Changeset 2684118

Timestamp:

02/24/2022 03:33:11 AM (4 years ago)

Author:

cleverplugins

Message:

4.7.5

• Security tightening.

Location:

delete-duplicate-posts

Files:

• tags/4.7.5 (added)
• trunk/delete-duplicate-posts.php (modified) (2 diffs)
• trunk/freemius/README.html (added)
• trunk/freemius/includes/class-freemius.php (modified) (4 diffs)
• trunk/freemius/includes/managers/class-fs-admin-notice-manager.php (modified) (1 diff)
• trunk/freemius/includes/sdk/Exceptions/ArgumentNotExistException.php (modified) (1 diff)
• trunk/freemius/includes/sdk/Exceptions/EmptyArgumentException.php (modified) (1 diff)
• trunk/freemius/includes/sdk/Exceptions/Exception.php (modified) (1 diff)
• trunk/freemius/includes/sdk/Exceptions/InvalidArgumentException.php (modified) (1 diff)
• trunk/freemius/includes/sdk/Exceptions/OAuthException.php (modified) (1 diff)
• trunk/freemius/includes/sdk/FreemiusBase.php (modified) (1 diff)
• trunk/freemius/includes/sdk/FreemiusWordPress.php (modified) (1 diff)
• trunk/freemius/require.php (modified) (1 diff)
• trunk/freemius/start.php (modified) (1 diff)
• trunk/freemius/templates/account/partials/addon.php (modified) (1 diff)
• trunk/freemius/templates/ajax-loader.php (modified) (1 diff)
• trunk/freemius/templates/debug.php (modified) (4 diffs)
• trunk/freemius/templates/firewall-issues-js.php (modified) (2 diffs)
• trunk/freemius/templates/partials/network-activation.php (modified) (1 diff)
• trunk/freemius/templates/sticky-admin-notice-js.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/vendor/composer/installed.php (modified) (2 diffs)

delete-duplicate-posts/trunk/delete-duplicate-posts.php

@@ -6 +6 @@
 Plugin URI: https://cleverplugins.com
 Description: Remove duplicate blogposts on your blog! Searches and removes duplicate posts and their post meta tags. You can delete posts, pages and other Custom Post Types enabled on your website.
-Version: 4.7.4
+Version: 4.7.5
 Author: cleverplugins.com
 Author URI: https://cleverplugins.com
@@ -155 +155 @@
         public static function cp_ddp_fs_opt_in()
         {
-            // Get post array through filter.
-            $nonce = filter_input( INPUT_POST, 'opt_nonce', FILTER_SANITIZE_STRING );
-            // Nonce.
-            $choice = filter_input( INPUT_POST, 'choice', FILTER_SANITIZE_STRING );
-            // Choice selected by user.
+            $nonce = sanitize_text_field( $_POST['opt_nonce'] );
+            $choice = sanitize_text_field( $_POST['choice'] );
             // Verify nonce.
             

delete-duplicate-posts/trunk/freemius/includes/class-freemius.php

@@ -3551 +3551 @@
          */
         static function _toggle_debug_mode() {
+            check_admin_referer( 'fs_toggle_debug_mode' );
+
             if ( ! is_super_admin() ) {
                 return;
@@ -3572 +3574 @@
          */
         static function _get_debug_log() {
+            check_admin_referer( 'fs_get_debug_log' );
+
+            if ( ! is_super_admin() ) {
+                return;
+            }
+
+            $limit  = min( ! empty( $_POST['limit'] ) ? absint( $_POST['limit'] ) : 200, 200 );
+            $offset = min( ! empty( $_POST['offset'] ) ? absint( $_POST['offset'] ) : 200, 200 );
+
             $logs = FS_Logger::load_db_logs(
                 fs_request_get( 'filters', false, 'post' ),
-                ! empty( $_POST['limit'] ) && is_numeric( $_POST['limit'] ) ? $_POST['limit'] : 200,
-                ! empty( $_POST['offset'] ) && is_numeric( $_POST['offset'] ) ? $_POST['offset'] : 0
+                $limit,
+                $offset
             );
 
