reSmush.it Image Optimizer - Version 0.4.7

Version Description

  • Security fixes : CSRF protection for Ajax Calls
Download this release

Release Info

Developer resmushit
Plugin Icon 128x128 reSmush.it Image Optimizer
Version 0.4.7
Comparing to
See all releases

Code changes from version 0.4.6 to 0.4.7

Files changed (5) hide show
  1. classes/resmushitUI.class.php +13 -11
  2. js/script.js +23 -10
  3. readme.txt +6 -3
  4. resmushit.php +31 -4
  5. resmushit.settings.php +1 -1
classes/resmushitUI.class.php CHANGED
@@ -162,8 +162,8 @@ Class reSmushitUI {
162
  $countNonOptimizedPictures .= '+';
163
  }
164
 
165
- echo wp_kses_post("<div class='rsmt-bulk'><div class='non-optimized-wrapper $additionnalClassNeedOptimization'><h3 class='icon_message warning'>");
166
-
167
  if(get_option('resmushit_cron') && get_option('resmushit_cron') == 1) {
168
  echo wp_kses_post("<em>$countNonOptimizedPictures "
169
  . __('non optimized pictures will be automatically optimized', 'resmushit-image-optimizer')
@@ -185,7 +185,7 @@ Class reSmushitUI {
185
  'onclick' => array()
186
  )));
187
 
188
- echo wp_kses("</p><p class='submit' id='bulk-resize-examine-button'><button class='button-primary' onclick='resmushit_bulk_resize(\"bulk_resize_image_list\");'>", $allowed_html);
189
 
190
  if(get_option('resmushit_cron') && get_option('resmushit_cron') == 1) {
191
  echo wp_kses_post(__('Optimize all pictures manually', 'resmushit-image-optimizer'));
@@ -319,14 +319,15 @@ Class reSmushitUI {
319
  'type' => array(),
320
  'value' => array(),
321
  'class' => array(),
322
- 'name' => array()
 
323
  )));
324
 
325
  echo wp_kses("<div class='rsmt-restore'>"
326
  . '<p><strong>'
327
  . __('Warning! By clicking the button below, you will restore all the original pictures, as before reSmush.it Image Optimizer installation. You will not have your pictures optimized! We strongly advice to be sure to have a complete backup of your website before performing this action', 'resmushit-image-optimizer')
328
  . '</strong></p><p>'
329
- . '<input type="button" value="'. __('Restore ALL my original pictures', 'resmushit-image-optimizer') .'" class="rsmt-trigger--restore-backup-files button media-button select-mode-toggle-button" name="resmushit" class="button wp-smush-send" />'
330
  . '</div>', $allowed_html);
331
  self::fullWidthPanelEndWrapper();
332
  }
@@ -455,6 +456,7 @@ Class reSmushitUI {
455
  'value' => array(),
456
  'class' => array(),
457
  'name' => array(),
 
458
  )));
459
  echo wp_kses("<div class='rsmt-alert'>"
460
  . "<h3 class='icon_message warning'>"
@@ -465,7 +467,7 @@ Class reSmushitUI {
465
  . '</p><p>'
466
  . sprintf( __( 'We have found %s files ready to be removed', 'resmushit-image-optimizer' ), count(detect_unsmushed_files()) )
467
  . '</p><p>'
468
- . '<input type="button" value="'. __('Remove backup files', 'resmushit-image-optimizer') .'" class="rsmt-trigger--remove-backup-files button media-button select-mode-toggle-button" name="resmushit" class="button wp-smush-send" />'
469
  . "</div>", $allowed_html);
470
  }
471
  }
@@ -530,7 +532,7 @@ Class reSmushitUI {
530
  if($wpdb->get_results($query))
531
  $attachment_resmushit_disabled = 'checked';
532
 
533
- $output = '<input type="checkbox" data-attachment-id="'. $id .'"" class="rsmt-trigger--disabled-checkbox" '. $attachment_resmushit_disabled .' />';
534
 
