Version Description
- Security fix: non-authenticated user could upload.
Download this release
Release Info
| Developer | andtrev |
| Plugin |  Tuxedo Big File Uploads |
| Version | 1.1 |
| Comparing to | |
| See all releases | |
Code changes from version 1.0.1 to 1.1
- readme.txt +4 -1
- tux_handle_upload.php +7 -0
- tuxedo_big_file_uploads.php +1 -1
readme.txt
CHANGED
|
@@ -3,7 +3,7 @@ Contributors: andtrev
|
|
| 3 |
Tags: AJAX, file uploader, files, files uploader, ftp, image uploader, plugin, upload
|
| 4 |
Requires at least: 3.4
|
| 5 |
Tested up to: 4.4.1
|
| 6 |
-
Stable tag: 1.
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
|
@@ -47,6 +47,9 @@ are uploaded and moved out of the temporary folder.
|
|
| 47 |
|
| 48 |
== Changelog ==
|
| 49 |
|
|
|
|
|
|
|
|
|
|
| 50 |
= 1.0.1 =
|
| 51 |
* Added fallback if the file info extension is missing.
|
| 52 |
|
| 3 |
Tags: AJAX, file uploader, files, files uploader, ftp, image uploader, plugin, upload
|
| 4 |
Requires at least: 3.4
|
| 5 |
Tested up to: 4.4.1
|
| 6 |
+
Stable tag: 1.1
|
| 7 |
License: GPLv2 or later
|
| 8 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 9 |
|
| 47 |
|
| 48 |
== Changelog ==
|
| 49 |
|
| 50 |
+
= 1.1 =
|
| 51 |
+
* Security fix: non-authenticated user could upload.
|
| 52 |
+
|
| 53 |
= 1.0.1 =
|
| 54 |
* Added fallback if the file info extension is missing.
|
| 55 |
|
tux_handle_upload.php
CHANGED
|
@@ -17,6 +17,13 @@ if ( empty( $_FILES ) || $_FILES['async-upload']['error'] ) {
|
|
| 17 |
die();
|
| 18 |
}
|
| 19 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 20 |
if ( ! function_exists( 'mime_content_type' ) ) {
|
| 21 |
/**
|
| 22 |
* Return a file's mime type.
|
| 17 |
die();
|
| 18 |
}
|
| 19 |
|
| 20 |
+
/** Authenticate user. */
|
| 21 |
+
require_once( dirname( dirname( dirname( dirname( __FILE__ ) ) ) ) . '/wp-load.php' );
|
| 22 |
+
|
| 23 |
+
if ( ! is_user_logged_in() || ! current_user_can( 'upload_files' ) ) {
|
| 24 |
+
die();
|
| 25 |
+
}
|
| 26 |
+
|
| 27 |
if ( ! function_exists( 'mime_content_type' ) ) {
|
| 28 |
/**
|
| 29 |
* Return a file's mime type.
|
tuxedo_big_file_uploads.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Tuxedo Big File Uploads
|
| 4 |
* Plugin URI: https://github.com/andtrev/Tuxedo-Big-File-Uploads
|
| 5 |
* Description: Enables large file uploads in the built-in WordPress media uploader.
|
| 6 |
-
* Version: 1.
|
| 7 |
* Author: Trevor Anderson
|
| 8 |
* Author URI: https://github.com/andtrev
|
| 9 |
* License: GPLv2 or later
|
| 3 |
* Plugin Name: Tuxedo Big File Uploads
|
| 4 |
* Plugin URI: https://github.com/andtrev/Tuxedo-Big-File-Uploads
|
| 5 |
* Description: Enables large file uploads in the built-in WordPress media uploader.
|
| 6 |
+
* Version: 1.1
|
| 7 |
* Author: Trevor Anderson
|
| 8 |
* Author URI: https://github.com/andtrev
|
| 9 |
* License: GPLv2 or later
|
