SEO Friendly Images - Version 3.0.5

Version Description

  • Fixed XSS issue (credit to Ryan Satterfield)
Download this release

Release Info

Developer freediver
Plugin Icon 128x128 SEO Friendly Images
Version 3.0.5
Comparing to
See all releases

Code changes from version 3.0.4 to 3.0.5

Files changed (3) hide show
  1. readme.txt +2 -0
  2. seo-friendly-images.class.php +16 -16
  3. seo-friendly-images.php +1 -1
readme.txt CHANGED
@@ -22,6 +22,8 @@ If you like what I do in WordPress, you will also like the [ManageWP](https://ma
22
 
23
  == Changelog ==
24
 
 
 
25
 
26
  = 3.0.4 =
27
  * Fixed default options
22
 
23
  == Changelog ==
24
 
25
+ = 3.0.5 =
26
+ * Fixed XSS issue (credit to Ryan Satterfield)
27
 
28
  = 3.0.4 =
29
  * Fixed default options
seo-friendly-images.class.php CHANGED
@@ -179,10 +179,14 @@ class SEOFriendlyImages {
179
 
180
  function handle_settings() {
181
  if ( isset( $_POST['submitted'] ) ) {
182
-
 
 
 
 
183
  $this->rules[0]['domains'] = array( 'all' );
184
- $this->rules[0]['options']['alt'] = ( ! isset( $_POST['default_alt'] ) ? '' : $_POST['default_alt'] );
185
- $this->rules[0]['options']['title'] = ( ! isset( $_POST['default_title'] ) ? '' : $_POST['default_title'] );
186
  $this->rules[0]['options']['override_alt'] = ( ! isset( $_POST['default_override_alt'] ) ? 'off' : 'on' );
187
  $this->rules[0]['options']['override_title'] = ( ! isset( $_POST['default_override_title'] ) ? 'off' : 'on' );
188
  $this->rules[0]['options']['strip_extension_title'] = ( ! isset( $_POST['default_strip_extension_title'] ) ? 'off' : 'on' );
@@ -213,7 +217,8 @@ class SEOFriendlyImages {
213
  }
214
 
215
  $imgpath = $this->plugin_url . '/i';
216
- $actionurl = $_SERVER['REQUEST_URI'];
 
217
  // Configuration Page
218
  ?>
219
  <div class="wrap">
@@ -235,7 +240,8 @@ class SEOFriendlyImages {
235
  <div id="mainblock" class="submit">
236
  <div class="dbx-content">
237
  <form name="sfiform" action="<?php echo $actionurl; ?>" method="post">
238
- <input type="hidden" name="submitted" value="1" />
 
239
  <p><?php _e( 'SEO Friendly Images automatically adds ALT and Title attributes to all your images in all your posts. Default options are usually good but you can change them below.', 'seo-friendly-images' ); ?></p>
240
  <p><strong>Note: The plugin works by modyfying the image HTML output on the frontend of your site, no changes are made to images in your media library or while editing the post. See <a href="https://wordpress.org/support/topic/it-does-work-you-just-wont-see-it-in-the-backend">more info here</a>.</strong></p>
241
  <p><?php _e( 'Plugin supports several special tags:', 'seo-friendly-images' ); ?></p>
@@ -260,12 +266,12 @@ class SEOFriendlyImages {
260
  <div id="defualt_settings" style="width:710px;" class="settings">
261
  <div id="default_alt_div">
262
  <label class="line" for="default_alt"><?php _e( 'Image <b>ALT</b> attribute:', 'seo-friendly-images' ); ?></label>
263
- <input class="regular-text" type="text" id="default_alt" name="default_alt" value="<?php echo $form[0]['options']['alt']; ?>" />
264
  <span class="description"><?php _e( 'example: %name %title', 'seo-friendly-images' ); ?></span>
265
  </div>
266
  <div id="default_title_div">
267
  <label class="line" for="default_title"><?php _e( 'Image <b>TITLE</b> attribute:', 'seo-friendly-images' ); ?></label>
268
- <input class="regular-text" type="text" id="default_title" name="default_title" value="<?php echo $form[0]['options']['title']; ?>" />
269
  <span class="description"><?php _e( 'example: %name photo', 'seo-friendly-images' ); ?></span>
270
  </div>
271
  <div id="default_override_div">
@@ -490,16 +496,14 @@ class SEOFriendlyImages {
490
  </div>
491
  <?php
492
  }
493
-
494
-
495
-
496
  function handle_about() {
497
  global $wp_version;
498
 
499
  $upd_msg = "";
500
 
501
- $actionurl = $_SERVER['REQUEST_URI'];
502
- $nonce = wp_create_nonce( 'seo-smart-links' );
503
 
504
  $imgpath = $this->plugin_url . '/i';
505
  $lic_msg = '<p>Welcome to ' . $this->name . '.</p><p>Thank you for using my plugin, if you find it useful please <a href="https://wordpress.org/plugins/seo-image/">rate it</a>.</p>';
@@ -524,12 +528,8 @@ class SEOFriendlyImages {
524
  <div class="dbx-content">
525
  <h2><?php _e( 'About', 'seo-friendly-images' ); ?></h2>
526
  <br />
527
- <form name="SEOLinks_about" action="$actionurl" method="post">
528
- <input type="hidden" id="_wpnonce" name="_wpnonce" value="$nonce" />
529
- <input type="hidden" name="submitted" value="1" />
530
  <?php echo $lic_msg; ?>
531
  <?php echo __( 'Version:', 'seo-friendly-images' ) . $this->local_version; ?> <?php echo $upd_msg; ?>
532
- </form>
533
  </div>
534
  </div>
535
  <h5><?php _e( 'Another fine WordPress plugin by', 'seo-friendly-images' ); ?> <a href="http://www.prelovac.com/vladimir/">Vladimir Prelovac</a></h5>
179
 
