Changeset 3074321

Timestamp:

04/20/2024 08:43:52 PM (2 years ago)

Author:

ohadsh535

Message:

version 1.0.7

Location:

accessibility

Files:

• tags/1.0.7 (copied) (copied from accessibility/trunk)
• tags/1.0.7/accessibility.php (modified) (4 diffs)
• tags/1.0.7/changelog.txt (modified) (1 diff)
• tags/1.0.7/includes/accessibility-attachments-alt.php (modified) (1 diff)
• tags/1.0.7/includes/accessibility-settings.php (modified) (2 diffs)
• tags/1.0.7/readme.txt (modified) (2 diffs)
• trunk/accessibility.php (modified) (4 diffs)
• trunk/changelog.txt (modified) (1 diff)
• trunk/includes/accessibility-attachments-alt.php (modified) (1 diff)
• trunk/includes/accessibility-settings.php (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)

accessibility/tags/1.0.7/accessibility.php

@@ -5 +5 @@
  * Plugin Name: Accessibility
  * Description: Accessibility Utility Widget - A high quality solution for making your WordPress website accessible ready.
- * Version:     1.0.6
+ * Version:     1.0.7
  * Author:      Octa Code
  * Author URI: http://octa-code.com
  * Plugin URI: http://acc.magixite.com
  * Copyright:   2015 Octa Code
- * Last Update: 10/28/2022
+ * Last Update: 04/20/2024
  * 
  * Text Domain: accessibility
@@ -144 +144 @@
         {
             if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST['action'] == "save_accessibility_settings") {
-                $this->_admin_update_accessibility_settings();
+                if (isset($_POST['form_nonce']) && wp_verify_nonce($_POST['form_nonce'],'oc-accessibility') && is_user_logged_in()) {
+                    $this->_admin_update_accessibility_settings();
+                } else {
+                    echo '<p>Error: Goodbye hackers! Better luck next time. </p>';
+                }
             }
       
@@ -156 +160 @@
             //      update_post_meta($pid, '_wp_attachment_image_alt', $palt);
             if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST['action'] == "save_accessibility_attachments_settings") {
-                $this->_admin_update_attachments();
+                if (isset($_POST['form_nonce']) && wp_verify_nonce($_POST['form_nonce'],'oc-accessibility') && is_user_logged_in()) {
+                    $this->_admin_update_attachments();
+                } else {
+                    echo '<p>Error: Goodbye hackers! Better luck next time. </p>';
+                }
             }
             include "includes/accessibility-attachments-alt.php";
@@ -238 +246 @@
          * Post form action for the update prices for brand.
          */
-        function _admin_update_accessibility_settings()
-        {
+        function _admin_update_accessibility_settings() {
             $lkey = sanitize_text_field($_POST["magixite_license"]);
             update_option('oc-accessibility', $lkey);

accessibility/tags/1.0.7/changelog.txt

@@ -1 +1 @@
 == Changelog ==
 
-= 1.0.6 =
+= 1.0.7 =
 
-* Security fix: Prevented the plugin from accepting special chars on image attrs.
-* WordPress 6.0.3 compatibility check
+* Security fix: Fix CSRF vulnerability.
+* WordPress 6.5.2 compatibility check

accessibility/tags/1.0.7/includes/accessibility-attachments-alt.php

@@ -118 +118 @@
           </tbody>
         </table>
+        <input name="form_nonce" type="hidden" value="<?=wp_create_nonce('oc-accessibility')?>" />
         <p class="submit">
           <input type="submit" class="button-primary" value="<?php _e('Save Changes', $this->plugin_slug) ?>" />

accessibility/tags/1.0.7/includes/accessibility-settings.php

@@ -26 +26 @@
                     </p>
       <?php else: ?>
-                    <p><?php echo esc_html($this->_get_license_message($license_data)); ?></p>
+                    <p><?php echo $this->_get_license_message($license_data); ?></p>
       <?php endif; ?>
                 </td>
@@ -50 +50 @@
             </tbody>
           </table>
+          <input name="form_nonce" type="hidden" value="<?=wp_create_nonce('oc-accessibility')?>" />
           <p class="submit">
             <input type="submit" class="button-primary" value="<?php _e('Save Changes', $this->plugin_slug) ?>" />

accessibility/tags/1.0.7/readme.txt

@@ -4 +4 @@
 Tags: accessibility, user1, WAI, WCAG, magixite, octacode, wp accessibility, accessible, widget, plugin, wordpress, access, tool, toolbar, toolkit, wordpress accessible, wordpress accessibility, sidebar, css3, נגישות, הנגשת אתר
 Requires at least: 3.0.1
-Tested up to: 6.0.3
-Stable tag: 1.0.6
+Tested up to: 6.5.2
+Stable tag: 1.0.7
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -93 +93 @@
 Security Optimizations.
 
