WordPress.org
Get WordPress

Plugin Directory

Changeset 2875024


Ignore:
Timestamp:
03/05/2023 06:18:08 PM (3 years ago)
Author:
bgermann
Message:

import version 15.0.5

Location:
cforms2/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • cforms2/trunk/cforms-corrupted.php

    r2353696 r2875024  
    1919
    2020cforms2_check_access_priv();
     21
     22if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     23    if (!check_admin_referer("corruptedsettings"))
     24        return;
     25}
    2126?>
    2227<div class="wrap">
     
    6368    <form name="corruptedsettings" class="corruptedsettings" method="POST">
    6469
     70        <?php wp_nonce_field("corruptedsettings"); ?>
    6571        <h3><?php _e('Corrupted cforms settings detected', 'cforms2'); ?></h3>
    6672        <table class="form-table">

  • cforms2/trunk/cforms-global-settings.php

    r2353696 r2875024  
    2727    return;
    2828
     29if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     30    if (!check_admin_referer("cformsglobal"))
     31        return;
     32}
     33
    2934$style = $cformsSettings['global']['cforms_css'];
    3035
     
    8287    <form enctype="multipart/form-data" id="cformsdata" name="mainform" method="post">
    8388        <?php
     89        wp_nonce_field("cformsglobal");
    8490        if (isset($_POST['showinfo'])) {
    8591            echo '<p>' . __('All the global and per form settings are listed here as JSON. You can use this as a backup tool if you like.', 'cforms2') . '</p>';
     
    304310    <fieldset class="cf_ed_main">
    305311        <form name="deleteform" method="post">
     312            <?php wp_nonce_field("cformsglobal"); ?>
    306313            <div id="cf_target_del"><?php _e('Warning!', 'cforms2'); ?></div>
    307314            <div class="controls">

  • cforms2/trunk/cforms-options.php

    r2353696 r2875024  
    2727    return;
    2828
     29if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     30    if (!check_admin_referer("cformsdata"))
     31        return;
     32}
    2933
    3034$formcount = count(Cforms2\FormSettings::forms());
     
    265269        <input type="hidden" name="no" value="<?php echo $no_disp; ?>"/>
    266270        <input type="hidden" name="noSub" value="<?php echo $no_disp; ?>" />
     271        <?php wp_nonce_field("cformsdata"); ?>
    267272
    268273        <p>

  • cforms2/trunk/cforms.php

    r2353696 r2875024  
    2121 * Description: cformsII is a customizable, flexible and powerful form plugin including simple spam protection, multi-step forms, role manager support and custom themes.
    2222 * Author: Oliver Seidel, Bastian Germann
    23  * Version: 15.0.4
     23 * Version: 15.0.5
    2424 * Text Domain: cforms2
    2525 */
    2626namespace Cforms2;
    2727
    28 define('CFORMS2_VERSION', '15.0.4');
     28define('CFORMS2_VERSION', '15.0.5');
    2929
    3030// Debug message handling.

  • cforms2/trunk/readme.txt

    r2729745 r2875024  
    1818If you want to use plugin versions older than 14.6.3, you should rename the directory containing the plugin from "cforms2" to "cforms". But bear in mind that old versions should not be used in public systems, because they contain [known serious vulnerabilities](https://wpvulndb.com/plugins/cforms) that are exploited in the wild.
    1919
    20 The [current security baseline version](https://wpvulndb.com/plugins/cforms2) is 15.0.3.
     20The [current security baseline version](https://wpvulndb.com/plugins/cforms2) is 15.0.5.
    2121
    2222
     
    112112== Upgrade Notice ==
    113113
    114 = 15.0.4 =
     114= 15.0.5 =
    115115The tracking database feature and its view are removed with cformsII 15.0+. Your data still exists in the database. Please have a look at CFDB plugin as a replacement.
    116116
    117117
    118118== Changelog ==
     119
     120= 15.0.5 =
     121
     122* Fix CSRF by introducing nonces to admin forms (CVE-2023-25449)
    119123
    120124= 15.0.4 =
Note: See TracChangeset for help on using the changeset viewer.