180
  function handle_settings() {
181
  if ( isset( $_POST['submitted'] ) ) {
182
+ if ( ! wp_verify_nonce( $_POST['_wpnonce'], 'seo-friendly-images' ) ) {
183
+
184
+ die( 'Security check' );
185
+
186
+ }
187
  $this->rules[0]['domains'] = array( 'all' );
188
+ $this->rules[0]['options']['alt'] = strip_tags(( ! isset( $_POST['default_alt'] ) ? '' : $_POST['default_alt'] ));
189
+ $this->rules[0]['options']['title'] = strip_tags(( ! isset( $_POST['default_title'] ) ? '' : $_POST['default_title'] ));
190
  $this->rules[0]['options']['override_alt'] = ( ! isset( $_POST['default_override_alt'] ) ? 'off' : 'on' );
191
  $this->rules[0]['options']['override_title'] = ( ! isset( $_POST['default_override_title'] ) ? 'off' : 'on' );
192
  $this->rules[0]['options']['strip_extension_title'] = ( ! isset( $_POST['default_strip_extension_title'] ) ? 'off' : 'on' );
217
  }
218
 
219
  $imgpath = $this->plugin_url . '/i';
220
+ $actionurl = esc_url($_SERVER['REQUEST_URI']);
221
+ $nonce = wp_create_nonce( 'seo-friendly-images' );
222
  // Configuration Page
223
  ?>
224
  <div class="wrap">
240
  <div id="mainblock" class="submit">
241
  <div class="dbx-content">
242
  <form name="sfiform" action="<?php echo $actionurl; ?>" method="post">
243
+ <input type="hidden" name="submitted" value="1" />
244
+ <input type="hidden" id="_wpnonce" name="_wpnonce" value="<?php echo $nonce ?>" />
245
  <p><?php _e( 'SEO Friendly Images automatically adds ALT and Title attributes to all your images in all your posts. Default options are usually good but you can change them below.', 'seo-friendly-images' ); ?></p>
246
  <p><strong>Note: The plugin works by modyfying the image HTML output on the frontend of your site, no changes are made to images in your media library or while editing the post. See <a href="https://wordpress.org/support/topic/it-does-work-you-just-wont-see-it-in-the-backend">more info here</a>.</strong></p>
247
  <p><?php _e( 'Plugin supports several special tags:', 'seo-friendly-images' ); ?></p>
266
  <div id="defualt_settings" style="width:710px;" class="settings">
267
  <div id="default_alt_div">
268
  <label class="line" for="default_alt"><?php _e( 'Image <b>ALT</b> attribute:', 'seo-friendly-images' ); ?></label>
269
+ <input class="regular-text" type="text" id="default_alt" name="default_alt" value="<?php echo htmlspecialchars($form[0]['options']['alt']); ?>" />
270
  <span class="description"><?php _e( 'example: %name %title', 'seo-friendly-images' ); ?></span>
271
  </div>
272
  <div id="default_title_div">
273
  <label class="line" for="default_title"><?php _e( 'Image <b>TITLE</b> attribute:', 'seo-friendly-images' ); ?></label>
274
+ <input class="regular-text" type="text" id="default_title" name="default_title" value="<?php echo htmlspecialchars($form[0]['options']['title']); ?>" />
275
  <span class="description"><?php _e( 'example: %name photo', 'seo-friendly-images' ); ?></span>
276
  </div>
277
  <div id="default_override_div">
496
  </div>
497
  <?php
498
  }
499
+
 
 
500
  function handle_about() {
501
  global $wp_version;
502
 
503
  $upd_msg = "";
504
 
505
+
506
+
507
 
508
  $imgpath = $this->plugin_url . '/i';
509
  $lic_msg = '<p>Welcome to ' . $this->name . '.</p><p>Thank you for using my plugin, if you find it useful please <a href="https://wordpress.org/plugins/seo-image/">rate it</a>.</p>';
528
  <div class="dbx-content">
529
  <h2><?php _e( 'About', 'seo-friendly-images' ); ?></h2>
530
  <br />
 
 
 
531
  <?php echo $lic_msg; ?>
532
  <?php echo __( 'Version:', 'seo-friendly-images' ) . $this->local_version; ?> <?php echo $upd_msg; ?>
 
533
  </div>
534
  </div>
535
  <h5><?php _e( 'Another fine WordPress plugin by', 'seo-friendly-images' ); ?> <a href="http://www.prelovac.com/vladimir/">Vladimir Prelovac</a></h5>
seo-friendly-images.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: SEO Friendly Images
4
  Plugin URI: http://www.prelovac.com/vladimir/wordpress-plugins/seo-friendly-images
5
  Description: Automatically adds alt and title attributes to all your images. Improves traffic from search results and makes them W3C/xHTML valid as well.
6
- Version: 3.0.4
7
  Author: Vladimir Prelovac
8
  Author URI: http://www.prelovac.com/vladimir
9
 
3
  Plugin Name: SEO Friendly Images
4
  Plugin URI: http://www.prelovac.com/vladimir/wordpress-plugins/seo-friendly-images
5
  Description: Automatically adds alt and title attributes to all your images. Improves traffic from search results and makes them W3C/xHTML valid as well.
6
+ Version: 3.0.5
7
  Author: Vladimir Prelovac
8
  Author URI: http://www.prelovac.com/vladimir
9