WordPress.org
Get WordPress

Plugin Directory

Changeset 2841860


Ignore:
Timestamp:
12/31/2022 05:29:47 PM (3 years ago)
Author:
topdownjimmy
Message:
  • Use wp_verify_nonce to protect against CSRF
  • Use sprintf for translations.
Location:
edit-custom-fields/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • edit-custom-fields/trunk/edit-custom-fields.php

    r2438021 r2841860  
    44Plugin URI:
    55Description: A simple interface to edit or delete Custom Fields.
    6 Version: 0.1.7
     6Version: 0.1.8
    77Author: Jay Sitter
    88Author URI: http://www.jaysitter.com/
     
    2828
    2929        if ( isset( $_POST['delete'] ) ) { // If the user has confirmed a delete action
     30      $nonce = $_REQUEST['_wpnonce'];
    3031
    3132            if ( $_POST['delete'] == 'confirm' ) {
    3233
    33                 if ( !check_admin_referer('ecf_delete' ) ) {
     34                if ( !wp_verify_nonce( $nonce, 'ecf_delete') ) {
    3435                    die( __( 'Nonce doesn’t match', 'ecf' ) );
    3536                }
     
    4647
    4748            if ( $_POST['rename'] == 'confirm' || $_POST['rename'] == 'undo' ) {
    48 
    49                 if ( !check_admin_referer('ecf_rename' ) ) {
     49        $nonce = $_REQUEST['_wpnonce'];
     50
     51                if ( !wp_verify_nonce( $nonce, 'ecf_rename') ) {
    5052                    die( __( 'Nonce doesn’t match', 'ecf' ) );
    5153                }
     
    6264                    $existing = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->postmeta WHERE meta_key = '%s'", $value ) );
    6365                    if ( count( $existing ) > 0 ) {
    64                         echo '<p style="color:red;">', __( 'The Custom Field', 'ecf' ), ' "', $key, '" ', __( 'could not be renamed to', 'ecf' ), ' "', $value, '" ', __( 'because a Custom Field with that key already exists.', 'ecf' ), '</p>';
     66                        echo '<p style="color:red;">', sprintf( __( 'The Custom Field "%s" could not be renamed to "%s" because a Custom Field with that key already exists.', 'ecf' ), $key, $value ), '</p>';
    6567                    } else {
    6668                        $wpdb->update( $wpdb->postmeta, array( 'meta_key' => $value ), array( 'meta_key' => $key ) );
    67                         echo '<p>', __( 'The Custom Field', 'ecf' ), ' "', $key, '" ', __( 'was renamed to', 'ecf' ), ' "', $value, '" . </p>';
     69                        echo '<p>', sprintf( __( 'The Custom Field "%s" was renamed to "%s".', 'ecf'), $key, $value ), '</p>';
    6870                        $success = true;
    6971                    }

  • edit-custom-fields/trunk/readme.txt

    r2438021 r2841860  
    33Tags: custom fields, customfields, custom field, customfield, admin
    44Requires at least: 3.5.1
    5 Tested up to: 5.5.3
    6 Stable tag: 0.1.7
     5Tested up to: 6.1.1
     6Stable tag: 0.1.8
    77License: GPLv2 or later
    88License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    3232
    3333== Changelog ==
     34
     35= 0.1.8 =
     36
     37- Use wp_verify_nonce to protect against CSRF
     38- Use sprintf for translations.
    3439
    3540= 0.1.7 =
Note: See TracChangeset for help on using the changeset viewer.