OMGF | GDPR/DSVGO Compliant, Faster Google Fonts. Easy. - Version 4.5.3

Version Description

| August 17th, 2021 = * Fix: "Too few arguments to function OmgfPro_Frontend_AutoReplace::passthru_handle()" would occur if OMGF Pro was updated to v2.5.1 before OMGF was updated to v4.5.2.

Download this release

Release Info

Developer DaanvandenBergh
Plugin Icon 128x128 OMGF | GDPR/DSVGO Compliant, Faster Google Fonts. Easy.
Version 4.5.3
Comparing to
See all releases

Code changes from version 4.5.2 to 4.5.3

Files changed (7) hide show
  1. assets/js/omgf-admin.js +2 -0
  2. host-webfonts-local.php +1 -1
  3. includes/admin/class-settings.php +2 -2
  4. includes/api/class-download.php +2 -2
  5. includes/class-ajax.php +12 -0
  6. includes/frontend/class-functions.php +3 -1
  7. readme.txt +4 -1
assets/js/omgf-admin.js CHANGED
@@ -21,6 +21,7 @@ jQuery(document).ready(function ($) {
21
  optimize_xhr: false,
22
  cache_prefix: '-mod-',
23
  cache_section: $('.omgf-empty').data('cache-section'),
 
24
 
25
  /**
26
  * Initialize all on click events.
@@ -257,6 +258,7 @@ jQuery(document).ready(function ($) {
257
  url: ajaxurl,
258
  data: {
259
  action: 'omgf_ajax_empty_dir',
 
260
  section: omgf_admin.cache_section
261
  },
262
  beforeSend: function () {
21
  optimize_xhr: false,
22
  cache_prefix: '-mod-',
23
  cache_section: $('.omgf-empty').data('cache-section'),
24
+ nonce: $('.omgf-empty').data('nonce'),
25
 
26
  /**
27
  * Initialize all on click events.
258
  url: ajaxurl,
259
  data: {
260
  action: 'omgf_ajax_empty_dir',
261
+ nonce: omgf_admin.nonce,
262
  section: omgf_admin.cache_section
263
  },
264
  beforeSend: function () {
host-webfonts-local.php CHANGED
@@ -4,7 +4,7 @@
4
  * Plugin Name: OMGF
5
  * Plugin URI: https://daan.dev/wordpress-plugins/host-google-fonts-locally
6
  * Description: Minimize DNS requests, leverage browser cache and speed up WordPress by saving Google Fonts to your server and removing external Google Fonts requests.
7
- * Version: 4.5.2
8
  * Author: Daan from FFW.Press
9
  * Author URI: https://ffw.press
10
  * License: GPL2v2 or later
4
  * Plugin Name: OMGF
5
  * Plugin URI: https://daan.dev/wordpress-plugins/host-google-fonts-locally
6
  * Description: Minimize DNS requests, leverage browser cache and speed up WordPress by saving Google Fonts to your server and removing external Google Fonts requests.
7
+ * Version: 4.5.3
8
  * Author: Daan from FFW.Press
9
  * Author URI: https://ffw.press
10
  * License: GPL2v2 or later
includes/admin/class-settings.php CHANGED
@@ -18,7 +18,7 @@ defined('ABSPATH') || exit;
18
 
19
  class OMGF_Admin_Settings extends OMGF_Admin
20
  {
21
- const OMGF_ADMIN_PAGE = 'optimize-webfonts';
22
 
23
  /**
24
  * Transients
@@ -422,7 +422,7 @@ class OMGF_Admin_Settings extends OMGF_Admin
422
  ?>
423
  <?php if ($this->active_tab !== self::OMGF_SETTINGS_FIELD_HELP) : ?>
424
  <?php submit_button($this->submit_button_text, 'primary', 'submit', false); ?>
425
- <a id="omgf-empty" data-cache-section="/*" class="omgf-empty button-cancel"><?php _e('Empty Cache Directory', $this->plugin_text_domain); ?></a>
426
  <?php endif; ?>
427
  </form>
428
  <?php
18
 
19
  class OMGF_Admin_Settings extends OMGF_Admin
20
  {
21
+ const OMGF_ADMIN_PAGE = 'optimize-webfonts';
22
 
23
  /**
24
  * Transients
422
  ?>
423
  <?php if ($this->active_tab !== self::OMGF_SETTINGS_FIELD_HELP) : ?>
424
  <?php submit_button($this->submit_button_text, 'primary', 'submit', false); ?>
425
+ <a id="omgf-empty" data-cache-section="/*" data-nonce="<?= wp_create_nonce(self::OMGF_ADMIN_PAGE); ?>" class="omgf-empty button-cancel"><?php _e('Empty Cache Directory', $this->plugin_text_domain); ?></a>
426
  <?php endif; ?>
427
  </form>
428
  <?php
includes/api/class-download.php CHANGED
@@ -86,8 +86,8 @@ class OMGF_API_Download extends WP_REST_Controller
86
  }
87
 
88
  $params = $request->get_params();
89
- $this->handle = $params['handle'] ?? '';
90
- $original_handle = $request->get_param('original_handle');
91
 
92
  if (!$this->handle || !$original_handle) {
93
  wp_die(__('Handle not provided.', $this->plugin_text_domain), 406);
86
  }
87
 
88
  $params = $request->get_params();
89
+ $this->handle = sanitize_title_with_dashes($params['handle']) ?? '';
90
+ $original_handle = sanitize_title_with_dashes($request->get_param('original_handle'));
91
 
92
  if (!$this->handle || !$original_handle) {
93
  wp_die(__('Handle not provided.', $this->plugin_text_domain), 406);
includes/class-ajax.php CHANGED
@@ -31,9 +31,21 @@ class OMGF_AJAX
31
 
32
  /**
33
  * Empty cache directory.
 
 
34
  */
35
  public function empty_directory()
36
  {
 
 
 
 
 
 
 
 
 
 
37
  try {
38
  $section = $_POST['section'];
39
  $entries = array_filter((array) glob(OMGF_FONTS_DIR . $section));
31
 
32
  /**
33
  * Empty cache directory.
34
+ *
35
+ * @since v4.5.3: Hardened security.
36
  */
37
  public function empty_directory()
38
  {
39
+ check_ajax_referer(OMGF_Admin_Settings::OMGF_ADMIN_PAGE, 'nonce');
40
+
41
+ $section = str_replace('*', '', $_POST['section']);
42
+ $set_path = rtrim(OMGF_FONTS_DIR . $section, '/');
43
+ $resolved_path = realpath(OMGF_FONTS_DIR . $section);
44
+
45
+ if ($resolved_path != $set_path) {
46
+ wp_die(__('Attempted path traversal detected. Sorry, no script kiddies allowed!', $this->plugin_text_domain));
47
+ }
48
+
49
  try {
50
  $section = $_POST['section'];
51
  $entries = array_filter((array) glob(OMGF_FONTS_DIR . $section));
includes/frontend/class-functions.php CHANGED
@@ -76,8 +76,10 @@ class OMGF_Frontend_Functions
76
  /**
77
  * When OMGF Pro is enabled and set to Automatic mode, the merged handle is used to only load selected
78
  * preloads for the currently used stylesheet.
 
 
79
  */
80
- $pro_handle = apply_filters('omgf_pro_merged_handle', '');
81
 
82
  $i = 0;
83
 
76
  /**
77
  * When OMGF Pro is enabled and set to Automatic mode, the merged handle is used to only load selected
78
  * preloads for the currently used stylesheet.
79
+ *
80
+ * @since v4.5.3 Added 2nd dummy parameter, to prevent Fatal Errors after updating.
81
  */
82
+ $pro_handle = apply_filters('omgf_pro_merged_handle', '', '');
83
 
84
  $i = 0;
85
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: DaanvandenBergh
3
  Tags: google, fonts, gdpr, cache, speed, preload, font-display, webfonts, subsets, remove, minimize, external, requests
4
  Requires at least: 4.6
5
  Tested up to: 5.8
6
- Stable tag: 4.5.2
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -132,6 +132,9 @@ No, not yet. But I will definitely try to make it compatible in the future!
132
 
133
  == Changelog ==
134
 
 
 
 
135
  = 4.5.2 | August 16th, 2021 =
136
  * Pro Feature: Added promo material for @font-face detection in local stylesheets.
137
  * Fix: Fixed several warnings and notices.
3
  Tags: google, fonts, gdpr, cache, speed, preload, font-display, webfonts, subsets, remove, minimize, external, requests
4
  Requires at least: 4.6
5
  Tested up to: 5.8
6
+ Stable tag: 4.5.3
7
  Requires PHP: 7.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
132
 
133
  == Changelog ==
134
 
135
+ = 4.5.3 | August 17th, 2021 =
136
+ * Fix: "Too few arguments to function OmgfPro_Frontend_AutoReplace::passthru_handle()" would occur if OMGF Pro was updated to v2.5.1 before OMGF was updated to v4.5.2.
137
+
138
  = 4.5.2 | August 16th, 2021 =
139
  * Pro Feature: Added promo material for @font-face detection in local stylesheets.
140
  * Fix: Fixed several warnings and notices.