Custom Login Page Customizer | LoginPress - Version 1.6.3

Version Description

2022-11-02 = * BugFix: Nonce check applied on opt-in and opt-out screens. * Compatibility: Compatible with WordPress 6.0

Download this release

Release Info

Developer hiddenpearls
Plugin Icon 128x128 Custom Login Page Customizer | LoginPress
Version 1.6.3
Comparing to
See all releases

Code changes from version 1.6.2 to 1.6.3

Files changed (3) hide show
  1. include/loginpress-optin-form.php +2 -2
  2. loginpress.php +44 -33
  3. readme.txt +9 -5
include/loginpress-optin-form.php CHANGED
@@ -296,7 +296,7 @@ $name = empty( $user->user_firstname ) ? $user->display_name : $user->user_first
296
  $email = $user->user_email;
297
  $site_link = '<a href="' . get_site_url() . '">'. get_site_url() . '</a>';
298
  $website = get_site_url();
299
-
300
  $default_login_press_redirect = 'loginpress-settings';
301
 
302
  if ( isset( $_GET['redirect-page'] ) ) {
@@ -306,7 +306,7 @@ if ( isset( $_GET['redirect-page'] ) ) {
306
  echo '<form method="post" action="' . admin_url( 'admin.php?page=' . $default_login_press_redirect ) . '">';
307
 
308
  echo "<input type='hidden' name='email' value='$email'>";
309
-
310
  echo '<div id="loginpress-splash">';
311
  echo '<h1> <img id="loginpress-logo-text" src="' . plugins_url( 'img/loginpress.png', dirname( __FILE__ ) ) . '"> ' . __( 'Welcome to LoginPress', 'loginpress' ) . '</h1>';
312
 
296
  $email = $user->user_email;
297
  $site_link = '<a href="' . get_site_url() . '">'. get_site_url() . '</a>';
298
  $website = get_site_url();
299
+ $nonce = wp_create_nonce( 'loginpress_submit_optin_nonce' );
300
  $default_login_press_redirect = 'loginpress-settings';
301
 
302
  if ( isset( $_GET['redirect-page'] ) ) {
306
  echo '<form method="post" action="' . admin_url( 'admin.php?page=' . $default_login_press_redirect ) . '">';
307
 
308
  echo "<input type='hidden' name='email' value='$email'>";
309
+ echo "<input type='hidden' name='loginpress_submit_optin_nonce' value='" . sanitize_text_field( $nonce ) . "'>";
310
  echo '<div id="loginpress-splash">';
311
  echo '<h1> <img id="loginpress-logo-text" src="' . plugins_url( 'img/loginpress.png', dirname( __FILE__ ) ) . '"> ' . __( 'Welcome to LoginPress', 'loginpress' ) . '</h1>';
312
 
loginpress.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: LoginPress - Customizing the WordPress Login Screen.
4
  * Plugin URI: https://loginpress.pro/?utm_source=loginpress-lite&utm_medium=plugin-inside&utm_campaign=pro-upgrade&utm_content=plugin_uri
5
  * Description: LoginPress is the best <code>wp-login</code> Login Page Customizer plugin by <a href="https://wpbrigade.com/?utm_source=loginpress-lite">WPBrigade</a> which allows you to completely change the layout of login, register and forgot password forms.
6
- * Version: 1.6.2
7
  * Author: WPBrigade
8
  * Author URI: https://WPBrigade.com/?utm_source=loginpress-lite
9
  * Text Domain: loginpress
@@ -22,7 +22,7 @@ if ( ! class_exists( 'LoginPress' ) ) :
22
  /**
23
  * @var string
24
  */
25
- public $version = '1.6.2';
26
 
27
  /**
28
  * @var The single instance of the class
@@ -152,6 +152,7 @@ if ( ! class_exists( 'LoginPress' ) ) :
152
  *
153
  * @return bool Exclude page/s or post/s.
154
  * @since 1.5.14
 
