Changeset 3139815
- Timestamp:
- 08/22/2024 02:18:07 PM (7 months ago)
- Location:
- stream
- Files:
-
- 12 edited
- 1 copied
-
tags/4.0.2 (copied) (copied from stream/trunk)
-
tags/4.0.2/classes/class-network.php (modified) (3 diffs)
-
tags/4.0.2/classes/class-plugin.php (modified) (1 diff)
-
tags/4.0.2/classes/class-settings.php (modified) (1 diff)
-
tags/4.0.2/readme.txt (modified) (2 diffs)
-
tags/4.0.2/stream.php (modified) (1 diff)
-
tags/4.0.2/vendor/composer/installed.php (modified) (2 diffs)
-
trunk/classes/class-network.php (modified) (3 diffs)
-
trunk/classes/class-plugin.php (modified) (1 diff)
-
trunk/classes/class-settings.php (modified) (1 diff)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/stream.php (modified) (1 diff)
-
trunk/vendor/composer/installed.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
stream/tags/4.0.2/classes/class-network.php
r3019411 r3139815 28 28 29 29 /** 30 * Default setting page slug30 * The option name for the network settings. 31 31 * 32 32 * @var string 33 33 */ 34 public $ default_settings_page_slug = 'wp_stream_default_settings';34 public $network_settings_option = 'wp_stream_network'; 35 35 36 36 /** … … 226 226 $current_page = wp_stream_filter_input( INPUT_GET, 'page' ); 227 227 228 switch ( $current_page ) { 229 case $this->network_settings_page_slug: 230 $description = __( 'These settings apply to all sites on the network.', 'stream' ); 231 break; 232 case $this->default_settings_page_slug: 233 $description = __( 'These default settings will apply to new sites created on the network. These settings do not alter existing sites.', 'stream' ); 234 break; 228 if ( $this->network_settings_page_slug === $current_page ) { 229 $description = __( 'These settings apply to all sites on the network.', 'stream' ); 235 230 } 236 231 … … 352 347 */ 353 348 public function network_options_action() { 354 $allowed_referrers = array( 355 $this->network_settings_page_slug, 356 $this->default_settings_page_slug, 357 ); 358 359 // @codingStandardsIgnoreLine 360 if ( ! isset( $_GET['action'] ) || ! in_array( $_GET['action'], $allowed_referrers, true ) ) { 349 350 // Check the nonce. 351 if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], sprintf( '%s-options', $this->network_settings_option ) ) ) { 361 352 return; 362 353 } 363 354 364 // @codingStandardsIgnoreLine 365 $options = isset( $_POST['option_page'] ) ? explode( ',', stripslashes( $_POST['option_page'] ) ) : null; 366 367 if ( $options ) { 368 369 foreach ( $options as $option ) { 370 $option = trim( $option ); 371 $value = null; 372 $sections = $this->plugin->settings->get_fields(); 373 374 foreach ( $sections as $section_name => $section ) { 375 foreach ( $section['fields'] as $field_idx => $field ) { 376 $option_key = $section_name . '_' . $field['name']; 377 378 // @codingStandardsIgnoreStart 379 if ( isset( $_POST[ $option ][ $option_key ] ) ) { 380 $value[ $option_key ] = $_POST[ $option ][ $option_key ]; 381 } else { 382 $value[ $option_key ] = false; 383 } 384 // @codingStandardsIgnoreEnd 355 // Check the user capability. 356 if ( ! current_user_can( $this->plugin->admin->settings_cap ) ) { 357 return; 358 } 359 360 // Check the action. 361 if ( ! isset( $_GET['action'] ) || $this->network_settings_page_slug !== $_GET['action'] ) { 362 return; 363 } 364 365 $option = ! empty( $_POST['option_page'] ) ? $_POST['option_page'] : false; 366 367 if ( $option && $this->network_settings_option === $option ) { 368 369 $value = array(); 370 $sections = $this->plugin->settings->get_fields(); 371 372 foreach ( $sections as $section_name => $section ) { 373 foreach ( $section['fields'] as $field_idx => $field ) { 374 $option_key = $section_name . '_' . $field['name']; 375 376 if ( isset( $_POST[ $option ][ $option_key ] ) ) { 377 $value[ $option_key ] = $this->plugin->settings->sanitize_setting_by_field_type( $_POST[ $option ][ $option_key ], $field['type'] ); 378 } else { 379 $value[ $option_key ] = false; 385 380 } 386 381 } 387 388 if ( ! is_array( $value ) ) {389 $value = trim( $value );390 }391 392 update_site_option( $option, $value );393 382 } 383 384 update_site_option( $this->network_settings_option, $value ); 394 385 } 395 386 -
