Merge pull request #59 from alicolville/added-nonce

4.1.5
alicolville · Jul 2, 2024 · ace57df · ace57df
2 parents 1fe22ed + a0c174b
commit ace57df
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 4 deletions.
diff --git a/includes/pages/page.edit.php b/includes/pages/page.edit.php
@@ -52,7 +52,8 @@ function sh_cd_pages_your_shortcodes_edit( $action = 'add', $save_result = NULL
                                 ?>
                                     <form method="post" action="<?php echo sh_cd_link_your_shortcodes() . '&action=save'; ?>">
 										<input type="hidden" id="id" name="id" value="<?php echo esc_attr( $shortcode['id'] ); ?>" />
-
+                                        <?php wp_nonce_field( 'save-shortcode' ); ?>
+
 										<div class="sh-cd-button-row sh-cd-border-bottom">
 											<a class="comment-submit button" href="<?php echo sh_cd_link_your_shortcodes(); ?>"><?php echo __( 'Cancel', SH_CD_SLUG ); ?></a>
 											<input name="submit_button" type="submit" value="Save Shortcode" class="comment-submit button button-primary">

diff --git a/includes/pages/page.list.php b/includes/pages/page.list.php
@@ -14,6 +14,8 @@ function sh_cd_pages_your_shortcodes() {
 	// Do we have a save event?
 	if ( 'save' === $action ) {
 
+		check_admin_referer( 'save-shortcode' );
+
 		$save_result = false;
 
 		if ( false === empty( $_POST[ 'id'] ) ||

diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.me/yeken
 Tags: shortcode, variable, php, text, html, parameter, javascript, embed, reuse
 Requires at least: 6.0
 Tested up to: 6.5
-Stable tag: 4.1.4
+Stable tag: 4.1.5
 Requires PHP: 7.4
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -147,6 +147,10 @@ Login into Wordpress Admin Panel and goto Settings > Snippet Shortcodes
 
 == Changelog ==
 
+= 4.1.5 =
+
+* Maintenance: Added a nonce to the main admin Add/Edit UI screen. Although the form was on an admin screen and not exposed to the public, it doesn't hurt to add a nonce as well. Thanks Benedictus Jovan (aillesiM).
+
 = 4.1.4 =
 
 * Maintenance: Updated tested with WP 6.5 note.

diff --git a/shortcode-variables.php b/shortcode-variables.php
@@ -5,7 +5,7 @@
 /**
  * Plugin Name: Snippet Shortcodes
  * Description: Create your own shortcodes and assign text / variables to it or use our premade ones. You can then embed these shortcodes throughout your entire site and only have to change the value in one place.
- * Version: 4.1.4
+ * Version: 4.1.5
  * Requires at least:   6.0
  * Tested up to: 		6.5
  * Requires PHP:        7.4
@@ -34,7 +34,7 @@
 
 define( 'SH_CD_ABSPATH', plugin_dir_path( __FILE__ ) );
 
-define( 'SH_CD_PLUGIN_VERSION', '4.1.4' );
+define( 'SH_CD_PLUGIN_VERSION', '4.1.5' );
 define( 'SH_CD_PLUGIN_NAME', 'Snippet Shortcodes' );
 define( 'SH_CD_TABLE', 'SH_CD_SHORTCODES' );
 define( 'SH_CD_TABLE_MULTISITE', 'SH_CD_SHORTCODES_MULTISITE' );