Version Description
- Fix: CombineJs.php - PHP Notice: Array to string conversion (it happened when there were more than one inline JS code associated with a handle)
- Fix: CombineJs.php - Prevent PHP notice errors from showing up
- Security Fix: Sanitize values from BulkChanges.php to prevent execution of arbitrary code (e.g. JavaScript code)
- Security Fix: Sanitize value from $_REQUEST['wpacu_selected_sub_tab_area'] to prevent execution of arbitrary code (e.g. JavaScript code)
- Security Fix: Sanitize $postId (make sure it's only an integer) from the "duplicate_post_meta_keys_filter" filter to avoid any SQL injection attack
Download this release
Release Info
| Developer | gabelivan |
| Plugin |  Asset CleanUp: Page Speed Booster |
| Version | 1.3.6.7 |
| Comparing to | |
| See all releases | |
Code changes from version 1.3.6.6 to 1.3.6.7
- classes/BulkChanges.php +6 -6
- classes/Main.php +2 -2
- classes/OptimiseAssets/CombineJs.php +10 -3
- readme.txt +8 -1
- templates/admin-page-settings-plugin.php +2 -2
- templates/meta-box-loaded-assets/view-by-location.php +3 -0
- wpacu.php +2 -2
classes/BulkChanges.php
CHANGED
|
@@ -24,16 +24,16 @@ class BulkChanges
|
|
| 24 |
public $data = array();
|
| 25 |
|
| 26 |
/**
|
| 27 |
-
*
|
| 28 |
*/
|
| 29 |
public function __construct()
|
| 30 |
{
|
| 31 |
-
$this->wpacuFor = Misc::getVar('request', 'wpacu_for', $this->wpacuFor);
|
| 32 |
-
$this->wpacuPostType = Misc::getVar('request', 'wpacu_post_type', $this->wpacuPostType);
|
| 33 |
|
| 34 |
-
|
| 35 |
-
|
| 36 |
-
|
| 37 |
}
|
| 38 |
|
| 39 |
/**
|
| 24 |
public $data = array();
|
| 25 |
|
| 26 |
/**
|
| 27 |
+
* BulkChanges constructor.
|
| 28 |
*/
|
| 29 |
public function __construct()
|
| 30 |
{
|
| 31 |
+
$this->wpacuFor = sanitize_text_field(Misc::getVar('request', 'wpacu_for', $this->wpacuFor));
|
| 32 |
+
$this->wpacuPostType = sanitize_text_field(Misc::getVar('request', 'wpacu_post_type', $this->wpacuPostType));
|
| 33 |
|
| 34 |
+
if (Misc::getVar('request', 'wpacu_update') == 1) {
|
| 35 |
+
$this->update();
|
| 36 |
+
}
|
| 37 |
}
|
| 38 |
|
| 39 |
/**
|
classes/Main.php
CHANGED
|
@@ -424,10 +424,10 @@ class Main
|
|
| 424 |
|
| 425 |
add_filter( 'duplicate_post_meta_keys_filter', static function( $meta_keys ) {
|
| 426 |
// Get the original post ID
|
| 427 |
-
$postId = isset( $_GET['post'] ) ? $_GET['post'] : false;
|
| 428 |
|
| 429 |
if ( ! $postId ) {
|
| 430 |
-
$postId = isset( $_POST['post'] ) ? $_POST['post'] : false;
|
| 431 |
}
|
| 432 |
|
| 433 |
if ( $postId ) {
|
| 424 |
|
| 425 |
add_filter( 'duplicate_post_meta_keys_filter', static function( $meta_keys ) {
|
| 426 |
// Get the original post ID
|
| 427 |
+
$postId = isset( $_GET['post'] ) ? (int)$_GET['post'] : false;
|
| 428 |
|
| 429 |
if ( ! $postId ) {
|
| 430 |
+
$postId = isset( $_POST['post'] ) ? (int)$_POST['post'] : false;
