Changeset 3435498
- Timestamp:
- 01/08/2026 09:48:00 PM (2 months ago)
- Location:
- mailchimp/tags/1.5.9
- Files:
-
- 3 edited
- 1 copied
-
. (copied) (copied from mailchimp/tags/1.5.8)
-
mailchimp.php (modified) (4 diffs)
-
readme.txt (modified) (2 diffs)
-
views/setup_page.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
mailchimp/tags/1.5.9/mailchimp.php
r2790403 r3435498 4 4 Plugin URI: http://www.mailchimp.com/plugins/mailchimp-wordpress-plugin/ 5 5 Description: The MailChimp plugin allows you to quickly and easily add a signup form for your MailChimp list. 6 Version: 1.5. 86 Version: 1.5.9 7 7 Author: MailChimp 8 8 Author URI: https://mailchimp.com/ … … 26 26 27 27 // Version constant for easy CSS refreshes 28 define('MCSF_VER', '1.5. 8');28 define('MCSF_VER', '1.5.9'); 29 29 30 30 // What's our permission (capability) threshold … … 186 186 switch ($_POST['mcsf_action']) { 187 187 case 'login': 188 if ( 189 ! current_user_can( MCSF_CAP_THRESHOLD ) || 190 ! isset( $_POST['_mcsf_nonce_action'] ) || 191 ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['_mcsf_nonce_action'] ) ), 'mc_login' ) 192 ) { 193 wp_die('Security check failed.'); 194 } 195 188 196 $key = trim($_POST['mailchimpSF_api_key']); 189 197 … … 573 581 **/ 574 582 function mailchimpSF_change_list_if_necessary() { 575 // Simple permission check before going through all this 576 if (!current_user_can(MCSF_CAP_THRESHOLD)) { return; } 583 if ( ! isset( $_POST['mc_list_id'] ) ) { 584 return; 585 } 586 587 if ( 588 ! current_user_can( MCSF_CAP_THRESHOLD ) || 589 ! isset( $_POST['update_mc_list_id_nonce'] ) || 590 ! wp_verify_nonce( sanitize_key( $_POST['update_mc_list_id_nonce'] ), 'update_mc_list_id_action' ) 591 ) { 592 wp_die( 'Security check failed.' ); 593 } 577 594 578 595 $api = mailchimpSF_get_api(); -
mailchimp/tags/1.5.9/readme.txt
r2790403 r3435498 4 4 Requires at least: 2.8 5 5 Tested up to: 4.5 6 Stable tag: 1.5. 86 Stable tag: 1.5.9 7 7 8 8 == Description == … … 132 132 133 133 == Changelog == 134 = 1.5.9 = 135 * Fix – Provide CSRF hardening for Mailchimp List changes. 136 134 137 = 1.5.8 = 135 138 * Fix PHP warning for merge tags. -
mailchimp/tags/1.5.9/views/setup_page.php
r2790403 r3435498 47 47 </td> 48 48 <td> 49 <?php wp_nonce_field('mc_login', '_mcsf_nonce_action'); ?> 49 50 <input type="submit" value="Connnect"> 50 51 </td> … … 141 142 <td> 142 143 <input type="hidden" name="mcsf_action" value="update_mc_list_id" /> 144 <?php wp_nonce_field( 'update_mc_list_id_action', 'update_mc_list_id_nonce' ); ?> 143 145 <input type="submit" name="Submit" value="<?php esc_attr_e('Update List', 'mailchimp_i18n'); ?>" class="button" /> 144 146 </td>
Note: See TracChangeset
for help on using the changeset viewer.