Changeset 3035169 for wp-stateless
- Timestamp:
- 02/13/2024 03:19:14 PM (14 months ago)
- Location:
- wp-stateless/trunk
- Files:
-
- 19 edited
-
changelog.txt (modified) (1 diff)
-
changes.md (modified) (1 diff)
-
lib/classes/class-ajax.php (modified) (1 diff)
-
lib/classes/class-bootstrap.php (modified) (1 diff)
-
lib/classes/class-errors.php (modified) (3 diffs)
-
readme.txt (modified) (2 diffs)
-
static/scripts/error-notice.js (modified) (2 diffs)
-
static/scripts/wp-stateless-uploads.js (modified) (1 diff)
-
vendor/composer/installed.json (modified) (2 diffs)
-
vendor/composer/installed.php (modified) (4 diffs)
-
vendor/udx/lib-ud-api-client/changes.md (modified) (1 diff)
-
vendor/udx/lib-ud-api-client/gruntfile.js (modified) (1 diff)
-
vendor/udx/lib-ud-api-client/lib/classes/class-bootstrap.php (modified) (1 diff)
-
vendor/udx/lib-ud-api-client/lib/classes/class-update-checker.php (modified) (17 diffs)
-
vendor/udx/lib-ud-api-client/package.json (modified) (1 diff)
-
vendor/udx/lib-wp-bootstrap/changes.md (modified) (1 diff)
-
vendor/udx/lib-wp-bootstrap/lib/classes/class-errors.php (modified) (4 diffs)
-
vendor/udx/lib-wp-bootstrap/static/scripts/ud-dismiss.js (modified) (1 diff)
-
wp-stateless-media.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
wp-stateless/trunk/changelog.txt
r3023726 r3035169 1 1 == Changelog == 2 = 3.4.1 = 3 FIX - improve security while processing AJAX requests in Admin Panel 4 2 5 = 3.4.0 = 3 6 * ENHANCEMENT - removed `udx/lib-settings` package dependency for security reasons. -
wp-stateless/trunk/changes.md
r3023726 r3035169 1 #### 3.4.1 2 FIX - improve security while processing AJAX requests in Admin Panel 3 1 4 #### 3.4.0 2 5 * ENHANCEMENT - removed `udx/lib-settings` package dependency for security reasons. -
wp-stateless/trunk/lib/classes/class-ajax.php
r2724810 r3035169 49 49 */ 50 50 public function request() { 51 check_ajax_referer('sm_inline_sync'); 52 51 53 global $doing_manual_sync; 52 54 -
wp-stateless/trunk/lib/classes/class-bootstrap.php
r3023726 r3035169 1217 1217 /* Attachment or upload page */ 1218 1218 wp_register_script('wp-stateless-uploads-js', $this->path('static/scripts/wp-stateless-uploads.js', 'url'), array('jquery'), self::$version); 1219 wp_localize_script('wp-stateless-uploads-js', 'stateless_upload', [ 1220 'inline_sync_nonce' => wp_create_nonce('sm_inline_sync'), 1221 ]); 1219 1222 1220 1223 /* Setup wizard styles. */ -
wp-stateless/trunk/lib/classes/class-errors.php
r3023726 r3035169 182 182 "ajaxurl" => admin_url( 'admin-ajax.php' ), 183 183 ) ); 184 184 wp_localize_script( "sateless-error-notice-js", "stateless_error_notice_vars", array( 185 "dismiss_nonce" => wp_create_nonce( 'stateless_notice_dismiss' ), 186 "enable_action_nonce" => wp_create_nonce( 'stateless_enable_notice_button_action' ), 187 ) ); 185 188 186 189 //** Don't show the message if the user has no enough permissions. */ … … 249 252 * @throws \Exception 250 253 */ 251 public function dismiss_notices(){ 254 public function dismiss_notices() { 255 check_ajax_referer('stateless_notice_dismiss'); 256 252 257 $response = array( 253 258 'success' => '0', 254 259 'error' => __( 'There was an error in request.', $this->domain ), 255 260 ); 261 256 262 $error = false; 257 263 258 if( empty($_POST['key']) && strpos($_POST['key'], 'dismissed_notice_') !== false ) { 264 $option_key = isset($_POST['key']) ? sanitize_key($_POST['key']) : ''; 265 266 if ( strpos($option_key, 'dismissed_') !== 0 ) { 259 267 $response['error'] = __( 'Invalid key', $this->domain ); 260 268 $error = true; 261 269 } 262 else { 263 $option_key = sanitize_key($_POST['key']); 264 update_option( $option_key, time() ); 270 271 if ( !$error && update_option( $option_key, time() ) ) { 265 272 $response['success'] = '1'; 266 273 $response['error'] = null; … … 275 282 */ 276 283 public function stateless_enable_notice_button_action(){ 284 check_ajax_referer('stateless_enable_notice_button_action'); 285 277 286 $response = array( 278 287 'success' => '1', -
