Skip to content

Commit

Permalink
Fix bulk action nonce verification.
Browse files Browse the repository at this point in the history
  • Loading branch information
@anderly
anderly committed Jan 15, 2024
1 parent 02cc708 commit 1eaf3cf
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 4 deletions.
14 changes: 14 additions & 0 deletions assets/js/admin.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,20 @@
init: function() {
$( document )
.on( 'click', 'a.dul-quick-links', SS_DUL.toggleDisabled )
.on( 'ready', SS_DUL.copyNonce )
},

/**
* Clone the nonce field
* @param {*} e
*/
copyNonce: function( e ) {
if ($('input#_dulnonce').length == 0 && $('input#_wpnonce').length == 1) {
let $nonce = $('input#_wpnonce');
let $form = $nonce.parent();
let $newnonce = $nonce.clone().attr('id','_dulnonce').attr('name','_dulnonce');
$form.append($newnonce);
}
},

/**
Expand Down
2 changes: 1 addition & 1 deletion disable-user-login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Plugin Name: Disable User Login
* Plugin URI: http://wordpress.org/plugins/disable-user-login
* Description: Provides the ability to disable user accounts and prevent them from logging in.
* Version: 1.3.8
* Version: 1.3.9
*
* Author: Saint Systems
* Author URI: https://www.saintsystems.com
Expand Down
5 changes: 4 additions & 1 deletion includes/class-ss-disable-user-login-plugin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ final class SS_Disable_User_Login_Plugin {
*
* @var string
*/
private static $version = '1.3.8';
private static $version = '1.3.9';

/**
* Plugin singleton instance
Expand Down Expand Up @@ -449,6 +449,9 @@ public function bulk_action_disable_users($bulk_actions) {
* @since 1.0.6
*/
public function handle_bulk_disable_users( $redirect_to, $doaction, $user_ids ) {

check_admin_referer( 'bulk-users', '_dulnonce' );

if ( $doaction !== 'disable_user_login' && $doaction !== 'enable_user_login' ) {
return $redirect_to;
}
Expand Down
7 changes: 5 additions & 2 deletions readme.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ Tags: users, user, login, account, disable
Requires at least: 4.7.0
Tested up to: 6.4.2
Requires PHP: 5.6
Stable tag: 1.3.8
Version: 1.3.8
Stable tag: 1.3.9
Version: 1.3.9
License: GPLv3

Provides the ability to disable user accounts and prevent them from logging in.
Expand Down Expand Up @@ -49,6 +49,9 @@ Yes, there is a filter in place for that, `disable_user_login.disabled_message`.

== Changelog ==

= 1.3.9 =
* Fix bulk action nonce verification.

= 1.3.8 =
* Improved user-specific nonce validation.

Expand Down

0 comments on commit 1eaf3cf

Please sign in to comment.