WordPress.org
Get WordPress

Plugin Directory

Changeset 3029269


Ignore:
Timestamp:
01/31/2024 07:33:40 AM (2 years ago)
Author:
pechenki
Message:

CVE-2023-41683 Fixed issue

Location:
telsender/trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • telsender/trunk/clasess/TelsenderCore.php

    r3025888 r3029269  
    6161            define('LOG_TS',true);
    6262            $log = new log();
    63 
    6463        }
    6564
     
    313312    public function tscfwc_form_ajax_reqest()
    314313    {
    315 
     314        check_ajax_referer('true_security','security');
    316315
    317316
     
    363362        }
    364363
    365 
    366 
    367364        if ($validatePost) {
    368365            update_option(TSCFWC_SETTING, serialize($validatePost));
    369366        }
    370 
    371 
    372367
    373368    }

  • telsender/trunk/index.php

    r3025894 r3029269  
    88Description: Плагін відправляє заявки з форм у телеграм канал
    99Author: Pechenki
    10 Version: 1.14.11
     10Version: 1.14.12
    1111Author URI: https://coder.org.ua/dev/wordpress/telsender
    1212*/

  • telsender/trunk/js/ajax.js

    r2979054 r3029269  
    2525            },
    2626            error: function (xhr, str) {
    27                 alert('Возникла ошибка: ' + xhr.responseCode);
     27                alert('Помилка : ' + xhr.responseCode);
    2828            }
    2929        });
     
    8383
    8484
    85 let tokenstr = document.querySelector('#getUpdates')
    86 const token =  document.querySelector('[name="tscfwc_setting_token"]')?.value;
     85let tokenstr = document.querySelector('#getUpdates');
     86if (tokenstr){
     87    const token =  document.querySelector('[name="tscfwc_setting_token"]').value ?? '';
    8788
    88 let newurl = tokenstr.outerHTML.replaceAll('{token}',token)
     89    let newurl = tokenstr.outerHTML.replaceAll('{token}',token)
    8990
    90 tokenstr.innerHTML = newurl
     91    tokenstr.innerHTML = newurl
     92
     93}
    9194
    9295function telsenderInfo(){

  • telsender/trunk/readme.md

    r3025897 r3029269  
    55Requires PHP: 5.6
    66Tested up to: 6.4
    7 Stable tag: 1.14.11
     7Stable tag: 1.14.12
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    4949
    5050== Changelog ==
     51
     52= 1.14.12 =
     53
     54- CVE-2023-41683 - fix
    5155
    5256= 1.14.11 =

  • telsender/trunk/readme.txt

    r3025897 r3029269  
    55Requires PHP: 5.6
    66Tested up to: 6.4
    7 Stable tag: 1.14.11
     7Stable tag: 1.14.12
    88License: GPLv2 or later
    99License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    8181
    8282== Changelog ==
     83= 1.14.12 =
     84- CVE-2023-41683 - fix
    8385
    8486= 1.14.11 =

  • telsender/trunk/template/view.php

    r3023994 r3029269  
    2323
    2424                <form method="post" action="options.php" id="formsetinvendor">
    25 
     25                   <?php $ajax_nonce = wp_create_nonce( 'true_security' );?>
     26                    <input type="hidden" name="security" value="<?php echo $ajax_nonce;?>">
    2627                    <fieldset>
    2728                        <legend><?php _e("Settings", "telsender"); ?></legend>
Note: See TracChangeset for help on using the changeset viewer.