Changeset 3241539

Timestamp:

02/16/2025 11:00:47 PM (13 months ago)

Author:

pattihis

Message:

Version 1.4.1

Location:

simple-photo-feed

Files:

• tags/1.4.1 (added)
• tags/1.4.1/LICENSE.txt (added)
• tags/1.4.1/README.txt (added)
• tags/1.4.1/admin (added)
• tags/1.4.1/admin/class-simple-photo-feed-admin.php (added)
• tags/1.4.1/admin/css (added)
• tags/1.4.1/admin/css/simple-photo-feed-admin.css (added)
• tags/1.4.1/admin/index.php (added)
• tags/1.4.1/admin/js (added)
• tags/1.4.1/admin/js/simple-photo-feed-admin.js (added)
• tags/1.4.1/admin/partials (added)
• tags/1.4.1/admin/partials/simple-photo-feed-admin-display.php (added)
• tags/1.4.1/includes (added)
• tags/1.4.1/includes/class-simple-photo-feed-activator.php (added)
• tags/1.4.1/includes/class-simple-photo-feed-api.php (added)
• tags/1.4.1/includes/class-simple-photo-feed-deactivator.php (added)
• tags/1.4.1/includes/class-simple-photo-feed-i18n.php (added)
• tags/1.4.1/includes/class-simple-photo-feed-loader.php (added)
• tags/1.4.1/includes/class-simple-photo-feed.php (added)
• tags/1.4.1/includes/index.php (added)
• tags/1.4.1/index.php (added)
• tags/1.4.1/languages (added)
• tags/1.4.1/languages/simple-photo-feed.pot (added)
• tags/1.4.1/public (added)
• tags/1.4.1/public/class-simple-photo-feed-public.php (added)
• tags/1.4.1/public/css (added)
• tags/1.4.1/public/css/simple-photo-feed-public.css (added)
• tags/1.4.1/public/index.php (added)
• tags/1.4.1/public/js (added)
• tags/1.4.1/public/js/simple-photo-feed-public.js (added)
• tags/1.4.1/public/partials (added)
• tags/1.4.1/public/partials/simple-photo-feed-public-display.php (added)
• tags/1.4.1/simple-photo-feed.php (added)
• tags/1.4.1/uninstall.php (added)
• trunk/README.txt (modified) (2 diffs)
• trunk/admin/class-simple-photo-feed-admin.php (modified) (3 diffs)
• trunk/admin/js/simple-photo-feed-admin.js (modified) (2 diffs)
• trunk/simple-photo-feed.php (modified) (2 diffs)

simple-photo-feed/trunk/README.txt

@@ -4 +4 @@
 Tags: photo gallery, instagram, feed, social, embed
 Requires at least: 5.3.0
-Tested up to: 6.7.1
+Tested up to: 6.7.2
 Requires PHP: 7.2
-Stable tag: 1.4.0
+Stable tag: 1.4.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -95 +95 @@
 == Changelog ==
 
+= 1.4.1 =
+* Compatibility with WordPress 6.7.2
+* Add nonce to Ajax calls for improved security
+
 = 1.4.0 =
 * Update to Business API after Basic API deprecation

simple-photo-feed/trunk/admin/class-simple-photo-feed-admin.php

@@ -77 +77 @@
                 'ajax_url'  => admin_url( 'admin-ajax.php' ),
                 'theme_uri' => get_stylesheet_directory_uri(),
+                'nonce'     => wp_create_nonce( 'simple-photo-feed-nonce' ),
             )
         );
@@ -195 +196 @@
      */
     public function spf_disconnect_user() {
+        $nonce = isset( $_POST['nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['nonce'] ) ) : '';
+        if ( ! current_user_can('edit_posts') || ! wp_verify_nonce( $nonce, 'simple-photo-feed-nonce' ) ) {
+            wp_send_json_error( esc_html__( 'Unauthorized!', 'simple-photo-feed' ), 403 );
+            return;
+        }
+
         $options = get_option( 'spf_main_settings', array() );
 
@@ -218 +225 @@
      */
     public function spf_clear_feed_cache() {
+        $nonce = isset( $_POST['nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['nonce'] ) ) : '';
+        if ( ! current_user_can('edit_posts') || ! wp_verify_nonce( $nonce, 'simple-photo-feed-nonce' ) ) {
+            wp_send_json_error( esc_html__( 'Unauthorized!', 'simple-photo-feed' ), 403 );
+            return;
+        }
 
         if ( $this->spf_delete_transients() ) {

simple-photo-feed/trunk/admin/js/simple-photo-feed-admin.js

@@ -14 +14 @@
           data = new FormData();
         data.append('action', 'spf_disconnect_user');
+        data.append('nonce', window.spf.nonce);
         xhr.open('POST', window.spf.ajax_url, true);
         xhr.onreadystatechange = function () {
@@ -52 +53 @@
           data = new FormData();
         data.append('action', 'spf_clear_feed_cache');
+        data.append('nonce', window.spf.nonce);
         xhr.open('POST', window.spf.ajax_url, true);
         xhr.onreadystatechange = function () {

simple-photo-feed/trunk/simple-photo-feed.php

@@ -14 +14 @@
  * Plugin URI:        https://wordpress.org/plugins/simple-photo-feed/
  * Description:       Simple Photo Feed provides an easy way to connect to your Instagram account and display your photos in your WordPress site.
- * Version:           1.4.0
+ * Version:           1.4.1
  * Requires at least: 5.3.0
- * Tested up to:      6.7.1
+ * Tested up to:      6.7.2
  * Requires PHP:      7.2
  * Author:            George Pattichis
@@ -34 +34 @@
  * Current plugin version
  */
-define( 'SPF_VERSION', '1.4.0' );
+define( 'SPF_VERSION', '1.4.1' );
 
 /**