Version Description
security vulnerability in AJAX call fixed
Download this release
Release Info
| Developer | petersplugins |
| Plugin |  404page – your smart custom 404 error page |
| Version | 10.4 |
| Comparing to | |
| See all releases | |
Code changes from version 10.3 to 10.4
- 404page.php +1 -1
- assets/js/404page.js +7 -1
- inc/class-404page-admin.php +44 -3
- loader.php +1 -1
- readme.txt +8 -2
404page.php
CHANGED
|
@@ -9,7 +9,7 @@
|
|
| 9 |
* Plugin Name: 404page - your smart custom 404 error page
|
| 10 |
* Plugin URI: https://petersplugins.com/free-wordpress-plugins/404page/
|
| 11 |
* Description: Custom 404 the easy way! Set any page as custom 404 error page. No coding needed. Works with (almost) every Theme.
|
| 12 |
-
* Version: 10.
|
| 13 |
* Author: Peter Raschendorfer
|
| 14 |
* Author URI: https://petersplugins.com
|
| 15 |
* Text Domain: 404page
|
| 9 |
* Plugin Name: 404page - your smart custom 404 error page
|
| 10 |
* Plugin URI: https://petersplugins.com/free-wordpress-plugins/404page/
|
| 11 |
* Description: Custom 404 the easy way! Set any page as custom 404 error page. No coding needed. Works with (almost) every Theme.
|
| 12 |
+
* Version: 10.4
|
| 13 |
* Author: Peter Raschendorfer
|
| 14 |
* Author URI: https://petersplugins.com
|
| 15 |
* Text Domain: 404page
|
assets/js/404page.js
CHANGED
|
@@ -1,13 +1,19 @@
|
|
| 1 |
jQuery(document).ready(function($) {
|
| 2 |
|
| 3 |
$( '.pp-404page-admin-notice' ).on( 'click', '.notice-dismiss', function ( event ) {
|
|
|
|
| 4 |
event.preventDefault();
|
|
|
|
| 5 |
data = {
|
| 6 |
action: 'pp_404page_dismiss_admin_notice',
|
| 7 |
-
pp_404page_dismiss_admin_notice: $( this ).parent().attr( 'id' )
|
|
|
|
| 8 |
};
|
|
|
|
| 9 |
$.post( ajaxurl, data );
|
|
|
|
| 10 |
return false;
|
|
|
|
| 11 |
});
|
| 12 |
|
| 13 |
});
|
| 1 |
jQuery(document).ready(function($) {
|
| 2 |
|
| 3 |
$( '.pp-404page-admin-notice' ).on( 'click', '.notice-dismiss', function ( event ) {
|
| 4 |
+
|
| 5 |
event.preventDefault();
|
| 6 |
+
|
| 7 |
data = {
|
| 8 |
action: 'pp_404page_dismiss_admin_notice',
|
| 9 |
+
pp_404page_dismiss_admin_notice: $( this ).parent().attr( 'id' ),
|
| 10 |
+
securekey : pp_404page_security.securekey
|
| 11 |
};
|
| 12 |
+
|
| 13 |
$.post( ajaxurl, data );
|
| 14 |
+
|
| 15 |
return false;
|
| 16 |
+
|
| 17 |
});
|
| 18 |
|
| 19 |
});
|
inc/class-404page-admin.php
CHANGED
|
@@ -325,6 +325,9 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
|
|
| 325 |
|
| 326 |
wp_enqueue_script( '404pagejs', $this->_core->get_asset_file( 'js', '404page.js' ), 'jquery', $this->_core->get_plugin_version(), true );
|
| 327 |
|
|
|
|
|
|
|
|
|
|
| 328 |
if ( get_current_screen()->id == $this->admin_handle ) {
|
| 329 |
|
| 330 |
wp_enqueue_script( '404page-ui', $this->_core->get_asset_file( 'js', '404page-ui.js' ), 'jquery', $this->_core->get_plugin_version(), true );
|
|
@@ -395,7 +398,7 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
|
|
| 395 |
if ( current_user_can( 'manage_options' ) && get_user_meta( get_current_user_id(), 'pp-404page-admin-notice-1', true ) != 'dismissed' ) {
|
| 396 |
?>
|
| 397 |
<div class="notice is-dismissible pp-404page-admin-notice" id="pp-404page-admin-notice-1">
|
| 398 |
-
<p><img src="<?php echo $this->_core->get_asset_file( 'img', '/pluginicon.png' ); ?>" style="width: 48px; height: 48px; float: left; margin-right: 20px" /><strong><?php _e( 'Do you like the 404page plugin?', '404page' ); ?></strong><br /><?php _e( 'Follow me:', '404page' ); ?> <a class="dashicons dashicons-
