WordPress.org
Get WordPress

Plugin Directory

Changeset 3232922


Ignore:
Timestamp:
01/31/2025 09:04:02 PM (14 months ago)
Author:
era404
Message:

Security updates recommended by Colin Xu (thank you);

Location:
stafflist/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • stafflist/trunk/readme.txt

    r3218014 r3232922  
    103103
    104104== Changelog ==
     105= 3.2.4 =
     106* Security updates recommended by Colin Xu (thank you);
     107
    105108= 3.2.2 =
    106109* Tested on WordPress 6.7.1;

  • stafflist/trunk/stafflist.php

    r3218000 r3232922  
    44Plugin URI: http://wordpress.org/plugins/stafflist/
    55Description: A super simplified staff directory tool
    6 Version: 3.2.2
     6Version: 3.2.4
    77Author: era404
    88Author URI: http://www.era404.com
     
    156156    $import_details = false;
    157157    if(!empty($_FILES) && 0!=$_FILES['importfile']['size']){
     158        check_admin_referer('import_stafflist'); //below
    158159        $uploads = wp_upload_dir();
    159160        $ext = checkDatafile($_FILES['importfile']);
    160161        $temp = $uploads['basedir'] . "/temp.{$ext}";
    161162        if(!in_array($_FILES['importfile']['type'], $spreadsheet_formats)){
    162             showResults("Only CSV, XLS, XLSX imports are currently supported. This filetype was: {$_FILES['importfile']['type']}.",1);
     163            showResults("Only CSV, XLS, XLSX imports are currently supported.",1);
    163164        } else {
    164165            if(!move_uploaded_file($_FILES['importfile']['tmp_name'], $temp)) {
     
    176177        $temp = $uploads['basedir'] . "/temp.{$ext}";
    177178        if(!file_exists($temp)){
    178             showResults("Your datafile ({$temp}) could not be found. Check your site's directory permissions.", 1);
     179            showResults("Your datafile could not be found. Check your site's directory permissions.", 1);
    179180        } else {
    180181            list($added,$notadded) = stafflistImport(readCSVintoArray($temp),true);
     
    283284            </div>
    284285         ";
    285    
     286
    286287/***********************************************************************************
    287288*     Directory
     
    364365        //are there nonstandard columns?
    365366        if(!empty($import_details[1])) {
    366                     echo "<tr><td>Non-standard Columns:</td><td><span>".
    367                     implode("</span><span>",$import_details[1])."</span></td>";
     367            echo "<tr><td>Non-standard Columns:</td><td><span>".
     368            implode("</span><span>",$import_details[1])."</span></td>";
    368369        }
    369370        echo "  </tr>
     
    418419               </tr>
    419420            </tbody>
    420 
    421         </table>
     421        " . //https://developer.wordpress.org/apis/security/nonces/
     422            wp_nonce_field( 'import_stafflist' ) .
     423        "</table>
    422424        </form>";
    423425    $cols = $wpdb->get_results( "SELECT id,name,active FROM {$staffmetadb}
Note: See TracChangeset for help on using the changeset viewer.