Changeset 3481588

Timestamp:

03/13/2026 12:20:38 AM (2 weeks ago)

Author:

pattihis

Message:

Version 2.0.4

Location:

add-custom-fields-to-media

Files:

• tags/2.0.4 (added)
• tags/2.0.4/README.txt (added)
• tags/2.0.4/add-custom-fields-to-media.php (added)
• tags/2.0.4/admin (added)
• tags/2.0.4/admin/class-add-custom-fields-to-media-admin.php (added)
• tags/2.0.4/admin/css (added)
• tags/2.0.4/admin/css/add-custom-fields-to-media-admin.css (added)
• tags/2.0.4/admin/img (added)
• tags/2.0.4/admin/img/acfm.svg (added)
• tags/2.0.4/admin/index.php (added)
• tags/2.0.4/admin/partials (added)
• tags/2.0.4/admin/partials/add-custom-fields-to-media-admin-display.php (added)
• tags/2.0.4/admin/partials/add-custom-fields-to-media-admin-footer.php (added)
• tags/2.0.4/includes (added)
• tags/2.0.4/includes/class-add-custom-fields-to-media-activator.php (added)
• tags/2.0.4/includes/class-add-custom-fields-to-media-deactivator.php (added)
• tags/2.0.4/includes/class-add-custom-fields-to-media-i18n.php (added)
• tags/2.0.4/includes/class-add-custom-fields-to-media-loader.php (added)
• tags/2.0.4/includes/class-add-custom-fields-to-media.php (added)
• tags/2.0.4/includes/index.php (added)
• tags/2.0.4/languages (added)
• tags/2.0.4/languages/add-custom-fields-to-media.pot (added)
• tags/2.0.4/public (added)
• tags/2.0.4/public/class-add-custom-fields-to-media-public.php (added)
• tags/2.0.4/public/index.php (added)
• tags/2.0.4/uninstall.php (added)
• trunk/add-custom-fields-to-media.php (modified) (2 diffs)
• trunk/admin/partials/add-custom-fields-to-media-admin-display.php (modified) (2 diffs)
• trunk/includes/class-add-custom-fields-to-media.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)

add-custom-fields-to-media/trunk/add-custom-fields-to-media.php

@@ -11 +11 @@
  * Plugin URI:        https://wordpress.org/plugins/add-custom-fields-to-media/
  * Description:       Allows users to add custom fields to the media uploader and access those fields in template files. Great for adding copyrights, image meta etc.
- * Version:           2.0.3
+ * Version:           2.0.4
  * Author:            George Pattichis
  * Author URI:        https://profiles.wordpress.org/pattihis//
@@ -30 +30 @@
  * @since 2.0.0
  */
-define( 'ADD_CUSTOM_FIELDS_TO_MEDIA_VERSION', '2.0.3' );
+define( 'ADD_CUSTOM_FIELDS_TO_MEDIA_VERSION', '2.0.4' );
 
 /**

add-custom-fields-to-media/trunk/admin/partials/add-custom-fields-to-media-admin-display.php

@@ -37 +37 @@
 
 if ( ( isset( $_GET['delete'] ) && ! empty( $_GET['delete'] ) ) && is_array( $media_custom_fields ) ) {
+    if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ), 'acfm_delete_field' ) ) {
+        wp_die( esc_html__( 'Security check failed.', 'add-custom-fields-to-media' ) );
+    }
+    $new_custom_fields = array();
     foreach ( $media_custom_fields as $check_for_delete ) {
         if ( urldecode( sanitize_text_field( wp_unslash( $_GET['delete'] ) ) ) !== $check_for_delete['unique_id'] ) {
@@ -70 +74 @@
                         <td><?php echo esc_html( $custom_field['name'] ); ?></td>
                         <td><?php echo esc_html( $custom_field['help'] ); ?></td>
-                        <td><a href="<?php echo esc_url( 'options-general.php?page=add-custom-fields-to-media&delete=' . $custom_field['unique_id'] ); ?>" style="text-decoration: none;" title="Delete Field"><span class="dashicons dashicons-trash"></span></a></td>
+                        <td><a href="<?php echo esc_url( wp_nonce_url( 'options-general.php?page=add-custom-fields-to-media&delete=' . $custom_field['unique_id'], 'acfm_delete_field' ) ); ?>" style="text-decoration: none;" title="Delete Field"><span class="dashicons dashicons-trash"></span></a></td>
                     </tr>
                 <?php } ?>

add-custom-fields-to-media/trunk/includes/class-add-custom-fields-to-media.php

@@ -65 +65 @@
             $this->version = ADD_CUSTOM_FIELDS_TO_MEDIA_VERSION;
         } else {
-            $this->version = '2.0.3';
+            $this->version = '2.0.4';
         }
         $this->plugin_name = 'add-custom-fields-to-media';

add-custom-fields-to-media/trunk/readme.txt

@@ -5 +5 @@
 Donate link: https://profiles.wordpress.org/pattihis/
 Requires at least: 5.2
-Tested up to: 6.8
+Tested up to: 6.9.4
 Requires PHP: 7.2
-Stable tag: 2.0.3
+Stable tag: 2.0.4
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -64 +64 @@
 == Changelog ==
 
+= 2.0.4 =
+* Security: Fix CSRF vulnerability in custom field deletion (CVE-2025-4068)
+* Compatibility with WordPress v6.9
+
 = 2.0.3 =
 * Full compliance with WordPress Coding Standards (PHPCS)