Changeset 3103907

Timestamp:

06/18/2024 07:22:13 AM (20 months ago)

Author:

wpzita

Message:

version 1.6.3 updated

Location:

zita-site-library

Files:

• tags/1.6.2 (added)
• trunk/importer/wxr-importer.php (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/zita-site-library.php (modified) (2 diffs)

zita-site-library/trunk/importer/wxr-importer.php

@@ -72 +72 @@
      */
     function xml_data_import() {
-
-        // Start the event stream.
-        header( 'Content-Type: text/event-stream' );
-
-        // Turn off PHP output compression.
-        $previous = error_reporting( error_reporting() ^ E_WARNING );
-        ini_set( 'output_buffering', 'off' );
-        ini_set( 'zlib.output_compression', false );
-        error_reporting( $previous );
-
-        if ( $GLOBALS['is_nginx'] ) {
-            // Setting this header instructs Nginx to disable fastcgi_buffering
-            // and disable gzip for this request.
-            header( 'X-Accel-Buffering: no' );
-            header( 'Content-Encoding: none' );
-        }
-
-        $xml_url = urldecode( $_REQUEST['xml_url'] );
-        if ( empty( $xml_url ) ) {
+        if ( isset( $_REQUEST['zita_nonce'] ) && wp_verify_nonce( $_REQUEST['zita_nonce'], 'zita_sl_nonce' ) ) {
+            // Nonce is valid; process form data
+            // Start the event stream.
+            header( 'Content-Type: text/event-stream' );
+
+            // Turn off PHP output compression.
+            $previous = error_reporting( error_reporting() ^ E_WARNING );
+            ini_set( 'output_buffering', 'off' );
+            ini_set( 'zlib.output_compression', false );
+            error_reporting( $previous );
+
+            if ( $GLOBALS['is_nginx'] ) {
+                // Setting this header instructs Nginx to disable fastcgi_buffering
+                // and disable gzip for this request.
+                header( 'X-Accel-Buffering: no' );
+                header( 'Content-Encoding: none' );
+            }
+
+            $xml_url = urldecode( $_REQUEST['xml_url'] );
+            if ( empty( $xml_url ) ) {
+                exit;
+            }
+
+            // 2KB padding for IE
+            echo ':' . str_repeat( ' ', 2048 ) . "\n\n";
+
+            // Time to run the import!
+            set_time_limit( 0 );
+
+            // Ensure we're not buffered.
+            wp_ob_end_flush_all();
+            flush();
+
+            // Are we allowed to create users?
+            add_filter( 'wxr_importer.pre_process.user', '__return_null' );
+
+            // Keep track of our progress.
+            add_action( 'wxr_importer.processed.post', array( $this, 'imported_post' ), 10, 2 );
+            add_action( 'wxr_importer.process_failed.post', array( $this, 'imported_post' ), 10, 2 );
+            add_action( 'wxr_importer.process_already_imported.post', array( $this, 'already_imported_post' ), 10, 2 );
+            add_action( 'wxr_importer.process_skipped.post', array( $this, 'already_imported_post' ), 10, 2 );
+            add_action( 'wxr_importer.processed.comment', array( $this, 'imported_comment' ) );
+            add_action( 'wxr_importer.process_already_imported.comment', array( $this, 'imported_comment' ) );
+            add_action( 'wxr_importer.processed.term', array( $this, 'imported_term' ) );
+            add_action( 'wxr_importer.process_failed.term', array( $this, 'imported_term' ) );
+            add_action( 'wxr_importer.process_already_imported.term', array( $this, 'imported_term' ) );
+            add_action( 'wxr_importer.processed.user', array( $this, 'imported_user' ) );
+            add_action( 'wxr_importer.process_failed.user', array( $this, 'imported_user' ) );
+            // Flush once more.
+            flush();
+
+            $importer = $this->get_importer();
+            $response = $importer->import( $xml_url );
+
+            // Let the browser know we're done.
+            $complete = array(
+                'action' => 'complete',
+                'error'  => false,
+            );
+            if ( is_wp_error( $response ) ) {
+                $complete['error'] = $response->get_error_message();
+            }
+
+            $this->emit_sse_message( $complete );
             exit;
-        }
-
-        // 2KB padding for IE
-        echo ':' . str_repeat( ' ', 2048 ) . "\n\n";
-
-        // Time to run the import!
-        set_time_limit( 0 );
-
-        // Ensure we're not buffered.
-        wp_ob_end_flush_all();
-        flush();
-
-        // Are we allowed to create users?
-        add_filter( 'wxr_importer.pre_process.user', '__return_null' );
-
-        // Keep track of our progress.
-        add_action( 'wxr_importer.processed.post', array( $this, 'imported_post' ), 10, 2 );
-        add_action( 'wxr_importer.process_failed.post', array( $this, 'imported_post' ), 10, 2 );
-        add_action( 'wxr_importer.process_already_imported.post', array( $this, 'already_imported_post' ), 10, 2 );
-        add_action( 'wxr_importer.process_skipped.post', array( $this, 'already_imported_post' ), 10, 2 );
-        add_action( 'wxr_importer.processed.comment', array( $this, 'imported_comment' ) );
-        add_action( 'wxr_importer.process_already_imported.comment', array( $this, 'imported_comment' ) );
-        add_action( 'wxr_importer.processed.term', array( $this, 'imported_term' ) );
-        add_action( 'wxr_importer.process_failed.term', array( $this, 'imported_term' ) );
-        add_action( 'wxr_importer.process_already_imported.term', array( $this, 'imported_term' ) );
-        add_action( 'wxr_importer.processed.user', array( $this, 'imported_user' ) );
-        add_action( 'wxr_importer.process_failed.user', array( $this, 'imported_user' ) );
-        // Flush once more.
-        flush();
-
-        $importer = $this->get_importer();
-        $response = $importer->import( $xml_url );
-
-        // Let the browser know we're done.
-        $complete = array(
-            'action' => 'complete',
-            'error'  => false,
-        );
-        if ( is_wp_error( $response ) ) {
-            $complete['error'] = $response->get_error_message();
-        }
-
-        $this->emit_sse_message( $complete );
-        exit;
+
+        }
+
     }
 
@@ -172 +176 @@
             'id'      => '1',
             'xml_url' => $path,
+            'zita_nonce' => wp_create_nonce('zita_sl_nonce'),
         );
 

zita-site-library/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 5.5
 Tested up to: 6.5
-Stable tag: 1.6.2
+Stable tag: 1.6.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -30 +30 @@
 == Changelog ==
 
+= Version 1.6.3 18/06/2024 =
+* Xml import nonce issue fixed.
+
 = Version 1.6.2 10/06/2024 =
 * Security issue fixed.

zita-site-library/trunk/zita-site-library.php

@@ -4 +4 @@
  * Plugin URI: https://wpzita.com/zita-site-library
  * Description: Zita site library is a addon plugin for Zita WordPress theme. This plugin contain lot of pre made sites for nearly all niches (like : Corporate, E-commerce, Small businesses ). You can import these sites with a single click.
- * Version: 1.6.2
+ * Version: 1.6.3
  * Author: WPZita
  * Author URI: https://wpzita.com
@@ -15 +15 @@
 }
 if ( ! defined( 'ZITA_SITE_LIBRARY_VER' ) ) {
-    define( 'ZITA_SITE_LIBRARY_VER', '1.6.2' );
+    define( 'ZITA_SITE_LIBRARY_VER', '1.6.3' );
 }