Changeset 2810046

Timestamp:

11/02/2022 03:03:28 PM (3 years ago)

Author:

themely

Message:

SECURITY FIX: Prevent uploading PHP files

Location:

theme-demo-import/trunk

Files:

• inc/class-tdi-main.php (modified) (3 diffs)
• readme.txt (modified) (3 diffs)
• theme-demo-import.php (modified) (2 diffs)

theme-demo-import/trunk/inc/class-tdi-main.php

@@ -126 +126 @@
 
             <p class="about-description">
-                <?php esc_html_e( 'Import the live demo content for your new theme which includes posts, pages, images, widgets, menus and settings. This will provide you with a basic layout to build your website and speed up the development process. NOTE: Your existing content will NOT be deleted or modified.', 'theme-demo-import' ); ?>
+                <?php esc_html_e( 'Import the demo content for your new theme which includes posts, pages, images, widgets, menus and settings. This will provide you with a basic layout to build your website and speed up the development process. NOTE: Your existing content will NOT be deleted or modified.', 'theme-demo-import' ); ?>
             </p>
 
@@ -153 +153 @@
                 <div class="TDI__file-upload">
                     <h3><label for="content-file-upload"><?php esc_html_e( 'Choose a XML file for content import:', 'theme-demo-import' ); ?></label></h3>
-                    <input id="TDI__content-file-upload" type="file" name="content-file-upload">
+                    <input id="TDI__content-file-upload" type="file" accept=".xml" name="content-file-upload">
                 </div>
 
                 <div class="TDI__file-upload">
                     <h3><label for="widget-file-upload"><?php esc_html_e( 'Choose a WIE or JSON file for widget import:', 'theme-demo-import' ); ?></label> <span><?php esc_html_e( '(*optional)', 'theme-demo-import' ); ?></span></h3>
-                    <input id="TDI__widget-file-upload" type="file" name="widget-file-upload">
+                    <input id="TDI__widget-file-upload" type="file" accept=".wie,.json" name="widget-file-upload">
                 </div>
 
                 <div class="TDI__file-upload">
                     <h3><label for="customizer-file-upload"><?php esc_html_e( 'Choose a DAT file for customizer import:', 'theme-demo-import' ); ?></label> <span><?php esc_html_e( '(*optional)', 'theme-demo-import' ); ?></span></h3>
-                    <input id="TDI__customizer-file-upload" type="file" name="customizer-file-upload">
+                    <input id="TDI__customizer-file-upload" type="file" accept=".dat" name="customizer-file-upload">
                 </div>
 
@@ -223 +223 @@
 
         <p class="TDI__button-container">
-            <button class="TDI__button  button  button-hero  button-primary  js-tdi-import-data" style="width: 100%;"><?php esc_html_e( 'Import Demo Content', 'theme-demo-import' ); ?></button>
+            <button class="TDI__button button button-hero button-primary js-tdi-import-data" style="width: 100%;"><?php esc_html_e( 'Import Demo Content', 'theme-demo-import' ); ?></button>
         </p>
 
-        <p class="TDI__ajax-loader  js-tdi-ajax-loader">
+        <p class="TDI__ajax-loader js-tdi-ajax-loader">
             <span class="spinner"></span> <?php esc_html_e( 'Importing, please wait!', 'theme-demo-import' ); ?>
         </p>
 
-        <div class="TDI__response  js-tdi-ajax-response"></div>
+        <div class="TDI__response js-tdi-ajax-response"></div>
 
     </div>

theme-demo-import/trunk/readme.txt

@@ -1 +1 @@
 === Theme Demo Importer ===
 Contributors: themely
-Tags: import, content, demo, data, widgets, settings
+Tags: import, content, demo, data, widgets, settings, theme
 Requires at least: 4.7
-Tested up to: 5.8
-Stable tag: 1.0.8
+Tested up to: 6.1
+Stable tag: 1.1.1
 License: GPLv3 or later
 
@@ -11 +11 @@
 == Description ==
 
-Quickly import theme live demo content, widgets and settings. This provides a basic layout to build your website and speed up the development process.
+Quickly import demo content, widgets and settings for your new theme. This provides a basic layout to build your website and speed up the development process.
 
 This plugin will create a page in **APPEARANCE > Import Demo Content**.
@@ -253 +253 @@
 
 
-== Screenshots ==
-
-1. screenshot1.png
-
-
 == Changelog ==
 
-**1.0.5 - March 29, 2019 **
+**1.1.1 - November 2nd, 2022**
+
+- SECURITY FIX: Prevent uploading PHP files
+
+
+**1.0.5 - March 29, 2019**
 
 - Removed extra $ on line 72 of class-tdi-helpers.php which was triggering a PHP 7.0+ error

theme-demo-import/trunk/theme-demo-import.php

@@ -4 +4 @@
 Plugin Name: Theme Demo Importer
 Plugin URI: https://wordpress.org/plugins/theme-demo-import/
-Description: Quickly import theme live demo content, widgets and settings. This provides a basic layout to build your website and speed up the development process.
-Version: 1.1.0
+Description: Quickly import live demo content, widgets and settings for your new theme. This provides a basic layout to build your website and speed up the development process.
+Version: 1.1.1
 Author: Themely
 Author URI: https://www.themely.com
@@ -11 +11 @@
 License URI: http://www.gnu.org/licenses/gpl.html
 Text Domain: theme-demo-import
-Tested up to: 5.8
+Tested up to: 6.1
 Requires PHP: 5.6
 */