Version Description
- Fix: Improved security related to nonce in Settings (Thanks to WPScan team)
=
Download this release
Release Info
Developer | storeapps |
Plugin | Temporary Login Without Password |
Version | 1.7.0 |
Comparing to | |
See all releases |
Code changes from version 1.6.15 to 1.7.0
admin/class-wp-temporary-login-without-password-admin.php
CHANGED
@@ -268,7 +268,7 @@ class Wp_Temporary_Login_Without_Password_Admin {
|
|
268 |
*/
|
269 |
public function update_tlwp_settings() {
|
270 |
|
271 |
-
if ( empty( $_POST['tlwp_settings_data'] ) || empty( $_POST['wtlwp-nonce'] ) ) {
|
272 |
return;
|
273 |
}
|
274 |
|
268 |
*/
|
269 |
public function update_tlwp_settings() {
|
270 |
|
271 |
+
if ( empty( $_POST['tlwp_settings_data'] ) || empty( $_POST['wtlwp-settings-nonce'] ) || ! wp_verify_nonce( $_POST['wtlwp-settings-nonce'], 'wtlwp_login_settings' ) ) {
|
272 |
return;
|
273 |
}
|
274 |
|
readme.txt
CHANGED
@@ -4,8 +4,8 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
|
|
4 |
Tags: temporary access, developer access, passwordless login, magic pin, secure login
|
5 |
Requires at least: 3.0.1
|
6 |
Requires PHP: 5.3
|
7 |
-
Tested up to: 5.8
|
8 |
-
Stable tag: 1.
|
9 |
License: GPLv3
|
10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
11 |
|
@@ -171,12 +171,16 @@ Yes. There is no limit to create temporary logins. You can create as many tempor
|
|
171 |
|
172 |
== Upgrade Notice ==
|
173 |
|
174 |
-
= 1.
|
175 |
|
176 |
-
*
|
177 |
|
178 |
== Changelog ==
|
179 |
|
|
|
|
|
|
|
|
|
180 |
**1.6.15 [2021-09-03]**
|
181 |
|
182 |
* Update: Improved security - better protection against brute force attacks and loopholes in other plugins (thanks to Zack Katz for suggestions)
|
4 |
Tags: temporary access, developer access, passwordless login, magic pin, secure login
|
5 |
Requires at least: 3.0.1
|
6 |
Requires PHP: 5.3
|
7 |
+
Tested up to: 5.8.1
|
8 |
+
Stable tag: 1.7.0
|
9 |
License: GPLv3
|
10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
11 |
|
171 |
|
172 |
== Upgrade Notice ==
|
173 |
|
174 |
+
= 1.7.0 =
|
175 |
|
176 |
+
* Fix: Improved security related to nonce in Settings (Thanks to WPScan team)
|
177 |
|
178 |
== Changelog ==
|
179 |
|
180 |
+
**1.7.0 [2021-10-21]**
|
181 |
+
|
182 |
+
* Fix: Improved security related to nonce in Settings (Thanks to WPScan team)
|
183 |
+
|
184 |
**1.6.15 [2021-09-03]**
|
185 |
|
186 |
* Update: Improved security - better protection against brute force attacks and loopholes in other plugins (thanks to Zack Katz for suggestions)
|
templates/temporary-logins-settings.php
CHANGED
@@ -108,7 +108,7 @@
|
|
108 |
<input type="submit" class="wtlwp-form-submit-button bg-indigo-600 p-2 rounded text-white cursor-pointer hover:bg-indigo-600" value="<?php esc_html_e( 'Submit', 'temporary-login-without-password' ); ?>" id="generatetemporarylogin" name="generate_temporary_login">
|
109 |
</p>
|
110 |
|
111 |
-
<?php wp_nonce_field( '
|
112 |
|
113 |
</form>
|
114 |
</div>
|
108 |
<input type="submit" class="wtlwp-form-submit-button bg-indigo-600 p-2 rounded text-white cursor-pointer hover:bg-indigo-600" value="<?php esc_html_e( 'Submit', 'temporary-login-without-password' ); ?>" id="generatetemporarylogin" name="generate_temporary_login">
|
109 |
</p>
|
110 |
|
111 |
+
<?php wp_nonce_field( 'wtlwp_login_settings', 'wtlwp-settings-nonce', true, true ); ?>
|
112 |
|
113 |
</form>
|
114 |
</div>
|
temporary-login-without-password.php
CHANGED
@@ -3,16 +3,16 @@
|
|
3 |
* Plugin Name: Temporary Login Without Password
|
4 |
* Plugin URI: http://www.storeapps.org/create-secure-login-without-password-for-wordpress/
|
5 |
* Description: Create a temporary login link with any role using which one can access to your sytem without username and password for limited period of time.
|
6 |
-
* Version: 1.
|
7 |
* Author: StoreApps
|
8 |
-
* Author URI: https://storeapps.org
|
9 |
* Requires at least: 3.0.1
|
10 |
-
* Tested up to: 5.8
|
11 |
* License: GPLv3
|
12 |
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
13 |
* Text Domain: temporary-login-without-password
|
14 |
* Domain Path: /languages/
|
15 |
-
* Copyright (c) 2016-
|
16 |
*
|
17 |
* @package Temporary Login Without Password
|
18 |
*/
|
@@ -25,7 +25,7 @@ if ( ! defined( 'WPINC' ) ) {
|
|
25 |
/**
|
26 |
* Define constants
|
27 |
*/
|
28 |
-
define( 'WTLWP_PLUGIN_VERSION', '1.
|
29 |
define( 'WTLWP_FEEDBACK_VERSION', '1.2.4' );
|
30 |
define( 'WTLWP_PLUGIN_DIR', dirname( __FILE__ ) );
|
31 |
define( 'WTLWP_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );
|
3 |
* Plugin Name: Temporary Login Without Password
|
4 |
* Plugin URI: http://www.storeapps.org/create-secure-login-without-password-for-wordpress/
|
5 |
* Description: Create a temporary login link with any role using which one can access to your sytem without username and password for limited period of time.
|
6 |
+
* Version: 1.7.0
|
7 |
* Author: StoreApps
|
8 |
+
* Author URI: https://www.storeapps.org
|
9 |
* Requires at least: 3.0.1
|
10 |
+
* Tested up to: 5.8.1
|
11 |
* License: GPLv3
|
12 |
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
13 |
* Text Domain: temporary-login-without-password
|
14 |
* Domain Path: /languages/
|
15 |
+
* Copyright (c) 2016-2021 StoreApps, All right reserved
|
16 |
*
|
17 |
* @package Temporary Login Without Password
|
18 |
*/
|
25 |
/**
|
26 |
* Define constants
|
27 |
*/
|
28 |
+
define( 'WTLWP_PLUGIN_VERSION', '1.7.0' );
|
29 |
define( 'WTLWP_FEEDBACK_VERSION', '1.2.4' );
|
30 |
define( 'WTLWP_PLUGIN_DIR', dirname( __FILE__ ) );
|
31 |
define( 'WTLWP_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );
|