WordPress.org
Get WordPress

Plugin Directory

Changeset 3372531


Ignore:
Timestamp:
10/03/2025 05:36:40 PM (6 months ago)
Author:
flschaves
Message:

4.8.7.2

Location:
all-in-one-seo-pack/trunk
Files:
1 deleted
11 edited

Legend:

Unmodified
Added
Removed

  • all-in-one-seo-pack/trunk/all_in_one_seo_pack.php

    r3352761 r3372531  
    66 * Author:      All in One SEO Team
    77 * Author URI:  https://aioseo.com/
    8  * Version:     4.8.7
     8 * Version:     4.8.7.2
    99 * Text Domain: all-in-one-seo-pack
    1010 * Domain Path: /languages

  • all-in-one-seo-pack/trunk/app/Common/Admin/ConflictingPlugins.php

    r3318750 r3372531  
    5858     */
    5959    public function init() {
    60         if ( ! current_user_can( 'activate_plugins' ) ) {
     60        if ( ! current_user_can( 'deactivate_plugins' ) ) {
    6161            return;
    6262        }

  • all-in-one-seo-pack/trunk/app/Common/Api/Ai.php

    r3318750 r3372531  
    6969        $titles       = ! empty( $body['titles'] ) ? $body['titles'] : [];
    7070        $options      = $body['options'] ?? [];
     71
    7172        if ( ! $postContent || empty( $options ) ) {
    7273            return new \WP_REST_Response( [
     
    7475                'message' => 'Missing required parameters.'
    7576            ], 400 );
     77        }
     78
     79        if ( ! current_user_can( 'edit_post', $postId ) ) {
     80            return new \WP_REST_Response( [
     81                'success' => false,
     82                'message' => 'Unauthorized.'
     83            ], 401 );
    7684        }
    7785
     
    154162        $descriptions = ! empty( $body['descriptions'] ) ? $body['descriptions'] : [];
    155163        $options      = $body['options'] ?? [];
     164
    156165        if ( ! $postContent || empty( $options ) ) {
    157166            return new \WP_REST_Response( [
     
    159168                'message' => 'Missing required parameters.'
    160169            ], 400 );
     170        }
     171
     172        if ( ! current_user_can( 'edit_post', $postId ) ) {
     173            return new \WP_REST_Response( [
     174                'success' => false,
     175                'message' => 'Unauthorized.'
     176            ], 401 );
    161177        }
    162178
     
    237253        $permalink   = ! empty( $body['permalink'] ) ? esc_url_raw( urldecode( $body['permalink'] ) ) : '';
    238254        $options     = $body['options'] ?? [];
     255
    239256        if ( ! $postContent || ! $permalink || empty( $options['media'] ) ) {
    240257            return new \WP_REST_Response( [
     
    242259                'message' => 'Missing required parameters.'
    243260            ], 400 );
     261        }
     262
     263        if ( ! current_user_can( 'edit_post', $postId ) ) {
     264            return new \WP_REST_Response( [
     265                'success' => false,
     266                'message' => 'Unauthorized.'
     267            ], 401 );
    244268        }
    245269
     
    331355        $faqs        = ! empty( $body['faqs'] ) ? $body['faqs'] : [];
    332356        $options     = $body['options'] ?? [];
     357
    333358        if ( ! $postContent || empty( $options ) ) {
    334359            return new \WP_REST_Response( [
     
    336361                'message' => 'Missing required parameters.'
    337362            ], 400 );
     363        }
     364
     365        if ( ! current_user_can( 'edit_post', $postId ) ) {
     366            return new \WP_REST_Response( [
     367                'success' => false,
     368                'message' => 'Unauthorized.'
     369            ], 401 );
    338370        }
    339371
     
    416448        $keyPoints   = ! empty( $body['keyPoints'] ) ? $body['keyPoints'] : [];
    417449        $options     = $body['options'] ?? [];
     450
    418451        if ( ! $postContent || empty( $options ) ) {
    419452            return new \WP_REST_Response( [
     
    421454                'message' => 'Missing required parameters.'
    422455            ], 400 );
     456        }
     457
     458        if ( ! current_user_can( 'edit_post', $postId ) ) {
     459            return new \WP_REST_Response( [
     460                'success' => false,
     461                'message' => 'Unauthorized.'
     462            ], 401 );
    423463        }
    424464

