ThemeGrill Demo Importer - Version 1.6.3

Version Description

  • 18-02-2020 =
  • Enhancement - Secure reset button with nonce check.
Download this release

Release Info

Developer ThemeGrill
Plugin Icon 128x128 ThemeGrill Demo Importer
Version 1.6.3
Comparing to
See all releases

Code changes from version 1.6.2 to 1.6.3

includes/admin/views/html-notice-reset-wizard.php CHANGED
@@ -7,8 +7,13 @@
7
8
defined( 'ABSPATH' ) || exit;
9
10
?>
11
<div id="message" class="updated themegrill-demo-importer-message">
12
<p><?php _e( '<strong>Reset Wizard</strong> &#8211; If you need to reset the WordPress back to default again :)', 'themegrill-demo-importer' ); ?></p>
13
- <p class="submit"><a href="<?php echo esc_url( add_query_arg( 'do_reset_wordpress', 'true', admin_url( 'themes.php?page=demo-importer' ) ) ); ?>" class="button button-primary themegrill-reset-wordpress"><?php _e( 'Run the Reset Wizard', 'themegrill-demo-importer' ); ?></a> <a class="button-secondary skip" href="<?php echo esc_url( wp_nonce_url( add_query_arg( 'themegrill-demo-importer-hide-notice', 'reset_notice' ), 'themegrill_demo_importer_hide_notice_nonce', '_themegrill_demo_importer_notice_nonce' ) ); ?>"><?php _e( 'Hide this notice', 'themegrill-demo-importer' ); ?></a></p>
14
</div>
7
8
defined( 'ABSPATH' ) || exit;
9
10
+ $reset_url = wp_nonce_url(
11
+ add_query_arg( 'do_reset_wordpress', 'true', admin_url( 'themes.php?page=demo-importer' ) ),
12
+ 'themegrill_demo_importer_reset',
13
+ 'themegrill_demo_importer_reset_nonce'
14
+ );
15
?>
16
<div id="message" class="updated themegrill-demo-importer-message">
17
<p><?php _e( '<strong>Reset Wizard</strong> &#8211; If you need to reset the WordPress back to default again :)', 'themegrill-demo-importer' ); ?></p>
18
+ <p class="submit"><a href="<?php echo esc_url( $reset_url ); ?>" class="button button-primary themegrill-reset-wordpress"><?php _e( 'Run the Reset Wizard', 'themegrill-demo-importer' ); ?></a> <a class="button-secondary skip" href="<?php echo esc_url( wp_nonce_url( add_query_arg( 'themegrill-demo-importer-hide-notice', 'reset_notice', admin_url( 'themes.php?page=demo-importer' ) ), 'themegrill_demo_importer_hide_notice_nonce', '_themegrill_demo_importer_notice_nonce' ) ); ?>"><?php _e( 'Hide this notice', 'themegrill-demo-importer' ); ?></a></p>
19
</div>
includes/class-demo-importer.php CHANGED
@@ -272,7 +272,12 @@ class TG_Demo_Importer {
272
* Add Contextual help tabs.
273
*/
274
public function add_help_tabs() {
275
- $screen = get_current_screen();
276
277
if ( ! $screen || ! in_array( $screen->id, array( 'appearance_page_demo-importer' ) ) ) {
278
return;
@@ -316,7 +321,7 @@ class TG_Demo_Importer {
316
'content' =>
317
'<h2>' . __( 'Reset wizard', 'themegrill-demo-importer' ) . '</h2>' .
318
'<p>' . __( 'If you need to reset the WordPress back to default again, please click on the button below.', 'themegrill-demo-importer' ) . '</p>' .
319
- '<p><a href="' . esc_url( add_query_arg( 'do_reset_wordpress', 'true', admin_url( 'themes.php?page=demo-importer' ) ) ) . '" class="button button-primary themegrill-reset-wordpress">' . __( 'Reset wizard', 'themegrill-demo-importer' ) . '</a></p>',
320
)
321
);
322
@@ -377,11 +382,16 @@ class TG_Demo_Importer {
377
public function reset_wizard_actions() {
378
global $wpdb, $current_user;
379
380
- if ( ! current_user_can( 'manage_options' ) ) {
381
- wp_die( __( 'Cheatin&#8217; huh?', 'themegrill-demo-importer' ) );
382
- }
383
-
384
- if ( ! empty( $_GET['do_reset_wordpress'] ) ) {
385
require_once ABSPATH . '/wp-admin/includes/upgrade.php';
386
387
$template = get_option( 'template' );
@@ -390,7 +400,7 @@ class TG_Demo_Importer {
390
$blog_public = get_option( 'blog_public' );
391
$footer_rated = get_option( 'themegrill_demo_importer_admin_footer_text_rated' );
392
393
- if ( 'admin' != $current_user->user_login ) {
394
$user = get_user_by( 'login', 'admin' );
395
}
396
272
* Add Contextual help tabs.
273
*/
274
public function add_help_tabs() {
275
+ $screen = get_current_screen();
276
+ $reset_url = wp_nonce_url(
277
+ add_query_arg( 'do_reset_wordpress', 'true', admin_url( 'themes.php?page=demo-importer' ) ),
278
+ 'themegrill_demo_importer_reset',
279
+ 'themegrill_demo_importer_reset_nonce'
280
+ );
281
282
if ( ! $screen || ! in_array( $screen->id, array( 'appearance_page_demo-importer' ) ) ) {
283
return;
321
'content' =>
322
'<h2>' . __( 'Reset wizard', 'themegrill-demo-importer' ) . '</h2>' .
323
'<p>' . __( 'If you need to reset the WordPress back to default again, please click on the button below.', 'themegrill-demo-importer' ) . '</p>' .
324
+ '<p><a href="' . esc_url( $reset_url ) . '" class="button button-primary themegrill-reset-wordpress">' . __( 'Reset wizard', 'themegrill-demo-importer' ) . '</a></p>',
325
)
326
);
327
382
public function reset_wizard_actions() {
383
global $wpdb, $current_user;
384
385
+
386
+ if ( isset( $_GET['themegrill_demo_importer_reset_nonce'], $_GET['do_reset_wordpress'] ) ) {
387
+ if ( ! wp_verify_nonce( wp_unslash( $_GET['themegrill_demo_importer_reset_nonce'] ), 'themegrill_demo_importer_reset' ) ) { // WPCS: input var ok, sanitization ok.
388
+ wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'everest-forms' ) );
389
+ }
390
+
391
+ if ( ! current_user_can( 'manage_options' ) ) {
392
+ wp_die( esc_html__( 'You don&#8217;t have permission to do this.', 'themegrill-demo-importer' ) );
393
+ }
394
+
395
require_once ABSPATH . '/wp-admin/includes/upgrade.php';
396
397
$template = get_option( 'template' );
400
$blog_public = get_option( 'blog_public' );
401
$footer_rated = get_option( 'themegrill_demo_importer_admin_footer_text_rated' );
402
403
+ if ( 'admin' !== $current_user->user_login ) {
404
$user = get_user_by( 'login', 'admin' );
405
}
406
includes/class-themegrill-demo-importer.php CHANGED
@@ -20,7 +20,7 @@ final class ThemeGrill_Demo_Importer {
20
*
21
* @var string
22
*/
23
- public $version = '1.6.2';
24
25
/**
26
* Theme single instance of this class.
20
*
21
* @var string
22
*/
23
+ public $version = '1.6.3';
24
25
/**
26
* Theme single instance of this class.
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: ThemeGrill, shivapoudel
3
Tags: themegrill, theme demos, demo, importer, one click import
4
Requires at least: 4.7
5
Tested up to: 5.3
6
- Stable tag: 1.6.2
7
License: GPLv3 or later
8
License URI: https://www.gnu.org/licenses/gpl-3.0.html
9
@@ -72,6 +72,9 @@ Yes you can! Join in on our [GitHub repository](https://github.com/themegrill/th
72
3. Finally, Import the Demo with just one click.
73
74
== Changelog ==
75
= 1.6.2 - 15-02-2020 =
76
* Fix - Unauthenticated user vulnerability. Thanks webarxsecurity team
77
3
Tags: themegrill, theme demos, demo, importer, one click import
4
Requires at least: 4.7
5
Tested up to: 5.3
6
+ Stable tag: 1.6.3
7
License: GPLv3 or later
8
License URI: https://www.gnu.org/licenses/gpl-3.0.html
9
72
3. Finally, Import the Demo with just one click.
73
74
== Changelog ==
75
+ = 1.6.3 - 18-02-2020 =
76
+ * Enhancement - Secure reset button with nonce check.
77
+
78
= 1.6.2 - 15-02-2020 =
79
* Fix - Unauthenticated user vulnerability. Thanks webarxsecurity team
80
themegrill-demo-importer.php CHANGED
@@ -3,7 +3,7 @@
3
* Plugin Name: ThemeGrill Demo Importer
4
* Plugin URI: https://themegrill.com/demo-importer/
5
* Description: Import ThemeGrill official themes demo content, widgets and theme settings with just one click.
6
- * Version: 1.6.2
7
* Author: ThemeGrill
8
* Author URI: https://themegrill.com
9
* License: GPLv3 or later
3
* Plugin Name: ThemeGrill Demo Importer
4
* Plugin URI: https://themegrill.com/demo-importer/
5
* Description: Import ThemeGrill official themes demo content, widgets and theme settings with just one click.
6
+ * Version: 1.6.3
7
* Author: ThemeGrill
8
* Author URI: https://themegrill.com
9
* License: GPLv3 or later