Version Description
(16/05/2011) = * Fix: fixed a security vulnerability (lack of _nonce on settings page) (thank you Julio from Boiteaweb.fr for ringing the alarm bell; thank you Otto for the kind support!).
Download this release
Release Info
| Developer | dardna |
| Plugin |  WP htaccess Control |
| Version | 2.5 |
| Comparing to | |
| See all releases | |
Code changes from version 2.4 to 2.5
- readme.txt +8 -5
- wp-htaccess-control-ui.php +5 -4
- wp-htaccess-control.php +9 -1
readme.txt
CHANGED
|
@@ -2,11 +2,11 @@
|
|
| 2 |
Author: António Andrade
|
| 3 |
Author URI: http://dardna.com/
|
| 4 |
Plugin URI: http://dardna.com/wp-htaccess-control
|
| 5 |
-
Donate link:
|
| 6 |
Tags: permalinks, permalink, author, htaccess, rewrite, redirect, admin, maintenance, pagination, category, category base, archive, archives
|
| 7 |
Requires at least: 2.7
|
| 8 |
Tested up to: 3.1.2
|
| 9 |
-
Stable tag: 2.
|
| 10 |
|
| 11 |
Interface to customize the permalinks (author, category, archives and pagination) and htaccess file generated by Wordpress.
|
| 12 |
|
|
@@ -72,8 +72,11 @@ Search redirection is based on Mark Jaquith's **Nice Search** but extended so th
|
|
| 72 |
|
| 73 |
== Changelog ==
|
| 74 |
|
|
|
|
|
|
|
|
|
|
| 75 |
= 2.4 (04/05/2011) =
|
| 76 |
-
* *Feature:* added htaccess suggestion "Protect comments.php";
|
| 77 |
* Added "Latest donations";
|
| 78 |
* Confirmed compatibility with WP 3.1.2.
|
| 79 |
|
|
@@ -93,8 +96,8 @@ Search redirection is based on Mark Jaquith's **Nice Search** but extended so th
|
|
| 93 |
|
| 94 |
= 2.2 (25/03/2011) =
|
| 95 |
* *Feature:* adding Custom Search Base (thank you Fagner JB.);
|
| 96 |
-
* *Fix:* fixed a long time known canonical redirection bug where links like "/?p=55" wouldn't redirect to "/post-slug" (causing duplicated content)
|
| 97 |
-
* Confirmed compatibility with WP 3.1
|
| 98 |
|
| 99 |
= 2.1.2 (01/02/2011) =
|
| 100 |
* *Fix:* fix on canonical url setting (thank you 8bitkid for pointing it out).
|
| 2 |
Author: António Andrade
|
| 3 |
Author URI: http://dardna.com/
|
| 4 |
Plugin URI: http://dardna.com/wp-htaccess-control
|
| 5 |
+
Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=s4mancha%40gmail%2ecom&lc=US&item_name=WP%20htaccess%20Control%20%28Antonio%20Andrade%29&no_note=0¤cy_code=EUR&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHostedGuest
|
| 6 |
Tags: permalinks, permalink, author, htaccess, rewrite, redirect, admin, maintenance, pagination, category, category base, archive, archives
|
| 7 |
Requires at least: 2.7
|
| 8 |
Tested up to: 3.1.2
|
| 9 |
+
Stable tag: 2.5
|
| 10 |
|
| 11 |
Interface to customize the permalinks (author, category, archives and pagination) and htaccess file generated by Wordpress.
|
| 12 |
|
| 72 |
|
| 73 |
== Changelog ==
|
| 74 |
|
| 75 |
+
= 2.5 (16/05/2011) =
|
| 76 |
+
* *Fix:* fixed a security vulnerability (lack of _nonce on settings page) (thank you Julio from Boiteaweb.fr for ringing the alarm bell; thank you Otto for the kind support!).
|
| 77 |
+
|
| 78 |
= 2.4 (04/05/2011) =
|
| 79 |
+
* *Feature:* added htaccess suggestion "Protect comments.php" (thank you specimen.tk);
|
| 80 |
* Added "Latest donations";
|
| 81 |
* Confirmed compatibility with WP 3.1.2.
|
| 82 |
|
| 96 |
|
| 97 |
= 2.2 (25/03/2011) =
|
| 98 |
* *Feature:* adding Custom Search Base (thank you Fagner JB.);
|
| 99 |
+
* *Fix:* fixed a long time known canonical redirection bug where links like "/?p=55" wouldn't redirect to "/post-slug" (causing duplicated content) (thank you Tatron, thank you John);
|
| 100 |
+
* Confirmed compatibility with WP 3.1.
|
| 101 |
|
| 102 |
= 2.1.2 (01/02/2011) =
|
| 103 |
* *Fix:* fix on canonical url setting (thank you 8bitkid for pointing it out).