wp-stateless/trunk/readme.txt
r3023726 r3035169 6 6 Requires PHP: 8.0 7 7 Requires at least: 5.0 8 Tested up to: 6.4. 29 Stable tag: 3.4. 08 Tested up to: 6.4.3 9 Stable tag: 3.4.1 10 10 11 11 Upload and serve your WordPress media files from Google Cloud Storage. … … 113 113 114 114 == Changelog == 115 = 3.4.1 = 116 FIX - improve security while processing AJAX requests in Admin Panel 117 115 118 = 3.4.0 = 116 119 * ENHANCEMENT - removed `udx/lib-settings` package dependency for security reasons. -
wp-stateless/trunk/static/scripts/error-notice.js
r2378210 r3035169 16 16 action: 'stateless_enable_notice_button_action', 17 17 key: _this.data('key'), 18 _ajax_nonce: stateless_error_notice_vars.enable_action_nonce ?? '', 18 19 } 19 20 … … 42 43 action: 'stateless_notice_dismiss', 43 44 key: _this.data('key'), 45 _ajax_nonce: stateless_error_notice_vars.dismiss_nonce ?? '', 44 46 } 45 47 -
wp-stateless/trunk/static/scripts/wp-stateless-uploads.js
r2378210 r3035169 20 20 action: that.data('type') == 'image' ? "stateless_process_image" : "stateless_process_file", 21 21 id: that.data('id'), 22 size: that.data('size') 22 size: that.data('size'), 23 _ajax_nonce: stateless_upload.inline_sync_nonce ?? '', 23 24 } 24 25 }) -
wp-stateless/trunk/vendor/composer/installed.json
r3023726 r3035169 265 265 { 266 266 "name": "udx/lib-ud-api-client", 267 "version": "1.2. 2",268 "version_normalized": "1.2. 2.0",267 "version": "1.2.3", 268 "version_normalized": "1.2.3.0", 269 269 "source": { 270 270 "type": "git", 271 271 "url": "git@github.com:udx/lib-ud-api-client", 272 "reference": "1.2. 2"273 }, 274 "dist": { 275 "type": "zip", 276 "url": "https://github.com/udx/lib-ud-api-client/archive/1.2. 2.zip"272 "reference": "1.2.3" 273 }, 274 "dist": { 275 "type": "zip", 276 "url": "https://github.com/udx/lib-ud-api-client/archive/1.2.3.zip" 277 277 }, 278 278 "require": { … … 311 311 { 312 312 "name": "udx/lib-wp-bootstrap", 313 "version": "1.3. 1",314 "version_normalized": "1.3. 1.0",313 "version": "1.3.2", 314 "version_normalized": "1.3.2.0", 315 315 "source": { 316 316 "type": "git", 317 317 "url": "git@github.com:udx/lib-wp-bootstrap", 318 "reference": "1.3. 1"319 }, 320 "dist": { 321 "type": "zip", 322 "url": "https://github.com/udx/lib-wp-bootstrap/archive/1.3. 1.zip"318 "reference": "1.3.2" 319 }, 320 "dist": { 321 "type": "zip", 322 "url": "https://github.com/udx/lib-wp-bootstrap/archive/1.3.2.zip" 323 323 }, 324 324 "require": { -
wp-stateless/trunk/vendor/composer/installed.php
r3023726 r3035169 4 4 'pretty_version' => 'dev-latest', 5 5 'version' => 'dev-latest', 6 'reference' => '4 e811ffcf935c543ab66a31c9562301a405d988d',6 'reference' => '4485e93b09271c7d1d632d20406de711e4d8b391', 7 7 'type' => 'wordpress-plugin', 8 8 'install_path' => __DIR__ . '/../../', … … 51 51 ), 52 52 'udx/lib-ud-api-client' => array( 53 'pretty_version' => '1.2. 2',54 'version' => '1.2. 2.0',55 'reference' => '1.2. 2',53 'pretty_version' => '1.2.3', 54 'version' => '1.2.3.0', 55 'reference' => '1.2.3', 56 56 'type' => 'library', 57 57 'install_path' => __DIR__ . '/../udx/lib-ud-api-client', … … 60 60 ), 61 61 'udx/lib-wp-bootstrap' => array( 62 'pretty_version' => '1.3. 1',63 'version' => '1.3. 1.0',64 'reference' => '1.3. 1',62 'pretty_version' => '1.3.2', 63 'version' => '1.3.2.0', 64 'reference' => '1.3.2', 65 65 'type' => 'library', 66 66 'install_path' => __DIR__ . '/../udx/lib-wp-bootstrap', … … 71 71 'pretty_version' => 'dev-latest', 72 72 'version' => 'dev-latest', 73 'reference' => '4 e811ffcf935c543ab66a31c9562301a405d988d',73 'reference' => '4485e93b09271c7d1d632d20406de711e4d8b391', 74 74 'type' => 'wordpress-plugin', 75 75 'install_path' => __DIR__ . '/../../', -
wp-stateless/trunk/vendor/udx/lib-ud-api-client/changes.md
r3023726 r3035169 1 ### 1.2.3 2 3 * Improve security while processing AJAX requests in Admin Panel. 4 1 5 ### 1.2.2 2 6 -
wp-stateless/trunk/vendor/udx/lib-ud-api-client/gruntfile.js
r3023726 r3035169 3 3 * 4 4 * @author potanin@UD 5 * @version 1.2. 25 * @version 1.2.3 6 6 * @param grunt 7 7 */ -
wp-stateless/trunk/vendor/udx/lib-ud-api-client/lib/classes/class-bootstrap.php
r3023726 r3035169 19 19 * 20 20 */ 21 public static $version = '1.2. 2';21 public static $version = '1.2.3'; 22 22 23 23 /** -
wp-stateless/trunk/vendor/udx/lib-ud-api-client/lib/classes/class-update-checker.php
r3011578 r3035169 350 350 $plugins = get_plugins(); 351 351 $name = isset( $plugins[$this->name] ) ? $plugins[$this->name]['Name'] : $this->name; 352 $nonce = wp_create_nonce( 'ud_api_dismiss' ); 352 353 353 354 if ( isset( $response->errors['no_key'] ) && $response->errors['no_key'] == 'no_key' && isset( $response->errors['no_subscription'] ) && $response->errors['no_subscription'] == 'no_subscription' ) { … … 356 357 $show_no_key_error = $this->check_dismiss_time( $no_key_dismissed ); 357 358 if( $show_no_key_error ) { 358 $this->errors[] = sprintf( __( 'A license key for %s could not be found. Maybe you forgot to enter a license key when setting up %s, or the key was deactivated in your account. You can reactivate or purchase a license key from your account <a href="%s" target="_blank">Licences</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_key" href="#">dismiss</a>.', $this->text_domain ), $name, $name, $this->renew_license_url, sanitize_key( $name ));359 $this->errors[] = sprintf( __( 'A license key for %s could not be found. Maybe you forgot to enter a license key when setting up %s, or the key was deactivated in your account. You can reactivate or purchase a license key from your account <a href="%s" target="_blank">Licences</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_key" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $name, $this->renew_license_url, sanitize_key( $name ), $nonce ); 359 360 } 360 361 … … 362 363 $show_no_subscription_error = $this->check_dismiss_time( $no_subscription_dismissed ); 363 364 if( $show_no_subscription_error ) { 364 $this->errors[] = sprintf( __( 'A subscription for %s could not be found. You can purchase a subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ));365 $this->errors[] = sprintf( __( 'A subscription for %s could not be found. You can purchase a subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ); 365 366 } 366 367 … … 370 371 $show_exp_license_error = $this->check_dismiss_time( $exp_license_dismissed ); 371 372 if( $show_exp_license_error ) { 372 $this->errors[] = sprintf( __( 'The license key for %s has expired. You can reactivate or get a license key from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_exp_license" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ));373 $this->errors[] = sprintf( __( 'The license key for %s has expired. You can reactivate or get a license key from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_exp_license" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ); 373 374 } 374 375 … … 378 379 $show_hold_subscription_error = $this->check_dismiss_time( $hold_subscription_dismissed ); 379 380 if( $show_hold_subscription_error ) { 380 $this->errors[] = sprintf( __( 'The subscription for %s is on-hold. You can reactivate the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_hold_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ));381 $this->errors[] = sprintf( __( 'The subscription for %s is on-hold. You can reactivate the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_hold_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ); 381 382 } 382 383 … … 386 387 $show_cancelled_subscription_error = $this->check_dismiss_time( $cancelled_subscription_dismissed ); 387 388 if( $show_cancelled_subscription_error ) { 388 $this->errors[] = sprintf( __( 'The subscription for %s has been cancelled. You can renew the subscription from your account <a href="%s" target="_blank">dashboard</a>. A new