  • all-in-one-seo-pack/trunk/app/Common/Api/Api.php

    r3352761 r3372531  
    8585            'backup/restore'                                        => [ 'callback' => [ 'Tools', 'restoreBackup' ], 'access' => 'aioseo_tools_settings' ],
    8686            'email-debug-info'                                      => [ 'callback' => [ 'Tools', 'emailDebugInfo' ], 'access' => 'aioseo_tools_settings' ],
    87             'migration/fix-blank-formats'                           => [ 'callback' => [ 'Migration', 'fixBlankFormats' ], 'access' => 'any' ],
     87            'notification/email-reports-enable'                     => [ 'callback' => [ 'EmailSummary', 'enableEmailReports' ], 'access' => 'aioseo_general_settings' ],
    8888            'notification/blog-visibility-reminder'                 => [ 'callback' => [ 'Notifications', 'blogVisibilityReminder' ], 'access' => 'any' ],
    8989            'notification/conflicting-plugins-reminder'             => [ 'callback' => [ 'Notifications', 'conflictingPluginsReminder' ], 'access' => 'any' ],
    9090            'notification/description-format-reminder'              => [ 'callback' => [ 'Notifications', 'descriptionFormatReminder' ], 'access' => 'any' ],
    91             'notification/email-reports-enable'                     => [ 'callback' => [ 'EmailSummary', 'enableEmailReports' ], 'access' => 'any' ],
    9291            'notification/install-addons-reminder'                  => [ 'callback' => [ 'Notifications', 'installAddonsReminder' ], 'access' => 'any' ],
    9392            'notification/install-aioseo-image-seo-reminder'        => [ 'callback' => [ 'Notifications', 'installImageSeoReminder' ], 'access' => 'any' ],
     
    121120            'settings/semrush-country'                              => [ 'callback' => [ 'Settings', 'changeSemrushCountry' ], 'access' => 'any' ],
    122121            'settings/do-task'                                      => [ 'callback' => [ 'Settings', 'doTask' ], 'access' => 'aioseo_tools_settings' ],
    123             'sitemap/deactivate-conflicting-plugins'                => [ 'callback' => [ 'Sitemaps', 'deactivateConflictingPlugins' ], 'access' => 'any' ],
     122            'sitemap/deactivate-conflicting-plugins'                => [ 'callback' => [ 'Sitemaps', 'deactivateConflictingPlugins' ], 'access' => 'deactivate_plugins' ],
    124123            'sitemap/delete-static-files'                           => [ 'callback' => [ 'Sitemaps', 'deleteStaticFiles' ], 'access' => 'aioseo_sitemap_settings' ],
    125124            'sitemap/validate-html-sitemap-slug'                    => [ 'callback' => [ 'Sitemaps', 'validateHtmlSitemapSlug' ], 'access' => 'aioseo_sitemap_settings' ],
     
    161160            'email-summary/send'                                    => [
    162161                'callback' => [ 'EmailSummary', 'send' ],
    163                 'access'   => 'aioseo_page_advanced_settings'
     162                'access'   => 'aioseo_general_settings'
    164163            ],
    165164            'writing-assistant/process'                             => [

  • all-in-one-seo-pack/trunk/app/Common/Api/PostsTerms.php

    r3352761 r3372531  
    178178        }
    179179
     180        if ( ! current_user_can( 'read_post', $args['postId'] ) ) {
     181            return new \WP_REST_Response( [
     182                'success' => false,
     183                'message' => 'Unauthorized.'
     184            ], 401 );
     185        }
     186
    180187        // Disable the cache.
    181188        aioseo()->social->image->useCache = false;
     
    224231                'message' => 'Post ID is missing.'
    225232            ], 400 );
     233        }
     234
     235        if ( ! aioseo()->access->hasCapability( 'aioseo_page_general_settings' ) || ! current_user_can( 'edit_post', $postId ) ) {
     236            return new \WP_REST_Response( [
     237                'success' => false,
     238                'message' => 'You are not allowed to update the post settings.'
     239            ], 403 );
    226240        }
    227241
     
