Changeset 3211293
- Timestamp:
- 12/20/2024 10:31:45 PM (16 months ago)
- Location:
- coblocks
- Files:
-
- 8 edited
- 1 copied
-
tags/3.1.14 (copied) (copied from coblocks/trunk)
-
tags/3.1.14/class-coblocks.php (modified) (2 diffs)
-
tags/3.1.14/includes/admin/class-coblocks-crop-settings.php (modified) (3 diffs)
-
tags/3.1.14/includes/class-coblocks-block-assets.php (modified) (1 diff)
-
tags/3.1.14/readme.txt (modified) (2 diffs)
-
trunk/class-coblocks.php (modified) (2 diffs)
-
trunk/includes/admin/class-coblocks-crop-settings.php (modified) (3 diffs)
-
trunk/includes/class-coblocks-block-assets.php (modified) (1 diff)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
coblocks/tags/3.1.14/class-coblocks.php
r3179595 r3211293 5 5 * Author: GoDaddy 6 6 * Author URI: https://www.godaddy.com 7 * Version: 3.1.1 37 * Version: 3.1.14 8 8 * Text Domain: coblocks 9 9 * Domain Path: /languages … … 27 27 } 28 28 29 define( 'COBLOCKS_VERSION', '3.1.1 3' );29 define( 'COBLOCKS_VERSION', '3.1.14' ); 30 30 define( 'COBLOCKS_PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); 31 31 define( 'COBLOCKS_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); -
coblocks/tags/3.1.14/includes/admin/class-coblocks-crop-settings.php
r2887947 r3211293 87 87 */ 88 88 public function get_original_image() { 89 $nonce = filter_input( INPUT_POST, 'nonce' ); 90 91 if ( ! $nonce ) { 92 93 wp_send_json_error( 'No nonce value present.' ); 94 95 } 96 97 if ( ! wp_verify_nonce( htmlspecialchars( $nonce ), 'cropSettingsOriginalImageNonce' ) ) { 98 99 wp_send_json_error( 'Invalid nonce value.' ); 100 89 if ( ! wp_verify_nonce( sanitize_text_field( filter_input( INPUT_POST, 'nonce' ) ), 'cropSettingsOriginalImageNonce' ) ) { 90 wp_send_json_error( 'Invalid nonce value.', 403 ); 91 } 92 93 if ( ! current_user_can( 'upload_files' ) ) { 94 wp_send_json_error( 'You do not have permission.', 403 ); 101 95 } 102 96 … … 104 98 105 99 if ( ! $id ) { 106 107 100 wp_send_json_error( 'Missing id value.' ); 108 101 } 102 103 if ( ! current_user_can( 'edit_post', $id ) ) { 104 wp_send_json_error( 'You do not have permission to edit this attachment.', 403 ); 109 105 } 110 106 … … 128 124 */ 129 125 public function api_crop() { 130 $nonce = filter_input( INPUT_POST, 'nonce' ); 131 132 if ( ! $nonce ) { 133 134 wp_send_json_error( 'No nonce value present.' ); 135 136 } 137 138 if ( ! wp_verify_nonce( htmlspecialchars( $nonce ), 'cropSettingsNonce' ) ) { 139 140 wp_send_json_error( 'Invalid nonce value.' ); 141 126 if ( ! wp_verify_nonce( sanitize_text_field( filter_input( INPUT_POST, 'nonce' ) ), 'cropSettingsNonce' ) ) { 127 wp_send_json_error( 'Invalid nonce value.', 403 ); 128 } 129 130 if ( ! current_user_can( 'upload_files' ) ) { 131 wp_send_json_error( 'You do not have permission.', 403 ); 132 } 133 134 $id = filter_input( INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT ); 135 136 if ( ! $id ) { 137 wp_send_json_error( 'Missing id value.' ); 138 } 139 140 if ( ! current_user_can( 'edit_post', $id ) ) { 141 wp_send_json_error( 'You do not have permission to edit this attachment.', 403 ); 142 142 } 143 143 -
coblocks/tags/3.1.14/includes/class-coblocks-block-assets.php