license key will be emailed to you after your order has been completed. <a class="dismiss-error dismiss" data-key="dismissed_error_%s_cancelled_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ));389 $this->errors[] = sprintf( __( 'The subscription for %s has been cancelled. You can renew the subscription from your account <a href="%s" target="_blank">dashboard</a>. A new license key will be emailed to you after your order has been completed. <a class="dismiss-error dismiss" data-key="dismissed_error_%s_cancelled_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ); 389 390 } 390 391 … … 394 395 $show_exp_subscription_error = $this->check_dismiss_time( $exp_subscription_dismissed ); 395 396 if( $show_exp_subscription_error ) { 396 $this->errors[] = sprintf( __( 'The subscription for %s has expired. You can reactivate the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_exp_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name )) ;397 $this->errors[] = sprintf( __( 'The subscription for %s has expired. You can reactivate the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_exp_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ) ; 397 398 } 398 399 … … 402 403 $show_suspended_subscription_error = $this->check_dismiss_time( $suspended_subscription_dismissed ); 403 404 if( $show_suspended_subscription_error ) { 404 $this->errors[] = sprintf( __( 'The subscription for %s has been suspended. You can reactivate the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_suspended_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name )) ;405 $this->errors[] = sprintf( __( 'The subscription for %s has been suspended. You can reactivate the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_suspended_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ) ; 405 406 } 406 407 … … 410 411 $show_pending_subscription_error = $this->check_dismiss_time( $pending_subscription_dismissed ); 411 412 if( $show_pending_subscription_error ) { 412 $this->errors[] = sprintf( __( 'The subscription for %s is still pending. You can check on the status of the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_pending_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name )) ;413 $this->errors[] = sprintf( __( 'The subscription for %s is still pending. You can check on the status of the subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_pending_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ) ; 413 414 } 414 415 … … 418 419 $show_trash_subscription_error = $this->check_dismiss_time( $trash_subscription_dismissed ); 419 420 if( $show_trash_subscription_error ) { 420 $this->errors[] = sprintf( __( 'The subscription for %s has been placed in the trash and will be deleted soon. You can get a new subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_trash_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name )) ;421 $this->errors[] = sprintf( __( 'The subscription for %s has been placed in the trash and will be deleted soon. You can get a new subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_trash_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ) ; 421 422 } 422 423 … … 426 427 $show_no_subscription_error = $this->check_dismiss_time( $no_subscription_dismissed ); 427 428 if( $show_no_subscription_error ) { 428 $this->errors[] = sprintf( __( 'A subscription for %s could not be found. You can get a subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ));429 $this->errors[] = sprintf( __( 'A subscription for %s could not be found. You can get a subscription from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ); 429 430 } 430 431 … … 434 435 $show_no_activation_error = $this->check_dismiss_time( $no_activation_dismissed ); 435 436 if( $show_no_activation_error ) { 436 $this->errors[] = sprintf( __( '%s has not been activated. Go to the settings page and enter the license key and license email to activate %s. <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_activation" href="#">dismiss</a>.', $this->text_domain ), $name, $name, sanitize_key( $name )) ;437 $this->errors[] = sprintf( __( '%s has not been activated. Go to the settings page and enter the license key and license email to activate %s. <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_activation" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $name, sanitize_key( $name ), $nonce ) ; 437 438 } 438 439 … … 442 443 $show_no_key_error = $this->check_dismiss_time( $no_key_dismissed ); 443 444 if( $show_no_key_error ) { 444 $this->errors[] = sprintf( __( 'A license key for %s could not be found. Maybe you forgot to enter a license key when setting up %s, or the key was deactivated in your account. You can reactivate or get a license key from your account <a href="%s" target="_blank">Licences</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_key" href="#">dismiss</a>.', $this->text_domain ), $name, $name, $this->renew_license_url, sanitize_key( $name ));445 $this->errors[] = sprintf( __( 'A license key for %s could not be found. Maybe you forgot to enter a license key when setting up %s, or the key was deactivated in your account. You can reactivate or get a license key from your account <a href="%s" target="_blank">Licences</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_no_key" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $name, $this->renew_license_url, sanitize_key( $name ), $nonce ); 445 446 } 446 447 … … 450 451 $show_download_revoked_error = $this->check_dismiss_time( $download_revoked_dismissed ); 451 452 if( $show_download_revoked_error ) { 452 $this->errors[] = sprintf( __( 'Download permission for %s has been revoked possibly due to a license key or subscription expiring. You can reactivate or get a license key from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_download_revoked" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name )) ;453 $this->errors[] = sprintf( __( 'Download permission for %s has been revoked possibly due to a license key or subscription expiring. You can reactivate or get a license key from your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_download_revoked" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ) ; 453 454 } 454 455 … … 458 459 $show_switched_subscription_error = $this->check_dismiss_time( $switched_subscription_dismissed ); 459 460 if( $show_switched_subscription_error ) { 460 $this->errors[] = sprintf( __( 'You changed the subscription for %s, so you will need to enter your new API License Key in the settings page. The License Key should have arrived in your email inbox, if not you can get it by logging into your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_switched_subscription" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name )) ;461 $this->errors[] = sprintf( __( 'You changed the subscription for %s, so you will need to enter your new API License Key in the settings page. The License Key should have arrived in your email inbox, if not you can get it by logging into your account <a href="%s" target="_blank">dashboard</a> | <a class="dismiss-error dismiss" data-key="dismissed_error_%s_switched_subscription" data-nonce="%s" href="#">dismiss</a>.', $this->text_domain ), $name, $this->renew_license_url, sanitize_key( $name ), $nonce ) ; 461 462 } 462 463 … … 500 501 action: 'ud_api_dismiss', 501 502 key: _this.data('key'), 503 _ajax_nonce: _this.data('nonce'), 502 504 } 503 505 … … 542 544 */ 543 545 public function dismiss_notices(){ 546 check_ajax_referer('ud_api_dismiss'); 547 544 548 $response = array( 545 549 'success' => '0', 546 550 'error' => __( 'There was an error in request.', $this->text_domain ), 547 551 ); 552 548 553 $error = false; 549 554 550 if( empty($_POST['key']) ) { 551 $response['error'] = __( 'Invalid key', $this->text_domain ); 555 $option_key = isset($_POST['key']) ? sanitize_key($_POST['key']) : ''; 556 557 if ( strpos($option_key, 'dismissed_') !== 0 ) { 558 $response['error'] = __( 'Invalid key', $this->domain ); 552 559 $error = true; 553 560 } 554 555 if ( ! $error && update_option( ( $_POST['key'] ), time() ) ) {561 562 if ( !$error && update_option( $option_key, time() ) ) { 556 563 $response['success'] = '1'; 557 } 558 564 $response['error'] = null; 565 } 566 559 567 wp_send_json( $response ); 560 568 } -
wp-stateless/trunk/vendor/udx/lib-ud-api-client/package.json
r3023726 r3035169 1 1 { 2 2 "name": "lib-ud-api-client", 3 "version": "1.2. 2",3 "version": "1.2.3", 4 4 "description": "UD Client for WooCommerce API Manager", 5 5 "repository": { -
wp-stateless/trunk/vendor/udx/lib-wp-bootstrap/changes.md
r3023726 r3035169 1 ### 1.3.2 2 3 * Improve security while processing AJAX requests in Admin Panel. 4 1 5 ### 1.3.1 2 6 -
wp-stateless/trunk/vendor/udx/lib-wp-bootstrap/lib/classes/class-errors.php
r3011578 r3035169 157 157 $messages = apply_filters( 'ud:messages:admin_notices', $this->messages, $this->args ); 158 158 $warnings = apply_filters( 'ud:warnings:admin_notices', $this->warnings, $this->args ); 159 160 $nonce = wp_create_nonce('ud_dismiss'); 159 161 160 162 if( !empty( $errors ) || !empty( $messages ) || !empty( $warnings ) ) { … … 180 182 $message = sprintf( __( '<p><b>%s</b> has the following warnings:</p> %s', $this->domain ), $this->name, $message ); 181 183 if( $this->dismiss ) { 182 $this->action_links[ 'warnings' ][] = '<a class="dismiss-warning dismiss" data-key="dismissed_warning_' . sanitize_key( $this->name ).'" href="#">' . __( 'Dismiss this warning', $this->domain ) . '</a>'; 184 $this->action_links[ 'warnings' ][] = 185 '<a class="dismiss-warning dismiss" ' . 186 'data-key="dismissed_warning_' . sanitize_key( $this->name ) . 187 '" data-nonce="' . $nonce . '" href="#">' . 188 __( 'Dismiss this warning', $this->domain ) . '</a>'; 183 189 } 184 190 if( !empty( $this->action_links[ 'warnings' ] ) && is_array( $this->action_links[ 'warnings' ] ) ) { … … 200 206 } 201 207 if( $this->dismiss ) { 202 $this->action_links[ 'messages' ][] = '<a class="dismiss-notice dismiss" data-key="dismissed_notice_' . sanitize_key( $this->name ).'" href="#">' . __( 'Dismiss this notice', $this->domain ) . '</a>'; 208 $this->action_links[ 'messages' ][] = 209 '<a class="dismiss-notice dismiss" ' . 210 'data-key="dismissed_notice_' . sanitize_key( $this->name ).'" ' . 211 'data-nonce="' . $nonce . '" href="#">' . 212 __( 'Dismiss this notice', $this->domain ) . '</a>'; 203 213 } 204 214 $message .= '<p>' . implode( ' | ', $this->action_links[ 'messages' ] ) . '</p>'; … … 222 232 * @throws \Exception 223 233 */ 224 public function dismiss_notices(){ 234 public function dismiss_notices() { 235 check_ajax_referer('ud_dismiss'); 236 225 237 $response = array( 226 238 'success' => '0', 227 239 'error' => __( 'There was an error in request.', $this->domain ), 228 240 ); 241 229 242 $error = false; 230 243 231 if( empty($_POST['key']) ) { 244 $option_key = isset($_POST['key']) ? sanitize_key($_POST['key']) : ''; 245 246 if ( strpos($option_key, 'dismissed_') !== 0 ) { 232 247 $response['error'] = __( 'Invalid key', $this->domain ); 233 248 $error = true; 234 249 } 235 250 236 if ( ! $error && update_option( ( $_POST['key'] ), time() ) ) {251 if ( !$error && update_option( $option_key, time() ) ) { 237 252 $response['success'] = '1'; 253 $response['error'] = null; 238 254 } 239 255 -
wp-stateless/trunk/vendor/udx/lib-wp-bootstrap/static/scripts/ud-dismiss.js
r2013894 r3035169 12 12 action: 'ud_dismiss', 13 13 key: _this.data('key'), 14 _ajax_nonce: _this.data('nonce'), 14 15 } 15 16 -
wp-stateless/trunk/wp-stateless-media.php
r3023726 r3035169 5 5 * Description: Upload and serve your WordPress media files from Google Cloud Storage. 6 6 * Author: UDX 7 * Version: 3.4. 07 * Version: 3.4.1 8 8 * Text Domain: stateless-media 9 9 * Author URI: https://www.udx.io
Note: See TracChangeset
for help on using the changeset viewer.