Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3467709

Timestamp:

02/23/2026 12:45:16 PM (7 days ago)

Author:

webtoffee

Message:

[Fix] - Fixed coding standards and security issues flagged by WordPress Plugin Check.

Location:

alt-text-generator

Files:

: 15 added
: 4 edited

tags/1.8.6 (added)
tags/1.8.6/assets (added)
tags/1.8.6/assets/alttextgenerator-logo.png (added)
tags/1.8.6/build (added)
tags/1.8.6/build/index-rtl.css (added)
tags/1.8.6/build/index.asset.php (added)
tags/1.8.6/build/index.css (added)
tags/1.8.6/build/index.js (added)
tags/1.8.6/build/media-button.asset.php (added)
tags/1.8.6/build/media-button.js (added)
tags/1.8.6/includes (added)
tags/1.8.6/includes/class-uninstall-feedback.php (added)
tags/1.8.6/index.php (added)
tags/1.8.6/readme.txt (added)
tags/1.8.6/uninstall.php (added)
trunk/includes/class-uninstall-feedback.php (modified) (9 diffs)
trunk/index.php (modified) (38 diffs)
trunk/readme.txt (modified) (3 diffs)
trunk/uninstall.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

alt-text-generator/trunk/includes/class-uninstall-feedback.php

-                      r3390619
+                      r3467709
 <?php
+if (!class_exists('WY_AltTextGenerator_Uninstall_Feedback')) :
+if ( ! defined( 'ABSPATH' ) ) exit;
+if (!class_exists('Atgai_Uninstall_Feedback')) :
     /**
 …
      * @package AltTextGenerator
      */
     class WY_AltTextGenerator_Uninstall_Feedback {
+    class Atgai_Uninstall_Feedback {
         /**
 …
                         $('#alt-text-generator-modal').on('click', 'a.review-and-deactivate', function (e) {
                             e.preventDefault();
                             window.open("https://wordpress.org/support/plugin/alt-text-generator/reviews/?filter=5#new-post", "_blank", "noopener,noreferrer");
+                            window.open("https://wordpress.org/support/plugin/alt-text-generator/#new-topic-0", "_blank", "noopener,noreferrer");
                             window.location.href = deactivateLink;
                         });
 …
             // Check nonce
             if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'atgai_uninstall_feedback_nonce')) {
+            if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'atgai_uninstall_feedback_nonce')) {
                 wp_send_json_error(array('message' => 'Nonce verification failed'));
                 wp_die();
 …
             $allowed_reasons = array('used-it', 'could-not-understand', 'found-better-plugin', 'not-have-that-feature', 'is-not-working', 'other', 'none');
             $reason_id = sanitize_text_field($_POST['reason_id']);
+            $reason_id = sanitize_text_field(wp_unslash($_POST['reason_id']));
             if (!in_array($reason_id, $allowed_reasons, true)) {
 …
             $reason_info = '';
             if (isset($_POST['reason_info'])) {
                 $reason_info = sanitize_textarea_field($_POST['reason_info']);
+                $reason_info = sanitize_textarea_field(wp_unslash($_POST['reason_info']));
                 // Limit length to prevent abuse
                 if (strlen($reason_info) > 1000) {
 …
             $server_software = '';
             if (isset($_SERVER['SERVER_SOFTWARE'])) {
                 $server_software = sanitize_text_field($_SERVER['SERVER_SOFTWARE']);
+                $server_software = sanitize_text_field(wp_unslash($_SERVER['SERVER_SOFTWARE']));
+            }
 …
                 'languages' => sanitize_text_field(implode(",", get_available_languages())),
                 'theme' => sanitize_text_field(wp_get_theme()->get('Name')),
                 'plugin_version' => sanitize_text_field(PLUGIN_VERSION),
+                'plugin_version' => sanitize_text_field(ATGAI_PLUGIN_VERSION),
                 'multisite' => is_multisite() ? 'Yes' : 'No'
             );
 …
     // Initialize the uninstall feedback class
     new WY_AltTextGenerator_Uninstall_Feedback();
+    new Atgai_Uninstall_Feedback();
 endif;