r3042794 r3211293 289 289 $success_text = $form->default_success_text(); 290 290 291 wp_localize_script(292 ' coblocks-editor',293 'coblocksBlockData',294 array(295 ' form' => array(296 'adminEmail' => $email_to,297 'emailSubject' => $form_subject,298 'successText' => $success_text,299 300 'cropSettingsOriginalImageNonce' => wp_create_nonce( 'cropSettingsOriginalImageNonce' ),301 'cropSettingsNonce' => wp_create_nonce( 'cropSettingsNonce' ),302 'labsSiteDesignNonce' => wp_create_nonce( 'labsSiteDesignNonce' ),303 'bundledIconsEnabled' => $bundled_icons_enabled,304 'customIcons' => $this->get_custom_icons(),305 'customIconConfigExists' => file_exists( get_stylesheet_directory() . '/coblocks/icons/config.json' ),306 'typographyControlsEnabled' => $typography_controls_enabled, 307 'animationControlsEnabled' => $animation_controls_enabled,308 'localeCode' => get_locale(),309 'baseApiNamespace' => COBLOCKS_API_NAMESPACE,310 )311 ); 312 291 $localize_data = array( 292 'form' => array( 293 'adminEmail' => $email_to, 294 'emailSubject' => $form_subject, 295 'successText' => $success_text, 296 ), 297 'labsSiteDesignNonce' => wp_create_nonce( 'labsSiteDesignNonce' ), 298 'bundledIconsEnabled' => $bundled_icons_enabled, 299 'customIcons' => $this->get_custom_icons(), 300 'customIconConfigExists' => file_exists( get_stylesheet_directory() . '/coblocks/icons/config.json' ), 301 'typographyControlsEnabled' => $typography_controls_enabled, 302 'animationControlsEnabled' => $animation_controls_enabled, 303 'localeCode' => get_locale(), 304 'baseApiNamespace' => COBLOCKS_API_NAMESPACE, 305 ); 306 307 if ( current_user_can( 'upload_files' ) ) { 308 $localize_data['cropSettingsOriginalImageNonce'] = wp_create_nonce( 'cropSettingsOriginalImageNonce' ); 309 $localize_data['cropSettingsNonce'] = wp_create_nonce( 'cropSettingsNonce' ); 310 } 311 312 wp_localize_script( 'coblocks-editor', 'coblocksBlockData', $localize_data ); 313 313 } 314 314 -
coblocks/tags/3.1.14/readme.txt
r3179595 r3211293 6 6 Tested up to: 6.7 7 7 Requires PHP: 7.4 8 Stable tag: 3.1.1 38 Stable tag: 3.1.14 9 9 License: GPL-2.0 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 126 126 == Changelog == 127 127 128 = 3.1.14 / 2024-12-20 = 129 # Bug Fix 130 * Improve nonce handling and permissions in crop settings API. [#2624](https://github.com/godaddy-wordpress/coblocks/pull/2624) 131 128 132 = 3.1.13 / 2024-07-25 = 129 133 # Bug fix -
coblocks/trunk/class-coblocks.php
r3179595 r3211293 5 5 * Author: GoDaddy 6 6 * Author URI: https://www.godaddy.com 7 * Version: 3.1.1 37 * Version: 3.1.14 8 8 * Text Domain: coblocks 9 9 * Domain Path: /languages … … 27 27 } 28 28 29 define( 'COBLOCKS_VERSION', '3.1.1 3' );29 define( 'COBLOCKS_VERSION', '3.1.14' ); 30 30 define( 'COBLOCKS_PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); 31 31 define( 'COBLOCKS_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); -
coblocks/trunk/includes/admin/class-coblocks-crop-settings.php
r2887947 r3211293 87 87 */ 88 88 public function get_original_image() { 89 $nonce = filter_input( INPUT_POST, 'nonce' ); 90 91 if ( ! $nonce ) { 92 93 wp_send_json_error( 'No nonce value present.' ); 94 95 } 96 97 if ( ! wp_verify_nonce( htmlspecialchars( $nonce ), 'cropSettingsOriginalImageNonce' ) ) { 98 99 wp_send_json_error( 'Invalid nonce value.' ); 100 89 if ( ! wp_verify_nonce( sanitize_text_field( filter_input( INPUT_POST, 'nonce' ) ), 'cropSettingsOriginalImageNonce' ) ) { 90 wp_send_json_error( 'Invalid nonce value.', 403 ); 91 } 92 93 if ( ! current_user_can( 'upload_files' ) ) { 94 wp_send_json_error( 'You do not have permission.', 403 ); 101 95 } 102 96 … … 104 98 105 99 if ( ! $id ) { 106 107 100 wp_send_json_error( 'Missing id value.' ); 108 101 } 102 103 if ( ! current_user_can( 'edit_post', $id ) ) { 104 wp_send_json_error( 'You do not have permission to edit this