WordPress.org
Get WordPress

Plugin Directory

Changeset 3424391


Ignore:
Timestamp:
12/20/2025 11:26:59 PM (3 months ago)
Author:
navzme
Message:
  • [Fixed] Added proper capability and nonce checks to migration process
Location:
acf-galerie-4/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • acf-galerie-4/trunk/acf-galerie-4.php

    r3337745 r3424391  
    99 * License: GPL v2 or later
    1010 * License URI: https://www.gnu.org/licenses/gpl-2.0.html
    11  * Version: 1.4.2
     11 * Version: 1.4.3
    1212 * Domain Path: /lang
    1313 * Requires PHP: 7.4
     
    2424
    2525        public function initialize() {
    26             $this->define( 'ACFG4_VERSION', '1.4.2' );
     26            $this->define( 'ACFG4_VERSION', '1.4.3' );
    2727            $this->define( 'ACFG4_PLUGIN', __FILE__ );
    2828            $this->define( 'ACFG4_PLUGIN_BASENAME', plugin_basename( ACFG4_PLUGIN ) );

  • acf-galerie-4/trunk/providers/class.migration.php

    r3237616 r3424391  
    1919   
    2020    function acfg4_start_migration_nonce() {
    21         if ( !is_admin() ) return;
     21        if ( ! current_user_can('manage_options') ) return;
    2222        $nonce = wp_create_nonce('acfg4_start_migration_nonce');
    2323    ?>
     
    2727
    2828    public function enqueue_plugin_admin_scripts() {
    29         wp_enqueue_script('acfg4-admin-script', ACFG4_PLUGIN_URL . 'assets/js/admin-script.js', ['jquery'], '1.0.0', true);
     29        if ( current_user_can('manage_options') ) {
     30            wp_enqueue_script('acfg4-admin-script', ACFG4_PLUGIN_URL . 'assets/js/admin-script.js', ['jquery'], '1.0.0', true);
     31        }
    3032    }
    3133
    3234    public function enqueue_plugin_admin_styles() {
    33         wp_enqueue_style('acfg4-admin-css', ACFG4_PLUGIN_URL . 'assets/css/admin-style.css', [], '1.0.0');
     35        if ( current_user_can('manage_options') ) {
     36            wp_enqueue_style('acfg4-admin-css', ACFG4_PLUGIN_URL . 'assets/css/admin-style.css', [], '1.0.0');
     37        }
    3438    }
    3539
    3640    public function acfg4_start_migration() {
     41        if ( ! current_user_can('manage_options') ) {
     42            wp_send_json_error(
     43                ['message' => 'Unauthorized'],
     44                403
     45            );
     46        }
     47       
     48        if (
     49            ! isset($_POST['nonce']) ||
     50            ! wp_verify_nonce($_POST['nonce'], 'acfg4_start_migration_nonce')
     51        ) {
     52            wp_send_json_error(
     53                ['message' => 'Invalid or missing nonce'],
     54                400
     55            );
     56        }
     57
    3758        global $wpdb;
    3859        $wpdb->query('START TRANSACTION');
     
    4061        try {
    4162            $migrate_from = $_POST['migrate_from'];
    42 
    43             if (
    44                 isset( $_POST['nonce'] ) &&
    45                 !wp_verify_nonce( $_POST['nonce'], 'acfg4_start_migration_nonce') )
    46             {
    47                 wp_send_json_error(['message' => "Nonce verification failed. Please try again."], 400);
    48             }
    4963
    5064            if( !in_array( $migrate_from, [1, 2] ) ){

  • acf-galerie-4/trunk/readme.txt

    r3419122 r3424391  
    55Requires at least: 5.8
    66Tested up to: 6.9
    7 Stable tag: 1.4.2
     7Stable tag: 1.4.3
    88Requires PHP: 7.0
    99License: GPLv2 or later
     
    4646
    4747== Changelog ==
     48= 1.4.3 =
     49* [Fixed] Added proper capability and nonce checks to migration process
     50
    4851= 1.4.2 =
    4952* [Fixed] array_keys() expects array, null issue in PHP 8.x
Note: See TracChangeset for help on using the changeset viewer.