WordPress.org
Get WordPress

Plugin Directory

Changeset 3255024


Ignore:
Timestamp:
03/12/2025 08:54:47 PM (9 months ago)
Author:
shanebp
Message:

new commit for plugin team

Location:
bp-email-assign-templates/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • bp-email-assign-templates/trunk/pp-email-templates-admin-buddyboss.php

    r3250543 r3255024  
    344344            'ajax'  => false
    345345            ) );
    346          }
     346        }
    347347
    348348        function get_columns() {
     
    367367           
    368368            $id = absint( $id );
    369 
    370             $wpdb->query( "DELETE FROM $wpdb->options WHERE option_id = $id" );
    371 
     369           
     370            $option_name = $wpdb->get_var( "SELECT option_name FROM $wpdb->options WHERE option_id = $id" );
     371           
     372            if ( strncmp( $option_name, "bp-email-template-", 18 ) === 0 ) {
     373                $wpdb->query( "DELETE FROM $wpdb->options WHERE option_id = $id" );
     374            }
     375           
    372376        }
    373377

  • bp-email-assign-templates/trunk/pp-email-templates-admin-buddypress.php

    r3250543 r3255024  
    358358           
    359359            $id = absint( $id );
    360 
    361             $wpdb->query( "DELETE FROM $wpdb->options WHERE option_id = $id" );
    362 
     360           
     361            $option_name = $wpdb->get_var( "SELECT option_name FROM $wpdb->options WHERE option_id = $id" );
     362           
     363            if ( strncmp( $option_name, "bp-email-template-", 18 ) === 0 ) {
     364                $wpdb->query( "DELETE FROM $wpdb->options WHERE option_id = $id" );
     365            }
     366           
    363367        }
    364368

  • bp-email-assign-templates/trunk/pp-email-templates-admin.php

    r3250543 r3255024  
    356356        function delete_eto( $id ) {
    357357            global $wpdb;
    358                
     358           
    359359            $id = absint( $id );
    360 
    361             $wpdb->query( "DELETE FROM $wpdb->options WHERE option_id = $id" );
    362 
     360           
     361            $option_name = $wpdb->get_var( "SELECT option_name FROM $wpdb->options WHERE option_id = $id" );
     362           
     363            if ( strncmp( $option_name, "bp-email-template-", 18 ) === 0 ) {
     364                $wpdb->query( "DELETE FROM $wpdb->options WHERE option_id = $id" );
     365            }
     366           
    363367        }
    364368

  • bp-email-assign-templates/trunk/readme.txt

    r3250543 r3255024  
    5555
    5656= 1.7 =
    57 * fixes another XSS security issue
     57* fixes arbitrary option value deletion risk
    5858
    5959= 1.6 =
     
    8686
    8787= 1.7 =
    88 * fixes another XSS security issue
     88* fixes arbitrary option value deletion risk
    8989
    9090= 1.6 =
Note: See TracChangeset for help on using the changeset viewer.