WordPress.org

Plugin Directory

Changeset 504380 for relocate-upload


Ignore:
Timestamp:
02/13/12 16:45:45 (2 years ago)
Author:
alanft
Message:

version 0.20, proper WP ajax action, closing security hole

Location:
relocate-upload
Files:
2 edited
4 copied

Legend:

Unmodified
Added
Removed
  • relocate-upload/tags/0.20/readme.txt

    r142130 r504380  
    22Contributors: alanft 
    33Tags: admin, upload, folder, relocate 
    4 Requires at least: 2.6 
    5 Tested up to: 2.8.2 
    6 Stable tag: 0.14 
     4Requires at least: 2.8 
     5Tested up to: 3.3.1 
     6Stable tag: 0.20 
    77 
    88Wordpress uploads media to one pre-set folder. Relocate Upload lets you switch media to other folders. 
     
    3636 
    3737== Changelog == 
     380.20 - Adopted proper 'wp_ajax_' action, to close off a major security issue. 
     39 
    38400.14 - Many small fixes (check for existing files, database prefix bug fix, jquery enqueue, 2.8 media library update, path 'fixing') 
    3941 
  • relocate-upload/tags/0.20/relocate-upload.php

    r142130 r504380  
    55Description: Moves uploads to special folders 
    66Author: Alan Trewartha 
    7 Version: 0.14 
     7Version: 0.20 
    88Author URI: http://freakytrigger.co.uk/author/alan/ 
    99*/  
     
    1212define('SERVER_DOC_ROOT', $GLOBALS['_SERVER']['DOCUMENT_ROOT']); 
    1313 
     14if( is_admin() ) 
     15{ 
     16    add_action('wp_ajax_relocate_upload', 'relocate_upload_js_action'); 
     17} 
    1418 
    1519// Move folder request handled when called by GET AJAX 
    16 if (isset($_GET['ru_folder'])) 
    17 {   // WP setup and function access 
    18     define('WP_USE_THEMES', false); 
    19     require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter 
     20function relocate_upload_js_action() 
     21{   global $wpdb; 
     22    if (!isset($_GET['ru_folder'])) exit; 
    2023    check_admin_referer('ru_request_move'); 
    21     global $wpdb; 
    22  
    2324 
    2425    // find default path 
     
    9596    {   jQuery($element).attr({disabled: true}); 
    9697        jQuery($element).siblings("span").html(' Moving...'); 
    97         jQuery.get( 
    98             "<?php echo WP_CONTENT_URL."/plugins/relocate-upload/relocate-upload.php"; ?>", 
     98        jQuery.get(ajaxurl, 
    9999            {   ru_folder: $element.selectedIndex, 
    100100                       id: $element.getAttribute('media_id'), 
    101                  _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>', 
    102                   abspath: '<?php echo ABSPATH ?>' 
     101                   action: 'relocate_upload', 
     102                 _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>' 
    103103            }, 
    104104            function(data) 
  • relocate-upload/trunk/readme.txt

    r142130 r504380  
    22Contributors: alanft 
    33Tags: admin, upload, folder, relocate 
    4 Requires at least: 2.6 
    5 Tested up to: 2.8.2 
    6 Stable tag: 0.14 
     4Requires at least: 2.8 
     5Tested up to: 3.3.1 
     6Stable tag: 0.20 
    77 
    88Wordpress uploads media to one pre-set folder. Relocate Upload lets you switch media to other folders. 
     
    3636 
    3737== Changelog == 
     380.20 - Adopted proper 'wp_ajax_' action, to close off a major security issue. 
     39 
    38400.14 - Many small fixes (check for existing files, database prefix bug fix, jquery enqueue, 2.8 media library update, path 'fixing') 
    3941 
  • relocate-upload/trunk/relocate-upload.php

    r142130 r504380  
    55Description: Moves uploads to special folders 
    66Author: Alan Trewartha 
    7 Version: 0.14 
     7Version: 0.20 
    88Author URI: http://freakytrigger.co.uk/author/alan/ 
    99*/  
     
    1212define('SERVER_DOC_ROOT', $GLOBALS['_SERVER']['DOCUMENT_ROOT']); 
    1313 
     14if( is_admin() ) 
     15{ 
     16    add_action('wp_ajax_relocate_upload', 'relocate_upload_js_action'); 
     17} 
    1418 
    1519// Move folder request handled when called by GET AJAX 
    16 if (isset($_GET['ru_folder'])) 
    17 {   // WP setup and function access 
    18     define('WP_USE_THEMES', false); 
    19     require_once(urldecode($_GET['abspath']).'/wp-load.php'); // save us looking for it, it's passed as a GET parameter 
     20function relocate_upload_js_action() 
     21{   global $wpdb; 
     22    if (!isset($_GET['ru_folder'])) exit; 
    2023    check_admin_referer('ru_request_move'); 
    21     global $wpdb; 
    22  
    2324 
    2425    // find default path 
     
    9596    {   jQuery($element).attr({disabled: true}); 
    9697        jQuery($element).siblings("span").html(' Moving...'); 
    97         jQuery.get( 
    98             "<?php echo WP_CONTENT_URL."/plugins/relocate-upload/relocate-upload.php"; ?>", 
     98        jQuery.get(ajaxurl, 
    9999            {   ru_folder: $element.selectedIndex, 
    100100                       id: $element.getAttribute('media_id'), 
    101                  _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>', 
    102                   abspath: '<?php echo ABSPATH ?>' 
     101                   action: 'relocate_upload', 
     102                 _wpnonce: '<?php echo wp_create_nonce("ru_request_move") ?>' 
    103103            }, 
    104104            function(data) 
Note: See TracChangeset for help on using the changeset viewer.