Changeset 3080176

Timestamp:

05/02/2024 08:28:18 AM (2 years ago)

Author:

Adrian2k7

Message:

3.1.1

• Improved security: Added a nonce and capability (manage_options) check
• Requires PHP 8.0+ now

Location:

embed-google-fonts

Files:

• tags/3.1.1 (added)
• tags/3.1.1/embed-google-fonts.php (added)
• tags/3.1.1/includes (added)
• tags/3.1.1/includes/class.embed-google-fonts-administration.php (added)
• tags/3.1.1/includes/class.embed-google-fonts-proxy.php (added)
• tags/3.1.1/readme.txt (added)
• trunk/embed-google-fonts.php (modified) (1 diff)
• trunk/includes/class.embed-google-fonts-administration.php (modified) (3 diffs)
• trunk/readme.txt (modified) (2 diffs)

embed-google-fonts/trunk/embed-google-fonts.php

@@ -5 +5 @@
  * Plugin URI: https://github.com/moewe-io/embed-google-fonts
  * Description: Helper plugin for embedding Google fonts.
- * Version: 3.1.0
- * Requires at least: 6.0
- * Requires PHP: 7.3
+ * Version: 3.1.1
+ * Requires at least: 6.5.2
+ * Requires PHP: 8.0
  * Author: Adrian Mörchen + Contributors
  * Author URI: https://moerchen.io/

embed-google-fonts/trunk/includes/class.embed-google-fonts-administration.php

@@ -8 +8 @@
 
     function copy_files() {
+
+        $nonce = filter_input( INPUT_GET, 'nonce' );
+
+        if ( ! wp_verify_nonce( $nonce, 'embed_google_fonts_copy_files' ) ) {
+            wp_die( __( 'Nonce check failed', 'embed-google-fonts' ) );
+        }
+
+        if ( ! current_user_can( 'manage_options' ) ) {
+            wp_die( esc_js( __( 'You are not allowed to copy files.', 'embed-google-fonts' ) ) );
+        }
+
         $cacheFolder = apply_filters( 'embed_google_fonts_get_base_directory', false );
         $localFolder = apply_filters( 'embed_google_fonts_get_local_base_directory', false );
@@ -57 +68 @@
                 <?php
                 $confirmation = esc_js( __( 'Are you sure?', 'embed-google-fonts' ) );
+                $url = add_query_arg(
+                    [
+                        'action' => 'embed_google_fonts_copy_files',
+                        'nonce'  => wp_create_nonce( 'embed_google_fonts_copy_files' )
+                    ],
+                    admin_url( 'admin-ajax.php' ) );
                 ?>
 
@@ -64 +81 @@
                     }
 
-                    let url = ajaxurl + '?action=embed_google_fonts_copy_files';
+                    let url = "<?= $url ?>";
 
                     // Making our request

embed-google-fonts/trunk/readme.txt

@@ -3 +3 @@
 Tags: google fonts, embed, gdpr
 Donate link: https://www.paypal.com/paypalme/scrobbleme/5
-Requires at least: 5.9
-Tested up to: 6.1
-Stable tag: 3.1.0
-Requires PHP: 7.3
+Requires at least: 6.1
+Tested up to: 6.5.2
+Stable tag: 3.1.1
+Requires PHP: 8.0
 License: GPL v3
 License URI: http://www.gnu.org/copyleft/gpl.html
@@ -82 +82 @@
 
 == Changelog ==
+
+= 3.1.1 =
+
+* Improved security: Added a nonce and capability (manage_options) check
+* Requires PHP 8.0+ now
 
 = 3.1.0 =