WP Post Page Clone - Version 1.2

Version Description

(5th Dec, 2021) =

  • Security issues fixes for user role contributor and author given by WordPress Plugin Review Team.
Download this release

Release Info

Developer gaurangsondagar
Plugin Icon 128x128 WP Post Page Clone
Version 1.2
Comparing to
See all releases

Code changes from version 1.0 to 1.2

Files changed (3) hide show
  1. languages/wp-post-page-clone.pot +17 -5
  2. readme.txt +12 -4
  3. wp-post-page-clone.php +80 -49
languages/wp-post-page-clone.pot CHANGED
@@ -1,8 +1,8 @@
1
  msgid ""
2
  msgstr ""
3
  "Project-Id-Version: WP Post Page Clone\n"
4
- "POT-Creation-Date: 2017-02-09\n"
5
- "PO-Revision-Date: 2017-02-09\n"
6
  "Last-Translator: \n"
7
  "Language-Team: Gaurang Sondagar <gaurangsondagar@gmail.com>\n"
8
  "Language: en_EN\n"
@@ -17,14 +17,26 @@ msgstr ""
17
  "Plural-Forms: nplurals=2; plural=n != 1;\n"
18
  "X-Poedit-SearchPath-0: wp-content/plugins/wp-post-page-clone\n"
19
 
20
- #: wp-post-page-clone/wp-post-page-clone.php:103
 
 
 
 
 
 
 
 
21
  msgid "Post or Page creation failed, could not find original post:"
22
  msgstr ""
23
 
24
- #: wp-post-page-clone/wp-post-page-clone.php:123
 
 
 
 
25
  msgid "Clone Post and Page"
26
  msgstr ""
27
 
28
- #: wp-post-page-clone/wp-post-page-clone.php:123
29
  msgid "Click To Clone"
30
  msgstr ""
1
  msgid ""
2
  msgstr ""
3
  "Project-Id-Version: WP Post Page Clone\n"
4
+ "POT-Creation-Date: 2021-12-08\n"
5
+ "PO-Revision-Date: 2021-12-08\n"
6
  "Last-Translator: \n"
7
  "Language-Team: Gaurang Sondagar <gaurangsondagar@gmail.com>\n"
8
  "Language: en_EN\n"
17
  "Plural-Forms: nplurals=2; plural=n != 1;\n"
18
  "X-Poedit-SearchPath-0: wp-content/plugins/wp-post-page-clone\n"
19
 
20
+ #: wp-post-page-clone/wp-post-page-clone.php:66
21
+ msgid "You don't have permission to be here"
22
+ msgstr ""
23
+
24
+ #: wp-post-page-clone/wp-post-page-clone.php:70
25
+ msgid "No post or page to clone has been supplied!, Please try again!"
26
+ msgstr ""
27
+
28
+ #: wp-post-page-clone/wp-post-page-clone.php:124
29
  msgid "Post or Page creation failed, could not find original post:"
30
  msgstr ""
31
 
32
+ #: wp-post-page-clone/wp-post-page-clone.php:129
33
+ msgid "Security issue occure, Please try again!."
34
+ msgstr ""
35
+
36
+ #: wp-post-page-clone/wp-post-page-clone.php:153
37
  msgid "Clone Post and Page"
38
  msgstr ""
39
 
40
+ #: wp-post-page-clone/wp-post-page-clone.php:153
41
  msgid "Click To Clone"
42
  msgstr ""
readme.txt CHANGED
@@ -1,10 +1,10 @@
1
  === WP Post Page Clone ===
2
  Contributors: gaurangsondagar
3
  Donate link: http://gaurangsondagar99.wordpress.com/
4
- Tags: clone post, clone page, duplicate post, duplicate page, clone post and page, duplicate post and page, post, posts, page, pages
5
  Requires at least: 4.0
6
- Tested up to: 5.3
7
- Stable tag: 1.0
8
  License: GPLv2
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -48,4 +48,12 @@ WP Post Page Clone Plugin Features
48
 
