WordPress.org
Get WordPress

Plugin Directory

Changeset 3444649


Ignore:
Timestamp:
01/22/2026 09:22:15 AM (7 weeks ago)
Author:
raster02
Message:

Releasing new version 1.2.2

Location:
client-portal
Files:
4 edited
1 copied

Legend:

Unmodified
Added
Removed

  • client-portal/tags/1.2.2/index.php

    r3419801 r3444649  
    44 * Plugin URI: http://www.cozmoslabs.com/
    55 * Description:  Build a company site with a client portal where clients login and see a restricted-access, personalized page of content with links and downloads.
    6  * Version: 1.2.1
     6 * Version: 1.2.2
    77 * Author: Cozmoslabs, Madalin Ungureanu, Antohe Cristian
    88 * Author URI: http://www.cozmoslabs.com
     
    7474        /* add bulk action to create private user pages */
    7575        add_filter( 'admin_footer-users.php', array( $this, 'cp_create_private_page_bulk_actions' ) );
     76        add_action( 'restrict_manage_users', array( $this, 'cp_add_bulk_action_nonce' ) );
    7677        add_action( 'admin_action_create_private_page', array( $this, 'cp_create_private_pages_in_bulk' ) );
    7778
     
    931932
    932933    /**
     934     * Function that adds nonce field to the Users table form for bulk actions
     935     */
     936    function cp_add_bulk_action_nonce(){
     937        wp_nonce_field( 'cp_create_private_page_bulk_actions', 'cp_create_private_page_nonce' );
     938    }
     939
     940    /**
    933941     * Function that creates a private page for the selected users in the bulk action
    934942     */
    935943    function cp_create_private_pages_in_bulk(){
     944
     945        if( !isset( $_REQUEST['cp_create_private_page_nonce'] ) || !wp_verify_nonce( sanitize_text_field( $_REQUEST['cp_create_private_page_nonce'] ), 'cp_create_private_page_bulk_actions' ) )
     946            return;
     947
     948        if( !current_user_can( 'edit_users' ) )
     949            return;
     950
    936951        if ( !empty( $_REQUEST['users'] ) && is_array( $_REQUEST['users'] ) ) {
    937952            $users = array_map( 'absint', $_REQUEST['users'] );
     
    940955            }
    941956        }
     957
    942958    }
    943959

  • client-portal/tags/1.2.2/readme.txt

    r3419801 r3444649  
    55Requires at least: 3.1
    66Tested up to: 6.9
    7 Stable tag: 1.2.1
     7Stable tag: 1.2.2
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    3737
    3838== Changelog ==
     39= 1.2.2 =
     40* Fix: Security issue regarding Broken Access Control when bulk generating private pages. Thanks to Nabil Irawan and the Patchstack team
     41
    3942= 1.2.1 =
    40 * Fix translation notice
     43* Fix: translation notice
    4144
    4245= 1.2.0 =

  • client-portal/trunk/index.php

    r3419801 r3444649  
    44 * Plugin URI: http://www.cozmoslabs.com/
    55 * Description:  Build a company site with a client portal where clients login and see a restricted-access, personalized page of content with links and downloads.
    6  * Version: 1.2.1
     6 * Version: 1.2.2
    77 * Author: Cozmoslabs, Madalin Ungureanu, Antohe Cristian
    88 * Author URI: http://www.cozmoslabs.com
     
    7474        /* add bulk action to create private user pages */
    7575        add_filter( 'admin_footer-users.php', array( $this, 'cp_create_private_page_bulk_actions' ) );
     76        add_action( 'restrict_manage_users', array( $this, 'cp_add_bulk_action_nonce' ) );
    7677        add_action( 'admin_action_create_private_page', array( $this, 'cp_create_private_pages_in_bulk' ) );
    7778
     
    931932
    932933    /**
     934     * Function that adds nonce field to the Users table form for bulk actions
     935     */
     936    function cp_add_bulk_action_nonce(){
     937        wp_nonce_field( 'cp_create_private_page_bulk_actions', 'cp_create_private_page_nonce' );
     938    }
     939
     940    /**
    933941     * Function that creates a private page for the selected users in the bulk action
    934942     */
    935943    function cp_create_private_pages_in_bulk(){
     944
     945        if( !isset( $_REQUEST['cp_create_private_page_nonce'] ) || !wp_verify_nonce( sanitize_text_field( $_REQUEST['cp_create_private_page_nonce'] ), 'cp_create_private_page_bulk_actions' ) )
     946            return;
     947
     948        if( !current_user_can( 'edit_users' ) )
     949            return;
     950
    936951        if ( !empty( $_REQUEST['users'] ) && is_array( $_REQUEST['users'] ) ) {
    937952            $users = array_map( 'absint', $_REQUEST['users'] );
     
    940955            }
    941956        }
     957
    942958    }
    943959

  • client-portal/trunk/readme.txt

    r3419801 r3444649  
    55Requires at least: 3.1
    66Tested up to: 6.9
    7 Stable tag: 1.2.1
     7Stable tag: 1.2.2
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    3737
    3838== Changelog ==
     39= 1.2.2 =
     40* Fix: Security issue regarding Broken Access Control when bulk generating private pages. Thanks to Nabil Irawan and the Patchstack team
     41
    3942= 1.2.1 =
    40 * Fix translation notice
     43* Fix: translation notice
    4144
    4245= 1.2.0 =
Note: See TracChangeset for help on using the changeset viewer.