Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'flatpressblog:master' into master

Browse Source
This commit is contained in:
Fraenkiman 2023-01-01 02:58:50 +01:00 committed by GitHub
commit 180366f88d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -45,7 +45,6 @@
## Security ## Security
- Possible XSS prevented: Session cookie missed the "secure" and "httponly" flags - Possible XSS prevented: Session cookie missed the "secure" and "httponly" flags
- Possible path traversal in Media Manager plugin prevented
- Proper check of uploaded files ([#152](https://github.com/flatpressblog/flatpress/issues/152), [#170](https://github.com/flatpressblog/flatpress/issues/170)) - Proper check of uploaded files ([#152](https://github.com/flatpressblog/flatpress/issues/152), [#170](https://github.com/flatpressblog/flatpress/issues/170))
- Possible XSS prevented: Admin Area URL ([#153](https://github.com/flatpressblog/flatpress/issues/153)) - Possible XSS prevented: Admin Area URL ([#153](https://github.com/flatpressblog/flatpress/issues/153))
- Possible XSS prevented: SVG/XML/MD upload ([#172](https://github.com/flatpressblog/flatpress/issues/172), [#178](https://github.com/flatpressblog/flatpress/issues/178)) - Possible XSS prevented: SVG/XML/MD upload ([#172](https://github.com/flatpressblog/flatpress/issues/172), [#178](https://github.com/flatpressblog/flatpress/issues/178))
@ -54,6 +53,7 @@
- Possible XSS in Media Manager plugin prevented ([#177](https://github.com/flatpressblog/flatpress/issues/177)) - Possible XSS in Media Manager plugin prevented ([#177](https://github.com/flatpressblog/flatpress/issues/177))
- Possible path traversal in Media Manager plugin prevented ([#179](https://github.com/flatpressblog/flatpress/issues/179)) - Possible path traversal in Media Manager plugin prevented ([#179](https://github.com/flatpressblog/flatpress/issues/179))
- Possible XSSs in Admin Area prevented ([#180](https://github.com/flatpressblog/flatpress/issues/180), [#183](https://github.com/flatpressblog/flatpress/issues/183)) - Possible XSSs in Admin Area prevented ([#180](https://github.com/flatpressblog/flatpress/issues/180), [#183](https://github.com/flatpressblog/flatpress/issues/183))
- Possible CSRFs in Admin Area prevented ([#64](https://github.com/flatpressblog/flatpress/issues/64))
# 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1) # 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1)
## Bugfixes ## Bugfixes

3
admin/panels/entry/admin.entry.delete.php
View File

@ -45,6 +45,9 @@ class admin_entry_delete extends AdminPanelAction {
} }
function ondelete() { function ondelete() {
// at first: check if nonce was given correctly
check_admin_referer('admin_entry_delete');
$id = $_REQUEST ['entry']; $id = $_REQUEST ['entry'];
$ok = draft_delete($id) || entry_delete($id); $ok = draft_delete($id) || entry_delete($id);

6
admin/panels/plugin/admin.plugin.php
View File

@ -53,6 +53,9 @@ class admin_plugin_default extends AdminPanelAction {
} }
function dodisable($id) { function dodisable($id) {
// at first: check if nonce was given correctly
check_admin_referer('admin_plugin_default_disable_' . $id);
$fp_plugins = $this->fp_plugins; $fp_plugins = $this->fp_plugins;
$success = -1; $success = -1;
@ -78,6 +81,9 @@ class admin_plugin_default extends AdminPanelAction {
} }
function doenable($id) { function doenable($id) {
// at first: check if nonce was given correctly
check_admin_referer('admin_plugin_default_enable_' . $id);
$success = -1; $success = -1;
$fp_plugins = $this->fp_plugins; $fp_plugins = $this->fp_plugins;

19
fp-includes/core/core.wp-pluggable-funcs.php
View File

@ -327,6 +327,15 @@ endif;
if (!function_exists('wp_verify_nonce')) : if (!function_exists('wp_verify_nonce')) :
/**
* Verifies the given nonce for the given action string.
*
* @param string $nonce
* the nonce to verify
* @param string $action
* the action
* @return boolean <code>true</code> if the nonce is valid; <code>false</code> otherwise
*/
function wp_verify_nonce($nonce, $action = -1) { function wp_verify_nonce($nonce, $action = -1) {
$user = user_get(); $user = user_get();
$uid = $user ['userid']; $uid = $user ['userid'];
@ -334,11 +343,13 @@ if (!function_exists('wp_verify_nonce')) :
// new nonce each 12 hours // new nonce each 12 hours
$i = ceil(time() / (60 * 60 * 12)); $i = ceil(time() / (60 * 60 * 12));
// Allow for expanding range, but only do one check if we can // The nonce we expect for the given action at the current time
$expectedNonce = substr(wp_hash($i . $action . $uid), -12, 10); $expectedNonce = substr(wp_hash($i . $action . $uid), -12, 10);
if ($expectedNonce == $nonce || substr(wp_hash(($i - 1) . $action . $uid), -12, 10) == $nonce) // The nonce we expect for the given action in the previous time period
return true; $expectedPreviousNonce = substr(wp_hash(($i - 1) . $action . $uid), -12, 10);
return false;
// given nonce must match the current or the previous nonce
return $nonce == $expectedNonce || $nonce == $expectedPreviousNonce;
} }
endif; endif;