Version Description
- 18-02-2020 =
- Enhancement - Secure reset button with nonce check.
Download this release
Release Info
Developer | ThemeGrill |
Plugin | ThemeGrill Demo Importer |
Version | 1.6.3 |
Comparing to | |
See all releases |
Code changes from version 1.6.2 to 1.6.3
includes/admin/views/html-notice-reset-wizard.php
CHANGED
@@ -7,8 +7,13 @@
|
|
7 |
|
8 |
defined( 'ABSPATH' ) || exit;
|
9 |
|
|
|
|
|
|
|
|
|
|
|
10 |
?>
|
11 |
<div id="message" class="updated themegrill-demo-importer-message">
|
12 |
<p><?php _e( '<strong>Reset Wizard</strong> – If you need to reset the WordPress back to default again :)', 'themegrill-demo-importer' ); ?></p>
|
13 |
-
<p class="submit"><a href="<?php echo esc_url(
|
14 |
</div>
|
7 |
|
8 |
defined( 'ABSPATH' ) || exit;
|
9 |
|
10 |
+
$reset_url = wp_nonce_url(
|
11 |
+
add_query_arg( 'do_reset_wordpress', 'true', admin_url( 'themes.php?page=demo-importer' ) ),
|
12 |
+
'themegrill_demo_importer_reset',
|
13 |
+
'themegrill_demo_importer_reset_nonce'
|
14 |
+
);
|
15 |
?>
|
16 |
<div id="message" class="updated themegrill-demo-importer-message">
|
17 |
<p><?php _e( '<strong>Reset Wizard</strong> – If you need to reset the WordPress back to default again :)', 'themegrill-demo-importer' ); ?></p>
|
18 |
+
<p class="submit"><a href="<?php echo esc_url( $reset_url ); ?>" class="button button-primary themegrill-reset-wordpress"><?php _e( 'Run the Reset Wizard', 'themegrill-demo-importer' ); ?></a> <a class="button-secondary skip" href="<?php echo esc_url( wp_nonce_url( add_query_arg( 'themegrill-demo-importer-hide-notice', 'reset_notice', admin_url( 'themes.php?page=demo-importer' ) ), 'themegrill_demo_importer_hide_notice_nonce', '_themegrill_demo_importer_notice_nonce' ) ); ?>"><?php _e( 'Hide this notice', 'themegrill-demo-importer' ); ?></a></p>
|
19 |
</div>
|
includes/class-demo-importer.php
CHANGED
@@ -272,7 +272,12 @@ class TG_Demo_Importer {
|
|
272 |
* Add Contextual help tabs.
|
273 |
*/
|
274 |
public function add_help_tabs() {
|
275 |
-
$screen
|
|
|
|
|
|
|
|
|
|
|
276 |
|
277 |
if ( ! $screen || ! in_array( $screen->id, array( 'appearance_page_demo-importer' ) ) ) {
|
278 |
return;
|
@@ -316,7 +321,7 @@ class TG_Demo_Importer {
|
|
316 |
'content' =>
|
317 |
'<h2>' . __( 'Reset wizard', 'themegrill-demo-importer' ) . '</h2>' .
|
318 |
'<p>' . __( 'If you need to reset the WordPress back to default again, please click on the button below.', 'themegrill-demo-importer' ) . '</p>' .
|
319 |
-
'<p><a href="' . esc_url(
|
320 |
)
|
321 |
);
|
322 |
|
@@ -377,11 +382,16 @@ class TG_Demo_Importer {
|
|
377 |
public function reset_wizard_actions() {
|
378 |
global $wpdb, $current_user;
|
379 |
|
380 |
-
|
381 |
-
|
382 |
-
|
383 |
-
|
384 |
-
|
|
|
|
|
|
|
|
|
|
|
385 |
require_once ABSPATH . '/wp-admin/includes/upgrade.php';
|
386 |
|
387 |
$template = get_option( 'template' );
|
@@ -390,7 +400,7 @@ class TG_Demo_Importer {
|
|
390 |
$blog_public = get_option( 'blog_public' );
|
391 |
$footer_rated = get_option( 'themegrill_demo_importer_admin_footer_text_rated' );
|
392 |
|
393 |
-
if ( 'admin'
|
394 |
$user = get_user_by( 'login', 'admin' );
|
395 |
}
|
396 |
|
272 |
* Add Contextual help tabs.
|
273 |
*/
|
274 |
public function add_help_tabs() {
|
275 |
+
$screen = get_current_screen();
|
276 |
+
$reset_url = wp_nonce_url(
|
277 |
+
add_query_arg( 'do_reset_wordpress', 'true', admin_url( 'themes.php?page=demo-importer' ) ),
|
278 |
+
'themegrill_demo_importer_reset',
|
279 |
+
'themegrill_demo_importer_reset_nonce'
|
280 |
+
);
|
281 |
|
282 |
if ( ! $screen || ! in_array( $screen->id, array( 'appearance_page_demo-importer' ) ) ) {
|
283 |
return;
|
321 |
'content' =>
|
322 |
'<h2>' . __( 'Reset wizard', 'themegrill-demo-importer' ) . '</h2>' .
