Changeset 2907558

Timestamp:

05/03/2023 02:52:50 PM (3 years ago)

Author:

upress

Message:

update 1.4.1 to fix csrf issue

Location:

enable-accessibility

Files:

• tags/1.4.1 (added)
• tags/1.4.1/LICENSE.txt (added)
• tags/1.4.1/assets (added)
• tags/1.4.1/assets/css (added)
• tags/1.4.1/assets/css/admin-style.css (added)
• tags/1.4.1/assets/images (added)
• tags/1.4.1/enable-accessibility.php (added)
• tags/1.4.1/includes (added)
• tags/1.4.1/includes/accessibility-attachments-alt.php (added)
• tags/1.4.1/includes/accessibility-settings.php (added)
• tags/1.4.1/includes/class-accesibility-loader.php (added)
• tags/1.4.1/languages (added)
• tags/1.4.1/languages/enable-accessibility-he_IL.mo (added)
• tags/1.4.1/languages/enable-accessibility-he_IL.po (added)
• tags/1.4.1/readme.txt (added)
• trunk/enable-accessibility.php (modified) (5 diffs)
• trunk/includes/accessibility-attachments-alt.php (modified) (3 diffs)
• trunk/includes/accessibility-settings.php (modified) (1 diff)
• trunk/readme.txt (modified) (3 diffs)

enable-accessibility/trunk/enable-accessibility.php

@@ -3 +3 @@
  * Plugin Name: Enable Accessibility
  * Description: Enable Accessibility is a beautiful Advanced Toolbar that gives you great tools for fixing a common accessibility problems in WordPress themes..
- * Version:     1.4
+ * Version:     1.4.1
  * Author:      uPress
  * Author URI: https://www.upress.co.il
@@ -9 +9 @@
  * License: GPLv2 or later
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
- * 
+ *
  * Text Domain: enable-accessibility
  * Domain Path: /languages/
@@ -53 +53 @@
             $this->plugin_slug = 'enable-accessibility';
             load_plugin_textdomain( $this->plugin_slug, false, basename( dirname( __FILE__ ) ) . '/languages/' );
-            $this->version = '1.4';
+            $this->version = '1.4.1';
 
             $this->kses_allowed_html = array(
@@ -192 +192 @@
         public function accessibility_settings_page() {
             if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset( $_POST['action'] ) && $_POST['action'] == "save_accessibility_settings" ) {
+                if ( ! wp_verify_nonce( (!empty($_POST['_wpnonce']) ? $_POST['_wpnonce'] : ''), 'save_accessibility_settings' ) ) {
+                    wp_die( 'Not authorized' );
+                }
+
                 $this->_admin_update_accessibility_settings();
             }
@@ -210 +214 @@
             //      update_post_meta($pid, '_wp_attachment_image_alt', $palt);
             if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset( $_POST['action'] ) && $_POST['action'] == "save_accessibility_attachments_settings" ) {
+                if ( ! wp_verify_nonce( (!empty($_POST['_wpnonce']) ? $_POST['_wpnonce'] : ''), 'save_accessibility_attachments_settings' ) ) {
+                    wp_die( 'Not authorized' );
+                }
+
                 $this->_admin_update_attachments();
             }

enable-accessibility/trunk/includes/accessibility-attachments-alt.php

@@ -36 +36 @@
                 $without_alt ++;
             }
+            if ( false === wp_get_attachment_image_src( $a->ID ) ) {
+                $skip_post = true;
+            }
 
             if ( ! $skip_post ) {
@@ -41 +44 @@
                     'post_id'    => (int)$a->ID,
                     'meta_alt'   => sanitize_text_field( $alt_meta ),
-                    'src'        => wp_get_attachment_image_src( $a->ID )[0],
+                    'src'        => wp_get_attachment_image_src( $a->ID ) ? wp_get_attachment_image_src( $a->ID )[0] : '',
                     'post_title' => sanitize_text_field( $a->post_title ),
                     'view_url'   => get_permalink( $a->ID ),
@@ -82 +85 @@
                 </div>
                 <input type="hidden" name="action" value="save_accessibility_attachments_settings">
+                <?php wp_nonce_field( 'save_accessibility_attachments_settings' ); ?>
                 <table class="wp-list-table widefat fixed striped oct-admin-table oct-filter-<?php echo esc_attr( $oct_filter ); ?>">
                     <thead>

enable-accessibility/trunk/includes/accessibility-settings.php

@@ -16 +16 @@
         <h2><?php esc_html_e( 'General Options', 'enable-accessibility' ) ?></h2>
         <input type="hidden" name="action" value="save_accessibility_settings">
+        <?php wp_nonce_field( 'save_accessibility_settings' ); ?>
         <table class="form-table oc-accessibilty-style">
             <tbody>

enable-accessibility/trunk/readme.txt

@@ -5 +5 @@
 Tags: accessibity, user1, WAI, WCAG, wp accessibility, accessible, widget, plugin, wordpress, access, tool, toolbar, toolkit, wordpress accessible, wordpress accessibility, sidebar, css3, נגישות, הנגשת אתר
 Requires at least: 3.0.1
-Tested up to: 5.9
+Tested up to: 6.2
 Stable tag: trunk
 License: GPLv2 or later
@@ -19 +19 @@
 = Accessibility key features =
 * Font Size Control
-* Keyboard Navigation 
-* Contrast displays: High contrast / Black and White / Black and Yellow. 
+* Keyboard Navigation
+* Contrast displays: High contrast / Black and White / Black and Yellow.
 * Links Highlight
 * Stop Animations
@@ -62 +62 @@
 
 == Changelog ==
+= 1.4.1 =
+* Fix CSRF issue
+* Bump tested up to version
+
 = 1.4 =
 * Remove useless license check cron