Changeset 3345320

Timestamp:

08/15/2025 11:34:43 PM (6 months ago)

Author:

raiansar

Message:

Fix v1.5.7: Search form security - added nonce field

Location:

enhanced-autoload-manager/trunk

Files:

• enhanced-autoload-manager.php (modified) (3 diffs)
• readme.txt (modified) (2 diffs)

enhanced-autoload-manager/trunk/enhanced-autoload-manager.php

@@ -4 +4 @@
 Plugin URI: https://raiansar.com/enhanced-autoload-manager
 Description: Manages autoloaded data in the WordPress database, allowing for individual deletion or disabling of autoload entries.
-Version: 1.5.6
+Version: 1.5.7
 Author: Rai Ansar
 Author URI: https://raiansar.com
@@ -25 +25 @@
 }
 if (!defined('EDAL_VERSION')) {
-    define('EDAL_VERSION', '1.5.6');
+    define('EDAL_VERSION', '1.5.7');
 }
 
@@ -279 +279 @@
                             <input type="hidden" name="orderby" value="<?php echo esc_attr($orderby); ?>">
                             <input type="hidden" name="order" value="<?php echo esc_attr($order); ?>">
+                            <?php wp_nonce_field('edal_view_page', '_wpnonce', false); ?>
                             <div class="edal-search-input-wrapper">
                                 <input type="text" name="search" id="edal-search-input" placeholder="<?php esc_attr_e('Search autoload options...', 'enhanced-autoload-manager'); ?>" value="<?php echo esc_attr($search); ?>" class="regular-text">
                                 <button type="submit" class="button button-secondary"><span class="dashicons dashicons-search"></span></button>
                                 <?php if (!empty($search)): ?>
-                                <a href="<?php echo esc_url(remove_query_arg('search')); ?>" class="button button-link" title="<?php esc_attr_e('Clear search', 'enhanced-autoload-manager'); ?>">
+                                <a href="<?php echo esc_url($this->get_admin_url(array('mode' => $mode, 'count' => $count, 'orderby' => $orderby, 'order' => $order))); ?>" class="button button-link" title="<?php esc_attr_e('Clear search', 'enhanced-autoload-manager'); ?>">
                                     <span class="dashicons dashicons-no-alt"></span>
                                 </a>

enhanced-autoload-manager/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 5.0
 Tested up to: 6.8
-Stable tag: 1.5.6
+Stable tag: 1.5.7
 Requires PHP: 7.4
 License: GPLv3 or later
@@ -67 +67 @@
 == Changelog ==
 
+= 1.5.7 =
+* Fixed search form security check error - added missing nonce field
+* Fixed clear search link to include proper nonce
+* Search functionality now properly validates security tokens
+
 = 1.5.6 =
 * Fixed AJAX refresh data error - corrected nonce verification issue