            if( ( $new_enabled != $old_enabled ) || ( serialize( $new_focus ) != serialize( $old_focus ) ) ) {
+                update_post_meta( $attachment_id, '_wpsmartcrop_enabled', $new_enabled );
+                update_post_meta( $attachment_id, '_wpsmartcrop_image_focus', $new_focus );
+                if( !( isset( $this->options['disable-thumbnails'] ) && $this->options['disable-thumbnails'] ) ) {
+                    $this->regenerate_thumbnails( $attachment_id );
                 }
             }