404page – your smart custom 404 error page - Version 10.4

Version Description

security vulnerability in AJAX call fixed

Download this release

Release Info

Developer petersplugins
Plugin Icon 128x128 404page – your smart custom 404 error page
Version 10.4
Comparing to
See all releases

Code changes from version 10.3 to 10.4

404page.php CHANGED
@@ -9,7 +9,7 @@
9
* Plugin Name: 404page - your smart custom 404 error page
10
* Plugin URI: https://petersplugins.com/free-wordpress-plugins/404page/
11
* Description: Custom 404 the easy way! Set any page as custom 404 error page. No coding needed. Works with (almost) every Theme.
12
- * Version: 10.3
13
* Author: Peter Raschendorfer
14
* Author URI: https://petersplugins.com
15
* Text Domain: 404page
9
* Plugin Name: 404page - your smart custom 404 error page
10
* Plugin URI: https://petersplugins.com/free-wordpress-plugins/404page/
11
* Description: Custom 404 the easy way! Set any page as custom 404 error page. No coding needed. Works with (almost) every Theme.
12
+ * Version: 10.4
13
* Author: Peter Raschendorfer
14
* Author URI: https://petersplugins.com
15
* Text Domain: 404page
assets/js/404page.js CHANGED
@@ -1,13 +1,19 @@
1
jQuery(document).ready(function($) {
2
3
$( '.pp-404page-admin-notice' ).on( 'click', '.notice-dismiss', function ( event ) {
4
event.preventDefault();
5
data = {
6
action: 'pp_404page_dismiss_admin_notice',
7
- pp_404page_dismiss_admin_notice: $( this ).parent().attr( 'id' )
8
};
9
$.post( ajaxurl, data );
10
return false;
11
});
12
13
});
1
jQuery(document).ready(function($) {
2
3
$( '.pp-404page-admin-notice' ).on( 'click', '.notice-dismiss', function ( event ) {
4
+
5
event.preventDefault();
6
+
7
data = {
8
action: 'pp_404page_dismiss_admin_notice',
9
+ pp_404page_dismiss_admin_notice: $( this ).parent().attr( 'id' ),
10
+ securekey : pp_404page_security.securekey
11
};
12
+
13
$.post( ajaxurl, data );
14
+
15
return false;
16
+
17
});
18
19
});
inc/class-404page-admin.php CHANGED
@@ -325,6 +325,9 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
325
326
wp_enqueue_script( '404pagejs', $this->_core->get_asset_file( 'js', '404page.js' ), 'jquery', $this->_core->get_plugin_version(), true );
327
328
if ( get_current_screen()->id == $this->admin_handle ) {
329
330
wp_enqueue_script( '404page-ui', $this->_core->get_asset_file( 'js', '404page-ui.js' ), 'jquery', $this->_core->get_plugin_version(), true );
@@ -395,7 +398,7 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
395
if ( current_user_can( 'manage_options' ) && get_user_meta( get_current_user_id(), 'pp-404page-admin-notice-1', true ) != 'dismissed' ) {
396
?>
397
<div class="notice is-dismissible pp-404page-admin-notice" id="pp-404page-admin-notice-1">
398
- <p><img src="<?php echo $this->_core->get_asset_file( 'img', '/pluginicon.png' ); ?>" style="width: 48px; height: 48px; float: left; margin-right: 20px" /><strong><?php _e( 'Do you like the 404page plugin?', '404page' ); ?></strong><br /><?php _e( 'Follow me:', '404page' ); ?> <a class="dashicons dashicons-googleplus" href="https://plus.google.com/+petersplugins" title="<?php _e( 'Authors Google+ Page', '404page' ); ?>"></a> <a class="dashicons dashicons-facebook-alt" href="https://www.facebook.com/petersplugins" title="<?php _e( 'Authors facebook Page', '404page' ); ?>"></a><div class="clear"></div></p>
399
</div>
400
<?php
401
}
@@ -424,9 +427,19 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
424
*/
425
function dismiss_admin_notice() {
426
427
- if ( isset( $_POST['pp_404page_dismiss_admin_notice'] ) ) {
428
429
- update_user_meta( get_current_user_id(), $_POST['pp_404page_dismiss_admin_notice'], 'dismissed' );
430
431
}
432
@@ -472,6 +485,34 @@ if ( !class_exists( 'PP_404Page_Admin' ) ) {
472
}
473
474
}
475
476
}
477
325
326
wp_enqueue_script( '404pagejs', $this->_core->get_asset_file( 'js', '404page.js' ), 'jquery', $this->_core->get_plugin_version(), true );
327
328
+ // since 10.4
329
+ wp_localize_script( '404pagejs', 'pp_404page_security', array( 'securekey' => $this->get_nonce() ) );
330
+
331
if ( get_current_screen()->id == $this->admin_handle ) {
332
333
wp_enqueue_script( '404page-ui', $this->_core->get_asset_file( 'js', '404page-ui.js' ), 'jquery', $this->_core->get_plugin_version(), true );
