Security improvements

2018-03-13 08:19:37 +00:00 · 2018-03-13 08:19:37 +00:00 · 4f639502e3
parent 529ff95bbe
commit 4f639502e3
8 changed files with 44 additions and 16 deletions
--- a/css/bootstrap-table.min.css
+++ b/css/bootstrap-table.min.css
--- a/js/WP-GPX-Maps.js
+++ b/js/WP-GPX-Maps.js
@ -2,7 +2,7 @@
 Plugin Name: WP-GPX-Maps
 Plugin URI: http://www.devfarm.it/
 Description: Draws a gpx track with altitude graph
-Version: 1.5.00
+Version: 1.5.02
 Author: Bastianon Massimo
 Author URI: http://www.devfarm.it/
 */
@ -779,6 +779,13 @@ Author URI: http://www.devfarm.it/
 					datasets: [],
 				},
 				options: {
+					animation: {
+						//duration: 0, // general animation time
+					},
+					hover: {
+						//animationDuration: 0, // duration of animations when hovering an item
+					},
+					//responsiveAnimationDuration: 0, // animation duration after a resize
 					customLine: {
 						color: 'gray'
 					},
@ -798,9 +805,9 @@ Author URI: http://www.devfarm.it/
 			            }]
 					},
 					tooltips: {
-						position: 'nearest',
+						position: 'average',
 						mode: 'index',
-						intersect: true,
+						intersect: false,
 						callbacks : {
 							title: function(tooltipItems, data) {
 								//Return value for title
--- a/js/bootstrap-table.min.js
+++ b/js/bootstrap-table.min.js
--- a/readme.txt
+++ b/readme.txt
@ -5,7 +5,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
 Tags: maps, gpx, gps, graph, chart, google maps, track, garmin, image, nextgen-gallery, nextgen, exif, OpenStreetMap, OpenCycleMap, Hike&Bike, heart rate, heartrate, cadence
 Requires at least: 2.0.0
 Tested up to: 4.9.4
-Stable tag: 1.5.01
+Stable tag: 1.5.02

 Draws a gpx track with altitude graph. You can also display your nextgen gallery images in the map.

@ -153,6 +153,8 @@ Yes!
 1. Altitude & Speed & Hearth rate

 == Changelog ==
+= 1.5.02 =
+* Security improvements
 = 1.5.01 =
 * Improved security
 * Included javascript
--- a/wp-gpx-maps.php
+++ b/wp-gpx-maps.php
@ -3,7 +3,7 @@
 Plugin Name: WP-GPX-Maps
 Plugin URI: http://www.devfarm.it/
 Description: Draws a GPX track with altitude chart
-Version: 1.5.01
+Version: 1.5.02
 Author: Bastianon Massimo
 Author URI: http://www.devfarm.it/
 */
@ -20,6 +20,7 @@ register_deactivation_hook( __FILE__, 'WP_GPX_Maps_remove');
 add_filter('plugin_action_links', 'WP_GPX_Maps_action_links', 10, 2);
 add_action('wp_print_styles', 'print_WP_GPX_Maps_styles' );
 add_action('wp_enqueue_scripts', 'enqueue_WP_GPX_Maps_scripts');
+add_action('admin_enqueue_scripts', 'enqueue_WP_GPX_Maps_scripts_admin' ); 
 add_action('plugins_loaded' ,'WP_GPX_Maps_lang_init');

 function WP_GPX_Maps_lang_init() {
@ -46,10 +47,21 @@ function WP_GPX_Maps_action_links($links, $file) {
    return $links;
 }

+function enqueue_WP_GPX_Maps_scripts_admin($hook)
+{	
+	if ( strpos($hook, 'WP-GPX-Maps') !== false )
+	{
+		wp_register_script('bootstrap-table', plugins_url( '/js/bootstrap-table.min.js', __FILE__ ), array(), "1.11.1" );
+		wp_enqueue_script('bootstrap-table');
+		wp_register_style('bootstrap-table', plugins_url( '/css/bootstrap-table.min.css', __FILE__ ), array(), "1.11.1" );
+		wp_enqueue_style('bootstrap-table');		
+	}
+}
+
 function enqueue_WP_GPX_Maps_scripts() {		

 	wp_register_script('chartjs', plugins_url( '/js/Chart.min.js', __FILE__ ), array(), "2.7.2" );
-	wp_register_script('WP-GPX-Maps', plugins_url( '/js/WP-GPX-Maps.js', __FILE__ ), array('jquery','googlemaps','chartjs'), "1.5.00" );
+	wp_register_script('WP-GPX-Maps', plugins_url( '/js/WP-GPX-Maps.js', __FILE__ ), array('jquery','googlemaps','chartjs'), "1.5.02" );

 	$wpgpxmaps_googlemapsv3_apikey = get_option('wpgpxmaps_googlemapsv3_apikey');
 	
@ -63,6 +75,7 @@ function enqueue_WP_GPX_Maps_scripts() {
 	wp_enqueue_script('jquery');
 	wp_enqueue_script('chartjs'); 	
    wp_enqueue_script('WP-GPX-Maps');
+	
 }

 function print_WP_GPX_Maps_styles() {
--- a/wp-gpx-maps_admin.php
+++ b/wp-gpx-maps_admin.php
@ -42,7 +42,6 @@ function WP_GPX_Maps_html_page() {
 	if ($tab == '')
 		$tab = 'tracks';
 	
-
 ?>
 	<div id="icon-themes" class="icon32"><br></div>
 		<h2>WP GPX Settings</h2>	
--- a/wp-gpx-maps_admin_tracks.php
+++ b/wp-gpx-maps_admin_tracks.php
@ -1,8 +1,13 @@
 <?php

-	if ( !is_admin() )
+	if ( !(is_admin()) )
 		return;
 	
+	$is_admin = current_user_can( 'manage_options' );
+	
+	if ( $is_admin != 1 )
+		return;
+
 	$gpxRegEx = '/.gpx$/';

 	if ( isset($_POST['clearcache']) )
@ -15,12 +20,6 @@
 	
 	?>

-		<!-- Latest compiled and minified CSS -->
-		<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.11.1/bootstrap-table.min.css">
-
-		<!-- Latest compiled and minified JavaScript -->
-		<script src="//cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.11.1/bootstrap-table.min.js"></script>
-	
 		<div class="tablenav top">
 			<form enctype="multipart/form-data" method="POST" style="float:left; margin:5px 20px 0 0" action="/wp-admin/options-general.php?page=WP-GPX-Maps">
 				Choose a file to upload: <input name="uploadedfile[]" type="file" onchange="submitgpx(this);" multiple />
--- a/wp-gpx-maps_utils.php
+++ b/wp-gpx-maps_utils.php
@ -64,8 +64,7 @@

 	function sitePath()
 	{
-		return substr(substr(__FILE__, 0, strrpos(__FILE__,'wp-content')), 0, -1);
-		//		$uploadsPath = 	substr($uploadsPath, 0, -1);
+		return substr(get_home_path(), 0, -1);
 	}

 	function gpxFolderPath()