WordPress File Upload - Version 4.3.4

Version Description

  • all Settings sanitized correctly to prevent XSS attacks - credits to ManhNho for mentioning this problem
Download this release

Release Info

Developer nickboss
Plugin Icon 128x128 WordPress File Upload
Version 4.3.4
Comparing to
See all releases

Code changes from version 4.3.3 to 4.3.4

Files changed (4) hide show
  1. lib/wfu_admin_settings.php +3 -3
  2. readme.txt +7 -1
  3. release_notes.txt +1 -1
  4. wordpress_file_upload.php +1 -1
lib/wfu_admin_settings.php CHANGED
@@ -194,10 +194,10 @@ function wfu_update_settings() {
194
  $new_plugin_options['version'] = '1.0';
195
  $new_plugin_options['shortcode'] = $plugin_options['shortcode'];
196
  $new_plugin_options['hashfiles'] = $hashfiles;
197
- $new_plugin_options['basedir'] = $_POST['wfu_basedir'];
198
- $new_plugin_options['postmethod'] = $_POST['wfu_postmethod'];
199
  $new_plugin_options['relaxcss'] = $relaxcss;
200
- $new_plugin_options['admindomain'] = $_POST['wfu_admindomain'];
201
  $new_plugin_options['mediacustom'] = $mediacustom;
202
  $new_plugin_options['includeotherfiles'] = $includeotherfiles;
203
  $new_plugin_options['altserver'] = $altserver;
194
  $new_plugin_options['version'] = '1.0';
195
  $new_plugin_options['shortcode'] = $plugin_options['shortcode'];
196
  $new_plugin_options['hashfiles'] = $hashfiles;
197
+ $new_plugin_options['basedir'] = sanitize_text_field($_POST['wfu_basedir']);
198
+ $new_plugin_options['postmethod'] = sanitize_text_field($_POST['wfu_postmethod']);
199
  $new_plugin_options['relaxcss'] = $relaxcss;
200
+ $new_plugin_options['admindomain'] = sanitize_text_field($_POST['wfu_admindomain']);
201
  $new_plugin_options['mediacustom'] = $mediacustom;
202
  $new_plugin_options['includeotherfiles'] = $includeotherfiles;
203
  $new_plugin_options['altserver'] = $altserver;
readme.txt CHANGED
@@ -146,8 +146,11 @@ There is an option in plugin's settings in Dashboard to relax the CSS rules, so
146
 
147
  == Changelog ==
148
 
 
 
 
149
  = 4.3.3 =
150
- * all shortcode attributes sanitized correctly to close a serious security hole
151
 
152
  = 4.3.2 =
153
  * fixed bug in wfu_before_upload and wfu_after_upload filters that was breaking JS scripts if they contained a closing bracket ']' symbol
@@ -735,6 +738,9 @@ Initial version.
735
 
736
  == Upgrade Notice ==
737
 
 
 
 
738
  = 4.3.3 =
739
  Minor update to fix a serious security hole.
740
 
146
 
147
  == Changelog ==
148
 
149
+ = 4.3.4 =
150
+ * all Settings sanitized correctly to prevent XSS attacks - credits to ManhNho for mentioning this problem
151
+
152
  = 4.3.3 =
153
+ * all shortcode attributes sanitized correctly to close a serious security hole - credits to ManhNho for mentioning this problem
154
 
155
  = 4.3.2 =
156
  * fixed bug in wfu_before_upload and wfu_after_upload filters that was breaking JS scripts if they contained a closing bracket ']' symbol
738
 
739
  == Upgrade Notice ==
740
 
741
+ = 4.3.4 =
742
+ Minor update to fix a serious security hole.
743
+
744
  = 4.3.3 =
745
  Minor update to fix a serious security hole.
746
 
release_notes.txt CHANGED
@@ -1,2 +1,2 @@
1
- <!-- --><span>Version 4.3.3 is a minor update that fixes a serious <strong>security hole</strong> in shortcode attributes. </span><span style="font-weight:bold; color:red;">You are strongly encouraged to upgrade to the current version</span><span>. If you notice any problems with the shortcode, please </span><a href="https://www.iptanus.com/contact/">contact</a><span> <strong>Iptanus</strong>.<br/><br/>For details about this version's changes please visit the Release Notes of the plugin's </span><a href="http://www.iptanus.com/wordpress-plugins/wordpress-file-upload/">support page</a><span>.</span><!-- -->
2
  <!-- -->
1
+ <!-- --><span>Version 4.3.4 is a minor update that fixes another potential <strong>security risk</strong> in plugin's <strong>Settings</strong>. Many thanks to <strong>ManhNho</strong> for mentioning this issue and also the one in the previous version. If you notice any problems with the shortcode, please </span><a href="https://www.iptanus.com/contact/">contact</a><span> <strong>Iptanus</strong>.<br/><br/>For details about this version's changes please visit the Release Notes of the plugin's </span><a href="http://www.iptanus.com/wordpress-plugins/wordpress-file-upload/">support page</a><span>.</span><!-- -->
2
  <!-- -->
wordpress_file_upload.php CHANGED
@@ -4,7 +4,7 @@ if( !session_id() ) { session_start(); }
4
  /*
5
  Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6
  Description: Simple interface to upload files from a page.
7
- Version: 4.3.3
8
  Author: Nickolas Bossinas
9
  Author URI: http://www.iptanus.com
10
  */
4
  /*
5
  Plugin URI: http://www.iptanus.com/support/wordpress-file-upload
6
  Description: Simple interface to upload files from a page.
7
+ Version: 4.3.4
8
  Author: Nickolas Bossinas
9
  Author URI: http://www.iptanus.com
10
  */