155
  */
156
  public function loginpress_exclude_from_sitemap() {
157
 
@@ -162,44 +163,54 @@ if ( ! class_exists( 'LoginPress' ) ) :
162
  }
163
 
164
  /**
165
- * Redirect to Optin page.
166
  *
167
  * @since 1.0.15
168
  */
169
  function redirect_optin() {
170
-
171
- // delete_option( '_loginpress_optin' );
172
-
173
- if ( isset( $_POST['loginpress-submit-optout'] ) ) {
174
-
175
- update_option( '_loginpress_optin', 'no' );
176
- $this->_send_data( array(
177
- 'action' => 'Skip',
178
- ) );
179
-
180
- } elseif ( isset( $_POST['loginpress-submit-optin'] ) ) {
181
-
182
- update_option( '_loginpress_optin', 'yes' );
183
- $fields = array(
184
- 'action' => 'Activate',
185
- 'track_mailchimp' => 'yes'
186
- );
187
- $this->_send_data( $fields );
188
-
189
- } elseif ( ! get_option( '_loginpress_optin' ) && isset( $_GET['page'] ) && ( $_GET['page'] === 'loginpress-settings' || $_GET['page'] === 'loginpress' || $_GET['page'] === 'abw' ) ) {
190
-
191
  /**
192
- * XSS Attack vector found and fixed.
193
  *
194
- * @since 1.5.11
195
  */
196
- $page_redirect = $_GET['page'] === 'loginpress' ? 'loginpress' : 'loginpress-settings';
197
- wp_redirect( admin_url('admin.php?page=loginpress-optin&redirect-page=' . $page_redirect) );
198
- exit;
199
- } elseif ( get_option( '_loginpress_optin' ) && ( get_option( '_loginpress_optin' ) == 'yes' || get_option( '_loginpress_optin' ) == 'no' ) && isset( $_GET['page'] ) && $_GET['page'] === 'loginpress-optin' ) {
200
- wp_redirect( admin_url( 'admin.php?page=loginpress-settings' ) );
201
- exit;
202
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
203
  }
204
 
205
 
3
  * Plugin Name: LoginPress - Customizing the WordPress Login Screen.
4
  * Plugin URI: https://loginpress.pro/?utm_source=loginpress-lite&utm_medium=plugin-inside&utm_campaign=pro-upgrade&utm_content=plugin_uri
5
  * Description: LoginPress is the best <code>wp-login</code> Login Page Customizer plugin by <a href="https://wpbrigade.com/?utm_source=loginpress-lite">WPBrigade</a> which allows you to completely change the layout of login, register and forgot password forms.
6
+ * Version: 1.6.3
7
  * Author: WPBrigade
8
  * Author URI: https://WPBrigade.com/?utm_source=loginpress-lite
9
  * Text Domain: loginpress
22
  /**
23
  * @var string
24
  */
25
+ public $version = '1.6.3';
26
 
27
  /**
28
  * @var The single instance of the class
152
  *
153
  * @return bool Exclude page/s or post/s.
154
  * @since 1.5.14
155
+ * @version 1.6.3
156
  */
157
  public function loginpress_exclude_from_sitemap() {
158
 
