WordPress.org
Get WordPress

Plugin Directory

Changeset 3186581


Ignore:
Timestamp:
11/12/2024 02:42:43 PM (17 months ago)
Author:
vasyltech
Message:

Official 6.9.43

Location:
advanced-access-manager
Files:
354 added
7 edited

Legend:

Unmodified
Added
Removed

  • advanced-access-manager/trunk/aam.php

    r3171499 r3186581  
    44 * Plugin Name: Advanced Access Manager
    55 * Description: Powerfully robust WordPress plugin designed to help you control every aspect of your website, your way.
    6  * Version: 6.9.42
     6 * Version: 6.9.43
    77 * Author: AAM <support@aamplugin.com>
    88 * Author URI: https://aamportal.com
     
    332332    define('AAM_MEDIA', plugins_url('/media', __FILE__));
    333333    define('AAM_KEY', 'advanced-access-manager');
    334     define('AAM_VERSION', '6.9.42');
     334    define('AAM_VERSION', '6.9.43');
    335335    define('AAM_BASEDIR', __DIR__);
    336336

  • advanced-access-manager/trunk/application/Restful/CapabilityService.php

    r3153392 r3186581  
    209209            $user_id       = $request->get_param('user_id');
    210210            $capability    = urldecode($request->get_param('slug'));
    211             $new_slug      = urldecode($request->get_param('new_slug'));
     211            $new_slug      = $request->get_param('new_slug');
    212212            $ignore_format = $request->get_param('ignore_format');
    213213

  • advanced-access-manager/trunk/application/Restful/RoleService.php

    r3171499 r3186581  
    6666
    6767            // Get a specific role
    68             $this->_register_route('/service/role/(?P<role_slug>[\w\-]+)', array(
     68            $this->_register_route('/service/role/(?P<role_slug>[\w\-%+]+)', array(
    6969                'methods'             => WP_REST_Server::READABLE,
    7070                'callback'            => array($this, 'get_role'),
     
    150150
    151151            // Update existing role
    152             $this->_register_route('/service/role/(?P<role_slug>[\w\-]+)', array(
     152            $this->_register_route('/service/role/(?P<role_slug>[\w\-%+]+)', array(
    153153                'methods'             => WP_REST_Server::EDITABLE,
    154154                'callback'            => array($this, 'update_role'),
     
    191191
    192192            // Delete role
    193             $this->_register_route('/service/role/(?P<role_slug>[\w\-]+)', array(
     193            $this->_register_route('/service/role/(?P<role_slug>[\w\-%+]+)', array(
    194194                'methods'             => WP_REST_Server::DELETABLE,
    195195                'callback'            => array($this, 'delete_role'),
     
    250250    {
    251251        try {
    252             $result = ($this->prepare_role_output(
    253                 $this->_get_service()->get_role($request->get_param('role_slug')),
     252            $service = $this->_get_service();
     253            $result  = ($this->prepare_role_output(
     254                $service->get_role(urldecode($request->get_param('role_slug'))),
    254255                $this->_determine_additional_fields($request)
    255256            ));
     
    343344        try {
    344345            $name        = $request->get_param('name'); // optional
    345             $slug        = $request->get_param('role_slug'); // changing role ID
     346            $slug        = urldecode($request->get_param('role_slug'));
    346347            $new_slug    = $request->get_param('new_slug'); // optional
    347348            $add_caps    = $request->get_param('add_capabilities'); // optional
     
    388389            // Delete role
    389390            $result = [
    390                 'success' => $service->delete_role($request->get_param('role_slug'))
     391                'success' => $service->delete_role(urldecode(
     392                    $request->get_param('role_slug')
     393                ))
    391394            ];
    392395        } catch (Exception $ex) {

  • advanced-access-manager/trunk/application/Restful/ServiceTrait.php

    r3140065 r3186581  
    266266
    267267        try {
     268            $slug    = urldecode($slug);
    268269            $service = AAM_Framework_Manager::roles([
    269270                'error_handling' => 'exception'

  • advanced-access-manager/trunk/application/Service/SecurityAudit.php

    r3171499 r3186581  
    144144                'article'     => 'https://aamportal.com/article/security-risks-elevated-user-access-high-privilege-wordpress'
    145145            ),
     146            'high_privilege_content_moderator_roles' => array(
     147                'title'       => __('Identify High-Privilege Content Moderator Roles', AAM_KEY),
     148                'step'        => 'high_privilege_content_moderator_roles',
     149                'category'    => 'Access Strategy',
     150                'executor'    => AAM_Audit_HighPrivilegeContentModeratorCheck::class,
     151                'description' => __('Assigning high-privilege content moderation capabilities in WordPress, poses significant security risks if granted to untrusted roles. These capabilities allow users to manipulate or delete live content, inject malware, and harm SEO performance, potentially leading to data loss and compromised site integrity. By carefully managing user roles and permissions, you can protect your website from potential cyber threats while ensuring content integrity.', AAM_KEY),
     152                'article'     => 'https://aamportal.com/article/wordpress-security-risks-high-privilege-roles-content-moderation'
     153            ),
     154            'high_privilege_users_count' => array(
     155                'title'       => __('Identified Elevated Number of High-Privilege Users', AAM_KEY),
     156                'step'        => 'high_privilege_users_count',
     157                'category'    => 'Access Strategy',
     158                'executor'    => AAM_Audit_HighPrivilegeUserCountCheck::class,
     159                'description' => __('Having too many Administrator or high-privilege content moderation accounts on a WordPress site can seriously compromise security, as such account increases the risk of unauthorized access. Administrator accounts, with unrestricted control over the site, pose a significant threat if compromised, enabling attackers to install malware, alter site content, or hijack accounts. Even Editor accounts, though less powerful, allow users to modify and publish all posts, insert HTML and JavaScript, and upload files, which could lead to vulnerabilities like Cross-Site Scripting (XSS) or malware injection if an account is breached.', AAM_KEY),
     160                'article'     => 'https://aamportal.com/article/wordpress-security-risks-too-many-admin-editor-accounts'
     161            ),
    146162            'elevated_core_role_caps' => array(
    147163                'title'       => __('Flag Elevated Privileges for Core Roles', AAM_KEY),

  • advanced-access-manager/trunk/media/js/aam.js

    r3171499 r3186581  
    138138
    139139                $('.error-container', container).addClass('hidden');
     140            }
     141
     142            /**
     143             *
     144             * @param {*} role
     145             * @returns
     146             */
     147            function prepareRoleEndpoint(role) {
     148                return getLocal().rest_base + 'aam/v2/service/role/' + encodeURIComponent(role);
    140149            }
    141150
     
    611620
    612621                        if (data.name) {
    613                             $.ajax(`${getLocal().rest_base}aam/v2/service/role/${$(_this).data('role')}`, {
     622                            $.ajax(prepareRoleEndpoint($(_this).data('role')), {
    614623                                type: 'POST',
    615624                                headers: {
     
    663672                        ResetCache('roles');
    664673
    665                         $.ajax(`${getLocal().rest_base}aam/v2/service/role/${$(_this).data('role')}`, {
     674                        $.ajax(prepareRoleEndpoint($(_this).data('role')), {
    666675                            type: 'POST',
    667676                            headers: {
     
    25152524
    25162525                if (payload.role_id) {
    2517                     endpoint += `/role/${payload.role_id}`
     2526                    endpoint += `/role/` + encodeURIComponent(payload.role_id)
    25182527                } else if (payload.user_id) {
    25192528                    endpoint += `/user/${payload.user_id}`
     
    32303239                // Initialize the Reset to default button
    32313240                $('#content-reset').bind('click', function () {
    3232                     const type   = $(this).attr('data-type');
     3241                    const type   = encodeURIComponent($(this).attr('data-type'));
    32333242                    const id     = $(this).attr('data-id');
    3234                     const obj_id = id.split('|')[0];
     3243                    const obj_id = encodeURIComponent(id.split('|')[0]);
    32353244
    32363245                    const payload = {};

  • advanced-access-manager/trunk/readme.txt

    r3171499 r3186581  
    55Requires PHP: 5.6.0
    66Tested up to: 6.6.2
    7 Stable tag: 6.9.42
     7Stable tag: 6.9.43
    88
    99Take full control of your WordPress site with Advanced Access Manager (AAM), the ultimate plugin for managing access at the frontend, backend, and API levels for any role, user, or visitor.
     
    8181
    8282== Changelog ==
     83
     84= 6.9.43=
     85* Fixed: Can't update roles with whitespaces in slug [https://github.com/aamplugin/advanced-access-manager/issues/428](https://github.com/aamplugin/advanced-access-manager/issues/428)
     86* Added: Enhance Security Scan with additional steps [https://github.com/aamplugin/advanced-access-manager/issues/427](https://github.com/aamplugin/advanced-access-manager/issues/427)
    8387
    8488= 6.9.42 =
Note: See TracChangeset for help on using the changeset viewer.