Changeset 3252921

Timestamp:

03/09/2025 07:00:40 PM (9 months ago)

Author:

xavivars

Message:

Bugfixes

Location:

xv-random-quotes/trunk

Files:

• changelog.txt (modified) (1 diff)
• inc/stray_manage.php (modified) (4 diffs)
• inc/stray_new.php (modified) (2 diffs)
• inc/stray_remove.php (modified) (2 diffs)
• inc/stray_tools.php (modified) (5 diffs)
• lib/class.constants.php (modified) (1 diff)
• readme.txt (modified) (1 diff)
• xv-random-quotes.php (modified) (1 diff)

xv-random-quotes/trunk/changelog.txt

@@ -1 +1 @@
 == XV Random Quotes ==
+= 1.41 =
+Some bugfixes
+
 = 1.40 =
 Increases length of source

xv-random-quotes/trunk/inc/stray_manage.php

@@ -12 +12 @@
     if( $quotesoptions['stray_multiuser'] == false && !current_user_can('manage_options') )
         die('Access Denied');
+
+        
+    if ( !empty($_REQUEST['qa']) && !wp_verify_nonce($_POST['xv_random_quotes_tools'],'xv_random_quotes') )
+    {
+        die('Access Denied. Invalid nonce');
+    }
+
 
     //decode and intercept
@@ -27 +34 @@
 
     if(isset($_GET['qo'])){
-        $orderby = $_GET['qo'];
-        $quotesoptions['stray_quotes_order'] = $_GET['qo'];
-    }
-    if(isset($_GET['qp']))$pages = $_GET['qp'];
+        $orderby = sanitize_text_field($_GET['qo']);
+        $quotesoptions['stray_quotes_order'] = sanitize_text_field($_GET['qo']);
+    }
+    if(isset($_GET['qp']))$pages = sanitize_text_field($_GET['qp']);
 
     if(isset($_GET['qr'])){
         $rows = $_GET['qr'];
-        $quotesoptions['stray_quotes_rows'] = $_GET['qr'];
+        $quotesoptions['stray_quotes_rows'] = sanitize_text_field($_GET['qr']);
     }
 
     if(isset($_GET['qc'])){
         $categories = $_GET['qc'];
-        $quotesoptions['stray_quotes_categories'] = $_GET['qc'];
+        $quotesoptions['stray_quotes_categories'] = sanitize_text_field($_GET['qc']);
     }
 
     if(isset($_GET['qs'])){
-        $sort = $_GET['qs'];
-        $quotesoptions['stray_quotes_sort'] = $_GET['qs'];
+        $sort = sanitize_text_field($_GET['qs']);
+        $quotesoptions['stray_quotes_sort'] = sanitize_text_field($_GET['qs']);
     }
 
     /* zL: added: search keyword */
     // get search keyword, if any ('l' in 'ql' stands for 'look');
-    $keyword = isset($_GET['ql']) ? $_GET['ql'] : ''; // escaped later
+    $keyword = isset($_GET['ql']) ? sanitize_text_field($_GET['ql']) : ''; // escaped later
 
     $offset = ($pages - 1) * $rows;
@@ -132 +139 @@
             <script src="<?php echo WP_STRAY_QUOTES_PATH ?>inc/stray_quicktags.js" type="text/javascript"></script>
             <form name="quoteform" id="quoteform" method="post" action="<?php echo $_SERVER['REQUEST_URI'] ?>">
+                <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_manage'); ?>
                 <input type="hidden" name="qa" value="edit_save">
                 <input type="hidden" name="qi" value="<?php echo $quoteID; ?>">
@@ -490 +498 @@
         $bulkurl = remove_querystring_var($bulkurl, 'qi');
         ?><form name="bulkform" id="bulkform" method="post" action="<?php echo $bulkurl ?>">
+        <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_manage'); ?>
         <div class="tablenav">
         <div class="alignleft actions" style="margin-right:10px">

xv-random-quotes/trunk/inc/stray_new.php

@@ -12 +12 @@
     if( $quotesoptions['stray_multiuser'] == false && !current_user_can('manage_options') )
         die('Access Denied');
+
+
+    if ( !empty($_REQUEST['action']) && !wp_verify_nonce($_POST['xv_random_quotes_new'],'xv_random_quotes') )
+    {
+        die('Access Denied. Invalid nonce');
+    }
 