163
  }
164
 
165
  /**
166
+ * Redirect to Opt-in page.
167
  *
168
  * @since 1.0.15
169
  */
170
  function redirect_optin() {
171
+ // delete_option( '_loginpress_optin' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
172
  /**
173
+ * Fix the Broken Access Control (BAC) security fix.
174
  *
175
+ * @since 1.6.3
176
  */
177
+ if ( current_user_can( 'manage_options' ) ) {
178
+ if ( isset( $_POST['loginpress-submit-optout'] ) ) {
179
+ if ( ! wp_verify_nonce( sanitize_text_field( $_POST['loginpress_submit_optin_nonce'] ), 'loginpress_submit_optin_nonce' ) ) {
180
+ return;
181
+ }
182
+ update_option( '_loginpress_optin', 'no' );
183
+ $this->_send_data( array(
184
+ 'action' => 'Skip',
185
+ ) );
186
+
187
+ } elseif ( isset( $_POST['loginpress-submit-optin'] ) ) {
188
+ if ( ! wp_verify_nonce( sanitize_text_field( $_POST['loginpress_submit_optin_nonce'] ), 'loginpress_submit_optin_nonce' ) ) {
189
+ return;
190
+ }
191
+ update_option( '_loginpress_optin', 'yes' );
192
+ $fields = array(
193
+ 'action' => 'Activate',
194
+ 'track_mailchimp' => 'yes'
195
+ );
196
+ $this->_send_data( $fields );
197
+
198
+ } elseif ( ! get_option( '_loginpress_optin' ) && isset( $_GET['page'] ) && ( $_GET['page'] === 'loginpress-settings' || $_GET['page'] === 'loginpress' || $_GET['page'] === 'abw' ) ) {
199
+
200
+ /**
201
+ * XSS Attack vector found and fixed.
202
+ *
203
+ * @since 1.5.11
204
+ */
205
+ $page_redirect = $_GET['page'] === 'loginpress' ? 'loginpress' : 'loginpress-settings';
206
+ wp_redirect( admin_url('admin.php?page=loginpress-optin&redirect-page=' . $page_redirect) );
207
+ exit;
208
+
209
+ } elseif ( get_option( '_loginpress_optin' ) && ( get_option( '_loginpress_optin' ) == 'yes' ) && isset( $_GET['page'] ) && $_GET['page'] === 'loginpress-optin' ) {
210
+ wp_redirect( admin_url( 'admin.php?page=loginpress-settings' ) );
211
+ exit;
212
+ }
213
+ }
214
  }
215
 
216
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tested up to: 6.0
4
  Contributors: WPBrigade, hiddenpearls, AbdulWahab610
5
  Author URI: https://wpbrigade.com/?utm_source=loginpress-lite&utm_medium=author-url-link
6
  Tags: wp-login, login, login customizer, custom login, wordpress login,
7
- Stable tag: 1.6.2
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -221,9 +221,13 @@ Please visit <a target="_blank" rel="friend" href="https://loginpress.pro?utm_so
221
 
222
  == Changelog ==
223
 
 
 
 
 
224
  = 1.6.2 – 2022-07-18 =
225
- * BugFix: Apply escaping at multiples places in code for security protection.
226
- * Compatibility: Compatible with WordPress 6.0.1
227
 
228
  = 1.6.1 – 2022-06-24 =
229
  * BugFix: Import/Export issue with PHP 8.1
@@ -660,5 +664,5 @@ Please visit <a target="_blank" rel="friend" href="https://loginpress.pro?utm_so
660
 
661
  == Upgrade Notice ==
662
 
663
- = 1.6.2 =
664
- * Important Release, upgrade immediately. Compatible with 6.0
4
  Contributors: WPBrigade, hiddenpearls, AbdulWahab610
5
  Author URI: https://wpbrigade.com/?utm_source=loginpress-lite&utm_medium=author-url-link
6
  Tags: wp-login, login, login customizer, custom login, wordpress login,
7
+ Stable tag: 1.6.3
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
221
 
222
  == Changelog ==
223
 
224
+ = 1.6.3 – 2022-11-02 =
225
+ * BugFix: Nonce check applied on opt-in and opt-out screens.
226
+ * Compatibility: Compatible with WordPress 6.0
227
+
228
  = 1.6.2 – 2022-07-18 =
229
+ * BugFix: Apply escaping at multiple places in code for security protection. Special thanks to <a href="https://profiles.wordpress.org/risecste/" rel="friend">n0tst3</a> for identifying a bug.
230
+ * Compatibility: Compatible with WordPress 6.0
231
 
232
  = 1.6.1 – 2022-06-24 =
233
  * BugFix: Import/Export issue with PHP 8.1
664
 
665
  == Upgrade Notice ==
666
 
667
+ = 1.6.3 =
668
+ * Security Release, Upgrade immediately. Compatible with 6.0