Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3162315

Timestamp:

10/03/2024 05:51:00 PM (18 months ago)

Author:

NicolasKulka

Message:

Fix vulnerabilty

Location:

wpdash-notes

Files:

: 59 added
: 4 edited

tags/1.3.5 (added)
tags/1.3.5/assets (added)
tags/1.3.5/assets/css (added)
tags/1.3.5/assets/css/checklist_in_post.css (added)
tags/1.3.5/assets/css/checklist_in_post_frontend.css (added)
tags/1.3.5/assets/css/select2.min.css (added)
tags/1.3.5/assets/img (added)
tags/1.3.5/assets/img/bg_pub.png (added)
tags/1.3.5/assets/js (added)
tags/1.3.5/assets/js/checklist_in_post.js (added)
tags/1.3.5/assets/js/checklist_in_post_frontend.js (added)
tags/1.3.5/assets/js/select2.min.js (added)
tags/1.3.5/autoload.php (added)
tags/1.3.5/blocks (added)
tags/1.3.5/blocks/pub_wpboutik.php (added)
tags/1.3.5/classes (added)
tags/1.3.5/classes/dashboard-news.php (added)
tags/1.3.5/classes/plugin.php (added)
tags/1.3.5/classes/pub.php (added)
tags/1.3.5/classes/singleton.php (added)
tags/1.3.5/composer.json (added)
tags/1.3.5/composer.lock (added)
tags/1.3.5/languages (added)
tags/1.3.5/languages/wpdash-notes-fr_FR.mo (added)
tags/1.3.5/languages/wpdash-notes-fr_FR.po (added)
tags/1.3.5/languages/wpdash-notes.pot (added)
tags/1.3.5/readme.txt (added)
tags/1.3.5/vendor (added)
tags/1.3.5/vendor/autoload.php (added)
tags/1.3.5/vendor/composer (added)
tags/1.3.5/vendor/composer/ClassLoader.php (added)
tags/1.3.5/vendor/composer/InstalledVersions.php (added)
tags/1.3.5/vendor/composer/LICENSE (added)
tags/1.3.5/vendor/composer/autoload_classmap.php (added)
tags/1.3.5/vendor/composer/autoload_files.php (added)
tags/1.3.5/vendor/composer/autoload_namespaces.php (added)
tags/1.3.5/vendor/composer/autoload_psr4.php (added)
tags/1.3.5/vendor/composer/autoload_real.php (added)
tags/1.3.5/vendor/composer/autoload_static.php (added)
tags/1.3.5/vendor/composer/installed.json (added)
tags/1.3.5/vendor/composer/installed.php (added)
tags/1.3.5/vendor/composer/platform_check.php (added)
tags/1.3.5/vendor/nicolaskulka (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/assets (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/assets/js (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/assets/js/main.js (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/composer.json (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/composer.lock (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/handler.php (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/includes (added)
tags/1.3.5/vendor/nicolaskulka/wp-dismissible-notices-handler/includes/helper-functions.php (added)
tags/1.3.5/vendor/nicolaskulka/wp-review-me (added)
tags/1.3.5/vendor/nicolaskulka/wp-review-me/.gitignore (added)
tags/1.3.5/vendor/nicolaskulka/wp-review-me/README.md (added)
tags/1.3.5/vendor/nicolaskulka/wp-review-me/composer.json (added)
tags/1.3.5/vendor/nicolaskulka/wp-review-me/composer.lock (added)
tags/1.3.5/vendor/nicolaskulka/wp-review-me/review.php (added)
tags/1.3.5/wpdash-notes.php (added)
trunk/assets/js/checklist_in_post_frontend.js (modified) (1 diff)
trunk/classes/plugin.php (modified) (2 diffs)
trunk/readme.txt (modified) (2 diffs)
trunk/wpdash-notes.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

wpdash-notes/trunk/assets/js/checklist_in_post_frontend.js

r2422139	r3162315
106	106	var params = {};
107	107	params.post_id = response.post_id;
	108	params._wpnonce = response.nonce;
108	109	wp.ajax.post('postitlistcomment', params).done(function (response) {
109	110	var parent = $('#wpf-post-it-' + response.post_id);

wpdash-notes/trunk/classes/plugin.php

-                      r3100718
+                      r3162315
+    }
     public static function admin_notices() {
         $screen = get_current_screen();
         if ( $screen && 'edit-wpf_post_it' === $screen->id ) {
             include( WPDASH_NOTES_DIR . '/blocks/pub_wpboutik.php' );
+        }
+    }
+    public static function admin_notices() {
+        $screen = get_current_screen();
+        if ( $screen && 'edit-wpf_post_it' === $screen->id ) {
+            include( WPDASH_NOTES_DIR . '/blocks/pub_wpboutik.php' );
+        }
+    }
     public static function install() {
 …
         wp_insert_comment( $data );
         wp_send_json_success( [ 'post_id' => $postid ] );
+        wp_send_json_success( [ 'post_id' => $postid, 'nonce' => wp_create_nonce( 'nonce_list_comment' ) ] );
+    }
     public static function wp_ajax_post_it_list_comment() {
+        check_ajax_referer( 'nonce_list_comment' );
         $post_id = isset( $_POST['post_id'] ) ? sanitize_text_field( $_POST['post_id'] ) : '';
+        $comments = get_comments(
+            array(
+                'post_id' => $post_id,
+                'order'   => 'ASC'
+            )
+        );
+        $html = '';
+        if ( ! empty ( $comments ) ) {
+            $texthtml = ( count( $comments ) > 1 ) ? __( 'Comments :', 'wpdash-notes' ) : __( 'Comment :', 'wpdash-notes' );
+            $html     .= $texthtml . '<br>';
+            foreach ( $comments as $comment ) {
+                $html .= '<b>' . $comment->comment_author . '</b> : ' . $comment->comment_content . '<br>';
+        if ( $post_id ) {
+            $post = get_post( $post_id );
+            if ( 'wpf_post_it' === $post->post_type ) {
+                $comments = get_comments(
+                    array(
+                        'post_id' => $post_id,
+                        'order'   => 'ASC'
+                    )
+                );
+                $html = '';
+                if ( ! empty ( $comments ) ) {
+                    $texthtml = ( count( $comments ) > 1 ) ? __( 'Comments :', 'wpdash-notes' ) : __( 'Comment :', 'wpdash-notes' );
+                    $html     .= $texthtml . '<br>';
+                    foreach ( $comments as $comment ) {
+                        $html .= '<b>' . $comment->comment_author . '</b> : ' . $comment->comment_content . '<br>';
+                    }
+                }
+                wp_send_json_success( array( 'html' => $html, 'post_id' => $post_id ) );
+            }
+        }
-        wp_send_json_success( array( 'html' => $html, 'post_id' => $post_id ) );
+    }

wpdash-notes/trunk/readme.txt

-                      r3100718
+                      r3162315
 Requires at least: 4.2
 Tested up to: 6.5
 Stable tag: 1.3.4.1
+Stable tag: 1.3.5
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 1.3.5 =
+* Fix Vulenrability : Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure (Thanks Wordfence)
 = 1.3.4.1 =
 * Fix screen admin notices

wpdash-notes/trunk/wpdash-notes.php

-                      r3100718
+                      r3162315
 Plugin Name: WPDash Notes
 Description: WPDash Notes est un plugin qui vous permet de créer des notes sur votre tableau de bord WordPress et sur ceux des autres utilisateurs.
 Version: 1.3.4.1
+Version: 1.3.5
 Author: WPFormation, NicolasKulka, WPServeur
 Author URI: https://wpformation.com/
 …
 // Plugin constants
 define( 'WPDASH_NOTES_VERSION', '1.3.4.1' );
+define( 'WPDASH_NOTES_VERSION', '1.3.5' );
 define( 'WPDASH_NOTES_FOLDER', 'wpdash-notes' );
 define( 'WPDASH_NOTES_BASENAME', plugin_basename( __FILE__ ) );

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory

Context Navigation

Changeset 3162315

Legend:

wpdash-notes/trunk/assets/js/checklist_in_post_frontend.js

wpdash-notes/trunk/classes/plugin.php

wpdash-notes/trunk/readme.txt

wpdash-notes/trunk/wpdash-notes.php

Download in other formats: