Changeset 2201723

Timestamp:

11/27/2019 02:45:56 AM (6 years ago)

Author:

atmistinc

Message:

• Update: Security fixes.
• Update: Verified that the plugin works with newer versions of WordPress up to 5.3.

Location:

snazzy-maps/trunk

Files:

• admin/settings.php (modified) (2 diffs)
• admin/styles.php (modified) (5 diffs)
• readme.txt (modified) (2 diffs)
• snazzymaps.php (modified) (2 diffs)

snazzy-maps/trunk/admin/settings.php

@@ -12 +12 @@
 
     public static function admin_my_snazzymaps_tab($tab){
-        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'delete_key'){
+        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'delete_key' && wp_verify_nonce($_GET['_wpnonce'], 'delete_key')){
             delete_option('MySnazzyAPIKey');
         }        
@@ -34 +34 @@
                <button type="submit" class="button button-primary">SAVE</button>
                <?php if(!is_null($api_key)){ ?>
-                  <a href="?page=snazzy_maps&tab=2&action=delete_key" 
+                  <a href="?page=snazzy_maps&tab=2&action=delete_key&_wpnonce=<?php echo esc_attr(wp_create_nonce('delete_key')); ?>" 
                                 class="button button-error">DELETE</a>
                <?php } ?>             

snazzy-maps/trunk/admin/styles.php

@@ -20 +20 @@
 
     public static function _styleAction(&$style, $action){
-        return \SnazzyMaps\SnazzyMaps_Helpers::esc_rel_url("?page=snazzy_maps&tab=0&action=$action&style=" . $style['id']);
+        return \SnazzyMaps\SnazzyMaps_Helpers::esc_rel_url("?page=snazzy_maps&tab=0&action=$action&style=" . $style['id'] . "&_wpnonce=" . wp_create_nonce($action . "_" . $style['id']));
     }
 
@@ -51 +51 @@
                 
         //Delete the specified style from the array
-        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'delete_style'){
+        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'delete_style' && wp_verify_nonce($_GET['_wpnonce'], 'delete_style_' . sanitize_text_field($_GET['style']))){
             $index = \SnazzyMaps\SnazzyMaps_Styles::_getStyleIndex($styles, sanitize_text_field($_GET['style']));
             $defaultStyle = get_option('SnazzyMapDefaultStyle', null);  
@@ -67 +67 @@
         
         //Enable the specified style
-        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'enable_style'){
+        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'enable_style' && wp_verify_nonce($_GET['_wpnonce'], 'enable_style_' . sanitize_text_field($_GET['style']))){
             $index = \SnazzyMaps\SnazzyMaps_Styles::_getStyleIndex($styles, sanitize_text_field($_GET['style']));
             if(!is_null($index)){
@@ -75 +75 @@
         
         //Disable the specified style        
-        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'disable_style'){
+        if(isset($_GET['action']) && sanitize_text_field($_GET['action']) == 'disable_style' && wp_verify_nonce($_GET['_wpnonce'], 'disable_style_' . sanitize_text_field($_GET['style']))){
             $index = \SnazzyMaps\SnazzyMaps_Styles::_getStyleIndex($styles, sanitize_text_field($_GET['style']));
             $defaultStyle = get_option('SnazzyMapDefaultStyle', null);    
@@ -86 +86 @@
         
         $defaultStyle = get_option('SnazzyMapDefaultStyle', null);
-        
-        //Used during testing
-        if(isset($_GET['clear_styles'])){
-            delete_option('SnazzyMapStyles');
-        }
 ?>
             

snazzy-maps/trunk/readme.txt

@@ -4 +4 @@
 Tags: google,maps,google maps,styled maps,styles,color,schemes,themes
 Requires at least: 3.0
-Tested up to: 4.9.7
-Stable tag: 1.1.5
+Tested up to: 5.2.4
+Stable tag: 1.2.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -99 +99 @@
 == Changelog ==
 
+= 1.2.0 =
+Release Date: November 26th, 2019
+
+* Update: Security fixes.
+* Update: Verified that the plugin works with newer versions of WordPress up to the current latest (version 5.2.4).
+
 = 1.1.5 =
 Release Date: August 1st, 2018

snazzy-maps/trunk/snazzymaps.php

@@ -4 +4 @@
  * Plugin URI: https://snazzymaps.com/plugins
  * Description: Apply styles to your Google Maps with the official Snazzy Maps WordPress plugin.
- * Version: 1.1.5
+ * Version: 1.2.0
  * Author: Atmist
  * Author URI: http://atmist.com/
@@ -31 +31 @@
 define('SNAZZY_MAPS_API_BASE', 'https://snazzymaps.com/');
 define('SNAZZY_MAPS_API_KEY', 'ecaccc3c-44fa-486c-9503-5d473587a493');
-define('SNAZZY_MAPS_VERSION_NUMBER', '1.1.5');
+define('SNAZZY_MAPS_VERSION_NUMBER', '1.2.0');
 
 if(!defined('_DS')) {