     //decode and intercept
@@ -207 +213 @@
 
             <p><input type="submit" name="save"  class="button-primary" value="<?php _e('Add quote','stray-quotes') ?> &raquo;" /></p>
+            <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_new'); ?>
         </form></div>
 

xv-random-quotes/trunk/inc/stray_remove.php

@@ -16 +16 @@
     //handle the post event
     if(isset($_POST['do']) && sanitize_text_field($_POST['do'])) {
+
+        if ( !wp_verify_nonce($_POST['xv_random_quotes_remove'],'xv_random_quotes') )
+        {
+            die('Access Denied. Invalid nonce');
+        }
 
         //update options
@@ -45 +50 @@
         // the deactivation form ?>
         <form method="post" action="<?php $_SERVER['REQUEST_URI'] ?>">
+        <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_remove'); ?>
         <div class="wrap">
         <h2><?php _e('Remove and deactivate','stray-quotes') ?></h2>

xv-random-quotes/trunk/inc/stray_tools.php

@@ -14 +14 @@
     if(isset($_POST['do']) && sanitize_text_field($_POST['do'])) {
         
+        if ( !wp_verify_nonce($_POST['xv_random_quotes_tools'],'xv_random_quotes') )
+        {
+            die('Access Denied. Invalid nonce');
+        }
+
         $post_do = sanitize_text_field($_POST['do']);
         
@@ -170 +175 @@
     <p class="submit"><input type="hidden" name="do" value="Update" />
     <input type="submit" name="boptions" value="<?php _e('Apply bookmarklet options', 'stray-quotes'); ?>">
+    <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_tools'); ?>
     </p></form><?php } ?>
 
@@ -197 +203 @@
     <p class="submit">&nbsp;<input type="hidden" name="do" value="Update" /><input type="submit" name="enable" value="<?php _e('Toggle shortcodes', 'stray-quotes'); ?>">
     </p>
+    <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_tools'); ?>
     </form></blockquote>
 
@@ -206 +213 @@
     <p class="submit">&nbsp;<input type="hidden" name="do" value="Update" /><input type="submit" name="submit" value="<?php _e('Reset index', 'stray-quotes'); ?>">
     </p>
+    <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_tools'); ?>
     </form></blockquote>
 
@@ -217 +225 @@
     <p class="submit">&nbsp;<input type="hidden" name="do" value="Update" /><input type="submit" name="resetsettings" value="<?php _e('Reset Settings', 'stray-quotes'); ?>">
     </p>
+    <?php wp_nonce_field('xv_random_quotes','xv_random_quotes_tools'); ?>
     </form></blockquote>
 

xv-random-quotes/trunk/lib/class.constants.php

@@ -16 +16 @@
 
     const PLUGIN_OPTIONS = 'stray_quotes_options';
-    const VERSION = '1.40';
+    const VERSION = '1.41';
     const DEFAULT_CATEGORY_OPTION    = 'stray_default_category';
     const DEFAULT_RELOAD_TEXT_OPTION     = 'stray_loader';

xv-random-quotes/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 2.3
 Tested up to: 6.7
-Stable tag: 1.40
+Stable tag: 1.41
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html

xv-random-quotes/trunk/xv-random-quotes.php

@@ -5 +5 @@
 Author: Xavi Ivars
 Author URI: http://xavi.ivars.me/
-Version: 1.40
+Version: 1.41
 License: http://www.gnu.org/copyleft/gpl.html GNU General Public License
 */