Version Description
- intermediate update to address some vulnerability issues
Download this release
Release Info
| Developer | nickboss |
| Plugin |  WordPress File Upload |
| Version | 2.4.2 |
| Comparing to | |
| See all releases | |
Code changes from version 2.4.1 to 2.4.2
- lib/wfu_admin.php +5 -0
- readme.txt +6 -0
- wordpress_file_upload.php +1 -1
lib/wfu_admin.php
CHANGED
|
@@ -159,6 +159,10 @@ function wfu_manage_settings($message = '') {
|
|
| 159 |
if ( current_user_can( 'manage_options' ) ) $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=sync_db" class="button" title="Update database to reflect current status of files">Sync Database</a>';
|
| 160 |
$echo_str .= "\n\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">Settings</h3>';
|
| 161 |
$echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editsettings" id="editsettings" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=edit_settings" class="validate">';
|
|
|
|
|
|
|
|
|
|
|
|
|
| 162 |
$echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_settings">';
|
| 163 |
$echo_str .= "\n\t\t\t".'<table class="form-table">';
|
| 164 |
$echo_str .= "\n\t\t\t\t".'<tbody>';
|
|
@@ -194,6 +198,7 @@ function wfu_manage_settings($message = '') {
|
|
| 194 |
|
| 195 |
function wfu_update_settings() {
|
| 196 |
if ( !current_user_can( 'manage_options' ) ) return;
|
|
|
|
| 197 |
$plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
|
| 198 |
$new_plugin_options = array();
|
| 199 |
|
| 159 |
if ( current_user_can( 'manage_options' ) ) $echo_str .= "\n\t\t".'<a href="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=sync_db" class="button" title="Update database to reflect current status of files">Sync Database</a>';
|
| 160 |
$echo_str .= "\n\t\t".'<h3 style="margin-bottom: 10px; margin-top: 40px;">Settings</h3>';
|
| 161 |
$echo_str .= "\n\t\t".'<form enctype="multipart/form-data" name="editsettings" id="editsettings" method="post" action="'.$siteurl.'/wp-admin/options-general.php?page=wordpress_file_upload&action=edit_settings" class="validate">';
|
| 162 |
+
$nonce = wp_nonce_field('wfu_edit_admin_settings', '_wpnonce', false, false);
|
| 163 |
+
$nonce_ref = wp_referer_field(false);
|
| 164 |
+
$echo_str .= "\n\t\t\t".$nonce;
|
| 165 |
+
$echo_str .= "\n\t\t\t".$nonce_ref;
|
| 166 |
$echo_str .= "\n\t\t\t".'<input type="hidden" name="action" value="edit_settings">';
|
| 167 |
$echo_str .= "\n\t\t\t".'<table class="form-table">';
|
| 168 |
$echo_str .= "\n\t\t\t\t".'<tbody>';
|
| 198 |
|
| 199 |
function wfu_update_settings() {
|
| 200 |
if ( !current_user_can( 'manage_options' ) ) return;
|
| 201 |
+
if ( !check_admin_referer('wfu_edit_admin_settings') ) return;
|
| 202 |
$plugin_options = wfu_decode_plugin_options(get_option( "wordpress_file_upload_options" ));
|
| 203 |
$new_plugin_options = array();
|
| 204 |
|
readme.txt
CHANGED
|
@@ -110,6 +110,9 @@ Administrators can view and manage the uploaded files from the File Browser that
|
|
| 110 |
|
| 111 |
== Changelog ==
|
| 112 |
|
|
|
|
|
|
|
|
|
|
| 113 |
= 2.4.1 =
|
| 114 |
* added filters and actions before and after each file upload - check below Filters/Actions section for instructions how to use them
|
| 115 |
* added storage of file info, including user data, in database
|
|
@@ -307,6 +310,9 @@ Initial version.
|
|
| 307 |
|
| 308 |
== Upgrade Notice ==
|
| 309 |
|
|
|
|
|
|
|
|
|
|
| 310 |
= 2.4.1 =
|
| 311 |
Upgrade to add many features and address some minor bugs.
|
| 312 |
|
| 110 |
|
| 111 |
== Changelog ==
|
| 112 |
|
| 113 |
+
= 2.4.2 =
|
| 114 |
+
* intermediate update to address some vulnerability issues
|
| 115 |
+
|
| 116 |
= 2.4.1 =
|
| 117 |
* added filters and actions before and after each file upload - check below Filters/Actions section for instructions how to use them
|
| 118 |
* added storage of file info, including user data, in database
|
| 310 |
|
| 311 |
== Upgrade Notice ==
|
| 312 |
|
| 313 |
+
= 2.4.2 =
|
| 314 |
+
Important upgrade to address some vulnerability issues.
|
| 315 |
+
|
| 316 |
= 2.4.1 =
|
| 317 |
Upgrade to add many features and address some minor bugs.
|
| 318 |
|
wordpress_file_upload.php
CHANGED
|
@@ -4,7 +4,7 @@ session_start();
|
|
| 4 |
Plugin Name: Wordpress File Upload
|
| 5 |
Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
|
| 6 |
Description: Simple interface to upload files from a page.
|
| 7 |
-
Version: 2.4.
|
| 8 |
Author: Nickolas Bossinas
|
| 9 |
Author URI: http://www.iptanus.com
|
| 10 |
*/
|
| 4 |
Plugin Name: Wordpress File Upload
|
| 5 |
Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
|
| 6 |
Description: Simple interface to upload files from a page.
|
| 7 |
+
Version: 2.4.2
|
| 8 |
Author: Nickolas Bossinas
|
| 9 |
Author URI: http://www.iptanus.com
|
| 10 |
*/
|