49
  1. screenshot-1.png
50
 
51
- == Changelog ==
 
 
 
 
 
 
 
 
1
  === WP Post Page Clone ===
2
  Contributors: gaurangsondagar
3
  Donate link: http://gaurangsondagar99.wordpress.com/
4
+ Tags: clone post, clone page, duplicate post, duplicate page, clone post and page, duplicate post and page
5
  Requires at least: 4.0
6
+ Tested up to: 6.1
7
+ Stable tag: 1.2
8
  License: GPLv2
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
48
 
49
  1. screenshot-1.png
50
 
51
+ == Changelog ==
52
+
53
+ = 1.1 (10th May, 2020) =
54
+
55
+ * Security issues fixes addressed by Securi
56
+
57
+ = 1.2 (5th Dec, 2021) =
58
+
59
+ * Security issues fixes for user role contributor and author given by WordPress Plugin Review Team.
wp-post-page-clone.php CHANGED
@@ -5,10 +5,10 @@ Plugin URI: https://wordpress.org/plugins/wp-post-page-clone
5
  Description: A plugin to generate duplicate post or page with contents and it's settings.
6
  Author: Gaurang Sondagar
7
  Author URI: http://gaurangsondagar99.wordpress.com/
8
- Version: 1.0
9
  Text Domain: wp-post-page-clone
10
  Requires at least: 4.0
11
- Tested up to: 5.3
12
  Domin Path: Languages
13
  License: GPLV2
14
 
@@ -22,7 +22,13 @@ if (!defined('ABSPATH')) {
22
  /**
23
  * Define Constant variables
24
  */
25
- define('WP_POST_PAGE_CLONE_URL', plugins_url() . '/wp-post-page-clone');
 
 
 
 
 
 
26
 
27
 
28
  if(!function_exists('wp_post_page_clone_translate')) {
@@ -48,61 +54,81 @@ if(!function_exists('wp_post_page_clone')) {
48
  function wp_post_page_clone(){
49
 
50
  global $wpdb;
51
- if (! ( isset( $_GET['post']) || isset( $_POST['post']) || ( isset($_REQUEST['action']) && 'wp_post_page_clone' == $_REQUEST['action'] ) ) ) {
52
- wp_die('No post or page to clone has been supplied!');
 
 
 
 
 
 
 
 
53
  }
54
 
55
- $post_id = (isset($_GET['post']) ? $_GET['post'] : $_POST['post']);
 
 
 
56
  $post = get_post( $post_id );
57
  $current_user = wp_get_current_user();
58
  $post_author = $current_user->ID;
59
 
60
- if (isset( $post ) && $post != null) {
61
-
62
- $args = array(
63
- 'comment_status' => $post->comment_status,
64
- 'ping_status' => $post->ping_status,
65
- 'post_author' => $post_author,
66
- 'post_content' => $post->post_content,
67
- 'post_excerpt' => $post->post_excerpt,
68
- 'post_name' => $post->post_name,
69
- 'post_parent' => $post->post_parent,
70
- 'post_password' => $post->post_password,
71
- 'post_status' => 'draft',
72
- 'post_title' => $post->post_title,
73
- 'post_type' => $post->post_type,
74
- 'to_ping' => $post->to_ping,
75
- 'menu_order' => $post->menu_order
76
- );
77
-
78
- $clone_post_id = wp_insert_post( $args );
79
-
80
- $taxonomies = get_object_taxonomies($post->post_type);
81
- foreach ($taxonomies as $taxonomy) {
82
- $post_terms = wp_get_object_terms($post_id, $taxonomy, array('fields' => 'slugs'));
83
- wp_set_object_terms($clone_post_id, $post_terms, $taxonomy, false);
84
- }
85
-
86
- $post_meta_data = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->postmeta WHERE post_id=$post_id");
87
- if (count($post_meta_data)!=0) {
88
- $clone_query = "INSERT INTO $wpdb->postmeta (post_id, meta_key, meta_value) ";
89
- foreach ($post_meta_data as $meta_data) {
90
- $meta_key = $meta_data->meta_key;
91
- $meta_value = addslashes($meta_data->meta_value);
92
- $clone_query_select[]= "SELECT $clone_post_id, '$meta_key', '$meta_value'";
93
  }
94
- $clone_query.= implode(" UNION ALL ", $clone_query_select);
95
- $wpdb->query($clone_query);
96
- }
97
 
98
- wp_redirect( admin_url( 'post.php?action=edit&post=' . $clone_post_id ) );
99
- exit;
 
 
 
 
 
 
 
 
 
100
 
101
- } else {
 
 
 
102
 
103
- wp_die(__('Post or Page creation failed, could not find original post:', 'wp-post-page-clone') . $post_id);
104
 
 
 
 
 
105
  }
 
106
  }
107
 
108
  }
@@ -119,9 +145,14 @@ if(!function_exists('wp_post_page_link')) {
119
  * @return string
120
  */
121
  function wp_post_page_link( $actions, $post ) {
122
- if (current_user_can('edit_posts')) {
123
- $actions['clone'] = '<a href="admin.php?action=wp_post_page_clone&amp;post=' . $post->ID . '" title="'.__('Clone Post and Page', 'wp-post-page-clone').'" rel="permalink">'.__('Click To Clone', 'wp-post-page-clone').'</a>';
 
 
 
 
124
  }
 
125
  return $actions;
126
  }
127
 
@@ -133,4 +164,4 @@ if(!function_exists('wp_post_page_link')) {
133
  add_filter( 'post_row_actions', 'wp_post_page_link', 10, 2 );
134
  add_filter('page_row_actions', 'wp_post_page_link', 10, 2);
135
 
136
- ?>
5
  Description: A plugin to generate duplicate post or page with contents and it's settings.
6
  Author: Gaurang Sondagar
7
  Author URI: http://gaurangsondagar99.wordpress.com/
8
+ Version: 1.2
9
  Text Domain: wp-post-page-clone
10
  Requires at least: 4.0
11
+ Tested up to: 5.8.2
12
  Domin Path: Languages
13
  License: GPLV2
14
 
22
  /**
23
  * Define Constant variables
24
  */
25
+ if (!defined('WP_POST_PAGE_CLONE_URL')) {
26
+ define('WP_POST_PAGE_CLONE_URL', plugins_url() . '/wp-post-page-clone');
27
+ }
28
+
29
+ if (!defined('WP_POST_PAGE_CLONE_PLUGIN_DIRNAME')) {
30
+ define('WP_POST_PAGE_CLONE_PLUGIN_DIRNAME', plugin_basename(dirname(__FILE__)));
31
+ }
32
 
33
 
34
  if(!function_exists('wp_post_page_clone_translate')) {
54
  function wp_post_page_clone(){
55
 
56
  global $wpdb;
57
+
58
+ /*
59
+ * get Nonce value
60
+ */
61
+ $nonce = $_REQUEST['nonce'];
62
+ $post_id = (isset($_GET['post']) ? intval($_GET['post']) : intval($_POST['post']));
63
+
64
+ // check access permissions to even consider the cloning....
65
+ if( ! wp_verify_nonce( $nonce, 'wp-post-page-clone-'.$post_id) || ! current_user_can( 'edit_posts' )) {
66
+ wp_die("You don't have permission to be here", "wp-post-page-clone");
67
  }
68
 
69
+ if ( !isset( $_GET['post']) || (!isset($_REQUEST['action']) && 'wp_post_page_clone' != $_REQUEST['action'] ) ) {
70
+ wp_die("No post or page to clone has been supplied!, Please try again!", "wp-post-page-clone");
71
+ }
72
+
73
  $post = get_post( $post_id );
74
  $current_user = wp_get_current_user();
75
  $post_author = $current_user->ID;
76
 