stream/tags/4.0.2/classes/class-plugin.php
r3128015 r3139815 19 19 * @const string 20 20 */ 21 const VERSION = '4.0. 1';21 const VERSION = '4.0.2'; 22 22 23 23 /** -
stream/tags/4.0.2/classes/class-settings.php
r3128015 r3139815 545 545 } 546 546 547 // Sanitize depending on the type of field. 548 switch ( $type ) { 549 case 'number': 550 $output[ $name ] = is_numeric( $input[ $name ] ) ? intval( trim( $input[ $name ] ) ) : ''; 551 break; 552 case 'checkbox': 553 $output[ $name ] = is_numeric( $input[ $name ] ) ? absint( trim( $input[ $name ] ) ) : ''; 554 break; 555 default: 556 if ( is_array( $input[ $name ] ) ) { 557 $output[ $name ] = $input[ $name ]; 558 559 // Support all values in multidimentional arrays too. 560 array_walk_recursive( 561 $output[ $name ], 562 function ( &$v ) { 563 $v = sanitize_text_field( trim( $v ) ); 564 } 565 ); 566 } else { 567 $output[ $name ] = sanitize_text_field( trim( $input[ $name ] ) ); 547 $output[ $name ] = $this->sanitize_setting_by_field_type( $input[ $name ], $type ); 548 } 549 } 550 551 return $output; 552 } 553 554 /** 555 * Sanitizes a setting value based on the field type. 556 * 557 * @param mixed $value The value to be sanitized. 558 * @param string $field_type The type of field. 559 * 560 * @return mixed The sanitized value. 561 */ 562 public function sanitize_setting_by_field_type( $value, $field_type ) { 563 564 // Sanitize depending on the type of field. 565 switch ( $field_type ) { 566 case 'number': 567 $sanitized_value = is_numeric( $value ) ? intval( trim( $value ) ) : ''; 568 break; 569 case 'checkbox': 570 $sanitized_value = is_numeric( $value ) ? absint( trim( $value ) ) : ''; 571 break; 572 default: 573 if ( is_array( $value ) ) { 574 $sanitized_value = $value; 575 576 // Support all values in multidimentional arrays too. 577 array_walk_recursive( 578 $sanitized_value, 579 function ( &$v ) { 580 $v = sanitize_text_field( trim( $v ) ); 568 581 } 569 } 570 } 571 } 572 573 return $output; 582 ); 583 } else { 584 $sanitized_value = sanitize_text_field( trim( $value ) ); 585 } 586 } 587 588 return $sanitized_value; 574 589 } 575 590 -
stream/tags/4.0.2/readme.txt
r3128015 r3139815 4 4 Requires at least: 4.6 5 5 Tested up to: 6.6 6 Stable tag: 4.0. 16 Stable tag: 4.0.2 7 7 License: GPLv2 or later 8 8 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 135 135 == Changelog == 136 136 137 = 4.0.2 - August 22, 2024 = 138 139 **Security update** 140 141 - Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to [@sybrew](https://github.com/sybrew) for responsibly disclosing this issue. 142 137 143 = 4.0.1 - July 30, 2024 = 138 144 -
stream/tags/4.0.2/stream.php
r3128015 r3139815 4 4 * Plugin URI: https://xwp.co/work/stream/ 5 5 * Description: Stream tracks logged-in user activity so you can monitor every change made on your WordPress site in beautifully organized detail. All activity is organized by context, action and IP address for easy filtering. Developers can extend Stream with custom connectors to log any kind of action. 6 * Version: 4.0. 16 * Version: 4.0.2 7 7 * Author: XWP 8 8 * Author URI: https://xwp.co -
stream/tags/4.0.2/vendor/composer/installed.php
r3128015 r3139815 2 2 'root' => array( 3 3 'name' => 'xwp/stream', 4 'pretty_version' => 'v4.0. 1',5 'version' => '4.0. 1.0',6 'reference' => ' abc53ab8397dae1a70b883d7f5ecee019e595c03',4 'pretty_version' => 'v4.0.2', 5 'version' => '4.0.2.0', 6 'reference' => 'e61210f3529a19ef235805d34e82f100282aec7a', 7 7 'type' => 'wordpress-plugin', 8 8 'install_path' => __DIR__ . '/../../', … … 33 33 ), 34 34 'xwp/stream' => array( 35 'pretty_version' => 'v4.0. 1',36 'version' => '4.0. 1.0',37 'reference' => ' abc53ab8397dae1a70b883d7f5ecee019e595c03',35 'pretty_version' => 'v4.0.2', 36 'version' => '4.0.2.0', 37 'reference' => 'e61210f3529a19ef235805d34e82f100282aec7a', 38 38 'type' => 'wordpress-plugin', 39 39 'install_path' => __DIR__ . '/../../', -
