WordPress.org
Get WordPress

Plugin Directory

Changeset 3389291


Ignore:
Timestamp:
11/04/2025 02:40:28 AM (6 weeks ago)
Author:
Alignak
Message:

v3.5.4

Location:
fast-velocity-minify/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • fast-velocity-minify/trunk/fvm.php

    r3383667 r3389291  
    44 * Plugin URI: https://fastvelocity.com
    55 * Description: Improve your speed score on GTmetrix, Pingdom Tools and Google PageSpeed Insights by merging and minifying CSS and JavaScript files into groups, compressing HTML and other speed optimizations.
    6  * Version: 3.5.3
     6 * Version: 3.5.4
    77 * Author: Raul Peixoto
    88 * Author URI: https://fastvelocity.com

  • fast-velocity-minify/trunk/inc/common.php

    r3383667 r3389291  
    24052405    }
    24062406
    2407     # Block internal/private IP ranges to prevent SSRF
    2408     $ip = gethostbyname($parsed['host']);
    2409     if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false) {
    2410         return array('error' => 'Access to private/internal IPs is not allowed');
    2411     }
    2412 
    2413     # get domain
     2407    # get domain early to determine if this is a local or external resource
    24142408    global $fvm_urls;
    2415    
    2416     # check if we can open the file locally first
    2417     if (stripos($url, $fvm_urls['wp_domain']) !== false && defined('ABSPATH') && !empty('ABSPATH')) {
     2409    $is_local_domain = false;
     2410    if (isset($fvm_urls['wp_domain']) && !empty($fvm_urls['wp_domain'])) {
     2411        $is_local_domain = (stripos($url, $fvm_urls['wp_domain']) !== false);
     2412    }
     2413
     2414    # For local WordPress domain URLs, try to read from disk first (no SSRF risk)
     2415    if ($is_local_domain && defined('ABSPATH') && !empty('ABSPATH')) {
    24182416       
    24192417        # file path + windows compatibility
     
    24442442
    24452443    # fallback to downloading
    2446    
     2444
    24472445    # this useragent is needed for google fonts (woff files only + hinted fonts)
    24482446    $uagent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586';

  • fast-velocity-minify/trunk/readme.txt

    r3383667 r3389291  
    44Requires at least: 5.6
    55Requires PHP: 7.2
    6 Stable tag: 3.5.3
     6Stable tag: 3.5.4
    77Tested up to: 6.8.3
    88Text Domain: fast-velocity-minify
     
    4949
    5050== Changelog ==
     51
     52= 3.5.4 [2025.11.04] =
     53* Removed the unecessary SSRF checks for external requests that were blocking sites behind NAT or intranet deployments
    5154
    5255= 3.5.3 [2025.10.23] =
Note: See TracChangeset for help on using the changeset viewer.