Changeset 3034410 for categorify
- Timestamp:
- 02/12/2024 08:40:58 AM (14 months ago)
- Location:
- categorify
- Files:
-
- 1 added
- 9 edited
-
tags/categorify.1.0.7.5.zip (added)
-
trunk/assets/js/core.js (modified) (10 diffs)
-
trunk/assets/js/filter.js (modified) (3 diffs)
-
trunk/assets/js/upload.js (modified) (1 diff)
-
trunk/categorify.php (modified) (2 diffs)
-
trunk/freemius/includes/class-freemius.php (modified) (1 diff)
-
trunk/freemius/includes/class-fs-garbage-collector.php (modified) (1 diff)
-
trunk/freemius/start.php (modified) (3 diffs)
-
trunk/inc/sidebar.php (modified) (18 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
categorify/trunk/assets/js/core.js
r2998641 r3034410 256 256 IDs: IDs, 257 257 folderID: folderID, 258 security: self.nonce, 258 259 }; 259 260 … … 364 365 var requestData = { 365 366 action: 'categorifyAjaxGetTermsByMedia', 366 nonce: self.nonce,367 security: self.nonce, 367 368 ID: mediaID, 368 369 }; … … 414 415 mediaID: mediaID, 415 416 folderID: folderID, 417 security: self.nonce, 416 418 }; 417 419 … … 681 683 current: current, 682 684 parent: newParent, 685 security: self.nonce, 683 686 }; 684 687 … … 716 719 var requestData = { 717 720 action: 'categorifyAjaxUpdateFolderPosition', 718 data: data 721 data: data, 722 security: self.nonce, 719 723 }; 720 724 … … 1433 1437 e.stopPropagation(); 1434 1438 1435 console.log('aliya');1436 1439 1437 1440 var renamedLi = jQuery('ul.cc_categorify_category_list li.rename'); … … 1521 1524 categoryName: categoryName, 1522 1525 parent: parent, 1526 security: self.nonce, 1523 1527 }; 1524 1528 … … 1552 1556 categoryID: ID, 1553 1557 categoryTitle: title, 1558 security: self.nonce, 1554 1559 }; 1555 1560 … … 1654 1659 action: 'categorifyAjaxClearCategory', 1655 1660 categoryID: categoryID, 1661 security: self.nonce, 1656 1662 }; 1657 1663 … … 1721 1727 action: 'categorifyAjaxDeleteCategory', 1722 1728 categoryID: categoryID, 1729 security: self.nonce, 1723 1730 }; 1724 1731 -
categorify/trunk/assets/js/filter.js
r2612898 r3034410 135 135 IDs: IDs, 136 136 folderID: folderID, 137 security: self.nonce, 137 138 }; 138 139 … … 191 192 var requestData = { 192 193 action: 'categorifyAjaxGetTermsByMedia', 193 nonce: self.nonce,194 security: self.nonce, 194 195 ID: mediaID, 195 196 }; … … 239 240 mediaID: mediaID, 240 241 folderID: folderID, 242 security: self.nonce, 243 241 244 }; 242 245 -
categorify/trunk/assets/js/upload.js
r2611301 r3034410 247 247 attachmentID: attachmentID, 248 248 action: 'categorifyAjaxCheckDeletingMedia', 249 ajaxNonce: categorifyConfig.nonce249 security: categorifyConfig.nonce, 250 250 }; 251 251 -
categorify/trunk/categorify.php
r2998641 r3034410 5 5 * Plugin URI: https://frenify.com/project/categorify/ 6 6 * Description: Organize your WordPress media files in categories via drag and drop. 7 * Version: 1.0.7. 47 * Version: 1.0.7.5 8 8 * Author: Frenify 9 9 * Author URI: https://frenify.com/ … … 73 73 define( 'CATEGORIFY_PLUGIN_NAME', 'Categorify' ); 74 74 define( 'CATEGORIFY_PLUGIN_URL', plugin_dir_url( CATEGORIFY__FILE__ ) ); 75 define( 'CATEGORIFY_PLUGIN_VERSION', '1.0.7. 4' );75 define( 'CATEGORIFY_PLUGIN_VERSION', '1.0.7.5' ); 76 76 function categorify_plugins_loaded() 77 77 { -
categorify/trunk/freemius/includes/class-freemius.php
r2997435 r3034410 1358 1358 1359 1359 function _run_garbage_collector() { 1360 // @todo - Remove this check once the garbage collector is ready to be out of beta. 1361 if ( true !== fs_get_optional_constant( 'WP_FS__ENABLE_GARBAGE_COLLECTOR', false ) ) { 1360 if ( true !== fs_get_optional_constant( 'WP_FS__ENABLE_GARBAGE_COLLECTOR', true ) ) { 1362 1361 return; 1363 1362 } -
categorify/trunk/freemius/includes/class-fs-garbage-collector.php
r2998026 r3034410 282 282 283 283 foreach ( $users as $user_id => $user ) { 284 if ( ! isset( $user_has_install [ $user_id ] ) ) {284 if ( ! isset( $user_has_install_map[ $user_id ] ) ) { 285 285 unset( $users[ $user_id ] ); 286 286 -
categorify/trunk/freemius/start.php
r2997435 r3034410 16 16 * @var string 17 17 */ 18 $this_sdk_version = '2.6. 0';18 $this_sdk_version = '2.6.2'; 19 19 20 20 #region SDK Selection Logic -------------------------------------------------------------------- … … 47 47 $file_path = fs_normalize_path( __FILE__ ); 48 48 $fs_root_path = dirname( $file_path ); 49 50 // @todo: Remove this code after a few months when WP 6.3 usage is low enough. 51 global $wp_version; 49 52 50 53 if ( … … 54 57 * @see theme-previews.php:wp_get_theme_preview_path() 55 58 * 56 * @todo If this behavior is fixed in the core, we will remove this workaround.59 * @todo This behavior is already fixed in the core (WP 6.3.2+), and this code can be removed after a few months when WP 6.3 usage is low enough. 57 60 * @since WP 6.3.0 58 61 */ 62 version_compare( $wp_version, '6.3', '>=' ) && 63 version_compare( $wp_version, '6.3.1', '<=' ) && 59 64 ( 60 65 'site-editor.php' === basename( $_SERVER['SCRIPT_FILENAME'] ) || -
categorify/trunk/inc/sidebar.php
r2998038 r3034410 50 50 'wp_kses_allowed_html', 51 51 array( $this, 'categorify_allowed_html' ), 52 11,52 20, 53 53 2 54 54 ); … … 77 77 $allowed = array( 78 78 'input' => array_merge( $common_attributes, array( 79 'type' => array(),80 'name' => array(),81 'value' => array(),82 'placeholder' => array(),83 'autocomplete' => array(),79 'type' => array(), 80 'name' => array(), 81 'value' => array(), 82 'placeholder' => array(), 83 'autocomplete' => array(), 84 84 ) ), 85 85 'select' => array_merge( $common_attributes, array( 86 'class' => array(),86 'class' => array(), 87 87 ) ), 88 88 'option' => array( 89 'value' => array(),89 'value' => array(), 90 90 ), 91 91 'img' => array_merge( $common_attributes, array( 92 'src' => true,93 'alt' => true,94 'title' => true,95 'width' => true,96 'height' => true,92 'src' => true, 93 'alt' => true, 94 'title' => true, 95 'width' => true, 96 'height' => true, 97 97 ) ), 98 98 'ul' => $common_attributes, … … 103 103 'svg' => $common_attributes, 104 104 'h3' => $common_attributes, 105 'p' => $common_attributes, 105 106 ); 106 107 } … … 172 173 wp_register_script( 'inline-script-handle-header', '' ); 173 174 wp_enqueue_script( 'inline-script-handle-header' ); 174 wp_add_inline_script( 'inline-script-handle-header', '/* <![CDATA[ */ var categorifyFolders = [{"folderID":"all","folderName":"' . esc_html( $allFilesText ) . '"}, {"folderID":"-1","folderName":"' . esc_html( $uncategorizedText ) . '"},' . wp_kses _post( substr( $attachmentTerms, 2 )) . ']; /* ]]> */' );175 wp_add_inline_script( 'inline-script-handle-header', '/* <![CDATA[ */ var categorifyFolders = [{"folderID":"all","folderName":"' . esc_html( $allFilesText ) . '"}, {"folderID":"-1","folderName":"' . esc_html( $uncategorizedText ) . '"},' . wp_kses( substr( $attachmentTerms, 2 ), 'post' ) . ']; /* ]]> */' ); 175 176 wp_enqueue_script( 'jquery-ui-draggable' ); 176 177 wp_enqueue_script( 'jquery-ui-droppable' ); … … 228 229 'plugin' => CATEGORIFY_PLUGIN_NAME, 229 230 'pluginURL' => CATEGORIFY_URL, 230 'nonce' => wp_create_nonce( ' ajax-nonce' ),231 'nonce' => wp_create_nonce( 'categorify-security' ), 231 232 'uploadURL' => admin_url( 'upload.php' ), 232 233 'ajaxUrl' => admin_url( 'admin-ajax.php' ), … … 258 259 'pluginURL' => CATEGORIFY_URL, 259 260 'ajaxUrl' => admin_url( 'admin-ajax.php' ), 260 'nonce' => wp_create_nonce( ' ajax-nonce' ),261 'nonce' => wp_create_nonce( 'categorify-security' ), 261 262 'moveOneFile' => esc_html__( 'Move 1 file', CATEGORIFY_TEXT_DOMAIN ), 262 263 'move' => esc_html__( 'Move', CATEGORIFY_TEXT_DOMAIN ), … … 271 272 ] ); 272 273 wp_localize_script( 'categorify-upload', 'categorifyConfig', [ 273 'nonce' => wp_create_nonce( ' ajax-nonce' ),274 'nonce' => wp_create_nonce( 'categorify-security' ), 274 275 ] ); 275 276 wp_enqueue_script( 'iaoalert' ); … … 329 330 $output .= $this->splitter(); 330 331 $output .= '</div>'; 331 echo wp_kses _post( $output) ;332 echo wp_kses( $output, 'post' ) ; 332 333 } 333 334 … … 357 358 $output .= '</p>'; 358 359 // echo result 359 echo wp_kses_post( $output ) ; 360 echo wp_kses( $output, 'post' ) ; 361 } 362 363 public function checkUserRole() { 364 $user_id = get_current_user_id(); 365 if ($user_id) { 366 $user_info = get_userdata($user_id); // Get user data 367 // Check if the user has the 'administrator' role 368 if (in_array('administrator', $user_info->roles)) { 369 return true; // User is an administrator 370 } else { 371 return false; // User is not an administrator 372 } 373 } else { 374 return false; // User ID not found 375 } 360 376 } 361 377 362 378 public function categorifyAjaxAddCategory() 363 379 { 380 381 check_ajax_referer( 'categorify-security', 'security' ); 382 383 // Check user role 384 $action = $this->checkUserRole(); 385 386 // Stop execution if user is not an administrator 387 if (!$action) { 388 wp_die('You do not have permission to perform this action.'); 389 } 390 364 391 $categoryName = sanitize_text_field( $_POST["categoryName"] ); 365 392 $parent = sanitize_text_field( $_POST["parent"] ); … … 386 413 public function categorifyAjaxDeleteCategory() 387 414 { 415 check_ajax_referer( 'categorify-security', 'security' ); 416 417 // Check user role 418 $action = $this->checkUserRole(); 419 420 // Stop execution if user is not an administrator 421 if (!$action) { 422 wp_die('You do not have permission to perform this action.'); 423 } 424 388 425 $categoryID = sanitize_text_field( $_POST["categoryID"] ); 389 426 $selectedTerm = get_term( $categoryID, CATEGORIFY_TAXONOMY ); … … 407 444 { 408 445 global $wpdb ; 446 check_ajax_referer( 'categorify-security', 'security' ); 447 448 // Check user role 449 $action = $this->checkUserRole(); 450 451 // Stop execution if user is not an administrator 452 if (!$action) { 453 wp_die('You do not have permission to perform this action.'); 454 } 409 455 $categoryID = sanitize_text_field( $_POST["categoryID"] ); 410 456 $selectedTerm = get_term( $categoryID, CATEGORIFY_TAXONOMY ); … … 426 472 public function categorifyAjaxRenameCategory() 427 473 { 474 check_ajax_referer( 'categorify-security', 'security' ); 475 476 // Check user role 477 $action = $this->checkUserRole(); 478 479 // Stop execution if user is not an administrator 480 if (!$action) { 481 wp_die('You do not have permission to perform this action.'); 482 } 428 483 $categoryID = sanitize_text_field( $_POST["categoryID"] ); 429 484 $categoryTitle = sanitize_text_field( $_POST["categoryTitle"] ); … … 482 537 public function categorifyAjaxMoveMultipleMedia() 483 538 { 539 540 check_ajax_referer( 'categorify-security', 'security' ); 541 542 // Check user role 543 $action = $this->checkUserRole(); 544 545 // Stop execution if user is not an administrator 546 if (!