stream/trunk/classes/class-network.php
r3019411 r3139815 28 28 29 29 /** 30 * Default setting page slug30 * The option name for the network settings. 31 31 * 32 32 * @var string 33 33 */ 34 public $ default_settings_page_slug = 'wp_stream_default_settings';34 public $network_settings_option = 'wp_stream_network'; 35 35 36 36 /** … … 226 226 $current_page = wp_stream_filter_input( INPUT_GET, 'page' ); 227 227 228 switch ( $current_page ) { 229 case $this->network_settings_page_slug: 230 $description = __( 'These settings apply to all sites on the network.', 'stream' ); 231 break; 232 case $this->default_settings_page_slug: 233 $description = __( 'These default settings will apply to new sites created on the network. These settings do not alter existing sites.', 'stream' ); 234 break; 228 if ( $this->network_settings_page_slug === $current_page ) { 229 $description = __( 'These settings apply to all sites on the network.', 'stream' ); 235 230 } 236 231 … … 352 347 */ 353 348 public function network_options_action() { 354 $allowed_referrers = array( 355 $this->network_settings_page_slug, 356 $this->default_settings_page_slug, 357 ); 358 359 // @codingStandardsIgnoreLine 360 if ( ! isset( $_GET['action'] ) || ! in_array( $_GET['action'], $allowed_referrers, true ) ) { 349 350 // Check the nonce. 351 if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], sprintf( '%s-options', $this->network_settings_option ) ) ) { 361 352 return; 362 353 } 363 354 364 // @codingStandardsIgnoreLine 365 $options = isset( $_POST['option_page'] ) ? explode( ',', stripslashes( $_POST['option_page'] ) ) : null; 366 367 if ( $options ) { 368 369 foreach ( $options as $option ) { 370 $option = trim( $option ); 371 $value = null; 372 $sections = $this->plugin->settings->get_fields(); 373 374 foreach ( $sections as $section_name => $section ) { 375 foreach ( $section['fields'] as $field_idx => $field ) { 376 $option_key = $section_name . '_' . $field['name']; 377 378 // @codingStandardsIgnoreStart 379 if ( isset( $_POST[ $option ][ $option_key ] ) ) { 380 $value[ $option_key ] = $_POST[ $option ][ $option_key ]; 381 } else { 382 $value[ $option_key ] = false; 383 } 384 // @codingStandardsIgnoreEnd 355 // Check the user capability. 356 if ( ! current_user_can( $this->plugin->admin->settings_cap ) ) { 357 return; 358 } 359 360 // Check the action. 361 if ( ! isset( $_GET['action'] ) || $this->network_settings_page_slug !== $_GET['action'] ) { 362 return; 363 } 364 365 $option = ! empty( $_POST['option_page'] ) ? $_POST['option_page'] : false; 366 367 if ( $option && $this->network_settings_option === $option ) { 368 369 $value = array(); 370 $sections = $this->plugin->settings->get_fields(); 371 372 foreach ( $sections as $section_name => $section ) { 373 foreach ( $section['fields'] as $field_idx => $field ) { 374 $option_key = $section_name . '_' . $field['name']; 375 376 if ( isset( $_POST[ $option ][ $option_key ] ) ) { 377 $value[ $option_key ] = $this->plugin->settings->sanitize_setting_by_field_type( $_POST[ $option ][ $option_key ], $field['type'] ); 378 } else { 379 $value[ $option_key ] = false; 385 380 } 386 381 } 387 388 if ( ! is_array( $value ) ) {389 $value = trim( $value );390 }391 392 update_site_option( $option, $value );393 382 } 383 384 update_site_option( $this->network_settings_option, $value ); 394 385 } 395 386 -
stream/trunk/classes/class-plugin.php
r3128015 r3139815 19 19 * @const string 20 20 */ 21 const VERSION = '4.0. 1';21 const VERSION = '4.0.2'; 22 22 23 23 /** -
