Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2981217

Timestamp:

10/19/2023 01:54:11 PM (2 years ago)

Author:

datafeedr.com

Message:

Update to version 0.9.67 from GitHub

Location:

datafeedr-comparison-sets

Files:

: 8 edited
: 1 copied

tags/0.9.67 (copied) (copied from datafeedr-comparison-sets/trunk)
tags/0.9.67/datafeedr-comparison-sets.php (modified) (2 diffs)
tags/0.9.67/includes/actions.php (modified) (2 diffs)
tags/0.9.67/includes/functions.php (modified) (6 diffs)
tags/0.9.67/readme.txt (modified) (2 diffs)
trunk/datafeedr-comparison-sets.php (modified) (2 diffs)
trunk/includes/actions.php (modified) (2 diffs)
trunk/includes/functions.php (modified) (6 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

datafeedr-comparison-sets/tags/0.9.67/datafeedr-comparison-sets.php

-                      r2901871
+                      r2981217
 Requires PHP: 7.4
 Requires at least: 3.8
 Tested up to: 6.2.1-alpha
 Version: 0.9.66
+Tested up to: 6.3.3-alpha
+Version: 0.9.67
 WC requires at least: 3.0
 WC tested up to: 7.0
+WC tested up to: 7.9
 Datafeedr Comparison Sets Plugin
 …
  * Define constants.
  */
 define( 'DFRCS_VERSION', '0.9.66' );
+define( 'DFRCS_VERSION', '0.9.67' );
 define( 'DFRCS_DB_VERSION', '0.9.0' );
 define( 'DFRCS_URL', plugin_dir_url( __FILE__ ) );

datafeedr-comparison-sets/tags/0.9.67/includes/actions.php

-                      r2755156
+                      r2981217
     $request = $_REQUEST;
+    $source  = $request['source'];
+    $source  = base64_decode( $source );
+    $source  = unserialize( $source );
+    $request_source  = $request['source'];
+    $request_source  = base64_decode( $request_source );
+    $request_source = unserialize( $request_source, [ 'allowed_classes' => false, 'max_depth' => 1 ] );
+    // Ensure that $request_source is an array. Die if not an array.
+    if ( ! is_array( $request_source ) ) {
+        die();
+    }
+    $source = [];
+    // Sanitize data returned
+    foreach ( $request_source as $k => $v ) {
+        $source[ sanitize_text_field( $k ) ] = sanitize_text_field( $v );
+    }
+    /**
+     * $source will look something like this:
+     *
+     *  Array (
+     *      [id] => 2173400008798575
+     *      [post_id] => 338
+     *      [context] => wc_single_product_page
+     *  )
+     */
     $source['display_method'] = 'ajax';
 …
     $source = $request['source'];
     $source = base64_decode( $source );
+    $source = unserialize( $source );
+    $source = unserialize( $source, [ 'allowed_classes' => false, 'max_depth' => 1 ] );
+    // Ensure that $source is an array. Die if not an array.
+    if ( ! is_array( $source ) ) {
+        die();
+    }
     $source['display_method'] = 'ajax';

datafeedr-comparison-sets/tags/0.9.67/includes/functions.php

-                      r2755156
+                      r2981217
+    }
+    return apply_filters( 'dfrcs_title', str_replace( $s, $r, $compset->args['title'] ), $compset ) . $msg;
+    $title = apply_filters( 'dfrcs_title', str_replace( $s, $r, $compset->args['title'] ), $compset );
+    return esc_html( $title ) . $msg;
+}
 …
+    }
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
+        return;
+    }
     global $wpdb;
 …
     $hash = trim( $hash );
+    if ( empty( $hash ) ) {
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
         return false;
+    }
 …
     $hash = trim( $hash );
+    if ( empty( $hash ) ) {
+        return false;
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
+        return;
+    }
 …
     if ( empty( $hash ) ) {
         _e( 'Missing comparison set hash.', DFRCS_DOMAIN );
+        return;
+    }
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
+        _e( 'Invalid hash.', DFRCS_DOMAIN );
         return;
 …
     return (bool) dfrcs_get_option( 'use_amazon_data_in_search' );
+}
+/**
+ * Validates the validity of an MD5 hash.
+ *
+ * @see https://stackoverflow.com/a/14300703
+ *
+ * @param string $md5
+ *
+ * @return bool
+ */
+function dfrcs_is_valid_md5( string $md5 = '' ): bool {
+    return boolval( preg_match( '/^[a-f0-9]{32}$/', $md5 ) );
+}

datafeedr-comparison-sets/tags/0.9.67/readme.txt

-                      r2901871
+                      r2981217
 Requires PHP: 7.4
 Requires at least: 3.8
 Tested up to: 6.2.1-alpha
 Stable tag: 0.9.66
+Tested up to: 6.3.3-alpha
+Stable tag: 0.9.67
 Automatically create price comparison sets for your WooCommerce products or by using a shortcode.
 …
 == Changelog ==
+= 0.9.67 - 2023/10/19 =
+* Verifying hashes
+* Better handling of source data string
 = 0.9.66 - 2023/04/20 =

datafeedr-comparison-sets/trunk/datafeedr-comparison-sets.php

-                      r2901871
+                      r2981217
 Requires PHP: 7.4
 Requires at least: 3.8
 Tested up to: 6.2.1-alpha
 Version: 0.9.66
+Tested up to: 6.3.3-alpha
+Version: 0.9.67
 WC requires at least: 3.0
 WC tested up to: 7.0
+WC tested up to: 7.9
 Datafeedr Comparison Sets Plugin
 …
  * Define constants.
  */
 define( 'DFRCS_VERSION', '0.9.66' );
+define( 'DFRCS_VERSION', '0.9.67' );
 define( 'DFRCS_DB_VERSION', '0.9.0' );
 define( 'DFRCS_URL', plugin_dir_url( __FILE__ ) );

datafeedr-comparison-sets/trunk/includes/actions.php

-                      r2755156
+                      r2981217
     $request = $_REQUEST;
+    $source  = $request['source'];
+    $source  = base64_decode( $source );
+    $source  = unserialize( $source );
+    $request_source  = $request['source'];
+    $request_source  = base64_decode( $request_source );
+    $request_source = unserialize( $request_source, [ 'allowed_classes' => false, 'max_depth' => 1 ] );
+    // Ensure that $request_source is an array. Die if not an array.
+    if ( ! is_array( $request_source ) ) {
+        die();
+    }
+    $source = [];
+    // Sanitize data returned
+    foreach ( $request_source as $k => $v ) {
+        $source[ sanitize_text_field( $k ) ] = sanitize_text_field( $v );
+    }
+    /**
+     * $source will look something like this:
+     *
+     *  Array (
+     *      [id] => 2173400008798575
+     *      [post_id] => 338
+     *      [context] => wc_single_product_page
+     *  )
+     */
     $source['display_method'] = 'ajax';
 …
     $source = $request['source'];
     $source = base64_decode( $source );
+    $source = unserialize( $source );
+    $source = unserialize( $source, [ 'allowed_classes' => false, 'max_depth' => 1 ] );
+    // Ensure that $source is an array. Die if not an array.
+    if ( ! is_array( $source ) ) {
+        die();
+    }
     $source['display_method'] = 'ajax';

datafeedr-comparison-sets/trunk/includes/functions.php

-                      r2755156
+                      r2981217
+    }
+    return apply_filters( 'dfrcs_title', str_replace( $s, $r, $compset->args['title'] ), $compset ) . $msg;
+    $title = apply_filters( 'dfrcs_title', str_replace( $s, $r, $compset->args['title'] ), $compset );
+    return esc_html( $title ) . $msg;
+}
 …
+    }
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
+        return;
+    }
     global $wpdb;
 …
     $hash = trim( $hash );
+    if ( empty( $hash ) ) {
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
         return false;
+    }
 …
     $hash = trim( $hash );
+    if ( empty( $hash ) ) {
+        return false;
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
+        return;
+    }
 …
     if ( empty( $hash ) ) {
         _e( 'Missing comparison set hash.', DFRCS_DOMAIN );
+        return;
+    }
+    if ( ! dfrcs_is_valid_md5( $hash ) ) {
+        _e( 'Invalid hash.', DFRCS_DOMAIN );
         return;
 …
     return (bool) dfrcs_get_option( 'use_amazon_data_in_search' );
+}
+/**
+ * Validates the validity of an MD5 hash.
+ *
+ * @see https://stackoverflow.com/a/14300703
+ *
+ * @param string $md5
+ *
+ * @return bool
+ */
+function dfrcs_is_valid_md5( string $md5 = '' ): bool {
+    return boolval( preg_match( '/^[a-f0-9]{32}$/', $md5 ) );
+}

datafeedr-comparison-sets/trunk/readme.txt

-                      r2901871
+                      r2981217
 Requires PHP: 7.4
 Requires at least: 3.8
 Tested up to: 6.2.1-alpha
 Stable tag: 0.9.66
+Tested up to: 6.3.3-alpha
+Stable tag: 0.9.67
 Automatically create price comparison sets for your WooCommerce products or by using a shortcode.
 …
 == Changelog ==
+= 0.9.67 - 2023/10/19 =
+* Verifying hashes
+* Better handling of source data string
 = 0.9.66 - 2023/04/20 =

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory