Version Description
- Fix bug: "Invalid token." message appears after adding a record
Download this release
Release Info
| Developer | arisoft |
| Plugin |  ARI Adminer – WordPress Database Manager |
| Version | 1.2.2 |
| Comparing to | |
| See all releases | |
Code changes from version 1.2.0 to 1.2.2
- adminer/wrapper.php +3 -1
- ari-adminer.php +1 -1
- includes/defines.php +1 -1
- includes/helpers/class-bridge.php +29 -0
- readme.txt +14 -2
adminer/wrapper.php
CHANGED
|
@@ -30,7 +30,9 @@ if ( ! $adminer_config->load( $session_key ) ) {
|
|
| 30 |
|
| 31 |
$nonce = Request::get_var( '__wp_nonce' );
|
| 32 |
if ( 0 === strlen( $nonce ) || 0 === strlen( $adminer_config->nonce ) || $nonce !== $adminer_config->nonce ) {
|
| 33 |
-
|
|
|
|
|
|
|
| 34 |
}
|
| 35 |
|
| 36 |
if ( ! function_exists( 'adminer_object' ) ) {
|
| 30 |
|
| 31 |
$nonce = Request::get_var( '__wp_nonce' );
|
| 32 |
if ( 0 === strlen( $nonce ) || 0 === strlen( $adminer_config->nonce ) || $nonce !== $adminer_config->nonce ) {
|
| 33 |
+
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' && !WP_Adminer_Bridge::is_ajax_request() ) {
|
| 34 |
+
die( 'Access denied. Invalid token.' );
|
| 35 |
+
}
|
| 36 |
}
|
| 37 |
|
| 38 |
if ( ! function_exists( 'adminer_object' ) ) {
|
ari-adminer.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: ARI Adminer
|
| 4 |
Plugin URI: http://wp-quiz.ari-soft.com/plugins/wordpress-adminer.html
|
| 5 |
Description: Powerful, compact and easy to use database manager plugin for WordPress.
|
| 6 |
-
Version: 1.2.
|
| 7 |
Author: ARI Soft
|
| 8 |
Author URI: http://www.ari-soft.com
|
| 9 |
Text Domain: ari-adminer
|
| 3 |
Plugin Name: ARI Adminer
|
| 4 |
Plugin URI: http://wp-quiz.ari-soft.com/plugins/wordpress-adminer.html
|
| 5 |
Description: Powerful, compact and easy to use database manager plugin for WordPress.
|
| 6 |
+
Version: 1.2.2
|
| 7 |
Author: ARI Soft
|
| 8 |
Author URI: http://www.ari-soft.com
|
| 9 |
Text Domain: ari-adminer
|
includes/defines.php
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
<?php
|
| 2 |
defined( 'ABSPATH' ) or die( 'Access forbidden!' );
|
| 3 |
|
| 4 |
-
define( 'ARIADMINER_VERSION', '1.2.
|
| 5 |
define( 'ARIADMINER_SLUG', 'ari-adminer' );
|
| 6 |
define( 'ARIADMINER_ASSETS_URL', ARIADMINER_URL . 'assets/' );
|
| 7 |
define( 'ARIADMINER_VERSION_OPTION', 'ari_adminer' );
|
| 1 |
<?php
|
| 2 |
defined( 'ABSPATH' ) or die( 'Access forbidden!' );
|
| 3 |
|
| 4 |
+
define( 'ARIADMINER_VERSION', '1.2.2' );
|
| 5 |
define( 'ARIADMINER_SLUG', 'ari-adminer' );
|
| 6 |
define( 'ARIADMINER_ASSETS_URL', ARIADMINER_URL . 'assets/' );
|
| 7 |
define( 'ARIADMINER_VERSION_OPTION', 'ari_adminer' );
|
includes/helpers/class-bridge.php
CHANGED
|
@@ -119,6 +119,35 @@ class Bridge {
|
|
| 119 |
$content
|
| 120 |
);
|
| 121 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 122 |
return $content;
|
| 123 |
}
|
| 124 |
|
| 119 |
$content
|
| 120 |
);
|
| 121 |
|
| 122 |
+
$content = preg_replace_callback(
|
| 123 |
+
'/<\/form>/i',
|
| 124 |
+
function( $matches ) {
|
| 125 |
+
return sprintf(
|
| 126 |
+
'<input type="hidden" name="__wp_nonce" value="%s" />%s',
|
| 127 |
+
htmlspecialchars( $this->config->nonce ),
|
| 128 |
+
$matches[0]
|
| 129 |
+
);
|
| 130 |
+
},
|
| 131 |
+
$content
|
| 132 |
+
);
|
| 133 |
+
|
| 134 |
+
$content = preg_replace_callback(
|
| 135 |
+
'/<body[^>]*>/i',
|
| 136 |
+
function( $matches ) {
|
| 137 |
+
return script(
|
| 138 |
+
'if (typeof(ajax) !== "undefined" && !ajax.__patched) {' .
