Breaks the Media Library

Hello and thank you for reporting this bug.

I’ve released version 2.3 that repairs most bugs appeared while using admin-ajax.php. The bug was from the function that blocks the Arbitrary File Upload vulnerability used by SoakSoak.

Please let me know if it works as I don’t have Zeitgeist theme.

Thanks and Happy New Year! ??

We still have problems with the media gallery but I found a workaround.

In wp-admin/admin-ajax.php is a check for ‘$_REQUEST[‘action’]’, if that is empty it will die. In your plugin on lines 51+52 $_POST[‘action’] and ‘client_action’ are replaced with a cleaned up version. It seems that sometimes these are empty, resulting in an empty $_REQUEST[‘action’] letting admin-ajax.php die. I don’t know why $_POST is empty in the media gallery, as it is definitely sent via POST but I added a check to your plugin to see if $_POST[‘action’] is empty, and if it is, it will use $_REQUEST[‘action’] as source for the cleanup.

variables_order is GPCS, request_order GP

The code:

if($_POST['action'])
            $_POST['action'] = preg_replace('/[^a-zA-Z_\-0-9]/i', '', $_POST['action']);
        else
            $_POST['action'] = preg_replace('/[^a-zA-Z_\-0-9]/i', '', $_REQUEST['action']);
        if($_POST['client_action'])
            $_POST['client_action'] = preg_replace('/[^a-zA-Z_\-0-9]/i', '', $_POST['client_action']);
        else
            $_POST['client_action'] = preg_replace('/[^a-zA-Z_\-0-9]/i', '', $_REQUEST['client_action']);

Hello,

I am sorry for delaying this update, but I have been studying lately for Uni. I’ve updated the plugin to version 2.3.2 which will resolve this bug and others in WP admin panel (such as hiding a slide) based on your code.

Thanks ??