|
| 399 |
</div>
|
| 400 |
<?php
|
| 401 |
}
|
|
@@ -424,9 +427,19 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
|
|
| 424 |
*/
|
| 425 |
function dismiss_admin_notice() {
|
| 426 |
|
| 427 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 428 |
|
| 429 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 430 |
|
| 431 |
}
|
| 432 |
|
|
@@ -472,6 +485,34 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
|
|
| 472 |
}
|
| 473 |
|
| 474 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 475 |
|
| 476 |
}
|
| 477 |
|
| 325 |
|
| 326 |
wp_enqueue_script( '404pagejs', $this->_core->get_asset_file( 'js', '404page.js' ), 'jquery', $this->_core->get_plugin_version(), true );
|
| 327 |
|
| 328 |
+
// since 10.4
|
| 329 |
+
wp_localize_script( '404pagejs', 'pp_404page_security', array( 'securekey' => $this->get_nonce() ) );
|
| 330 |
+
|
| 331 |
if ( get_current_screen()->id == $this->admin_handle ) {
|
| 332 |
|
| 333 |
wp_enqueue_script( '404page-ui', $this->_core->get_asset_file( 'js', '404page-ui.js' ), 'jquery', $this->_core->get_plugin_version(), true );
|
| 398 |
if ( current_user_can( 'manage_options' ) && get_user_meta( get_current_user_id(), 'pp-404page-admin-notice-1', true ) != 'dismissed' ) {
|
| 399 |
?>
|
| 400 |
<div class="notice is-dismissible pp-404page-admin-notice" id="pp-404page-admin-notice-1">
|
| 401 |
+
<p><img src="<?php echo $this->_core->get_asset_file( 'img', '/pluginicon.png' ); ?>" style="width: 48px; height: 48px; float: left; margin-right: 20px" /><strong><?php _e( 'Do you like the 404page plugin?', '404page' ); ?></strong><br /><?php _e( 'Follow me:', '404page' ); ?> <a class="dashicons dashicons-facebook-alt" href="https://www.facebook.com/petersplugins" title="<?php _e( 'Authors facebook Page', '404page' ); ?>"></a><div class="clear"></div></p>
|
| 402 |
</div>
|
| 403 |
<?php
|
| 404 |
}
|
| 427 |
*/
|
| 428 |
function dismiss_admin_notice() {
|
| 429 |
|
| 430 |
+
// since 10.4 check nonce
|
| 431 |
+
if ( $this->check_nonce() ) {
|
| 432 |
+
|
| 433 |
+
if ( isset( $_POST['pp_404page_dismiss_admin_notice'] ) ) {
|
| 434 |
+
|
| 435 |
+
// since 104 check value
|
| 436 |
+
if (strpos( $_POST['pp_404page_dismiss_admin_notice'], 'pp-404page-admin-notice-') === 0 ) {
|
| 437 |
|
| 438 |
+
update_user_meta( get_current_user_id(), $_POST['pp_404page_dismiss_admin_notice'], 'dismissed' );
|
| 439 |
+
|
| 440 |
+
}
|
| 441 |
+
|
| 442 |
+
}
|
| 443 |
|
| 444 |
}
|
| 445 |
|
| 485 |
}
|
| 486 |
|
| 487 |
}
|
| 488 |
+
|
| 489 |
+
|
| 490 |
+
/**
|
| 491 |
+
* create nonce
|
| 492 |
+
*
|
| 493 |
+
* @since 10.4
|
| 494 |
+
* @access private
|
| 495 |
+
* @return string Nonce
|
| 496 |
+
*/
|
| 497 |
+
private function get_nonce() {
|
| 498 |
+
|
| 499 |
+
return wp_create_nonce( 'pp_404page_dismiss_admin_notice' );
|
| 500 |
+
|
| 501 |
+
}
|
| 502 |
+
|
| 503 |
+
|
| 504 |
+
/**
|
| 505 |
+
* check nonce
|
| 506 |
+
*
|
| 507 |
+
* @since 10.4
|
| 508 |
+
* @access private
|
| 509 |
+
* @return boolean
|
| 510 |
+
*/
|
| 511 |
+
private function check_nonce() {
|
| 512 |
+
|
| 513 |
+
return check_ajax_referer( 'pp_404page_dismiss_admin_notice', 'securekey', false );
|
| 514 |
+
|
| 515 |
+
}
|
| 516 |
|
| 517 |
}
|
| 518 |
|
loader.php
CHANGED
|
@@ -40,7 +40,7 @@ function pp_404page() {
|
|
| 40 |
'file' => dirname( __FILE__ ) . '/404page.php',
|
| 41 |
'slug' => pathinfo( dirname( __FILE__ ) . '/404page.php', PATHINFO_FILENAME ),
|
| 42 |
'name' => '404page - your smart custom 404 error page',
|
| 43 |
-
'version' => '10.
