MailChimp List Subscribe Form - Version 1.4.2

Version Description

add customized wp_nonces functions for post-back behavior to fix 4.0 callbacks

Download this release

Release Info

Developer crowdfavorite
Plugin Icon wp plugin MailChimp List Subscribe Form
Version 1.4.2
Comparing to
See all releases

Code changes from version 1.4.1 to 1.4.2

Files changed (3) hide show
  1. mailchimp.php +75 -7
  2. mailchimp_widget.php +1 -1
  3. readme.txt +6 -2
mailchimp.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: MailChimp
4
  Plugin URI: http://www.mailchimp.com/plugins/mailchimp-wordpress-plugin/
5
  Description: The MailChimp plugin allows you to quickly and easily add a signup form for your MailChimp list.
6
- Version: 1.4.1
7
  Author: MailChimp and Crowd Favorite
8
  Author URI: http://mailchimp.com/api/
9
  */
@@ -25,7 +25,7 @@ Author URI: http://mailchimp.com/api/
25
  */
26
 
27
  // Version constant for easy CSS refreshes
28
- define('MCSF_VER', '1.4.1');
29
 
30
  // What's our permission (capability) threshold
31
  define('MCSF_CAP_THRESHOLD', 'manage_options');
@@ -269,7 +269,7 @@ if (get_option('mc_custom_style')=='on'){
269
  ul.mc_list li {
270
  font-size: 12px;
271
  }
272
- .ui-datepicker-year {
273
  display: none;
274
  }
275
  #ui-datepicker-div.show .ui-datepicker-year {
@@ -352,7 +352,7 @@ function mailchimpSF_auth_nonce_key($salt = null) {
352
  if (is_null($salt)) {
353
  $salt = mailchimpSF_auth_nonce_salt();
354
  }
355
- return md5('social_authentication'.AUTH_KEY.$salt);
356
  }
357
 
358
  function mailchimpSF_auth_nonce_salt() {
@@ -364,7 +364,8 @@ function mailchimpSF_authorize() {
364
  $proxy = apply_filters('mailchimp_authorize_url', $api->getApiUrl('authorize'));
365
  if (strpos($proxy, 'socialize-this') !== false) {
366
  $salt = mailchimpSF_auth_nonce_salt();
367
- $id = wp_create_nonce(mailchimpSF_auth_nonce_key($salt));
 
368
  $url = home_url('index.php');
369
  $args = array(
370
  'mcsf_action' => 'authorized',
@@ -393,7 +394,8 @@ function mailchimpSF_authorized() {
393
 
394
  $nonce = stripslashes($_POST['id']);
395
  $salt = stripslashes($_GET['salt']);
396
- if (wp_verify_nonce($nonce, mailchimpSF_auth_nonce_key($salt)) === false) {
 
397
  wp_die('Cheatin’ huh?');
398
  }
399
 
@@ -1520,4 +1522,70 @@ function mailchimpSF_where_am_i() {
1520
  }
1521
 
1522
 
1523
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
3
  Plugin Name: MailChimp
4
  Plugin URI: http://www.mailchimp.com/plugins/mailchimp-wordpress-plugin/
5
  Description: The MailChimp plugin allows you to quickly and easily add a signup form for your MailChimp list.
6
+ Version: 1.4.2
7
  Author: MailChimp and Crowd Favorite
8
  Author URI: http://mailchimp.com/api/
9
  */
25
  */
26
 
27
  // Version constant for easy CSS refreshes
28
+ define('MCSF_VER', '1.4.2');
29
 
30
  // What's our permission (capability) threshold
31
  define('MCSF_CAP_THRESHOLD', 'manage_options');
269
  ul.mc_list li {
270
  font-size: 12px;
271
  }
272
+ #ui-datepicker-div .ui-datepicker-year {
273
  display: none;
274
  }
275
  #ui-datepicker-div.show .ui-datepicker-year {
352
  if (is_null($salt)) {
353
  $salt = mailchimpSF_auth_nonce_salt();
354
  }
355
+ return 'social_authentication' . md5( AUTH_KEY . $salt );
356
  }
357
 
358
  function mailchimpSF_auth_nonce_salt() {
364
  $proxy = apply_filters('mailchimp_authorize_url', $api->getApiUrl('authorize'));
365
  if (strpos($proxy, 'socialize-this') !== false) {
366
  $salt = mailchimpSF_auth_nonce_salt();
367
+ $id = mailchimpSF_create_nonce( mailchimpSF_auth_nonce_key( $salt ) );
368
+
369
  $url = home_url('index.php');
370
  $args = array(
371
  'mcsf_action' => 'authorized',
394
 