|
323 |
'<p>' . __( 'If you need to reset the WordPress back to default again, please click on the button below.', 'themegrill-demo-importer' ) . '</p>' .
|
324 |
+
'<p><a href="' . esc_url( $reset_url ) . '" class="button button-primary themegrill-reset-wordpress">' . __( 'Reset wizard', 'themegrill-demo-importer' ) . '</a></p>',
|
325 |
)
|
326 |
);
|
327 |
|
382 |
public function reset_wizard_actions() {
|
383 |
global $wpdb, $current_user;
|
384 |
|
385 |
+
|
386 |
+
if ( isset( $_GET['themegrill_demo_importer_reset_nonce'], $_GET['do_reset_wordpress'] ) ) {
|
387 |
+
if ( ! wp_verify_nonce( wp_unslash( $_GET['themegrill_demo_importer_reset_nonce'] ), 'themegrill_demo_importer_reset' ) ) { // WPCS: input var ok, sanitization ok.
|
388 |
+
wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'everest-forms' ) );
|
389 |
+
}
|
390 |
+
|
391 |
+
if ( ! current_user_can( 'manage_options' ) ) {
|
392 |
+
wp_die( esc_html__( 'You don’t have permission to do this.', 'themegrill-demo-importer' ) );
|
393 |
+
}
|
394 |
+
|
395 |
require_once ABSPATH . '/wp-admin/includes/upgrade.php';
|
396 |
|
397 |
$template = get_option( 'template' );
|
400 |
$blog_public = get_option( 'blog_public' );
|
401 |
$footer_rated = get_option( 'themegrill_demo_importer_admin_footer_text_rated' );
|
402 |
|
403 |
+
if ( 'admin' !== $current_user->user_login ) {
|
404 |
$user = get_user_by( 'login', 'admin' );
|
405 |
}
|
406 |
|
includes/class-themegrill-demo-importer.php
CHANGED
@@ -20,7 +20,7 @@ final class ThemeGrill_Demo_Importer {
|
|
20 |
*
|
21 |
* @var string
|
22 |
*/
|
23 |
-
public $version = '1.6.
|
24 |
|
25 |
/**
|
26 |
* Theme single instance of this class.
|
20 |
*
|
21 |
* @var string
|
22 |
*/
|
23 |
+
public $version = '1.6.3';
|
24 |
|
25 |
/**
|
26 |
* Theme single instance of this class.
|
readme.txt
CHANGED
@@ -3,7 +3,7 @@ Contributors: ThemeGrill, shivapoudel
|
|
3 |
Tags: themegrill, theme demos, demo, importer, one click import
|
4 |
Requires at least: 4.7
|
5 |
Tested up to: 5.3
|
6 |
-
Stable tag: 1.6.
|
7 |
License: GPLv3 or later
|
8 |
License URI: https://www.gnu.org/licenses/gpl-3.0.html
|
9 |
|
@@ -72,6 +72,9 @@ Yes you can! Join in on our [GitHub repository](https://github.com/themegrill/th
|
|
72 |
3. Finally, Import the Demo with just one click.
|
73 |
|
74 |
== Changelog ==
|
|
|
|
|
|
|
75 |
= 1.6.2 - 15-02-2020 =
|
76 |
* Fix - Unauthenticated user vulnerability. Thanks webarxsecurity team
|
77 |
|
3 |
Tags: themegrill, theme demos, demo, importer, one click import
|
4 |
Requires at least: 4.7
|
5 |
Tested up to: 5.3
|
6 |
+
Stable tag: 1.6.3
|
7 |
License: GPLv3 or later
|
8 |
License URI: https://www.gnu.org/licenses/gpl-3.0.html
|
9 |
|
72 |
3. Finally, Import the Demo with just one click.
|
73 |
|
74 |
== Changelog ==
|
75 |
+
= 1.6.3 - 18-02-2020 =
|
76 |
+
* Enhancement - Secure reset button with nonce check.
|
77 |
+
|
78 |
= 1.6.2 - 15-02-2020 =
|
79 |
* Fix - Unauthenticated user vulnerability. Thanks webarxsecurity team
|
80 |
|
themegrill-demo-importer.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: ThemeGrill Demo Importer
|
4 |
* Plugin URI: https://themegrill.com/demo-importer/
|
5 |
* Description: Import ThemeGrill official themes demo content, widgets and theme settings with just one click.
|
6 |
-
* Version: 1.6.
|
7 |
* Author: ThemeGrill
|
8 |
* Author URI: https://themegrill.com
|
9 |
* License: GPLv3 or later
|
3 |
* Plugin Name: ThemeGrill Demo Importer
|
4 |
* Plugin URI: https://themegrill.com/demo-importer/
|
5 |
* Description: Import ThemeGrill official themes demo content, widgets and theme settings with just one click.
|
6 |
+
* Version: 1.6.3
|
7 |
* Author: ThemeGrill
|
8 |
* Author URI: https://themegrill.com
|
9 |
* License: GPLv3 or later
|