77
+ if( current_user_can('delete_others_posts') || current_user_can( 'setup_network' ) || (current_user_can('edit_posts') && $post_author == $post->post_author)){
78
+
79
+ if (isset( $post ) && $post != null) {
80
+
81
+ $args = array(
82
+ 'comment_status' => $post->comment_status,
83
+ 'ping_status' => $post->ping_status,
84
+ 'post_author' => $post_author,
85
+ 'post_content' => $post->post_content,
86
+ 'post_excerpt' => $post->post_excerpt,
87
+ 'post_name' => $post->post_name,
88
+ 'post_parent' => $post->post_parent,
89
+ 'post_password' => $post->post_password,
90
+ 'post_status' => 'draft',
91
+ 'post_title' => $post->post_title,
92
+ 'post_type' => $post->post_type,
93
+ 'to_ping' => $post->to_ping,
94
+ 'menu_order' => $post->menu_order
95
+ );
96
+
97
+ $clone_post_id = wp_insert_post( $args );
98
+
99
+ $taxonomies = get_object_taxonomies($post->post_type);
100
+ if (!empty($taxonomies) && is_array($taxonomies)){
101
+ foreach ($taxonomies as $taxonomy) {
102
+ $post_terms = wp_get_object_terms($post_id, $taxonomy, array('fields' => 'slugs'));
103
+ wp_set_object_terms($clone_post_id, $post_terms, $taxonomy, false);
 
 
 
 
 
 
104
  }
105
+ }
 
 
106
 
107
+ $post_meta_data = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->postmeta WHERE post_id=$post_id");
108
+ if (count($post_meta_data)!=0) {
109
+ $clone_query = "INSERT INTO $wpdb->postmeta (post_id, meta_key, meta_value) ";
110
+ foreach ($post_meta_data as $meta_data) {
111
+ $meta_key = sanitize_text_field($meta_data->meta_key);
112
+ $meta_value = addslashes($meta_data->meta_value);
113
+ $clone_query_select[]= "SELECT $clone_post_id, '$meta_key', '$meta_value'";
114
+ }
115
+ $clone_query.= implode(" UNION ALL ", $clone_query_select);
116
+ $wpdb->query($clone_query);
117
+ }
118
 
119
+ wp_redirect(admin_url('edit.php?post_type='.$post->post_type));
120
+ exit;
121
+
122
+ } else {
123
 
124
+ wp_die(__('Post or Page creation failed, could not find original post:', 'wp-post-page-clone') . $post_id);
125
 
126
+ }
127
+
128
+ } else {
129
+ wp_die('Security issue occure, Please try again!.', 'wp-post-page-clone');
130
  }
131
+
132
  }
133
 
134
  }
145
  * @return string
146
  */
147
  function wp_post_page_link( $actions, $post ) {
148
+
149
+ $current_user = wp_get_current_user();
150
+ $post_author = $current_user->ID;
151
+ $allowed_roles = array( 'editor', 'administrator' );
152
+ if ( array_intersect( $allowed_roles, $current_user->roles ) ) {
153
+ $actions['clone'] = '<a '.$post_author.'==='.$post->post_author.' href="admin.php?action=wp_post_page_clone&amp;post=' . $post->ID . '&amp;nonce='.wp_create_nonce( 'wp-post-page-clone-'.$post->ID ).'" title="'.__('Clone Post and Page', 'wp-post-page-clone').'" rel="permalink">'.__('Click To Clone', 'wp-post-page-clone').'</a>';
154
  }
155
+
156
  return $actions;
157
  }
158
 
164
  add_filter( 'post_row_actions', 'wp_post_page_link', 10, 2 );
165
  add_filter('page_row_actions', 'wp_post_page_link', 10, 2);
166
 
167
+ ?>