Version Description
- Fixed potential security issues in plugin admin section
Download this release
Release Info
| Developer | jackdewey |
| Plugin |  Link Library |
| Version | 7.2.8 |
| Comparing to | |
| See all releases | |
Code changes from version 7.2.7 to 7.2.8
- link-library-admin.php +26 -19
- link-library.php +7 -1
- readme.txt +4 -1
link-library-admin.php
CHANGED
|
@@ -909,27 +909,34 @@ wp_editor( $post->post_content, 'content', $editor_config );
|
|
| 909 |
//we need the global screen column value to beable to have a sidebar in WordPress 2.8
|
| 910 |
global $screen_layout_columns;
|
| 911 |
|
| 912 |
-
$settings = ( isset( $_GET['settings'] ) ? $_GET['settings'] : 1 );
|
| 913 |
|
| 914 |
if ( isset( $_GET['settingscopy'] ) ) {
|
| 915 |
-
|
| 916 |
-
$source = $_GET['source'];
|
| 917 |
|
| 918 |
-
|
| 919 |
-
|
| 920 |
-
|
| 921 |
-
|
| 922 |
-
|
| 923 |
-
|
| 924 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 925 |
}
|
| 926 |
|
| 927 |
if ( isset( $_GET['deletesettings'] ) ) {
|
| 928 |
check_admin_referer( 'link-library-delete' );
|
| 929 |
|
| 930 |
-
|
| 931 |
-
|
| 932 |
-
|
|
|
|
|
|
|
|
|
|
| 933 |
$settings = 1;
|
| 934 |
}
|
| 935 |
|
|
@@ -1069,11 +1076,11 @@ wp_editor( $post->post_content, 'content', $editor_config );
|
|
| 1069 |
} elseif ( $_GET['page'] == 'link-library-settingssets' ) {
|
| 1070 |
$formvalue = 'save_link_library_settingssets';
|
| 1071 |
|
| 1072 |
-
if ( isset( $_GET['reset'] ) ) {
|
| 1073 |
$options = ll_reset_options( $settings, 'list', 'return_and_set' );
|
| 1074 |
}
|
| 1075 |
|
| 1076 |
-
if ( isset( $_GET['newlayout'] ) ) {
|
| 1077 |
$layout_list = simplexml_load_file( plugin_dir_path( __FILE__ ) . '/presets/PresetList.xml' );
|
| 1078 |
$layout_id = intval( $_GET['newlayout'] );
|
| 1079 |
|
|
@@ -3153,7 +3160,7 @@ wp_editor( $post->post_content, 'content', $editor_config );
|
|
| 3153 |
</tr>
|
| 3154 |
<tr>
|
| 3155 |
<td><?php _e( 'Re-import', 'link-library' ); ?></td>
|
| 3156 |
-
<td><button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( __( "Using the re-import function will delete all links in your Link Library and re-import links from the old Link Library 5.9 format to version 6.x. Only use this function if you recently upgraded from 5.9 to 6.x and are having issues with the converter links.", "link-library" ) ) . "') ) window.location.href='edit.php?page=link-library-general-options&post_type=link_library_links&ll60reupdate=1' \""; ?>><?php _e( 'Re-import links', 'link-library' ); ?></button></td>
|
| 3157 |
</tr>
|
| 3158 |
<tr>
|
| 3159 |
<td><?php _e( 'Category mapping table', 'link-library' ); ?></td>
|
|
@@ -4273,7 +4280,7 @@ function general_custom_fields_meta_box( $data ) {
|
|
| 4273 |
endfor;
|
| 4274 |
?>
|
| 4275 |
</SELECT>
|
| 4276 |
-
<?php $copypath = "'admin.php?page=link-library-settingssets&settings=" . $settings . "&settingscopy=" . $settings . "&source=' + jQuery('#copysource').val();"; ?>
|
| 4277 |
<INPUT class="button" type="button" name="copy" value="<?php _e( 'Copy', 'link-library' ); ?>!" onClick="if (confirm('Are you sure you want to copy the contents of the selected library over the current library settings?')) { var copyurl = <?php echo $copypath; ?> window.location.href = copyurl; };">
|
| 4278 |
<?php endif; ?>
|
| 4279 |
</div>
|
|
@@ -4408,7 +4415,7 @@ function general_custom_fields_meta_box( $data ) {
|
|
| 4408 |
<tr>
|
| 4409 |
<td style='text-align:right'>
|
| 4410 |