alt-text-generator/trunk/index.php

-                      r3429595
+                      r3467709
 /**
  * Plugin Name: AltTextGenerator AI
+ * Plugin Name: Alt Text Generator AI - Auto Generate & Bulk Update Alt Texts For Images
  * Description: This plugin automatically identifies the images that don't have alt texts in your image library and will auto generate them using our AI Computer Vision model and bulk update them for you with a single click.
  * Version: 1.8.5
+ * Version: 1.8.6
  * Author: WebToffee
  * Author URI: https://www.webtoffee.com
+ * License: GPLv2 or later
+ * License URI: http://www.gnu.org/licenses/gpl-2.0.html
  */
 if (!defined('ABSPATH')) exit;
 define('PLUGIN_VERSION', '1.8.5');
 define('API_URL', 'https://api.alttextgenerator.ai/api');
+define('ATGAI_PLUGIN_VERSION', '1.8.6');
+define('ATGAI_API_URL', 'https://api.alttextgenerator.ai/api');
 //define('API_URL', 'http://localhost:4000/api');
 …
         wp_enqueue_script(
             'atgai-plugin-main',
             plugin_dir_url(__FILE__) . 'build/index.js?v=' . PLUGIN_VERSION,
+            plugin_dir_url(__FILE__) . 'build/index.js?v=' . ATGAI_PLUGIN_VERSION,
             $asset['dependencies'],
             PLUGIN_VERSION,
+            ATGAI_PLUGIN_VERSION,
             true
         );
 …
             plugin_dir_url(__FILE__) . 'build/index.css',
             array(),
             PLUGIN_VERSION,
+            ATGAI_PLUGIN_VERSION,
             'all'
         );
 …
             plugin_dir_url(__FILE__) . 'build/media-button.js',
             array(),
             PLUGIN_VERSION,
+            ATGAI_PLUGIN_VERSION,
             true
         );
 …
+}
+// Add settings link on plugin page
+function atgai_plugin_action_links($links) {
+    $settings_link = '<a href="' . get_admin_url(null, 'admin.php?page=atgai-admin') . '">' . esc_html__('Settings', 'alt-text-generator') . '</a>';
+    $support_link = '<a href="https://wordpress.org/support/plugin/alt-text-generator/#new-topic-0" target="_blank">' . esc_html__('Support', 'alt-text-generator') . '</a>';
+    array_unshift($links, $support_link);
+    array_unshift($links, $settings_link);
+    return $links;
+}
+add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'atgai_plugin_action_links');
 // AJAX action to fetch images
 add_action('wp_ajax_atgai_fetch_images', 'atgai_fetch_images');
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'fetch_images_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'fetch_images_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
     // Sanitize the input, default to 'all' if no filter set
     $filter = isset($_POST['filter']) ? sanitize_text_field($_POST['filter']) : 'all';
+    $filter = isset($_POST['filter']) ? sanitize_text_field(wp_unslash($_POST['filter'])) : 'all';
     // Validate the filter against allowed values
 …
         'post_status' => 'inherit',
         'posts_per_page' => -1,
         'meta_query' => array(
+        'meta_query' => array( // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
             array(
                 'key' => '_wp_attachment_metadata',
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'fetch_images_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'fetch_images_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'set_api_key_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'set_api_key_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
     // Validate API key input
     if (!isset($_POST['api_key']) || empty(trim($_POST['api_key']))) {
+    if (!isset($_POST['api_key']) || empty(trim(sanitize_text_field(wp_unslash($_POST['api_key']))))) {
         wp_send_json_error(array('message' => 'API key is required'));
         wp_die();
+    }
     $api_key = sanitize_text_field($_POST['api_key']);
+    $api_key = sanitize_text_field(wp_unslash($_POST['api_key']));
     //verify api key
     $response = wp_remote_get(API_URL . '/user', array(
+    $response = wp_remote_get(ATGAI_API_URL . '/user', array(
         'headers' => array('API-Key' => $api_key),
         'timeout' => 30,
 …
     // get site domain
     $site_url = get_site_url();
     $domain = parse_url($site_url, PHP_URL_HOST);
+    $domain = wp_parse_url($site_url, PHP_URL_HOST);
     // Sanitize domain
 …
     // set domain id
     $domain_response = wp_remote_post(API_URL . '/website', array(
+    $domain_response = wp_remote_post(ATGAI_API_URL . '/website', array(
         'headers' => array(
             'API-Key' => $api_key,
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'set_api_key_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'set_api_key_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'set_api_key_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'set_api_key_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'set_api_key_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'set_api_key_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'set_api_key_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'set_api_key_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
         // Check if each parameter exists and update only if it does
         if (isset($_POST['language'])) {
             $language = sanitize_text_field($_POST['language']);
+            $language = sanitize_text_field(wp_unslash($_POST['language']));
             // Validate language against allowed values
             $allowed_languages = array('English', 'Spanish', 'French', 'German', 'Italian', 'Portuguese', 'Dutch', 'Russian', 'Chinese', 'Japanese', 'Korean');
 …
         if (isset($_POST['auto_generate'])) {
             // Validate boolean value
             $auto_generate = sanitize_text_field($_POST['auto_generate']);
+            $auto_generate = sanitize_text_field(wp_unslash($_POST['auto_generate']));
             if ($auto_generate === 'true' || $auto_generate === 'false') {
                 update_option('atgai_auto_generate', $auto_generate);
 …
         if (isset($_POST['enable_chatgpt_enhancement'])) {
             // Validate boolean value
             $enable_enhancement = sanitize_text_field($_POST['enable_chatgpt_enhancement']);
+            $enable_enhancement = sanitize_text_field(wp_unslash($_POST['enable_chatgpt_enhancement']));
             if ($enable_enhancement === 'true' || $enable_enhancement === 'false') {
                 update_option('atgai_enable_chatgpt_enhancement', $enable_enhancement);
 …
         if (isset($_POST['chatgpt_enhancement_prompt'])) {
             $prompt = sanitize_textarea_field($_POST['chatgpt_enhancement_prompt']);
+            $prompt = sanitize_textarea_field(wp_unslash($_POST['chatgpt_enhancement_prompt']));
             // Limit prompt length to prevent abuse
             if (strlen($prompt) <= 1000) {
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'update_image_alt_text_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'update_image_alt_text_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'), 403);
         wp_die();
 …
+    }
     $image_id = intval($_POST['image_id']);
+    $image_id = intval(wp_unslash($_POST['image_id']));
     // Verify attachment exists and is an image
 …
     // Sanitize alt text
     $new_alt_text = isset($_POST['alt_text']) ? sanitize_text_field($_POST['alt_text']) : '';
+    $new_alt_text = isset($_POST['alt_text']) ? sanitize_text_field(wp_unslash($_POST['alt_text'])) : '';
     // Limit alt text length to prevent abuse
 …
         if (!$domain_id) {
             $site_url = get_site_url();
             $domain = parse_url($site_url, PHP_URL_HOST);
             $domain_response = wp_remote_post(API_URL . '/website', array(
+            $domain = wp_parse_url($site_url, PHP_URL_HOST);
+            $domain_response = wp_remote_post(ATGAI_API_URL . '/website', array(
                 'headers' => array(
                     'API-Key' => $api_key,
 …
     // Get site domain
     $site_url = get_site_url();
     $domain = parse_url($site_url, PHP_URL_HOST);
+    $domain = wp_parse_url($site_url, PHP_URL_HOST);
     // Get image details
 …
     // Send request to generate alt text
     $response = wp_remote_post(API_URL . '/image', array(
+    $response = wp_remote_post(ATGAI_API_URL . '/image', array(
         'headers' => array(
             'API-Key' => $api_key,
 …
     if (is_wp_error($response)) {
         error_log('Alt Text Generator AI: Alt text generation failed - ' . $response->get_error_message());
+        // error_log('Alt Text Generator AI: Alt text generation failed - ' . $response->get_error_message());
         return;
+    }
 …
         // Mark as updated in the API (non-blocking)
         wp_remote_post(API_URL . '/image', array(
+        wp_remote_post(ATGAI_API_URL . '/image', array(
             'method' => 'PATCH',
             'headers' => array(
 …
         ));
     } else {
         error_log('Alt Text Generator AI: Invalid response from API');
+        // error_log('Alt Text Generator AI: Invalid response from API');
+    }
+}
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'set_api_key_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'set_api_key_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
     $site_url = get_site_url();
     $domain = parse_url($site_url, PHP_URL_HOST);
+    $domain = wp_parse_url($site_url, PHP_URL_HOST);
     // Sanitize domain
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'set_api_key_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'set_api_key_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'));
         wp_die();
 …
+    }
     $response = wp_remote_get(API_URL . '/user', array(
+    $response = wp_remote_get(ATGAI_API_URL . '/user', array(
         'headers' => array('API-Key' => $api_key),
         'timeout' => 30,
 …
     // Check nonce
     if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'generate_alt_text_nonce')) {
+    if (!isset($_POST['nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['nonce'])), 'generate_alt_text_nonce')) {
         wp_send_json_error(array('message' => 'Nonce verification failed'), 403);
         wp_die();
 …
     // Get image ID
     $image_id = intval($_POST['image_id']);
+    $image_id = intval(wp_unslash($_POST['image_id']));
     // Verify attachment exists and is an image
 …
     // Send request to generate alt text
     $response = wp_remote_post(API_URL . '/image', array(
+    $response = wp_remote_post(ATGAI_API_URL . '/image', array(
         'headers' => array(
             'API-Key' => $api_key,
 …
     $api_response_id = isset($response_data['imageInfo']['_id']) ? sanitize_text_field($response_data['imageInfo']['_id']) : '';
     if (!empty($api_response_id)) {
         wp_remote_post(API_URL . '/image', array(
+        wp_remote_post(ATGAI_API_URL . '/image', array(
             'method' => 'PATCH',
             'headers' => array(

alt-text-generator/trunk/readme.txt

-                      r3429595
+                      r3467709
 Tested up to: 6.9
 Requires PHP: 5.6
 Stable tag: 1.8.5
+Stable tag: 1.8.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= 1.8.6 =
+[Fix] - Fixed coding standards and security issues flagged by WordPress Plugin Check.
 = 1.8.5 =
 Compatibility: Tested OK with WordPress version 6.9
 …
 == Upgrade Notice ==
 = 1.8.5 =
+Compatibility: Tested OK with WordPress version 6.9
+= 1.8.6 =
+[Fix] - Fixed coding standards and security issues flagged by WordPress Plugin Check.

alt-text-generator/trunk/uninstall.php

-                      r3253129
+                      r3467709
 // Delete all plugin options
 $options_to_delete = array(
+$atgai_options_to_delete = array(
     'atgai_api_key',
     'atgai_language',
 …
 );
 foreach ($options_to_delete as $option) {
     delete_option($option);
+foreach ($atgai_options_to_delete as $atgai_option) {
+    delete_option($atgai_option);
+}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory