Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2996581

Timestamp:

11/15/2023 04:57:08 PM (2 years ago)

Author:

chrisakelley

Message:

Release 2.7.4.1

Location:

Files:

: 8 edited
: 1 copied

tags/2.7.4.1 (copied) (copied from soliloquy-lite/trunk)
tags/2.7.4.1/includes/admin/ajax.php (modified) (19 diffs)
tags/2.7.4.1/includes/admin/common.php (modified) (1 diff)
tags/2.7.4.1/readme.txt (modified) (2 diffs)
tags/2.7.4.1/soliloquy-lite.php (modified) (2 diffs)
trunk/includes/admin/ajax.php (modified) (19 diffs)
trunk/includes/admin/common.php (modified) (1 diff)
trunk/readme.txt (modified) (2 diffs)
trunk/soliloquy-lite.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

soliloquy-lite/tags/2.7.4.1/includes/admin/ajax.php

-                      r2993325
+                      r2996581
         check_admin_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Get required inputs.
         $attachment_id = isset( $_POST['attachment_id'] ) ? absint( wp_unslash( $_POST['attachment_id'] ) ) : false;
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-upgrade', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Increase the time limit to account for large slider sets and suspend cache invalidations.
 …
         check_ajax_referer( 'soliloquy-is-hosted', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Setup vars.
         $video_url = ( isset( $_POST['video_url'] ) ? sanitize_text_field( wp_unslash( $_POST['video_url'] ) ) : '' );
 …
         check_ajax_referer( 'soliloquy-change-type', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $post_id = isset( $_POST['post_id'] ) ? absint( $_POST['post_id'] ) : '';
 …
     public function load_image() {
-        if ( ! current_user_can( 'upload_files' ) ) {
-            die();
+        }
         // Run a security check first.
         check_ajax_referer( 'soliloquy-load-image', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
     public function insert_slides() {
-        if ( ! current_user_can( 'upload_files' ) ) {
-            die();
+        }
         // Run a security check first.
         check_ajax_referer( 'soliloquy-insert-images', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         check_ajax_referer( 'soliloquy-sort', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $order       = isset( $_POST['order'] ) ? explode( ',', wp_unslash( $_POST['order'] ) ) : array(); //@codingStandardsIgnoreLine
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-remove-slide', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-remove-slide', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $post_id     = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : false;
 …
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $post_id   = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : false;
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-refresh', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         $post_id = isset( $_POST['post_id'] ) ? absint( $_POST['post_id'] ) : false;
         $view    = isset( $_POST['view'] ) ? trim( sanitize_text_field( wp_unslash( $_POST['view'] ) ) ) : false;
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         check_admin_referer( 'soliloquy-activate-partner', 'nonce' );
+        if ( ! current_user_can( 'activate_plugins' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'soliloquy' ) ] );
+        }
         // Activate the addon.
         if ( isset( $_POST['basename'] ) ) {
 …
         check_admin_referer( 'soliloquy-deactivate-partner', 'nonce' );
+        if ( ! current_user_can( 'activate_plugins' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'soliloquy' ) ] );
+        }
         // Deactivate the addon.
         if ( isset( $_POST['basename'] ) ) {
 …
         check_admin_referer( 'soliloquy-install-partner', 'nonce' );
+        if ( ! current_user_can( 'install_plugins' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to install plugins.', 'soliloquy' ) ] );
+        }
         // Install the addon.
         if ( isset( $_POST['download_url'] ) ) {
 …
             // Set the current screen to avoid undefined notices.
             set_current_screen();
+            $method = '';
+            $url    = esc_url( admin_url( 'edit.php?post_type=soliloquy&page=soliloquy-lite-about-us' ) );
             // Start output bufferring to catch the filesystem form if credentials are needed.
 …
         // Start output bufferring to catch the filesystem form if credentials are needed.
         ob_start();
+        $method = '';
+        $url    = esc_url_raw( admin_url( 'edit.php?post_type=soliloquy&page=soliloquy-lite-about-us' ) );
         $creds = request_filesystem_credentials( $url, $method, false, false, null );
         if ( false === $creds ) {

soliloquy-lite/tags/2.7.4.1/includes/admin/common.php

-                      r2993325
+                      r2996581
             esc_url( $this->get_upgrade_link( 'http://soliloquywp.com/lite/', 'adminsidebar', 'unlockprosidebar' ) )
         );
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
         $upgrade_link_position = key(

soliloquy-lite/tags/2.7.4.1/readme.txt

-                      r2993325
+                      r2996581
 Tested up to: 6.4.1
 Requires PHP: 5.6
 Stable tag: 2.7.4
+Stable tag: 2.7.4.1
 License: GNU General Public License v2.0 or later
 …
 == Changelog ==
+= 2.7.4.1 =
+* Fixed: Notices for non-admin users in admin.
+* Fixed: Capability checks for ajax calls
 = 2.7.4 =

