WordPress.org
Get WordPress

Plugin Directory

Changeset 3286605


Ignore:
Timestamp:
05/03/2025 01:07:14 AM (11 months ago)
Author:
etruel
Message:

2.8.3 May 2, 2025 Recommended Upgrade to all users

Location:
wpematico
Files:
180 added
4 edited

Legend:

Unmodified
Added
Removed

  • wpematico/trunk/app/campaign_edit.php

    r3171741 r3286605  
    6666    #fullcontent-box h2.hndle, #fullcontent-box .postbox-header {background: #006100;   color: white; }
    6767    #submitdiv h2.hndle, #submitdiv .postbox-header {background: #0085ba;   color: white; }
    68     .ruedita{background: url(<?php echo admin_url('images/spinner.gif'); ?>) no-repeat 4px !important;}
     68    .ruedita{background: url(<?php echo esc_url( admin_url('images/spinner.gif') ); ?>) no-repeat 4px !important;}
    6969    <?php
    7070        $CampaignTypesArray =  self::campaign_type_options();
     
    7474            foreach ($cttype->show as $show) {   // first hide all
    7575                if($CampaignType != $cttype->value) {
    76                     echo "#$show {display: none;}";
     76                    //echo "#$show {display: none;}";
     77                    echo '#' . esc_attr( $show ) . ' {display: none;}';
    7778                }
    7879            }
     
    8283            foreach ($cttype->show as $show) {     // shows these CT metaboxes
    8384                if($CampaignType == $cttype->value) {
    84                     echo "#$show {display: block;}";
     85                    //echo "#$show {display: block;}";
     86                    echo '#' . esc_attr( $show ) . ' {display: block;}';
    8587                    if(isset($cttype->hide) ) {  // tiene que ocultar algun metabox ? NOT Tested seems can't be recovered later
    8688                        foreach ($cttype->hide as $hide) {  //process only the hide of selected type
    87                             echo "#$hide {display: none;}";
     89                            echo '#' . esc_attr( $hide ) . ' {display: none;}';
     90                            //echo "#$hide {display: none;}";
    8891                        }
    8992                    }
     
    184187        $nonce = (isset($_POST['nonce'])) ?  sanitize_text_field($_POST['nonce']) : '';
    185188        if ( ! wp_verify_nonce($nonce, 'wpematico-run-now-nonce') ) {
    186            die(__('Please refresh your browser and try again.', 'wpematico'));
     189           die( esc_html__('Please refresh your browser and try again.', 'wpematico') );
    187190        }
    188191       
     
    190193        if(!isset($_POST['campaign_ID'])) die('ERROR: ID no encontrado.');
    191194        $campaign_ID = absint($_POST['campaign_ID']);
    192         echo substr( WPeMatico :: wpematico_dojob( $campaign_ID ) , 0, -1); // borro el ultimo caracter que es un 0
     195        echo wp_kses_post( substr( WPeMatico :: wpematico_dojob( $campaign_ID ) , 0, -1) ); // borro el ultimo caracter que es un 0
    193196        return '';
    194197    }

  • wpematico/trunk/app/campaigns_list.php

    r3249023 r3286605  
    6969            if ($danger_options['wpe_debug_logs_campaign']) {
    7070                $class   = 'notice notice-warning notice-alt';
    71                 $message = __('WARNING! WPeMatico Debug mode has been activated at Settings->System Status->Danger Zone.', 'wpematico') . '<br />'
     71                $message = __('WARNING! WPeMatico Debug mode has been activated at Tools->System Status->Danger Zone.', 'wpematico') . '<br />'
    7272                        . __('Be sure to deactivate it after your tests to avoid performance issues.', 'wpematico');
    7373                printf('<div class="%1$s"><p>%2$s</p></div>', esc_attr($class), $message);
     
    12291229         */
    12301230        function manage_wpematico_save_bulk_edit() {
     1231            if ( !is_user_logged_in() && !current_user_can('manage_options') ) {
     1232                add_action('admin_notices', array(__CLASS__, 'required_admin_notice'));
     1233                wp_send_json_error(__('You do not have sufficient permissions to access this page.', 'wpematico'));
     1234            }
     1235
    12311236            // we need the post IDs
    12321237            $post_ids = ( isset($_POST['post_ids']) && !empty($_POST['post_ids']) ) ? $_POST['post_ids'] : NULL;

  • wpematico/trunk/readme.txt

    r3265954 r3286605  
    33Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=B8V39NWK3NFQU
    44Tags: RSS,XML,rss to blog,feed to post,rss aggregator
    5 Stable tag: 2.8.2
    6 Tested up to: 6.7.2
     5Stable tag: 2.8.3
     6Tested up to: 6.8.1
    77Requires at least: 4.8
    88Requires PHP: 7.0
     
    243243
    244244> See all detailed changelog at [WPeMatico Releases](https://wpematico.com/releases/)
     245
     246= 2.8.3 May 2, 2025 =
     247* Fixes Broken Access Control vulnerability on campaign save action. Thanks to domiee13 and Patchstack!
     248* Fixes in strings returned by the campaign edit screen.
     249* Fixes few texts on Notices.
    245250
    246251= 2.8.2 Abr 2, 2025 =
     
    437442== Upgrade Notice ==
    438443
    439 Fixes few bugs and few improvements with images handling.
     444Fixes few bugs and a vulnerability report.

  • wpematico/trunk/wpematico.php

    r3265951 r3286605  
    44 * Plugin URI: https://www.wpematico.com
    55 * Description: Create posts automatically from RSS/Atom feeds organized into campaigns with multiples filters.  If you like it, please rate it 5 stars.
    6  * Version: 2.8.2
     6 * Version: 2.8.3
    77 * Author: Etruel Developments LLC
    88 * Author URI: https://etruel.com/wpematico/
     
    2828        private function setup_constants() {
    2929            if (!defined('WPEMATICO_VERSION'))
    30                 define('WPEMATICO_VERSION', '2.8.2');
     30                define('WPEMATICO_VERSION', '2.8.3');
    3131            if (!defined('WPEMATICO_BASENAME'))
    3232                define('WPEMATICO_BASENAME', plugin_basename(__FILE__));
     
    4747        }
    4848
     49
    4950        public static function instance() {
     51
    5052            if (version_compare(phpversion(), '5.6.0', '<')) { // check PHP Version
    5153                add_action('admin_notices', array(__CLASS__, 'required_php_notice'));
     
    100102        private function hooks() {
    101103            add_action('init', array('WPeMatico', 'init'));
    102             add_action('init', array( self::$instance, 'load_textdomain' ) );
     104            add_action('admin_init', array( self::$instance, 'load_textdomain' ) );
    103105            add_action('the_permalink', array('WPeMatico', 'wpematico_permalink'));
    104106            add_filter('post_link', array('WPeMatico', 'wpematico_permalink'));
Note: See TracChangeset for help on using the changeset viewer.