No Page Comment - Version 1.2

Version Description

SECURITY: Patch XSS security vulnerability.
SECURITY: Patch CSRF security vulnerability.
UPDATE: PHP 7 support.

Release Info

Developer	sethta
Plugin	No Page Comment
Version	1.2
Comparing to
See all releases

Code changes from version 1.1 to 1.2

Files changed (4) hide show

lang/no-page-comment-de_DE.MO +0 -0
no-page-comment-settings.php +14 -8
no-page-comment.php +12 -3
readme.txt +9 -1

lang/no-page-comment-de_DE.MO ADDED Viewed

Binary file

no-page-comment-settings.php CHANGED Viewed

	@@ -5,26 +5,32 @@ if ( ! defined( 'ABSPATH' ) ) {
5	}
6	?>
7
8	- <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>" class="wrap npc-settings">






9
10	<?php
11	// Prints out the admin settings page
12	- $sta_npc_nonce = wp_create_nonce('sta_npc_nonce');
13	$sta_npc_options = $this->sta_npc_get_admin_options();
14
15	- if ( isset($_POST['update_sta_npc_plugin_settings']) ) {
16
17	- foreach ( get_post_types('','objects') as $posttype ) {
18	if ( in_array( $posttype->name, $this->excluded_posttypes ) )
19	continue;
20
21	- if ( isset($_POST['sta_npc_disable_comments_' . $posttype->name]) ) {
22	$sta_npc_options['disable_comments_' . $posttype->name] = $_POST['sta_npc_disable_comments_' . $posttype->name];
23	} else {
24	$sta_npc_options['disable_comments_' . $posttype->name] = 'false';
25	}
26
27	- if ( isset($_POST['sta_npc_disable_trackbacks_' . $posttype->name]) ) {
28	$sta_npc_options['disable_trackbacks_' . $posttype->name] = $_POST['sta_npc_disable_trackbacks_' . $posttype->name];
29	} else {
30	$sta_npc_options['disable_trackbacks_' . $posttype->name] = 'false';
	@@ -103,14 +109,14 @@ if ( isset($_POST['update_sta_npc_plugin_settings']) ) {
103	<div id="postbox-container-1" class="postbox-container">
104	<div class="meta-box-sortables">
105
106	- <div class="postbox">
107	<h3 style="cursor:default;"><span><?php _e('Other plugins by', $this->plugin_domain ); ?> <a href="http://sethalling.com/" title="Seth Alling" style="font-size:15px;">Seth Alling</a>:</span></h3>
108	<div class="inside">
109	<ul>
110	<li style="padding:5px 0;"><a href="http://sethalling.com/plugins/wordpress/wp-faqs-pro" title="WP FAQs Pro" target="_blank">WP FAQs Pro</a></li>
111	</ul>
112	</div>
113	- </div>
114
115	<div class="postbox">
116	<h3 style="cursor:default;"><span><?php _e('Support No Page Comment:', $this->plugin_domain ); ?></span></h3>


5	}
6	?>
7
8	+ <form method="post" action="<?php echo esc_url( $_SERVER['REQUEST_URI'] ); ?>" class="wrap npc-settings">
9	+
10	+ <?php
11	+ // Add nonce to prevent CSRF
12	+ wp_nonce_field( 'sta_npc_csrf_nonce' );
13	+ $nonce = ( isset( $_REQUEST['_wpnonce'] ) ) ? $_REQUEST['_wpnonce'] : false;
14	+ ?>
15
16	<?php
17	// Prints out the admin settings page
18	+ $sta_npc_nonce = wp_create_nonce( 'sta_npc_nonce' );
19	$sta_npc_options = $this->sta_npc_get_admin_options();
20
21	+ if ( wp_verify_nonce( $nonce, 'sta_npc_csrf_nonce' ) && isset( $_POST['update_sta_npc_plugin_settings'] ) ) {
22
23	+ foreach ( get_post_types( '', 'objects' ) as $posttype ) {
24	if ( in_array( $posttype->name, $this->excluded_posttypes ) )
25	continue;
26
27	+ if ( isset( $_POST['sta_npc_disable_comments_' . $posttype->name] ) ) {
28	$sta_npc_options['disable_comments_' . $posttype->name] = $_POST['sta_npc_disable_comments_' . $posttype->name];
29	} else {
30	$sta_npc_options['disable_comments_' . $posttype->name] = 'false';
31	}
32
33	+ if ( isset( $_POST['sta_npc_disable_trackbacks_' . $posttype->name] ) ) {
34	$sta_npc_options['disable_trackbacks_' . $posttype->name] = $_POST['sta_npc_disable_trackbacks_' . $posttype->name];
35	} else {
36	$sta_npc_options['disable_trackbacks_' . $posttype->name] = 'false';

109	<div id="postbox-container-1" class="postbox-container">
110	<div class="meta-box-sortables">
111
112	+ <?php /*<div class="postbox">
113	<h3 style="cursor:default;"><span><?php _e('Other plugins by', $this->plugin_domain ); ?> <a href="http://sethalling.com/" title="Seth Alling" style="font-size:15px;">Seth Alling</a>:</span></h3>
114	<div class="inside">
115	<ul>
116	<li style="padding:5px 0;"><a href="http://sethalling.com/plugins/wordpress/wp-faqs-pro" title="WP FAQs Pro" target="_blank">WP FAQs Pro</a></li>
117	</ul>
118	</div>
119	+ </div>*/ ?>
120
121	<div class="postbox">
122	<h3 style="cursor:default;"><span><?php _e('Support No Page Comment:', $this->plugin_domain ); ?></span></h3>

no-page-comment.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: No Page Comment
4	Plugin URI: http://sethalling.com/plugins/no-page-comment
5	Description: An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.
6	- Version: 1.1
7	Author: Seth Alling
8	Author URI: http://sethalling.com/
9	Text Domain: no-page-comment
	@@ -56,9 +56,13 @@ function sta_load_text_domain() {
56	add_action( 'init', 'sta_load_text_domain' ); // Set text domain for translation
57
58	if ( ! function_exists( 'sta_npc_load' ) ) {

59	function sta_npc_load() {

60	if ( ! class_exists( 'STA_NPC_Plugin' ) ) {

61	class STA_NPC_Plugin {

62	var $admin_options_name = 'sta_npc_options',
63	$admin_options_name_old = 'sta_npc_admin_options_name',
64	$plugin_domain = 'no-page-comment';
	@@ -72,14 +76,16 @@ if ( ! function_exists( 'sta_npc_load' ) ) {
72	'nav_menu_item',
73	'attachment'
74	);

75	public $excluded_posttypes = array(
76	'revision',
77	'nav_menu_item',
78	);
79	- ~~public $plugin_ver = '1.0.7';~~

80
81	// Plugin Constructor
82	- function ~~sta_npc_plugin~~() {
83	$this->plugin_dir = plugins_url( '/', __FILE__ );
84	$this->plugin_file = $this->plugin_name . '.php';
85	}
	@@ -121,6 +127,7 @@ if ( ! function_exists( 'sta_npc_load' ) ) {
121	foreach ( $sta_npc_options as $key => $option )
122	$sta_npc_admin_options[$key] = $option;
123	}

124	update_option( $this->admin_options_name, $sta_npc_admin_options );
125	return $sta_npc_admin_options;
126	}
	@@ -449,7 +456,9 @@ if ( ! function_exists( 'sta_npc_load' ) ) {
449	}
450
451	}

452	}

453	}
454
455	sta_npc_load();


3	Plugin Name: No Page Comment
4	Plugin URI: http://sethalling.com/plugins/no-page-comment
5	Description: An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.
6	+ Version: 1.2
7	Author: Seth Alling
8	Author URI: http://sethalling.com/
9	Text Domain: no-page-comment

56	add_action( 'init', 'sta_load_text_domain' ); // Set text domain for translation
57
58	if ( ! function_exists( 'sta_npc_load' ) ) {
59	+
60	function sta_npc_load() {
61	+
62	if ( ! class_exists( 'STA_NPC_Plugin' ) ) {
63	+
64	class STA_NPC_Plugin {
65	+
66	var $admin_options_name = 'sta_npc_options',
67	$admin_options_name_old = 'sta_npc_admin_options_name',
68	$plugin_domain = 'no-page-comment';

76	'nav_menu_item',
77	'attachment'
78	);
79	+
80	public $excluded_posttypes = array(
81	'revision',
82	'nav_menu_item',
83	);
84	+
85	+ public $plugin_ver = '1.2';
86
87	// Plugin Constructor
88	+ function __construct() {
89	$this->plugin_dir = plugins_url( '/', __FILE__ );
90	$this->plugin_file = $this->plugin_name . '.php';
91	}

127	foreach ( $sta_npc_options as $key => $option )
128	$sta_npc_admin_options[$key] = $option;
129	}
130	+
131	update_option( $this->admin_options_name, $sta_npc_admin_options );
132	return $sta_npc_admin_options;
133	}

456	}
457
458	}
459	+
460	}
461	+
462	}
463
464	sta_npc_load();

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Contributors: sethta
4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=5WWP2EDSCAJR4
5	Tags: admin, comments, custom post type, discussion, pages, posts, attachment, attachments, media, settings, tools, trackbacks
6	Requires at least: 3.1
7	- Tested up to: 4.3
8	Stable tag: trunk
9
10	An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.
	@@ -77,6 +77,11 @@ Of course, although *it is highly recommended that you backup your blog's databa
77
78	== Changelog ==
79





80	= 1.1 =
81	* UPDATE: WordPress 4.3 support.
82	* UPDATE: Rename settings option in database.
	@@ -128,6 +133,9 @@ Of course, although *it is highly recommended that you backup your blog's databa
128
129	== Upgrade Notice ==
130



131	= 1.1 =
132	Supports new core default comment change in WordPress 4.3. Adds database cleanup on uninstall. All previous No Page Comment settings will remain intact with upgrade.
133


4	Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=5WWP2EDSCAJR4
5	Tags: admin, comments, custom post type, discussion, pages, posts, attachment, attachments, media, settings, tools, trackbacks
6	Requires at least: 3.1
7	+ Tested up to: 4.6.1
8	Stable tag: trunk
9
10	An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

77
78	== Changelog ==
79
80	+ = 1.2 =
81	+ * SECURITY: Patch XSS security vulnerability.
82	+ * SECURITY: Patch CSRF security vulnerability.
83	+ * UPDATE: PHP 7 support.
84	+
85	= 1.1 =
86	* UPDATE: WordPress 4.3 support.
87	* UPDATE: Rename settings option in database.

133
134	== Upgrade Notice ==
135
136	+ = 1.2 =
137	+ Security fix. Supports PHP 7. Adds database cleanup on uninstall. All previous No Page Comment settings will remain intact with upgrade.
138	+
139	= 1.1 =
140	Supports new core default comment change in WordPress 4.3. Adds database cleanup on uninstall. All previous No Page Comment settings will remain intact with upgrade.
141