WordPress.org
Get WordPress

Plugin Directory

Changeset 3364994


Ignore:
Timestamp:
09/20/2025 01:51:44 PM (6 months ago)
Author:
eteubert
Message:

Update to version 4.2.7 from GitHub

Location:
podlove-podcasting-plugin-for-wordpress
Files:
10 edited
1 copied

Legend:

Unmodified
Added
Removed

  • podlove-podcasting-plugin-for-wordpress/tags/4.2.7/lib/helper.php

    r3088907 r3364994  
    8383 * @return bool
    8484 */
    85 function is_image($file)
    86 {
     85function is_image($file, $filename = "")
     86{
     87    // simple PHP based checks
    8788    $type = get_image_type($file);
    8889    $mime = get_image_mime_type($type);
    89 
    90     return substr($mime, 0, 5) == 'image';
     90    $mime_is_image = substr($mime, 0, 5) == 'image';
     91
     92    // more checks using WP helpers
     93    if (!$filename) {
     94      $filename = basename($file);
     95    }
     96   
     97    $check = wp_check_filetype_and_ext($file, $filename);
     98    $ext = isset($check['ext']) && $check['ext'] ? strtolower($check['ext']) : null;
     99    $wp_type = isset($check['type']) && $check['type'] ? strtolower($check['type']) : null;
     100
     101    $wp_type_looks_correct = stripos($wp_type, 'image/') === 0;
     102   
     103    // denielist some exts for extra safety
     104    $danger_exts = [
     105      'php', 'php3', 'php4', 'php5', 'phtml', 'phar', 'pl', 'py', 'rb', 'cgi', 'asp', 'aspx', 'jsp',
     106    ];
     107
     108    $ext_looks_dangerous = empty($ext) || in_array($ext, $danger_exts, true);
     109
     110    return $mime_is_image && !$ext_looks_dangerous && $wp_type_looks_correct;
    91111}
    92112

  • podlove-podcasting-plugin-for-wordpress/tags/4.2.7/lib/model/image.php

    r3195601 r3364994  
    312312    public function generate_resized_copy()
    313313    {
    314         if (!\Podlove\is_image($this->original_file())) {
     314        if (!\Podlove\is_image($this->original_file(), basename($this->source_url))) {
    315315            Log::get()->addWarning('Podlove Image Cache: Not an image ('.$this->original_file().')');
    316316
     
    390390                $file = untrailingslashit(\Podlove\PLUGIN_DIR).$path;
    391391
    392                 if (file_exists($file) && \Podlove\is_image($file)) {
     392                if (file_exists($file) && \Podlove\is_image($file, basename($this->source_url))) {
    393393                    $this->create_basedir();
    394394                    $this->save_cache_data();
     
    432432        }
    433433
    434         if (!\Podlove\is_image($temp_file)) {
     434        if (!\Podlove\is_image($temp_file, basename($this->source_url))) {
    435435            Log::get()->addWarning(
    436436                sprintf(__('Podlove Image Cache: Downloaded file is not an image.')),

  • podlove-podcasting-plugin-for-wordpress/tags/4.2.7/podlove.php

    r3348869 r3364994  
    33 * Plugin Name: Podlove Podcast Publisher
    44 * Plugin URI:  https://podlove.org/podlove-podcast-publisher/
    5  * Version: 4.2.6
     5 * Version: 4.2.7
    66 * Requires at least: 4.9.6
    77 * Requires PHP: 8.0

  • podlove-podcasting-plugin-for-wordpress/tags/4.2.7/readme.txt

    r3348869 r3364994  
    44Tags: podlove, podcast, publishing, rss, audio
    55Tested up to: 6.7.2
    6 Stable tag: 4.2.6
     6Stable tag: 4.2.7
    77Requires at least: 4.9.6
    88Requires PHP: 8.0
     
    115115
    116116== Changelog ==
     117
     118= 4.2.7 =
     119
     120- security: Improved handling of image files in the download cache to block malicious uploads.
     121
     122Note: this should not affect normal image delivery, but please keep an eye out for any unexpected issues with cached images.
    117123
    118124= 4.2.6 =

  • podlove-podcasting-plugin-for-wordpress/tags/4.2.7/vendor/composer/installed.php

    r3348869 r3364994  
    22    'root' => array(
    33        'name' => 'podlove/podcast-publisher',
    4         'pretty_version' => '4.2.6',
    5         'version' => '4.2.6.0',
    6         'reference' => '09c3da96fd177090415eeeabb54a5035872b783d',
     4        'pretty_version' => '4.2.7',
     5        'version' => '4.2.7.0',
     6        'reference' => '67f7a6577bc27dd0d0bf11c7ae715ea6c0d9dfc3',
    77        'type' => 'library',
    88        'install_path' => __DIR__ . '/../../',
     
    144144        ),
    145145        'podlove/podcast-publisher' => array(
    146             'pretty_version' => '4.2.6',
    147             'version' => '4.2.6.0',
    148             'reference' => '09c3da96fd177090415eeeabb54a5035872b783d',
     146            'pretty_version' => '4.2.7',
     147            'version' => '4.2.7.0',
     148            'reference' => '67f7a6577bc27dd0d0bf11c7ae715ea6c0d9dfc3',
    149149            'type' => 'library',
    150150            'install_path' => __DIR__ . '/../../',

