Changeset 3054915
- Timestamp:
- 03/20/2024 01:51:32 AM (2 years ago)
- Location:
- awesome-support/trunk
- Files:
-
- 8 edited
-
assets/admin/js/admin-optin.js (modified) (1 diff)
-
assets/admin/js/admin-wizard.js (modified) (1 diff)
-
awesome-support.php (modified) (2 diffs)
-
includes/admin/functions-ajax.php (modified) (3 diffs)
-
includes/admin/upgrade/functions-upgrade.php (modified) (1 diff)
-
includes/admin/views/about-tab-change-log.php (modified) (1 diff)
-
includes/scripts.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
awesome-support/trunk/assets/admin/js/admin-optin.js
r2314850 r3054915 35 35 36 36 var data = { 37 action: 'wpas_dismiss_free_addon_page' 37 action: 'wpas_dismiss_free_addon_page', 38 nonce: WPAS_Optin.nonce, 38 39 }; 39 40 -
awesome-support/trunk/assets/admin/js/admin-wizard.js
r2721401 r3054915 6 6 data : { 7 7 action : 'wpas_skip_wizard_setup', 8 skip_wizard : true 8 skip_wizard : true, 9 nonce: WPAS_Wizard.nonce, 9 10 }, 10 11 success : function( response ) { -
awesome-support/trunk/awesome-support.php
r3050608 r3054915 11 11 * Plugin URI: https://getawesomesupport.com 12 12 * Description: Awesome Support is a great ticketing system that will help you improve your customer satisfaction by providing a unique customer support experience. 13 * Version: 6.1.1 013 * Version: 6.1.11 14 14 * Author: Awesome Support Team 15 15 * Author URI: https://getawesomesupport.com … … 250 250 */ 251 251 private function setup_constants() { 252 define( 'WPAS_VERSION', '6.1.1 0' );252 define( 'WPAS_VERSION', '6.1.11' ); 253 253 define( 'WPAS_DB_VERSION', '1' ); 254 254 define( 'WPAS_URL', trailingslashit( plugin_dir_url( __FILE__ ) ) ); -
awesome-support/trunk/includes/admin/functions-ajax.php
r3050608 r3054915 21 21 */ 22 22 function wpas_dismiss_free_addon_page() { 23 check_ajax_referer('wpas_admin_optin', 'nonce'); 24 if ( ! current_user_can( 'administrator' ) ) { 25 wp_send_json([], 401); 26 } 27 23 28 return add_option( 'wpas_dismiss_free_addon_page', true ); 24 29 } … … 32 37 */ 33 38 function wpas_skip_wizard_setup() { 34 if ( current_user_can( 'administrator' ) ) {35 add_option( 'wpas_skip_wizard_setup', true );36 wp_ die();39 check_ajax_referer('wpas_admin_wizard', 'nonce'); 40 if ( ! current_user_can( 'administrator' ) ) { 41 wp_send_json([], 401); 37 42 } 38 wp_send_json([], 401); 43 44 add_option( 'wpas_skip_wizard_setup', true ); 45 wp_die(); 39 46 } 40 47 … … 155 162 wp_send_json_success(); 156 163 } 164 -
awesome-support/trunk/includes/admin/upgrade/functions-upgrade.php
r3050608 r3054915 923 923 wpas_upgrade_581(); 924 924 } 925 926 /** 927 * Upgrade function for version 6.1.11 928 * 929 * No new capabilities need to be added to certain roles. 930 * 931 * @since 6.1 932 * @return void 933 */ 934 function wpas_upgrade_61110() { 935 // Run the 581 upgrade option for version 6014. 936 // The 581 upgrade was the internal upgrade option during testing of the 6013 release. 937 // Therefore the two routines are the same and there is no reason to write a separate 6013 routine. 938 // But we do want early 581 adopters to get the later changes to the update routine. So 939 // we create this 6014 routine to make sure it runs for early 520 adopters. 940 wpas_upgrade_581(); 941 } -
awesome-support/trunk/includes/admin/views/about-tab-change-log.php
r3050608 r3054915 2 2 3 3 <div class="changelog"> 4 5 <div class="row"> 6 <div> 7 <div class="about-body"> 8 <h1>What's New In 6.1.11</h1> 9 <h3>6.1.11 includes the vulnerabilities fix and security patches. Here is a more comprehensive list:</h3> 10 <ul style="padding-left: 3em; list-style-type: disc;"> 11 <li>We implement a CSRF protection (via a nonce) in the endpoints wpas_dismiss_free_addon_page and wpas_skip_wizard_setup.</li> 12 </ul> 13 </div> 14 </div> 15 </div> 16 17 <hr /> 4 18 5 19 <div class="row"> -
awesome-support/trunk/includes/scripts.php
r3033134 r3054915 150 150 wp_register_script( 'wpas-admin-about-script', WPAS_URL . 'assets/admin/js/admin-about.js', array( 'jquery' ), WPAS_VERSION ); 151 151 wp_register_script( 'wpas-admin-optin-script', WPAS_URL . 'assets/admin/js/admin-optin.js', array( 'jquery' ), WPAS_VERSION ); 152 wp_localize_script( 'wpas-admin-optin-script', 'WPAS_Optin', array( 153 'nonce' => wp_create_nonce('wpas_admin_optin'), // Créez la nonce et transmettez-la au script 154 )); 155 152 156 wp_register_script( 'wpas-admin-script', WPAS_URL . 'assets/admin/js/admin.js', array( 'jquery', 'wpas-select2' ), WPAS_VERSION ); 153 157 wp_register_script( 'wpas-admin-toolbars-script', WPAS_URL . 'assets/admin/js/admin-toolbars.js', array( 'jquery', 'wpas-select2' ), WPAS_VERSION ); … … 228 232 wp_localize_script( 'wpas-admin-wizard-script', 'WPAS_Wizard', array( 229 233 'ajax_url' => admin_url( 'admin-ajax.php' ), 230 'about_page' => admin_url( 'edit.php?post_type=ticket&page=wpas-about' ) 234 'about_page' => admin_url( 'edit.php?post_type=ticket&page=wpas-about' ), 235 'nonce' => wp_create_nonce('wpas_admin_wizard'), // Créez la nonce et transmettez-la au script 231 236 )); 232 237 -
awesome-support/trunk/readme.txt
r3050608 r3054915 5 5 Requires at least: 4.0 6 6 Tested up to: 6.4 7 Stable tag: 6.1.1 07 Stable tag: 6.1.11 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 292 292 == Changelog == 293 293 294 = 6.1.11 295 * We implement a CSRF protection (via a nonce) in the endpoints wpas_dismiss_free_addon_page and wpas_skip_wizard_setup. 296 294 297 = 6.1.10 295 298 * We fixed the vulnerability where a subscriber role could have the ability to skip the "Awesome Support: First Time Install" banner process in the admin dashboard.
Note: See TracChangeset
for help on using the changeset viewer.