535
  if($return)
536
  return $output;
@@ -538,7 +540,7 @@ Class reSmushitUI {
538
  $allowed_html = array(
539
  'input' => array(
540
  'type' => array(),
541
- 'data-attachment-id' => array(),
542
  'checked' => array(),
543
  ));
544
  echo wp_kses($output, $allowed_html);
@@ -560,11 +562,11 @@ Class reSmushitUI {
560
  $output = '-';
561
  }
562
  else if(reSmushit::getAttachmentQuality($attachment_id) != reSmushit::getPictureQualitySetting())
563
- $output = '<input type="button" value="'. __('Optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. $attachment_id .'" class="button wp-smush-send" />';
564
  else{
565
  $statistics = reSmushit::getStatistics($attachment_id);
566
  $output = __('Reduced by', 'resmushit-image-optimizer') . " ". $statistics['total_saved_size_nice'] ." (". $statistics['percent_reduction'] . ' ' . __('saved', 'resmushit-image-optimizer') . ")";
567
- $output .= '<input type="button" value="'. __('Force re-optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. $attachment_id .'" class="button wp-smush-send" />';
568
  }
569
 
570
  if($return)
@@ -575,7 +577,7 @@ Class reSmushitUI {
575
  'value' => array(),
576
  'class' => array(),
577
  'name' => array(),
578
- 'data-attachment-id' => array(),
579
  'checked' => array(),
580
  )));
581
  echo wp_kses($output, $allowed_html);
162
  $countNonOptimizedPictures .= '+';
163
  }
164
 
165
+ echo wp_kses_post("<div class='rsmt-bulk' data-csrf='" . wp_create_nonce( 'bulk_process_image' ) . "'><div class='non-optimized-wrapper $additionnalClassNeedOptimization'><h3 class='icon_message warning'>");
166
+
167
  if(get_option('resmushit_cron') && get_option('resmushit_cron') == 1) {
168
  echo wp_kses_post("<em>$countNonOptimizedPictures "
169
  . __('non optimized pictures will be automatically optimized', 'resmushit-image-optimizer')
185
  'onclick' => array()
186
  )));
187
 
188
+ echo wp_kses("</p><p class='submit' id='bulk-resize-examine-button'><button class='button-primary' onclick='resmushit_bulk_resize(\"bulk_resize_image_list\", \"" . wp_create_nonce( 'bulk_resize' ) . "\");'>", $allowed_html);
189
 
190
  if(get_option('resmushit_cron') && get_option('resmushit_cron') == 1) {
191
  echo wp_kses_post(__('Optimize all pictures manually', 'resmushit-image-optimizer'));
319
  'type' => array(),
320
  'value' => array(),
321
  'class' => array(),
322
+ 'name' => array(),
323
+ 'data-csrf' => array(),
324
  )));
325
 
326
  echo wp_kses("<div class='rsmt-restore'>"
327
  . '<p><strong>'
328
  . __('Warning! By clicking the button below, you will restore all the original pictures, as before reSmush.it Image Optimizer installation. You will not have your pictures optimized! We strongly advice to be sure to have a complete backup of your website before performing this action', 'resmushit-image-optimizer')
329
  . '</strong></p><p>'
330
+ . '<input type="button" data-csrf="'. wp_create_nonce( 'restore_library' ) .'" value="'. __('Restore ALL my original pictures', 'resmushit-image-optimizer') .'" class="rsmt-trigger--restore-backup-files button media-button select-mode-toggle-button" name="resmushit" class="button wp-smush-send" />'
331
  . '</div>', $allowed_html);
332
  self::fullWidthPanelEndWrapper();
333
  }
456
  'value' => array(),
457
  'class' => array(),
458
  'name' => array(),
459
+ 'data-csrf' => array()
460
  )));
461
  echo wp_kses("<div class='rsmt-alert'>"
462
  . "<h3 class='icon_message warning'>"
467
  . '</p><p>'
468
  . sprintf( __( 'We have found %s files ready to be removed', 'resmushit-image-optimizer' ), count(detect_unsmushed_files()) )
469
  . '</p><p>'
470
+ . '<input type="button" value="'. __('Remove backup files', 'resmushit-image-optimizer') .'" data-csrf="'. wp_create_nonce( 'remove_backup' ) .'" class="rsmt-trigger--remove-backup-files button media-button select-mode-toggle-button" name="resmushit" class="button wp-smush-send" />'
471
  . "</div>", $allowed_html);
472
  }
473
  }
532
  if($wpdb->get_results($query))
533
  $attachment_resmushit_disabled = 'checked';
534
 
