Changeset 3151684
- Timestamp:
- 09/14/2024 07:21:05 AM (19 months ago)
- Location:
- css-js-files
- Files:
-
- 7 added
- 2 edited
-
tags/1.5.2 (added)
-
tags/1.5.2/css (added)
-
tags/1.5.2/css-js-files.php (added)
-
tags/1.5.2/css/css-js-files.css (added)
-
tags/1.5.2/js (added)
-
tags/1.5.2/js/css-js-files.js (added)
-
tags/1.5.2/readme.txt (added)
-
trunk/css-js-files.php (modified) (7 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
css-js-files/trunk/css-js-files.php
r3150555 r3151684 4 4 Plugin URI: https://wordpress.org/plugins/css-js-files/ 5 5 Description: Add CSS files and/or CSS custom rules to any single page or post or globally 6 Version: 1.5. 16 Version: 1.5.2 7 7 Author: James Low 8 8 Author URI: http://jameslow.com … … 87 87 update_option('css_js_files_body_rules', $bodyrules, true); 88 88 update_option('css_js_files_footer_rules', $footerrules, true); 89 update_option('css_js_files_path', $path, true); 89 if (strpos($path, '../') === false) { 90 update_option('css_js_files_path', $path, true); 91 } 90 92 } 91 93 } … … 121 123 public static function editor_page() { 122 124 $file = isset($_GET['file']) ? sanitize_text_field($_GET['file']) : ''; 123 $hasfile = $file != '' && str_starts_with($file, get_option('css_js_files_path')) && strpos($file, '..') === false; 125 $lower = strtolower($file); 126 $hasfile = $file != '' && str_starts_with($file, get_option('css_js_files_path')) && strpos($file, '../') === false 127 && (strpos($lower, '.css') !== false || strpos($lower, '.js') !== false); 124 128 $path = $hasfile ? WP_CONTENT_DIR.'/'.$file : ''; 125 129 if (!current_user_can( 'manage_options' )) { … … 128 132 echo '<div class="wrap">'; 129 133 echo '<h2>CSS/JS Editor</h2>'; 130 134 131 135 //Save File 132 136 if (self::has_nounce()) { … … 138 142 } 139 143 144 if ($file != '' && !$hasfile || !file_exists($path)) { 145 echo '<div class="notice notice-error"> 146 <p>Invalid file path.</p> 147 </div>'; 148 $content = ''; 149 } else { 150 $content = $hasfile ? self::read_file($path) : ''; 151 } 152 140 153 //Form 141 154 echo '<form action="" method="post">'; … … 143 156 echo '<div align="right"><button type="submit" class="button button-primary button-large'.($hasfile?'':' button-disabled').'"'.($hasfile?'':' disabled').'>Save</button></div>'; 144 157 echo self::get_file(array($file), 'all'); 145 $content = $hasfile ? self::read_file($path) : '';146 158 echo '<br /><textarea class="css-js-files-text css-js-files-text-full" id="css-js-files-content" name="css_js_files_content">'.htmlentities($content).'</textarea>'; 147 159 echo '</form>'; … … 151 163 public static function read_file($name) { 152 164 $file = fopen($name, 'r'); 165 if (!$file) { 166 return null; 167 } 153 168 $data = fread($file,filesize($name)); 154 169 fclose($file); -
css-js-files/trunk/readme.txt
r3150555 r3151684 5 5 Requires at least: 3.0 6 6 Tested up to: 6.5.5 7 Stable tag: 1.5. 17 Stable tag: 1.5.2 8 8 License: MIT Licens 9 9 License URI: https://opensource.org/licenses/MIT … … 29 29 30 30 == Changelog == 31 32 = 1.5.2 = 33 * Additional security fixes and improvements to editor 31 34 32 35 = 1.5.1 =
Note: See TracChangeset
for help on using the changeset viewer.