attachment.', 403 ); 109 105 } 110 106 … … 128 124 */ 129 125 public function api_crop() { 130 $nonce = filter_input( INPUT_POST, 'nonce' ); 131 132 if ( ! $nonce ) { 133 134 wp_send_json_error( 'No nonce value present.' ); 135 136 } 137 138 if ( ! wp_verify_nonce( htmlspecialchars( $nonce ), 'cropSettingsNonce' ) ) { 139 140 wp_send_json_error( 'Invalid nonce value.' ); 141 126 if ( ! wp_verify_nonce( sanitize_text_field( filter_input( INPUT_POST, 'nonce' ) ), 'cropSettingsNonce' ) ) { 127 wp_send_json_error( 'Invalid nonce value.', 403 ); 128 } 129 130 if ( ! current_user_can( 'upload_files' ) ) { 131 wp_send_json_error( 'You do not have permission.', 403 ); 132 } 133 134 $id = filter_input( INPUT_POST, 'id', FILTER_SANITIZE_NUMBER_INT ); 135 136 if ( ! $id ) { 137 wp_send_json_error( 'Missing id value.' ); 138 } 139 140 if ( ! current_user_can( 'edit_post', $id ) ) { 141 wp_send_json_error( 'You do not have permission to edit this attachment.', 403 ); 142 142 } 143 143 -
coblocks/trunk/includes/class-coblocks-block-assets.php
r3042794 r3211293 289 289 $success_text = $form->default_success_text(); 290 290 291 wp_localize_script(292 ' coblocks-editor',293 'coblocksBlockData',294 array(295 ' form' => array(296 'adminEmail' => $email_to,297 'emailSubject' => $form_subject,298 'successText' => $success_text,299 300 'cropSettingsOriginalImageNonce' => wp_create_nonce( 'cropSettingsOriginalImageNonce' ),301 'cropSettingsNonce' => wp_create_nonce( 'cropSettingsNonce' ),302 'labsSiteDesignNonce' => wp_create_nonce( 'labsSiteDesignNonce' ),303 'bundledIconsEnabled' => $bundled_icons_enabled,304 'customIcons' => $this->get_custom_icons(),305 'customIconConfigExists' => file_exists( get_stylesheet_directory() . '/coblocks/icons/config.json' ),306 'typographyControlsEnabled' => $typography_controls_enabled, 307 'animationControlsEnabled' => $animation_controls_enabled,308 'localeCode' => get_locale(),309 'baseApiNamespace' => COBLOCKS_API_NAMESPACE,310 )311 ); 312 291 $localize_data = array( 292 'form' => array( 293 'adminEmail' => $email_to, 294 'emailSubject' => $form_subject, 295 'successText' => $success_text, 296 ), 297 'labsSiteDesignNonce' => wp_create_nonce( 'labsSiteDesignNonce' ), 298 'bundledIconsEnabled' => $bundled_icons_enabled, 299 'customIcons' => $this->get_custom_icons(), 300 'customIconConfigExists' => file_exists( get_stylesheet_directory() . '/coblocks/icons/config.json' ), 301 'typographyControlsEnabled' => $typography_controls_enabled, 302 'animationControlsEnabled' => $animation_controls_enabled, 303 'localeCode' => get_locale(), 304 'baseApiNamespace' => COBLOCKS_API_NAMESPACE, 305 ); 306 307 if ( current_user_can( 'upload_files' ) ) { 308 $localize_data['cropSettingsOriginalImageNonce'] = wp_create_nonce( 'cropSettingsOriginalImageNonce' ); 309 $localize_data['cropSettingsNonce'] = wp_create_nonce( 'cropSettingsNonce' ); 310 } 311 312 wp_localize_script( 'coblocks-editor', 'coblocksBlockData', $localize_data ); 313 313 } 314 314 -
coblocks/trunk/readme.txt
r3179595 r3211293 6 6 Tested up to: 6.7 7 7 Requires PHP: 7.4 8 Stable tag: 3.1.1 38 Stable tag: 3.1.14 9 9 License: GPL-2.0 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 126 126 == Changelog == 127 127 128 = 3.1.14 / 2024-12-20 = 129 # Bug Fix 130 * Improve nonce handling and permissions in crop settings API. [#2624](https://github.com/godaddy-wordpress/coblocks/pull/2624) 131 128 132 = 3.1.13 / 2024-07-25 = 129 133 # Bug fix
Note: See TracChangeset
for help on using the changeset viewer.