535
+ $output = '<input type="checkbox" data-attachment-id="'. $id .'"" data-csrf="'. wp_create_nonce( 'single_attachment' ) .'"" class="rsmt-trigger--disabled-checkbox" '. $attachment_resmushit_disabled .' />';
536
 
537
  if($return)
538
  return $output;
540
  $allowed_html = array(
541
  'input' => array(
542
  'type' => array(),
543
+ 'data-*' => array(),
544
  'checked' => array(),
545
  ));
546
  echo wp_kses($output, $allowed_html);
562
  $output = '-';
563
  }
564
  else if(reSmushit::getAttachmentQuality($attachment_id) != reSmushit::getPictureQualitySetting())
565
+ $output = '<input type="button" data-csrf="' . wp_create_nonce( 'single_attachment' ) . '" value="'. __('Optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. $attachment_id .'" class="button wp-smush-send" />';
566
  else{
567
  $statistics = reSmushit::getStatistics($attachment_id);
568
  $output = __('Reduced by', 'resmushit-image-optimizer') . " ". $statistics['total_saved_size_nice'] ." (". $statistics['percent_reduction'] . ' ' . __('saved', 'resmushit-image-optimizer') . ")";
569
+ $output .= '<input type="button" data-csrf="' . wp_create_nonce( 'single_attachment' ) . '" value="'. __('Force re-optimize', 'resmushit-image-optimizer') .'" class="rsmt-trigger--optimize-attachment button media-button select-mode-toggle-button" name="resmushit" data-attachment-id="'. $attachment_id .'" class="button wp-smush-send" />';
570
  }
571
 
572
  if($return)
577
  'value' => array(),
578
  'class' => array(),
579
  'name' => array(),
580
+ 'data-*' => array(),
581
  'checked' => array(),
582
  )));
583
  echo wp_kses($output, $allowed_html);
js/script.js CHANGED
@@ -43,10 +43,12 @@ restoreBackupFiles();
43
  */
44
  function resmushit_bulk_process(bulk, item){
45
  var error_occured = false;
 
46
  jQuery.post(
47
  ajaxurl, {
48
  action: 'resmushit_bulk_process_image',
49
- data: bulk[item]
 
50
  },
51
  function(response) {
52
  if(response == 'failed')
@@ -97,7 +99,7 @@ function resmushit_bulk_process(bulk, item){
97
  * ajax post to return all images that are candidates for resizing
98
  * @param string the id of the html element into which results will be appended
99
  */
100
- function resmushit_bulk_resize(container_id) {
101
  container = jQuery('#'+container_id);
102
  container.html('<div id="bulk_resize_target">');
103
  jQuery('#bulk-resize-examine-button').fadeOut(200);
@@ -111,10 +113,12 @@ function resmushit_bulk_resize(container_id) {
111
  function() {
112
  jQuery.post(
113
  ajaxurl,
114
- { action: 'resmushit_bulk_get_images' },
115
  function(response) {
116
- var images = JSON.parse(response);
117
- if (images.nonoptimized.length > 0) {
 
 
118
  bulkTotalimages = images.nonoptimized.length;
119
  target.html('<div class="loading--bulk"><span class="loader"></span><br />' + bulkTotalimages + ' attachment(s) found, starting optimization...</div>');
120
  flag_removed = false;
@@ -133,9 +137,11 @@ function resmushit_bulk_resize(container_id) {
133
  * ajax post to update statistics
134
  */
135
  function updateStatistics() {
 
136
  jQuery.post(
137
  ajaxurl, {
138
- action: 'resmushit_update_statistics'
 
139
  },
140
  function(response) {
141
  statistics = JSON.parse(response);
@@ -159,11 +165,12 @@ function updateDisabledState() {
159
  jQuery(current).prop('disabled', true);
160
  var disabledState = jQuery(current).is(':checked');
161
  var postID = jQuery(current).attr('data-attachment-id');
 
162
 
163
  jQuery.post(
164
  ajaxurl, {
165
  action: 'resmushit_update_disabled_state',
166
- data: {id: postID, disabled: disabledState}
167
  },
168
  function(response) {
169
  jQuery(current).removeClass('rsmt-disable-loader');
@@ -199,10 +206,12 @@ function optimizeSingleAttachment() {
199
  jQuery(current).prop('disabled', true);
200
  var disabledState = jQuery(current).is(':checked');
201
  var postID = jQuery(current).attr('data-attachment-id');
 
 
202
  jQuery.post(
203
  ajaxurl, {
204
  action: 'resmushit_optimize_single_attachment',
205
- data: {id: postID}
206
  },
207
  function(response) {
208
  var statistics = jQuery.parseJSON(response);
@@ -224,9 +233,11 @@ function removeBackupFiles() {
224
  var current = this;
225
  jQuery(current).val('Removing backups...');
226
  jQuery(current).prop('disabled', true);
 
227
  jQuery.post(
228
  ajaxurl, {
229
- action: 'resmushit_remove_backup_files'
 
230
  },
231
  function(response) {
232
  var data = jQuery.parseJSON(response);
@@ -250,9 +261,11 @@ function restoreBackupFiles() {
250
  var current = this;
251
  jQuery(current).val('Restoring backups...');
252
  jQuery(current).prop('disabled', true);
 
253
  jQuery.post(
254
  ajaxurl, {
255
- action: 'resmushit_restore_backup_files'
 
256
  },
257
  function(response) {
258
  var data = jQuery.parseJSON(response);
43
  */
44
  function resmushit_bulk_process(bulk, item){
45
  var error_occured = false;
46
+ var csrf_token = jQuery('.rsmt-bulk').attr('data-csrf');
47
  jQuery.post(
48
  ajaxurl, {
49
  action: 'resmushit_bulk_process_image',
50
+ data: bulk[item],
51
+ csrf: csrf_token
52
  },
53
  function(response) {
54
  if(response == 'failed')
99
  * ajax post to return all images that are candidates for resizing
100
  * @param string the id of the html element into which results will be appended
101
  */
102
+ function resmushit_bulk_resize(container_id, csrf_token) {
103
  container = jQuery('#'+container_id);
104
  container.html('<div id="bulk_resize_target">');
105
  jQuery('#bulk-resize-examine-button').fadeOut(200);
113
  function() {
114
  jQuery.post(
115
  ajaxurl,
116
+ { action: 'resmushit_bulk_get_images', csrf: csrf_token },
117
  function(response) {
118
+ var images = JSON.parse(response);
119
+ if (images.hasOwnProperty('error')) {
120
+ target.html('<div>' + images.error + '.</div>');
121
+ } else if (images.hasOwnProperty('nonoptimized') && images.nonoptimized.length > 0) {
122
  bulkTotalimages = images.nonoptimized.length;
123
  target.html('<div class="loading--bulk"><span class="loader"></span><br />' + bulkTotalimages + ' attachment(s) found, starting optimization...</div>');
124
  flag_removed = false;
137
  * ajax post to update statistics
138
  */
139
  function updateStatistics() {
140
+ var csrf_token = jQuery('.rsmt-bulk').attr('data-csrf');
141
  jQuery.post(
142
  ajaxurl, {
143
+ action: 'resmushit_update_statistics',
144
+ csrf: csrf_token
145
  },
146
  function(response) {
147
  statistics = JSON.parse(response);
165
  jQuery(current).prop('disabled', true);
166
  var disabledState = jQuery(current).is(':checked');
167
  var postID = jQuery(current).attr('data-attachment-id');
168
+ var csrfToken = jQuery(current).attr('data-csrf');
169
 
