Version Description
2022-11-02 = * BugFix: Nonce check applied on opt-in and opt-out screens. * Compatibility: Compatible with WordPress 6.0
Download this release
Release Info
Developer | hiddenpearls |
Plugin | Custom Login Page Customizer | LoginPress |
Version | 1.6.3 |
Comparing to | |
See all releases |
Code changes from version 1.6.2 to 1.6.3
- include/loginpress-optin-form.php +2 -2
- loginpress.php +44 -33
- readme.txt +9 -5
include/loginpress-optin-form.php
CHANGED
@@ -296,7 +296,7 @@ $name = empty( $user->user_firstname ) ? $user->display_name : $user->user_first
|
|
296 |
$email = $user->user_email;
|
297 |
$site_link = '<a href="' . get_site_url() . '">'. get_site_url() . '</a>';
|
298 |
$website = get_site_url();
|
299 |
-
|
300 |
$default_login_press_redirect = 'loginpress-settings';
|
301 |
|
302 |
if ( isset( $_GET['redirect-page'] ) ) {
|
@@ -306,7 +306,7 @@ if ( isset( $_GET['redirect-page'] ) ) {
|
|
306 |
echo '<form method="post" action="' . admin_url( 'admin.php?page=' . $default_login_press_redirect ) . '">';
|
307 |
|
308 |
echo "<input type='hidden' name='email' value='$email'>";
|
309 |
-
|
310 |
echo '<div id="loginpress-splash">';
|
311 |
echo '<h1> <img id="loginpress-logo-text" src="' . plugins_url( 'img/loginpress.png', dirname( __FILE__ ) ) . '"> ' . __( 'Welcome to LoginPress', 'loginpress' ) . '</h1>';
|
312 |
|
296 |
$email = $user->user_email;
|
297 |
$site_link = '<a href="' . get_site_url() . '">'. get_site_url() . '</a>';
|
298 |
$website = get_site_url();
|
299 |
+
$nonce = wp_create_nonce( 'loginpress_submit_optin_nonce' );
|
300 |
$default_login_press_redirect = 'loginpress-settings';
|
301 |
|
302 |
if ( isset( $_GET['redirect-page'] ) ) {
|
306 |
echo '<form method="post" action="' . admin_url( 'admin.php?page=' . $default_login_press_redirect ) . '">';
|
307 |
|
308 |
echo "<input type='hidden' name='email' value='$email'>";
|
309 |
+
echo "<input type='hidden' name='loginpress_submit_optin_nonce' value='" . sanitize_text_field( $nonce ) . "'>";
|
310 |
echo '<div id="loginpress-splash">';
|
311 |
echo '<h1> <img id="loginpress-logo-text" src="' . plugins_url( 'img/loginpress.png', dirname( __FILE__ ) ) . '"> ' . __( 'Welcome to LoginPress', 'loginpress' ) . '</h1>';
|
312 |
|
loginpress.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: LoginPress - Customizing the WordPress Login Screen.
|
4 |
* Plugin URI: https://loginpress.pro/?utm_source=loginpress-lite&utm_medium=plugin-inside&utm_campaign=pro-upgrade&utm_content=plugin_uri
|
5 |
* Description: LoginPress is the best <code>wp-login</code> Login Page Customizer plugin by <a href="https://wpbrigade.com/?utm_source=loginpress-lite">WPBrigade</a> which allows you to completely change the layout of login, register and forgot password forms.
|
6 |
-
* Version: 1.6.
|
7 |
* Author: WPBrigade
|
8 |
* Author URI: https://WPBrigade.com/?utm_source=loginpress-lite
|
9 |
* Text Domain: loginpress
|
@@ -22,7 +22,7 @@ if ( ! class_exists( 'LoginPress' ) ) :
|
|
22 |
/**
|
23 |
* @var string
|
24 |
*/
|
25 |
-
public $version = '1.6.
|
26 |
|
27 |
/**
|
28 |
* @var The single instance of the class
|
@@ -152,6 +152,7 @@ if ( ! class_exists( 'LoginPress' ) ) :
|
|
152 |
*
|
153 |
* @return bool Exclude page/s or post/s.
|
154 |
* @since 1.5.14
|
|
|
155 |
*/
|
156 |
public function loginpress_exclude_from_sitemap() {
|
157 |
|
@@ -162,44 +163,54 @@ if ( ! class_exists( 'LoginPress' ) ) :
|
|
162 |
}
|
163 |
|
164 |
/**
|
165 |
-
* Redirect to
|
166 |
*
|
167 |
* @since 1.0.15
|
168 |
*/
|
169 |
function redirect_optin() {
|
170 |
-
|
171 |
-
// delete_option( '_loginpress_optin' );
|
172 |
-
|
173 |
-
if ( isset( $_POST['loginpress-submit-optout'] ) ) {
|
174 |
-
|
175 |
-
update_option( '_loginpress_optin', 'no' );
|
176 |
-
$this->_send_data( array(
|
177 |
-
'action' => 'Skip',
|
178 |
-
) );
|
179 |
-
|
180 |
-
} elseif ( isset( $_POST['loginpress-submit-optin'] ) ) {
|
181 |
-
|
182 |
-
update_option( '_loginpress_optin', 'yes' );
|
183 |
-
$fields = array(
|
184 |
-
'action' => 'Activate',
|
185 |
-
'track_mailchimp' => 'yes'
|
186 |
-
);
|
187 |
-
$this->_send_data( $fields );
|
188 |
-
|
189 |
-
} elseif ( ! get_option( '_loginpress_optin' ) && isset( $_GET['page'] ) && ( $_GET['page'] === 'loginpress-settings' || $_GET['page'] === 'loginpress' || $_GET['page'] === 'abw' ) ) {
|
190 |
-
|
191 |
/**
|
192 |
-
*
|
193 |
*
|
194 |
-
* @since 1.
|
195 |
*/
|
196 |
-
|
197 |
-
|
198 |
-
|
199 |
-
|
200 |
-
|
201 |
-
|
202 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
203 |
}
|
204 |
|
205 |
|
3 |
* Plugin Name: LoginPress - Customizing the WordPress Login Screen.
|
4 |
* Plugin URI: https://loginpress.pro/?utm_source=loginpress-lite&utm_medium=plugin-inside&utm_campaign=pro-upgrade&utm_content=plugin_uri
|
5 |
* Description: LoginPress is the best <code>wp-login</code> Login Page Customizer plugin by <a href="https://wpbrigade.com/?utm_source=loginpress-lite">WPBrigade</a> which allows you to completely change the layout of login, register and forgot password forms.
|
6 |
+
* Version: 1.6.3
|
7 |
* Author: WPBrigade
|
8 |
* Author URI: https://WPBrigade.com/?utm_source=loginpress-lite
|
9 |
* Text Domain: loginpress
|
22 |
/**
|
23 |
* @var string
|
24 |
*/
|
25 |
+
public $version = '1.6.3';
|
26 |
|
27 |
/**
|
28 |
* @var The single instance of the class
|
152 |
*
|
153 |
* @return bool Exclude page/s or post/s.
|
154 |
* @since 1.5.14
|
155 |
+
* @version 1.6.3
|
156 |
*/
|
157 |
public function loginpress_exclude_from_sitemap() {
|
158 |
|
163 |
}
|
164 |
|
165 |
/**
|
166 |
+
* Redirect to Opt-in page.
|
167 |
*
|
168 |
* @since 1.0.15
|
169 |
*/
|
170 |
function redirect_optin() {
|
171 |
+
// delete_option( '_loginpress_optin' );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
172 |
/**
|
173 |
+
* Fix the Broken Access Control (BAC) security fix.
|
174 |
*
|
175 |
+
* @since 1.6.3
|
176 |
*/
|
177 |
+
if ( current_user_can( 'manage_options' ) ) {
|
178 |
+
if ( isset( $_POST['loginpress-submit-optout'] ) ) {
|
179 |
+
if ( ! wp_verify_nonce( sanitize_text_field( $_POST['loginpress_submit_optin_nonce'] ), 'loginpress_submit_optin_nonce' ) ) {
|
180 |
+
return;
|
181 |
+
}
|
182 |
+
update_option( '_loginpress_optin', 'no' );
|
183 |
+
$this->_send_data( array(
|
184 |
+
'action' => 'Skip',
|
185 |
+
) );
|
186 |
+
|
187 |
+
} elseif ( isset( $_POST['loginpress-submit-optin'] ) ) {
|
188 |
+
if ( ! wp_verify_nonce( sanitize_text_field( $_POST['loginpress_submit_optin_nonce'] ), 'loginpress_submit_optin_nonce' ) ) {
|
189 |
+
return;
|
190 |
+
}
|
191 |
+
update_option( '_loginpress_optin', 'yes' );
|
192 |
+
$fields = array(
|
193 |
+
'action' => 'Activate',
|
194 |
+
'track_mailchimp' => 'yes'
|
195 |
+
);
|
196 |
+
$this->_send_data( $fields );
|
197 |
+
|
198 |
+
} elseif ( ! get_option( '_loginpress_optin' ) && isset( $_GET['page'] ) && ( $_GET['page'] === 'loginpress-settings' || $_GET['page'] === 'loginpress' || $_GET['page'] === 'abw' ) ) {
|
199 |
+
|
200 |
+
/**
|
201 |
+
* XSS Attack vector found and fixed.
|
202 |
+
*
|
203 |
+
* @since 1.5.11
|
204 |
+
*/
|
205 |
+
$page_redirect = $_GET['page'] === 'loginpress' ? 'loginpress' : 'loginpress-settings';
|
206 |
+
wp_redirect( admin_url('admin.php?page=loginpress-optin&redirect-page=' . $page_redirect) );
|
207 |
+
exit;
|
208 |
+
|
209 |
+
} elseif ( get_option( '_loginpress_optin' ) && ( get_option( '_loginpress_optin' ) == 'yes' ) && isset( $_GET['page'] ) && $_GET['page'] === 'loginpress-optin' ) {
|
210 |
+
wp_redirect( admin_url( 'admin.php?page=loginpress-settings' ) );
|
211 |
+
exit;
|
212 |
+
}
|
213 |
+
}
|
214 |
}
|
215 |
|
216 |
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tested up to: 6.0
|
|
4 |
Contributors: WPBrigade, hiddenpearls, AbdulWahab610
|
5 |
Author URI: https://wpbrigade.com/?utm_source=loginpress-lite&utm_medium=author-url-link
|
6 |
Tags: wp-login, login, login customizer, custom login, wordpress login,
|
7 |
-
Stable tag: 1.6.
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -221,9 +221,13 @@ Please visit <a target="_blank" rel="friend" href="https://loginpress.pro?utm_so
|
|
221 |
|
222 |
== Changelog ==
|
223 |
|
|
|
|
|
|
|
|
|
224 |
= 1.6.2 – 2022-07-18 =
|
225 |
-
* BugFix: Apply escaping at
|
226 |
-
* Compatibility: Compatible with WordPress 6.0
|
227 |
|
228 |
= 1.6.1 – 2022-06-24 =
|
229 |
* BugFix: Import/Export issue with PHP 8.1
|
@@ -660,5 +664,5 @@ Please visit <a target="_blank" rel="friend" href="https://loginpress.pro?utm_so
|
|
660 |
|
661 |
== Upgrade Notice ==
|
662 |
|
663 |
-
= 1.6.
|
664 |
-
*
|
4 |
Contributors: WPBrigade, hiddenpearls, AbdulWahab610
|
5 |
Author URI: https://wpbrigade.com/?utm_source=loginpress-lite&utm_medium=author-url-link
|
6 |
Tags: wp-login, login, login customizer, custom login, wordpress login,
|
7 |
+
Stable tag: 1.6.3
|
8 |
License: GPLv2 or later
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
221 |
|
222 |
== Changelog ==
|
223 |
|
224 |
+
= 1.6.3 – 2022-11-02 =
|
225 |
+
* BugFix: Nonce check applied on opt-in and opt-out screens.
|
226 |
+
* Compatibility: Compatible with WordPress 6.0
|
227 |
+
|
228 |
= 1.6.2 – 2022-07-18 =
|
229 |
+
* BugFix: Apply escaping at multiple places in code for security protection. Special thanks to <a href="https://profiles.wordpress.org/risecste/" rel="friend">n0tst3</a> for identifying a bug.
|
230 |
+
* Compatibility: Compatible with WordPress 6.0
|
231 |
|
232 |
= 1.6.1 – 2022-06-24 =
|
233 |
* BugFix: Import/Export issue with PHP 8.1
|
664 |
|
665 |
== Upgrade Notice ==
|
666 |
|
667 |
+
= 1.6.3 =
|
668 |
+
* Security Release, Upgrade immediately. Compatible with 6.0
|