Changeset 3185807
- Timestamp:
- 11/11/2024 02:46:39 PM (17 months ago)
- Location:
- wedevs-project-manager/trunk
- Files:
-
- 14 edited
-
changelog.txt (modified) (1 diff)
-
config/app.php (modified) (1 diff)
-
core/Permissions/Abstract_Permission.php (modified) (1 diff)
-
cpm.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
src/Comment/Controllers/Comment_Controller.php (modified) (4 diffs)
-
src/Discussion_Board/Controllers/Discussion_Board_Controller.php (modified) (3 diffs)
-
src/File/Helper/File.php (modified) (1 diff)
-
src/Task/Models/Task.php (modified) (2 diffs)
-
vendor/autoload.php (modified) (1 diff)
-
vendor/composer/ClassLoader.php (modified) (24 diffs)
-
vendor/composer/autoload_real.php (modified) (2 diffs)
-
vendor/composer/autoload_static.php (modified) (2 diffs)
-
vendor/composer/installed.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wedevs-project-manager/trunk/changelog.txt
r3061130 r3185807 1 1 == Changelog == 2 3 = v2.6.14 - Nov 11, 2024 = 4 5 **Fix:** Vulnerable security issue. 6 **Fix:** XSS attack while uploading svg file. 7 **Fix:** Sub task duplicating issue. 2 8 3 9 = v2.6.13 - Mar 29, 2024 = -
wedevs-project-manager/trunk/config/app.php
r3061130 r3185807 4 4 'name' => 'Project Manager', 5 5 'slug' => 'pm', 6 'version' => '2.6.1 3',6 'version' => '2.6.14', 7 7 'api' => '2', 8 8 'db_version' => '2.5', -
wedevs-project-manager/trunk/core/Permissions/Abstract_Permission.php
r2474296 r3185807 22 22 public function __construct( WP_REST_Request $request ) { 23 23 $this->request = $request; 24 25 $user_id = $request->get_param( 'user_id' );26 $user_id = empty( $user_id ) ? 0 : intval( $user_id );27 28 if ( empty( $user_id ) && ! empty( get_current_user_id() ) ) {29 $user_id = get_current_user_id();30 }31 32 wp_set_current_user( $user_id );33 24 } 34 25 -
wedevs-project-manager/trunk/cpm.php
r3061130 r3185807 6 6 * Author: weDevs 7 7 * Author URI: https://wedevs.com 8 * Version: 2.6.1 38 * Version: 2.6.14 9 9 * Text Domain: wedevs-project-manager 10 10 * Domain Path: /languages -
wedevs-project-manager/trunk/readme.txt
r3061130 r3185807 4 4 Tags: project, project manager, project management, project management plugin, project manager tool 5 5 Requires at least: 4.4 or higher 6 Tested up to: 6. 4.36 Tested up to: 6.6.2 7 7 Requires PHP: 5.6 8 Stable tag: 2.6.1 38 Stable tag: 2.6.14 9 9 License: GPLv2 or later 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 310 310 == Changelog == 311 311 312 = v2.6.14 - Nov 11, 2024 = 313 314 **Fix:** Vulnerable security issue. 315 **Fix:** XSS attack while uploading svg file. 316 **Fix:** Sub task duplicating issue. 317 318 312 319 = v2.6.13 - Mar 29, 2024 = 313 320 -
wedevs-project-manager/trunk/src/Comment/Controllers/Comment_Controller.php
r2474296 r3185807 16 16 use WeDevs\PM\File\Models\File; 17 17 use WeDevs\PM\Common\Traits\File_Attachment; 18 use WeDevs\PM\File\Helper\File as HelperFile; 18 19 19 20 class Comment_Controller { … … 80 81 81 82 $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; 82 83 84 if( HelperFile::check_file_for_xss_code( $files ) ){ 85 return wp_send_json( 86 [ 87 'error_type' => 'svg_xss', 88 'message' => __( 'The SVG file you attempted to upload contains content that may pose security risks. Please ensure your file is safe and try again.', 'pm-pro' ) 89 ], 400 90 ); 91 wp_die(); 92 } 93 83 94 $comment = Comment::create( $data ); 84 95 … … 116 127 // An array of files 117 128 $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; 129 130 if( HelperFile::check_file_for_xss_code( $files ) ){ 131 return wp_send_json( 132 [ 133 'error_type' => 'svg_xss', 134 'message' => __( 'The SVG file you attempted to upload contains content that may pose security risks. Please ensure your file is safe and try again.', 'pm-pro' ) 135 ], 400 136 ); 137 wp_die(); 138 } 118 139 119 140 // An array of file ids that needs to be deleted … … 165 186 return $this->get_response(false, $message); 166 187 } 188 167 189 } -