170
  jQuery.post(
171
  ajaxurl, {
172
  action: 'resmushit_update_disabled_state',
173
+ data: {id: postID, disabled: disabledState, csrf: csrfToken}
174
  },
175
  function(response) {
176
  jQuery(current).removeClass('rsmt-disable-loader');
206
  jQuery(current).prop('disabled', true);
207
  var disabledState = jQuery(current).is(':checked');
208
  var postID = jQuery(current).attr('data-attachment-id');
209
+ var csrf_token = jQuery(current).attr('data-csrf');
210
+
211
  jQuery.post(
212
  ajaxurl, {
213
  action: 'resmushit_optimize_single_attachment',
214
+ data: {id: postID, csrf: csrf_token}
215
  },
216
  function(response) {
217
  var statistics = jQuery.parseJSON(response);
233
  var current = this;
234
  jQuery(current).val('Removing backups...');
235
  jQuery(current).prop('disabled', true);
236
+ var csrf_token = jQuery(current).attr('data-csrf');
237
  jQuery.post(
238
  ajaxurl, {
239
+ action: 'resmushit_remove_backup_files',
240
+ csrf: csrf_token
241
  },
242
  function(response) {
243
  var data = jQuery.parseJSON(response);
261
  var current = this;
262
  jQuery(current).val('Restoring backups...');
263
  jQuery(current).prop('disabled', true);
264
+ var csrf_token = jQuery(current).attr('data-csrf');
265
  jQuery.post(
266
  ajaxurl, {
267
+ action: 'resmushit_restore_backup_files',
268
+ csrf: csrf_token
269
  },
270
  function(response) {
271
  var data = jQuery.parseJSON(response);
readme.txt CHANGED
@@ -2,12 +2,12 @@
2
  Contributors: resmushit
3
  Tags: image, optimizer, image optimization, resmush.it, smush, jpg, png, gif, optimization, compression, Compress, Images, Pictures, Reduce Image Size, Smush, Smush.it
4
  Requires at least: 4.0.0
5
- Tested up to: 6.0.2
6
- Stable tag: 0.4.6
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
10
- The FREE Image Optimizer which will compress your pictures and improve your SEO & performances by using reSmush.it, the 10+ billion images API optimizer.
11
 
12
  == Description ==
13
 
@@ -75,6 +75,9 @@ Yes ! Absolutely free, the only restriction is to send images below 5MB.
75
  == Changelog ==
76
 
77
 
 
 
 
78
  = 0.4.6 =
79
  * Security fixes : protection in a WP's way
80
 
2
  Contributors: resmushit
3
  Tags: image, optimizer, image optimization, resmush.it, smush, jpg, png, gif, optimization, compression, Compress, Images, Pictures, Reduce Image Size, Smush, Smush.it
4
  Requires at least: 4.0.0
5
+ Tested up to: 6.0.3
6
+ Stable tag: 0.4.7
7
  License: GPLv2 or later
8
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
 
10
+ The FREE Image Optimizer which will compress your pictures and improve your SEO & performances by using reSmush.it, the 20+ billion images API optimizer.
11
 