    273287        $posts = [];
    274288        foreach ( $ids as $postId ) {
     289            if ( ! current_user_can( 'read_post', $postId ) || post_password_required( $postId ) ) {
     290                $posts[] = [
     291                    'id'                => $postId,
     292                    'titleParsed'       => '',
     293                    'descriptionParsed' => '',
     294                    'headlineScore'     => null
     295                ];
     296
     297                continue;
     298            }
     299
    275300            $postTitle      = get_the_title( $postId );
    276301            $headline       = ! empty( $postTitle ) ? sanitize_text_field( $postTitle ) : ''; // We need this to achieve consistency for the score when using special characters in titles
     
    309334                'message' => 'Post ID is missing.'
    310335            ], 400 );
     336        }
     337
     338        if ( ! aioseo()->access->hasCapability( 'aioseo_page_general_settings' ) || ! current_user_can( 'edit_post', $postId ) ) {
     339            return new \WP_REST_Response( [
     340                'success' => false,
     341                'message' => 'You are not allowed to update the post settings.'
     342            ], 403 );
    311343        }
    312344
     
    366398        }
    367399
     400        if ( ! aioseo()->access->hasCapability( 'aioseo_page_general_settings' ) || ! current_user_can( 'edit_post', $postId ) ) {
     401            return new \WP_REST_Response( [
     402                'success' => false,
     403                'message' => 'You are not allowed to update the post settings.'
     404            ], 403 );
     405        }
     406
    368407        $thePost = Models\Post::getPost( $postId );
    369408
     
    413452        }
    414453
     454        if ( ! current_user_can( 'edit_post', $args['postId'] ) ) {
     455            return new \WP_REST_Response( [
     456                'success' => false,
     457                'message' => 'Unauthorized.'
     458            ], 401 );
     459        }
     460
    415461        $thePost = Models\Post::getPost( $args['postId'] );
    416462        $thePost->options->primaryTerm->productEducationDismissed = true;
     
    438484                'message' => 'No post ID was provided.'
    439485            ], 400 );
     486        }
     487
     488        if ( ! current_user_can( 'edit_post', $args['postId'] ) ) {
     489            return new \WP_REST_Response( [
     490                'success' => false,
     491                'message' => 'Unauthorized.'
     492            ], 401 );
    440493        }
    441494
     
    469522        }
    470523
     524        if ( ! current_user_can( 'edit_post', $args['postId'] ) ) {
     525            return new \WP_REST_Response( [
     526                'success' => false,
     527                'message' => 'Unauthorized.'
     528            ], 401 );
     529        }
     530
    471531        $thePost = Models\Post::getPost( $args['postId'] );
    472532        $thePost->options->linkFormat->internalLinkCount = $count;
     
    497557        }
    498558
     559        if ( ! current_user_can( 'read_post', $args['postId'] ) || post_password_required( $args['postId'] ) ) {
     560            return new \WP_REST_Response( [
     561                'success' => false,
     562                'message' => 'Unauthorized.'
     563            ], 401 );
     564        }
     565
    499566        // Check if we can process it using a page builder integration.
    500567        $pageBuilder = aioseo()->helpers->getPostPageBuilderName( $args['postId'] );

  • all-in-one-seo-pack/trunk/readme.txt

    r3352761 r3372531  
    55Requires at least: 5.4
    66Requires PHP: 7.2
    7 Stable tag: 4.8.7
     7Stable tag: 4.8.7.2
    88License: GPLv3 or later
    99License URI: https://www.gnu.org/licenses/gpl-3.0.txt
     
    234234
    235235== Changelog ==
     236
     237**New in Version 4.8.7.2**
     238
     239* Updated: Added additional hardening to REST API routes.
     240
     241**New in Version 4.8.7.1**
     242
     243* Fixed: WooCommerce products being automatically added to the cart.
    236244
    237245**New in Version 4.8.7**
     
    430438== Upgrade Notice ==
    431439
    432 = 4.8.7 =
     440= 4.8.7.2 =
    433441
    434442This update adds major improvements and bug fixes.

