Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1416364

Timestamp:

05/13/2016 03:13:53 PM (10 years ago)

Author:

forde

Message:

v 1.2 - Security update

Location:

safe-editor/trunk

Files:

: 2 edited

index.php (modified) (7 diffs)
readme.txt (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

safe-editor/trunk/index.php

-                      r1067775
+                      r1416364
 Plugin URI:
 Description: Safe Editor allows you to write custom CSS / Javascript to manipulate the appearance and behavior of themes / plugins on your website without worrying that your changes will be overwritten with the future theme / plugin updates.
 Version: 1.1
+Version: 1.2
 Author: Konrad Węgrzyniak
 Author URI: http://forde.pl/
 …
         if(!wp_script_is('jquery')) wp_enqueue_script('jquery',false,array(),false, true);
         wp_enqueue_style('codemirror-theme-ambiance', plugins_url('/theme/ambiance.css', __FILE__));
         wp_enqueue_style('codemirror-theme-monokai', plugins_url('/theme/monokai.css', __FILE__));
         wp_enqueue_style('codemirror-theme-solarized', plugins_url('/theme/solarized.css', __FILE__));
         wp_enqueue_style('codemirror-theme-tomorrow-night-eighties', plugins_url('/theme/tomorrow-night-eighties.css', __FILE__));
         wp_enqueue_style('codemirror-css', plugins_url('/codemirror/codemirror.css', __FILE__));
         wp_enqueue_script('codemirror', plugins_url( '/codemirror/codemirror.js', __FILE__ ),array(),false, true);
         wp_enqueue_script('codemirror-mode-css', plugins_url( '/codemirror/mode/css/css.js', __FILE__ ),array(),false, true);
         wp_enqueue_script('codemirror-mode-js', plugins_url( '/codemirror/mode/javascript/javascript.js', __FILE__ ),array(),false, true);
         wp_enqueue_style('safe-editor-css', plugins_url( '/css/safe_editor.css', __FILE__ ));
         wp_enqueue_script('safe-editor-js', plugins_url( '/js/safe_editor.js', __FILE__ ),array(),false, true);
         wp_localize_script( 'safe-editor-js', 'scriptsajax', array( 'ajaxurl' => admin_url( 'admin-ajax.php' ) ) );
+        wp_enqueue_style('codemirror-theme-ambiance', plugins_url('/theme/ambiance.css', __FILE__));
+        wp_enqueue_style('codemirror-theme-monokai', plugins_url('/theme/monokai.css', __FILE__));
+        wp_enqueue_style('codemirror-theme-solarized', plugins_url('/theme/solarized.css', __FILE__));
+        wp_enqueue_style('codemirror-theme-tomorrow-night-eighties', plugins_url('/theme/tomorrow-night-eighties.css', __FILE__));
+        wp_enqueue_style('codemirror-css', plugins_url('/codemirror/codemirror.css', __FILE__));
+        wp_enqueue_script('codemirror', plugins_url( '/codemirror/codemirror.js', __FILE__ ),array(),false, true);
+        wp_enqueue_script('codemirror-mode-css', plugins_url( '/codemirror/mode/css/css.js', __FILE__ ),array(),false, true);
+        wp_enqueue_script('codemirror-mode-js', plugins_url( '/codemirror/mode/javascript/javascript.js', __FILE__ ),array(),false, true);
+        wp_enqueue_style('safe-editor-css', plugins_url( '/css/safe_editor.css', __FILE__ ));
+        wp_enqueue_script('safe-editor-js', plugins_url( '/js/safe_editor.js', __FILE__ ),array(),false, true);
+        wp_localize_script( 'safe-editor-js', 'scriptsajax', array( 'ajaxurl' => admin_url( 'admin-ajax.php' ) ) );
+    }
     function admin_menu () {
 …
+    }
     function se_tabs( $current = 'css' ) {
         $tabs = array( 'css' => 'CSS Editor', 'js' => 'Javascript Editor');
         echo '<h2 class="nav-tab-wrapper">';
         foreach( $tabs as $tab => $name ){
             $class = ( $tab == $current ) ? ' nav-tab-active' : '';
             echo "<a class='nav-tab$class' href='?page=safe-editor&tab=$tab'>$name</a>";
+        }
         echo '</h2>';
+        $tabs = array( 'css' => 'CSS Editor', 'js' => 'Javascript Editor');
+        echo '<h2 class="nav-tab-wrapper">';
+        foreach( $tabs as $tab => $name ){
+            $class = ( $tab == $current ) ? ' nav-tab-active' : '';
+            echo "<a class='nav-tab$class' href='?page=safe-editor&tab=$tab'>$name</a>";
+        }
+        echo '</h2>';
+    }
     function  settings_page () {
 …
                     var js_editor = CodeMirror.fromTextArea(document.getElementById("safe_js_editor"), {
                         mode:  "javascript",
                         indentUnit: 4,
+                        indentUnit: 4,
                         lineNumbers: true,
                         theme: "solarized light"
                     });
                     var saving_css = false,
+                    });
+                    var saving_css = false,
                         saving_js = false;
 …
                                 action: 'se_save',
                                 type: type,
+                                nonce: '<?php echo wp_create_nonce("postman-pat") ?>',
                                 data: value
                             },
 …
 function se_save() {
     //echo "<pre>"; print_r($_POST); echo "</pre>";
+    if(!isset($_POST['nonce'])) {
+        die();
+    }
+    if(!wp_verify_nonce($_POST['nonce'], 'postman-pat')) {
+        die();
+    }
+    if(!is_user_logged_in()) {
+        die();
+    }
     switch($_POST['type']) {
         case 'css' :
 …
             break;
+    }
     die();
+    die();
+}
 add_action( 'wp_ajax_nopriv_se_save', 'se_save' );

safe-editor/trunk/readme.txt

-                      r1067775
+                      r1416364
 == Change Log ==
+= 1.2 =
+* Security update
 = 1.1 =
 * Solarized light theme for css and javascript editor added

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 1416364

Legend:

safe-editor/trunk/index.php

safe-editor/trunk/readme.txt

Download in other formats: