1.7.23 - fixed upload security issue

mlooft · Jan 2, 2025 · e5d6b1b · e5d6b1b
1 parent 2eb3537
commit e5d6b1b
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,9 @@
 # Changelog
 This file hosts the complete changelog of this plugin.
 
+## 1.7.23
+* fixed a security issue for file upload
+
 ## 1.7.22
 * fixed a security issue for file upload
 

diff --git a/assets/js/frontend/frontend.ts b/assets/js/frontend/frontend.ts
@@ -1001,6 +1001,7 @@ jQuery(document).ready(function ($) {
 		var formData = new FormData();
 
 		formData.append('action', 'fw_upload_file');
+		formData.append('nonce', msfAjax.nonce);
 		for (var i = 0; i < files.length; i++) {
 			formData.append('file' + i, files[i]);
 		}

diff --git a/includes/lib/msf-shortcode.class.php b/includes/lib/msf-shortcode.class.php
@@ -97,7 +97,14 @@ private function delete_files($filepaths) {
 	 * Temporarily upload a file to wp-content/uploads/msf-temp directory.
 	 * The file remains on the server until the form is submitted by the client.
 	 **/
-	 public function fw_upload_file() {
+	public function fw_upload_file()
+	{
+		// Add nonce verification
+		if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'my_action_nonce')) {
+			wp_send_json_error('Nonce verification failed');
+			return;
+		}
+
 		$tempdir = wp_upload_dir();
 		$upload_overrides = array(
 			'test_form' => false,

diff --git a/lang/multi-step-form.pot b/lang/multi-step-form.pot
@@ -1,4 +1,4 @@
-# Copyright (C) 2024 Multi Step Form
+# Copyright (C) 2025 Multi Step Form
 # This file is distributed under the same license as the Multi Step Form package.
 msgid ""
 msgstr ""
@@ -7,7 +7,7 @@ msgstr ""
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"PO-Revision-Date: 2024-MO-DA HO:MI+ZONE\n"
+"PO-Revision-Date: 2025-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Mondula <[email protected]>\n"
 "Language-Team: Mondula GmbH <[email protected]>\n"
 "X-Poedit-Basepath: ..\n"

diff --git a/mondula-form-wizard.php b/mondula-form-wizard.php
@@ -1,7 +1,7 @@
 <?php
 /*
  * Plugin Name: Multi Step Form
- * Version: 1.7.22
+ * Version: 1.7.23
  * Plugin URI: http://www.mondula.com/
  * Description: Create and embed Multi Step Form.
  * Author: Mondula GmbH
@@ -82,7 +82,7 @@ function msf_drop_tables($tables = array(), $blog_id = null) {
  * @return object Mondula_Form_Wizard
  */
 function Mondula_Form_Wizard() {
-	$instance = Mondula_Form_Wizard::instance(__FILE__, '1.7.22');
+	$instance = Mondula_Form_Wizard::instance(__FILE__, '1.7.23');
 
 	if (is_null($instance->settings)) {
 		$instance->settings = Mondula_Form_Wizard_Settings::instance($instance);

diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: mondula2016
 Tags: multi, step, forms, multi step form, multi-step, steps, feedback, email, contact form, progress bar, form builder, dynamic, ajax, formular
 Requires at least: 5.0
 Tested up to: 6.6.1
-Stable tag: 1.7.22
+Stable tag: 1.7.23
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
@@ -84,6 +84,9 @@ A.  **[Find them here](https://mondula.com/en/multi-step-form-faqs/ "Multi Step
 
 == Changelog ==
 
+= 1.7.23 =
+* fixed a security issue for file upload
+
 = 1.7.22 =
 * fixed a security issue for file upload