stream/trunk/classes/class-settings.php
r3128015 r3139815 545 545 } 546 546 547 // Sanitize depending on the type of field. 548 switch ( $type ) { 549 case 'number': 550 $output[ $name ] = is_numeric( $input[ $name ] ) ? intval( trim( $input[ $name ] ) ) : ''; 551 break; 552 case 'checkbox': 553 $output[ $name ] = is_numeric( $input[ $name ] ) ? absint( trim( $input[ $name ] ) ) : ''; 554 break; 555 default: 556 if ( is_array( $input[ $name ] ) ) { 557 $output[ $name ] = $input[ $name ]; 558 559 // Support all values in multidimentional arrays too. 560 array_walk_recursive( 561 $output[ $name ], 562 function ( &$v ) { 563 $v = sanitize_text_field( trim( $v ) ); 564 } 565 ); 566 } else { 567 $output[ $name ] = sanitize_text_field( trim( $input[ $name ] ) ); 547 $output[ $name ] = $this->sanitize_setting_by_field_type( $input[ $name ], $type ); 548 } 549 } 550 551 return $output; 552 } 553 554 /** 555 * Sanitizes a setting value based on the field type. 556 * 557 * @param mixed $value The value to be sanitized. 558 * @param string $field_type The type of field. 559 * 560 * @return mixed The sanitized value. 561 */ 562 public function sanitize_setting_by_field_type( $value, $field_type ) { 563 564 // Sanitize depending on the type of field. 565 switch ( $field_type ) { 566 case 'number': 567 $sanitized_value = is_numeric( $value ) ? intval( trim( $value ) ) : ''; 568 break; 569 case 'checkbox': 570 $sanitized_value = is_numeric( $value ) ? absint( trim( $value ) ) : ''; 571 break; 572 default: 573 if ( is_array( $value ) ) { 574 $sanitized_value = $value; 575 576 // Support all values in multidimentional arrays too. 577 array_walk_recursive( 578 $sanitized_value, 579 function ( &$v ) { 580 $v = sanitize_text_field( trim( $v ) ); 568 581 } 569 } 570 } 571 } 572 573 return $output; 582 ); 583 } else { 584 $sanitized_value = sanitize_text_field( trim( $value ) ); 585 } 586 } 587 588 return $sanitized_value; 574 589 } 575 590 -
stream/trunk/readme.txt
r3128015 r3139815 4 4 Requires at least: 4.6 5 5 Tested up to: 6.6 6 Stable tag: 4.0. 16 Stable tag: 4.0.2 7 7 License: GPLv2 or later 8 8 License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 135 135 == Changelog == 136 136 137 = 4.0.2 - August 22, 2024 = 138 139 **Security update** 140 141 - Fix vulnerability which allowed logged in users to update some site options in certain configurations. Props to [@sybrew](https://github.com/sybrew) for responsibly disclosing this issue. 142 137 143 = 4.0.1 - July 30, 2024 = 138 144 -
stream/trunk/stream.php
r3128015 r3139815 4 4 * Plugin URI: https://xwp.co/work/stream/ 5 5 * Description: Stream tracks logged-in user activity so you can monitor every change made on your WordPress site in beautifully organized detail. All activity is organized by context, action and IP address for easy filtering. Developers can extend Stream with custom connectors to log any kind of action. 6 * Version: 4.0. 16 * Version: 4.0.2 7 7 * Author: XWP 8 8 * Author URI: https://xwp.co -
stream/trunk/vendor/composer/installed.php
r3128015 r3139815 2 2 'root' => array( 3 3 'name' => 'xwp/stream', 4 'pretty_version' => 'v4.0. 1',5 'version' => '4.0. 1.0',6 'reference' => ' abc53ab8397dae1a70b883d7f5ecee019e595c03',4 'pretty_version' => 'v4.0.2', 5 'version' => '4.0.2.0', 6 'reference' => 'e61210f3529a19ef235805d34e82f100282aec7a', 7 7 'type' => 'wordpress-plugin', 8 8 'install_path' => __DIR__ . '/../../', … … 33 33 ), 34 34 'xwp/stream' => array( 35 'pretty_version' => 'v4.0. 1',36 'version' => '4.0. 1.0',37 'reference' => ' abc53ab8397dae1a70b883d7f5ecee019e595c03',35 'pretty_version' => 'v4.0.2', 36 'version' => '4.0.2.0', 37 'reference' => 'e61210f3529a19ef235805d34e82f100282aec7a', 38 38 'type' => 'wordpress-plugin', 39 39 'install_path' => __DIR__ . '/../../',
Note: See TracChangeset
for help on using the changeset viewer.