Version Description
- fix / update security issue
- fix security issue (Admin + Stored XSS) and unauthenticated icon deletion
Download this release
Release Info
| Developer | cybernetikz |
| Plugin |  Easy Social Icons |
| Version | 3.2.1 |
| Comparing to | |
| See all releases | |
Code changes from version 3.2.0 to 3.2.1
- easy-social-icons.php +23 -16
- readme.txt +5 -1
easy-social-icons.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Easy Social Icons
|
| 4 |
Plugin URI: http://www.cybernetikz.com
|
| 5 |
Description: You can upload your own social icon, set your social URL, choose weather you want to display vertical or horizontal. You can use the shortcode <strong>[cn-social-icon]</strong> in page/post, template tag for php file <strong><?php if ( function_exists('cn_social_icon') ) echo cn_social_icon(); ?></strong> also you can use the widget <strong>"Easy Social Icons"</strong> for sidebar.
|
| 6 |
-
Version: 3.2.
|
| 7 |
Author: cybernetikz
|
| 8 |
Author URI: http://www.cybernetikz.com
|
| 9 |
License: GPL2
|
|
@@ -18,6 +18,7 @@ $cnssPluginsURI = plugins_url('/', __FILE__);
|
|
| 18 |
|
| 19 |
add_action('init', 'cnss_init_script');
|
| 20 |
add_action('init', 'cnss_process_post');
|
|
|
|
| 21 |
add_action('wp_ajax_update-social-icon-order', 'cnss_save_ajax_order' );
|
| 22 |
add_action('admin_menu', 'cnss_add_menu_pages');
|
| 23 |
add_action('wp_head', 'cnss_social_profile_links_fn');
|
|
@@ -29,13 +30,18 @@ if( isset($_GET['page']) ) {
|
|
| 29 |
}
|
| 30 |
register_activation_hook(__FILE__,'cnss_db_install');
|
| 31 |
add_shortcode('cn-social-icon', 'cn_social_icon');
|
| 32 |
-
|
| 33 |
-
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
|
| 37 |
-
|
| 38 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 39 |
}
|
| 40 |
}
|
| 41 |
|
|
@@ -926,12 +932,12 @@ function cnss_social_icon_add_fn() {
|
|
| 926 |
|
| 927 |
if (!empty($icon_info))
|
| 928 |
{
|
| 929 |
-
$id = $icon_info->id;
|
| 930 |
-
$title = $icon_info->title;
|
| 931 |
-
$url = $icon_info->url;
|
| 932 |
-
$image_url = $icon_info->image_url;
|
| 933 |
-
$sortorder = $icon_info->sortorder;
|
| 934 |
-
$target = $icon_info->target;
|
| 935 |
}
|
| 936 |
}
|
| 937 |
}
|
|
@@ -1036,7 +1042,7 @@ if($err!='') echo '<div id="message" class="error fade">'.$err.'</div>';
|
|
| 1036 |
|
| 1037 |
<?php if (isset($_GET['mode']) ) { ?>
|
| 1038 |
<input type="hidden" name="action" value="edit" />
|
| 1039 |
-
<input type="hidden" name="id" id="id" value="<?php echo
|
| 1040 |
<?php } else {?>
|
| 1041 |
<input type="hidden" name="action" value="update" />
|
| 1042 |
<?php } ?>
|
|
@@ -1096,6 +1102,7 @@ function cnss_social_icon_page_fn() {
|
|
| 1096 |
|
| 1097 |
$image_file_path = $cnssBaseURL;
|
| 1098 |
$icons = cnss_get_all_icons();
|
|
|
|
| 1099 |
?>
|
| 1100 |
<div class="wrap">
|
| 1101 |
<?php echo cnss_esi_review_text(); ?>
|
|
@@ -1109,7 +1116,7 @@ function cnss_social_icon_page_fn() {
|
|
| 1109 |
if (r==true)
|
| 1110 |
{
|
| 1111 |
rpath1 = '<?php echo admin_url('admin.php?page=cnss_social_icon_page'); ?>';
|
| 1112 |
-
rpath2 = '&cnss-delete=y&id='+id;
|
| 1113 |
window.location = rpath1+rpath2;
|
| 1114 |
}
|
| 1115 |
}
|
| 3 |
Plugin Name: Easy Social Icons
|
| 4 |
Plugin URI: http://www.cybernetikz.com
|
| 5 |
Description: You can upload your own social icon, set your social URL, choose weather you want to display vertical or horizontal. You can use the shortcode <strong>[cn-social-icon]</strong> in page/post, template tag for php file <strong><?php if ( function_exists('cn_social_icon') ) echo cn_social_icon(); ?></strong> also you can use the widget <strong>"Easy Social Icons"</strong> for sidebar.
|
| 6 |
+
Version: 3.2.1
|
| 7 |
Author: cybernetikz
|
| 8 |
Author URI: http://www.cybernetikz.com
|
| 9 |
License: GPL2
|
| 18 |
|
| 19 |
add_action('init', 'cnss_init_script');
|
| 20 |
add_action('init', 'cnss_process_post');
|
| 21 |
+
add_action('admin_init', 'cnss_delete_icon');
|
| 22 |
add_action('wp_ajax_update-social-icon-order', 'cnss_save_ajax_order' );
|
| 23 |
add_action('admin_menu', 'cnss_add_menu_pages');
|
| 24 |
add_action('wp_head', 'cnss_social_profile_links_fn');
|
| 30 |
}
|
| 31 |
register_activation_hook(__FILE__,'cnss_db_install');
|
| 32 |
add_shortcode('cn-social-icon', 'cn_social_icon');
|
| 33 |
+
|
| 34 |
+
function cnss_delete_icon()
|
| 35 |
+
{
|
| 36 |
+
global $wpdb,$err,$msg,$cnssBaseDir;
|
| 37 |
+
if (isset($_GET['cnss-delete'])) {
|
| 38 |
+
if ($_GET['id'] != '' && wp_verify_nonce($_GET['_wpnonce'], 'cnss_delete_icon'))
|
| 39 |
+
{
|
| 40 |
+
$table_name = $wpdb->prefix . "cn_social_icon";
|
| 41 |
+
$image_file_path = $cnssBaseDir;
|
| 42 |
+
$wpdb->delete( $table_name, array( 'id' => $_GET['id'] ), array( '%d' ) );
|
| 43 |
+
$msg = "Delete Successful !"."<br />";
|
| 44 |
+
}
|
| 45 |
}
|
| 46 |
}
|
| 47 |
|
| 932 |
|
| 933 |
if (!empty($icon_info))
|
| 934 |
{
|
| 935 |
+
$id = esc_attr($icon_info->id);
|
| 936 |
+
$title = esc_attr($icon_info->title);
|
| 937 |
+
$url = esc_url($icon_info->url);
|
| 938 |
+
$image_url = esc_attr($icon_info->image_url);
|
| 939 |
+
$sortorder = esc_attr($icon_info->sortorder);
|
| 940 |
+
$target = esc_attr($icon_info->target);
|
| 941 |
}
|
| 942 |
}
|
| 943 |
}
|
| 1042 |
|
| 1043 |
<?php if (isset($_GET['mode']) ) { ?>
|
| 1044 |
<input type="hidden" name="action" value="edit" />
|
| 1045 |
+
<input type="hidden" name="id" id="id" value="<?php echo $id;?>" />
|
| 1046 |
<?php } else {?>
|
| 1047 |
<input type="hidden" name="action" value="update" />
|
| 1048 |
<?php } ?>
|
| 1102 |
|
| 1103 |
$image_file_path = $cnssBaseURL;
|
| 1104 |
$icons = cnss_get_all_icons();
|
| 1105 |
+
$nonce = wp_create_nonce( 'cnss_delete_icon' );
|
| 1106 |
?>
|
| 1107 |
<div class="wrap">
|
| 1108 |
<?php echo cnss_esi_review_text(); ?>
|
| 1116 |
if (r==true)
|
| 1117 |
{
|
| 1118 |
rpath1 = '<?php echo admin_url('admin.php?page=cnss_social_icon_page'); ?>';
|
| 1119 |
+
rpath2 = '&cnss-delete=y&id='+id+'&_wpnonce=<?php echo esc_attr($nonce); ?>';
|
| 1120 |
window.location = rpath1+rpath2;
|
| 1121 |
}
|
| 1122 |
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link:
|
|
| 4 |
Tags: easy social icons, easy social icon, social icons, social share, follow us, custom social icons, social media icons
|
| 5 |
Requires at least: 3.5
|
| 6 |
Tested up to: 5.9.2
|
| 7 |
-
Stable tag: 3.2.
|
| 8 |
|
| 9 |
Upload your own social media icons or choose from font-awesome. Use widget|shortcode to place icons anywhere(sidebar, header, footer, page) in theme.
|
| 10 |
|
|
@@ -76,6 +76,10 @@ If you are using wordpress version lower than 3.5 please use Easy social Icon ve
|
|
| 76 |
|
| 77 |
== Changelog ==
|
| 78 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
= 3.2.0 =
|
| 80 |
* fix / update security issue
|
| 81 |
* check with latest wordpress version 5.9.2
|
| 4 |
Tags: easy social icons, easy social icon, social icons, social share, follow us, custom social icons, social media icons
|
| 5 |
Requires at least: 3.5
|
| 6 |
Tested up to: 5.9.2
|
| 7 |
+
Stable tag: 3.2.1
|
| 8 |
|
| 9 |
Upload your own social media icons or choose from font-awesome. Use widget|shortcode to place icons anywhere(sidebar, header, footer, page) in theme.
|
| 10 |
|
| 76 |
|
| 77 |
== Changelog ==
|
| 78 |
|
| 79 |
+
= 3.2.1 =
|
| 80 |
+
* fix / update security issue
|
| 81 |
+
* fix security issue (Admin + Stored XSS) and unauthenticated icon deletion
|
| 82 |
+
|
| 83 |
= 3.2.0 =
|
| 84 |
* fix / update security issue
|
| 85 |
* check with latest wordpress version 5.9.2
|