|
| 431 |
}
|
| 432 |
|
| 433 |
if ( $postId ) {
|
classes/OptimiseAssets/CombineJs.php
CHANGED
|
@@ -345,8 +345,11 @@ class CombineJs
|
|
| 345 |
$finalTagUrl = OptimizeCommon::filterWpContentUrl($cdnUrlForJs) . OptimizeJs::getRelPathJsCacheDir() . $uriToFinalJsFile;
|
| 346 |
|
| 347 |
$finalJsTagAttrsOutput = '';
|
|
|
|
|
|
|
| 348 |
if (isset($cachedValues['extra_attributes']) && ! empty($cachedValues['extra_attributes'])) {
|
| 349 |
-
|
|
|
|
| 350 |
$finalJsTagAttrsOutput .= ' '.$finalJsTagAttr.'=\''.$finalJsTagAttr.'\' ';
|
| 351 |
}
|
| 352 |
$finalJsTagAttrsOutput = trim($finalJsTagAttrsOutput);
|
|
@@ -360,7 +363,7 @@ HTML;
|
|
| 360 |
'wpacu_combined_js_tag',
|
| 361 |
$finalJsTag,
|
| 362 |
array(
|
| 363 |
-
'attrs' => $
|
| 364 |
'doc_location' => $docLocationScript,
|
| 365 |
'group_no' => $groupNo,
|
| 366 |
'src' => $finalTagUrl
|
|
@@ -601,7 +604,11 @@ HTML;
|
|
| 601 |
foreach ( $localAssetsExtra as $values ) {
|
| 602 |
foreach ( array('data', 'before', 'after') as $keyToCheck ) {
|
| 603 |
if ( isset( $values[$keyToCheck] ) && $values[$keyToCheck] ) {
|
| 604 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 605 |
}
|
| 606 |
}
|
| 607 |
}
|
| 345 |
$finalTagUrl = OptimizeCommon::filterWpContentUrl($cdnUrlForJs) . OptimizeJs::getRelPathJsCacheDir() . $uriToFinalJsFile;
|
| 346 |
|
| 347 |
$finalJsTagAttrsOutput = '';
|
| 348 |
+
$extraAttrs = array();
|
| 349 |
+
|
| 350 |
if (isset($cachedValues['extra_attributes']) && ! empty($cachedValues['extra_attributes'])) {
|
| 351 |
+
$extraAttrs = $cachedValues['extra_attributes'];
|
| 352 |
+
foreach ($extraAttrs as $finalJsTagAttr) {
|
| 353 |
$finalJsTagAttrsOutput .= ' '.$finalJsTagAttr.'=\''.$finalJsTagAttr.'\' ';
|
| 354 |
}
|
| 355 |
$finalJsTagAttrsOutput = trim($finalJsTagAttrsOutput);
|
| 363 |
'wpacu_combined_js_tag',
|
| 364 |
$finalJsTag,
|
| 365 |
array(
|
| 366 |
+
'attrs' => $extraAttrs,
|
| 367 |
'doc_location' => $docLocationScript,
|
| 368 |
'group_no' => $groupNo,
|
| 369 |
'src' => $finalTagUrl
|
| 604 |
foreach ( $localAssetsExtra as $values ) {
|
| 605 |
foreach ( array('data', 'before', 'after') as $keyToCheck ) {
|
| 606 |
if ( isset( $values[$keyToCheck] ) && $values[$keyToCheck] ) {
|
| 607 |
+
if (is_array($values[$keyToCheck])) {
|
| 608 |
+
$afterContentForAll .= implode('', $values[$keyToCheck]);
|
| 609 |
+
} else {
|
| 610 |
+
$afterContentForAll .= $values[$keyToCheck];
|
| 611 |
+
}
|
| 612 |
}
|
| 613 |
}
|
| 614 |
}
|
readme.txt
CHANGED
|
@@ -4,7 +4,7 @@ Tags: minify css, minify javascript, defer css javascript, page speed, dequeue,
|
|
| 4 |
Donate link: https://www.gabelivan.com/items/wp-asset-cleanup-pro/?utm_source=wp_org_lite&utm_medium=donate
|
| 5 |
Requires at least: 4.5
|
| 6 |
Tested up to: 5.4.2
|
| 7 |
-
Stable tag: 1.3.6.
