diff --git a/readme.txt b/readme.txt index b0d0b14..9f0bc66 100644 --- a/readme.txt +++ b/readme.txt @@ -2,8 +2,8 @@ Contributors: uglyrobot, jdailey, andtrev Tags: increase file size limit, increase upload limit, max upload file size, post max size, upload limit, file upload, files uploader, ftp, video uploader, AJAX Requires at least: 5.3 -Tested up to: 6.4 -Stable tag: 2.1.2 +Tested up to: 6.6.1 +Stable tag: 2.1.3 Requires PHP: 5.6 License: GPLv2 License URI: https://www.gnu.org/licenses/gpl-2.0.html @@ -106,6 +106,10 @@ No. [Infinite Uploads](https://wordpress.org/plugins/infinite-uploads/) is an op == Changelog == +2.1.3 - 2024-9-6 +---------------------------------------------------------------------- +- Fix for Authenticated (Author+) Full Path Disclosure vulnerability in error messages. Props @netc4t + 2.1.2 - 2023-10-25 ---------------------------------------------------------------------- - Minor security improvement for dismissing the review notice (CSRF). diff --git a/tuxedo_big_file_uploads.php b/tuxedo_big_file_uploads.php index 7d71cf3..ee6de63 100644 --- a/tuxedo_big_file_uploads.php +++ b/tuxedo_big_file_uploads.php @@ -2,7 +2,7 @@ /** * Plugin Name: Big File Uploads * Description: Enable large file uploads in the built-in WordPress media uploader via multipart uploads, and set maximum upload file size to any value based on user role. Uploads can be as large as available disk space allows. - * Version: 2.1.2 + * Version: 2.1.3 * Author: Infinite Uploads * Author URI: https://infiniteuploads.com/?utm_source=bfu_plugin&utm_medium=plugin&utm_campaign=bfu_plugin&utm_content=meta * Network: true @@ -24,7 +24,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * - * Copyright 2021 UglyRobot, LLC + * Copyright 2021-2024 UglyRobot, LLC * * @package BigFileUploads * @version 2.0 @@ -34,7 +34,7 @@ die(); } -define( 'BIG_FILE_UPLOADS_VERSION', '2.1.2' ); +define( 'BIG_FILE_UPLOADS_VERSION', '2.1.3' ); /** * Big File Uploads manager class. @@ -175,7 +175,7 @@ public function filter_plupload_settings( $plupload_settings ) { } else { $default_chunk = $max_chunk / KB_IN_BYTES; } - //define( 'BIG_FILE_UPLOADS_CHUNK_SIZE_KB', 512 );//TODO remove + if ( ! defined( 'BIG_FILE_UPLOADS_CHUNK_SIZE_KB' ) ) { define( 'BIG_FILE_UPLOADS_CHUNK_SIZE_KB', $default_chunk ); } @@ -598,7 +598,7 @@ public function ajax_chunk_receiver() { array( 'success' => false, 'data' => array( - 'message' => sprintf( __( 'There was an error opening the temp file %s for writing. Available temp directory space may be exceeded or the temp file was cleaned up before the upload completed.', 'tuxedo-big-file-uploads' ), esc_html( $filePath ) ), + 'message' => __( 'There was an error opening the temp file for writing. Available temp directory space may be exceeded or the temp file was cleaned up before the upload completed.', 'tuxedo-big-file-uploads' ), 'filename' => esc_html( $fileName ), ), ) @@ -617,7 +617,7 @@ public function ajax_chunk_receiver() { __( '“%s” has failed to upload.' ), esc_html( $fileName ) ), - sprintf( __( 'There was an error opening the temp file %s for writing. Available temp directory space may be exceeded or the temp file was cleaned up before the upload completed.', 'tuxedo-big-file-uploads' ), esc_html( $filePath ) ) + __( 'There was an error opening the temp file for writing. Available temp directory space may be exceeded or the temp file was cleaned up before the upload completed.', 'tuxedo-big-file-uploads' ) ); exit; }