WordPress.org
Get WordPress

Plugin Directory

Changeset 1082625


Ignore:
Timestamp:
02/04/2015 10:13:27 PM (10 years ago)
Author:
moskis
Message:

fix security issue (thanks to mickaelb for reporting and Konstantin Kovshenin for providing the fix)

Location:
fancybox-for-wordpress/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • fancybox-for-wordpress/trunk/admin.php

    r566930 r1082625  
    8282    <form method="post" action="">
    8383        <div style="text-align:center;padding:0 0 1.5em;margin:-15px 0 5px;">
     84            <?php wp_nonce_field( 'mfbfw-options-reset' ); ?>
    8485            <input type="submit" name="mfbfw_update" id="reset" onClick="return confirmDefaults();" class="button-secondary" value="<?php esc_attr_e( 'Revert to defaults', 'mfbfw' ); ?>" />
    8586            <input type="hidden" name="action" value="reset" />

  • fancybox-for-wordpress/trunk/fancybox.php

    r566930 r1082625  
    342342    if ( isset($_GET['page']) && $_GET['page'] == 'fancybox-for-wordpress' ) {
    343343
    344         if ( isset($_REQUEST['action']) && 'update' == $_REQUEST['action'] ) {
    345 
    346             $settings = stripslashes_deep( $_POST['mfbfw'] );
    347             $settings = array_map( 'convert_chars', $settings );
    348 
    349             update_option( 'mfbfw', $settings );
    350             wp_safe_redirect( add_query_arg('updated', 'true') );
    351             die;
    352 
    353         } else if ( isset($_REQUEST['action']) && 'reset' == $_REQUEST['action'] ) {
     344        if ( isset($_REQUEST['action']) && 'reset' == $_REQUEST['action'] && check_admin_referer( 'mfbfw-options-options' ) ) {
    354345
    355346            $defaults_array = mfbfw_defaults(); // Store defaults in an array
Note: See TracChangeset for help on using the changeset viewer.