WordPress.org
Get WordPress

Plugin Directory

Changeset 3394112


Ignore:
Timestamp:
11/12/2025 07:44:32 AM (4 months ago)
Author:
supsystic.com
Message:

version 1.10.46

Location:
data-tables-generator-by-supsystic
Files:
702 added
1 deleted
4 edited

Legend:

Unmodified
Added
Removed

  • data-tables-generator-by-supsystic/trunk/app/SupsysticTables.php

    r3313004 r3394112  
    1919        $menuSlug = "supsystic-tables";
    2020        $pluginPath = dirname(dirname(__FILE__));
    21         $environment = new RscDtgs_Environment("st", "1.10.45", $pluginPath);
     21        $environment = new RscDtgs_Environment("st", "1.10.46", $pluginPath);
    2222
    2323        /* Configure */

  • data-tables-generator-by-supsystic/trunk/index.php

    r3313004 r3394112  
    55 * Plugin URI: http://supsystic.com
    66 * Description: Create and manage beautiful data tables with custom design. No HTML knowledge is required
    7  * Version: 1.10.45
     7 * Version: 1.10.46
    88 * Author: supsystic.com
    99 * Author URI: http://supsystic.com

  • data-tables-generator-by-supsystic/trunk/readme.txt

    r3313004 r3394112  
    77License: GNU General Public License v2.0 or later
    88Tested up to: 6.8
    9 Stable tag: 1.10.45
     9Stable tag: 1.10.46
    1010
    1111Create data tables with charts and graphs.  Custom design, navigation, searching and ordering functions. Export to PDF, CSV, Print. Excel spreadsheet. WooCommerce Integration.
     
    224224
    225225== Changelog ==
     2261.10.46 / 12.11.2025 =
     227 * Minor fixes
     228 * Security fix
     229 * Add fix for cleanCache vulnerability
     230
    2262311.10.45 / 17.06.2025 =
    227232 * Minor fixes and overview update

  • data-tables-generator-by-supsystic/trunk/src/SupsysticTables/Tables/Controller.php

    r3313004 r3394112  
    555555    public function cleanCache($id)
    556556    {
    557         $cachePath = $this->getConfig()->get('plugin_cache_tables') . DIRECTORY_SEPARATOR . $id;
    558         if (file_exists($cachePath)) {
    559             unlink($cachePath);
     557        $cacheDir = $this->getConfig()->get('plugin_cache_tables');
     558        if (empty($cacheDir)) {
     559            return;
     560        }
     561        // Only allow numeric table IDs to prevent path traversal
     562        $id = is_string($id) ? trim($id) : $id;
     563        if (!is_int($id)) {
     564            if (!is_string($id) || $id === '' || !ctype_digit($id)) {
     565                return;
     566            }
     567            $id = (int)$id;
     568        }
     569        $fileName = (string)$id;
     570        $target = $cacheDir . DIRECTORY_SEPARATOR . $fileName;
     571        // Final safety: ensure no directory separators sneaked in and path stays within cache dir
     572        if ($fileName !== basename($fileName)) {
     573            return;
     574        }
     575        if (file_exists($target) && is_file($target)) {
     576            @unlink($target);
    560577        }
    561578    }
Note: See TracChangeset for help on using the changeset viewer.