soliloquy-lite/tags/2.7.4.1/soliloquy-lite.php

-                      r2993325
+                      r2996581
  * Author:      Soliloquy Team
  * Author URI:  https://soliloquywp.com
  * Version:     2.7.4
+ * Version:     2.7.4.1
  * Text Domain: soliloquy
  * Domain Path: languages
 …
      * @var string
      */
     public $version = '2.7.4';
+    public $version = '2.7.4.1';
     /**

soliloquy-lite/trunk/includes/admin/ajax.php

-                      r2993325
+                      r2996581
         check_admin_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Get required inputs.
         $attachment_id = isset( $_POST['attachment_id'] ) ? absint( wp_unslash( $_POST['attachment_id'] ) ) : false;
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-upgrade', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Increase the time limit to account for large slider sets and suspend cache invalidations.
 …
         check_ajax_referer( 'soliloquy-is-hosted', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Setup vars.
         $video_url = ( isset( $_POST['video_url'] ) ? sanitize_text_field( wp_unslash( $_POST['video_url'] ) ) : '' );
 …
         check_ajax_referer( 'soliloquy-change-type', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $post_id = isset( $_POST['post_id'] ) ? absint( $_POST['post_id'] ) : '';
 …
     public function load_image() {
-        if ( ! current_user_can( 'upload_files' ) ) {
-            die();
+        }
         // Run a security check first.
         check_ajax_referer( 'soliloquy-load-image', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
     public function insert_slides() {
-        if ( ! current_user_can( 'upload_files' ) ) {
-            die();
+        }
         // Run a security check first.
         check_ajax_referer( 'soliloquy-insert-images', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         check_ajax_referer( 'soliloquy-sort', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $order       = isset( $_POST['order'] ) ? explode( ',', wp_unslash( $_POST['order'] ) ) : array(); //@codingStandardsIgnoreLine
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-remove-slide', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-remove-slide', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $post_id     = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : false;
 …
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
         $post_id   = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : false;
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-refresh', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         $post_id = isset( $_POST['post_id'] ) ? absint( $_POST['post_id'] ) : false;
         $view    = isset( $_POST['view'] ) ? trim( sanitize_text_field( wp_unslash( $_POST['view'] ) ) ) : false;
 …
         // Run a security check first.
         check_ajax_referer( 'soliloquy-save-meta', 'nonce' );
+        if ( ! current_user_can( 'edit_posts' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to edit sliders.', 'soliloquy' ) ] );
+        }
         // Prepare variables.
 …
         check_admin_referer( 'soliloquy-activate-partner', 'nonce' );
+        if ( ! current_user_can( 'activate_plugins' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'soliloquy' ) ] );
+        }
         // Activate the addon.
         if ( isset( $_POST['basename'] ) ) {
 …
         check_admin_referer( 'soliloquy-deactivate-partner', 'nonce' );
+        if ( ! current_user_can( 'activate_plugins' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to deactivate plugins.', 'soliloquy' ) ] );
+        }
         // Deactivate the addon.
         if ( isset( $_POST['basename'] ) ) {
 …
         check_admin_referer( 'soliloquy-install-partner', 'nonce' );
+        if ( ! current_user_can( 'install_plugins' ) ) {
+            wp_send_json_error( [ 'message' => esc_html__( 'You are not allowed to install plugins.', 'soliloquy' ) ] );
+        }
         // Install the addon.
         if ( isset( $_POST['download_url'] ) ) {
 …
             // Set the current screen to avoid undefined notices.
             set_current_screen();
+            $method = '';
+            $url    = esc_url( admin_url( 'edit.php?post_type=soliloquy&page=soliloquy-lite-about-us' ) );
             // Start output bufferring to catch the filesystem form if credentials are needed.
 …
         // Start output bufferring to catch the filesystem form if credentials are needed.
         ob_start();
+        $method = '';
+        $url    = esc_url_raw( admin_url( 'edit.php?post_type=soliloquy&page=soliloquy-lite-about-us' ) );
         $creds = request_filesystem_credentials( $url, $method, false, false, null );
         if ( false === $creds ) {

soliloquy-lite/trunk/includes/admin/common.php

-                      r2993325
+                      r2996581
             esc_url( $this->get_upgrade_link( 'http://soliloquywp.com/lite/', 'adminsidebar', 'unlockprosidebar' ) )
         );
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
         $upgrade_link_position = key(

soliloquy-lite/trunk/readme.txt

-                      r2993325
+                      r2996581
 Tested up to: 6.4.1
 Requires PHP: 5.6
 Stable tag: 2.7.4
+Stable tag: 2.7.4.1
 License: GNU General Public License v2.0 or later
 …
 == Changelog ==
+= 2.7.4.1 =
+* Fixed: Notices for non-admin users in admin.
+* Fixed: Capability checks for ajax calls
 = 2.7.4 =

soliloquy-lite/trunk/soliloquy-lite.php

-                      r2993325
+                      r2996581
  * Author:      Soliloquy Team
  * Author URI:  https://soliloquywp.com
  * Version:     2.7.4
+ * Version:     2.7.4.1
  * Text Domain: soliloquy
  * Domain Path: languages
 …
      * @var string
      */
     public $version = '2.7.4';
+    public $version = '2.7.4.1';
     /**

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: