Shortcodes Ultimate - Version 5.0.7

Version Description

Security update

  • Fixed shortcode generator preview vulnerability. Description.
Download this release

Release Info

Developer gn_themes
Plugin Icon 128x128 Shortcodes Ultimate
Version 5.0.7
Comparing to
See all releases

Code changes from version 5.0.6 to 5.0.7

inc/core/generator.php CHANGED
@@ -183,8 +183,7 @@ class Su_Generator {
183
// Output results
184
do_action( 'su/generator/preview/before' );
185
echo '<h5>' . __( 'Preview', 'shortcodes-ultimate' ) . '</h5>';
186
- // echo '<hr />' . stripslashes( $_POST['shortcode'] ) . '<hr />'; // Uncomment for debug
187
- echo do_shortcode( str_replace( '\"', '"', $_POST['shortcode'] ) );
188
echo '<div style="clear:both"></div>';
189
do_action( 'su/generator/preview/after' );
190
die();
@@ -195,8 +194,14 @@ class Su_Generator {
195
}
196
197
public static function access_check() {
198
- $by_role = ( get_option( 'su_generator_access' ) ) ? current_user_can( get_option( 'su_generator_access' ) ) : true;
199
- return current_user_can( 'edit_posts' ) && $by_role;
200
}
201
202
public static function ajax_get_icons() {
183
// Output results
184
do_action( 'su/generator/preview/before' );
185
echo '<h5>' . __( 'Preview', 'shortcodes-ultimate' ) . '</h5>';
186
+ echo do_shortcode( wp_kses_post( $_POST['shortcode'] ) );
187
echo '<div style="clear:both"></div>';
188
do_action( 'su/generator/preview/after' );
189
die();
194
}
195
196
public static function access_check() {
197
+
198
+ $required_capability = (string) get_option(
199
+ 'su_option_generator_access',
200
+ 'manage_options'
201
+ );
202
+
203
+ return current_user_can( $required_capability );
204
+
205
}
206
207
public static function ajax_get_icons() {
includes/class-shortcodes-ultimate-upgrade.php CHANGED
@@ -76,6 +76,10 @@ final class Shortcodes_Ultimate_Upgrade {
76
$this->upgrade_to_5_0_0();
77
}
78
79
$this->save_current_version();
80
81
}
@@ -167,4 +171,29 @@ final class Shortcodes_Ultimate_Upgrade {
167
168
}
169
170
}
76
$this->upgrade_to_5_0_0();
77
}
78
79
+ if ( $this->is_previous_version_less_than( '5.0.7' ) ) {
80
+ $this->upgrade_to_5_0_7();
81
+ }
82
+
83
$this->save_current_version();
84
85
}
171
172
}
173
174
+ /**
175
+ * Upgrade the plugin to version 5.0.7
176
+ *
177
+ * 1. Rename `su_generator_access` option to `su_option_generator_access`.
178
+ *
179
+ * @since 5.0.0
180
+ * @access private
181
+ */
182
+ private function upgrade_to_5_0_7() {
183
+
184
+ /**
185
+ * 1. Rename `su_generator_access` option to `su_option_generator_access`.
186
+ */
187
+ $su_generator_access_value = get_option( 'su_generator_access' );
188
+
189
+ if ( $su_generator_access_value ) {
190
+
191
+ delete_option( 'su_generator_access' );
192
+
193
+ add_option( 'su_option_generator_access', $su_generator_access_value, '', false );
194
+
195
+ }
196
+
197
+ }
198
+
199
}
readme.txt CHANGED
@@ -106,6 +106,12 @@ For help with premium add-ons, please [open new support ticket](https://getshort
106
107
== Changelog ==
108
109
= 5.0.6 =
110
111
**Fixes**
106
107
== Changelog ==
108
109
+ = 5.0.7 =
110
+
111
+ **Security update**
112
+
113
+ - Fixed shortcode generator preview vulnerability. [Description](https://www.pluginvulnerabilities.com/2018/09/25/full-disclosure-of-vulnerability-in-wordpress-plugin-with-700000-active-installations/).
114
+
115
= 5.0.6 =
116
117
**Fixes**
shortcodes-ultimate.php CHANGED
@@ -2,7 +2,7 @@
2
/**
3
* Plugin Name: Shortcodes Ultimate
4
* Plugin URI: https://getshortcodes.com/
5
- * Version: 5.0.6
6
* Author: Vladimir Anokhin
7
* Author URI: https://vanokhin.com/
8
* Description: A comprehensive collection of visual components for WordPress
@@ -15,7 +15,7 @@
15
* Define plugin constants.
16
*/
17
define( 'SU_PLUGIN_FILE', __FILE__ );
18
- define( 'SU_PLUGIN_VERSION', '5.0.6' );
19
20
/**
21
* Load dependencies.
2
/**
3
* Plugin Name: Shortcodes Ultimate
4
* Plugin URI: https://getshortcodes.com/
5
+ * Version: 5.0.7
6
* Author: Vladimir Anokhin
7
* Author URI: https://vanokhin.com/
8
* Description: A comprehensive collection of visual components for WordPress
15
* Define plugin constants.
16
*/
17
define( 'SU_PLUGIN_FILE', __FILE__ );
18
+ define( 'SU_PLUGIN_VERSION', '5.0.7' );
19
20
/**
21
* Load dependencies.