+= 1.0.6 =
+Security Fix.
+
 == Upgrade Notice ==
 = 1.0 =

accessibility/trunk/accessibility.php

@@ -5 +5 @@
  * Plugin Name: Accessibility
  * Description: Accessibility Utility Widget - A high quality solution for making your WordPress website accessible ready.
- * Version:     1.0.6
+ * Version:     1.0.7
  * Author:      Octa Code
  * Author URI: http://octa-code.com
  * Plugin URI: http://acc.magixite.com
  * Copyright:   2015 Octa Code
- * Last Update: 10/28/2022
+ * Last Update: 04/20/2024
  * 
  * Text Domain: accessibility
@@ -144 +144 @@
         {
             if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST['action'] == "save_accessibility_settings") {
-                $this->_admin_update_accessibility_settings();
+                if (isset($_POST['form_nonce']) && wp_verify_nonce($_POST['form_nonce'],'oc-accessibility') && is_user_logged_in()) {
+                    $this->_admin_update_accessibility_settings();
+                } else {
+                    echo '<p>Error: Goodbye hackers! Better luck next time. </p>';
+                }
             }
       
@@ -156 +160 @@
             //      update_post_meta($pid, '_wp_attachment_image_alt', $palt);
             if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['action']) && $_POST['action'] == "save_accessibility_attachments_settings") {
-                $this->_admin_update_attachments();
+                if (isset($_POST['form_nonce']) && wp_verify_nonce($_POST['form_nonce'],'oc-accessibility') && is_user_logged_in()) {
+                    $this->_admin_update_attachments();
+                } else {
+                    echo '<p>Error: Goodbye hackers! Better luck next time. </p>';
+                }
             }
             include "includes/accessibility-attachments-alt.php";
@@ -238 +246 @@
          * Post form action for the update prices for brand.
          */
-        function _admin_update_accessibility_settings()
-        {
+        function _admin_update_accessibility_settings() {
             $lkey = sanitize_text_field($_POST["magixite_license"]);
             update_option('oc-accessibility', $lkey);

accessibility/trunk/changelog.txt

@@ -1 +1 @@
 == Changelog ==
 
-= 1.0.6 =
+= 1.0.7 =
 
-* Security fix: Prevented the plugin from accepting special chars on image attrs.
-* WordPress 6.0.3 compatibility check
+* Security fix: Fix CSRF vulnerability.
+* WordPress 6.5.2 compatibility check

accessibility/trunk/includes/accessibility-attachments-alt.php

@@ -118 +118 @@
           </tbody>
         </table>
+        <input name="form_nonce" type="hidden" value="<?=wp_create_nonce('oc-accessibility')?>" />
         <p class="submit">
           <input type="submit" class="button-primary" value="<?php _e('Save Changes', $this->plugin_slug) ?>" />

accessibility/trunk/includes/accessibility-settings.php

@@ -26 +26 @@
                     </p>
       <?php else: ?>
-                    <p><?php echo esc_html($this->_get_license_message($license_data)); ?></p>
+                    <p><?php echo $this->_get_license_message($license_data); ?></p>
       <?php endif; ?>
                 </td>
@@ -50 +50 @@
             </tbody>
           </table>
+          <input name="form_nonce" type="hidden" value="<?=wp_create_nonce('oc-accessibility')?>" />
           <p class="submit">
             <input type="submit" class="button-primary" value="<?php _e('Save Changes', $this->plugin_slug) ?>" />

accessibility/trunk/readme.txt

@@ -4 +4 @@
 Tags: accessibility, user1, WAI, WCAG, magixite, octacode, wp accessibility, accessible, widget, plugin, wordpress, access, tool, toolbar, toolkit, wordpress accessible, wordpress accessibility, sidebar, css3, נגישות, הנגשת אתר
 Requires at least: 3.0.1
-Tested up to: 6.0.3
-Stable tag: 1.0.6
+Tested up to: 6.5.2
+Stable tag: 1.0.7
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -93 +93 @@
 Security Optimizations.
 
+= 1.0.6 =
+Security Fix.
+
 == Upgrade Notice ==
 = 1.0 =