@@ -4448 +4459 @@
          */
         function _email_about_firewall_issue() {
+            check_admin_referer( 'fs_resolve_firewall_issues' );
+
+            if ( ! current_user_can( is_multisite() ? 'manage_options' : 'activate_plugins' ) ) {
+                return;
+            }
+
             $this->_admin_notices->remove_sticky( 'failed_connect_api' );
 
@@ -4522 +4539 @@
          */
         function _retry_connectivity_test() {
+            check_admin_referer( 'fs_retry_connectivity_test' );
+
+            if ( ! current_user_can( is_multisite() ? 'manage_options' : 'activate_plugins' ) ) {
+                return;
+            }
+
             $this->_admin_notices->remove_sticky( 'failed_connect_api_first' );
 

delete-duplicate-posts/trunk/freemius/includes/managers/class-fs-admin-notice-manager.php

@@ -176 +176 @@
          */
         function dismiss_notice_ajax_callback() {
-            $this->_sticky_storage->remove( $_POST['message_id'] );
+            check_admin_referer( 'fs_dismiss_notice_action' );
+
+            if ( ! is_numeric( $_POST['message_id'] ) ) {
+                $this->_sticky_storage->remove( $_POST['message_id'] );
+            }
+
             wp_die();
         }

delete-duplicate-posts/trunk/freemius/includes/sdk/Exceptions/ArgumentNotExistException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
         exit;

delete-duplicate-posts/trunk/freemius/includes/sdk/Exceptions/EmptyArgumentException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
         exit;

delete-duplicate-posts/trunk/freemius/includes/sdk/Exceptions/Exception.php

@@ -1 +1 @@
 <?php
+        if ( ! defined( 'ABSPATH' ) ) {
+            exit;
+        }
+
     if ( ! class_exists( 'Freemius_Exception' ) ) {
         /**

delete-duplicate-posts/trunk/freemius/includes/sdk/Exceptions/InvalidArgumentException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_Exception' ) ) {
         exit;

delete-duplicate-posts/trunk/freemius/includes/sdk/Exceptions/OAuthException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_Exception' ) ) {
         exit;

delete-duplicate-posts/trunk/freemius/includes/sdk/FreemiusBase.php

@@ -16 +16 @@
      */
 
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! defined( 'FS_API__VERSION' ) ) {
         define( 'FS_API__VERSION', '1' );

delete-duplicate-posts/trunk/freemius/includes/sdk/FreemiusWordPress.php

@@ -15 +15 @@
      * under the License.
      */
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
 
     require_once dirname( __FILE__ ) . '/FreemiusBase.php';

delete-duplicate-posts/trunk/freemius/require.php

@@ -6 +6 @@
      * @since       1.1.9
      */
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
 
     // Configuration should be loaded first.

delete-duplicate-posts/trunk/freemius/start.php

@@ -16 +16 @@
      * @var string
      */
-    $this_sdk_version = '2.4.2';
+    $this_sdk_version = '2.4.3';
 
     #region SDK Selection Logic --------------------------------------------------------------------

delete-duplicate-posts/trunk/freemius/templates/account/partials/addon.php

@@ -1 +1 @@
 <?php
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     /**
      * @var array    $VARS

delete-duplicate-posts/trunk/freemius/templates/ajax-loader.php

@@ +1 @@
+<?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+?>
 <div class="fs-ajax-loader" style="display: none"><?php for ( $i = 1; $i <= 8; $i ++ ) : ?><div class="fs-ajax-loader-bar fs-ajax-loader-bar-<?php echo $i ?>"></div><?php endfor ?></div>