$action) { 547 wp_die('You do not have permission to perform this action.'); 548 } 549 484 550 $IDs = $this->recursive_sanitize_text_field( $_POST['IDs'] ); 485 551 $folderID = sanitize_text_field( $_POST['folderID'] ); … … 514 580 public function categorifyAjaxGetTermsByMedia() 515 581 { 582 check_ajax_referer( 'categorify-security', 'security' ); 583 584 // Check user role 585 $action = $this->checkUserRole(); 586 587 // Stop execution if user is not an administrator 588 if (!$action) { 589 wp_die('You do not have permission to perform this action.'); 590 } 591 516 592 $error = 'no'; 517 $nonce = sanitize_text_field( $_POST[' nonce'] );593 $nonce = sanitize_text_field( $_POST['security'] ); 518 594 $terms = array(); 519 if ( !wp_verify_nonce( $nonce, ' ajax-nonce' ) ) {595 if ( !wp_verify_nonce( $nonce, 'categorify-security' ) ) { 520 596 $error = 'yes'; 521 597 } … … 538 614 public function categorifyAjaxMoveSingleMedia() 539 615 { 616 617 check_ajax_referer( 'categorify-security', 'security' ); 618 619 // Check user role 620 $action = $this->checkUserRole(); 621 622 // Stop execution if user is not an administrator 623 if (!$action) { 624 wp_die('You do not have permission to perform this action.'); 625 } 626 540 627 $error = 'no'; 541 628 … … 601 688 public function categorifyAjaxUpdateFolderPosition() 602 689 { 690 check_ajax_referer( 'categorify-security', 'security' ); 691 692 // Check user role 693 $action = $this->checkUserRole(); 694 695 // Stop execution if user is not an administrator 696 if (!$action) { 697 wp_die('You do not have permission to perform this action.'); 698 } 603 699 $results = sanitize_text_field( $_POST["data"] ); 604 700 $results = explode( '#', $results ); … … 612 708 public function categorifyAjaxMoveCategory() 613 709 { 710 711 check_ajax_referer( 'categorify-security', 'security' ); 712 713 // Check user role 714 $action = $this->checkUserRole(); 715 716 // Stop execution if user is not an administrator 717 if (!$action) { 718 wp_die('You do not have permission to perform this action.'); 719 } 720 614 721 $current = sanitize_text_field( $_POST["current"] ); 615 722 $parent = sanitize_text_field( $_POST["parent"] ); … … 731 838 public function categorifyAjaxCheckDeletingMedia() 732 839 { 840 841 check_ajax_referer( 'categorify-security', 'security' ); 842 843 // Check user role 844 $action = $this->checkUserRole(); 845 846 // Stop execution if user is not an administrator 847 if (!$action) { 848 wp_die('You do not have permission to perform this action.'); 849 } 850 733 851 $attachmentID = ''; 734 852 $error = 'no'; 735 853 $terms = array(); 736 $ajaxNonce = sanitize_text_field( $_POST[' ajaxNonce'] );737 if ( !wp_verify_nonce( $ajaxNonce, ' ajax-nonce' ) ) {854 $ajaxNonce = sanitize_text_field( $_POST['security'] ); 855 if ( !wp_verify_nonce( $ajaxNonce, 'categorify-security' ) ) { 738 856 $error = 'yes'; 739 857 } -
categorify/trunk/readme.txt
r2998641 r3034410 6 6 Tags: media library folders, media library categories, media library folder, media library category, media folders, media category, subfolders, file manager, directories, folder, folders, organize 7 7 Requires at least: 6.0.0 8 Tested up to: 6.4. 19 Stable tag: 1.0.7. 48 Tested up to: 6.4.2 9 Stable tag: 1.0.7.5 10 10 License: GPLv2 or later 11 11 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 59 59 == Changelog == 60 60 61 = Version 1.0.7.5 - Feb 12, 2024 = 62 - Fixed: Security Issues 63 - Fixed: Html output issues. 64 61 65 = Version 1.0.7.4 - Nov 20, 2023 = 62 66 - Fixed: Minor Issues
Note: See TracChangeset
for help on using the changeset viewer.