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl.html
|
| 10 |
|
|
@@ -183,6 +183,13 @@ With the recently released "Test Mode" feature, you can safely unload assets on
|
|
| 183 |
4. Homepage CSS & JS Management (List sorted by location)
|
| 184 |
|
| 185 |
== Changelog ==
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 186 |
= 1.3.6.6 =
|
| 187 |
* The caching of a file is re-built based on the filemtime() value as developers often forget to update the value of the "ver" (/?ver=) after updating a CSS/JS file's content
|
| 188 |
* When listing the loaded stylesheets (LINK tags), make sure to print the "media" attribute if it's different than "all" so the admin will be aware if that particular CSS is meant for mobile or other devices (e.g. to save time from going through the HTML source code and check it out there)
|
| 4 |
Donate link: https://www.gabelivan.com/items/wp-asset-cleanup-pro/?utm_source=wp_org_lite&utm_medium=donate
|
| 5 |
Requires at least: 4.5
|
| 6 |
Tested up to: 5.4.2
|
| 7 |
+
Stable tag: 1.3.6.7
|
| 8 |
License: GPLv3
|
| 9 |
License URI: http://www.gnu.org/licenses/gpl.html
|
| 10 |
|
| 183 |
4. Homepage CSS & JS Management (List sorted by location)
|
| 184 |
|
| 185 |
== Changelog ==
|
| 186 |
+
= 1.3.6.7 =
|
| 187 |
+
* Fix: CombineJs.php - PHP Notice: Array to string conversion (it happened when there were more than one inline JS code associated with a handle)
|
| 188 |
+
* Fix: CombineJs.php - Prevent PHP notice errors from showing up
|
| 189 |
+
* Security Fix: Sanitize values from BulkChanges.php to prevent execution of arbitrary code (e.g. JavaScript code)
|
| 190 |
+
* Security Fix: Sanitize value from $_REQUEST['wpacu_selected_sub_tab_area'] to prevent execution of arbitrary code (e.g. JavaScript code)
|
| 191 |
+
* Security Fix: Sanitize $postId (make sure it's only an integer) from the "duplicate_post_meta_keys_filter" filter to avoid any SQL injection attack
|
| 192 |
+
|
| 193 |
= 1.3.6.6 =
|
| 194 |
* The caching of a file is re-built based on the filemtime() value as developers often forget to update the value of the "ver" (/?ver=) after updating a CSS/JS file's content
|
| 195 |
* When listing the loaded stylesheets (LINK tags), make sure to print the "media" attribute if it's different than "all" so the admin will be aware if that particular CSS is meant for mobile or other devices (e.g. to save time from going through the HTML source code and check it out there)
|
templates/admin-page-settings-plugin.php
CHANGED
|
@@ -52,7 +52,7 @@ if ($showSettingsType === 'tabs') {
|
|
| 52 |
|
| 53 |
$selectedTabArea = isset($_REQUEST['wpacu_selected_tab_area']) && array_key_exists($_REQUEST['wpacu_selected_tab_area'],
|
| 54 |
$settingsTabs) // the tab id area has to be one within the list above
|
| 55 |
-
? $_REQUEST['wpacu_selected_tab_area'] // after update
|
| 56 |
: $defaultTabArea; // default
|
| 57 |
|
| 58 |
if ($selectedTabArea && array_key_exists($selectedTabArea, $settingsTabs)) {
