Changeset 3455340

Timestamp:

02/06/2026 11:58:38 AM (7 weeks ago)

Author:

lordspace

Message:

tested with wp 6.9. Sanitized data a bit more

File:

• orbisius-random-name-generator/trunk/orbisius-random-name-generator.php (modified) (4 diffs)

orbisius-random-name-generator/trunk/orbisius-random-name-generator.php

@@ -4 +4 @@
 Plugin URI: https://orbisius.com/products/wordpress-plugins/orbisius-random-name-generator
 Description: Displays a random name out of words that you have specified between the shortcode [orbisius_random_name_generator]....[/orbisius_random_name_generator]
-Version: 1.0.2
+Version: 1.0.3
+Requires at least: 5.0
+Tested up to: 6.9
+Requires PHP: 7.4
 Author: Svetoslav Marinov (Slavi)
 Author URI: https://orbisius.com
+License: GPL-2.0-or-later
+License URI: https://www.gnu.org/licenses/gpl-2.0.html
 Text Domain: orbisius-random-name-generator
 Domain Path: /lang
@@ -73 +78 @@
         ob_start();
 
+        $attribs = is_array($attribs) ? $attribs : [];
+        $attribs = array_map('sanitize_text_field', $attribs);
+        $req_data = array_map('sanitize_text_field', $_REQUEST);
+
         $btn_label = empty($attribs['btn_label']) ? 'Generate' : $attribs['btn_label'];
         $instance_id++;
 
         // Let's get a random word only on post
-        if ($this->isPost() && (!empty($_REQUEST['instance_id']) && $_REQUEST['instance_id'] == $instance_id)) {
+        $process_form = false;
+
+        if (!empty($req_data['instance_id'])) {
+            $req_instance_id = intval($req_data['instance_id']);
+
+            if ($req_instance_id == $instance_id && $this->isPost()) {
+                $req_nonce = !empty($req_data['orbisius_rng_nonce']) ? $req_data['orbisius_rng_nonce'] : '';
+                $process_form = wp_verify_nonce($req_nonce, 'orbisius_rng_action');
+            }
+        }
+
+        if ($process_form) {
             $words = $this->parseKeywords($content);
 
@@ -101 +121 @@
                           class="orbisius_random_name_generator_form orbisius_random_name_generator_form<?php echo (int) $instance_id; ?> form-horizontal" method="POST">
                         <input type="hidden" name="instance_id" value="<?php echo (int) $instance_id; ?>">
+                        <?php wp_nonce_field('orbisius_rng_action', 'orbisius_rng_nonce'); ?>
                         <div class="row">
                             <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
@@ -110 +131 @@
                             <div class="col-lg-12 col-md-12 col-sm-12 col-xs-12">
                                 <button id="submit" class="btn btn-color">
-                                    <?php _e($btn_label, 'orbisius-random-name-generator');?></button>
+                                    <?php esc_html_e($btn_label, 'orbisius-random-name-generator');?></button>
                             </div>
                         </div>