|
| 44 |
) );
|
| 45 |
|
| 46 |
}
|
| 40 |
'file' => dirname( __FILE__ ) . '/404page.php',
|
| 41 |
'slug' => pathinfo( dirname( __FILE__ ) . '/404page.php', PATHINFO_FILENAME ),
|
| 42 |
'name' => '404page - your smart custom 404 error page',
|
| 43 |
+
'version' => '10.4'
|
| 44 |
) );
|
| 45 |
|
| 46 |
}
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: petersplugins
|
| 3 |
Tags: page, 404, error, error page, 404 page, page not found, page not found error, 404 error page, missing, broken link, template, 404 link, seo, custom 404, custom 404 page, custom 404 error, custom 404 error page, customize 404, customize 404 page, customize 404 error page
|
| 4 |
Requires at least: 4.0
|
| 5 |
-
Tested up to: 5.
|
| 6 |
-
Stable tag: 10.
|
| 7 |
Requires PHP: 5.4
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
|
@@ -152,6 +152,9 @@ Please use the [Support Forum](https://wordpress.org/support/plugin/404page).
|
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
|
|
|
|
|
|
|
|
|
| 155 |
= 10.3 (2019-02-21) =
|
| 156 |
* fix for compatibility with iThemes Sync ([ticket](https://wordpress.org/support/topic/ithemes-sync-issue/))
|
| 157 |
|
|
@@ -278,6 +281,9 @@ Please use the [Support Forum](https://wordpress.org/support/plugin/404page).
|
|
| 278 |
|
| 279 |
== Upgrade Notice ==
|
| 280 |
|
|
|
|
|
|
|
|
|
|
| 281 |
= 10.3 =
|
| 282 |
fix for compatibility with iThemes Sync
|
| 283 |
|
| 2 |
Contributors: petersplugins
|
| 3 |
Tags: page, 404, error, error page, 404 page, page not found, page not found error, 404 error page, missing, broken link, template, 404 link, seo, custom 404, custom 404 page, custom 404 error, custom 404 error page, customize 404, customize 404 page, customize 404 error page
|
| 4 |
Requires at least: 4.0
|
| 5 |
+
Tested up to: 5.1
|
| 6 |
+
Stable tag: 10.4
|
| 7 |
Requires PHP: 5.4
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 152 |
|
| 153 |
== Changelog ==
|
| 154 |
|
| 155 |
+
= 10.4 (2019-03-31) =
|
| 156 |
+
* security vulnerability in AJAX call fixed
|
| 157 |
+
|
| 158 |
= 10.3 (2019-02-21) =
|
| 159 |
* fix for compatibility with iThemes Sync ([ticket](https://wordpress.org/support/topic/ithemes-sync-issue/))
|
| 160 |
|
| 281 |
|
| 282 |
== Upgrade Notice ==
|
| 283 |
|
| 284 |
+
= 10.4 =
|
| 285 |
+
security vulnerability in AJAX call fixed
|
| 286 |
+
|
| 287 |
= 10.3 =
|
| 288 |
fix for compatibility with iThemes Sync
|
| 289 |
|