|
|
@@ -60,7 +60,7 @@ if ($showSettingsType === 'tabs') {
|
|
| 60 |
}
|
| 61 |
|
| 62 |
$selectedSubTabArea = isset($_REQUEST['wpacu_selected_sub_tab_area']) // after update
|
| 63 |
-
? $_REQUEST['wpacu_selected_sub_tab_area']
|
| 64 |
: ''; // default
|
| 65 |
}
|
| 66 |
?>
|
| 52 |
|
| 53 |
$selectedTabArea = isset($_REQUEST['wpacu_selected_tab_area']) && array_key_exists($_REQUEST['wpacu_selected_tab_area'],
|
| 54 |
$settingsTabs) // the tab id area has to be one within the list above
|
| 55 |
+
? sanitize_text_field($_REQUEST['wpacu_selected_tab_area']) // after update
|
| 56 |
: $defaultTabArea; // default
|
| 57 |
|
| 58 |
if ($selectedTabArea && array_key_exists($selectedTabArea, $settingsTabs)) {
|
| 60 |
}
|
| 61 |
|
| 62 |
$selectedSubTabArea = isset($_REQUEST['wpacu_selected_sub_tab_area']) // after update
|
| 63 |
+
? sanitize_text_field($_REQUEST['wpacu_selected_sub_tab_area'])
|
| 64 |
: ''; // default
|
| 65 |
}
|
| 66 |
?>
|
templates/meta-box-loaded-assets/view-by-location.php
CHANGED
|
@@ -142,6 +142,9 @@ $pluginsAreaStatus = $data['plugin_settings']['assets_list_layout_plugin_area_st
|
|
| 142 |
// Total files from all the plugins
|
| 143 |
$totalFilesArray[$locationMain] = 0;
|
| 144 |
|
|
|
|
|
|
|
|
|
|
| 145 |
if ($totalLocationAssets > 0) {
|
| 146 |
$locI = 1;
|
| 147 |
|
| 142 |
// Total files from all the plugins
|
| 143 |
$totalFilesArray[$locationMain] = 0;
|
| 144 |
|
| 145 |
+
// Default value (not contracted)
|
| 146 |
+
$pluginListContracted = false;
|
| 147 |
+
|
| 148 |
if ($totalLocationAssets > 0) {
|
| 149 |
$locI = 1;
|
| 150 |
|
wpacu.php
CHANGED
|
@@ -2,7 +2,7 @@
|
|
| 2 |
/*
|
| 3 |
* Plugin Name: Asset CleanUp: Page Speed Booster
|
| 4 |
* Plugin URI: https://wordpress.org/plugins/wp-asset-clean-up/
|
| 5 |
-
* Version: 1.3.6.
|
| 6 |
* Description: Unload Chosen Scripts & Styles from Posts/Pages to reduce HTTP Requests, Combine/Minify CSS/JS files
|
| 7 |
* Author: Gabriel Livan
|
| 8 |
* Author URI: http://gabelivan.com/
|
|
@@ -12,7 +12,7 @@
|
|
| 12 |
|
| 13 |
// Is the Pro version triggered before the Lite one and are both plugins active?
|
| 14 |
if (! defined('WPACU_PLUGIN_VERSION')) {
|
| 15 |
-
define('WPACU_PLUGIN_VERSION', '1.3.6.
|
| 16 |
}
|
| 17 |
|
| 18 |
// Exit if accessed directly
|
| 2 |
/*
|
| 3 |
* Plugin Name: Asset CleanUp: Page Speed Booster
|
| 4 |
* Plugin URI: https://wordpress.org/plugins/wp-asset-clean-up/
|
| 5 |
+
* Version: 1.3.6.7
|
| 6 |
* Description: Unload Chosen Scripts & Styles from Posts/Pages to reduce HTTP Requests, Combine/Minify CSS/JS files
|
| 7 |
* Author: Gabriel Livan
|
| 8 |
* Author URI: http://gabelivan.com/
|
| 12 |
|
| 13 |
// Is the Pro version triggered before the Lite one and are both plugins active?
|
| 14 |
if (! defined('WPACU_PLUGIN_VERSION')) {
|
| 15 |
+
define('WPACU_PLUGIN_VERSION', '1.3.6.7');
|
| 16 |
}
|
| 17 |
|
| 18 |
// Exit if accessed directly
|
