Changeset 682420
- Timestamp:
- 03/15/2013 03:13:49 PM (12 years ago)
- Location:
- wp-mailup/trunk
- Files:
-
- 4 edited
-
ajax.functions.php (modified) (5 diffs)
-
display-setting.php (modified) (1 diff)
-
display-widget.php (modified) (1 diff)
-
readme.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
wp-mailup/trunk/ajax.functions.php
r676428 r682420 5 5 */ 6 6 7 // Remove the two lines below when debugging 8 // ini_set('display_errors',1); 9 // error_reporting(E_ALL); 10 7 11 $logged_in = false; 8 if (count($_COOKIE)) { 9 foreach ($_COOKIE as $key => $val) { 10 if (substr($key, 0, 19) === "wordpress_logged_in") { 11 $logged_in = true; 12 } 13 } 12 include_once "myPluggable.php"; 13 14 15 16 //if ( current_user_can( 'manage_options' ) ) /* Not used because this message is returned: Fatal error: Call to undefined function wp_get_current_user() in /usr/local/www/vhosts/wpress.xrider.it/httpdocs/wp-includes/capabilities.php on line 1281 */ 17 18 if( is_user_logged_in() ) 19 { 20 $logged_in = true; 21 22 /* This commented block was active in 1.3.2 but it has been replaced by "is_user_logged_in" (see above) 23 due to security vulnerability that has been reported on "http://wpsecure.net/2013/03/mailup-plugin-ajax/" 24 if (count($_COOKIE)) { 25 foreach ($_COOKIE as $key => $val) { 26 if (substr($key, 0, 19) === "wordpress_logged_in") { 27 $logged_in = true; 28 } 29 } 30 } 31 */ 14 32 } 33 15 34 16 35 if(@$_REQUEST['formData'] == 'save') … … 20 39 } 21 40 else { 22 echo 'ACCESS DENIED ';41 echo 'ACCESS DENIED (1)'; 23 42 } 24 43 } … … 85 104 $wpmailup['mobileDisplayedName'] = $_REQUEST['mobile-displayed-name']; 86 105 87 $wpmailup['successMessage'] = $_REQUEST['success-message'];88 $wpmailup['genericError'] = $_REQUEST['generic-error'];89 $wpmailup['invalidAddress'] = $_REQUEST['invalid-address'];90 $wpmailup['invalidPhone'] = $_REQUEST['invalid-phone'];91 $wpmailup['alreadyPresent'] = $_REQUEST['already-present'];92 $wpmailup['fieldRequired'] = $_REQUEST['field-required'];93 $wpmailup['termsNotAgreed'] = $_REQUEST['terms-not-agreed'];94 $wpmailup['termsConfirm'] = $_REQUEST['terms-confirm'];106 $wpmailup['successMessage'] = stripslashes($_REQUEST['success-message']); 107 $wpmailup['genericError'] = stripslashes($_REQUEST['generic-error']); 108 $wpmailup['invalidAddress'] = stripslashes($_REQUEST['invalid-address']); 109 $wpmailup['invalidPhone'] = stripslashes($_REQUEST['invalid-phone']); 110 $wpmailup['alreadyPresent'] = stripslashes($_REQUEST['already-present']); 111 $wpmailup['fieldRequired'] = stripslashes($_REQUEST['field-required']); 112 $wpmailup['termsNotAgreed'] = stripslashes($_REQUEST['terms-not-agreed']); 113 $wpmailup['termsConfirm'] = stripslashes($_REQUEST['terms-confirm']); 95 114 $tmp = $_REQUEST[('terms-n-con')]; 96 115 $tmp=stripslashes($tmp); // see MailUp ticket 091-1874209D-0204 … … 106 125 107 126 if(@$_REQUEST['formData'] == 'load') 108 { 109 add_action('init', 'wpmailup_load_config'); 127 { 128 if($logged_in){ 129 add_action('init', 'wpmailup_load_config'); 130 } 131 else { 132 echo 'ACCESS DENIED (2)'; 133 } 134 110 135 } 136 137 111 138 112 139 function wpmailup_load_config() … … 118 145 } 119 146 147 120 148 ?> -
wp-mailup/trunk/display-setting.php
r676428 r682420 417 417 jQ.post('<?php echo $_SERVER['PHP_SELF']; ?>', {"formData":"load"}, function(data){ 418 418 //console.log(data); 419 419 420 /* 420 421 Fill the form data -
wp-mailup/trunk/display-widget.php
r676428 r682420 2 2 error_reporting(0); 3 3 $wpmailup = unserialize(get_option('wpmailup')); 4 /* exit('<pre>' . print_r($wpmailup, true) . '</pre>');*/4 /* exit('<pre>' . print_r($wpmailup, true) . '</pre>'); */ 5 5 6 6 $text_field_size = 22; -
wp-mailup/trunk/readme.txt
r676439 r682420 3 3 Tags: email marketing, e-mail marketing, newsletter sending, newsletter marketing, email signup, e-mail sign-up, subscription form, subscribe form, registration form, sms signup, newsletter, email, smtp, bulk, sms, send, list, subscribe, form, marketing, widget, plugin, feedburner, subscription, email newsletter form, email widget, emails, newsletter form, newsletter plugin, newsletter signup, newsletter widget, newsletters, signup, iscrizione, mailup 4 4 Requires at least: 3.0 5 Tested up to: 3.5 .15 Tested up to: 3.5 6 6 Stable tag: 1.3.2 7 7
Note: See TracChangeset
for help on using the changeset viewer.