Version Description
- Added the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
Download this release
Release Info
Developer | kimipooh |
Plugin | WP Add Mime Types |
Version | 2.5.1 |
Comparing to | |
See all releases |
Code changes from version 2.5.0 to 2.5.1
- includes/admin.php +12 -8
- includes/network-admin.php +12 -8
- readme.txt +5 -1
- wp-add-mime-types.php +2 -2
includes/admin.php
CHANGED
@@ -27,14 +27,16 @@ function admin_settings_page(){
|
|
27 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
28 |
if(!isset($settings['mime_type_values'])) $settings['mime_type_values'] = '';
|
29 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
30 |
-
if(isset($_POST['mime_type_values'])){
|
31 |
-
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
|
|
|
|
38 |
}
|
39 |
}else
|
40 |
$mime_type_values = unserialize($settings['mime_type_values']);
|
@@ -64,6 +66,8 @@ function admin_settings_page(){
|
|
64 |
<h2><?php _e('WP Add Mime Types Admin Settings', 'wp-add-mime-types'); ?></h2>
|
65 |
|
66 |
<form method="post" action="">
|
|
|
|
|
67 |
<fieldset style="border:1px solid #777777; width: 750px; padding-left: 6px; ">
|
68 |
<legend><h3><?php _e('List of allowed mime types and file extensions by WordPress','wp-add-mime-types'); ?></h3></legend>
|
69 |
<div style="overflow:scroll; height: 500px;">
|
27 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
28 |
if(!isset($settings['mime_type_values'])) $settings['mime_type_values'] = '';
|
29 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
30 |
+
if(isset($_POST['mime_type_values']) && (isset($_POST["wamt-form"]) && $_POST["wamt-form"])){
|
31 |
+
if(check_admin_referer("wamt-nonce-key", "wamt-form")){
|
32 |
+
$p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
|
33 |
+
$mime_type_values = explode("\n", $p_set);
|
34 |
+
if(!empty($mime_type_values)){
|
35 |
+
foreach($mime_type_values as $m_type=>$m_value)
|
36 |
+
// " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
|
37 |
+
$mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
|
38 |
+
$settings['mime_type_values'] = serialize($mime_type_values);
|
39 |
+
}
|
40 |
}
|
41 |
}else
|
42 |
$mime_type_values = unserialize($settings['mime_type_values']);
|
66 |
<h2><?php _e('WP Add Mime Types Admin Settings', 'wp-add-mime-types'); ?></h2>
|
67 |
|
68 |
<form method="post" action="">
|
69 |
+
<?php // for CSRF (Cross-Site Request Forgery): https://propansystem.net/blog/2018/02/20/post-6279/
|
70 |
+
wp_nonce_field("wamt-nonce-key", "wamt-form"); ?>
|
71 |
<fieldset style="border:1px solid #777777; width: 750px; padding-left: 6px; ">
|
72 |
<legend><h3><?php _e('List of allowed mime types and file extensions by WordPress','wp-add-mime-types'); ?></h3></legend>
|
73 |
<div style="overflow:scroll; height: 500px;">
|
includes/network-admin.php
CHANGED
@@ -28,14 +28,16 @@ function network_admin_settings_page(){
|
|
28 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
29 |
if(!isset($settings['mime_type_values'])) $settings['mime_type_values'] = '';
|
30 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
31 |
-
if(isset($_POST['mime_type_values'])){
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
|
|
|
|
39 |
}
|
40 |
}else
|
41 |
$mime_type_values = unserialize($settings['mime_type_values']);
|
@@ -63,6 +65,8 @@ function network_admin_settings_page(){
|
|
63 |
<h2><?php _e('WP Add Mime Types Admin Settings for Network Administrator', 'wp-add-mime-types'); ?></h2>
|
64 |
|
65 |
<form method="post" action="">
|
|
|
|
|
66 |
<fieldset style="border:1px solid #777777; width: 750px; padding-left: 6px;">
|
67 |
<legend><h3><?php _e('List of allowed mime types and file extensions by WordPress','wp-add-mime-types'); ?></h3></legend>
|
68 |
<div style="overflow:scroll; height: 500px;">
|
28 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
29 |
if(!isset($settings['mime_type_values'])) $settings['mime_type_values'] = '';