12
  == Description ==
13
 
75
  == Changelog ==
76
 
77
 
78
+ = 0.4.7 =
79
+ * Security fixes : CSRF protection for Ajax Calls
80
+
81
  = 0.4.6 =
82
  * Security fixes : protection in a WP's way
83
 
resmushit.php CHANGED
@@ -10,8 +10,8 @@
10
  * Plugin Name: reSmush.it Image Optimizer
11
  * Plugin URI: https://wordpress.org/plugins/resmushit-image-optimizer/
12
  * Description: Image Optimization API. Provides image size optimization
13
- * Version: 0.4.6
14
- * Timestamp: 2022.09.13
15
  * Author: reSmush.it
16
  * Author URI: https://resmush.it
17
  * Author: Charles Bourgeaux
@@ -22,8 +22,7 @@
22
  */
23
 
24
  require('resmushit.inc.php');
25
-
26
-
27
  /**
28
  *
29
  * Registering language plugin
@@ -193,6 +192,10 @@ if(get_option('resmushit_on_upload'))
193
  * @return json object
194
  */
195
  function resmushit_bulk_get_images() {
 
 
 
 
196
  if(!is_super_admin() && !current_user_can('administrator')) {
197
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
198
  die();
@@ -213,6 +216,10 @@ add_action( 'wp_ajax_resmushit_bulk_get_images', 'resmushit_bulk_get_images' );
213
  * @return json object
214
  */
215
  function resmushit_update_disabled_state() {
 
 
 
 
216
  if(!is_super_admin() && !current_user_can('administrator')) {
217
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
218
  die();
@@ -236,6 +243,10 @@ add_action( 'wp_ajax_resmushit_update_disabled_state', 'resmushit_update_disable
236
  * @return json object
237
  */
238
  function resmushit_optimize_single_attachment() {
 
 
 
 
239
  if(!is_super_admin() && !current_user_can('administrator')) {
240
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
241
  die();
@@ -260,6 +271,10 @@ add_action( 'wp_ajax_resmushit_optimize_single_attachment', 'resmushit_optimize_
260
  * @return boolean
261
  */
262
  function resmushit_bulk_process_image() {
 
 
 
 
263
  if(!is_super_admin() && !current_user_can('administrator')) {
264
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
265
  die();
@@ -282,6 +297,10 @@ add_action( 'wp_ajax_resmushit_bulk_process_image', 'resmushit_bulk_process_imag
282
  * @return json object
283
  */
284
  function resmushit_update_statistics() {
 
 
 
 
285
  if(!is_super_admin() && !current_user_can('administrator')) {
286
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
287
  die();
@@ -452,6 +471,10 @@ add_action('update_option_resmushit_remove_unsmushed', 'resmushit_on_remove_unsm
452
  */
453
  function resmushit_remove_backup_files() {
454
  $return = array('success' => 0);
 
 
 
 
455
  if(!is_super_admin() && !current_user_can('administrator')) {
456
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
457
  die();
@@ -494,6 +517,10 @@ function resmushit_get_image_id($image_url) {
494
  * @return json object
495
  */
496
  function resmushit_restore_backup_files() {
 
 
 
 
497
  if(!is_super_admin() && !current_user_can('administrator')) {
498
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
499
  die();
10
  * Plugin Name: reSmush.it Image Optimizer
11
  * Plugin URI: https://wordpress.org/plugins/resmushit-image-optimizer/
12
  * Description: Image Optimization API. Provides image size optimization
13
+ * Version: 0.4.7
14
+ * Timestamp: 2022.10.25
15
  * Author: reSmush.it
16
  * Author URI: https://resmush.it
17
  * Author: Charles Bourgeaux
22
  */
23
 
24
  require('resmushit.inc.php');
25
+ require_once( ABSPATH . 'wp-includes/pluggable.php' );
 
26
  /**
27
  *
28
  * Registering language plugin
192
  * @return json object
193
  */
194
  function resmushit_bulk_get_images() {
195
+ if ( !isset($_REQUEST['csrf']) || ! wp_verify_nonce( $_REQUEST['csrf'], 'bulk_resize' ) ) {
196
+ wp_send_json(json_encode(array('error' => 'Invalid CSRF token')));
197
+ die();
198
+ }
199
  if(!is_super_admin() && !current_user_can('administrator')) {
200
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
201
  die();
216
  * @return json object
217
  */
218
  function resmushit_update_disabled_state() {
219
+ if ( !isset($_REQUEST['data']['csrf']) || ! wp_verify_nonce( $_REQUEST['data']['csrf'], 'single_attachment' ) ) {
220
+ wp_send_json(json_encode(array('error' => 'Invalid CSRF token')));
221
+ die();
222
+ }
223
  if(!is_super_admin() && !current_user_can('administrator')) {
224
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
225
  die();
243
  * @return json object
244
  */
245
  function resmushit_optimize_single_attachment() {
246
+ if ( !isset($_REQUEST['data']['csrf']) || ! wp_verify_nonce( $_REQUEST['data']['csrf'], 'single_attachment' ) ) {
247
+ wp_send_json(json_encode(array('error' => 'Invalid CSRF token')));
248
+ die();
249
+ }
250
  if(!is_super_admin() && !current_user_can('administrator')) {
251
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
252
  die();
271
  * @return boolean
272
  */
273
  function resmushit_bulk_process_image() {
274
+ if ( !isset($_REQUEST['csrf']) || ! wp_verify_nonce( $_REQUEST['csrf'], 'bulk_process_image' ) ) {
275
+ wp_send_json(json_encode(array('error' => 'Invalid CSRF token')));
276
+ die();
277
+ }
278
  if(!is_super_admin() && !current_user_can('administrator')) {
279
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
280
  die();
297
  * @return json object
298
  */
299
  function resmushit_update_statistics() {
300
+ if ( !isset($_REQUEST['csrf']) || ! wp_verify_nonce( $_REQUEST['csrf'], 'bulk_process_image' ) ) {
301
+ wp_send_json(json_encode(array('error' => 'Invalid CSRF token')));
302
+ die();
303
+ }
304
  if(!is_super_admin() && !current_user_can('administrator')) {
305
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
306
  die();
471
  */
472
  function resmushit_remove_backup_files() {
473
  $return = array('success' => 0);
474
+ if ( !isset($_REQUEST['csrf']) || ! wp_verify_nonce( $_REQUEST['csrf'], 'remove_backup' ) ) {
475
+ wp_send_json(json_encode(array('error' => 'Invalid CSRF token')));
476
+ die();
477
+ }
478
  if(!is_super_admin() && !current_user_can('administrator')) {
479
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
480
  die();
517
  * @return json object
518
  */
519
  function resmushit_restore_backup_files() {
520
+ if ( !isset($_REQUEST['csrf']) || ! wp_verify_nonce( $_REQUEST['csrf'], 'restore_library' ) ) {
521
+ wp_send_json(json_encode(array('error' => 'Invalid CSRF token')));
522
+ die();
523
+ }
524
  if(!is_super_admin() && !current_user_can('administrator')) {
525
  wp_send_json(json_encode(array('error' => 'User must be at least administrator to retrieve these data')));
526
  die();
resmushit.settings.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
 
3
  define('RESMUSHIT_ENDPOINT', 'http://api.resmush.it/');
4
- define('RESMUSHIT_VERSION', '0.4.6');
5
  define('RESMUSHIT_DEFAULT_QLTY', '92');
6
  define('RESMUSHIT_TIMEOUT', '10');
7
  define('RESMUSHIT_LOGS_PATH', 'resmushit.log');
1
  <?php
2
 
3
  define('RESMUSHIT_ENDPOINT', 'http://api.resmush.it/');
4
+ define('RESMUSHIT_VERSION', '0.4.7');
5
  define('RESMUSHIT_DEFAULT_QLTY', '92');
6
  define('RESMUSHIT_TIMEOUT', '10');
7
  define('RESMUSHIT_LOGS_PATH', 'resmushit.log');