Skip to content

Commit

Permalink
2.4.5 Release
Browse files Browse the repository at this point in the history 
* FIXED: WordPress 6.0 compatibility
* FIXED: CSRF vulnerabilities fixed (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29450)
  • Loading branch information
@oliverschloebe
oliverschloebe committed Jun 18, 2022
1 parent 33410f8 commit f94732d
Show file tree
Hide file tree
Showing 9 changed files with 122 additions and 21 deletions.
6 changes: 3 additions & 3 deletions admin-management-xtended.php
View file
@@ -1,7 +1,7 @@
<?php
/*
Plugin Name: Admin Management Xtended
Version: 2.4.4
Version: 2.4.5
Plugin URI: https://www.schloebe.de/wordpress/admin-management-xtended-plugin/
Description: <strong>WordPress 4.3+ only.</strong> Extends admin functionalities by introducing: toggling post/page visibility inline, changing page order with drag'n'drop, inline category management, inline tag management, changing publication date inline, changing post slug inline, toggling comment status open/closed, hide draft posts, change media order, change media description inline, toggling link visibility, changing link categories
Author: Oliver Schl&ouml;be
Expand All @@ -10,7 +10,7 @@
Domain Path: /languages
Copyright 2008-2021 Oliver Schlöbe (email : scripts@schloebe.de)
Copyright 2008-2022 Oliver Schlöbe (email : scripts@schloebe.de)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -53,7 +53,7 @@ function ame_is_plugin_active( $plugin_filename ) {
/**
* Define the plugin version
*/
define("AME_VERSION", "2.4.4");
define("AME_VERSION", "2.4.5");

/**
* Define the global var AMEISWP43, returning bool if WP 4.3 or higher is running
Expand Down
9 changes: 7 additions & 2 deletions css/styles.css
View file
@@ -1,7 +1,8 @@
.status-draft, .status-future, .cannotdrop {
-moz-opacity: 0.4;
.cannotdrop {
opacity: 0.4;
filter:Alpha(opacity=40, finishopacity=40, style=1);
}

.ondragrow {
background: #328AB2;
color: #fff;
Expand All @@ -11,6 +12,10 @@
color: #fff;
}

#TB_ajaxContent {
overflow: hidden;
}

ul#categorychecklist {
list-style: none;
padding: 0;
Expand Down
88 changes: 78 additions & 10 deletions general-functions.php
View file
Expand Up @@ -8,7 +8,7 @@
*/

/*
* Copyright 2008-2020 Oliver Schlöbe (email : scripts@schloebe.de)
* Copyright 2008-2022 Oliver Schlöbe (email : scripts@schloebe.de)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -71,6 +71,8 @@ function return_function($output) {
*/
function ame_ajax_save_mediadesc() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['postid'] );
$new_mediadesc = $_POST['new_mediadesc'];

Expand All @@ -96,6 +98,8 @@ function ame_ajax_save_mediadesc() {
*/
function ame_ajax_set_commentstatus() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['postid'] );
$q_status = intval( $_POST['comment_status'] );

Expand Down Expand Up @@ -127,6 +131,7 @@ function ame_ajax_set_commentstatus() {
*/
function ame_get_pageorder() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

if( !current_user_can( 'edit_pages' ) ) {
die();
Expand Down Expand Up @@ -155,6 +160,8 @@ function ame_get_pageorder() {
*/
function ame_ajax_save_tags() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['postid'] );
$ame_tags = $_POST['new_tags'];

Expand Down Expand Up @@ -200,6 +207,8 @@ function ame_ajax_save_tags() {
*/
function ame_ajax_get_categories() {
global $wpdb, $post;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$ame_id = intval( $_POST['postid'] );

if( !current_user_can( 'edit_post', $ame_id ) ) {
Expand Down Expand Up @@ -232,6 +241,8 @@ function ame_ajax_get_categories() {
*/
function ame_ajax_save_categories() {
global $wpdb, $post;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['postid'] );
$ame_cats = $_POST['ame_cats'];

Expand Down Expand Up @@ -272,6 +283,8 @@ function ame_ajax_save_categories() {
*/
function ame_toggle_showinvisposts() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$status = intval( $_POST['status'] );

update_option( "ame_toggle_showinvisposts", $status );
Expand Down Expand Up @@ -300,6 +313,8 @@ function ame_ajax_toggle_imageset() {
*/
function ame_toggle_orderoptions() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$status = intval( $_POST['status'] );

update_option( "ame_show_orderoptions", $status );
Expand All @@ -314,6 +329,8 @@ function ame_toggle_orderoptions() {
*/
function ame_slug_edit() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['category_id'] );
if( is_string( $_POST['posttype'] ) ) $posttype = $_POST['posttype'];