<span><button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( sprintf( __( "You are about to Delete Library #'%s'\n 'Cancel' to stop, 'OK' to delete.", "link-library" ), $settings ) ) . "') ) window.location.href='" . wp_nonce_url( 'admin.php?page=link-library-settingssets&deletesettings=' . $settings, 'link-library-delete' ) . "'\""; ?>><?php _e( 'Delete Library', 'link-library' ); ?> <?php echo $settings ?></button></span>
|
| 4411 |
-
<span><button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( sprintf( __( "You are about to reset Library '%s'\n 'Cancel' to stop, 'OK' to reset.", "link-library" ), $settings ) ) . "') ) window.location.href='admin.php?page=link-library-settingssets&settings=" . $settings . "&reset=" . $settings . "'\""; ?>><?php _e( 'Reset current Library', 'link-library' ); ?></button></span>
|
| 4412 |
</td>
|
| 4413 |
</tr>
|
| 4414 |
</table>
|
|
@@ -4428,7 +4435,7 @@ function general_custom_fields_meta_box( $data ) {
|
|
| 4428 |
<div class="ll_preset" id="#preset<?php echo $layout->ID; ?>">
|
| 4429 |
<strong><?php _e( 'Layout', 'link-library' ); echo ' ' . $layout->ID . ": " . $layout->Desc; ?></strong><br /><br />
|
| 4430 |
<img style="max-width: 400px; border: 2px solid black;" src="<?php echo plugins_url( "presets/" . $layout->Image, __FILE__ ); ?>"<br /><br /><br />
|
| 4431 |
-
<button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( sprintf( __( "You are about to change the layout of Library '%s' and reset all its options\n 'Cancel' to stop, 'OK' to modify.", "link-library" ), $settings ) ) . "') ) window.location.href='admin.php?page=link-library-settingssets&settings=" . $settings . "&newlayout=" . $layout->ID . "'\""; ?>><?php _e( 'Apply Layout', 'link-library' ); ?> <?php echo $layout->ID; ?></button>
|
| 4432 |
</div>
|
| 4433 |
<?php } ?>
|
| 4434 |
</div>
|
| 909 |
//we need the global screen column value to beable to have a sidebar in WordPress 2.8
|
| 910 |
global $screen_layout_columns;
|
| 911 |
|
| 912 |
+
$settings = ( isset( $_GET['settings'] ) && is_int( intval( $_GET['settings'] ) ) ? $_GET['settings'] : 1 );
|
| 913 |
|
| 914 |
if ( isset( $_GET['settingscopy'] ) ) {
|
| 915 |
+
check_admin_referer( 'llsettingscopy' );
|
|
|
|
| 916 |
|
| 917 |
+
if ( is_int( intval( $_GET['settingscopy'] ) ) && is_int( intval( $_GET['source'] ) ) ) {
|
| 918 |
+
$destination = $_GET['settingscopy'];
|
| 919 |
+
$source = $_GET['source'];
|
| 920 |
+
|
| 921 |
+
$sourcesettingsname = 'LinkLibraryPP' . $source;
|
| 922 |
+
$sourceoptions = get_option( $sourcesettingsname );
|
| 923 |
+
|
| 924 |
+
$destinationsettingsname = 'LinkLibraryPP' . $destination;
|
| 925 |
+
update_option( $destinationsettingsname, $sourceoptions );
|
| 926 |
+
|
| 927 |
+
$settings = $destination;
|
| 928 |
+
}
|
| 929 |
}
|
| 930 |
|
| 931 |
if ( isset( $_GET['deletesettings'] ) ) {
|
| 932 |
check_admin_referer( 'link-library-delete' );
|
| 933 |
|
| 934 |
+
if ( is_int( intval( $_GET['deletesettings'] ) ) ) {
|
| 935 |
+
$settings = $_GET['deletesettings'];
|
| 936 |
+
$deletesettingsname = 'LinkLibraryPP' . $settings;
|
| 937 |
+
$options = delete_option( $deletesettingsname );
|
| 938 |
+
}
|
| 939 |
+
|
| 940 |
$settings = 1;
|
| 941 |
}
|
| 942 |
|
| 1076 |
} elseif ( $_GET['page'] == 'link-library-settingssets' ) {
|
| 1077 |
$formvalue = 'save_link_library_settingssets';
|
| 1078 |
|
| 1079 |
+
if ( isset( $_GET['reset'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'llresetsettings' ) ) {
|
| 1080 |
$options = ll_reset_options( $settings, 'list', 'return_and_set' );
|
| 1081 |
}
|
| 1082 |
|
| 1083 |
+
if ( isset( $_GET['newlayout'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'llnewlayout' ) ) {
|
| 1084 |
$layout_list = simplexml_load_file( plugin_dir_path( __FILE__ ) . '/presets/PresetList.xml' );
|
| 1085 |
$layout_id = intval( $_GET['newlayout'] );
|
| 1086 |
|
| 3160 |
</tr>
|
| 3161 |
<tr>
|
| 3162 |
<td><?php _e( 'Re-import', 'link-library' ); ?></td>
|
| 3163 |
+
<td><button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( __( "Using the re-import function will delete all links in your Link Library and re-import links from the old Link Library 5.9 format to version 6.x. Only use this function if you recently upgraded from 5.9 to 6.x and are having issues with the converter links.", "link-library" ) ) . "') ) window.location.href='edit.php?page=link-library-general-options&post_type=link_library_links&ll60reupdate=1&_wpnonce=" . wp_create_nonce( 'll60reupdate' ) . "' \""; ?>><?php _e( 'Re-import links', 'link-library' ); ?></button></td>
|
| 3164 |
</tr>
|
| 3165 |
<tr>
|
| 3166 |
<td><?php _e( 'Category mapping table', 'link-library' ); ?></td>
|
| 4280 |
endfor;
|
| 4281 |
?>
|
| 4282 |
</SELECT>
|
| 4283 |
+
<?php $copypath = "'admin.php?page=link-library-settingssets&_wpnonce=" . wp_create_nonce( 'llsettingscopy' ) . "&settings=" . $settings . "&settingscopy=" . $settings . "&source=' + jQuery('#copysource').val();"; ?>
|
| 4284 |
<INPUT class="button" type="button" name="copy" value="<?php _e( 'Copy', 'link-library' ); ?>!" onClick="if (confirm('Are you sure you want to copy the contents of the selected library over the current library settings?')) { var copyurl = <?php echo $copypath; ?> window.location.href = copyurl; };">
|
| 4285 |
<?php endif; ?>
|
| 4286 |
</div>
|
| 4415 |
<tr>
|
| 4416 |
<td style='text-align:right'>
|
| 4417 |
<span><button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( sprintf( __( "You are about to Delete Library #'%s'\n 'Cancel' to stop, 'OK' to delete.", "link-library" ), $settings ) ) . "') ) window.location.href='" . wp_nonce_url( 'admin.php?page=link-library-settingssets&deletesettings=' . $settings, 'link-library-delete' ) . "'\""; ?>><?php _e( 'Delete Library', 'link-library' ); ?> <?php echo $settings ?></button></span>
|
| 4418 |
+
<span><button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( sprintf( __( "You are about to reset Library '%s'\n 'Cancel' to stop, 'OK' to reset.", "link-library" ), $settings ) ) . "') ) window.location.href='admin.php?page=link-library-settingssets&settings=" . $settings . "&_wpnonce=" . wp_create_nonce( 'llresetsettings' ). "&reset=" . $settings . "'\""; ?>><?php _e( 'Reset current Library', 'link-library' ); ?></button></span>
|
| 4419 |
</td>
|
| 4420 |
</tr>
|
| 4421 |
</table>
|
| 4435 |
<div class="ll_preset" id="#preset<?php echo $layout->ID; ?>">
|
| 4436 |
<strong><?php _e( 'Layout', 'link-library' ); echo ' ' . $layout->ID . ": " . $layout->Desc; ?></strong><br /><br />
|
| 4437 |
<img style="max-width: 400px; border: 2px solid black;" src="<?php echo plugins_url( "presets/" . $layout->Image, __FILE__ ); ?>"<br /><br /><br />
|
| 4438 |
+
<button class="button" type="button" <?php echo "onclick=\"if ( confirm('" . esc_js( sprintf( __( "You are about to change the layout of Library '%s' and reset all its options\n 'Cancel' to stop, 'OK' to modify.", "link-library" ), $settings ) ) . "') ) window.location.href='admin.php?page=link-library-settingssets&settings=" . $settings . "&_wpnonce=" . wp_create_nonce( 'llnewlayout' ). "&newlayout=" . $layout->ID . "'\""; ?>><?php _e( 'Apply Layout', 'link-library' ); ?> <?php echo $layout->ID; ?></button>
|
| 4439 |
</div>
|
| 4440 |
<?php } ?>
|
| 4441 |
</div>
|
link-library.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: Link Library
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/link-library/
|
| 5 |
Description: Display links on pages with a variety of options
|
| 6 |
-
Version: 7.2.
