Version Description
- Avoid SSL verifications if certificate of remote endpoints fails.
- Security fixes : escape POST, and admin user check for AJAX requests
Download this release
Release Info
| Developer | resmushit |
| Plugin |  reSmush.it Image Optimizer |
| Version | 0.4.4 |
| Comparing to | |
| See all releases | |
Code changes from version 0.4.3 to 0.4.4
- classes/resmushit.class.php +6 -1
- classes/resmushitUI.class.php +2 -0
- readme.txt +5 -1
- resmushit.php +17 -14
- resmushit.settings.php +1 -1
classes/resmushit.class.php
CHANGED
|
@@ -65,6 +65,8 @@ Class reSmushit {
|
|
| 65 |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
| 66 |
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, RESMUSHIT_TIMEOUT);
|
| 67 |
curl_setopt($ch, CURLOPT_POST, true);
|
|
|
|
|
|
|
| 68 |
curl_setopt($ch, CURLOPT_USERAGENT, "Wordpress $wp_version/Resmush.it " . RESMUSHIT_VERSION . ' - ' . get_bloginfo('wpurl') );
|
| 69 |
|
| 70 |
if (!class_exists('CURLFile')) {
|
|
@@ -89,11 +91,14 @@ Class reSmushit {
|
|
| 89 |
if($json){
|
| 90 |
if (!isset($json->error)) {
|
| 91 |
if (ini_get('allow_url_fopen')) {
|
| 92 |
-
$
|
|
|
|
| 93 |
} else {
|
| 94 |
$ch = curl_init();
|
| 95 |
curl_setopt($ch, CURLOPT_URL, $json->dest);
|
| 96 |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
|
|
|
|
|
| 97 |
$data = curl_exec($ch);
|
| 98 |
curl_close($ch);
|
| 99 |
}
|
| 65 |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
| 66 |
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, RESMUSHIT_TIMEOUT);
|
| 67 |
curl_setopt($ch, CURLOPT_POST, true);
|
| 68 |
+
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
|
| 69 |
+
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
|
| 70 |
curl_setopt($ch, CURLOPT_USERAGENT, "Wordpress $wp_version/Resmush.it " . RESMUSHIT_VERSION . ' - ' . get_bloginfo('wpurl') );
|
| 71 |
|
| 72 |
if (!class_exists('CURLFile')) {
|
| 91 |
if($json){
|
| 92 |
if (!isset($json->error)) {
|
| 93 |
if (ini_get('allow_url_fopen')) {
|
| 94 |
+
$arrContextOptions= array("ssl" => array("verify_peer" => false,"verify_peer_name" => false));
|
| 95 |
+
$data = file_get_contents( $json->dest, false, stream_context_create($arrContextOptions) );
|
| 96 |
} else {
|
| 97 |
$ch = curl_init();
|
| 98 |
curl_setopt($ch, CURLOPT_URL, $json->dest);
|
| 99 |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
| 100 |
+
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
|
| 101 |
+
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
|
| 102 |
$data = curl_exec($ch);
|
| 103 |
curl_close($ch);
|
| 104 |
}
|
classes/resmushitUI.class.php
CHANGED
|
@@ -306,6 +306,8 @@ Class reSmushitUI {
|
|
| 306 |
curl_setopt($ch, CURLOPT_URL, RESMUSHIT_NEWSFEED);
|
| 307 |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
| 308 |
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
|
|
|
|
|
|
|
| 309 |
$data_raw = curl_exec($ch);
|
| 310 |
curl_close($ch);
|
| 311 |
$data = json_decode($data_raw);
|
| 306 |
curl_setopt($ch, CURLOPT_URL, RESMUSHIT_NEWSFEED);
|
| 307 |
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
|
| 308 |
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
|
| 309 |
+
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
|
| 310 |
+
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
|
| 311 |
$data_raw = curl_exec($ch);
|
| 312 |
curl_close($ch);
|
| 313 |
$data = json_decode($data_raw);
|
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: resmushit
|
|
| 3 |
Tags: image, optimizer, image optimization, resmush.it, smush, jpg, png, gif, optimization, compression, Compress, Images, Pictures, Reduce Image Size, Smush, Smush.it
|
| 4 |
Requires at least: 4.0.0
|
| 5 |
Tested up to: 6.0.1
|
| 6 |
-
Stable tag: 0.4.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -74,6 +74,10 @@ Yes ! Absolutely free, the only restriction is to send images below 5MB.
