WordPress.org
Get WordPress

Plugin Directory

Changeset 3428837


Ignore:
Timestamp:
12/29/2025 06:11:50 AM (2 months ago)
Author:
wedevs
Message:

Tagging version 10.45

Location:
subscribe2
Files:
10 edited
1 copied

Legend:

Unmodified
Added
Removed

  • subscribe2/tags/10.45/admin/subscribers.php

    r3000462 r3428837  
    226226echo '<form method="post">' . "\r\n";
    227227echo '<input type="hidden" name="s2_admin" />' . "\r\n";
     228echo wp_nonce_field( 's2-export-csv', 's2-export-csv' );
    228229
    229230$exclude = array();

  • subscribe2/tags/10.45/changelog.txt

    r3225549 r3428837  
     1= 10.45 (29th Dec, 2025) =
     2
     3* Enhance: Capability checks added for better security.
     4
    15= 10.44 (20th Jan, 2025) =
    26

  • subscribe2/tags/10.45/classes/class-s2-core.php

    r3225549 r3428837  
    23652365            // Capture CSV export.
    23662366            if ( isset( $_POST['s2_admin'] ) && isset( $_POST['csv'] ) ) {
     2367                // Security check: Verify user has proper capabilities.
     2368                if ( ! current_user_can( apply_filters( 's2_capability', 'manage_options', 'manage' ) ) ) {
     2369                    wp_die( 'Not permitted.' );
     2370                }
     2371
     2372                // Security check: Verify nonce.
     2373                if (
     2374                    ! isset( $_REQUEST['s2-export-csv'] ) ||
     2375                    ! wp_verify_nonce( sanitize_key( $_REQUEST['s2-export-csv'] ), 's2-export-csv' )
     2376                ) {
     2377                    wp_die( 'Request cannot be completed.' );
     2378                }
     2379
    23672380                $date = gmdate( 'Y-m-d' );
    23682381                header( 'Content-Description: File Transfer' );

  • subscribe2/tags/10.45/readme.txt

    r3225549 r3428837  
    44Tags: posts, subscription, email, subscribe, notify, notification, newsletter, post notification, email marketing, optin, form
    55Requires at least: 4.0
    6 Tested up to: 6.7.1
    7 Stable tag: 10.44
     6Tested up to: 6.9
     7Stable tag: 10.45
    88Requires PHP: 5.4
    99License: GPLv3
     
    7272
    7373== Changelog ==
     74
     75= 10.45 (29th Dec, 2025) =
     76
     77* Enhance: Capability checks added for better security.
    7478
    7579= 10.44 (20th Jan, 2025) =

  • subscribe2/tags/10.45/subscribe2.php

    r3225549 r3428837  
    44Plugin URI: https://getwemail.io
    55Description: Notifies an email list when new entries are posted.
    6 Version: 10.44
     6Version: 10.45
    77Author: weMail
    88Author URI: https://getwemail.io
     
    5656// Our version number. Don't touch this or any line below.
    5757// Unless you know exactly what you are doing.
    58 define( 'S2VERSION', '10.44' );
     58define( 'S2VERSION', '10.45' );
    5959define( 'S2PLUGIN', __FILE__ );
    6060define( 'S2PATH', trailingslashit( dirname( __FILE__ ) ) );

  • subscribe2/trunk/admin/subscribers.php

    r3000462 r3428837  
    226226echo '<form method="post">' . "\r\n";
    227227echo '<input type="hidden" name="s2_admin" />' . "\r\n";
     228echo wp_nonce_field( 's2-export-csv', 's2-export-csv' );
    228229
    229230$exclude = array();

  • subscribe2/trunk/changelog.txt

    r3225549 r3428837  
     1= 10.45 (29th Dec, 2025) =
     2
     3* Enhance: Capability checks added for better security.
     4
    15= 10.44 (20th Jan, 2025) =
    26

  • subscribe2/trunk/classes/class-s2-core.php

    r3225549 r3428837  
    23652365            // Capture CSV export.
    23662366            if ( isset( $_POST['s2_admin'] ) && isset( $_POST['csv'] ) ) {
     2367                // Security check: Verify user has proper capabilities.
     2368                if ( ! current_user_can( apply_filters( 's2_capability', 'manage_options', 'manage' ) ) ) {
     2369                    wp_die( 'Not permitted.' );
     2370                }
     2371
     2372                // Security check: Verify nonce.
     2373                if (
     2374                    ! isset( $_REQUEST['s2-export-csv'] ) ||
     2375                    ! wp_verify_nonce( sanitize_key( $_REQUEST['s2-export-csv'] ), 's2-export-csv' )
     2376                ) {
     2377                    wp_die( 'Request cannot be completed.' );
     2378                }
     2379
    23672380                $date = gmdate( 'Y-m-d' );
    23682381                header( 'Content-Description: File Transfer' );

  • subscribe2/trunk/readme.txt

    r3225549 r3428837  
    44Tags: posts, subscription, email, subscribe, notify, notification, newsletter, post notification, email marketing, optin, form
    55Requires at least: 4.0
    6 Tested up to: 6.7.1
    7 Stable tag: 10.44
     6Tested up to: 6.9
     7Stable tag: 10.45
    88Requires PHP: 5.4
    99License: GPLv3
     
    7272
    7373== Changelog ==
     74
     75= 10.45 (29th Dec, 2025) =
     76
     77* Enhance: Capability checks added for better security.
    7478
    7579= 10.44 (20th Jan, 2025) =

  • subscribe2/trunk/subscribe2.php

    r3225549 r3428837  
    44Plugin URI: https://getwemail.io
    55Description: Notifies an email list when new entries are posted.
    6 Version: 10.44
     6Version: 10.45
    77Author: weMail
    88Author URI: https://getwemail.io
     
    5656// Our version number. Don't touch this or any line below.
    5757// Unless you know exactly what you are doing.
    58 define( 'S2VERSION', '10.44' );
     58define( 'S2VERSION', '10.45' );
    5959define( 'S2PLUGIN', __FILE__ );
    6060define( 'S2PATH', trailingslashit( dirname( __FILE__ ) ) );
Note: See TracChangeset for help on using the changeset viewer.