updated plugin Simple Local Avatars version 2.7.11

This commit is contained in:
KawaiiPunk 2024-07-19 19:46:13 +00:00 committed by Gitium
parent 311bc308f5
commit 39ec06fbc1
3 changed files with 23 additions and 6 deletions

View File

@ -1476,6 +1476,7 @@ class Simple_Local_Avatars {
?> ?>
<input type="hidden" name="simple-local-avatar-file-id" id="simple-local-avatar-file-id" value="<?php echo ! empty( $default_avatar_file_id ) ? esc_attr( $default_avatar_file_id ) : ''; ?>"/> <input type="hidden" name="simple-local-avatar-file-id" id="simple-local-avatar-file-id" value="<?php echo ! empty( $default_avatar_file_id ) ? esc_attr( $default_avatar_file_id ) : ''; ?>"/>
<input type="hidden" name="simple-local-avatar-file-url" id="simple-local-avatar-file-url" value="<?php echo ! empty( $default_avatar_file_url ) ? esc_url( $default_avatar_file_url ) : ''; ?>"/> <input type="hidden" name="simple-local-avatar-file-url" id="simple-local-avatar-file-url" value="<?php echo ! empty( $default_avatar_file_url ) ? esc_url( $default_avatar_file_url ) : ''; ?>"/>
<?php wp_nonce_field( 'simple_local_avatar_default', 'simple-local-avatar-file-wpnonce' ); ?>
<input type="button" name="simple-local-avatar" id="simple-local-avatar-default" class="button-secondary" value="<?php esc_attr_e( 'Choose Default Avatar', 'simple-local-avatar' ); ?>"/> <input type="button" name="simple-local-avatar" id="simple-local-avatar-default" class="button-secondary" value="<?php esc_attr_e( 'Choose Default Avatar', 'simple-local-avatar' ); ?>"/>
<p class="description" style="margin-left: 23px;"><?php esc_html_e( 'Note that this avatar needs to be publicly available or a broken image will be shown.', 'simple-local-avatar' ); ?></p> <p class="description" style="margin-left: 23px;"><?php esc_html_e( 'Note that this avatar needs to be publicly available or a broken image will be shown.', 'simple-local-avatar' ); ?></p>
<?php <?php
@ -1490,6 +1491,11 @@ class Simple_Local_Avatars {
private function save_default_avatar_file_id() { private function save_default_avatar_file_id() {
global $pagenow; global $pagenow;
// Check if nonce is set.
if ( ! isset( $_POST['simple-local-avatar-file-wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['simple-local-avatar-file-wpnonce'] ) ), 'simple_local_avatar_default' ) ) {
return;
}
$file_id = filter_input( INPUT_POST, 'simple-local-avatar-file-id', FILTER_SANITIZE_NUMBER_INT ); $file_id = filter_input( INPUT_POST, 'simple-local-avatar-file-id', FILTER_SANITIZE_NUMBER_INT );
// check for uploaded files // check for uploaded files

View File

@ -2,8 +2,8 @@
Contributors: jakemgold, 10up, thinkoomph, jeffpaul, faisal03 Contributors: jakemgold, 10up, thinkoomph, jeffpaul, faisal03
Donate link: https://10up.com/plugins/simple-local-avatars-wordpress/ Donate link: https://10up.com/plugins/simple-local-avatars-wordpress/
Tags: avatar, gravatar, user photos, users, profile Tags: avatar, gravatar, user photos, users, profile
Tested up to: 6.5 Tested up to: 6.6
Stable tag: 2.7.10 Stable tag: 2.7.11
License: GPL-2.0-or-later License: GPL-2.0-or-later
License URI: https://spdx.org/licenses/GPL-2.0-or-later.html License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
@ -45,7 +45,15 @@ No. Simple Local Avatars neither collects, stores, nor sends any PII data of vi
== Changelog == == Changelog ==
= 2.7.10 - 2024-05-23 = = 2.7.11 - 2024-07-18 =
**Note that this release bumps the minimum required version of WordPress from 6.3 to 6.4.**
* **Changed:** Bumped WordPress "tested up to" version 6.6 and minimum version to 6.4 (props [@sudip-md](https://github.com/sudip-md), [@ankitguptaindia](https://github.com/ankitguptaindia), [@jeffpaul](https://github.com/jeffpaul) via [#289](https://github.com/10up/simple-local-avatars/pull/289), [#290](https://github.com/10up/simple-local-avatars/pull/290)).
* **Security:** Add nonce check when saving the default avatar ID (props [@faisal-alvi](https://github.com/faisal-alvi), [@aaemnnosttv](https://github.com/aaemnnosttv), [@rafiem](https://github.com/rafiem), [@dkotter](https://github.com/dkotter) via [GHSA-46pw-6m35-9m7x](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-46pw-6m35-9m7x)).
* **Security:** Bump `braces` from 3.0.2 to 3.0.3, `pac-resolver` from 7.0.0 to 7.0.1, `socks` from 2.7.1 to 2.8.3 and removes `ip` (props [@dependabot](https://github.com/apps/dependabot), [@Sidsector9](https://github.com/Sidsector9) via [#286](https://github.com/10up/simple-local-avatars/pull/286)).
* **Security:** Bump `ws` from 7.5.9 to 7.5.10 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#287](https://github.com/10up/simple-local-avatars/pull/287)).
= 2.7.10 - 2024-05-24 =
* **Fixed:** Fix Default Avatar Fallback (props [@amirhossein7](https://profiles.wordpress.org/amirhossein7/), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@qasumitbagthariya](https://github.com/qasumitbagthariya/) via [#281](https://github.com/10up/simple-local-avatars/pull/281)). * **Fixed:** Fix Default Avatar Fallback (props [@amirhossein7](https://profiles.wordpress.org/amirhossein7/), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@qasumitbagthariya](https://github.com/qasumitbagthariya/) via [#281](https://github.com/10up/simple-local-avatars/pull/281)).
* **Security:** Bump `express` from 4.18.2 to 4.19.2 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)). * **Security:** Bump `express` from 4.18.2 to 4.19.2 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)).
* **Security:** Bump `follow-redirects` from 1.15.5 to 1.15.6 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)). * **Security:** Bump `follow-redirects` from 1.15.5 to 1.15.6 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)).
@ -141,6 +149,9 @@ No. Simple Local Avatars neither collects, stores, nor sends any PII data of vi
== Upgrade Notice == == Upgrade Notice ==
= 2.7.11 =
**Note that this release bumps the minimum required version of WordPress from 6.3 to 6.4.**
= 2.7.8 = = 2.7.8 =
**Note that this release bumps the minimum required version of WordPress from 5.7 to 6.3.** **Note that this release bumps the minimum required version of WordPress from 5.7 to 6.3.**

View File

@ -3,8 +3,8 @@
* Plugin Name: Simple Local Avatars * Plugin Name: Simple Local Avatars
* Plugin URI: https://10up.com/plugins/simple-local-avatars-wordpress/ * Plugin URI: https://10up.com/plugins/simple-local-avatars-wordpress/
* Description: Adds an avatar upload field to user profiles. Generates requested sizes on demand, just like Gravatar! Simple and lightweight. * Description: Adds an avatar upload field to user profiles. Generates requested sizes on demand, just like Gravatar! Simple and lightweight.
* Version: 2.7.10 * Version: 2.7.11
* Requires at least: 6.3 * Requires at least: 6.4
* Requires PHP: 7.4 * Requires PHP: 7.4
* Author: 10up * Author: 10up
* Author URI: https://10up.com * Author URI: https://10up.com
@ -67,7 +67,7 @@ define( 'SLA_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
require_once dirname( __FILE__ ) . '/includes/class-simple-local-avatars.php'; require_once dirname( __FILE__ ) . '/includes/class-simple-local-avatars.php';
// Global constants. // Global constants.
define( 'SLA_VERSION', '2.7.10' ); define( 'SLA_VERSION', '2.7.11' );
define( 'SLA_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); define( 'SLA_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
if ( ! defined( 'SLA_IS_NETWORK' ) ) { if ( ! defined( 'SLA_IS_NETWORK' ) ) {