|
| 7 |
Author: Yannick Lefebvre
|
| 8 |
Author URI: http://ylefebvre.github.io/
|
| 9 |
Text Domain: link-library
|
|
@@ -740,6 +740,12 @@ class link_library_plugin {
|
|
| 740 |
$genoptions = get_option( 'LinkLibraryGeneral' );
|
| 741 |
|
| 742 |
if ( isset( $_GET['ll60reupdate'] ) ) {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 743 |
global $wpdb;
|
| 744 |
|
| 745 |
$wpdb->get_results ( 'DELETE a,b,c
|
| 3 |
Plugin Name: Link Library
|
| 4 |
Plugin URI: http://wordpress.org/extend/plugins/link-library/
|
| 5 |
Description: Display links on pages with a variety of options
|
| 6 |
+
Version: 7.2.8
|
| 7 |
Author: Yannick Lefebvre
|
| 8 |
Author URI: http://ylefebvre.github.io/
|
| 9 |
Text Domain: link-library
|
| 740 |
$genoptions = get_option( 'LinkLibraryGeneral' );
|
| 741 |
|
| 742 |
if ( isset( $_GET['ll60reupdate'] ) ) {
|
| 743 |
+
if ( !current_user_can( 'manage_options' ) ) {
|
| 744 |
+
return;
|
| 745 |
+
}
|
| 746 |
+
|
| 747 |
+
check_admin_referer( 'll60reupdate' );
|
| 748 |
+
|
| 749 |
global $wpdb;
|
| 750 |
|
| 751 |
$wpdb->get_results ( 'DELETE a,b,c
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Donate link: https://ylefebvre.github.io/wordpress-plugins/link-library/
|
|
| 4 |
Tags: link, list, directory, page, library, AJAX, RSS, feeds, inline, search, paging, add, submit, import, batch, pop-up
|
| 5 |
Requires at least: 4.4
|
| 6 |
Tested up to: 5.8
|
| 7 |
-
Stable tag: 7.2.
|
| 8 |
|
| 9 |
The purpose of this plugin is to add the ability to output a list of link categories and a complete list of links with notes and descriptions.
|
| 10 |
|
|
@@ -48,6 +48,9 @@ Further configuration is available under the Link Library Settings panel.
|
|
| 48 |
|
| 49 |
== Changelog ==
|
| 50 |
|
|
|
|
|
|
|
|
|
|
| 51 |
= 7.2.7 =
|
| 52 |
* Increased character limit for user form fields from 255 to 1024 characters
|
| 53 |
|
| 4 |
Tags: link, list, directory, page, library, AJAX, RSS, feeds, inline, search, paging, add, submit, import, batch, pop-up
|
| 5 |
Requires at least: 4.4
|
| 6 |
Tested up to: 5.8
|
| 7 |
+
Stable tag: 7.2.8
|
| 8 |
|
| 9 |
The purpose of this plugin is to add the ability to output a list of link categories and a complete list of links with notes and descriptions.
|
| 10 |
|
| 48 |
|
| 49 |
== Changelog ==
|
| 50 |
|
| 51 |
+
= 7.2.8 =
|
| 52 |
+
* Fixed potential security issues in plugin admin section
|
| 53 |
+
|
| 54 |
= 7.2.7 =
|
| 55 |
* Increased character limit for user form fields from 255 to 1024 characters
|
| 56 |
|
