Version Description
- Security fixes : prevent XSS breachs
Download this release
Release Info
| Developer | resmushit |
| Plugin |  reSmush.it Image Optimizer |
| Version | 0.4.5 |
| Comparing to | |
| See all releases | |
Code changes from version 0.4.4 to 0.4.5
- classes/resmushitUI.class.php +13 -13
- readme.txt +6 -2
- resmushit.php +4 -4
- resmushit.settings.php +1 -1
classes/resmushitUI.class.php
CHANGED
|
@@ -189,9 +189,9 @@ Class reSmushitUI {
|
|
| 189 |
<h3 class='icon_message info'>";
|
| 190 |
|
| 191 |
if($countfilesTooBigPictures > 1) {
|
| 192 |
-
echo $countfilesTooBigPictures . ' ' . __('pictures are too big (> 5MB) for the optimizer', 'resmushit-image-optimizer');
|
| 193 |
} else {
|
| 194 |
-
echo $countfilesTooBigPictures . ' ' . __('picture is too big (> 5MB) for the optimizer', 'resmushit-image-optimizer');
|
| 195 |
}
|
| 196 |
echo "</h3><div class='list-accordion'><h4>"
|
| 197 |
. __('List of files above 5MB', 'resmushit-image-optimizer')
|
|
@@ -202,11 +202,11 @@ Class reSmushitUI {
|
|
| 202 |
$filesize = reSmushitUI::sizeFormat(filesize(get_attached_file( $file->ID )));
|
| 203 |
|
| 204 |
echo "<li><a href='"
|
| 205 |
-
. wp_get_attachment_url( $file->ID )
|
| 206 |
. "' target='_blank'>"
|
| 207 |
. wp_get_attachment_image($file->ID, 'thumbnail')
|
| 208 |
. "<span>"
|
| 209 |
-
. $fileInfo['basename'] . ' (' . $filesize . ').</span></a></li>';
|
| 210 |
}
|
| 211 |
echo '</ul></div></div></div>';
|
| 212 |
|
|
@@ -323,17 +323,17 @@ Class reSmushitUI {
|
|
| 323 |
. "</span>";
|
| 324 |
if($news->picture) {
|
| 325 |
echo "<div class='news-img'><a href='"
|
| 326 |
-
. $news->link
|
| 327 |
. "' target='_blank'><img src='"
|
| 328 |
-
. $news->picture
|
| 329 |
. "' /></a></div>";
|
| 330 |
}
|
| 331 |
echo "<h3><a href='"
|
| 332 |
-
. $news->link
|
| 333 |
. "' target='_blank'>"
|
| 334 |
-
. $news->title
|
| 335 |
. "</a></h3><div class='news-content'>"
|
| 336 |
-
. $news->content
|
| 337 |
. "</div>";
|
| 338 |
}
|
| 339 |
}
|
|
@@ -482,7 +482,7 @@ Class reSmushitUI {
|
|
| 482 |
if($wpdb->get_results($query))
|
| 483 |
$attachment_resmushit_disabled = 'checked';
|
| 484 |
|
| 485 |
-
$output = '<input type="checkbox" data-attachment-id="'. $id .'"" class="rsmt-trigger--disabled-checkbox" '. $attachment_resmushit_disabled .' />';
|
| 486 |
|
| 487 |
if($return)
|
| 488 |
return $output;
|
|
@@ -505,11 +505,11 @@ Class reSmushitUI {
|
|
| 505 |
$output = '-';
|
| 506 |
}
|
| 507 |
else if(reSmushit::getAttachmentQuality($attachment_id) != reSmushit::getPictureQualitySetting())
|
| 508 |
-
$output = '<input type="button" value="'. __('Optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. $attachment_id .'" class="button wp-smush-send" />';
|
| 509 |
else{
|
| 510 |
$statistics = reSmushit::getStatistics($attachment_id);
|
| 511 |
-
$output = __('Reduced by', 'resmushit-image-optimizer') . " ". $statistics['total_saved_size_nice'] ." (". $statistics['percent_reduction'] . ' ' . __('saved', 'resmushit-image-optimizer') . ")";
|
| 512 |
-
$output .= '<input type="button" value="'. __('Force re-optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. $attachment_id .'" class="button wp-smush-send" />';
|
| 513 |
}
|
| 514 |
|
| 515 |
if($return)
|
| 189 |
<h3 class='icon_message info'>";
|
| 190 |
|
| 191 |
if($countfilesTooBigPictures > 1) {
|
| 192 |
+
echo htmlspecialchars($countfilesTooBigPictures, ENT_QUOTES, 'UTF-8') . ' ' . __('pictures are too big (> 5MB) for the optimizer', 'resmushit-image-optimizer');
|
| 193 |
} else {
|
| 194 |
+
echo htmlspecialchars($countfilesTooBigPictures, ENT_QUOTES, 'UTF-8') . ' ' . __('picture is too big (> 5MB) for the optimizer', 'resmushit-image-optimizer');
|
| 195 |
}
|
| 196 |
echo "</h3><div class='list-accordion'><h4>"
|
| 197 |
. __('List of files above 5MB', 'resmushit-image-optimizer')
|
| 202 |
$filesize = reSmushitUI::sizeFormat(filesize(get_attached_file( $file->ID )));
|
| 203 |
|
| 204 |
echo "<li><a href='"
|
| 205 |
+
. htmlspecialchars(wp_get_attachment_url( $file->ID ), ENT_QUOTES, 'UTF-8')
|
| 206 |
. "' target='_blank'>"
|
| 207 |
. wp_get_attachment_image($file->ID, 'thumbnail')
|
| 208 |
. "<span>"
|
| 209 |
+
. htmlspecialchars($fileInfo['basename'], ENT_QUOTES, 'UTF-8') . ' (' . $filesize . ').</span></a></li>';
|
| 210 |
}
|
| 211 |
echo '</ul></div></div></div>';
|
| 212 |
|
| 323 |
. "</span>";
|
| 324 |
if($news->picture) {
|
| 325 |
echo "<div class='news-img'><a href='"
|
| 326 |
+
. htmlspecialchars($news->link, ENT_QUOTES, 'UTF-8')
|
| 327 |
. "' target='_blank'><img src='"
|
| 328 |
+
. htmlspecialchars($news->picture, ENT_QUOTES, 'UTF-8')
|
| 329 |
. "' /></a></div>";
|
| 330 |
}
|
| 331 |
echo "<h3><a href='"
|
| 332 |
+
. htmlspecialchars($news->link, ENT_QUOTES, 'UTF-8')
|
| 333 |
. "' target='_blank'>"
|
| 334 |
+
. htmlspecialchars($news->title, ENT_QUOTES, 'UTF-8')
|
| 335 |
. "</a></h3><div class='news-content'>"
|
| 336 |
+
. htmlspecialchars($news->content, ENT_QUOTES, 'UTF-8')
|
| 337 |
. "</div>";
|
| 338 |
}
|
| 339 |
}
|
| 482 |
if($wpdb->get_results($query))
|
| 483 |
$attachment_resmushit_disabled = 'checked';
|
| 484 |
|
| 485 |
+
$output = '<input type="checkbox" data-attachment-id="'. htmlspecialchars($id, ENT_QUOTES, 'UTF-8') .'"" class="rsmt-trigger--disabled-checkbox" '. $attachment_resmushit_disabled .' />';
|
| 486 |
|
| 487 |
if($return)
|
| 488 |
return $output;
|
| 505 |
$output = '-';
|
| 506 |
}
|
| 507 |
else if(reSmushit::getAttachmentQuality($attachment_id) != reSmushit::getPictureQualitySetting())
|
| 508 |
+
$output = '<input type="button" value="'. __('Optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. htmlspecialchars($attachment_id, ENT_QUOTES, 'UTF-8') .'" class="button wp-smush-send" />';
|
| 509 |
else{
|
| 510 |
$statistics = reSmushit::getStatistics($attachment_id);
|
| 511 |
+
$output = __('Reduced by', 'resmushit-image-optimizer') . " ". htmlspecialchars($statistics['total_saved_size_nice'], ENT_QUOTES, 'UTF-8') ." (". htmlspecialchars($statistics['percent_reduction'], ENT_QUOTES, 'UTF-8') . ' ' . __('saved', 'resmushit-image-optimizer') . ")";
|
| 512 |
+
$output .= '<input type="button" value="'. __('Force re-optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. htmlspecialchars($attachment_id, ENT_QUOTES, 'UTF-8') .'" class="button wp-smush-send" />';
|
| 513 |
}
|
| 514 |
|
| 515 |
if($return)
|
readme.txt
CHANGED
|
@@ -2,8 +2,8 @@
|
|
| 2 |
Contributors: resmushit
|
| 3 |
Tags: image, optimizer, image optimization, resmush.it, smush, jpg, png, gif, optimization, compression, Compress, Images, Pictures, Reduce Image Size, Smush, Smush.it
|
| 4 |
Requires at least: 4.0.0
|
| 5 |
-
Tested up to: 6.0.
|
| 6 |
-
Stable tag: 0.4.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -74,6 +74,10 @@ Yes ! Absolutely free, the only restriction is to send images below 5MB.
|
|
| 74 |
|
| 75 |
== Changelog ==
|
| 76 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 77 |
= 0.4.4 =
|
| 78 |
* Avoid SSL verifications if certificate of remote endpoints fails.
|
| 79 |
* Security fixes : escape POST, and admin user check for AJAX requests
|
| 2 |
Contributors: resmushit
|
| 3 |
Tags: image, optimizer, image optimization, resmush.it, smush, jpg, png, gif, optimization, compression, Compress, Images, Pictures, Reduce Image Size, Smush, Smush.it
|
| 4 |
Requires at least: 4.0.0
|
| 5 |
+
Tested up to: 6.0.2
|
| 6 |
+
Stable tag: 0.4.5
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 74 |
|
| 75 |
== Changelog ==
|
| 76 |
|
| 77 |
+
|
| 78 |
+
= 0.4.5 =
|
| 79 |
+
* Security fixes : prevent XSS breachs
|
| 80 |
+
|
| 81 |
= 0.4.4 =
|
| 82 |
* Avoid SSL verifications if certificate of remote endpoints fails.