|
30 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
31 |
+
if(isset($_POST['mime_type_values']) && (isset($_POST["wamt-network-form"]) && $_POST["wamt-network-form"])){
|
32 |
+
if(heck_admin_referer("wamt-network-nonce-key", "wamt-network-form")){
|
33 |
+
$p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
|
34 |
+
$mime_type_values = explode("\n", $p_set);
|
35 |
+
if(!empty($mime_type_values)){
|
36 |
+
foreach($mime_type_values as $m_type=>$m_value)
|
37 |
+
// " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
|
38 |
+
$mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
|
39 |
+
$settings['mime_type_values'] = serialize($mime_type_values);
|
40 |
+
}
|
41 |
}
|
42 |
}else
|
43 |
$mime_type_values = unserialize($settings['mime_type_values']);
|
65 |
<h2><?php _e('WP Add Mime Types Admin Settings for Network Administrator', 'wp-add-mime-types'); ?></h2>
|
66 |
|
67 |
<form method="post" action="">
|
68 |
+
<?php // for CSRF (Cross-Site Request Forgery): https://propansystem.net/blog/2018/02/20/post-6279/
|
69 |
+
wp_nonce_field("wamt-network-nonce-key", "wamt-network-form"); ?>
|
70 |
<fieldset style="border:1px solid #777777; width: 750px; padding-left: 6px;">
|
71 |
<legend><h3><?php _e('List of allowed mime types and file extensions by WordPress','wp-add-mime-types'); ?></h3></legend>
|
72 |
<div style="overflow:scroll; height: 500px;">
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: mime,file extention
|
|
4 |
Requires at least: 4.0
|
5 |
Requires PHP: 5.6
|
6 |
Tested up to: 5.3.2
|
7 |
-
Stable tag: 2.5.
|
8 |
License: GPL v2
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -78,6 +78,10 @@ Yes, each setting values are saved as the other setting items.
|
|
78 |
|
79 |
|
80 |
== Changelog ==
|
|
|
|
|
|
|
|
|
81 |
= 2.5.0 =
|
82 |
* Added the security option item in the admin menu for enabling the security check for a file content and for sanitizing the multiple file extensions within the filename by WordPress core.
|
83 |
* Supported the new language setting regarding load_plugin_textdomain function.
|
4 |
Requires at least: 4.0
|
5 |
Requires PHP: 5.6
|
6 |
Tested up to: 5.3.2
|
7 |
+
Stable tag: 2.5.1
|
8 |
License: GPL v2
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
78 |
|
79 |
|
80 |
== Changelog ==
|
81 |
+
|
82 |
+
= 2.5.1 =
|
83 |
+
* Added the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
|
84 |
+
|
85 |
= 2.5.0 =
|
86 |
* Added the security option item in the admin menu for enabling the security check for a file content and for sanitizing the multiple file extensions within the filename by WordPress core.
|
87 |
* Supported the new language setting regarding load_plugin_textdomain function.
|
wp-add-mime-types.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: WP Add Mime Types
|
4 |
Plugin URI:
|
5 |
Description: The plugin additionally allows the mime types and file extensions to WordPress.
|
6 |
-
Version: 2.5.
|
7 |
Author: Kimiya Kitani
|
8 |
Author URI: http://kitaney-wordpress.blogspot.jp/
|
9 |
Text Domain: wp-add-mime-types
|
@@ -19,7 +19,7 @@ add_action('plugins_loaded', 'enable_language_translation');
|
|
19 |
$plugin_basename = plugin_basename ( __FILE__ );
|
20 |
|
21 |
$default_var = array(
|
22 |
-
'wp_add_mime_types' => '2.5.
|
23 |
);
|
24 |
|
25 |
// Add Setting to WordPress 'Settings' menu for Multisite.
|
3 |
Plugin Name: WP Add Mime Types
|
4 |
Plugin URI:
|
5 |
Description: The plugin additionally allows the mime types and file extensions to WordPress.
|
6 |
+
Version: 2.5.1
|
7 |
Author: Kimiya Kitani
|
8 |
Author URI: http://kitaney-wordpress.blogspot.jp/
|
9 |
Text Domain: wp-add-mime-types
|
19 |
$plugin_basename = plugin_basename ( __FILE__ );
|
20 |
|
21 |
$default_var = array(
|
22 |
+
'wp_add_mime_types' => '2.5.1',
|
23 |
);
|
24 |
|
25 |
// Add Setting to WordPress 'Settings' menu for Multisite.
|