Changeset 3142505
- Timestamp:
- 08/27/2024 11:19:36 PM (19 months ago)
- Location:
- ignitiondeck/trunk
- Files:
-
- 13 edited
-
classes/class-idf-wizard.php (modified) (15 diffs)
-
classes/class-tgm-plugin-activation.php (modified) (8 diffs)
-
classes/modules/helix/helix-admin.php (modified) (1 diff)
-
classes/modules/helix/helix-idcom.php (modified) (1 diff)
-
classes/modules/maven/class-maven_msg.php (modified) (1 diff)
-
classes/modules/recaptcha/class-recaptcha.php (modified) (1 diff)
-
idf-admin.php (modified) (2 diffs)
-
idf-cache.php (modified) (1 diff)
-
idf-functions.php (modified) (1 diff)
-
idf-stock-browser.php (modified) (1 diff)
-
idf.php (modified) (2 diffs)
-
languages_default/idf.pot (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ignitiondeck/trunk/classes/class-idf-wizard.php
r3134431 r3142505 94 94 // Verify the nonce 95 95 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 96 97 // Check user capabilities. 98 if ( ! current_user_can( 'manage_options' ) ) { 99 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 100 } 96 101 97 102 $list_id = '500a881df9'; … … 161 166 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 162 167 168 // Check user capabilities. 169 if ( ! current_user_can( 'install_plugins' ) ) { 170 wp_die( 'You don\'t have sufficient permissions to install plugins.' ); 171 } 163 172 $plugin = array( 164 173 'name' => $_POST['name'], … … 279 288 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 280 289 290 // Check user capabilities. 291 if ( ! current_user_can( 'manage_options' ) ) { 292 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 293 } 294 281 295 $key = sanitize_text_field( $_POST['license'] ); 282 296 idcf_license_update( $key ); … … 297 311 // Verify the nonce 298 312 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 313 314 // Check user capabilities. 315 if ( ! current_user_can( 'manage_options' ) ) { 316 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 317 } 299 318 300 319 $save_payment = sanitize_text_field( $_POST['payment'] ); … … 318 337 // Verify the nonce 319 338 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 339 340 // Check user capabilities. 341 if ( ! current_user_can( 'install_themes' ) ) { 342 wp_die( 'You don\'t have sufficient permissions to install themes.' ); 343 } 320 344 321 345 $status = __( 'Installed' ); … … 449 473 update_option( 'wiz-configure', $config ); 450 474 } else { 475 // Check user capabilities. 476 if ( ! current_user_can( 'publish_posts' ) ) { 477 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 478 } 451 479 $my_post = array( 452 480 'post_type' => 'page', … … 518 546 update_option( 'wiz-configure', $config ); 519 547 } else { 548 // Check user capabilities. 549 if ( ! current_user_can( 'publish_posts' ) ) { 550 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 551 } 520 552 $my_post = array( 521 553 'post_type' => 'page', … … 585 617 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 586 618 619 // Check user capabilities. 620 if ( ! current_user_can( 'manage_options' ) ) { 621 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 622 } 623 587 624 $return = array( 588 625 'success' => true, … … 693 730 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 694 731 732 // Check user capabilities. 733 if ( ! current_user_can( 'manage_options' ) ) { 734 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 735 } 736 695 737 $return = array( 696 738 'success' => true, … … 809 851 // Verify the nonce 810 852 check_ajax_referer('idf-activate-plugins-nonce', 'security'); 853 854 // Check user capabilities. 855 if ( ! current_user_can( 'manage_options' ) ) { 856 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 857 } 811 858 812 859 $return = array( … … 906 953 ); 907 954 } else { 955 // Check user capabilities. 956 if ( ! current_user_can( 'publish_posts' ) ) { 957 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 958 } 908 959 $post_id = wp_insert_post( $new_page ); 909 960 update_post_meta( $post_id, '_wp_page_template', 'page-fullwidth.php' ); … … 992 1043 ); 993 1044 } else { 1045 // Check user capabilities. 1046 if ( ! current_user_can( 'publish_posts' ) ) { 1047 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 1048 } 994 1049 $post_id = wp_insert_post( $new_page ); 995 1050 update_post_meta( $post_id, '_wp_page_template', 'page-fullwidth.php' ); … … 1027 1082 */ 1028 1083 function create_sample_project() { 1084 // Check user capabilities. 1085 if ( ! current_user_can( 'publish_posts' ) ) { 1086 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 1087 } 1088 1029 1089 // Create Sample ID Project 1030 1090 $sample_project['post_title'] = 'Sample Project'; … … 1224 1284 function delete_sample_project() { 1225 1285 global $wpdb; 1226 1286 1287 // Check user capabilities. 1288 if ( ! current_user_can( 'delete_posts' ) ) { 1289 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 1290 } 1227 1291 $config = get_option( 'wiz-configure' ); 1228 1292 $project_post_id = $config['sample']; … … 1317 1381 } 1318 1382 new IDF_wizard(); 1319 -
ignitiondeck/trunk/classes/class-tgm-plugin-activation.php
r3134431 r3142505 640 640 } 641 641 642 // Check user capabilities. 643 if ( ! current_user_can( 'manage_options' ) ) { 644 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 645 } 646 642 647 if (isset($_GET['wp_id_nonce'])) { 643 648 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); … … 801 806 */ 802 807 protected function do_plugin_install() { 808 // Check user capabilities. 809 if ( ! current_user_can( 'install_plugins' ) ) { 810 wp_die( 'You don\'t have sufficient permissions to install plugins.' ); 811 } 812 803 813 if (isset($_GET['wp_id_nonce'])) { 804 814 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); … … 1054 1064 */ 1055 1065 protected function activate_single_plugin( $file_path, $slug, $automatic = false ) { 1066 // Check user capabilities. 1067 if ( ! current_user_can( 'activate_plugins' ) ) { 1068 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 1069 } 1070 1056 1071 if (isset($_GET['wp_id_nonce'])) { 1057 1072 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); … … 1359 1374 */ 1360 1375 public function dismiss() { 1376 // Check if the user has the required capability 1377 if (!current_user_can('edit_posts')) { 1378 wp_die(esc_html__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 1379 exit; 1380 } 1361 1381 if ( isset( $_GET['tgmpa-dismiss'] ) && check_admin_referer( 'tgmpa-dismiss-' . get_current_user_id() ) ) { 1362 1382 update_user_meta( get_current_user_id(), 'tgmpa_dismissed_notice_' . $this->id, 1 ); … … 1749 1769 1750 1770 if ( 'update-core' === $screen->base ) { 1771 // Check user capabilities. 1772 if ( ! current_user_can( 'manage_options' ) ) { 1773 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 1774 } 1751 1775 // Core update screen. 1752 1776 if ( isset( $_POST['_wpnonce'] ) && ! wp_verify_nonce( $_POST['_wpnonce'], 'upgrade-core' ) ) { … … 1754 1778 } 1755 1779 return true; 1756 } elseif ( 'plugins' === $screen->base && ! empty( $_POST['action'] ) ) { // WPCS: CSRF ok. 1780 } elseif ( 'plugins' === $screen->base && ! empty( $_POST['action'] ) ) { // WPCS: CSRF ok. 1781 // Check user capabilities. 1782 if ( ! current_user_can( 'manage_options' ) ) { 1783 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 1784 } 1757 1785 return true; 1758 } elseif ( 'update' === $screen->base && ! empty( $_POST['action'] ) ) { // WPCS: CSRF ok. 1786 } elseif ( 'update' === $screen->base && ! empty( $_POST['action'] ) ) { // WPCS: CSRF ok. 1787 // Check user capabilities. 1788 if ( ! current_user_can( 'manage_options' ) ) { 1789 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 1790 } 1759 1791 return true; 1760 1792 } … … 2240 2272 */ 2241 2273 public function __construct() { 2274 // Check if the user has the required capability 2275 if (!current_user_can('edit_posts')) { 2276 wp_die(esc_html__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 2277 exit; 2278 } 2279 2242 2280 if (isset($_GET['wp_id_nonce'])) { 2243 2281 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); … … 2856 2894 */ 2857 2895 public function process_bulk_actions() { 2896 // Check if the user has the required capability 2897 if (!current_user_can('manage_options')) { 2898 wp_die(esc_html__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 2899 exit; 2900 } 2901 2858 2902 // Bulk installation process. 2859 2903 if ( 'tgmpa-bulk-install' === $this->current_action() || 'tgmpa-bulk-update' === $this->current_action() ) { -
ignitiondeck/trunk/classes/modules/helix/helix-admin.php
r3134431 r3142505 9 9 10 10 function helix_menu() { 11 // Check if the user has the required capability 12 if (!current_user_can('manage_options')) { 13 wp_die(esc_html__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 14 exit; 15 } 16 11 17 $settings = get_option('helix_settings'); 12 18 if (isset($_POST['submit_helix_settings'])) { -