|
| 83 |
* Security fixes : escape POST, and admin user check for AJAX requests
|
resmushit.php
CHANGED
|
@@ -10,8 +10,8 @@
|
|
| 10 |
* Plugin Name: reSmush.it Image Optimizer
|
| 11 |
* Plugin URI: https://wordpress.org/plugins/resmushit-image-optimizer/
|
| 12 |
* Description: Image Optimization API. Provides image size optimization
|
| 13 |
-
* Version: 0.4.
|
| 14 |
-
* Timestamp: 2022.
|
| 15 |
* Author: reSmush.it
|
| 16 |
* Author URI: https://resmush.it
|
| 17 |
* Author: Charles Bourgeaux
|
|
@@ -218,7 +218,7 @@ function resmushit_update_disabled_state() {
|
|
| 218 |
die();
|
| 219 |
}
|
| 220 |
if(isset($_POST['data']['id']) && $_POST['data']['id'] != null && isset($_POST['data']['disabled'])){
|
| 221 |
-
echo reSmushit::updateDisabledState(sanitize_text_field((int)$_POST['data']['id']), sanitize_text_field($_POST['data']['disabled']));
|
| 222 |
}
|
| 223 |
die();
|
| 224 |
}
|
|
@@ -265,7 +265,7 @@ function resmushit_bulk_process_image() {
|
|
| 265 |
die();
|
| 266 |
}
|
| 267 |
rlog('Bulk optimization launched for file : ' . get_attached_file( sanitize_text_field((int)$_POST['data']['ID']) ));
|
| 268 |
-
echo reSmushit::revert(sanitize_text_field((int)$_POST['data']['ID']));
|
| 269 |
die();
|
| 270 |
}
|
| 271 |
add_action( 'wp_ajax_resmushit_bulk_process_image', 'resmushit_bulk_process_image' );
|
| 10 |
* Plugin Name: reSmush.it Image Optimizer
|
| 11 |
* Plugin URI: https://wordpress.org/plugins/resmushit-image-optimizer/
|
| 12 |
* Description: Image Optimization API. Provides image size optimization
|
| 13 |
+
* Version: 0.4.5
|
| 14 |
+
* Timestamp: 2022.09.13
|
| 15 |
* Author: reSmush.it
|
| 16 |
* Author URI: https://resmush.it
|
| 17 |
* Author: Charles Bourgeaux
|
| 218 |
die();
|
| 219 |
}
|
| 220 |
if(isset($_POST['data']['id']) && $_POST['data']['id'] != null && isset($_POST['data']['disabled'])){
|
| 221 |
+
echo htmlspecialchars(reSmushit::updateDisabledState(sanitize_text_field((int)$_POST['data']['id']), sanitize_text_field($_POST['data']['disabled'])), ENT_NOQUOTES, 'UTF-8');
|
| 222 |
}
|
| 223 |
die();
|
| 224 |
}
|
| 265 |
die();
|
| 266 |
}
|
| 267 |
rlog('Bulk optimization launched for file : ' . get_attached_file( sanitize_text_field((int)$_POST['data']['ID']) ));
|
| 268 |
+
echo htmlspecialchars(reSmushit::revert(sanitize_text_field((int)$_POST['data']['ID'])), ENT_QUOTES, 'UTF-8');
|
| 269 |
die();
|
| 270 |
}
|
| 271 |
add_action( 'wp_ajax_resmushit_bulk_process_image', 'resmushit_bulk_process_image' );
|
resmushit.settings.php
CHANGED
|
@@ -1,7 +1,7 @@
|
|
| 1 |
<?php
|
| 2 |
|
| 3 |
define('RESMUSHIT_ENDPOINT', 'http://api.resmush.it/');
|
| 4 |
-
define('RESMUSHIT_VERSION', '0.4.
|
| 5 |
define('RESMUSHIT_DEFAULT_QLTY', '92');
|
| 6 |
define('RESMUSHIT_TIMEOUT', '10');
|
| 7 |
define('RESMUSHIT_LOGS_PATH', 'resmushit.log');
|
| 1 |
<?php
|
| 2 |
|
| 3 |
define('RESMUSHIT_ENDPOINT', 'http://api.resmush.it/');
|
| 4 |
+
define('RESMUSHIT_VERSION', '0.4.5');
|
| 5 |
define('RESMUSHIT_DEFAULT_QLTY', '92');
|
| 6 |
define('RESMUSHIT_TIMEOUT', '10');
|
| 7 |
define('RESMUSHIT_LOGS_PATH', 'resmushit.log');
|
