Version Description
- Fix: Improved security related to nonce in Settings (Thanks to WPScan team)
=
Download this release
Release Info
| Developer | storeapps |
| Plugin |  Temporary Login Without Password |
| Version | 1.7.0 |
| Comparing to | |
| See all releases | |
Code changes from version 1.6.15 to 1.7.0
admin/class-wp-temporary-login-without-password-admin.php
CHANGED
|
@@ -268,7 +268,7 @@ class Wp_Temporary_Login_Without_Password_Admin {
|
|
| 268 |
*/
|
| 269 |
public function update_tlwp_settings() {
|
| 270 |
|
| 271 |
-
if ( empty( $_POST['tlwp_settings_data'] ) || empty( $_POST['wtlwp-nonce'] ) ) {
|
| 272 |
return;
|
| 273 |
}
|
| 274 |
|
| 268 |
*/
|
| 269 |
public function update_tlwp_settings() {
|
| 270 |
|
| 271 |
+
if ( empty( $_POST['tlwp_settings_data'] ) || empty( $_POST['wtlwp-settings-nonce'] ) || ! wp_verify_nonce( $_POST['wtlwp-settings-nonce'], 'wtlwp_login_settings' ) ) {
|
| 272 |
return;
|
| 273 |
}
|
| 274 |
|
readme.txt
CHANGED
|
@@ -4,8 +4,8 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
|
|
| 4 |
Tags: temporary access, developer access, passwordless login, magic pin, secure login
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Requires PHP: 5.3
|
| 7 |
-
Tested up to: 5.8
|
| 8 |
-
Stable tag: 1.
|
| 9 |
License: GPLv3
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 11 |
|
|
@@ -171,12 +171,16 @@ Yes. There is no limit to create temporary logins. You can create as many tempor
|
|
| 171 |
|
| 172 |
== Upgrade Notice ==
|
| 173 |
|
| 174 |
-
= 1.
|
| 175 |
|
| 176 |
-
*
|
| 177 |
|
| 178 |
== Changelog ==
|
| 179 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 180 |
**1.6.15 [2021-09-03]**
|
| 181 |
|
| 182 |
* Update: Improved security - better protection against brute force attacks and loopholes in other plugins (thanks to Zack Katz for suggestions)
|
| 4 |
Tags: temporary access, developer access, passwordless login, magic pin, secure login
|
| 5 |
Requires at least: 3.0.1
|
| 6 |
Requires PHP: 5.3
|
| 7 |
+
Tested up to: 5.8.1
|
| 8 |
+
Stable tag: 1.7.0
|
| 9 |
License: GPLv3
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 11 |
|
| 171 |
|
| 172 |
== Upgrade Notice ==
|
| 173 |
|
| 174 |
+
= 1.7.0 =
|
| 175 |
|
| 176 |
+
* Fix: Improved security related to nonce in Settings (Thanks to WPScan team)
|
| 177 |
|
| 178 |
== Changelog ==
|
| 179 |
|
| 180 |
+
**1.7.0 [2021-10-21]**
|
| 181 |
+
|
| 182 |
+
* Fix: Improved security related to nonce in Settings (Thanks to WPScan team)
|
| 183 |
+
|
| 184 |
**1.6.15 [2021-09-03]**
|
| 185 |
|
| 186 |
* Update: Improved security - better protection against brute force attacks and loopholes in other plugins (thanks to Zack Katz for suggestions)
|
templates/temporary-logins-settings.php
CHANGED
|
@@ -108,7 +108,7 @@
|
|
| 108 |
<input type="submit" class="wtlwp-form-submit-button bg-indigo-600 p-2 rounded text-white cursor-pointer hover:bg-indigo-600" value="<?php esc_html_e( 'Submit', 'temporary-login-without-password' ); ?>" id="generatetemporarylogin" name="generate_temporary_login">
|
| 109 |
</p>
|
| 110 |
|
| 111 |
-
<?php wp_nonce_field( '
|
| 112 |
|
| 113 |
</form>
|
| 114 |
</div>
|
| 108 |
<input type="submit" class="wtlwp-form-submit-button bg-indigo-600 p-2 rounded text-white cursor-pointer hover:bg-indigo-600" value="<?php esc_html_e( 'Submit', 'temporary-login-without-password' ); ?>" id="generatetemporarylogin" name="generate_temporary_login">
|
| 109 |
</p>
|
| 110 |
|
| 111 |
+
<?php wp_nonce_field( 'wtlwp_login_settings', 'wtlwp-settings-nonce', true, true ); ?>
|
| 112 |
|
| 113 |
</form>
|
| 114 |
</div>
|
temporary-login-without-password.php
CHANGED
|
@@ -3,16 +3,16 @@
|
|
| 3 |
* Plugin Name: Temporary Login Without Password
|
| 4 |
* Plugin URI: http://www.storeapps.org/create-secure-login-without-password-for-wordpress/
|
| 5 |
* Description: Create a temporary login link with any role using which one can access to your sytem without username and password for limited period of time.
|
| 6 |
-
* Version: 1.
|
| 7 |
* Author: StoreApps
|
| 8 |
-
* Author URI: https://storeapps.org
|
| 9 |
* Requires at least: 3.0.1
|
| 10 |
-
* Tested up to: 5.8
|
| 11 |
* License: GPLv3
|
| 12 |
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 13 |
* Text Domain: temporary-login-without-password
|
| 14 |
* Domain Path: /languages/
|
| 15 |
-
* Copyright (c) 2016-
|
| 16 |
*
|
| 17 |
* @package Temporary Login Without Password
|
| 18 |
*/
|
|
@@ -25,7 +25,7 @@ if ( ! defined( 'WPINC' ) ) {
|
|
| 25 |
/**
|
| 26 |
* Define constants
|
| 27 |
*/
|
| 28 |
-
define( 'WTLWP_PLUGIN_VERSION', '1.
|
| 29 |
define( 'WTLWP_FEEDBACK_VERSION', '1.2.4' );
|
| 30 |
define( 'WTLWP_PLUGIN_DIR', dirname( __FILE__ ) );
|
| 31 |
define( 'WTLWP_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );
|
| 3 |
* Plugin Name: Temporary Login Without Password
|
| 4 |
* Plugin URI: http://www.storeapps.org/create-secure-login-without-password-for-wordpress/
|
| 5 |
* Description: Create a temporary login link with any role using which one can access to your sytem without username and password for limited period of time.
|
| 6 |
+
* Version: 1.7.0
|
| 7 |
* Author: StoreApps
|
| 8 |
+
* Author URI: https://www.storeapps.org
|
| 9 |
* Requires at least: 3.0.1
|
| 10 |
+
* Tested up to: 5.8.1
|
| 11 |
* License: GPLv3
|
| 12 |
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
| 13 |
* Text Domain: temporary-login-without-password
|
| 14 |
* Domain Path: /languages/
|
| 15 |
+
* Copyright (c) 2016-2021 StoreApps, All right reserved
|
| 16 |
*
|
| 17 |
* @package Temporary Login Without Password
|
| 18 |
*/
|
| 25 |
/**
|
| 26 |
* Define constants
|
| 27 |
*/
|
| 28 |
+
define( 'WTLWP_PLUGIN_VERSION', '1.7.0' );
|
| 29 |
define( 'WTLWP_FEEDBACK_VERSION', '1.2.4' );
|
| 30 |
define( 'WTLWP_PLUGIN_DIR', dirname( __FILE__ ) );
|
| 31 |
define( 'WTLWP_PLUGIN_BASE_NAME', plugin_basename( __FILE__ ) );
|
