User Profile Picture - Version 2.6.0

Version Description

Released 2021-06-25
Fixed a security flaw where a user can change others profile picture.

Release Info

Developer	ronalfy
Plugin	User Profile Picture
Version	2.6.0
Comparing to
See all releases

Code changes from version 2.5.0 to 2.6.0

Files changed (3) hide show

js/mpp.js +2 -1
metronet-profile-picture.php +8 -6
readme.txt +9 -2

js/mpp.js CHANGED Viewed

	@@ -6,7 +6,8 @@ jQuery( document ).ready( function( $ ) {
6	$.post( metronet_profile_image.ajax_url, {
7	action: 'metronet_get_thumbnail',
8	post_id: post_id,
9	- _wpnonce: metronet_profile_image.nonce

10	},
11	function( response ) {
12	jQuery( "#metronet-profile-image" ).html( mt_display_block( response.thumb_html ) );


6	$.post( metronet_profile_image.ajax_url, {
7	action: 'metronet_get_thumbnail',
8	post_id: post_id,
9	+ _wpnonce: metronet_profile_image.nonce,
10	+ user_id: jQuery( "#metronet_profile_id" ).val(),
11	},
12	function( response ) {
13	jQuery( "#metronet-profile-image" ).html( mt_display_block( response.thumb_html ) );

metronet-profile-picture.php CHANGED Viewed

	@@ -4,7 +4,7 @@ Plugin Name: User Profile Picture
4	Plugin URI: http://wordpress.org/plugins/metronet-profile-picture/
5	Description: Use the native WP uploader on your user profile page.
6	Author: Cozmoslabs
7	- Version: 2.5.0
8	Requires at least: 4.6
9	Author URI: https://www.cozmoslabs.com
10	Contributors: ronalfy
	@@ -12,7 +12,7 @@ Text Domain: metronet-profile-picture
12	Domain Path: /languages
13	*/
14
15	- define( 'METRONET_PROFILE_PICTURE_VERSION', '2.5.0' );
16	define( 'METRONET_PROFILE_PICTURE_PLUGIN_NAME', 'User Profile Picture' );
17	define( 'METRONET_PROFILE_PICTURE_DIR', plugin_dir_path( __FILE__ ) );
18	define( 'METRONET_PROFILE_PICTURE_URL', plugins_url( '/', __FILE__ ) );
	@@ -319,7 +319,7 @@ class Metronet_Profile_Picture {
319	if ( 0 === $post_id \|\| 0 === $user_id \|\| 0 === $thumbnail_id \|\| 'mt_pp' !== get_post_type( $post_id ) ) {
320	die( '' );
321	}
322	- check_ajax_referer( "mt-update-post_$~~post_id~~" );
323
324	// Save user meta.
325	update_user_option( $user_id, 'metronet_post_id', $post_id );
	@@ -368,8 +368,9 @@ class Metronet_Profile_Picture {
368	if ( ! current_user_can( 'upload_files' ) ) {
369	die( '' );
370	}

371	$post_id = isset( $_POST['post_id'] ) ? absint( $_POST['post_id'] ) : 0;
372	- check_ajax_referer( "mt-update-post_$~~post_id~~" );
373	$post = get_post( $post_id );
374	$user_id = 0;
375	if ( $post ) {
	@@ -428,7 +429,7 @@ class Metronet_Profile_Picture {
428	if ( 0 === $post_id \|\| 0 === $user_id ) {
429	die( '' );
430	}
431	- check_ajax_referer( "mt-update-post_$~~post_id~~" );
432
433	$thumb_html = '<a style="display:block" href="#" class="mpp_add_media default-image">';
434	$thumb_html .= sprintf( '<img style="display:block" src="%s" width="150" height="150" title="%s" />', self::get_plugin_url( 'img/mystery.png' ), esc_attr__( 'Upload or Change Profile Picture', 'metronet-profile-picture' ) );
	@@ -869,6 +870,7 @@ class Metronet_Profile_Picture {
869	**/
870	public function print_media_scripts() {
871	$post_id = $this->get_post_id( $this->get_user_id() );

872	wp_enqueue_media( array( 'post' => $post_id ) );
873	$script_deps = array( 'media-editor' );
874	wp_enqueue_script( 'mt-pp', self::get_plugin_url( '/js/mpp.js' ), $script_deps, METRONET_PROFILE_PICTURE_VERSION, true );
	@@ -881,7 +883,7 @@ class Metronet_Profile_Picture {
881	'crop' => __( 'Crop Thumbnail', 'metronet-profile-picture' ),
882	'ajax_url' => esc_url( admin_url( 'admin-ajax.php' ) ),
883	'user_post_id' => absint( $post_id ),
884	- 'nonce' => wp_create_nonce( 'mt-update-post_' . absint( $~~post_id~~ ) ),
885	'loading_gif' => esc_url( self::get_plugin_url( '/img/loading.gif' ) ),
886	)
887	);


4	Plugin URI: http://wordpress.org/plugins/metronet-profile-picture/
5	Description: Use the native WP uploader on your user profile page.
6	Author: Cozmoslabs
7	+ Version: 2.6.0
8	Requires at least: 4.6
9	Author URI: https://www.cozmoslabs.com
10	Contributors: ronalfy

12	Domain Path: /languages
13	*/
14
15	+ define( 'METRONET_PROFILE_PICTURE_VERSION', '2.6.0' );
16	define( 'METRONET_PROFILE_PICTURE_PLUGIN_NAME', 'User Profile Picture' );
17	define( 'METRONET_PROFILE_PICTURE_DIR', plugin_dir_path( __FILE__ ) );
18	define( 'METRONET_PROFILE_PICTURE_URL', plugins_url( '/', __FILE__ ) );

319	if ( 0 === $post_id \|\| 0 === $user_id \|\| 0 === $thumbnail_id \|\| 'mt_pp' !== get_post_type( $post_id ) ) {
320	die( '' );
321	}
322	+ check_ajax_referer( "mt-update-post_$user_id" );
323
324	// Save user meta.
325	update_user_option( $user_id, 'metronet_post_id', $post_id );

368	if ( ! current_user_can( 'upload_files' ) ) {
369	die( '' );
370	}
371	+ $user_id = isset( $_POST['user_id'] ) ? absint( $_POST['user_id'] ) : 0;
372	$post_id = isset( $_POST['post_id'] ) ? absint( $_POST['post_id'] ) : 0;
373	+ check_ajax_referer( "mt-update-post_$user_id" );
374	$post = get_post( $post_id );
375	$user_id = 0;
376	if ( $post ) {

429	if ( 0 === $post_id \|\| 0 === $user_id ) {
430	die( '' );
431	}
432	+ check_ajax_referer( "mt-update-post_$user_id" );
433
434	$thumb_html = '<a style="display:block" href="#" class="mpp_add_media default-image">';
435	$thumb_html .= sprintf( '<img style="display:block" src="%s" width="150" height="150" title="%s" />', self::get_plugin_url( 'img/mystery.png' ), esc_attr__( 'Upload or Change Profile Picture', 'metronet-profile-picture' ) );

870	**/
871	public function print_media_scripts() {
872	$post_id = $this->get_post_id( $this->get_user_id() );
873	+ $user_id = $this->get_user_id();
874	wp_enqueue_media( array( 'post' => $post_id ) );
875	$script_deps = array( 'media-editor' );
876	wp_enqueue_script( 'mt-pp', self::get_plugin_url( '/js/mpp.js' ), $script_deps, METRONET_PROFILE_PICTURE_VERSION, true );

883	'crop' => __( 'Crop Thumbnail', 'metronet-profile-picture' ),
884	'ajax_url' => esc_url( admin_url( 'admin-ajax.php' ) ),
885	'user_post_id' => absint( $post_id ),
886	+ 'nonce' => wp_create_nonce( 'mt-update-post_' . absint( $user_id ) ),
887	'loading_gif' => esc_url( self::get_plugin_url( '/img/loading.gif' ) ),
888	)
889	);

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: cozmoslabs, ronalfy, Alaadiaa
3	Tags: users, user profile, gravatar, avatar, blocks, block
4	Requires at least: 3.5
5	- Tested up to: 5.7
6	- Stable tag: 2.5.0
7	Requires PHP: 5.6
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -112,6 +112,10 @@ Yes, but you'll have to set a new profile image per site. This is currently a l
112
113	== Changelog ==
114




115	= 2.5.0 =
116	* Released 2021-02-18
117	* Medium level (6.5) security fix. Please update as soon as possible.
	@@ -350,6 +354,9 @@ Yes, but you'll have to set a new profile image per site. This is currently a l
350
351	== Upgrade Notice ==
352



353	= 2.5.0 =
354	Medium level (6.5) security fix. Please update as soon as possible. Cleaned up REST user data so only pertitent information is returned to prevent user data leakage to roles with the upload_files capability.
355


2	Contributors: cozmoslabs, ronalfy, Alaadiaa
3	Tags: users, user profile, gravatar, avatar, blocks, block
4	Requires at least: 3.5
5	+ Tested up to: 5.8
6	+ Stable tag: 2.6.0
7	Requires PHP: 5.6
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

112
113	== Changelog ==
114
115	+ = 2.6.0 =
116	+ * Released 2021-06-25
117	+ * Fixed a security flaw where a user can change others profile picture.
118	+
119	= 2.5.0 =
120	* Released 2021-02-18
121	* Medium level (6.5) security fix. Please update as soon as possible.

354
355	== Upgrade Notice ==
356
357	+ = 2.6.0 =
358	+ Please update. Fixed a security flaw where a user can change others profile picture.
359	+
360	= 2.5.0 =
361	Medium level (6.5) security fix. Please update as soon as possible. Cleaned up REST user data so only pertitent information is returned to prevent user data leakage to roles with the upload_files capability.
362