  • podlove-podcasting-plugin-for-wordpress/trunk/lib/helper.php

    r3088907 r3364994  
    8383 * @return bool
    8484 */
    85 function is_image($file)
    86 {
     85function is_image($file, $filename = "")
     86{
     87    // simple PHP based checks
    8788    $type = get_image_type($file);
    8889    $mime = get_image_mime_type($type);
    89 
    90     return substr($mime, 0, 5) == 'image';
     90    $mime_is_image = substr($mime, 0, 5) == 'image';
     91
     92    // more checks using WP helpers
     93    if (!$filename) {
     94      $filename = basename($file);
     95    }
     96   
     97    $check = wp_check_filetype_and_ext($file, $filename);
     98    $ext = isset($check['ext']) && $check['ext'] ? strtolower($check['ext']) : null;
     99    $wp_type = isset($check['type']) && $check['type'] ? strtolower($check['type']) : null;
     100
     101    $wp_type_looks_correct = stripos($wp_type, 'image/') === 0;
     102   
     103    // denielist some exts for extra safety
     104    $danger_exts = [
     105      'php', 'php3', 'php4', 'php5', 'phtml', 'phar', 'pl', 'py', 'rb', 'cgi', 'asp', 'aspx', 'jsp',
     106    ];
     107
     108    $ext_looks_dangerous = empty($ext) || in_array($ext, $danger_exts, true);
     109
     110    return $mime_is_image && !$ext_looks_dangerous && $wp_type_looks_correct;
    91111}
    92112

  • podlove-podcasting-plugin-for-wordpress/trunk/lib/model/image.php

    r3195601 r3364994  
    312312    public function generate_resized_copy()
    313313    {
    314         if (!\Podlove\is_image($this->original_file())) {
     314        if (!\Podlove\is_image($this->original_file(), basename($this->source_url))) {
    315315            Log::get()->addWarning('Podlove Image Cache: Not an image ('.$this->original_file().')');
    316316
     
    390390                $file = untrailingslashit(\Podlove\PLUGIN_DIR).$path;
    391391
    392                 if (file_exists($file) && \Podlove\is_image($file)) {
     392                if (file_exists($file) && \Podlove\is_image($file, basename($this->source_url))) {
    393393                    $this->create_basedir();
    394394                    $this->save_cache_data();
     
    432432        }
    433433
    434         if (!\Podlove\is_image($temp_file)) {
     434        if (!\Podlove\is_image($temp_file, basename($this->source_url))) {
    435435            Log::get()->addWarning(
    436436                sprintf(__('Podlove Image Cache: Downloaded file is not an image.')),

  • podlove-podcasting-plugin-for-wordpress/trunk/podlove.php

    r3348869 r3364994  
    33 * Plugin Name: Podlove Podcast Publisher
    44 * Plugin URI:  https://podlove.org/podlove-podcast-publisher/
    5  * Version: 4.2.6
     5 * Version: 4.2.7
    66 * Requires at least: 4.9.6
    77 * Requires PHP: 8.0

  • podlove-podcasting-plugin-for-wordpress/trunk/readme.txt

    r3348869 r3364994  
    44Tags: podlove, podcast, publishing, rss, audio
    55Tested up to: 6.7.2
    6 Stable tag: 4.2.6
     6Stable tag: 4.2.7
    77Requires at least: 4.9.6
    88Requires PHP: 8.0
     
    115115
    116116== Changelog ==
     117
     118= 4.2.7 =
     119
     120- security: Improved handling of image files in the download cache to block malicious uploads.
     121
     122Note: this should not affect normal image delivery, but please keep an eye out for any unexpected issues with cached images.
    117123
    118124= 4.2.6 =

  • podlove-podcasting-plugin-for-wordpress/trunk/vendor/composer/installed.php

    r3348869 r3364994  
    22    'root' => array(
    33        'name' => 'podlove/podcast-publisher',
    4         'pretty_version' => '4.2.6',
    5         'version' => '4.2.6.0',
    6         'reference' => '09c3da96fd177090415eeeabb54a5035872b783d',
     4        'pretty_version' => '4.2.7',
     5        'version' => '4.2.7.0',
     6        'reference' => '67f7a6577bc27dd0d0bf11c7ae715ea6c0d9dfc3',
    77        'type' => 'library',
    88        'install_path' => __DIR__ . '/../../',
     
    144144        ),
    145145        'podlove/podcast-publisher' => array(
    146             'pretty_version' => '4.2.6',
    147             'version' => '4.2.6.0',
    148             'reference' => '09c3da96fd177090415eeeabb54a5035872b783d',
     146            'pretty_version' => '4.2.7',
     147            'version' => '4.2.7.0',
     148            'reference' => '67f7a6577bc27dd0d0bf11c7ae715ea6c0d9dfc3',
    149149            'type' => 'library',
    150150            'install_path' => __DIR__ . '/../../',
Note: See TracChangeset for help on using the changeset viewer.