395
  $nonce = stripslashes($_POST['id']);
396
  $salt = stripslashes($_GET['salt']);
397
+
398
+ if (mailchimpSF_verify_nonce( $nonce, mailchimpSF_auth_nonce_key( $salt ) ) === false) {
399
  wp_die('Cheatin’ huh?');
400
  }
401
 
1522
  }
1523
 
1524
 
1525
+ /**
1526
+ * MODIFIED VERSION of wp_verify_nonce from WP Core. Core was not overridden to prevent problems when replacing
1527
+ * something universally.
1528
+ *
1529
+ * Verify that correct nonce was used with time limit.
1530
+ *
1531
+ * The user is given an amount of time to use the token, so therefore, since the
1532
+ * UID and $action remain the same, the independent variable is the time.
1533
+ *
1534
+ * @param string $nonce Nonce that was used in the form to verify
1535
+ * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
1536
+ * @return bool Whether the nonce check passed or failed.
1537
+ */
1538
+ function mailchimpSF_verify_nonce($nonce, $action = -1) {
1539
+ $user = wp_get_current_user();
1540
+ $uid = (int) $user->ID;
1541
+ if ( ! $uid ) {
1542
+ $uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
1543
+ }
1544
+
1545
+ if ( empty( $nonce ) ) {
1546
+ return false;
1547
+ }
1548
+
1549
+ $token = 'MAILCHIMP';
1550
+ $i = wp_nonce_tick();
1551
+
1552
+ // Nonce generated 0-12 hours ago
1553
+ $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce'), -12, 10 );
1554
+ if ( hash_equals( $expected, $nonce ) ) {
1555
+ return 1;
1556
+ }
1557
+
1558
+ // Nonce generated 12-24 hours ago
1559
+ $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
1560
+ if ( hash_equals( $expected, $nonce ) ) {
1561
+ return 2;
1562
+ }
1563
+
1564
+ // Invalid nonce
1565
+ return false;
1566
+ }
1567
+
1568
+
1569
+ /**
1570
+ * MODIFIED VERSION of wp_create_nonce from WP Core. Core was not overridden to prevent problems when replacing
1571
+ * something universally.
1572
+ *
1573
+ * Creates a cryptographic token tied to a specific action, user, and window of time.
1574
+ *
1575
+ * @param string $action Scalar value to add context to the nonce.
1576
+ * @return string The token.
1577
+ */
1578
+ function mailchimpSF_create_nonce($action = -1) {
1579
+ $user = wp_get_current_user();
1580
+ $uid = (int) $user->ID;
1581
+ if ( ! $uid ) {
1582
+ /** This filter is documented in wp-includes/pluggable.php */
1583
+ $uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
1584
+ }
1585
+
1586
+ $token = 'MAILCHIMP';
1587
+ $i = wp_nonce_tick();
1588
+
1589
+ return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
1590
+ }
1591
+
mailchimp_widget.php CHANGED
@@ -270,7 +270,7 @@ function mailchimpSF_signup_form($args = array()) {
270
  </form><!-- /mc_signup_form -->
271
  </div><!-- /mc_signup_container -->
272
  <?php
273
- if (!empty($before_widget)) {
274
  echo $after_widget;
275
  }
276
  }
270
  </form><!-- /mc_signup_form -->
271
  </div><!-- /mc_signup_container -->
272
  <?php
273
+ if (!empty($after_widget)) {
274
  echo $after_widget;
275
  }
276
  }
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
  Contributors: crowdfavorite
3
  Tags: mailchimp, email, newsletter, signup, marketing, plugin, widget
4
  Requires at least: 2.8
5
- Tested up to: 3.7.1
6
- Stable tag: 1.4.1
7
 
8
  == Description ==
9
 
@@ -138,7 +138,11 @@ Maybe! Look in the /po/ directory in our plugin package and see if your language
138
 
139
  == Upgrade Notice ==
140
 
 
 
141
 
 
 
142
 
143
  = 1.4 =
144
  Added Developer Mode "Kitchen Sink" to aid in styling without having to authenticate a MailChimp account.
2
  Contributors: crowdfavorite
3
  Tags: mailchimp, email, newsletter, signup, marketing, plugin, widget
4
  Requires at least: 2.8
5
+ Tested up to: 4.0
6
+ Stable tag: 1.4.2
7
 
8
  == Description ==
9
 
138
 
139
  == Upgrade Notice ==
140
 
141
+ = 1.4.2 =
142
+ add customized wp_nonces functions for post-back behavior to fix 4.0 callbacks
143
 
144
+ = 1.4.1 =
145
+ Fix for checkbox weirdness on 3.8
146
 
147
  = 1.4 =
148
  Added Developer Mode "Kitchen Sink" to aid in styling without having to authenticate a MailChimp account.