Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3372404

Timestamp:

10/03/2025 02:04:14 PM (3 months ago)

Author:

tijmensmit

Message:

PHP Object Injection vulnerability fix

Location:

wp-store-locator/trunk

Files:

: 3 edited

frontend/class-frontend.php (modified) (2 diffs)
readme.txt (modified) (3 diffs)
wp-store-locator.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

wp-store-locator/trunk/frontend/class-frontend.php

-                      r3310487
+                      r3372404
                                 break;
                             case 'hours':
+                                $meta_data = $this->get_opening_hours( $custom_fields[$meta_key][0], apply_filters( 'wpsl_hide_closed_hours', false ) );
+                                $hours = get_post_meta( $store->ID, 'wpsl_hours' );
+                                $meta_data = '';
+                                if ( $hours ) {
+                                    $meta_data = $this->get_opening_hours( $hours[0], apply_filters( 'wpsl_hide_closed_hours', false ) );
+                                }
                                 break;
                             case 'wp_editor':
 …
         public function get_opening_hours( $hours, $hide_closed ) {
-            $hours = maybe_unserialize( $hours );
             /*
              * If the hours are set through the dropdown then we create a table for the opening hours.

wp-store-locator/trunk/readme.txt

-                      r3372315
+                      r3372404
 Requires at least: 3.7
 Tested up to: 6.8.3
 Stable tag: 2.2.260
+Stable tag: 2.2.261
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl.html
 …
 == Frequently Asked Questions ==
+= How do I add the store locator to a page? =
+Add this [shortcode](https://wpstorelocator.co/document/shortcodes/) [wpsl] to the page where you want to display the store locator.
+= Oops! Something went wrong =
+You can fix this by setting the [browser](https://wpstorelocator.co/document/configure-wp-store-locator/#google-maps-api) key on the settings page.
+= There are weird characters in the search results, how do I remove them? =
+This is most likely caused by a plugin like W3 Total Cache that tried to minify the HTML output on the store locator page. You can fix this by excluding the store locator from being minified on the settings page of the caching plugin you're using. In W3 Total Cache this is done by going to Minify -> Advanced -> Never minify the following pages, and fill in the page you don't want to have minified. So if your store locator is used on mydomain.com/store-locator, then fill in 'store-locator'.
+= Can I use different markers for category or individual store locations? =
+How to use custom markers is described [here](https://wpstorelocator.co/document/use-custom-markers/), you can also only use [different markers](https://wpstorelocator.co/document/use-custom-markers/) for a few locations, or just for the [categories](https://wpstorelocator.co/document/set-unique-category-markers/).
+= The map doesn't display properly. It's either broken in half or doesn't load at all. =
+Make sure you have defined a start point for the map under settings -> Map Settings.
+= The map doesn't work anymore after installing the latest update =
+If you use a caching plugin, or a service like Cloudflare, then make sure to flush the cache.
+= I can't dismiss the pop up asking me to join the mailing list, how do I fix this? =
+There is probably a JS error in the WP Admin area that prevents the pop up from being dismissed. Try for a second to switch back to a default WP theme, disable all other plugins, and then try to dismiss the newsletter pop up again.
+= Why does it show the location I searched for in the wrong country? =
+Some location names exist in more then one country, and Google will guess which one you mean. This can be fixed by setting the correct 'Map Region' on the settings page -> API Settings.
+= The store locator doesn't load, it only shows the number 1? =
+This is most likely caused by your theme using ajax navigation ( the loading of content without reloading the page ), or a conflict with another plugin. Try to disable the ajax navigation in the theme settings, or deactivate the plugin that enables it to see if that solves the problem.
+If you don't use ajax navigation, but do see the number 1 it's probably a conflict with another plugin. Try to disable the plugins one by one to see if one of them is causing a conflict.
+If you find a plugin or theme that causes a conflict, please report it on the [support page](http://wordpress.org/support/plugin/wp-store-locator).
+> You can find the full documentation [here](https://wpstorelocator.co/documentation/).
 = Where do I report security bugs found in this plugin? =
 Please report security bugs found in the source code of the WP Store Locator plugin through the [Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/dd3fdc38-66c5-4e80-ae86-96da0e63f2ba). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
-= How do I add the store locator to a page? =
-Add this [shortcode](https://wpstorelocator.co/document/shortcodes/) [wpsl] to the page where you want to display the store locator.
-= Oops! Something went wrong =
-You can fix this by setting the [browser](https://wpstorelocator.co/document/configure-wp-store-locator/#google-maps-api) key on the settings page.
-= There are weird characters in the search results, how do I remove them? =
-This is most likely caused by a plugin like W3 Total Cache that tried to minify the HTML output on the store locator page. You can fix this by excluding the store locator from being minified on the settings page of the caching plugin you're using. In W3 Total Cache this is done by going to Minify -> Advanced -> Never minify the following pages, and fill in the page you don't want to have minified. So if your store locator is used on mydomain.com/store-locator, then fill in 'store-locator'.
-= Can I use different markers for category or individual store locations? =
-How to use custom markers is described [here](https://wpstorelocator.co/document/use-custom-markers/), you can also only use [different markers](https://wpstorelocator.co/document/use-custom-markers/) for a few locations, or just for the [categories](https://wpstorelocator.co/document/set-unique-category-markers/).
-= The map doesn't display properly. It's either broken in half or doesn't load at all. =
-Make sure you have defined a start point for the map under settings -> Map Settings.
-= The map doesn't work anymore after installing the latest update =
-If you use a caching plugin, or a service like Cloudflare, then make sure to flush the cache.
-= I can't dismiss the pop up asking me to join the mailing list, how do I fix this? =
-There is probably a JS error in the WP Admin area that prevents the pop up from being dismissed. Try for a second to switch back to a default WP theme, disable all other plugins, and then try to dismiss the newsletter pop up again.
-= Why does it show the location I searched for in the wrong country? =
-Some location names exist in more then one country, and Google will guess which one you mean. This can be fixed by setting the correct 'Map Region' on the settings page -> API Settings.
-= The store locator doesn't load, it only shows the number 1? =
-This is most likely caused by your theme using ajax navigation ( the loading of content without reloading the page ), or a conflict with another plugin. Try to disable the ajax navigation in the theme settings, or deactivate the plugin that enables it to see if that solves the problem.
-If you don't use ajax navigation, but do see the number 1 it's probably a conflict with another plugin. Try to disable the plugins one by one to see if one of them is causing a conflict.
-If you find a plugin or theme that causes a conflict, please report it on the [support page](http://wordpress.org/support/plugin/wp-store-locator).
-> You can find the full documentation [here](https://wpstorelocator.co/documentation/).
 == Screenshots ==
 …
 == Changelog ==
+= 2.2.261 =
+* Fixed: PHP Object Injection vulnerability.
 = 2.2.260

wp-store-locator/trunk/wp-store-locator.php

-                      r3310487
+                      r3372404
 Author: Tijmen Smit
 Author URI: https://wpstorelocator.co/
 Version: 2.2.260
+Version: 2.2.261
 Text Domain: wpsl
 Domain Path: /languages/
 …
             if ( !defined( 'WPSL_VERSION_NUM' ) )
                 define( 'WPSL_VERSION_NUM', '2.2.260' );
+                define( 'WPSL_VERSION_NUM', '2.2.261' );
             if ( !defined( 'WPSL_URL' ) )

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory