Merge pull request #30 from brainstormforce/bug-fix

Prevent bypass for AJAX nonce check
brainstormforce · Aug 25, 2020 · 9df6f11 · 9df6f11
2 parents 9de4975 + 6fd96b1
commit 9df6f11
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 **Tags:** custom sidebar, sidebar manager, custom widget areas, widgets, conditional sidebar  
 **Requires at least:** 4.0  
 **Tested up to:** 5.5  
-**Stable tag:** 1.1.4  
+**Stable tag:** 1.1.5 
 **License:** GPLv2 or later  
 **License URI:** https://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -51,6 +51,9 @@ Other plugins we found are heavy with ugly interface, non supported, developed o
 
 ## Changelog ##
 
+### 1.1.5 ### 
+- Fix: Security hardening. 
+
 ### 1.1.4 ###
 - Fix: Fixed compatibility with other plugins with respect to the admin notice.
 

diff --git a/classes/class-bsf-sb-metabox.php b/classes/class-bsf-sb-metabox.php
@@ -81,8 +81,12 @@ public function metabox_actions() {
 		 */
 		public function metabox_save( $post_id ) {
 
+			if( ! isset( $_POST[ BSF_SB_POST_TYPE . '-nonce' ] ) ) {
+				return;
+			}
+
 			if ( get_post_type() != BSF_SB_POST_TYPE
-				|| ( isset( $_POST[ BSF_SB_POST_TYPE . '-nonce' ] ) && ! wp_verify_nonce( $_POST[ BSF_SB_POST_TYPE . '-nonce' ], BSF_SB_POST_TYPE ) )
+				|| ! wp_verify_nonce( $_POST[ BSF_SB_POST_TYPE . '-nonce' ], BSF_SB_POST_TYPE )
 			) {
 				return $post_id;
 			}

diff --git a/readme.txt b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.me/BrainstormForce
 Tags: custom sidebar, sidebar manager, custom widget areas, widgets, conditional sidebar
 Requires at least: 4.0
 Tested up to: 5.5
-Stable tag: 1.1.4
+Stable tag: 1.1.5
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
@@ -51,6 +51,9 @@ Other plugins we found are heavy with ugly interface, non supported, developed o
 
 == Changelog ==
 
+= 1.1.5 = 
+- Fix: Security hardening. 
+
 = 1.1.4 =
 - Fix: Fixed compatibility with other plugins with respect to the admin notice.
 

diff --git a/sidebar-manager.php b/sidebar-manager.php
@@ -3,7 +3,7 @@
  * Plugin Name:     Sidebar Manager
  * Plugin URI:      http://www.brainstormforce.com
  * Description:     This is the plugin to create custom siderbars to your site.
- * Version:         1.1.4
+ * Version:         1.1.5
  * Author:          Brainstorm Force
  * Author URI:      https://www.brainstormforce.com/
  * Text Domain:     bsfsidebars
@@ -25,7 +25,7 @@
 define( 'BSF_SB_BASE', plugin_basename( BSF_SB_FILE ) );
 define( 'BSF_SB_DIR', plugin_dir_path( BSF_SB_FILE ) );
 define( 'BSF_SB_URL', plugins_url( '/', BSF_SB_FILE ) );
-define( 'BSF_SB_VER', '1.1.4' );
+define( 'BSF_SB_VER', '1.1.5' );
 define( 'BSF_SB_PREFIX', 'bsf-sb' );
 define( 'BSF_SB_POST_TYPE', 'bsf-sidebar' );