WordPress.org
Get WordPress

Plugin Directory

Changeset 3300680


Ignore:
Timestamp:
05/26/2025 12:23:14 PM (10 months ago)
Author:
pluginsandsnippets
Message:

trunk 1.0.32

Location:
simple-page-access-restriction/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • simple-page-access-restriction/trunk/changelog.txt

    r3274969 r3300680  
     1= Version 1.0.32 - May 24, 2025 =
     2* Security: Add nonce validation to settings and metabox handling
     3
    14= Version 1.0.31 - April 16, 2025 =
    25* Test: WordPress version 6.8

  • simple-page-access-restriction/trunk/includes/admin/admin.php

    r3105724 r3300680  
    8181            }
    8282
     83            wp_nonce_field( 'ps_simple_par_metabox_nonce', 'ps_simple_par_mb_nonce' );
    8384           
    8485            echo '<input type="checkbox" checked name="_page_access_restricted" value="0" style="display:none;" />';
     
    9394            if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) {
    9495                return;
     96            }
     97
     98            if ( ! isset( $_POST['ps_simple_par_mb_nonce'] ) || ! wp_verify_nonce( $_POST['ps_simple_par_mb_nonce'], 'ps_simple_par_metabox_nonce' ) ) {
     99                return $post_id;
    95100            }
    96101

  • simple-page-access-restriction/trunk/includes/admin/settings/settings.php

    r3105724 r3300680  
    1414global $wpdb;
    1515
    16 if ( isset( $_POST['ps_simple_par_save_settings'] ) ) {
     16// Ensure user has access to this page.
     17if ( ! current_user_can( 'manage_options' ) ) {
     18    wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'simple-page-access-restriction' ) );
     19}
     20
     21if ( isset( $_POST['ps_simple_par_save_settings'] ) && check_admin_referer( 'ps_simple_par_save_settings_action', 'ps_simple_par_nonce' ) ) {
    1722    // Define the input settings
    1823    $input_settings = array();
     
    8590    <?php do_action( 'ps_simple_par_after_settings_title' ); ?>
    8691    <form method="post" action="">
     92        <?php wp_nonce_field( 'ps_simple_par_save_settings_action', 'ps_simple_par_nonce' ); ?>
    8793        <div id="ps_plugin_template_settings_tabs">
    8894            <div id="simple-par-settings-tabs-header">

  • simple-page-access-restriction/trunk/readme.txt

    r3274969 r3300680  
    66Tags: page restrict, access restriction, page restriction, page redirect, page access restriction
    77Requires at least: 3.9
    8 Tested up to: 6.5
     8Tested up to: 6.8
    99Requires PHP: 5.6
    10 Stable Tag: 1.0.31
     10Stable Tag: 1.0.32
    1111License: GPL v2 or later
    1212License URI: https://www.gnu.org/licenses/gpl-2.0.html
     
    116116
    117117== Changelog ==
     118= Version 1.0.32 - May 24, 2025 =
     119* Security: Add nonce validation to settings and metabox handling
     120
    118121= Version 1.0.31 - April 16, 2025 =
    119122* Test: WordPress version 6.8

  • simple-page-access-restriction/trunk/simple-page-access-restriction.php

    r3274969 r3300680  
    44 * Plugin URI:        https://www.pluginsandsnippets.com/downloads/simple-page-access-restriction/
    55 * Description:       This plugin offers a simple way to restrict visits to select pages only to logged-in users and allows for page redirection to a defined (login) page of your choice.
    6  * Version:           1.0.31
     6 * Version:           1.0.32
    77 * Author:            Plugins & Snippets
    88 * Author URI:        https://www.pluginsandsnippets.com/
     
    7777
    7878            // Plugin related constants
    79             define( 'SIMPLE_PAGE_ACCESS_RESTRICTION_VER', '1.0.31' );
     79            define( 'SIMPLE_PAGE_ACCESS_RESTRICTION_VER', '1.0.32' );
    8080            define( 'SIMPLE_PAGE_ACCESS_RESTRICTION_NAME', 'Simple Page Access Restriction' );
    8181            define( 'SIMPLE_PAGE_ACCESS_RESTRICTION_DIR', trailingslashit( plugin_dir_path( __FILE__ ) ) );
Note: See TracChangeset for help on using the changeset viewer.