WordPress.org

Plugin Directory

Changeset 1491959


Ignore:
Timestamp:
09/07/16 18:28:51 (6 months ago)
Author:
thoefter
Message:

1.15 update

Location:
wp-inject
Files:
16 added
3 edited

Legend:

Unmodified
Added
Removed
  • wp-inject/trunk/readme.txt

    r1490492 r1491959  
    33Tags: insert, imageinject, wpinject, pictures, flickr, api, images, editor, photos, photo, image, inject, creative commons, creative, commons, gallery, media, thumbnail, seo, pixabay, caption, vector, graphics 
    44Tested up to: 4.6 
    5 Stable tag: 1.14 
     5Stable tag: 1.15 
    66License: GPLv2 or later 
    77License URI: http://www.gnu.org/licenses/gpl-2.0.html 
     
    4141 
    4242== Changelog ==   
     43 
     44= 1.15 = 
     45- Fixed: Security improvements 
    4346 
    4447= 1.14 = 
  • wp-inject/trunk/wpdf_ajax.php

    r1099063 r1491959  
    66 
    77    if(get_magic_quotes_gpc()) { 
    8         $keyword = stripslashes($_POST['keyword']); 
    9     } else { 
    10         $keyword = $_POST["keyword"]; 
    11     } 
    12  
    13     $nonce = $_POST["wpnonce"]; 
    14     if (!wp_verify_nonce($nonce, 'wpdf_security_nonce')) { 
    15         echo json_encode(array("error" => "Invalid request.")); 
    16         exit; 
    17     }    
    18  
    19     if(empty($modules)) { 
     8        $keyword = stripslashes(sanitize_text_field($_POST['keyword'])); 
     9    } else { 
     10        $keyword = sanitize_text_field($_POST["keyword"]); 
     11    } 
     12 
     13    if (!wp_verify_nonce($_POST["wpnonce"], 'wpdf_security_nonce')) { 
     14        echo json_encode(array("error" => "Invalid request.")); 
     15        exit; 
     16    }    
     17 
     18    if(empty($modules) || !is_array($modules)) { 
    2019        echo json_encode(array("error" => "No content source found.")); 
    2120        exit;    
     
    3635    $marray = array(); 
    3736    foreach($modules as $module) { 
    38         $mn = $module["name"]; 
    39         $modulerun = $module["module_run"]; 
     37        $mn = sanitize_text_field($module["name"]); 
     38        $modulerun = sanitize_text_field($module["module_run"]); 
    4039        $start = 1 + (($modulerun - 1) * $items_per_req); 
    4140 
     
    4948    if(is_array($result)) { 
    5049        foreach($modules as $module) { 
    51             $mn = $module["name"]; 
    52             $result[$mn]["modulerun"] = $module["module_run"]; 
     50            $mn = sanitize_text_field($module["name"]); 
     51            $result[$mn]["modulerun"] = sanitize_text_field($module["module_run"]); 
    5352        }    
    5453        echo json_encode(array("result" => $result)); 
     
    218217function wpdf_save_image_function() { 
    219218 
    220     $url = $_POST["src"]; 
    221     $post_id = $_POST["post_id"]; 
    222     $thumb = $_POST["feat_img"]; 
    223     $filename = $_POST["filename"]; 
    224     $keyword = $_POST["keyword"]; 
    225     $attr = $_POST["attr"]; 
     219    $url = esc_url($_POST["src"]); 
     220    $post_id = sanitize_text_field($_POST["post_id"]); 
     221    $thumb = sanitize_text_field($_POST["feat_img"]); 
     222    $filename = sanitize_text_field($_POST["filename"]); 
     223    $keyword = sanitize_text_field($_POST["keyword"]); 
     224    $attr = sanitize_text_field($_POST["attr"]); 
    226225     
    227226    $nonce = $_POST["wpnonce"]; 
     
    255254 
    256255    $images = $_POST["images"]; 
    257     $post_id = $_POST["post_id"]; 
    258     $thumb = $_POST["feat_img"]; 
    259     $filename = $_POST["filename"]; 
    260     $keyword = $_POST["keyword"]; 
     256    $post_id = sanitize_text_field($_POST["post_id"]); 
     257    $thumb = sanitize_text_field($_POST["feat_img"]); 
     258    $filename = sanitize_text_field($_POST["filename"]); 
     259    $keyword = sanitize_text_field($_POST["keyword"]); 
    261260     
    262261    $nonce = $_POST["wpnonce"]; 
     
    266265    }        
    267266     
    268     if(empty($images)) { 
     267    if(empty($images) || !is_array($images)) { 
    269268        echo json_encode(array("error" => "No image source found.")); 
    270269        exit;    
     
    279278 
    280279    foreach($images as $url) { 
     280     
     281        $url = esc_url($url); 
    281282     
    282283        $newsrc = wpdf_save_image($url, $post_id, $thumb, $filename, $keyword, $attr); 
  • wp-inject/trunk/wpinject.php

    r1490492 r1491959  
    33 Plugin Name: ImageInject 
    44 Plugin URI: http://wpscoop.com/wp-inject/ 
    5  Version: 1.14 
     5 Version: 1.15 
    66 Description: Insert photos into your posts or set a featured image in less than a minute! ImageInject allows you to search the huge Flickr image database for creative commons photos directly from within your WordPress editor. Find great photos related to any topic and inject them into your post. Previously known as WP Inject. 
    77 Author: Thomas Hoefter 
     
    133133 
    134134            if($optionsarray[$module]["enabled"] != 2) { 
    135                 $optionsarray[$module]["enabled"] = $_POST[$module."_enabled"]; 
     135                $optionsarray[$module]["enabled"] = sanitize_text_field($_POST[$module."_enabled"]); 
    136136                if(empty($_POST[$module."_enabled"])) {$optionsarray[$module]["enabled"] = 0;} 
    137137                 
Note: See TracChangeset for help on using the changeset viewer.