|
|
| 74 |
|
| 75 |
== Changelog ==
|
| 76 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 77 |
= 0.4.3 =
|
| 78 |
* Compatibility with WP 6.0.1
|
| 79 |
* Security fix issues (https://www.pluginvulnerabilities.com/2022/02/01/wordpress-plugin-security-review-resmush-it-image-optimizer/)
|
| 3 |
Tags: image, optimizer, image optimization, resmush.it, smush, jpg, png, gif, optimization, compression, Compress, Images, Pictures, Reduce Image Size, Smush, Smush.it
|
| 4 |
Requires at least: 4.0.0
|
| 5 |
Tested up to: 6.0.1
|
| 6 |
+
Stable tag: 0.4.4
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 74 |
|
| 75 |
== Changelog ==
|
| 76 |
|
| 77 |
+
= 0.4.4 =
|
| 78 |
+
* Avoid SSL verifications if certificate of remote endpoints fails.
|
| 79 |
+
* Security fixes : escape POST, and admin user check for AJAX requests
|
| 80 |
+
|
| 81 |
= 0.4.3 =
|
| 82 |
* Compatibility with WP 6.0.1
|
| 83 |
* Security fix issues (https://www.pluginvulnerabilities.com/2022/02/01/wordpress-plugin-security-review-resmush-it-image-optimizer/)
|
resmushit.php
CHANGED
|
@@ -10,8 +10,8 @@
|
|
| 10 |
* Plugin Name: reSmush.it Image Optimizer
|
| 11 |
* Plugin URI: https://wordpress.org/plugins/resmushit-image-optimizer/
|
| 12 |
* Description: Image Optimization API. Provides image size optimization
|
| 13 |
-
* Version: 0.4.
|
| 14 |
-
* Timestamp: 2022.08.
|
| 15 |
* Author: reSmush.it
|
| 16 |
* Author URI: https://resmush.it
|
| 17 |
* Author: Charles Bourgeaux
|
|
@@ -193,7 +193,10 @@ if(get_option('resmushit_on_upload'))
|
|
| 193 |
* @return json object
|
| 194 |
*/
|
| 195 |
function resmushit_bulk_get_images() {
|
| 196 |
-
|
|
|
|
|
|
|
|
|
|
| 197 |
echo reSmushit::getNonOptimizedPictures();
|
| 198 |
die();
|
| 199 |
}
|
|
@@ -210,8 +213,8 @@ add_action( 'wp_ajax_resmushit_bulk_get_images', 'resmushit_bulk_get_images' );
|
|
| 210 |
* @return json object
|
| 211 |
*/
|
| 212 |
function resmushit_update_disabled_state() {
|
| 213 |
-
if( !
|
| 214 |
-
return(json_encode(array('error' => 'User must be at least
|
| 215 |
die();
|
| 216 |
}
|
| 217 |
if(isset($_POST['data']['id']) && $_POST['data']['id'] != null && isset($_POST['data']['disabled'])){
|
|
@@ -233,13 +236,13 @@ add_action( 'wp_ajax_resmushit_update_disabled_state', 'resmushit_update_disable
|
|
| 233 |
* @return json object
|
| 234 |
*/
|
| 235 |
function resmushit_optimize_single_attachment() {
|
| 236 |
-
if( !
|
| 237 |
-
return(json_encode(array('error' => 'User must be at least
|
| 238 |
die();
|
| 239 |
}
|
| 240 |
if(isset($_POST['data']['id']) && $_POST['data']['id'] != null){
|
| 241 |
reSmushit::revert(sanitize_text_field((int)$_POST['data']['id']));
|
| 242 |
-
echo json_encode(reSmushit::getStatistics((int)$_POST['data']['id']));
|
| 243 |
}
|
| 244 |
die();
|
| 245 |
}
|
|
@@ -257,8 +260,8 @@ add_action( 'wp_ajax_resmushit_optimize_single_attachment', 'resmushit_optimize_
|
|
| 257 |
* @return boolean
|
| 258 |
*/
|
| 259 |
function resmushit_bulk_process_image() {
|
| 260 |
-
if( !
|
| 261 |
-
return(json_encode(array('error' => 'User must be at least
|
| 262 |
die();
|
| 263 |
}
|
| 264 |
rlog('Bulk optimization launched for file : ' . get_attached_file( sanitize_text_field((int)$_POST['data']['ID']) ));
|
|
@@ -279,8 +282,8 @@ add_action( 'wp_ajax_resmushit_bulk_process_image', 'resmushit_bulk_process_imag
|
|
| 279 |
* @return json object
|
| 280 |
*/
|
| 281 |
function resmushit_update_statistics() {
|
| 282 |
-
if( !
|
| 283 |
-
return(json_encode(array('error' => 'User must be at least
|
| 284 |
die();
|
| 285 |
}
|
| 286 |
$output = reSmushit::getStatistics();
|
|
@@ -449,7 +452,7 @@ add_action('update_option_resmushit_remove_unsmushed', 'resmushit_on_remove_unsm
|
|
| 449 |
*/
|
| 450 |
function resmushit_remove_backup_files() {
|
| 451 |
$return = array('success' => 0);
|
| 452 |
-
if( !
|
| 453 |
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 454 |
die();
|
| 455 |
}
|
|
@@ -491,7 +494,7 @@ function resmushit_get_image_id($image_url) {
|
|
| 491 |
* @return json object
|
| 492 |
*/
|
| 493 |
function resmushit_restore_backup_files() {
|
| 494 |
-
if( !
|
| 495 |
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 496 |
die();
|
| 497 |
}
|
| 10 |
* Plugin Name: reSmush.it Image Optimizer
|
| 11 |
* Plugin URI: https://wordpress.org/plugins/resmushit-image-optimizer/
|
| 12 |
* Description: Image Optimization API. Provides image size optimization
|
| 13 |
+
* Version: 0.4.4
|
| 14 |
+
* Timestamp: 2022.08.10
|
| 15 |
* Author: reSmush.it
|
| 16 |
* Author URI: https://resmush.it
|
| 17 |
* Author: Charles Bourgeaux
|
| 193 |
* @return json object
|
| 194 |
*/
|
| 195 |
function resmushit_bulk_get_images() {
|
| 196 |
+
if(!is_super_admin() && !current_user_can('administrator')) {
|
| 197 |
+
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 198 |
+
die();
|
| 199 |
+
}
|
| 200 |
echo reSmushit::getNonOptimizedPictures();
|
| 201 |
die();
|
| 202 |
}
|
| 213 |
* @return json object
|
| 214 |
*/
|
| 215 |
function resmushit_update_disabled_state() {
|
| 216 |
+
if(!is_super_admin() && !current_user_can('administrator')) {
|
| 217 |
+
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 218 |
die();
|
| 219 |
}
|
| 220 |
if(isset($_POST['data']['id']) && $_POST['data']['id'] != null && isset($_POST['data']['disabled'])){
|
| 236 |
* @return json object
|
| 237 |
*/
|
| 238 |
function resmushit_optimize_single_attachment() {
|
| 239 |
+
if(!is_super_admin() && !current_user_can('administrator')) {
|
| 240 |
+
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 241 |
die();
|
| 242 |
}
|
| 243 |
if(isset($_POST['data']['id']) && $_POST['data']['id'] != null){
|
| 244 |
reSmushit::revert(sanitize_text_field((int)$_POST['data']['id']));
|
| 245 |
+
echo json_encode(reSmushit::getStatistics(sanitize_text_field((int)$_POST['data']['id'])));
|
| 246 |
}
|
| 247 |
die();
|
| 248 |
}
|
| 260 |
* @return boolean
|
| 261 |
*/
|
| 262 |
function resmushit_bulk_process_image() {
|
| 263 |
+
if(!is_super_admin() && !current_user_can('administrator')) {
|
| 264 |
+
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 265 |
die();
|
| 266 |
}
|
| 267 |
rlog('Bulk optimization launched for file : ' . get_attached_file( sanitize_text_field((int)$_POST['data']['ID']) ));
|
| 282 |
* @return json object
|
| 283 |
*/
|
| 284 |
function resmushit_update_statistics() {
|
| 285 |
+
if(!is_super_admin() && !current_user_can('administrator')) {
|
| 286 |
+
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 287 |
die();
|
| 288 |
}
|
| 289 |
$output = reSmushit::getStatistics();
|
| 452 |
*/
|
| 453 |
function resmushit_remove_backup_files() {
|
| 454 |
$return = array('success' => 0);
|
| 455 |
+
if(!is_super_admin() && !current_user_can('administrator')) {
|
| 456 |
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 457 |
die();
|
| 458 |
}
|
| 494 |
* @return json object
|
| 495 |
*/
|
| 496 |
function resmushit_restore_backup_files() {
|
| 497 |
+
if(!is_super_admin() && !current_user_can('administrator')) {
|
| 498 |
return(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
|
| 499 |
die();
|
| 500 |
}
|
resmushit.settings.php
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
<?php
|
| 2 |
|
| 3 |
define('RESMUSHIT_ENDPOINT', 'http://api.resmush.it/');
|
| 4 |
-
define('RESMUSHIT_VERSION', '0.4.
|
| 5 |
define('RESMUSHIT_DEFAULT_QLTY', '92');
|
| 6 |
define('RESMUSHIT_TIMEOUT', '10');
|
| 7 |
define('RESMUSHIT_LOGS_PATH', 'resmushit.log');
|
| 1 |
<?php
|
| 2 |
|
| 3 |
define('RESMUSHIT_ENDPOINT', 'http://api.resmush.it/');
|
| 4 |
+
define('RESMUSHIT_VERSION', '0.4.4');
|
| 5 |
define('RESMUSHIT_DEFAULT_QLTY', '92');
|
| 6 |
define('RESMUSHIT_TIMEOUT', '10');
|
| 7 |
define('RESMUSHIT_LOGS_PATH', 'resmushit.log');
|
