Skip to content
This repository has been archived by the owner on Oct 30, 2020. It is now read-only.

Commit

Permalink
Security Fix
Browse files Browse the repository at this point in the history
  • Loading branch information
@ruhanirabin
ruhanirabin committed Mar 18, 2015
1 parent a1473ac commit 4e9eafe
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 9 deletions.
2 changes: 1 addition & 1 deletion wp-optimize-main.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
if ( ! defined( 'WPINC' ) ) {
die;
}
error_reporting( error_reporting() & ~E_NOTICE );

$text = '';

if (isset($_POST["clean-revisions"])) {
Expand Down
15 changes: 7 additions & 8 deletions wp-optimize-settings.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,8 @@

$GLOBALS['wpo_auto_options'] = get_option('wp-optimize-auto');

error_reporting( error_reporting() & ~E_NOTICE );

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
check_admin_referer( 'wpo_settings' );

// …
if (isset($_POST["enable-schedule"])) {
Expand Down Expand Up @@ -61,7 +60,7 @@
update_option( OPTION_NAME_ENABLE_EMAIL, 'false' );
}
if (isset($_POST["enable-email-address"])) {
update_option( OPTION_NAME_ENABLE_EMAIL_ADDRESS, $_POST["enable-email-address"] );
update_option( OPTION_NAME_ENABLE_EMAIL_ADDRESS, wp_unslash( $_POST["enable-email-address"] ) );
} else {
update_option( OPTION_NAME_ENABLE_EMAIL_ADDRESS, get_bloginfo ( 'admin_email' ) );
}
Expand All @@ -72,7 +71,7 @@
$bool_opts = array( 'revisions', 'drafts', 'spams', 'unapproved', 'transient', 'postmeta', 'tags', 'optimize' );

foreach($bool_opts as $key) {
$new_options[$key] = $new_options[$key] ? 'true' : 'false';
$new_options[$key] = !empty( $new_options[$key] ) ? 'true' : 'false';
}
update_option( 'wp-optimize-auto', $new_options);

Expand Down Expand Up @@ -124,7 +123,7 @@

<div class="wpo_section wpo_group">
<form action="#" method="post" enctype="multipart/form-data" name="settings_form" id="settings_form">

<?php wp_nonce_field( 'wpo_settings' ); ?>

<div class="wpo_col wpo_span_1_of_3">
<div class="postbox">
Expand All @@ -136,7 +135,7 @@
echo '<label>';
_e('Keep last ', 'wp-optimize'); ?>
<select id="retention-period" name="retention-period">
<option value="<?php echo get_option(OPTION_NAME_RETENTION_PERIOD, '2'); ?>"><?php echo get_option(OPTION_NAME_RETENTION_PERIOD,'2'); ?></option>
<option value="<?php echo esc_attr( get_option(OPTION_NAME_RETENTION_PERIOD, '2') ); ?>"><?php echo esc_html( get_option(OPTION_NAME_RETENTION_PERIOD,'2') ); ?></option>
<option value="2">2</option>
<option value="4">4</option>
<option value="6">6</option>
Expand Down Expand Up @@ -225,7 +224,7 @@
<br /><br />
<?php _e('Select schedule type (default is Weekly)', 'wp-optimize'); ?><br />
<select id="schedule_type" name="schedule_type">
<option value="<?php echo get_option(OPTION_NAME_SCHEDULE_TYPE, 'wpo_weekly'); ?>">
<option value="<?php echo esc_attr( get_option(OPTION_NAME_SCHEDULE_TYPE, 'wpo_weekly') ); ?>">
<?php
$last_schedule = get_option(OPTION_NAME_SCHEDULE_TYPE,'wpo_weekly');
switch ($last_schedule) {
Expand Down Expand Up @@ -328,7 +327,7 @@
<?php
_e('Send email to', 'wp-optimize');
?>
<input name="enable-email-address" id="enable-email-address" type="text" value ="<?php echo get_option(OPTION_NAME_ENABLE_EMAIL_ADDRESS, get_bloginfo ( 'admin_email' )); ?>" />
<input name="enable-email-address" id="enable-email-address" type="text" value ="<?php echo esc_attr( get_option( OPTION_NAME_ENABLE_EMAIL_ADDRESS, get_bloginfo ( 'admin_email' ) ) ); ?>" />
</label>
</p>
<p>
Expand Down

0 comments on commit 4e9eafe

Please sign in to comment.