Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
# Advanced Custom Fields: Image Crop Add-on #
Contributors: andersthorborg
Contributors: andersthorborg, nickkeenan
Tags: afc, advanced custom fields, image crop, image, crop
Requires at least: 3.5
Tested up to: 4.6
Stable tag: 1.4.12
Tested up to: 6.9.1
Stable tag: 1.4.13
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

An image field making it possible/required for the user to crop the selected image to the specified image size or dimensions

This is a maintained fork of the abandoned [original plugin](https://github.com/andersthorborg/ACF-Image-Crop) by Anders Thorborg.

## Description ##

ACF image crop is an extended version of the native Image-field in ACF.
Expand Down Expand Up @@ -58,9 +60,19 @@ function my_register_fields()
5. The image is cropped to the desired format, using the restrictions set under field options
6. The new format is shown using the specified preview size. The original image is kept with the field, so the image can be re-cropped at any time.

## Credits ##

Originally developed by [Anders Thorborg](http://thorb.org).
This fork maintained by [Nick Keenan / Gameflow Interactive](https://gameflowinteractive.com)
with security patches applied. All credit for the original plugin goes to Anders.

## Changelog ##

### 1.4.13 ###
**Security fix applied:** CVE-2023-22676 / PSID ae467650d1f0
Adds `upload_files` capability check to `perform_crop()` to prevent
subscriber-level users from modifying media library images.

### 1.4.12 ###
* Fix compatibility with ACF Pro 5.6.0

Expand Down
8 changes: 6 additions & 2 deletions acf-image-crop-v5.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

class acf_field_image_crop extends acf_field_image {


var $options;
/*
* initialize
*
Expand Down Expand Up @@ -495,6 +495,10 @@ function input_admin_enqueue_scripts() {
}

function perform_crop(){
if ( ! current_user_can( 'upload_files' ) ) {
wp_send_json_error( 'Unauthorized', 403 );
wp_die();
}
$targetWidth = $_POST['target_width'];
$targetHeight = $_POST['target_height'];

Expand Down Expand Up @@ -1240,4 +1244,4 @@ function delete_field( $field ) {
// create field
new acf_field_image_crop();

?>
?>
10 changes: 5 additions & 5 deletions acf-image-crop.php
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
<?php
/*
Plugin Name: Advanced Custom Fields: Image Crop Add-on
Plugin URI: https://github.com/andersthorborg/ACF-Image-Crop
Description: An image field making it possible/required for the user to crop the selected image to the specified image size or dimensions
Version: 1.4.12
Author: Anders Thorborg
Plugin Name: Advanced Custom Fields: Image Crop Add-on (Patched)
Plugin URI: https://github.com/nickkeenan/ACF-Image-Crop-Patched
Description: Maintained fork with security fixes. Original by Anders Thorborg.
Version: 1.4.13
Author: Anders Thorborg (original), Nick Keenan (maintainer)
Author URI: http://thorb.org
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Expand Down