|
wp-htaccess-control-ui.php
CHANGED
|
@@ -3,10 +3,10 @@ $plugin_path = WP_CONTENT_DIR.'/plugins/'.plugin_basename(dirname(__FILE__));
|
|
| 3 |
$plugin_url = WP_CONTENT_URL.'/plugins/'.plugin_basename(dirname(__FILE__));
|
| 4 |
$q=explode('&',$_SERVER['QUERY_STRING']);
|
| 5 |
$purl='http'.((!empty($_SERVER['HTTPS'])) ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$q[0];
|
| 6 |
-
global $WPhtc;
|
| 7 |
$WPhtc->wphtc_page_action();
|
| 8 |
-
global $echo;
|
| 9 |
$WPhtc_data=get_option('WPhtc_data');
|
|
|
|
| 10 |
?>
|
| 11 |
<div id="wphtc-page" class="wrap">
|
| 12 |
<h2>Wp htaccess Control</h2>
|
|
@@ -414,10 +414,11 @@ $WPhtc_data=get_option('WPhtc_data');
|
|
| 414 |
</td>
|
| 415 |
</tr>
|
| 416 |
</table>
|
| 417 |
-
</div>
|
|
|
|
| 418 |
<input type="hidden" name="action" value="update" />
|
| 419 |
<div class="wphtc-menu">
|
| 420 |
-
<a class="button-secondary" href="<?php echo $purl
|
| 421 |
<input type="submit" class="button-primary" value="<?php _e('Save all changes', 'wp-htaccess-control'); ?>" />
|
| 422 |
</div>
|
| 423 |
</form>
|
| 3 |
$plugin_url = WP_CONTENT_URL.'/plugins/'.plugin_basename(dirname(__FILE__));
|
| 4 |
$q=explode('&',$_SERVER['QUERY_STRING']);
|
| 5 |
$purl='http'.((!empty($_SERVER['HTTPS'])) ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$q[0];
|
| 6 |
+
global $WPhtc, $echo;
|
| 7 |
$WPhtc->wphtc_page_action();
|
|
|
|
| 8 |
$WPhtc_data=get_option('WPhtc_data');
|
| 9 |
+
//$nonce= wp_create_nonce('WPhtc_settings');
|
| 10 |
?>
|
| 11 |
<div id="wphtc-page" class="wrap">
|
| 12 |
<h2>Wp htaccess Control</h2>
|
| 414 |
</td>
|
| 415 |
</tr>
|
| 416 |
</table>
|
| 417 |
+
</div>
|
| 418 |
+
<?php wp_nonce_field('WPhtc_settings'); ?>
|
| 419 |
<input type="hidden" name="action" value="update" />
|
| 420 |
<div class="wphtc-menu">
|
| 421 |
+
<a class="button-secondary" href="<?php echo wp_nonce_url($purl."&action=reset_rules", 'WPhtc_reset_settings'); ?>"><?php _e('Reset all rules', 'wp-htaccess-control'); ?></a>
|
| 422 |
<input type="submit" class="button-primary" value="<?php _e('Save all changes', 'wp-htaccess-control'); ?>" />
|
| 423 |
</div>
|
| 424 |
</form>
|
wp-htaccess-control.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: WP htaccess Control
|
| 4 |
Plugin URI: http://dardna.com/wp-htaccess-control
|
| 5 |
Description: Interface to customize the permalinks (author, category, archives and pagination) and htaccess file generated by Wordpress.
|
| 6 |
-
Version: 2.
|
| 7 |
Author: António Andrade
|
| 8 |
Author URI: http://dardna.com
|
| 9 |
*/
|
|
@@ -432,6 +432,10 @@ if (!class_exists("WPhtc")) {
|
|
| 432 |
break;
|
| 433 |
# if reseting everything just delete the option array
|
| 434 |
case 'reset_rules':
|
|
|
|
|
|
|
|
|
|
|
|
|
| 435 |
delete_option('WPhtc_data');
|
| 436 |
$echo.=__('All rules reset.', 'wp-htaccess-control');
|
| 437 |
$this->refresh_rewrite_rules();
|
|
@@ -442,6 +446,10 @@ if (!class_exists("WPhtc")) {
|
|
| 442 |
if(!$WPhtc_data['donation_hidden_time']){
|
| 443 |
$WPhtc_data['donation_hidden_time']=time();
|
| 444 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
| 445 |
# get Custom Htaccess
|
| 446 |
$WPhtc_data['hta']=$_POST['WPhtc_hta'];
|
| 447 |
# get Custom Author Permalink
|
| 3 |
Plugin Name: WP htaccess Control
|
| 4 |
Plugin URI: http://dardna.com/wp-htaccess-control
|
| 5 |
Description: Interface to customize the permalinks (author, category, archives and pagination) and htaccess file generated by Wordpress.
|
| 6 |
+
Version: 2.5
|
| 7 |
Author: António Andrade
|
| 8 |
Author URI: http://dardna.com
|
| 9 |
*/
|
| 432 |
break;
|
| 433 |
# if reseting everything just delete the option array
|
| 434 |
case 'reset_rules':
|
| 435 |
+
# nonce
|
| 436 |
+
if(!check_admin_referer( 'WPhtc_reset_settings')){
|
| 437 |
+
die("You have no permission to do this.");
|
| 438 |
+
}
|
| 439 |
delete_option('WPhtc_data');
|
| 440 |
$echo.=__('All rules reset.', 'wp-htaccess-control');
|
| 441 |
$this->refresh_rewrite_rules();
|
| 446 |
if(!$WPhtc_data['donation_hidden_time']){
|
| 447 |
$WPhtc_data['donation_hidden_time']=time();
|
| 448 |
}
|
| 449 |
+
# nonce
|
| 450 |
+
if(!check_admin_referer( 'WPhtc_settings')){
|
| 451 |
+
die("You have no permission to do this.");
|
| 452 |
+
}
|
| 453 |
# get Custom Htaccess
|
| 454 |
$WPhtc_data['hta']=$_POST['WPhtc_hta'];
|
| 455 |
# get Custom Author Permalink
|
