WP Add Mime Types - Version 2.5.2

Version Description

  • Improved the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
Download this release

Release Info

Developer kimipooh
Plugin Icon wp plugin WP Add Mime Types
Version 2.5.2
Comparing to
See all releases

Code changes from version 2.5.1 to 2.5.2

Files changed (4) hide show
  1. includes/admin.php +35 -26
  2. includes/network-admin.php +32 -29
  3. readme.txt +4 -1
  4. wp-add-mime-types.php +2 -2
includes/admin.php CHANGED
@@ -9,7 +9,7 @@ function add_to_settings_menu(){
9
  // Processing Setting menu for the plugin.
10
  function admin_settings_page(){
11
  global $plugin_basename;
12
- $mime_type_values = false;
13
  if ( ! function_exists( 'is_plugin_active_for_network' ) )
14
  require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
15
 
@@ -25,39 +25,48 @@ function admin_settings_page(){
25
  // The user who can manage the WordPress option can only access the Setting menu of this plugin.
26
  if(current_user_can($admin_permission)) $permission = true;
27
  // If the adding data is not set, the value "mime_type_values" sets "empty".
28
- if(!isset($settings['mime_type_values'])) $settings['mime_type_values'] = '';
 
 
 
29
  // When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
30
- if(isset($_POST['mime_type_values']) && (isset($_POST["wamt-form"]) && $_POST["wamt-form"])){
31
  if(check_admin_referer("wamt-nonce-key", "wamt-form")){
32
- $p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
33
- $mime_type_values = explode("\n", $p_set);
34
- if(!empty($mime_type_values)){
35
- foreach($mime_type_values as $m_type=>$m_value)
36
- // " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
37
- $mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
38
- $settings['mime_type_values'] = serialize($mime_type_values);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
39
  }
40
  }
41
- }else
42
- $mime_type_values = unserialize($settings['mime_type_values']);
43
-
44
- if(!isset($settings['security_attempt_enable']))
45
- $settings['security_attempt_enable'] = "no";
46
- else{
47
- if(isset($_POST['security_attempt_enable']))
48
- $settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
49
- }
50
- if(!isset($settings['filename_sanitized_enable']))
51
- $settings['filename_sanitized_enable'] = "no";
52
- else{
53
- if(isset($_POST['filename_sanitized_enable']))
54
- $settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
55
  }
56
  // Update to WordPress Data.
57
  if(is_multisite() && is_plugin_active_for_network($plugin_basename))
58
  get_site_option('wp_add_mime_types_network_array', $settings);
59
- else
60
- update_option('wp_add_mime_types_array', $settings);
 
 
 
61
 
62
  ?>
63
  <div class="add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
9
  // Processing Setting menu for the plugin.
10
  function admin_settings_page(){
11
  global $plugin_basename;
12
+
13
  if ( ! function_exists( 'is_plugin_active_for_network' ) )
14
  require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
15
 
25
  // The user who can manage the WordPress option can only access the Setting menu of this plugin.
26
  if(current_user_can($admin_permission)) $permission = true;
27
  // If the adding data is not set, the value "mime_type_values" sets "empty".
28
+ $mime_type_values = "";
29
+ if(isset($settings['mime_type_values']) && !empty($settings['mime_type_values']))
30
+ $mime_type_values = unserialize($settings['mime_type_values']);
31
+
32
  // When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
33
+ if(isset($_POST["wamt-form"]) && $_POST["wamt-form"]){
34
  if(check_admin_referer("wamt-nonce-key", "wamt-form")){
35
+ if(isset($_POST['mime_type_values'])){
36
+ $p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
37
+ $mime_type_values = explode("\n", $p_set);
38
+ if(!empty($mime_type_values)){
39
+ foreach($mime_type_values as $m_type=>$m_value)
40
+ // " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
41
+ $mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
42
+ $settings['mime_type_values'] = serialize($mime_type_values);
43
+ }
44
+ }
45
+ //else
46
+ //$mime_type_values = unserialize($settings['mime_type_values']);
47
+
48
+ if(!isset($settings['security_attempt_enable']))
49
+ $settings['security_attempt_enable'] = "no";
50
+ else{
51
+ if(isset($_POST['security_attempt_enable']))
52
+ $settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
53
+ }
54
+ if(!isset($settings['filename_sanitized_enable']))
55
+ $settings['filename_sanitized_enable'] = "no";
56
+ else{
57
+ if(isset($_POST['filename_sanitized_enable']))
58
+ $settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
59
  }
60
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
61
  }
62
  // Update to WordPress Data.
63
  if(is_multisite() && is_plugin_active_for_network($plugin_basename))
64
  get_site_option('wp_add_mime_types_network_array', $settings);
65
+ else{
66
+ if(isset($_POST["wamt-form"]) && $_POST["wamt-form"])
67
+ if(check_admin_referer("wamt-nonce-key", "wamt-form"))
68
+ update_option('wp_add_mime_types_array', $settings);
69
+ }
70
 
71
  ?>
72
  <div class="add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
includes/network-admin.php CHANGED
@@ -17,8 +17,6 @@ function network_add_to_settings_menu(){
17
  // Processing Setting menu for the plugin.
18
  function network_admin_settings_page(){
19
  $admin_permission = 'manage_network_options';
20
- $mime_type_values = false;
21
-
22
  // Loading the stored setting data (wp_add_mime_types_network_array) from WordPress database.
23
  $settings = get_site_option('wp_add_mime_types_network_array');
24
 
@@ -26,38 +24,43 @@ function network_admin_settings_page(){
26
  // The user who can manage the WordPress option can only access the Setting menu of this plugin.
27
  if(current_user_can($admin_permission)) $permission = true;
28
  // If the adding data is not set, the value "mime_type_values" sets "empty".
29
- if(!isset($settings['mime_type_values'])) $settings['mime_type_values'] = '';
 
