fix vulnerability in settings handling

moskis · moskis · commit 9c7283394bff · 2015-02-28T15:57:42.000+01:00
diff --git a/admin.php b/admin.php
@@ -85,6 +85,7 @@ function mfbfw_options_page() {
 
 	<form method="post" action="">
 		<div style="text-align:center;padding:0 0 1.5em;margin:-15px 0 5px;">
+			<?php wp_nonce_field( 'mfbfw-options-reset' ); ?>
 			<input type="submit" name="mfbfw_update" id="reset" onClick="return confirmDefaults();" class="button-secondary" value="<?php esc_attr_e( 'Revert to defaults', 'mfbfw' ); ?>" />
 			<input type="hidden" name="action" value="reset" />
 		</div>
diff --git a/fancybox.php b/fancybox.php
@@ -366,21 +366,14 @@ function mfbfw_textdomain() {
 
 function mfbfw_admin_options() {
 
-	if ( isset($_GET['page']) && $_GET['page'] == 'fancybox-for-wordpress' ) {
-
-		if ( isset($_REQUEST['action']) && 'update' == $_REQUEST['action'] ) {
-
-			$settings = stripslashes_deep( $_POST['mfbfw'] );
-			$settings = array_map( 'convert_chars', $settings );
+	$settings = get_option( 'mfbfw' );
 
-			update_option( 'mfbfw', $settings );
-			wp_safe_redirect( add_query_arg('updated', 'true') );
-			die;
+	if ( isset($_GET['page']) && $_GET['page'] == 'fancybox-for-wordpress' ) {
 
-		} else if ( isset($_REQUEST['action']) && 'reset' == $_REQUEST['action'] ) {
+		if ( isset($_REQUEST['action']) && 'reset' == $_REQUEST['action'] && check_admin_referer( 'mfbfw-options-reset' ) ) {
 
-			$default_settings = mfbfw_defaults(); // Store defaults in an array
-			update_option( 'mfbfw', $default_settings ); // Write defaults to database
+			$defaults_array = mfbfw_defaults(); // Store defaults in an array
+			update_option( 'mfbfw', $defaults_array ); // Write defaults to database
 			wp_safe_redirect( add_query_arg('reset', 'true') );
 			die;
 