ignitiondeck/trunk/classes/modules/helix/helix-idcom.php
r3134431 r3142505 51 51 52 52 function helix_join_waitlist_ajax() { 53 // Check if the user has the required capability 54 if (!current_user_can('manage_options')) { 55 wp_die(esc_html__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 56 exit; 57 } 58 53 59 if (isset($_GET['wp_id_nonce'])) { 54 60 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); -
ignitiondeck/trunk/classes/modules/maven/class-maven_msg.php
r1614461 r3142505 21 21 22 22 function save_message() { 23 // Check user capabilities. 24 if ( ! current_user_can( 'publish_posts' ) ) { 25 wp_die( 'You don\'t have sufficient permissions to access this feature.' ); 26 } 27 23 28 $id = wp_insert_post($this->msg); 24 29 if (!is_wp_error($send)) { -
ignitiondeck/trunk/classes/modules/recaptcha/class-recaptcha.php
r3134431 r3142505 81 81 */ 82 82 function admin_menu() { 83 // Check if the user has the required capability 84 if (!current_user_can('manage_options')) { 85 wp_die(esc_html__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 86 exit; 87 } 83 88 $settings = get_option('id_recaptcha_settings'); 84 89 if (isset($_POST['submit_id_recaptcha_settings'])) { -
ignitiondeck/trunk/idf-admin.php
r3134431 r3142505 91 91 return false; 92 92 } 93 // Check user capabilities. 94 if ( ! current_user_can( 'manage_options' ) ) { 95 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 96 } 93 97 94 98 $requirements = new IDF_Requirements; … … 494 498 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); 495 499 } 500 501 // Check user capabilities. 502 if ( ! current_user_can( 'manage_options' ) ) { 503 wp_die( 'You don\'t have sufficient permissions to manage options.' ); 504 } 496 505 497 506 // #devnote create a function for this -
ignitiondeck/trunk/idf-cache.php
r3134431 r3142505 52 52 */ 53 53 function idf_flush_object_ajax() { 54 // Check if the user has the required capability 55 if (!current_user_can('manage_options')) { 56 wp_send_json_error(__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 57 exit; 58 } 59 54 60 if (isset($_GET['wp_id_nonce'])) { 55 61 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); -
ignitiondeck/trunk/idf-functions.php
r3134431 r3142505 825 825 */ 826 826 function idf_do_register() { 827 // Check if the user has the required capability 828 if (!current_user_can('manage_options')) { 829 wp_send_json_error(__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 830 exit; 831 } 832 827 833 if (isset($_GET['wp_id_nonce'])) { 828 834 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); -
ignitiondeck/trunk/idf-stock-browser.php
r3134431 r3142505 85 85 */ 86 86 function idf_stock_item_click() { 87 // Check if the user has the required capability 88 if (!current_user_can('read')) { 89 wp_send_json_error(__('You do not have sufficient permissions to perform this action.', 'memberdeck')); 90 exit; 91 } 87 92 if (isset($_GET['wp_id_nonce'])) { 88 93 check_admin_referer('wp_id_nonce', 'wp_id_nonce'); -
ignitiondeck/trunk/idf.php
r3134431 r3142505 8 8 URI: https://IgnitionDeck.com 9 9 Description: A crowdfunding and ecommerce plugin for WordPress that helps you crowdfund, pre-order, and sell goods online. 10 Version: 1.10. 010 Version: 1.10.1 11 11 Author: IgnitionDeck 12 12 Author URI: https://IgnitionDeck.com … … 18 18 require_once 'idf-globals.php'; 19 19 global $active_plugins, $idf_current_version; 20 $idf_current_version = '1.10. 0';20 $idf_current_version = '1.10.1'; 21 21 require_once 'idf-update.php'; 22 22 require_once 'classes/class-idf_requirements.php'; -
ignitiondeck/trunk/languages_default/idf.pot
r3134431 r3142505 3 3 msgstr "" 4 4 "Project-Id-Version: IgnitionDeck Framework\n" 5 "POT-Creation-Date: 2024-08- 06 08:39-0800\n"5 "POT-Creation-Date: 2024-08-27 13:44-0800\n" 6 6 "PO-Revision-Date: 2016-10-05 20:02-0400\n" 7 7 "Last-Translator: Ignition WP LLC <support@ignitionwp.com>\n" -
ignitiondeck/trunk/readme.txt
r3134431 r3142505 5 5 Requires at least: 4.9 6 6 Tested up to: 6.6 7 Stable tag: 1.10. 07 Stable tag: 1.10.1 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 139 139 == Changelog == 140 140 141 = 1.10.1 = 142 143 * Added more capability checks for security purposes. 144 141 145 = 1.10.0 = 142 146
Note: See TracChangeset
for help on using the changeset viewer.