Release version 4.1.7 (#104)

Merge pull request #104 from short-pixel-optimizer/hotfix-4.1.7

Author: pdobrescu

classes/ViewController.php

@@ -114,7 +114,7 @@ protected function viewError($errorCode, $errorData = array())
 						$message = __('Error updating WordPress post in the database', 'enable-media-replace');
 					break;
 					case self::ERROR_DIRECTORY_SECURITY:
-						$message = __('Specificed directory is outside the upload directory. This is not allowed for security reasons', 'enable-media-replace');
+						$message = __('Specified directory is outside the upload directory. This is not allowed for security reasons', 'enable-media-replace');
 						$path = isset($errorData['path']) ? $errorData['path'] : false;
 						$basedir = isset($errorData['basedir']) ? $errorData['basedir'] : false;
 
@@ -124,7 +124,7 @@ protected function viewError($errorCode, $errorData = array())
 						}
 					break;
 					case self::ERROR_DIRECTORY_NOTEXIST:
-						$message = __('Specificed new directory does not exist. Path must be a relative path from the upload directory and exist', 'enable-media-replace');
+						$message = __('Specified new directory does not exist. Path must be a relative path from the upload directory and exist', 'enable-media-replace');
 					break;
 
 					case self::ERROR_NONCE:

classes/emr-plugin.php

@@ -642,20 +642,17 @@ public function attempt_uncache_image($image, $attachment_id, $size, $icon)
    * @return string content / replacement shorttag
    * @todo Note this returns the wrong date, ie. server date not corrected for timezone. Function could be removed altogether, not sure about purpose.
    */
-    public function get_modified_date($atts)
+    public function get_modified_date($args)
     {
-        $id=0;
-        $format= '';
 
-        extract(shortcode_atts(array(
-        'id' => '',
-        'format' => get_option('date_format') . " " . get_option('time_format'),
-        ), $atts));
+        $id = isset($args['id']) ? intval($args['id']) : false; 
+        $format = isset($args['format']) ? sanitize_text_field($args['format']) : false; 
 
-        if ($id == '') {
-            return false;
+        if (false === $id)
+        {
+          return false; 
         }
-
+ 
         // Get path to file
         $current_file = get_attached_file($id);
 
@@ -666,9 +663,14 @@ public function get_modified_date($atts)
       // Get file modification time
         $filetime = filemtime($current_file);
 
+        if (false === $format)
+        {
+          $format = get_option( 'date_format' ) . ' ' . get_option( 'time_format' );
+        }
+
         if (false !== $filetime) {
             // do date conversion
-            return date($format, $filetime);
+            return wp_date($format, $filetime);
         }
 
         return false;

enable-media-replace.php

@@ -3,7 +3,7 @@
  * Plugin Name: Enable Media Replace
  * Plugin URI: https://wordpress.org/plugins/enable-media-replace/
  * Description: Enable replacing media files by uploading a new file in the "Edit Media" section of the WordPress Media Library.
- * Version: 4.1.6
+ * Version: 4.1.7
  * Author: ShortPixel
  * Author URI: https://shortpixel.com
  * GitHub Plugin URI: https://github.com/short-pixel-optimizer/enable-media-replace
@@ -25,7 +25,7 @@
  *
  */
 
-define( 'EMR_VERSION', '4.1.6' );
+define( 'EMR_VERSION', '4.1.7' );
 
 if ( ! defined( 'ABSPATH' ) ) {
 	exit; // Exit if accessed directly.

readme.txt

@@ -5,7 +5,7 @@ Tags: replace, replace image, remove background, replace jpg, change media
 Requires at least: 4.9.7
 Tested up to: 6.8
 Requires PHP: 5.6
-Stable tag: 4.1.6
+Stable tag: 4.1.7
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -80,6 +80,12 @@ Please report security bugs found in the source code of the Enable Media Replace
 
 == Changelog ==
 
+= 4.1.7 =
+
+Release date: October 2, 2025
+* Fix: A potential "Cross-Site Scripting" vulnerability has been patched, responsibly disclosed by the WordFence team;
+* Fix: Corrected a few text typos.
+
 = 4.1.6 =
 
 Release date: March 25, 2025