WordPress.org

Plugin Directory

Changeset 494804


Ignore:
Timestamp:
01/24/12 22:43:04 (2 years ago)
Author:
vhauri
Message:

Adding nonce and admin referer check, allowing HTML tags in tagline with wp_kses_post filtering

Location:
tagline-rotator/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • tagline-rotator/trunk/readme.txt

    r480931 r494804  
    33Donate link: http://neverblog.net/tagline-rotator-plugin-for-wordpress/ 
    44Tags: taglines, random, header 
    5 Requires at least: 2.0.2 
     5Requires at least: 2.9 
    66Tested up to: 3.3 
    77Stable tag: trunk 
     
    6363Version 2.1 - 12-27-2010 - Fixes an issue with slashes not being properly escaped, and an issue with sorting that could cause a duplicate tagline to appear when changing an existing tagline. If you have version 2.0, you should upgrade immediately. 
    6464Version 2.2 - 12-28-2010 - Fixes a bug that could cause taglines not to display. 
     65Version 2.3 - 1-24-2012 - Allow HTML tags permitted in posts to appear in taglines, adds nonce verification and admin referer check 
  • tagline-rotator/trunk/tagline-rotator.php

    r326535 r494804  
    3636                add_action('admin_menu', array($this, 'add_pages')); 
    3737            else 
    38                 add_filter('bloginfo', array($this, 'filter_bloginfo'),1,2); 
     38                add_filter('bloginfo', array($this, 'filter_bloginfo'),11,2); 
    3939             
    4040            register_activation_hook(__FILE__,array('WP_Tagline_Rotator', 'tagline_upgrade_check')); 
     
    6060        public static function tagline_options_page() { 
    6161            $taglines = get_option('tagline_rotator_taglines'); 
    62             if(isset($_POST['text'])){ 
    63                 $text = $_POST['text']; 
    64                 foreach ($text as $key => $tagline){ 
    65                     if($tagline !== '') 
    66                         $taglines[$key] = $tagline; 
     62 
     63            if( !empty($_POST) && check_admin_referer('tagline-rotator-update-options', 'tagline-rotator-nonce') ) 
     64            { 
     65             
     66                if(isset($_POST['text'])){ 
     67                    $text = $_POST['text']; 
     68                    foreach ($text as $key => $tagline){ 
     69                        if($tagline !== '') 
     70                            $taglines[$key] = wp_kses_post($tagline); 
     71                        } 
    6772                    } 
     73                 
     74                //loop through the checkboxes to see what to delete 
     75                if(isset($_POST['box'])){ 
     76                    $box = $_POST['box']; 
     77                    foreach ($box as $x){ 
     78                        unset($taglines[$x]); 
     79                    }    
     80                }   
     81                 
     82                // check for new tagline and insert if found 
     83                if(isset($_POST['new_tagline']) && $_POST['new_tagline'] !== ''){ 
     84                    $new_tagline = wp_kses_post($_POST['new_tagline']); 
     85                    $taglines[] = $new_tagline; 
    6886                } 
    69              
    70             //loop through the checkboxes to see what to delete 
    71             if(isset($_POST['box'])){ 
    72                 $box = $_POST['box']; 
    73                 foreach ($box as $x){ 
    74                     unset($taglines[$x]); 
    75                 }    
    76             }   
    77              
    78             // check for new tagline and insert if found 
    79             if(isset($_POST['new_tagline']) && $_POST['new_tagline'] !== ''){ 
    80                 $new_tagline = $_POST['new_tagline']; 
    81                 $taglines[] = $new_tagline; 
     87                 
     88                update_option('tagline_rotator_taglines', $taglines); 
    8289            } 
    83              
    84             update_option('tagline_rotator_taglines', $taglines); 
    85  
    8690            ?> 
    8791 
     
    105109            <h3>Delete Taglines</h3> 
    106110            <table class="form-table"> 
    107             <?php wp_nonce_field('update-options'); ?> 
     111            <?php wp_nonce_field('tagline-rotator-update-options', 'tagline-rotator-nonce'); ?> 
    108112 
    109113            <?php 
Note: See TracChangeset for help on using the changeset viewer.