wedevs-project-manager/trunk/src/Discussion_Board/Controllers/Discussion_Board_Controller.php
r2474296 r3185807 18 18 use WeDevs\PM\Common\Traits\File_Attachment; 19 19 use Illuminate\Pagination\Paginator; 20 use WeDevs\PM\File\Helper\File as HelperFile; 20 21 21 22 use WeDevs\PM\Task\Models\Task; … … 74 75 $milestone_id = $request->get_param( 'milestone' ); 75 76 $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; 77 78 if( HelperFile::check_file_for_xss_code( $files ) ){ 79 return wp_send_json( 80 [ 81 'error_type' => 'svg_xss', 82 'message' => __( 'The SVG file you attempted to upload contains content that may pose security risks. Please ensure your file is safe and try again.', 'pm-pro' ) 83 ], 400 84 ); 85 wp_die(); 86 } 76 87 77 88 $is_private = $request->get_param( 'privacy' ); … … 108 119 $files = array_key_exists( 'files', $media_data ) ? $media_data['files'] : null; 109 120 $files_to_delete = $request->get_param( 'files_to_delete' ); 121 122 if( HelperFile::check_file_for_xss_code( $files ) ){ 123 return wp_send_json( 124 [ 125 'error_type' => 'svg_xss', 126 'message' => __( 'The SVG file you attempted to upload contains content that may pose security risks. Please ensure your file is safe and try again.', 'pm-pro' ) 127 ], 400 128 ); 129 wp_die(); 130 } 110 131 111 132 $is_private = $request->get_param( 'privacy' ); -
wedevs-project-manager/trunk/src/File/Helper/File.php
r2474296 r3185807 53 53 return $response; 54 54 } 55 56 public static function check_file_for_xss_code( $files ) { 57 if (isset($files['type']) && is_array($files['type'])) { 58 59 foreach ($files['type'] as $index => $file_type) { 60 61 if ($file_type === 'image/svg+xml') { 62 $svg_tmp_name = $files['tmp_name'][$index]; 63 $svg_content = file_get_contents($svg_tmp_name); 64 65 if (self::contains_xss_code($svg_content)) { 66 return true; 67 } 68 } 69 } 70 } 71 72 return false; 73 } 74 75 public static function contains_xss_code( $content ) { 76 $pattern = '/<script.*?>.*?<\/script>|on[a-z]+\s*=\s*["\'][^"\']*["\']/i'; 77 78 return preg_match($pattern, $content); 79 } 55 80 56 81 /** -
wedevs-project-manager/trunk/src/Task/Models/Task.php
r2474296 r3185807 76 76 } 77 77 78 public function scopeSubTasks( $query ) { 79 return $query->where( 'parent_id', $this->id ); 80 } 81 78 82 public function boards() { 79 83 return $this->belongsToMany( 'WeDevs\PM\Common\Models\Board', pm_tb_prefix() . 'pm_boardables', 'boardable_id', 'board_id' ) … … 83 87 public function boardables() { 84 88 return $this->hasMany( 'WeDevs\PM\Common\Models\Boardable', 'boardable_id' )->where( 'boardable_type', 'task' ); 89 } 90 91 public function sub_boardables() { 92 return $this->hasMany( 'WeDevs\PM\Common\Models\Boardable', 'boardable_id' )->where( 'boardable_type', 'sub_task' ); 85 93 } 86 94 -
wedevs-project-manager/trunk/vendor/autoload.php
r3061130 r3185807 23 23 require_once __DIR__ . '/composer/autoload_real.php'; 24 24 25 return ComposerAutoloaderInit 1d90e6d12f552e726b8502c8f1a9fd6c::getLoader();25 return ComposerAutoloaderInite36117ab3af2efa55804ee3f819c39bb::getLoader(); -
wedevs-project-manager/trunk/vendor/composer/ClassLoader.php
r3033574 r3185807 46 46 private static $includeFile; 47 47 48 /** @var ?string*/48 /** @var string|null */ 49 49 private $vendorDir; 50 50 51 51 // PSR-4 52 52 /** 53 * @var array[] 54 * @psalm-var array<string, array<string, int>> 53 * @var array<string, array<string, int>> 55 54 */ 56 55 private $prefixLengthsPsr4 = array(); 57 56 /** 58 * @var array[] 59 * @psalm-var array<string, array<int, string>> 57 * @var array<string, list<string>> 60 58 */ 61 59 private $prefixDirsPsr4 = array(); 62 60 /** 63 * @var array[] 64 * @psalm-var array<string, string> 61 * @var list<string> 65 62 */ 66 63 private $fallbackDirsPsr4 = array(); … … 68 65 // PSR-0 69 66 /** 70 * @var array[] 71 * @psalm-var array<string, array<string, string[]>> 67 * List of PSR-0 prefixes 68 * 69 * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2'))) 70 * 71 * @var array<string, array<string, list<string>>> 72 72 */ 73 73 private $prefixesPsr0 = array(); 74 74 /** 75 * @var array[] 76 * @psalm-var array<string, string> 75 * @var list<string> 77 76 */ 78 77 private $fallbackDirsPsr0 = array(); … … 82 81 83 82 /** 84 * @var string[] 85 * @psalm-var array<string, string> 83 * @var array<string, string> 86 84 */ 87 85 private $classMap = array(); … … 91 89 92 90 /** 93 * @var bool[] 94 * @psalm-var array<string, bool> 91 * @var array<string, bool> 95 92 */ 96 93 private $missingClasses = array(); 97 94 98 /** @var ?string*/95 /** @var string|null */ 99 96 private $apcuPrefix; 100 97 101 98 /** 102 * @var self[]99 * @var array<string, self> 103 100 */ 104 101 private static $registeredLoaders = array(); 105 102 106 103 /** 107 * @param ?string$vendorDir104 * @param string|null $vendorDir 108 105 */ 109 106 public function __construct($vendorDir = null) … … 114 111 115 112 /** 116 * @return string[]113 * @return array<string, list<string>> 117 114 */ 118 115 public function getPrefixes() … … 126 123 127 124 /** 128 * @return array[] 129 * @psalm-return array<string, array<int, string>> 125 * @return array<string, list<string>> 130 126 */ 131 127 public function getPrefixesPsr4() … … 135 131 136 132 /** 137 * @return array[] 138 * @psalm-return array<string, string> 133 * @return list<string> 139 134 */ 140 135 public function getFallbackDirs() … … 144 139 145 140 /** 146 * @return array[] 147 * @psalm-return array<string, string> 141 * @return list<string> 148 142 */ 149 143 public function getFallbackDirsPsr4() … … 153 147 154 148 /** 155 * @return string[] Array of classname => path 156 * @psalm-return array<string, string> 149 * @return array<string, string> Array of classname => path 157 150 */ 158 151 public function getClassMap() … … 162 155 163 156 /** 164 * @param string[] $classMap Class to filename map 165 * @psalm-param array<string, string> $classMap 157 * @param array<string, string> $classMap Class to filename map 166 158 * 167 159 * @return void … … 180 172 * appending or prepending to the ones previously set for this prefix. 181 173 * 182 * @param string $prefix The prefix183 * @param string[]|string $paths The PSR-0 root directories184 * @param bool $prepend Whether to prepend the directories174 * @param string $prefix The prefix 175 * @param list<string>|string $paths The PSR-0 root directories 176 * @param bool $prepend Whether to prepend the directories 185 177 * 186 178 * @return void … … 188 180 public function add($prefix, $paths, $prepend = false) 189 181 { 182 $paths = (array) $paths; 190 183 if (!