WordPress.org
Get WordPress

Plugin Directory

Changeset 3249784


Ignore:
Timestamp:
03/03/2025 03:00:58 PM (12 months ago)
Author:
fuzzoid
Message:

Security fix

Location:
3dprint-lite/trunk
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • 3dprint-lite/trunk/3dprint-lite.php

    r3204051 r3249784  
    66Text Domain: 3dprint-lite
    77Plugin URI: http://www.wp3dprinting.com
    8 Version: 2.1.3.5
     8Version: 2.1.3.6
    99*/
    1010
     
    1313}
    1414
    15 define('P3DLITE_VERSION', '2.1.3.5');
     15define('P3DLITE_VERSION', '2.1.3.6');
    1616
    1717if ( !function_exists( 'get_home_path' ) ) {

  • 3dprint-lite/trunk/includes/3dprint-lite-admin-coatings.php

    r3141765 r3249784  
    373373     */
    374374    public function plugin_settings_page() {
    375 
     375        $add_nonce = wp_create_nonce( 'sp_add_coating' );
    376376        ?>
    377377        <div class="wrap">
     
    379379
    380380            <div id="poststuff p3d-lite-poststuff">
    381                 <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_coatings&action=add' ));?>'"><b><?php esc_html_e('Add Coating', '3dprint-lite');?></b></button>
     381                <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_coatings&action=add&_wpnonce='.$add_nonce ));?>'"><b><?php esc_html_e('Add Coating', '3dprint-lite');?></b></button>
    382382                <div id="post-body" class="metabox-holder columns-2">
    383383                    <div id="post-body-content">

  • 3dprint-lite/trunk/includes/3dprint-lite-admin-infills.php

    r3141765 r3249784  
    371371     */
    372372    public function plugin_settings_page() {
    373 
     373        $add_nonce = wp_create_nonce( 'sp_add_infill' );
    374374        ?>
    375375        <div class="wrap">
     
    377377
    378378            <div id="poststuff p3d-lite-poststuff">
    379                 <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_infills&action=add' ));?>'"><b><?php esc_html_e('Add Infill', '3dprint-lite');?></b></button>
     379                <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_infills&action=add&_wpnonce='.$add_nonce ));?>'"><b><?php esc_html_e('Add Infill', '3dprint-lite');?></b></button>
    380380                <div id="post-body" class="metabox-holder columns-2">
    381381                    <div id="post-body-content">

  • 3dprint-lite/trunk/includes/3dprint-lite-admin-materials.php

    r3141765 r3249784  
    277277
    278278        if ( 'edit' === $this->current_action() ) {
    279 
    280279            // In our file that handles the request, verify the nonce.
    281280            $nonce = sanitize_key( $_REQUEST['_wpnonce'] );
     
    377376     */
    378377    public function plugin_settings_page() {
    379 
     378        $add_nonce = wp_create_nonce( 'sp_add_material' );
    380379        ?>
    381380        <div class="wrap">
     
    383382
    384383            <div id="poststuff p3d-lite-poststuff">
    385                 <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_materials&action=add' ));?>'"><b><?php esc_html_e('Add Material', '3dprint-lite');?></b></button>
     384                <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_materials&action=add&_wpnonce='.$add_nonce ));?>'"><b><?php esc_html_e('Add Material', '3dprint-lite');?></b></button>
    386385                <div id="post-body" class="metabox-holder columns-2">
    387386                    <div id="post-body-content">

  • 3dprint-lite/trunk/includes/3dprint-lite-admin-printers.php

    r3141765 r3249784  
    371371     */
    372372    public function plugin_settings_page() {
    373 
     373        $add_nonce = wp_create_nonce( 'sp_add_printer' );
    374374        ?>
    375375        <div class="wrap">
     
    377377
    378378            <div id="poststuff p3d-lite-poststuff">
    379                 <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_printers&action=add' ));?>'"><b><?php esc_html_e('Add Printer', '3dprint-lite');?></b></button>
     379                <button class="button-secondary" type="button" onclick="location.href='<?php echo esc_url(admin_url( 'admin.php?page=p3dlite_printers&action=add&_wpnonce='.$add_nonce ));?>'"><b><?php esc_html_e('Add Printer', '3dprint-lite');?></b></button>
    380380                <div id="post-body" class="metabox-holder columns-2">
    381381                    <div id="post-body-content">

  • 3dprint-lite/trunk/includes/3dprint-lite-admin.php

    r3204051 r3249784  
    741741    }
    742742    elseif (isset($_GET['action']) && $_GET['action'] == 'clone') {
     743
     744        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_clone_printer')) {
     745            wp_die('nonce does not match, try to refresh the page');
     746        }
    743747        $printer_id = (int)$_GET['printer'];
    744748        $printer_result = $wpdb->get_results( "select * from {$wpdb->prefix}p3dlite_printers where id='$printer_id'", ARRAY_A );
     
    750754    }
    751755    elseif (isset($_GET['action']) && $_GET['action'] == 'add') {
     756        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_add_printer')) {
     757            wp_die('nonce does not match, try to refresh the page');
     758        }
    752759
    753760            $default_printer_data = array(
     
    820827
    821828    if (isset($_GET['action']) && $_GET['action'] == 'edit') {
    822 
    823829        $material_id = (int)$_GET['material'];
    824830        $material_result = $wpdb->get_results( "select * from {$wpdb->prefix}p3dlite_materials where id='$material_id'", ARRAY_A );
     
    837843    }
    838844    elseif (isset($_GET['action']) && $_GET['action'] == 'clone') {
     845
     846        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_clone_material')) {
     847            wp_die('nonce does not match, try to refresh the page');
     848        }
     849
    839850        $material_id = (int)$_GET['material'];
    840851        $material_result = $wpdb->get_results( "select * from {$wpdb->prefix}p3dlite_materials where id='$material_id'", ARRAY_A );
     
    869880    }
    870881    elseif (isset($_GET['action']) && $_GET['action'] == 'add') {
     882        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_add_material')) {
     883            wp_die('nonce does not match, try to refresh the page');
     884        }
    871885
    872886            $default_material_data = array(
     
    942956    }
    943957    elseif (isset($_GET['action']) && $_GET['action'] == 'clone') {
     958        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_clone_coating')) {
     959            wp_die('nonce does not match, try to refresh the page');
     960        }
     961
    944962        $coating_id = (int)$_GET['coating'];
    945963        $coating_result = $wpdb->get_results( "select * from {$wpdb->prefix}p3dlite_coatings where id='$coating_id'", ARRAY_A );
     
    951969    }
    952970    elseif (isset($_GET['action']) && $_GET['action'] == 'add') {
     971        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_add_coating')) {
     972            wp_die('nonce does not match, try to refresh the page');
     973        }
    953974
    954975            $default_coating_data = array(
     
    11741195    }
    11751196    elseif (isset($_GET['action']) && $_GET['action'] == 'clone') {
     1197        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_clone_infill')) {
     1198            wp_die('nonce does not match, try to refresh the page');
     1199        }
    11761200        $infill_id = (int)$_GET['infill'];
    11771201        $infill_result = $wpdb->get_results( "select * from {$wpdb->prefix}p3dlite_infills where id='$infill_id'", ARRAY_A );
     
    11831207    }
    11841208    elseif (isset($_GET['action']) && $_GET['action'] == 'add') {
     1209        if (!wp_verify_nonce(sanitize_key( $_REQUEST['_wpnonce'] ), 'sp_add_infill')) {
     1210            wp_die('nonce does not match, try to refresh the page');
     1211        }
     1212
    11851213
    11861214            $default_infill_data = array(

  • 3dprint-lite/trunk/readme.txt

    r3204051 r3249784  
    44Requires at least: 3.5
    55Tested up to: 6.7
    6 Stable tag: 2.1.3.5
     6Stable tag: 2.1.3.6
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    110110== Changelog ==
    111111
     112= 2.1.3.6 =
     113Security fix
     114
    112115= 2.1.3.5 =
    113116Price requests: material, printer, coating, infill fields are editable
Note: See TracChangeset for help on using the changeset viewer.