Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2996579

Timestamp:

11/15/2023 04:56:50 PM (2 years ago)

Author:

chrisakelley

Message:

Release 1.8.7.1

Location:

envira-gallery-lite

Files:

: 10 edited
: 1 copied

tags/1.8.7.1 (copied) (copied from envira-gallery-lite/trunk)
tags/1.8.7.1/envira-gallery-lite.php (modified) (2 diffs)
tags/1.8.7.1/includes/admin/ajax.php (modified) (25 diffs)
tags/1.8.7.1/includes/admin/common.php (modified) (2 diffs)
tags/1.8.7.1/includes/admin/metaboxes.php (modified) (1 diff)
tags/1.8.7.1/readme.txt (modified) (2 diffs)
trunk/envira-gallery-lite.php (modified) (2 diffs)
trunk/includes/admin/ajax.php (modified) (25 diffs)
trunk/includes/admin/common.php (modified) (2 diffs)
trunk/includes/admin/metaboxes.php (modified) (1 diff)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

envira-gallery-lite/tags/1.8.7.1/envira-gallery-lite.php

-                      r2993297
+                      r2996579
  * Author:      Envira Gallery Team
  * Author URI:  http://enviragallery.com
  * Version:     1.8.7
+ * Version:     1.8.7.1
  * Text Domain: envira-gallery-lite
+ *
 …
      * @var string
      */
     public $version = '1.8.7';
+    public $version = '1.8.7.1';
     /**

envira-gallery-lite/tags/1.8.7.1/includes/admin/ajax.php

-                      r2993297
+                      r2996579
     // Run a security check first.
     check_admin_referer( 'envira-gallery-change-type', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
+}
 add_action( 'wp_ajax_envira_gallery_change_preview', 'envira_gallery_ajax_change_preview' );
 /**
  * Returns the output for the Preview Metabox for the given Gallery Type.
+add_action( 'wp_ajax_envira_gallery_set_user_setting', 'envira_gallery_ajax_set_user_setting' );
+/**
+ * Stores a user setting for the logged in WordPress User
+ *
  * @since 1.5.0
  */
-function envira_gallery_ajax_change_preview() {
-    // Run a security check first.
-    check_admin_referer( 'envira-gallery-change-preview', 'nonce' );
-    // Prepare variables.
-    $post_id = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
-    $type    = isset( $_POST['type'] ) ? sanitize_text_field( wp_unslash( $_POST['type'] ) ) : '';
-    // Get the saved Gallery configuration.
-    $data = Envira_Gallery_Lite::get_instance()->get_gallery( $post_id );
-    // Iterate through the POSTed Gallery configuration (which comprises of index based fields),
-    // overwriting the above with the supplied values.  This gives us the most up to date,
-    // unsaved configuration.
-    foreach ( wp_unslash( $_POST['data'] ) as $index => $field ) { // @codingStandardsIgnoreLine
-        // Skip if this isnt' a configuration field.
-        if ( strpos( $field['name'], '_envira_gallery[' ) === false ) {
-            continue;
+        }
-        // Extract the key from the field name.
-        preg_match_all( '/\[([^\]]*)\]/', $field['name'], $matches );
-        if ( ! isset( $matches[1] ) || count( $matches[1] ) === 0 ) {
-            continue;
+        }
-        // Add this field key/value pair to the configuration.
-        $data['config'][ $matches[1][0] ] = $field['value'];
+    }
-    // Retrieve the preview for the type selected, using the now up-to-date gallery configuration.
-    ob_start();
-    do_action( 'envira_gallery_preview_' . $type, $data );
-    $html = ob_get_clean();
-    // Send back the response.
-    echo wp_json_encode( $html );
-    die;
+}
-add_action( 'wp_ajax_envira_gallery_set_user_setting', 'envira_gallery_ajax_set_user_setting' );
-/**
- * Stores a user setting for the logged in WordPress User
+ *
- * @since 1.5.0
- */
 function envira_gallery_ajax_set_user_setting() {
     // Run a security check first.
     check_admin_referer( 'envira-gallery-set-user-setting', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-load-image', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     check_admin_referer( 'envira-gallery-insert-images', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $images = [];
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-sort', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-remove-image', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     check_admin_referer( 'envira-gallery-remove-image', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $post_id      = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
 …
     // Run a security check first.
     check_ajax_referer( 'envira-gallery-save-meta', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     check_admin_referer( 'envira-gallery-save-meta', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $post_id   = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
 …
     check_admin_referer( 'envira-gallery-refresh', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $post_id = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
 …
 add_action( 'wp_ajax_envira_gallery_load_gallery_data', 'envira_gallery_ajax_load_gallery_data' );
 /**
  * Retrieves and return gallery data for the specified ID.
 …
  */
 function envira_gallery_ajax_load_gallery_data() {
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables and grab the gallery data.
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-install', 'nonce' );
+    if ( ! current_user_can( 'install_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to install plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Install the addon.
 …
     check_admin_referer( 'envira-gallery-activate', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to activate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Activate the addon.
     if ( isset( $_POST['plugin'] ) ) {
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-deactivate', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Deactivate the addon.
 …
     check_admin_referer( 'envira-gallery-dismiss-notice', 'nonce' );
+    if ( ! current_user_can( 'edit_dashboard' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to dismiss notices.', 'envira-gallery-lite' ) ] );
+    }
     // Deactivate the notice.
     if ( isset( $_POST['notice'] ) ) {
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-dismiss-topbar', 'nonce' );
+    if ( ! current_user_can( 'edit_dashboard' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to dismiss notices.', 'envira-gallery-lite' ) ] );
+    }
     update_option( 'envira_pro_upgrade_header_dismissed', true );
 …
     // Check nonce.
     check_ajax_referer( 'envira-gallery-save-meta', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Get required inputs.
 …
     // Check nonce.
     check_admin_referer( 'envira-gallery-editor-get-galleries', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Get POSTed fields.
 …
     check_admin_referer( 'envira-gallery-move-media', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to move media.', 'envira-gallery-lite' ) ] );
+    }
     // Get POSTed fields.
     $from_gallery_id = isset( $_POST['from_gallery_id'] ) ? absint( $_POST['from_gallery_id'] ) : null;
 …
     check_admin_referer( 'envira-gallery-activate-partner', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to activate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Activate the addon.
     if ( isset( $_POST['basename'] ) ) {
         $activate = activate_plugin( wp_unslash( $_POST['basename'] ) );  // @codingStandardsIgnoreLine
+        $activate = activate_plugin( sanitize_text_field( wp_unslash( $_POST['basename'] ) ) );
         if ( is_wp_error( $activate ) ) {
 …
     check_admin_referer( 'envira-gallery-deactivate-partner', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Deactivate the addon.
     if ( isset( $_POST['basename'] ) ) {
 …
     check_admin_referer( 'envira-gallery-install-partner', 'nonce' );
+    if ( ! current_user_can( 'install_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to install plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Install the addon.
     if ( isset( $_POST['download_url'] ) ) {
 …
         set_current_screen();
-        // Prepare variables.
         $method = '';
+        $url    = add_query_arg(
+            [
+                'page' => 'pdfemb_list_options',
+            ],
+            admin_url( 'options-general.php' )
+        );
+        $url    = esc_url( $url );
+        $url    = esc_url( admin_url( 'edit.php?post_type=envira&page=envira-gallery-lite-about-us' ) );
         // Start output bufferring to catch the filesystem form if credentials are needed.
 …
     // Start output bufferring to catch the filesystem form if credentials are needed.
     ob_start();
+    $method = '';
+    $url    = esc_url( admin_url( 'edit.php?post_type=envira&page=envira-gallery-lite-about-us' ) );
     $creds = request_filesystem_credentials( $url, $method, false, false, null );
     if ( false === $creds ) {

envira-gallery-lite/tags/1.8.7.1/includes/admin/common.php

-                      r2993297
+                      r2996579
      */
     public function add_upgrade_menu_item() {
         global $submenu;
 …
             esc_url( $this->get_upgrade_link( 'http://enviragallery.com/lite/', 'adminsidebar', 'unlockprosidebar' ) )
         );
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
         $upgrade_link_position = key(

envira-gallery-lite/tags/1.8.7.1/includes/admin/metaboxes.php

-                      r2993297
+                      r2996579
+            ]
         );
+    }
-    /**
-     * Callback for displaying the Preview metabox.
+     *
-     * @since 1.5.0
+     *
-     * @param object $post The current post object.
-     */
-    public function meta_box_preview_callback( $post ) {
-        // Get the gallery data.
-        $data = get_post_meta( $post->ID, '_eg_gallery_data', true );
-        // Output the display based on the type of slider being created.
-        echo '<div id="envira-gallery-preview-main" class="envira-clear">';
-        $this->preview_display( $this->get_config( 'type', $this->get_config_default( 'type' ) ), $data );
-        echo '</div>
-              <div class="spinner"></div>';
+    }

envira-gallery-lite/tags/1.8.7.1/readme.txt

-                      r2993297
+                      r2996579
 Tested up to: 6.4.1
 Requires PHP: 5.6
 Stable tag: 1.8.7
+Stable tag: 1.8.7.1
 License: GNU General Public License v2.0 or later
 …
 == Changelog ==
+.8.7.1
+* Fixed: Notices for non-admin users in admin.
+* Fixed: Capability checks for ajax calls
 .8.7

envira-gallery-lite/trunk/envira-gallery-lite.php

-                      r2993297
+                      r2996579
  * Author:      Envira Gallery Team
  * Author URI:  http://enviragallery.com
  * Version:     1.8.7
+ * Version:     1.8.7.1
  * Text Domain: envira-gallery-lite
+ *
 …
      * @var string
      */
     public $version = '1.8.7';
+    public $version = '1.8.7.1';
     /**

envira-gallery-lite/trunk/includes/admin/ajax.php

-                      r2993297
+                      r2996579
     // Run a security check first.
     check_admin_referer( 'envira-gallery-change-type', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
+}
 add_action( 'wp_ajax_envira_gallery_change_preview', 'envira_gallery_ajax_change_preview' );
 /**
  * Returns the output for the Preview Metabox for the given Gallery Type.
+add_action( 'wp_ajax_envira_gallery_set_user_setting', 'envira_gallery_ajax_set_user_setting' );
+/**
+ * Stores a user setting for the logged in WordPress User
+ *
  * @since 1.5.0
  */
-function envira_gallery_ajax_change_preview() {
-    // Run a security check first.
-    check_admin_referer( 'envira-gallery-change-preview', 'nonce' );
-    // Prepare variables.
-    $post_id = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
-    $type    = isset( $_POST['type'] ) ? sanitize_text_field( wp_unslash( $_POST['type'] ) ) : '';
-    // Get the saved Gallery configuration.
-    $data = Envira_Gallery_Lite::get_instance()->get_gallery( $post_id );
-    // Iterate through the POSTed Gallery configuration (which comprises of index based fields),
-    // overwriting the above with the supplied values.  This gives us the most up to date,
-    // unsaved configuration.
-    foreach ( wp_unslash( $_POST['data'] ) as $index => $field ) { // @codingStandardsIgnoreLine
-        // Skip if this isnt' a configuration field.
-        if ( strpos( $field['name'], '_envira_gallery[' ) === false ) {
-            continue;
+        }
-        // Extract the key from the field name.
-        preg_match_all( '/\[([^\]]*)\]/', $field['name'], $matches );
-        if ( ! isset( $matches[1] ) || count( $matches[1] ) === 0 ) {
-            continue;
+        }
-        // Add this field key/value pair to the configuration.
-        $data['config'][ $matches[1][0] ] = $field['value'];
+    }
-    // Retrieve the preview for the type selected, using the now up-to-date gallery configuration.
-    ob_start();
-    do_action( 'envira_gallery_preview_' . $type, $data );
-    $html = ob_get_clean();
-    // Send back the response.
-    echo wp_json_encode( $html );
-    die;
+}
-add_action( 'wp_ajax_envira_gallery_set_user_setting', 'envira_gallery_ajax_set_user_setting' );
-/**
- * Stores a user setting for the logged in WordPress User
+ *
- * @since 1.5.0
- */
 function envira_gallery_ajax_set_user_setting() {
     // Run a security check first.
     check_admin_referer( 'envira-gallery-set-user-setting', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-load-image', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     check_admin_referer( 'envira-gallery-insert-images', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $images = [];
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-sort', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-remove-image', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     check_admin_referer( 'envira-gallery-remove-image', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $post_id      = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
 …
     // Run a security check first.
     check_ajax_referer( 'envira-gallery-save-meta', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
 …
     check_admin_referer( 'envira-gallery-save-meta', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $post_id   = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
 …
     check_admin_referer( 'envira-gallery-refresh', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables.
     $post_id = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : null;
 …
 add_action( 'wp_ajax_envira_gallery_load_gallery_data', 'envira_gallery_ajax_load_gallery_data' );
 /**
  * Retrieves and return gallery data for the specified ID.
 …
  */
 function envira_gallery_ajax_load_gallery_data() {
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Prepare variables and grab the gallery data.
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-install', 'nonce' );
+    if ( ! current_user_can( 'install_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to install plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Install the addon.
 …
     check_admin_referer( 'envira-gallery-activate', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to activate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Activate the addon.
     if ( isset( $_POST['plugin'] ) ) {
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-deactivate', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Deactivate the addon.
 …
     check_admin_referer( 'envira-gallery-dismiss-notice', 'nonce' );
+    if ( ! current_user_can( 'edit_dashboard' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to dismiss notices.', 'envira-gallery-lite' ) ] );
+    }
     // Deactivate the notice.
     if ( isset( $_POST['notice'] ) ) {
 …
     // Run a security check first.
     check_admin_referer( 'envira-gallery-dismiss-topbar', 'nonce' );
+    if ( ! current_user_can( 'edit_dashboard' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to dismiss notices.', 'envira-gallery-lite' ) ] );
+    }
     update_option( 'envira_pro_upgrade_header_dismissed', true );
 …
     // Check nonce.
     check_ajax_referer( 'envira-gallery-save-meta', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Get required inputs.
 …
     // Check nonce.
     check_admin_referer( 'envira-gallery-editor-get-galleries', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit galleries.', 'envira-gallery-lite' ) ] );
+    }
     // Get POSTed fields.
 …
     check_admin_referer( 'envira-gallery-move-media', 'nonce' );
+    if ( ! current_user_can( 'edit_posts' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to move media.', 'envira-gallery-lite' ) ] );
+    }
     // Get POSTed fields.
     $from_gallery_id = isset( $_POST['from_gallery_id'] ) ? absint( $_POST['from_gallery_id'] ) : null;
 …
     check_admin_referer( 'envira-gallery-activate-partner', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to activate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Activate the addon.
     if ( isset( $_POST['basename'] ) ) {
         $activate = activate_plugin( wp_unslash( $_POST['basename'] ) );  // @codingStandardsIgnoreLine
+        $activate = activate_plugin( sanitize_text_field( wp_unslash( $_POST['basename'] ) ) );
         if ( is_wp_error( $activate ) ) {
 …
     check_admin_referer( 'envira-gallery-deactivate-partner', 'nonce' );
+    if ( ! current_user_can( 'activate_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Deactivate the addon.
     if ( isset( $_POST['basename'] ) ) {
 …
     check_admin_referer( 'envira-gallery-install-partner', 'nonce' );
+    if ( ! current_user_can( 'install_plugins' ) ) {
+        wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to install plugins.', 'envira-gallery-lite' ) ] );
+    }
     // Install the addon.
     if ( isset( $_POST['download_url'] ) ) {
 …
         set_current_screen();
-        // Prepare variables.
         $method = '';
+        $url    = add_query_arg(
+            [
+                'page' => 'pdfemb_list_options',
+            ],
+            admin_url( 'options-general.php' )
+        );
+        $url    = esc_url( $url );
+        $url    = esc_url( admin_url( 'edit.php?post_type=envira&page=envira-gallery-lite-about-us' ) );
         // Start output bufferring to catch the filesystem form if credentials are needed.
 …
     // Start output bufferring to catch the filesystem form if credentials are needed.
     ob_start();
+    $method = '';
+    $url    = esc_url( admin_url( 'edit.php?post_type=envira&page=envira-gallery-lite-about-us' ) );
     $creds = request_filesystem_credentials( $url, $method, false, false, null );
     if ( false === $creds ) {

envira-gallery-lite/trunk/includes/admin/common.php

-                      r2993297
+                      r2996579
      */
     public function add_upgrade_menu_item() {
         global $submenu;
 …
             esc_url( $this->get_upgrade_link( 'http://enviragallery.com/lite/', 'adminsidebar', 'unlockprosidebar' ) )
         );
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
         $upgrade_link_position = key(

envira-gallery-lite/trunk/includes/admin/metaboxes.php

-                      r2993297
+                      r2996579
+            ]
         );
+    }
-    /**
-     * Callback for displaying the Preview metabox.
+     *
-     * @since 1.5.0
+     *
-     * @param object $post The current post object.
-     */
-    public function meta_box_preview_callback( $post ) {
-        // Get the gallery data.
-        $data = get_post_meta( $post->ID, '_eg_gallery_data', true );
-        // Output the display based on the type of slider being created.
-        echo '<div id="envira-gallery-preview-main" class="envira-clear">';
-        $this->preview_display( $this->get_config( 'type', $this->get_config_default( 'type' ) ), $data );
-        echo '</div>
-              <div class="spinner"></div>';
+    }

envira-gallery-lite/trunk/readme.txt

-                      r2993297
+                      r2996579
 Tested up to: 6.4.1
 Requires PHP: 5.6
 Stable tag: 1.8.7
+Stable tag: 1.8.7.1
 License: GNU General Public License v2.0 or later
 …
 == Changelog ==
+.8.7.1
+* Fixed: Notices for non-admin users in admin.
+* Fixed: Capability checks for ajax calls
 .8.7

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: