Version Description
- Improved the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
Download this release
Release Info
Developer | kimipooh |
Plugin | WP Add Mime Types |
Version | 2.5.2 |
Comparing to | |
See all releases |
Code changes from version 2.5.1 to 2.5.2
- includes/admin.php +35 -26
- includes/network-admin.php +32 -29
- readme.txt +4 -1
- wp-add-mime-types.php +2 -2
includes/admin.php
CHANGED
@@ -9,7 +9,7 @@ function add_to_settings_menu(){
|
|
9 |
// Processing Setting menu for the plugin.
|
10 |
function admin_settings_page(){
|
11 |
global $plugin_basename;
|
12 |
-
|
13 |
if ( ! function_exists( 'is_plugin_active_for_network' ) )
|
14 |
require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
|
15 |
|
@@ -25,39 +25,48 @@ function admin_settings_page(){
|
|
25 |
// The user who can manage the WordPress option can only access the Setting menu of this plugin.
|
26 |
if(current_user_can($admin_permission)) $permission = true;
|
27 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
28 |
-
|
|
|
|
|
|
|
29 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
30 |
-
if(isset($_POST[
|
31 |
if(check_admin_referer("wamt-nonce-key", "wamt-form")){
|
32 |
-
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
39 |
}
|
40 |
}
|
41 |
-
}else
|
42 |
-
$mime_type_values = unserialize($settings['mime_type_values']);
|
43 |
-
|
44 |
-
if(!isset($settings['security_attempt_enable']))
|
45 |
-
$settings['security_attempt_enable'] = "no";
|
46 |
-
else{
|
47 |
-
if(isset($_POST['security_attempt_enable']))
|
48 |
-
$settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
|
49 |
-
}
|
50 |
-
if(!isset($settings['filename_sanitized_enable']))
|
51 |
-
$settings['filename_sanitized_enable'] = "no";
|
52 |
-
else{
|
53 |
-
if(isset($_POST['filename_sanitized_enable']))
|
54 |
-
$settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
|
55 |
}
|
56 |
// Update to WordPress Data.
|
57 |
if(is_multisite() && is_plugin_active_for_network($plugin_basename))
|
58 |
get_site_option('wp_add_mime_types_network_array', $settings);
|
59 |
-
else
|
60 |
-
|
|
|
|
|
|
|
61 |
|
62 |
?>
|
63 |
<div class="add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
|
9 |
// Processing Setting menu for the plugin.
|
10 |
function admin_settings_page(){
|
11 |
global $plugin_basename;
|
12 |
+
|
13 |
if ( ! function_exists( 'is_plugin_active_for_network' ) )
|
14 |
require_once( ABSPATH . '/wp-admin/includes/plugin.php' );
|
15 |
|
25 |
// The user who can manage the WordPress option can only access the Setting menu of this plugin.
|
26 |
if(current_user_can($admin_permission)) $permission = true;
|
27 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
28 |
+
$mime_type_values = "";
|
29 |
+
if(isset($settings['mime_type_values']) && !empty($settings['mime_type_values']))
|
30 |
+
$mime_type_values = unserialize($settings['mime_type_values']);
|
31 |
+
|
32 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
33 |
+
if(isset($_POST["wamt-form"]) && $_POST["wamt-form"]){
|
34 |
if(check_admin_referer("wamt-nonce-key", "wamt-form")){
|
35 |
+
if(isset($_POST['mime_type_values'])){
|
36 |
+
$p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
|
37 |
+
$mime_type_values = explode("\n", $p_set);
|
38 |
+
if(!empty($mime_type_values)){
|
39 |
+
foreach($mime_type_values as $m_type=>$m_value)
|
40 |
+
// " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
|
41 |
+
$mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
|
42 |
+
$settings['mime_type_values'] = serialize($mime_type_values);
|
43 |
+
}
|
44 |
+
}
|
45 |
+
//else
|
46 |
+
//$mime_type_values = unserialize($settings['mime_type_values']);
|
47 |
+
|
48 |
+
if(!isset($settings['security_attempt_enable']))
|
49 |
+
$settings['security_attempt_enable'] = "no";
|
50 |
+
else{
|
51 |
+
if(isset($_POST['security_attempt_enable']))
|
52 |
+
$settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
|
53 |
+
}
|
54 |
+
if(!isset($settings['filename_sanitized_enable']))
|
55 |
+
$settings['filename_sanitized_enable'] = "no";
|
56 |
+
else{
|
57 |
+
if(isset($_POST['filename_sanitized_enable']))
|
58 |
+
$settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
|
59 |
}
|
60 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
61 |
}
|
62 |
// Update to WordPress Data.
|
63 |
if(is_multisite() && is_plugin_active_for_network($plugin_basename))
|
64 |
get_site_option('wp_add_mime_types_network_array', $settings);
|
65 |
+
else{
|
66 |
+
if(isset($_POST["wamt-form"]) && $_POST["wamt-form"])
|
67 |
+
if(check_admin_referer("wamt-nonce-key", "wamt-form"))
|
68 |
+
update_option('wp_add_mime_types_array', $settings);
|
69 |
+
}
|
70 |
|
71 |
?>
|
72 |
<div class="add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
|
includes/network-admin.php
CHANGED
@@ -17,8 +17,6 @@ function network_add_to_settings_menu(){
|
|
17 |
// Processing Setting menu for the plugin.
|
18 |
function network_admin_settings_page(){
|
19 |
$admin_permission = 'manage_network_options';
|
20 |
-
$mime_type_values = false;
|
21 |
-
|
22 |
// Loading the stored setting data (wp_add_mime_types_network_array) from WordPress database.
|
23 |
$settings = get_site_option('wp_add_mime_types_network_array');
|
24 |
|
@@ -26,38 +24,43 @@ function network_admin_settings_page(){
|
|
26 |
// The user who can manage the WordPress option can only access the Setting menu of this plugin.
|
27 |
if(current_user_can($admin_permission)) $permission = true;
|
28 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
29 |
-
|
|
|
|
|
30 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
31 |
-
if(isset($_POST[
|
32 |
-
if(
|
33 |
-
|
34 |
-
|
35 |
-
|
36 |
-
|
37 |
-
|
38 |
-
|
39 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
40 |
}
|
41 |
-
}
|
42 |
-
}else
|
43 |
-
$mime_type_values = unserialize($settings['mime_type_values']);
|
44 |
|
45 |
-
|
46 |
-
|
47 |
-
|
48 |
-
if(isset($_POST['security_attempt_enable']))
|
49 |
-
$settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
|
50 |
-
}
|
51 |
-
if(!isset($settings['filename_sanitized_enable']))
|
52 |
-
$settings['filename_sanitized_enable'] = "no";
|
53 |
-
else{
|
54 |
-
if(isset($_POST['filename_sanitized_enable']))
|
55 |
-
$settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
|
56 |
}
|
57 |
|
58 |
-
// Update on wp_sitemeta
|
59 |
-
update_site_option('wp_add_mime_types_network_array', $settings);
|
60 |
-
|
61 |
?>
|
62 |
<div class="network_add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
|
63 |
|
17 |
// Processing Setting menu for the plugin.
|
18 |
function network_admin_settings_page(){
|
19 |
$admin_permission = 'manage_network_options';
|
|
|
|
|
20 |
// Loading the stored setting data (wp_add_mime_types_network_array) from WordPress database.
|
21 |
$settings = get_site_option('wp_add_mime_types_network_array');
|
22 |
|
24 |
// The user who can manage the WordPress option can only access the Setting menu of this plugin.
|
25 |
if(current_user_can($admin_permission)) $permission = true;
|
26 |
// If the adding data is not set, the value "mime_type_values" sets "empty".
|
27 |
+
$mime_type_values = "";
|
28 |
+
if(isset($settings['mime_type_values']) && !empty($settings['mime_type_values']))
|
29 |
+
$mime_type_values = unserialize($settings['mime_type_values']);
|
30 |
// When the adding data is saved (posted) at the setting menu, the data will update to the WordPress database after the security check
|
31 |
+
if(isset($_POST["wamt-network-form"]) && $_POST["wamt-network-form"]){
|
32 |
+
if(check_admin_referer("wamt-network-nonce-key", "wamt-network-form")){
|
33 |
+
if(isset($_POST['mime_type_values'])){
|
34 |
+
$p_set = esc_attr(strip_tags(html_entity_decode($_POST['mime_type_values']),ENT_QUOTES));
|
35 |
+
$mime_type_values = explode("\n", $p_set);
|
36 |
+
if(!empty($mime_type_values)){
|
37 |
+
foreach($mime_type_values as $m_type=>$m_value)
|
38 |
+
// " " is the Japanese multi-byte space. If the character is found out, it automatically change the space.
|
39 |
+
$mime_type_values[$m_type] = trim(str_replace(" ", " ", $m_value));
|
40 |
+
$settings['mime_type_values'] = serialize($mime_type_values);
|
41 |
+
}
|
42 |
+
}
|
43 |
+
//else
|
44 |
+
// $mime_type_values = unserialize($settings['mime_type_values']);
|
45 |
+
|
46 |
+
if(!isset($settings['security_attempt_enable']))
|
47 |
+
$settings['security_attempt_enable'] = "no";
|
48 |
+
else{
|
49 |
+
if(isset($_POST['security_attempt_enable']))
|
50 |
+
$settings['security_attempt_enable'] = wp_strip_all_tags($_POST['security_attempt_enable']);
|
51 |
+
}
|
52 |
+
if(!isset($settings['filename_sanitized_enable']))
|
53 |
+
$settings['filename_sanitized_enable'] = "no";
|
54 |
+
else{
|
55 |
+
if(isset($_POST['filename_sanitized_enable']))
|
56 |
+
$settings['filename_sanitized_enable'] = wp_strip_all_tags($_POST['filename_sanitized_enable']);
|
57 |
}
|
|
|
|
|
|
|
58 |
|
59 |
+
// Update on wp_sitemeta
|
60 |
+
update_site_option('wp_add_mime_types_network_array', $settings);
|
61 |
+
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
62 |
}
|
63 |
|
|
|
|
|
|
|
64 |
?>
|
65 |
<div class="network_add_mime_media_admin_setting_page_updated"><p><strong><?php _e('Updated', 'wp-add-mime-types'); ?></strong></p></div>
|
66 |
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: mime,file extention
|
|
4 |
Requires at least: 4.0
|
5 |
Requires PHP: 5.6
|
6 |
Tested up to: 5.3.2
|
7 |
-
Stable tag: 2.5.
|
8 |
License: GPL v2
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
@@ -79,6 +79,9 @@ Yes, each setting values are saved as the other setting items.
|
|
79 |
|
80 |
== Changelog ==
|
81 |
|
|
|
|
|
|
|
82 |
= 2.5.1 =
|
83 |
* Added the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
|
84 |
|
4 |
Requires at least: 4.0
|
5 |
Requires PHP: 5.6
|
6 |
Tested up to: 5.3.2
|
7 |
+
Stable tag: 2.5.2
|
8 |
License: GPL v2
|
9 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
10 |
|
79 |
|
80 |
== Changelog ==
|
81 |
|
82 |
+
= 2.5.2 =
|
83 |
+
* Improved the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
|
84 |
+
|
85 |
= 2.5.1 =
|
86 |
* Added the response of CSRF (Cross-Site Request Forgery) vulnerability for this plugin's settings.
|
87 |
|
wp-add-mime-types.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
Plugin Name: WP Add Mime Types
|
4 |
Plugin URI:
|
5 |
Description: The plugin additionally allows the mime types and file extensions to WordPress.
|
6 |
-
Version: 2.5.
|
7 |
Author: Kimiya Kitani
|
8 |
Author URI: http://kitaney-wordpress.blogspot.jp/
|
9 |
Text Domain: wp-add-mime-types
|
@@ -19,7 +19,7 @@ add_action('plugins_loaded', 'enable_language_translation');
|
|
19 |
$plugin_basename = plugin_basename ( __FILE__ );
|
20 |
|
21 |
$default_var = array(
|
22 |
-
'wp_add_mime_types' => '2.5.
|
23 |
);
|
24 |
|
25 |
// Add Setting to WordPress 'Settings' menu for Multisite.
|
3 |
Plugin Name: WP Add Mime Types
|
4 |
Plugin URI:
|
5 |
Description: The plugin additionally allows the mime types and file extensions to WordPress.
|
6 |
+
Version: 2.5.2
|
7 |
Author: Kimiya Kitani
|
8 |
Author URI: http://kitaney-wordpress.blogspot.jp/
|
9 |
Text Domain: wp-add-mime-types
|
19 |
$plugin_basename = plugin_basename ( __FILE__ );
|
20 |
|
21 |
$default_var = array(
|
22 |
+
'wp_add_mime_types' => '2.5.2',
|
23 |
);
|
24 |
|
25 |
// Add Setting to WordPress 'Settings' menu for Multisite.
|