|
| 139 |
+
'const originalAjax = ajax;' .
|
| 140 |
+
'ajax = function(url, callback, data, message) {
|
| 141 |
+
if (!/__wp_nonce=/.test(url)) url += "&__wp_nonce=" + "' . $this->config->nonce . '";
|
| 142 |
+
console.log(url);
|
| 143 |
+
return originalAjax(url, callback, data, message);
|
| 144 |
+
};ajax.__patched = true;' .
|
| 145 |
+
'}') . $matches[0];
|
| 146 |
+
},
|
| 147 |
+
$content,
|
| 148 |
+
1
|
| 149 |
+
);
|
| 150 |
+
|
| 151 |
return $content;
|
| 152 |
}
|
| 153 |
|
readme.txt
CHANGED
|
@@ -3,8 +3,8 @@ Contributors: arisoft
|
|
| 3 |
Donate link: http://wp-quiz.ari-soft.com/plugins/wordpress-adminer.html
|
| 4 |
Tags: adminer, sql, database, mysql, report, sqlite, table, postgresql, dump, backup, import, export, phpmyadmin
|
| 5 |
Requires at least: 3.4
|
| 6 |
-
Tested up to: 5.
|
| 7 |
-
Stable tag: 1.2.
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
|
@@ -74,6 +74,12 @@ Sure, it is available [here](http://www.ari-soft.com/docs/wordpress/ari-adminer/
|
|
| 74 |
|
| 75 |
== Changelog ==
|
| 76 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 77 |
= 1.2.0 =
|
| 78 |
* Improve security
|
| 79 |
|
|
@@ -157,6 +163,12 @@ Sure, it is available [here](http://www.ari-soft.com/docs/wordpress/ari-adminer/
|
|
| 157 |
|
| 158 |
== Upgrade Notice ==
|
| 159 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 160 |
= 1.2.0 =
|
| 161 |
* Improve security
|
| 162 |
|
| 3 |
Donate link: http://wp-quiz.ari-soft.com/plugins/wordpress-adminer.html
|
| 4 |
Tags: adminer, sql, database, mysql, report, sqlite, table, postgresql, dump, backup, import, export, phpmyadmin
|
| 5 |
Requires at least: 3.4
|
| 6 |
+
Tested up to: 5.2.0
|
| 7 |
+
Stable tag: 1.2.2
|
| 8 |
License: GPLv2 or later
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 10 |
|
| 74 |
|
| 75 |
== Changelog ==
|
| 76 |
|
| 77 |
+
= 1.2.2 =
|
| 78 |
+
* Fix bug: "Invalid token." message appears after adding a record
|
| 79 |
+
|
| 80 |
+
= 1.2.1 =
|
| 81 |
+
* Fix the broken functionality: search tables, search in records
|
| 82 |
+
|
| 83 |
= 1.2.0 =
|
| 84 |
* Improve security
|
| 85 |
|
| 163 |
|
| 164 |
== Upgrade Notice ==
|
| 165 |
|
| 166 |
+
= 1.2.2 =
|
| 167 |
+
* Fix bug: "Invalid token." message appears after adding a record
|
| 168 |
+
|
| 169 |
+
= 1.2.1 =
|
| 170 |
+
* Fix the broken functionality: search tables, search in records
|
| 171 |
+
|
| 172 |
= 1.2.0 =
|
| 173 |
* Improve security
|
| 174 |
|