delete-duplicate-posts/trunk/freemius/templates/debug.php

@@ -38 +38 @@
                     $.post( ajaxurl, {
                         action: 'fs_toggle_debug_mode',
+                        // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                        _wpnonce   : <?php echo wp_json_encode( wp_create_nonce( 'fs_toggle_debug_mode' ) ); ?>,
                         is_on : ($(this).hasClass( 'fs-on' ) ? 1 : 0)
                     }, function ( response ) {
@@ -112 +114 @@
                 $.post(ajaxurl, {
                     action     : 'fs_get_db_option',
-                    _wpnonce   : '<?php echo wp_create_nonce( 'fs_get_db_option' ) ?>',
+                    // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                    _wpnonce   : <?php echo wp_json_encode( wp_create_nonce( 'fs_get_db_option' ) ); ?>,
                     option_name: optionName
                 }, function (response) {
@@ -132 +135 @@
                     $.post(ajaxurl, {
                         action      : 'fs_set_db_option',
-                        _wpnonce   : '<?php echo wp_create_nonce( 'fs_set_db_option' ) ?>',
+                        // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                        _wpnonce    : <?php echo wp_json_encode( wp_create_nonce( 'fs_set_db_option' ) ); ?>,
                         option_name : optionName,
                         option_value: optionValue
@@ -725 +729 @@
                 $.post(ajaxurl, {
                     action : 'fs_get_debug_log',
+                    // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                    _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_get_debug_log' ) ); ?>,
                     filters: filters,
                     offset : offset,

delete-duplicate-posts/trunk/freemius/templates/firewall-issues-js.php

@@ -23 +23 @@
                 ajaxActionSuffix = notice.attr( 'data-manager-id' ).replace( ':', '-' );
 
-            var data = {
-                action    : 'fs_resolve_firewall_issues_' + ajaxActionSuffix,
-                error_type: error_type
-            };
+            var data = {
+                action   : 'fs_resolve_firewall_issues_' + ajaxActionSuffix,
+                // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_resolve_firewall_issues' ) ); ?>,
+                error_type: error_type
+            };
 
             if ( 'squid' === error_type ) {
@@ -40 +42 @@
 
             if ( 'retry_ping' === error_type ) {
-                data.action = 'fs_retry_connectivity_test_' + ajaxActionSuffix;
+                data.action   = 'fs_retry_connectivity_test_' + ajaxActionSuffix;
+                // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                data._wpnonce = <?php echo wp_json_encode( wp_create_nonce( 'fs_retry_connectivity_test' ) ); ?>;
             }
 

delete-duplicate-posts/trunk/freemius/templates/partials/network-activation.php

@@ -1 +1 @@
 <?php
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     /**
      * @var array $VARS

delete-duplicate-posts/trunk/freemius/templates/sticky-admin-notice-js.php

@@ -24 +24 @@
             notice.fadeOut( 'fast', function() {
                 var data = {
-                    action    : 'fs_dismiss_notice_action_' + ajaxActionSuffix,
+                    action   : 'fs_dismiss_notice_action_' + ajaxActionSuffix,
+                    // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                    _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_dismiss_notice_action' ) ); ?>,
                     message_id: id
                 };

delete-duplicate-posts/trunk/readme.txt

@@ -6 +6 @@
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 Requires at least: 4.7
-Tested up to: 5.8.1
-Stable tag: 4.7.4
+Tested up to: 5.9.1
+Stable tag: 4.7.5
 Requires PHP: 5.6
 
@@ -49 +49 @@
 
 == Changelog ==
+
+= 4.7.5 =
+* Security tightening.
 
 = 4.7.4 =

delete-duplicate-posts/trunk/vendor/composer/installed.php

@@ -6 +6 @@
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
-        'reference' => '57c6f2c3d6c8c364439206ee1ba0073cb9fe6470',
+        'reference' => '5977d44b5bdb5c3ebf7afa6fda7f4846decd8c0e',
         'name' => '__root__',
         'dev' => false,
@@ -17 +17 @@
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
-            'reference' => '57c6f2c3d6c8c364439206ee1ba0073cb9fe6470',
+            'reference' => '5977d44b5bdb5c3ebf7afa6fda7f4846decd8c0e',
             'dev_requirement' => false,
         ),