Version Description
- Fix missing nonce and nonce check on admin page. props Steven Stern for reporting the issue to the plugins team. Though this is technically a CSRF, there is no vulnerability arising from it, as the only thing that could be done with the form is to scan a theme.
Download this release
Release Info
| Developer | Otto42 |
| Plugin |  Theme Check |
| Version | 20190801.1 |
| Comparing to | |
| See all releases | |
Code changes from version 20190208.1 to 20190801.1
- main.php +2 -1
- readme.txt +5 -2
- theme-check.php +2 -1
main.php
CHANGED
|
@@ -121,7 +121,7 @@ function tc_strip_comments( $code ) {
|
|
| 121 |
$token = next($tokens);
|
| 122 |
}
|
| 123 |
return $return;
|
| 124 |
-
}
|
| 125 |
|
| 126 |
|
| 127 |
function tc_intro() {
|
|
@@ -170,5 +170,6 @@ function tc_form() {
|
|
| 170 |
echo '<input class="button" type="submit" value="' . __( 'Check it!', 'theme-check' ) . '" />';
|
| 171 |
if ( defined( 'TC_PRE' ) || defined( 'TC_POST' ) ) echo ' <input name="trac" type="checkbox" /> ' . __( 'Output in Trac format.', 'theme-check' );
|
| 172 |
echo '<input name="s_info" type="checkbox" /> ' . __( 'Suppress INFO.', 'theme-check' );
|
|
|
|
| 173 |
echo '</form>';
|
| 174 |
}
|
| 121 |
$token = next($tokens);
|
| 122 |
}
|
| 123 |
return $return;
|
| 124 |
+
}
|
| 125 |
|
| 126 |
|
| 127 |
function tc_intro() {
|
| 170 |
echo '<input class="button" type="submit" value="' . __( 'Check it!', 'theme-check' ) . '" />';
|
| 171 |
if ( defined( 'TC_PRE' ) || defined( 'TC_POST' ) ) echo ' <input name="trac" type="checkbox" /> ' . __( 'Output in Trac format.', 'theme-check' );
|
| 172 |
echo '<input name="s_info" type="checkbox" /> ' . __( 'Suppress INFO.', 'theme-check' );
|
| 173 |
+
wp_nonce_field( 'themecheck-nonce' );
|
| 174 |
echo '</form>';
|
| 175 |
}
|
readme.txt
CHANGED
|
@@ -3,9 +3,9 @@ Contributors: Otto42, pross
|
|
| 3 |
Author URI: http://ottopress.com/
|
| 4 |
Plugin URL: http://ottopress.com/wordpress-plugins/theme-check/
|
| 5 |
Requires at Least: 3.7
|
| 6 |
-
Tested Up To:
|
| 7 |
Tags: template, theme, check, checker, tool, wordpress, wordpress.org, upload, uploader, test, guideline, review
|
| 8 |
-
Stable tag:
|
| 9 |
|
| 10 |
A simple and easy way to test your theme for all the latest WordPress standards and practices. A great theme development tool!
|
| 11 |
|
|
@@ -54,6 +54,9 @@ comments, or feedback:[[br]]
|
|
| 54 |
If **either** of these two vars are defined a new trac tickbox will appear next to the *Check it!* button.
|
| 55 |
|
| 56 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
| 57 |
= 20190208.1 =
|
| 58 |
* Add new styles for the block editor. See https://meta.trac.wordpress.org/ticket/3921
|
| 59 |
|
| 3 |
Author URI: http://ottopress.com/
|
| 4 |
Plugin URL: http://ottopress.com/wordpress-plugins/theme-check/
|
| 5 |
Requires at Least: 3.7
|
| 6 |
+
Tested Up To: 5.2
|
| 7 |
Tags: template, theme, check, checker, tool, wordpress, wordpress.org, upload, uploader, test, guideline, review
|
| 8 |
+
Stable tag: 20190801.1
|
| 9 |
|
| 10 |
A simple and easy way to test your theme for all the latest WordPress standards and practices. A great theme development tool!
|
| 11 |
|
| 54 |
If **either** of these two vars are defined a new trac tickbox will appear next to the *Check it!* button.
|
| 55 |
|
| 56 |
== Changelog ==
|
| 57 |
+
= 20190801.1 =
|
| 58 |
+
* Fix missing nonce and nonce check on admin page. props Steven Stern for reporting the issue to the plugins team. Though this is technically a CSRF, there is no vulnerability arising from it, as the only thing that could be done with the form is to scan a theme.
|
| 59 |
+
|
| 60 |
= 20190208.1 =
|
| 61 |
* Add new styles for the block editor. See https://meta.trac.wordpress.org/ticket/3921
|
| 62 |
|
theme-check.php
CHANGED
|
@@ -5,7 +5,7 @@ Plugin URI: http://ottopress.com/wordpress-plugins/theme-check/
|
|
| 5 |
Description: A simple and easy way to test your theme for all the latest WordPress standards and practices. A great theme development tool!
|
| 6 |
Author: Otto42, pross
|
| 7 |
Author URI: http://ottopress.com
|
| 8 |
-
Version:
|
| 9 |
Text Domain: theme-check
|
| 10 |
License: GPLv2
|
| 11 |
License URI: https://www.gnu.org/licenses/gpl-2.0.html
|
|
@@ -57,6 +57,7 @@ class ThemeCheckMain {
|
|
| 57 |
}
|
| 58 |
|
| 59 |
if ( isset( $_POST[ 'themename' ] ) ) {
|
|
|
|
| 60 |
if ( isset( $_POST[ 'trac' ] ) ) define( 'TC_TRAC', true );
|
| 61 |
if ( defined( 'WP_MAX_MEMORY_LIMIT' ) ) {
|
| 62 |
@ini_set( 'memory_limit', WP_MAX_MEMORY_LIMIT );
|
| 5 |
Description: A simple and easy way to test your theme for all the latest WordPress standards and practices. A great theme development tool!
|
| 6 |
Author: Otto42, pross
|
| 7 |
Author URI: http://ottopress.com
|
| 8 |
+
Version: 20190801.1
|
| 9 |
Text Domain: theme-check
|
| 10 |
License: GPLv2
|
| 11 |
License URI: https://www.gnu.org/licenses/gpl-2.0.html
|
| 57 |
}
|
| 58 |
|
| 59 |
if ( isset( $_POST[ 'themename' ] ) ) {
|
| 60 |
+
check_admin_referer( 'themecheck-nonce' );
|
| 61 |
if ( isset( $_POST[ 'trac' ] ) ) define( 'TC_TRAC', true );
|
| 62 |
if ( defined( 'WP_MAX_MEMORY_LIMIT' ) ) {
|
| 63 |
@ini_set( 'memory_limit', WP_MAX_MEMORY_LIMIT );
|