Expand Down Expand Up @@ -342,6 +359,8 @@ function ame_slug_edit() {
*/
function ame_author_edit() {
global $wpdb, $current_user;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['post_id'] );

if( !current_user_can( 'edit_post', $postid ) ) {
Expand Down Expand Up @@ -396,6 +415,8 @@ function ame_author_edit() {
*/
function ame_save_order() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['category_id'] );
$neworderid = intval( $_POST['new_orderid'] );

Expand All @@ -416,6 +437,8 @@ function ame_save_order() {
*/
function ame_save_slug() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['category_id'] );

if( !current_user_can( 'edit_post', $postid ) ) {
Expand Down Expand Up @@ -451,6 +474,8 @@ function ame_save_slug() {
*/
function ame_save_author() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['category_id'] );

if( !current_user_can( 'edit_post', $postid ) ) {
Expand Down Expand Up @@ -480,6 +505,8 @@ function ame_save_author() {
*/
function ame_save_title() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['category_id'] );
$new_title = $_POST['new_title'];
$new_title = apply_filters( 'the_title', $new_title );
Expand All @@ -504,6 +531,8 @@ function ame_save_title() {
*/
function ame_set_date() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( substr( $_POST['category_id'], 10, 5 ) );

if( !current_user_can( 'edit_post', $postid ) ) {
Expand Down Expand Up @@ -542,6 +571,8 @@ function ame_set_date() {
*/
function ame_toggle_visibility() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['category_id'] );

if( !current_user_can( 'edit_post', $postid ) ) {
Expand Down Expand Up @@ -584,6 +615,8 @@ function ame_toggle_visibility() {
*/
function ame_toggle_sticky() {
global $wpdb;
check_ajax_referer( 'ame_ajax_validation', 'security' );

$postid = intval( $_POST['post_id'] );

if( !current_user_can( 'edit_post', $postid ) ) {
Expand Down Expand Up @@ -612,6 +645,8 @@ function ame_toggle_sticky() {
* @link http://plugins.trac.wordpress.org/browser/exclude-pages/trunk/exclude_pages.php#L162
*/
function ame_toggle_excludestatus() {
check_ajax_referer( 'ame_ajax_validation', 'security' );

if( !current_user_can( 'edit_pages' ) ) {
die();
return;
Expand Down Expand Up @@ -955,9 +990,20 @@ function ame_enqueue_stuff_edit() {
wp_enqueue_script( 'ame_gui-modificators', AME_PLUGINFULLURL . "js/gui-modificators.js", array(
'sack'
), AME_VERSION );
wp_enqueue_script( 'ame_miscscripts', AME_PLUGINFULLURL . "js/functions.js", array(
'sack'
), AME_VERSION );
wp_register_script(
'ame_miscscripts',
AME_PLUGINFULLURL . "js/functions.js",
array( 'jquery', 'sack' ),
AME_VERSION
);
wp_enqueue_script( 'ame_miscscripts' );
wp_localize_script(
'ame_miscscripts',
'ameAjaxSec',
array(
'ajaxnonce' => wp_create_nonce( 'ame_ajax_validation' )
)
);
}

add_action( 'admin_head', 'ame_css_admin_header' );
Expand Down Expand Up @@ -1000,9 +1046,20 @@ function ame_enqueue_stuff_linkmanager() {
wp_enqueue_script( 'ame_gui-modificators', AME_PLUGINFULLURL . "js/gui-modificators.js", array(
'sack'
), AME_VERSION );
wp_enqueue_script( 'ame_miscscripts', AME_PLUGINFULLURL . "js/functions.js", array(
'sack'
), AME_VERSION );
wp_register_script(
'ame_miscscripts',
AME_PLUGINFULLURL . "js/functions.js",
array( 'jquery', 'sack' ),
AME_VERSION
);
wp_enqueue_script( 'ame_miscscripts' );
wp_localize_script(
'ame_miscscripts',
'ameAjaxSec',
array(
'ajaxnonce' => wp_create_nonce( 'ame_ajax_validation' )
)
);
}

add_action( 'admin_print_scripts', 'ame_js_admin_header' );
Expand All @@ -1015,9 +1072,20 @@ function ame_enqueue_stuff_upload() {
wp_enqueue_script( 'ame_gui-modificators', AME_PLUGINFULLURL . "js/gui-modificators.js", array(
'sack'
), AME_VERSION );
wp_enqueue_script( 'ame_miscscripts', AME_PLUGINFULLURL . "js/functions.js", array(
'sack'
), AME_VERSION );
wp_register_script(
'ame_miscscripts',
AME_PLUGINFULLURL . "js/functions.js",
array( 'jquery', 'sack' ),
AME_VERSION
);
wp_enqueue_script( 'ame_miscscripts' );
wp_localize_script(
'ame_miscscripts',
'ameAjaxSec',
array(
'ajaxnonce' => wp_create_nonce( 'ame_ajax_validation' )
)
);
}

add_action( 'admin_print_scripts', 'ame_js_admin_header' );
Expand Down

0 comments on commit f94732d

Please sign in to comment.