WordPress.org

Plugin Directory

Changeset 1087148


Ignore:
Timestamp:
02/11/15 14:04:44 (3 years ago)
Author:
johneckman
Message:

updating to 1.6.4 - adding wp_nonce protection to admin settings form

Location:
wpbook-lite
Files:
2 edited
3 copied

Legend:

Unmodified
Added
Removed
  • wpbook-lite/tags/1.6.4/README.txt

    r1079751 r1087148  
    33Tags: facebook, platform, application, blog, mirror 
    44Requires at least: 2.9 
    5 Stable tag: 1.6.3 
     5Stable tag: 1.6.4 
    66Tested up to: 4.1 
    77License: GPLv2 or later 
     
    5353 
    5454== Changelog == 
     55 
     56= 1.6.4 =  
     57* Added wp_nonce protection to admin settings form.  
    5558 
    5659= 1.6.3 =  
  • wpbook-lite/tags/1.6.4/wpbook-lite.php

    r1079751 r1087148  
    66Author: John Eckman 
    77Author URI: http://johneckman.com 
    8 Version: 1.6.3 
    9 Stable tag: 1.6.3 
     8Version: 1.6.4 
     9Stable tag: 1.6.4 
    1010 
    1111*/ 
     
    144144    get_currentuserinfo();  
    145145    $wpbookLiteAdminOptions = wpbook_lite_getAdminOptions(); 
    146     if (isset($_POST['fb_api_key']) && isset($_POST['fb_secret']) && isset($_POST['fb_admin_target']) ) {  
     146    if ( ! empty( $_POST ) && check_admin_referer( 'update_settings', 'wpbook_lite_admin_nonce')  
     147        && isset($_POST['fb_api_key']) && isset($_POST['fb_secret']) && isset($_POST['fb_admin_target']) ) {  
    147148      $fb_api_key = preg_replace("#[^0-9]#", "",$_POST['fb_api_key']); 
    148149      $fb_secret = $_POST['fb_secret']; 
     
    238239    } elseif (($wpbookLiteAdminOptions['fb_api_key'] != "") && ($wpbookLiteAdminOptions['fb_secret'] != "") && ($wpbookLiteAdminOptions['fb_admin_target'] != "")){ 
    239240      $flash = ""; 
     241    } elseif (! empty( $_POST ) && ! check_admin_referer( 'update_settings', 'wpbook_lite_admin_nonce')) { 
     242      $flash = "Admin nonce failed"; 
    240243    } else { 
    241       $flash = "Please complete all necessary fields";} 
    242     } else { 
    243       $flash = "You don't have enough access rights."; 
    244     }    
     244      $flash = "Please complete all necessary fields"; 
     245    } // end of if posting 
     246  } else { 
     247    $flash = "You don't have enough access rights."; 
     248  } // end of first if wpbook_lite_is_authorized()  
    245249   
    246250    if (wpbook_lite_is_authorized()) { 
     
    507511     
    508512<?php  
    509 echo '<p><input type="submit" value="Save" class="button-primary"'; 
     513      wp_nonce_field( 'update_settings', 'wpbook_lite_admin_nonce' ); 
     514      echo '<p><input type="submit" value="Save" class="button-primary"'; 
    510515      echo ' name="wpbook_save_button" /></form></p>'; 
    511516      echo'<div id="help">'; 
  • wpbook-lite/trunk/README.txt

    r1079751 r1087148  
    33Tags: facebook, platform, application, blog, mirror 
    44Requires at least: 2.9 
    5 Stable tag: 1.6.3 
     5Stable tag: 1.6.4 
    66Tested up to: 4.1 
    77License: GPLv2 or later 
     
    5353 
    5454== Changelog == 
     55 
     56= 1.6.4 =  
     57* Added wp_nonce protection to admin settings form.  
    5558 
    5659= 1.6.3 =  
  • wpbook-lite/trunk/wpbook-lite.php

    r1079751 r1087148  
    66Author: John Eckman 
    77Author URI: http://johneckman.com 
    8 Version: 1.6.3 
    9 Stable tag: 1.6.3 
     8Version: 1.6.4 
     9Stable tag: 1.6.4 
    1010 
    1111*/ 
     
    144144    get_currentuserinfo();  
    145145    $wpbookLiteAdminOptions = wpbook_lite_getAdminOptions(); 
    146     if (isset($_POST['fb_api_key']) && isset($_POST['fb_secret']) && isset($_POST['fb_admin_target']) ) {  
     146    if ( ! empty( $_POST ) && check_admin_referer( 'update_settings', 'wpbook_lite_admin_nonce')  
     147        && isset($_POST['fb_api_key']) && isset($_POST['fb_secret']) && isset($_POST['fb_admin_target']) ) {  
    147148      $fb_api_key = preg_replace("#[^0-9]#", "",$_POST['fb_api_key']); 
    148149      $fb_secret = $_POST['fb_secret']; 
     
    238239    } elseif (($wpbookLiteAdminOptions['fb_api_key'] != "") && ($wpbookLiteAdminOptions['fb_secret'] != "") && ($wpbookLiteAdminOptions['fb_admin_target'] != "")){ 
    239240      $flash = ""; 
     241    } elseif (! empty( $_POST ) && ! check_admin_referer( 'update_settings', 'wpbook_lite_admin_nonce')) { 
     242      $flash = "Admin nonce failed"; 
    240243    } else { 
    241       $flash = "Please complete all necessary fields";} 
    242     } else { 
    243       $flash = "You don't have enough access rights."; 
    244     }    
     244      $flash = "Please complete all necessary fields"; 
     245    } // end of if posting 
     246  } else { 
     247    $flash = "You don't have enough access rights."; 
     248  } // end of first if wpbook_lite_is_authorized()  
    245249   
    246250    if (wpbook_lite_is_authorized()) { 
     
    507511     
    508512<?php  
    509 echo '<p><input type="submit" value="Save" class="button-primary"'; 
     513      wp_nonce_field( 'update_settings', 'wpbook_lite_admin_nonce' ); 
     514      echo '<p><input type="submit" value="Save" class="button-primary"'; 
    510515      echo ' name="wpbook_save_button" /></form></p>'; 
    511516      echo'<div id="help">'; 
Note: See TracChangeset for help on using the changeset viewer.