WordPress.org
Get WordPress

Plugin Directory

Changeset 3435499


Ignore:
Timestamp:
01/08/2026 09:51:15 PM (2 months ago)
Author:
Dharm1025
Message:

Releasing version 1.6.4 to WordPress.org plugin repository.

Location:
mailchimp/tags/1.6.4
Files:
3 edited
1 copied

Legend:

Unmodified
Added
Removed

  • mailchimp/tags/1.6.4/mailchimp.php

    r3232267 r3435499  
    55 * Description:       Add a Mailchimp signup form block, widget or shortcode to your WordPress site.
    66 * Text Domain:       mailchimp
    7  * Version:           1.6.3
     7 * Version:           1.6.4
    88 * Requires at least: 6.3
    99 * Requires PHP:      7.0
     
    6666
    6767// Version constant for easy CSS refreshes
    68 define( 'MCSF_VER', '1.6.3' );
     68define( 'MCSF_VER', '1.6.4' );
    6969
    7070// What's our permission (capability) threshold
     
    590590    }
    591591
     592    if (
     593        ! current_user_can( MCSF_CAP_THRESHOLD ) ||
     594        ! isset( $_POST['update_mc_list_id_nonce'] ) ||
     595        ! wp_verify_nonce( sanitize_key( $_POST['update_mc_list_id_nonce'] ), 'update_mc_list_id_action' )
     596    ) {
     597        wp_die( 'Security check failed.' );
     598    }
     599
    592600    if ( empty( $_POST['mc_list_id'] ) ) {
    593601        $msg = '<p class="error_msg">' . esc_html__( 'Please choose a valid list', 'mailchimp' ) . '</p>';
     
    595603        return;
    596604    }
    597 
    598     // Simple permission check before going through all this
    599     if ( ! current_user_can( MCSF_CAP_THRESHOLD ) ) { return; }
    600605
    601606    $api = mailchimp_sf_get_api();

  • mailchimp/tags/1.6.4/readme.txt

    r3232267 r3435499  
    33Tags:         mailchimp, email, newsletter, signup, marketing
    44Tested up to: 6.7
    5 Stable tag:   1.6.3
     5Stable tag:   1.6.4
    66License:      GPL-2.0-or-later
    77License URI:  https://spdx.org/licenses/GPL-2.0-or-later.html
     
    8181
    8282== Changelog ==
     83
     84= 1.6.4 - 2026-01-08 =
     85* **Fix:** Provide CSRF hardening for Mailchimp List changes.
    8386
    8487= 1.6.3 - 2025-01-30 =

  • mailchimp/tags/1.6.4/views/setup_page.php

    r3232267 r3435499  
    105105                        <td>
    106106                            <input type="hidden" name="mcsf_action" value="update_mc_list_id" />
     107                            <?php wp_nonce_field( 'update_mc_list_id_action', 'update_mc_list_id_nonce' ); ?>
    107108                            <input type="submit" name="Submit" value="<?php esc_attr_e( 'Update List', 'mailchimp' ); ?>" class="button mailchimp-sf-button small" />
    108109                        </td>
Note: See TracChangeset for help on using the changeset viewer.