From 74ac8d2962cffdc2636ab12fecd2cf6e14e6b038 Mon Sep 17 00:00:00 2001
From: Luffy <52o@qq52o.cn>
Date: Fri, 12 Sep 2025 15:20:05 +0800
Subject: [PATCH] Update nonce handling for form submissions
---
aliyun-oss-wordpress.php | 44 +++++++++++++++++++---------------------
readme.txt | 6 +++++-
2 files changed, 26 insertions(+), 24 deletions(-)
diff --git a/aliyun-oss-wordpress.php b/aliyun-oss-wordpress.php
index e80d4b1..090ea45 100644
--- a/aliyun-oss-wordpress.php
+++ b/aliyun-oss-wordpress.php
@@ -3,7 +3,7 @@
Plugin Name: OSS Aliyun
Plugin URI: https://github.com/sy-records/aliyun-oss-wordpress
Description: 使用阿里云对象存储 OSS 作为附件存储空间。(This is a plugin that uses Aliyun Object Storage Service for attachments remote saving.)
-Version: 1.5.0
+Version: 1.5.1
Author: 沈唁
Author URI: https://qq52o.me
License: Apache2.0
@@ -20,7 +20,7 @@ use AlibabaCloud\Credentials\Credential;
use OSS\Credentials\StaticCredentialsProvider;
use OSS\Core\OssException;
-define('OSS_VERSION', '1.5.0');
+define('OSS_VERSION', '1.5.1');
define('OSS_BASEFOLDER', plugin_basename(dirname(__FILE__)));
if (!function_exists('get_home_path')) {
@@ -773,13 +773,15 @@ function oss_setting_page()
if (!current_user_can('manage_options')) {
wp_die('Insufficient privileges!');
}
- $options = [];
- if (!empty($_POST) and $_POST['type'] == 'oss_set') {
- $nonce = $_POST['update_oss_config-nonce'] ?? '';
- if (empty($nonce) || !wp_verify_nonce($nonce, 'update_oss_config')) {
+ if (!empty($_POST) && !empty($_POST['type'])) {
+ $nonce = $_POST["{$_POST['type']}-nonce"] ?? '';
+ if (empty($nonce) || !wp_verify_nonce($nonce, $_POST['type'])) {
wp_die('Illegal requests!');
}
+ }
+ $options = [];
+ if (!empty($_POST) && $_POST['type'] == 'aliyun_oss_set') {
$options['bucket'] = isset($_POST['bucket']) ? sanitize_text_field($_POST['bucket']) : '';
$options['regional'] = isset($_POST['regional']) ? sanitize_text_field($_POST['regional']) : '';
$options['role_name'] = isset($_POST['role_name']) ? sanitize_text_field($_POST['role_name']) : '';
@@ -801,7 +803,7 @@ function oss_setting_page()
}
}
- if (!empty($_POST) and $_POST['type'] == 'aliyun_oss_all') {
+ if (!empty($_POST) && $_POST['type'] == 'aliyun_oss_all') {
$files = oss_read_dir_queue(get_home_path(), oss_get_option('upload_path'));
foreach ($files as $file) {
oss_file_upload($file['key'], $file['filepath']);
@@ -810,16 +812,11 @@ function oss_setting_page()
}
// 替换数据库链接
- if(!empty($_POST) and $_POST['type'] == 'aliyun_oss_replace') {
- $nonce = $_POST['update_oss_replace-nonce'] ?? '';
- if (empty($nonce) || !wp_verify_nonce($nonce, 'update_oss_replace')) {
- wp_die('Illegal requests!');
- }
-
+ if(!empty($_POST) && $_POST['type'] == 'aliyun_oss_replace') {
$old_url = esc_url_raw($_POST['old_url']);
$new_url = esc_url_raw($_POST['new_url']);
- if (!empty($old_url) && !empty($new_url)) {
+ if (!empty($old_url)) {
global $wpdb;
$posts_name = $wpdb->prefix . 'posts';
// 文章内容
@@ -872,7 +869,7 @@ function oss_setting_page()
|
-
+
请先访问 阿里云控制台 创建Bucket,再填写以上内容。
|
@@ -901,14 +898,14 @@ function oss_setting_page()
|
- |
+ |
|
|
-
+
|
@@ -955,7 +952,7 @@ function oss_setting_page()
|
-
+
附件在服务器上的存储位置,例如: wp-content/uploads (注意不要以“/”开头和结尾),根目录请输入.。
|
@@ -964,7 +961,7 @@ function oss_setting_page()
-
+
注意:
@@ -1010,10 +1007,10 @@ function oss_setting_page()
|
|
|
-
-
+
+