$prefix) { 191 184 if ($prepend) { 192 185 $this->fallbackDirsPsr0 = array_merge( 193 (array)$paths,186 $paths, 194 187 $this->fallbackDirsPsr0 195 188 ); … … 197 190 $this->fallbackDirsPsr0 = array_merge( 198 191 $this->fallbackDirsPsr0, 199 (array)$paths192 $paths 200 193 ); 201 194 } … … 206 199 $first = $prefix[0]; 207 200 if (!isset($this->prefixesPsr0[$first][$prefix])) { 208 $this->prefixesPsr0[$first][$prefix] = (array)$paths;201 $this->prefixesPsr0[$first][$prefix] = $paths; 209 202 210 203 return; … … 212 205 if ($prepend) { 213 206 $this->prefixesPsr0[$first][$prefix] = array_merge( 214 (array)$paths,207 $paths, 215 208 $this->prefixesPsr0[$first][$prefix] 216 209 ); … … 218 211 $this->prefixesPsr0[$first][$prefix] = array_merge( 219 212 $this->prefixesPsr0[$first][$prefix], 220 (array)$paths213 $paths 221 214 ); 222 215 } … … 227 220 * appending or prepending to the ones previously set for this namespace. 228 221 * 229 * @param string $prefix The prefix/namespace, with trailing '\\'230 * @param string[]|string $paths The PSR-4 base directories231 * @param bool $prepend Whether to prepend the directories222 * @param string $prefix The prefix/namespace, with trailing '\\' 223 * @param list<string>|string $paths The PSR-4 base directories 224 * @param bool $prepend Whether to prepend the directories 232 225 * 233 226 * @throws \InvalidArgumentException … … 237 230 public function addPsr4($prefix, $paths, $prepend = false) 238 231 { 232 $paths = (array) $paths; 239 233 if (!$prefix) { 240 234 // Register directories for the root namespace. 241 235 if ($prepend) { 242 236 $this->fallbackDirsPsr4 = array_merge( 243 (array)$paths,237 $paths, 244 238 $this->fallbackDirsPsr4 245 239 ); … … 247 241 $this->fallbackDirsPsr4 = array_merge( 248 242 $this->fallbackDirsPsr4, 249 (array)$paths243 $paths 250 244 ); 251 245 } … … 257 251 } 258 252 $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length; 259 $this->prefixDirsPsr4[$prefix] = (array)$paths;253 $this->prefixDirsPsr4[$prefix] = $paths; 260 254 } elseif ($prepend) { 261 255 // Prepend directories for an already registered namespace. 262 256 $this->prefixDirsPsr4[$prefix] = array_merge( 263 (array)$paths,257 $paths, 264 258 $this->prefixDirsPsr4[$prefix] 265 259 ); … … 268 262 $this->prefixDirsPsr4[$prefix] = array_merge( 269 263 $this->prefixDirsPsr4[$prefix], 270 (array)$paths264 $paths 271 265 ); 272 266 } … … 277 271 * replacing any others previously set for this prefix. 278 272 * 279 * @param string $prefix The prefix280 * @param string[]|string $paths The PSR-0 base directories273 * @param string $prefix The prefix 274 * @param list<string>|string $paths The PSR-0 base directories 281 275 * 282 276 * @return void … … 295 289 * replacing any others previously set for this namespace. 296 290 * 297 * @param string $prefix The prefix/namespace, with trailing '\\'298 * @param string[]|string $paths The PSR-4 base directories291 * @param string $prefix The prefix/namespace, with trailing '\\' 292 * @param list<string>|string $paths The PSR-4 base directories 299 293 * 300 294 * @throws \InvalidArgumentException … … 482 476 483 477 /** 484 * Returns the currently registered loaders indexed by their corresponding vendor directories.485 * 486 * @return self[]478 * Returns the currently registered loaders keyed by their corresponding vendor directories. 479 * 480 * @return array<string, self> 487 481 */ 488 482 public static function getRegisteredLoaders() -
