WordPress.org
Get WordPress

Plugin Directory

Changeset 806612


Ignore:
Timestamp:
11/19/2013 06:45:00 AM (12 years ago)
Author:
Driftless1
Message:

Security update

Location:
exifize-my-dates/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • exifize-my-dates/trunk

    • Property svn:ignore

      •  

        old new  
        1 deploy.sh
         1wp-deploy.sh
        22README.md
        33.git

  • exifize-my-dates/trunk/exifize-my-dates.php

    r805180 r806612  
    44Plugin URI: http://wordpress.org/extend/plugins/exifize-my-dates/
    55Description: Photoblog plugin to change the published dates of a selected post type to the EXIF:capture_date of the Featured or 1st attached image of the post.
    6 Version: 1.0
     6Version: 1.1
    77Author: LBell
    88Author URI: http://twitter.com/lbell
     
    2929*/
    3030
    31 
    3231add_action( 'admin_menu', 'exifize_date_menu' );
    3332function exifize_date_menu() {
     
    3635
    3736function exifize_my_dates() {
    38     ?>
    39    
     37    ?> 
    4038    <div class="">
    4139        <h1>EXIFize My Dates</h1>
     
    4442   
    4543    if(isset($_POST['submit']) && $_POST['ptype'] != 'none') {
    46         $ptype = $_POST['ptype'];
    47         exifizer_nuclear_option($ptype);
    48     }
     44        // Check nonce if we are asked to do something...
     45        if( check_admin_referer('exifize_my_dates_nuclear_nonce') ){
     46            $ptype = $_POST['ptype'];
     47            exifizer_nuclear_option($ptype);
     48        } else {
     49            wp_die( 'What are you doing, Dave? (Invalid Request)' );
     50        }
     51    }
    4952   
    5053    $args=array(
     
    7073        <p>Choose the post type who's dates you want to change:</p>
    7174        <form name="input" action="<?php $_SERVER['PHP_SELF'];?>" method="post">
     75            <?php
     76            if ( function_exists('wp_nonce_field') ) wp_nonce_field('exifize_my_dates_nuclear_nonce');
     77            ?>
     78           
    7279            <select name="ptype">
    7380                <option value="none">None</option>
     
    9097
    9198function exifizer_nuclear_option($ptype){
     99    if ( ! current_user_can( 'manage_options' ) )
     100        wp_die( 'What are you doing, Dave? (Insufficient Capability)' );
     101
    92102    echo "<h2>Working...</h2>";
    93103

  • exifize-my-dates/trunk/readme.txt

    r805180 r806612  
    55Requires at least: 3.0
    66Tested up to: 3.7.1
    7 Stable tag: 1.0
     7Stable tag: 1.1
    88License: GPLv2 or later
    99License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    4848== Changelog ==
    4949
     50= 1.1 =
     51* Added security features to keep others from meddl'n with your affairs
     52
    5053= 1.0 =
    5154* After a year of safe use on many blogs, I declare this plugin stable! (Or if anyone has had issues, they sure haven't talked to me about it)
Note: See TracChangeset for help on using the changeset viewer.