Version Description
Security update
- Fixed shortcode generator preview vulnerability. Description.
Download this release
Release Info
| Developer | gn_themes |
| Plugin |  Shortcodes Ultimate |
| Version | 5.0.7 |
| Comparing to | |
| See all releases | |
Code changes from version 5.0.6 to 5.0.7
- inc/core/generator.php +9 -4
- includes/class-shortcodes-ultimate-upgrade.php +29 -0
- readme.txt +6 -0
- shortcodes-ultimate.php +2 -2
inc/core/generator.php
CHANGED
|
@@ -183,8 +183,7 @@ class Su_Generator {
|
|
| 183 |
// Output results
|
| 184 |
do_action( 'su/generator/preview/before' );
|
| 185 |
echo '<h5>' . __( 'Preview', 'shortcodes-ultimate' ) . '</h5>';
|
| 186 |
-
|
| 187 |
-
echo do_shortcode( str_replace( '\"', '"', $_POST['shortcode'] ) );
|
| 188 |
echo '<div style="clear:both"></div>';
|
| 189 |
do_action( 'su/generator/preview/after' );
|
| 190 |
die();
|
|
@@ -195,8 +194,14 @@ class Su_Generator {
|
|
| 195 |
}
|
| 196 |
|
| 197 |
public static function access_check() {
|
| 198 |
-
|
| 199 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 200 |
}
|
| 201 |
|
| 202 |
public static function ajax_get_icons() {
|
| 183 |
// Output results
|
| 184 |
do_action( 'su/generator/preview/before' );
|
| 185 |
echo '<h5>' . __( 'Preview', 'shortcodes-ultimate' ) . '</h5>';
|
| 186 |
+
echo do_shortcode( wp_kses_post( $_POST['shortcode'] ) );
|
|
|
|
| 187 |
echo '<div style="clear:both"></div>';
|
| 188 |
do_action( 'su/generator/preview/after' );
|
| 189 |
die();
|
| 194 |
}
|
| 195 |
|
| 196 |
public static function access_check() {
|
| 197 |
+
|
| 198 |
+
$required_capability = (string) get_option(
|
| 199 |
+
'su_option_generator_access',
|
| 200 |
+
'manage_options'
|
| 201 |
+
);
|
| 202 |
+
|
| 203 |
+
return current_user_can( $required_capability );
|
| 204 |
+
|
| 205 |
}
|
| 206 |
|
| 207 |
public static function ajax_get_icons() {
|
includes/class-shortcodes-ultimate-upgrade.php
CHANGED
|
@@ -76,6 +76,10 @@ final class Shortcodes_Ultimate_Upgrade {
|
|
| 76 |
$this->upgrade_to_5_0_0();
|
| 77 |
}
|
| 78 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 79 |
$this->save_current_version();
|
| 80 |
|
| 81 |
}
|
|
@@ -167,4 +171,29 @@ final class Shortcodes_Ultimate_Upgrade {
|
|
| 167 |
|
| 168 |
}
|
| 169 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 170 |
}
|
| 76 |
$this->upgrade_to_5_0_0();
|
| 77 |
}
|
| 78 |
|
| 79 |
+
if ( $this->is_previous_version_less_than( '5.0.7' ) ) {
|
| 80 |
+
$this->upgrade_to_5_0_7();
|
| 81 |
+
}
|
| 82 |
+
|
| 83 |
$this->save_current_version();
|
| 84 |
|
| 85 |
}
|
| 171 |
|
| 172 |
}
|
| 173 |
|
| 174 |
+
/**
|
| 175 |
+
* Upgrade the plugin to version 5.0.7
|
| 176 |
+
*
|
| 177 |
+
* 1. Rename `su_generator_access` option to `su_option_generator_access`.
|
| 178 |
+
*
|
| 179 |
+
* @since 5.0.0
|
| 180 |
+
* @access private
|
| 181 |
+
*/
|
| 182 |
+
private function upgrade_to_5_0_7() {
|
| 183 |
+
|
| 184 |
+
/**
|
| 185 |
+
* 1. Rename `su_generator_access` option to `su_option_generator_access`.
|
| 186 |
+
*/
|
| 187 |
+
$su_generator_access_value = get_option( 'su_generator_access' );
|
| 188 |
+
|
| 189 |
+
if ( $su_generator_access_value ) {
|
| 190 |
+
|
| 191 |
+
delete_option( 'su_generator_access' );
|
| 192 |
+
|
| 193 |
+
add_option( 'su_option_generator_access', $su_generator_access_value, '', false );
|
| 194 |
+
|
| 195 |
+
}
|
| 196 |
+
|
| 197 |
+
}
|
| 198 |
+
|
| 199 |
}
|
readme.txt
CHANGED
|
@@ -106,6 +106,12 @@ For help with premium add-ons, please [open new support ticket](https://getshort
|
|
| 106 |
|
| 107 |
== Changelog ==
|
| 108 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 109 |
= 5.0.6 =
|
| 110 |
|
| 111 |
**Fixes**
|
| 106 |
|
| 107 |
== Changelog ==
|
| 108 |
|
| 109 |
+
= 5.0.7 =
|
| 110 |
+
|
| 111 |
+
**Security update**
|
| 112 |
+
|
| 113 |
+
- Fixed shortcode generator preview vulnerability. [Description](https://www.pluginvulnerabilities.com/2018/09/25/full-disclosure-of-vulnerability-in-wordpress-plugin-with-700000-active-installations/).
|
| 114 |
+
|
| 115 |
= 5.0.6 =
|
| 116 |
|
| 117 |
**Fixes**
|
shortcodes-ultimate.php
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
/**
|
| 3 |
* Plugin Name: Shortcodes Ultimate
|
| 4 |
* Plugin URI: https://getshortcodes.com/
|
| 5 |
-
* Version: 5.0.
|
| 6 |
* Author: Vladimir Anokhin
|
| 7 |
* Author URI: https://vanokhin.com/
|
| 8 |
* Description: A comprehensive collection of visual components for WordPress
|
|
@@ -15,7 +15,7 @@
|
|
| 15 |
* Define plugin constants.
|
| 16 |
*/
|
| 17 |
define( 'SU_PLUGIN_FILE', __FILE__ );
|
| 18 |
-
define( 'SU_PLUGIN_VERSION', '5.0.
|
| 19 |
|
| 20 |
/**
|
| 21 |
* Load dependencies.
|
| 2 |
/**
|
| 3 |
* Plugin Name: Shortcodes Ultimate
|
| 4 |
* Plugin URI: https://getshortcodes.com/
|
| 5 |
+
* Version: 5.0.7
|
| 6 |
* Author: Vladimir Anokhin
|
| 7 |
* Author URI: https://vanokhin.com/
|
| 8 |
* Description: A comprehensive collection of visual components for WordPress
|
| 15 |
* Define plugin constants.
|
| 16 |
*/
|
| 17 |
define( 'SU_PLUGIN_FILE', __FILE__ );
|
| 18 |
+
define( 'SU_PLUGIN_VERSION', '5.0.7' );
|
| 19 |
|
| 20 |
/**
|
| 21 |
* Load dependencies.
|