398
if ( current_user_can( 'manage_options' ) && get_user_meta( get_current_user_id(), 'pp-404page-admin-notice-1', true ) != 'dismissed' ) {
399
?>
400
<div class="notice is-dismissible pp-404page-admin-notice" id="pp-404page-admin-notice-1">
401
+ <p><img src="<?php echo $this->_core->get_asset_file( 'img', '/pluginicon.png' ); ?>" style="width: 48px; height: 48px; float: left; margin-right: 20px" /><strong><?php _e( 'Do you like the 404page plugin?', '404page' ); ?></strong><br /><?php _e( 'Follow me:', '404page' ); ?> <a class="dashicons dashicons-facebook-alt" href="https://www.facebook.com/petersplugins" title="<?php _e( 'Authors facebook Page', '404page' ); ?>"></a><div class="clear"></div></p>
402
</div>
403
<?php
404
}
427
*/
428
function dismiss_admin_notice() {
429
430
+ // since 10.4 check nonce
431
+ if ( $this->check_nonce() ) {
432
+
433
+ if ( isset( $_POST['pp_404page_dismiss_admin_notice'] ) ) {
434
+
435
+ // since 104 check value
436
+ if (strpos( $_POST['pp_404page_dismiss_admin_notice'], 'pp-404page-admin-notice-') === 0 ) {
437
438
+ update_user_meta( get_current_user_id(), $_POST['pp_404page_dismiss_admin_notice'], 'dismissed' );
439
+
440
+ }
441
+
442
+ }
443
444
}
445
485
}
486
487
}
488
+
489
+
490
+ /**
491
+ * create nonce
492
+ *
493
+ * @since 10.4
494
+ * @access private
495
+ * @return string Nonce
496
+ */
497
+ private function get_nonce() {
498
+
499
+ return wp_create_nonce( 'pp_404page_dismiss_admin_notice' );
500
+
501
+ }
502
+
503
+
504
+ /**
505
+ * check nonce
506
+ *
507
+ * @since 10.4
508
+ * @access private
509
+ * @return boolean
510
+ */
511
+ private function check_nonce() {
512
+
513
+ return check_ajax_referer( 'pp_404page_dismiss_admin_notice', 'securekey', false );
514
+
515
+ }
516
517
}
518
loader.php CHANGED
@@ -40,7 +40,7 @@ function pp_404page() {
40
'file' => dirname( __FILE__ ) . '/404page.php',
41
'slug' => pathinfo( dirname( __FILE__ ) . '/404page.php', PATHINFO_FILENAME ),
42
'name' => '404page - your smart custom 404 error page',
43
- 'version' => '10.3'
44
) );
45
46
}
40
'file' => dirname( __FILE__ ) . '/404page.php',
41
'slug' => pathinfo( dirname( __FILE__ ) . '/404page.php', PATHINFO_FILENAME ),
42
'name' => '404page - your smart custom 404 error page',
43
+ 'version' => '10.4'
44
) );
45
46
}
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: petersplugins
3
Tags: page, 404, error, error page, 404 page, page not found, page not found error, 404 error page, missing, broken link, template, 404 link, seo, custom 404, custom 404 page, custom 404 error, custom 404 error page, customize 404, customize 404 page, customize 404 error page
4
Requires at least: 4.0
5
- Tested up to: 5.0
6
- Stable tag: 10.3
7
Requires PHP: 5.4
8
License: GPLv2 or later
9
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -152,6 +152,9 @@ Please use the [Support Forum](https://wordpress.org/support/plugin/404page).
152
153
== Changelog ==
154
155
= 10.3 (2019-02-21) =
156
* fix for compatibility with iThemes Sync ([ticket](https://wordpress.org/support/topic/ithemes-sync-issue/))
157
@@ -278,6 +281,9 @@ Please use the [Support Forum](https://wordpress.org/support/plugin/404page).
278
279
== Upgrade Notice ==
280
281
= 10.3 =
282
fix for compatibility with iThemes Sync
283
2
Contributors: petersplugins
3
Tags: page, 404, error, error page, 404 page, page not found, page not found error, 404 error page, missing, broken link, template, 404 link, seo, custom 404, custom 404 page, custom 404 error, custom 404 error page, customize 404, customize 404 page, customize 404 error page
4
Requires at least: 4.0
5
+ Tested up to: 5.1
6
+ Stable tag: 10.4
7
Requires PHP: 5.4
8
License: GPLv2 or later
9
License URI: http://www.gnu.org/licenses/gpl-2.0.html
152
153
== Changelog ==
154
155
+ = 10.4 (2019-03-31) =
156
+ * security vulnerability in AJAX call fixed
157
+
158
= 10.3 (2019-02-21) =
159
* fix for compatibility with iThemes Sync ([ticket](https://wordpress.org/support/topic/ithemes-sync-issue/))
160
281
282
== Upgrade Notice ==
283
284
+ = 10.4 =
285
+ security vulnerability in AJAX call fixed
286
+
287
= 10.3 =
288
fix for compatibility with iThemes Sync
289