GithubHelp home page GithubHelp logo

bynder-wordpress-plugin's Introduction

Bynder WordPress Plugin

Official distribution channel for the Bynder WordPress Connector

Breaking Changes

  • v5.2.0: Replaced permanent token setting with OAuth 2.0 client credentials (for Bynder portals only). You can find more information on OAuth 2.0 client credentials for Bynder here.

WordPress Requirements

There are currently two versions of the plugin in order to support WordPress 5.8 and earlier. The plugin files can be found in the folders named with the WordPress versions they currently support. In each folder, you will find a ZIP for the plugin and a ZIP that contains the source code if you want to make further customizations to the plugin.

The plugin for Wordpress 5.8 and earlier will not be actively maintained or developed on.

  1. WordPress (Requires at least WordPress 5.9, tested up to 6.3.1)

  2. WordPress-5.8-legacy (Requires WordPress 5.0 to 5.8)

How to Run the Source Code

This project was bootstrapped with Wordpress Create Block.

Below you will find some information on how to run scripts.

You can find the more information here.

๐Ÿ‘‰ npm start

  • Use to compile and run the block in development mode.
  • Watches for any changes and reports back any errors in your code.

๐Ÿ‘‰ npm run build

  • Use to build production code for your block inside build folder.
  • Runs once and reports back the gzip file sizes of the produced code.

bynder-wordpress-plugin's People

Contributors

bynder-jenkins-vcs-repositories avatar dobiday avatar thegreatdeku avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

cypressnorth

bynder-wordpress-plugin's Issues

[Security] Unauthenticated user can upload files and replace featured images of any post

The AJAX function set_bynder_featured_image has two big security flaws:

  • it is callable as unauthenticated user. Anybody can upload/sideload anything into the WordPress media library (remove add_action( 'wp_ajax_nopriv_bynder_featured', 'set_bynder_featured_image' ); โ€“ that is not necessary for your plugin)
  • the function does not do any permission checks. Anybody can upload files (no check of upload_files capability) and can set the featured image of any post (no check of edit_post_meta meta capability)

You should also add a nonce and a nonce check in this function to prevent CSRF attacks.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.