From 95dbb97a89b88f89b96195816eb91d9854a625f7 Mon Sep 17 00:00:00 2001 From: "R. Atik Islam" <93109120+R-Atik@users.noreply.github.com> Date: Wed, 2 Aug 2023 03:53:00 -0700 Subject: [PATCH] int 1.4.5 ### Stable - Security Release - Enhanced security measures. - It is crucial to update Educare to version 1.4.5 immediately. - Please see the changelog v1.4.4 for list of previous updates. **Note:** Sometimes users may need to clear browsing data to load the updated script (After update). --- Educare.php | 6 +- assets/js/educare.js | 17 +-- changelog.md | 9 ++ includes/admin/menu.php | 5 + includes/functions.php | 187 ++++++++++++++++++++++----- includes/support/grading-systems.php | 12 +- readme.txt | 11 +- 7 files changed, 190 insertions(+), 57 deletions(-) diff --git a/Educare.php b/Educare.php index 91bb611..a28808f 100644 --- a/Educare.php +++ b/Educare.php @@ -1,7 +1,7 @@ * @copyright GPL-2.0+ * @link http://github.com/fixbd/educare @@ -10,7 +10,7 @@ * Plugin Name: Educare * Plugin URI: http://github.com/fixbd/educare * Description: Educare is a powerful online School/College students & results management system dev by FixBD. This plugin allows you to manage and publish students results. You can easily Add/Edit/Delete Students, Results, Class, Exam, Year Custom field and much more... Also you can import & export unlimited students and results just a click! - * Version: 1.4.4 + * Version: 1.4.5 * Author: FixBD * Author URI: http://github.com/fixbd * License: GPL-2.0+ @@ -44,7 +44,7 @@ // Make it simple! (Define Educare Name-Space) // Plugin Version - define('EDUCARE_VERSION', '1.4.4'); + define('EDUCARE_VERSION', '1.4.5'); // Settings Version define('EDUCARE_SETTINGS_VERSION', '1.0'); define('EDUCARE_RESULTS_VERSION', '1.0'); diff --git a/assets/js/educare.js b/assets/js/educare.js index 962fb22..9892538 100644 --- a/assets/js/educare.js +++ b/assets/js/educare.js @@ -22,7 +22,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_content', - nonce: educareAjax.nonce, form_data: form_data, active_menu: active_menu, action_for @@ -65,7 +64,7 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_proccess_grade_system', - nonce: educareAjax.nonce, + nonce: educareNonce.edit_grade_system, class: class_name }, beforeSend:function(event) { @@ -96,7 +95,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_save_grade_system', - nonce: educareAjax.nonce, form_data: form_data, update_grade_rules: true }, @@ -165,7 +163,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_proccess_promote_students', - nonce: educareAjax.nonce, form_data: form_data }, beforeSend: function(data) { @@ -302,7 +299,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_marks', - nonce: educareAjax.nonce, form_data: form_data, action_for: action_for }, @@ -338,7 +334,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_marks', - nonce: educareAjax.nonce, form_data: form_data, action_for }, @@ -466,7 +461,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_class', - nonce: educareAjax.nonce, class: class_name, id: id_no, form_data: form_data, @@ -609,7 +603,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_class', - nonce: educareAjax.nonce, class: class_name, id: id_no, form_data: form_data, @@ -662,7 +655,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_get_data_from_students', - nonce: educareAjax.nonce, form_data: form_data }, beforeSend: function(data) { @@ -767,7 +759,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_content', - nonce: educareAjax.nonce, form_data: form_data, action_for }, @@ -852,7 +843,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_content', - nonce: educareAjax.nonce, form_data: form_data, action_for }, @@ -888,7 +878,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_content', - nonce: educareAjax.nonce, form_data: form_data, action_for }, @@ -917,7 +906,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_content', - nonce: educareAjax.nonce, form_data: form_data, action_for }, @@ -949,7 +937,6 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_process_content', - nonce: educareAjax.nonce, form_data: form_data, action_for }, @@ -993,7 +980,7 @@ jQuery(document).ready(function($) { type: 'POST', data: { action: 'educare_demo', - nonce: educareAjax.nonce, + nonce: educareNonce.demo_nonce, Class: class_name, total_demo: total_demo, data_for: students, diff --git a/changelog.md b/changelog.md index 3111df8..9c38e78 100644 --- a/changelog.md +++ b/changelog.md @@ -1,3 +1,12 @@ +## [1.4.5] + +### Stable - Security Release +- Enhanced security measures. +- It is crucial to update Educare to version 1.4.5 immediately. +- Please see the changelog v1.4.4 for list of previous updates. + +**Note:** Sometimes users may need to clear browsing data to load the updated script (After update). + ## [1.4.4] ### Stable - Security Release diff --git a/includes/admin/menu.php b/includes/admin/menu.php index 0611929..e51ab7c 100644 --- a/includes/admin/menu.php +++ b/includes/admin/menu.php @@ -146,6 +146,11 @@ function educare_enqueue_styles( $hook) { 'photos' => educare_check_status('photos'), 'group_subject' => educare_check_status('group_subject'), ) ); + + wp_localize_script( 'educare-admin', 'educareNonce', array( + 'demo_nonce' => wp_create_nonce( 'educare_demo_nonce' ), + 'edit_grade_system' => wp_create_nonce( 'edit_grade_system' ), + ) ); } diff --git a/includes/functions.php b/includes/functions.php index 5be476b..3734612 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -1356,9 +1356,11 @@ function notice($msgs, $print = null, $add_students = null) { // Security nonce for form requests. $nonce = wp_create_nonce( 'educare_form_nonce' ); + $crud_nonce = wp_create_nonce( 'educare_crud_data' ); $forms = "
@@ -2287,7 +2304,7 @@ function educare_get_tab_management($action_for) { } // Verify the nonce to ensure the request originated from the expected source - educare_verify_nonce(); + educare_verify_nonce('educare_default_photos'); $attachment_id = sanitize_text_field($_POST['educare_attachment_id']); update_option( 'educare_files_selector', absint($attachment_id) ); @@ -2297,7 +2314,7 @@ function educare_get_tab_management($action_for) { @@ -3887,11 +3915,16 @@ function educare_process_settings($list) { Edit - :