wedevs-project-manager/trunk/vendor/composer/autoload_real.php
r3061130 r3185807 3 3 // autoload_real.php @generated by Composer 4 4 5 class ComposerAutoloaderInit 1d90e6d12f552e726b8502c8f1a9fd6c5 class ComposerAutoloaderInite36117ab3af2efa55804ee3f819c39bb 6 6 { 7 7 private static $loader; … … 25 25 require __DIR__ . '/platform_check.php'; 26 26 27 spl_autoload_register(array('ComposerAutoloaderInit 1d90e6d12f552e726b8502c8f1a9fd6c', 'loadClassLoader'), true, true);27 spl_autoload_register(array('ComposerAutoloaderInite36117ab3af2efa55804ee3f819c39bb', 'loadClassLoader'), true, true); 28 28 self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__)); 29 spl_autoload_unregister(array('ComposerAutoloaderInit 1d90e6d12f552e726b8502c8f1a9fd6c', 'loadClassLoader'));29 spl_autoload_unregister(array('ComposerAutoloaderInite36117ab3af2efa55804ee3f819c39bb', 'loadClassLoader')); 30 30 31 31 require __DIR__ . '/autoload_static.php'; 32 call_user_func(\Composer\Autoload\ComposerStaticInit 1d90e6d12f552e726b8502c8f1a9fd6c::getInitializer($loader));32 call_user_func(\Composer\Autoload\ComposerStaticInite36117ab3af2efa55804ee3f819c39bb::getInitializer($loader)); 33 33 34 34 $loader->register(true); 35 35 36 $filesToLoad = \Composer\Autoload\ComposerStaticInit 1d90e6d12f552e726b8502c8f1a9fd6c::$files;36 $filesToLoad = \Composer\Autoload\ComposerStaticInite36117ab3af2efa55804ee3f819c39bb::$files; 37 37 $requireFile = \Closure::bind(static function ($fileIdentifier, $file) { 38 38 if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { -
wedevs-project-manager/trunk/vendor/composer/autoload_static.php
r3061130 r3185807 5 5 namespace Composer\Autoload; 6 6 7 class ComposerStaticInit 1d90e6d12f552e726b8502c8f1a9fd6c7 class ComposerStaticInite36117ab3af2efa55804ee3f819c39bb 8 8 { 9 9 public static $files = array ( … … 991 991 { 992 992 return \Closure::bind(function () use ($loader) { 993 $loader->prefixLengthsPsr4 = ComposerStaticInit 1d90e6d12f552e726b8502c8f1a9fd6c::$prefixLengthsPsr4;994 $loader->prefixDirsPsr4 = ComposerStaticInit 1d90e6d12f552e726b8502c8f1a9fd6c::$prefixDirsPsr4;995 $loader->classMap = ComposerStaticInit 1d90e6d12f552e726b8502c8f1a9fd6c::$classMap;993 $loader->prefixLengthsPsr4 = ComposerStaticInite36117ab3af2efa55804ee3f819c39bb::$prefixLengthsPsr4; 994 $loader->prefixDirsPsr4 = ComposerStaticInite36117ab3af2efa55804ee3f819c39bb::$prefixDirsPsr4; 995 $loader->classMap = ComposerStaticInite36117ab3af2efa55804ee3f819c39bb::$classMap; 996 996 997 997 }, null, ClassLoader::class); -
wedevs-project-manager/trunk/vendor/composer/installed.php
r3061130 r3185807 2 2 'root' => array( 3 3 'name' => 'wedevsofficial/wp-project-manager', 4 'pretty_version' => 'dev- develop',5 'version' => 'dev- develop',6 'reference' => ' 12d53caefa61856f4963de484a5ceb67f3e4df47',4 'pretty_version' => 'dev-master', 5 'version' => 'dev-master', 6 'reference' => 'a44a63bf961b9827614981d9aa5547b9e701bfb6', 7 7 'type' => 'wordpress-plugin', 8 8 'install_path' => __DIR__ . '/../../', … … 233 233 ), 234 234 'wedevsofficial/wp-project-manager' => array( 235 'pretty_version' => 'dev- develop',236 'version' => 'dev- develop',237 'reference' => ' 12d53caefa61856f4963de484a5ceb67f3e4df47',235 'pretty_version' => 'dev-master', 236 'version' => 'dev-master', 237 'reference' => 'a44a63bf961b9827614981d9aa5547b9e701bfb6', 238 238 'type' => 'wordpress-plugin', 239 239 'install_path' => __DIR__ . '/../../',
Note: See TracChangeset
for help on using the changeset viewer.