Per page add to head - Version 1.4.3

Version Description

  • Addressed a security vulnerability
Download this release

Release Info

Developer Erikvona
Plugin Icon wp plugin Per page add to head
Version 1.4.3
Comparing to
See all releases

Code changes from version 1.4.2 to 1.4.3

Files changed (3) hide show
  1. perpagehead.php +1 -1
  2. readme.txt +4 -1
  3. settings.php +5 -3
perpagehead.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Per page head
4
  Plugin URI: http://www.evona.nl/plugins/per-page-head
5
  Description: Allows you to add content into the <head> section for a specific page, like custom JS or custom HTML
6
- Version: 1.4.2
7
  Author: Erik von Asmuth
8
  Author URI: http://evona.nl/over-mij/
9
  License: GPLv2
3
  Plugin Name: Per page head
4
  Plugin URI: http://www.evona.nl/plugins/per-page-head
5
  Description: Allows you to add content into the <head> section for a specific page, like custom JS or custom HTML
6
+ Version: 1.4.3
7
  Author: Erik von Asmuth
8
  Author URI: http://evona.nl/over-mij/
9
  License: GPLv2
readme.txt CHANGED
@@ -6,7 +6,7 @@ Author URI: http://evona.nl/over-mij
6
  Author: Erik von Asmuth (Erikvona)
7
  Requires at least: 3.5
8
  Tested up to: 4.7
9
- Stable tag: 1.4.2
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -35,6 +35,9 @@ Installation is plain and simple
35
  1. You can also add head to all posts! Just use settings -> per page add to head
36
 
37
  == Changelog ==
 
 
 
38
  = 1.4.2 =
39
  - Fixed some more errors reintroduced in version 1.4
40
 
6
  Author: Erik von Asmuth (Erikvona)
7
  Requires at least: 3.5
8
  Tested up to: 4.7
9
+ Stable tag: 1.4.3
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
35
  1. You can also add head to all posts! Just use settings -> per page add to head
36
 
37
  == Changelog ==
38
+ = 1.4.3 =
39
+ - Addressed a security vulnerability
40
+
41
  = 1.4.2 =
42
  - Fixed some more errors reintroduced in version 1.4
43
 
settings.php CHANGED
@@ -24,7 +24,7 @@ function perpageath_config(){
24
  $html = get_option('ppath_head_every_page', "");
25
  }
26
  }
27
- if(isset($_POST['html']) && current_user_can('add-to-head')){
28
  $newhtml = stripslashes_deep($_POST['html']);
29
  if($newhtml == $html){
30
  _e('HTML not updated', 'per-page-ath');
@@ -56,11 +56,12 @@ function perpageath_config(){
56
  }
57
  $posttypesallowednow = get_option('ppath_types_allowed', array('post', 'page'));
58
 
59
- if(isset($_POST['submit'])){
 
60
  //Role management
61
  //Check if all values are really roles
62
  $optionroles = array('administrator');
63
- if(isset($_POST['rolesallowed'])&& is_array($_POST['rolesallowed'])){
64
  foreach($_POST['rolesallowed'] as $roleallowed){
65
  if($wp_roles->is_role($roleallowed)){
66
  $optionroles[]=$roleallowed;
@@ -152,6 +153,7 @@ function perpageath_config(){
152
  </table>
153
  <?php
154
  submit_button();
 
155
  endif;
156
  echo "</form></div>";
157
  }
24
  $html = get_option('ppath_head_every_page', "");
25
  }
26
  }
27
+ if(isset($_POST['html']) && current_user_can('add-to-head') && wp_verify_nonce($_POST['_wpnonce'], 'per-page-ath-settings' )){
28
  $newhtml = stripslashes_deep($_POST['html']);
29
  if($newhtml == $html){
30
  _e('HTML not updated', 'per-page-ath');
56
  }
57
  $posttypesallowednow = get_option('ppath_types_allowed', array('post', 'page'));
58
 
59
+ if(isset($_POST['submit']) && wp_verify_nonce($_POST['_wpnonce'], 'per-page-ath-settings' )){
60
+
61
  //Role management
62
  //Check if all values are really roles
63
  $optionroles = array('administrator');
64
+ if(isset($_POST['rolesallowed']) && is_array($_POST['rolesallowed'])){
65
  foreach($_POST['rolesallowed'] as $roleallowed){
66
  if($wp_roles->is_role($roleallowed)){
67
  $optionroles[]=$roleallowed;
153
  </table>
154
  <?php
155
  submit_button();
156
+ wp_nonce_field( 'per-page-ath-settings' );
157
  endif;
158
  echo "</form></div>";
159
  }