Changeset 2999516

Timestamp:

11/21/2023 10:56:22 AM (16 months ago)

Author:

jorisvanmontfort

Message:

1.2.5

Location:

jvm-rich-text-icons/trunk

Files:

• dist/settings.js (modified) (3 diffs)
• plugin.php (modified) (2 diffs)
• readme.txt (modified) (1 diff)
• src/settings.php (modified) (3 diffs)

jvm-rich-text-icons/trunk/dist/settings.js

@@ -54 +54 @@
       var res = JSON.parse(file.xhr.response);
       if (res.success) {
-        var icon = '<a id="icon-dialog-link-'+res.icon_class+'" href="#icon-dialog" class="icon-dialog-link icon" data-icon-class-full="'+res.icon_class_full+'" data-icon-class="'+res.icon_class+'" data-file="'+res.file+'"><i class="icon '+res.icon_class_full+'" aria-hidden="true"> </i></a>\n';
+        var icon = '<a id="icon-dialog-link-'+res.icon_class+'" href="#icon-dialog" class="icon-dialog-link icon" data-icon-class-full="'+res.icon_class_full+'" data-icon-class="'+res.icon_class+'" data-file="'+res.file+'" data-nonce="'+res.nonce+'"><i class="icon '+res.icon_class_full+'" aria-hidden="true"> </i></a>\n';
         $svgFileList.prepend(icon);
         $svgFileList.show();
@@ -93 +93 @@
             var data = {
               action : 'jvm-rich-text-icons-delete-icon',
-              file : $(this).data('file')
+              file : $(this).data('file'),
+              nonce : $(this).data('nonce')
             }
             $.ajax({
@@ -149 +150 @@
     $('#icon-dialog-preview').attr('class', $this.data('icon-class-full'));
     $info.data('file', $this.data('file'));
+    $info.data('nonce', $this.data('nonce'));
     $info.data('icon-class', $this.data('icon-class'));
 

jvm-rich-text-icons/trunk/plugin.php

@@ -3 +3 @@
  * Plugin Name: JVM rich text icons
  * Description: Add Font Awesome icons, or icons from a custom icon set to the Gutenberg editor.
- * Version: 1.2.4
+ * Version: 1.2.5
  * Author: Joris van Montfort
  * Author URI: https://jorisvm.nl
@@ -11 +11 @@
  * @category Gutenberg
  * @author Joris van Montfort
- * @version 1.2.4
+ * @version 1.2.5
  * @package JVM rich text icons
  */

jvm-rich-text-icons/trunk/readme.txt

@@ -88 +88 @@
 == Changelog ==
 
+= 1.2.5 =
+Security update. Fixed a vulnerability issue in plugin settings delete icon option.
+
 = 1.2.4 =
 Security update. Fixed a vulnerability issue in the uploader and plugin settings.

jvm-rich-text-icons/trunk/src/settings.php

@@ -80 +80 @@
                 plugins_url( '/dist/settings.js', dirname( __FILE__ ) ),
                 array( 'jquery-ui-dialog'), // Dependencies, defined above.
-                null, // filemtime( plugin_dir_path( __DIR__ ) . 'dist/blocks.build.js' ), // Version: filemtime — Gets file modification time.
+                '1.2.5', // filemtime( plugin_dir_path( __DIR__ ) . 'dist/blocks.build.js' ), // Version: filemtime — Gets file modification time.
                 true // Enqueue the script in the footer.
             );
@@ -103 +103 @@
      */
     public function ajax_delete_icon() {
-
-        if (isset($_POST['file'])) {
+        if (isset($_POST['file']) && wp_verify_nonce($_POST['nonce'], 'jvm-rich-text-icons-delete-icon' )) {
             $file = $_POST['file'];
             $base = JVM_Richtext_icons::get_svg_directory();
@@ -140 +139 @@
                         "icon_class" => $icon_class,
                         "file" => $new_file_name,
+                        "nonce" => wp_create_nonce('jvm-rich-text-icons-delete-icon'),
                         'css_code' => JVM_Richtext_icons::parse_dynamic_css()
                     ]);