 
30
  // When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
31
- if(isset($_POST['mime_type_values']) && (isset($_POST["wamt-network-form"]) && $_POST["wamt-network-form"])){
32
- if(heck_admin_referer("wamt-network-nonce-key", "wamt-network-form")){
33
- $p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
34
- $mime_type_values = explode("\n", $p_set);
35
- if(!empty($mime_type_values)){
36
- foreach($mime_type_values as $m_type=>$m_value)
37
- // " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
38
- $mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
39
- $settings['mime_type_values'] = serialize($mime_type_values);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
40
  }
41
- }
42
- }else
43
- $mime_type_values = unserialize($settings['mime_type_values']);
44
 
45
- if(!isset($settings['security_attempt_enable']))
46
- $settings['security_attempt_enable'] = "no";
47
- else{
48
- if(isset($_POST['security_attempt_enable']))
49
- $settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
50
- }
51
- if(!isset($settings['filename_sanitized_enable']))
52
- $settings['filename_sanitized_enable'] = "no";
53
- else{
54
- if(isset($_POST['filename_sanitized_enable']))
55
- $settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
56
  }
57
 
58
- // Update on wp_sitemeta
59
- update_site_option('wp_add_mime_types_network_array', $settings);
60
-
61
  ?>
62
  <div class="network_add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
63
 
17
  // Processing Setting menu for the plugin.
18
  function network_admin_settings_page(){
19
  $admin_permission = 'manage_network_options';
 
 
20
  // Loading the stored setting data (wp_add_mime_types_network_array) from WordPress database.
21
  $settings = get_site_option('wp_add_mime_types_network_array');
22
 
24
  // The user who can manage the WordPress option can only access the Setting menu of this plugin.
25
  if(current_user_can($admin_permission)) $permission = true;
26
  // If the adding data is not set, the value "mime_type_values" sets "empty".
27
+ $mime_type_values = "";
28
+ if(isset($settings['mime_type_values']) && !empty($settings['mime_type_values']))
29
+ $mime_type_values = unserialize($settings['mime_type_values']);
30
  // When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
31
+ if(isset($_POST["wamt-network-form"]) && $_POST["wamt-network-form"]){
32
+ if(check_admin_referer("wamt-network-nonce-key", "wamt-network-form")){
33
+ if(isset($_POST['mime_type_values'])){
34
+ $p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
35
+ $mime_type_values = explode("\n", $p_set);
36
+ if(!empty($mime_type_values)){
37
+ foreach($mime_type_values as $m_type=>$m_value)
38
+ // " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
39
+ $mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
40
+ $settings['mime_type_values'] = serialize($mime_type_values);
41
+ }
42
+ }
43
+ //else
44
+ // $mime_type_values = unserialize($settings['mime_type_values']);
45
+
46
+ if(!isset($settings['security_attempt_enable']))
47
+ $settings['security_attempt_enable'] = "no";
48
+ else{
49
+ if(isset($_POST['security_attempt_enable']))
50
+ $settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
51
+ }
52
+ if(!isset($settings['filename_sanitized_enable']))
53
+ $settings['filename_sanitized_enable'] = "no";
54
+ else{
55
+ if(isset($_POST['filename_sanitized_enable']))
56
+ $settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
57
  }
 
 
 
58
 
59
+ // Update on wp_sitemeta
60
+ update_site_option('wp_add_mime_types_network_array', $settings);
61
+ }
 
 
 
 
 
 
 
 
62
  }
63
 
 
 
 
64
  ?>
65
  <div class="network_add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
66
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: mime,file extention
4
  Requires at least: 4.0
5
  Requires PHP: 5.6
6
  Tested up to: 5.3.2
7
- Stable tag: 2.5.1
8
  License: GPL v2
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -79,6 +79,9 @@ Yes, each setting values are saved as the other setting items.
79
 
80
  == Changelog ==
81
 
 
 
 
82
  = 2.5.1 =
83
  * Added the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
84
 
4
  Requires at least: 4.0
5
  Requires PHP: 5.6
6
  Tested up to: 5.3.2
7
+ Stable tag: 2.5.2
8
  License: GPL v2
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
79
 
80
  == Changelog ==
81
 
82
+ = 2.5.2 =
83
+ * Improved the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
84
+
85
  = 2.5.1 =
86
  * Added the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
87
 
wp-add-mime-types.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WP Add Mime Types
4
  Plugin URI:
5
  Description: The plugin additionally allows the mime types and file extensions to WordPress.
6
- Version: 2.5.1
7
  Author: Kimiya Kitani
8
  Author URI: http://kitaney-wordpress.blogspot.jp/
9
  Text Domain: wp-add-mime-types
@@ -19,7 +19,7 @@ add_action('plugins_loaded', 'enable_language_translation');
19
  $plugin_basename = plugin_basename ( __FILE__ );
20
 
21
  $default_var = array(
22
- 'wp_add_mime_types' => '2.5.1',
23
  );
24
 
25
  // Add Setting to WordPress 'Settings' menu for Multisite.
3
  Plugin Name: WP Add Mime Types
4
  Plugin URI:
5
  Description: The plugin additionally allows the mime types and file extensions to WordPress.
6
+ Version: 2.5.2
7
  Author: Kimiya Kitani
8
  Author URI: http://kitaney-wordpress.blogspot.jp/
9
  Text Domain: wp-add-mime-types
19
  $plugin_basename = plugin_basename ( __FILE__ );
20
 
21
  $default_var = array(
22
+ 'wp_add_mime_types' => '2.5.2',
23
  );
24
 
25
  // Add Setting to WordPress 'Settings' menu for Multisite.