  • all-in-one-seo-pack/trunk/vendor/autoload.php

    r3352761 r3372531  
    2323require_once __DIR__ . '/composer/autoload_real.php';
    2424
    25 return ComposerAutoloaderInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc::getLoader();
     25return ComposerAutoloaderInit6d833ab4d20e6c5fec2c3f6dffe8964c::getLoader();

  • all-in-one-seo-pack/trunk/vendor/composer/autoload_classmap.php

    r3352761 r3372531  
    3535    'AIOSEO\\Plugin\\Common\\Api\\Integrations\\Semrush' => $baseDir . '/app/Common/Api/Integrations/Semrush.php',
    3636    'AIOSEO\\Plugin\\Common\\Api\\Integrations\\WpCode' => $baseDir . '/app/Common/Api/Integrations/WpCode.php',
    37     'AIOSEO\\Plugin\\Common\\Api\\Migration' => $baseDir . '/app/Common/Api/Migration.php',
    3837    'AIOSEO\\Plugin\\Common\\Api\\Network' => $baseDir . '/app/Common/Api/Network.php',
    3938    'AIOSEO\\Plugin\\Common\\Api\\Notifications' => $baseDir . '/app/Common/Api/Notifications.php',

  • all-in-one-seo-pack/trunk/vendor/composer/autoload_real.php

    r3352761 r3372531  
    33// autoload_real.php @generated by Composer
    44
    5 class ComposerAutoloaderInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc
     5class ComposerAutoloaderInit6d833ab4d20e6c5fec2c3f6dffe8964c
    66{
    77    private static $loader;
     
    2323        }
    2424
    25         spl_autoload_register(array('ComposerAutoloaderInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc', 'loadClassLoader'), true, true);
     25        spl_autoload_register(array('ComposerAutoloaderInit6d833ab4d20e6c5fec2c3f6dffe8964c', 'loadClassLoader'), true, true);
    2626        self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
    27         spl_autoload_unregister(array('ComposerAutoloaderInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc', 'loadClassLoader'));
     27        spl_autoload_unregister(array('ComposerAutoloaderInit6d833ab4d20e6c5fec2c3f6dffe8964c', 'loadClassLoader'));
    2828
    2929        require __DIR__ . '/autoload_static.php';
    30         call_user_func(\Composer\Autoload\ComposerStaticInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc::getInitializer($loader));
     30        call_user_func(\Composer\Autoload\ComposerStaticInit6d833ab4d20e6c5fec2c3f6dffe8964c::getInitializer($loader));
    3131
    3232        $loader->register(true);

  • all-in-one-seo-pack/trunk/vendor/composer/autoload_static.php

    r3352761 r3372531  
    55namespace Composer\Autoload;
    66
    7 class ComposerStaticInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc
     7class ComposerStaticInit6d833ab4d20e6c5fec2c3f6dffe8964c
    88{
    99    public static $prefixLengthsPsr4 = array (
     
    6060        'AIOSEO\\Plugin\\Common\\Api\\Integrations\\Semrush' => __DIR__ . '/../..' . '/app/Common/Api/Integrations/Semrush.php',
    6161        'AIOSEO\\Plugin\\Common\\Api\\Integrations\\WpCode' => __DIR__ . '/../..' . '/app/Common/Api/Integrations/WpCode.php',
    62         'AIOSEO\\Plugin\\Common\\Api\\Migration' => __DIR__ . '/../..' . '/app/Common/Api/Migration.php',
    6362        'AIOSEO\\Plugin\\Common\\Api\\Network' => __DIR__ . '/../..' . '/app/Common/Api/Network.php',
    6463        'AIOSEO\\Plugin\\Common\\Api\\Notifications' => __DIR__ . '/../..' . '/app/Common/Api/Notifications.php',
     
    338337    {
    339338        return \Closure::bind(function () use ($loader) {
    340             $loader->prefixLengthsPsr4 = ComposerStaticInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc::$prefixLengthsPsr4;
    341             $loader->prefixDirsPsr4 = ComposerStaticInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc::$prefixDirsPsr4;
    342             $loader->prefixesPsr0 = ComposerStaticInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc::$prefixesPsr0;
    343             $loader->classMap = ComposerStaticInitf72cf5b2efb9ca7f7cd0d3ba28bdb8dc::$classMap;
     339            $loader->prefixLengthsPsr4 = ComposerStaticInit6d833ab4d20e6c5fec2c3f6dffe8964c::$prefixLengthsPsr4;
     340            $loader->prefixDirsPsr4 = ComposerStaticInit6d833ab4d20e6c5fec2c3f6dffe8964c::$prefixDirsPsr4;
     341            $loader->prefixesPsr0 = ComposerStaticInit6d833ab4d20e6c5fec2c3f6dffe8964c::$prefixesPsr0;
     342            $loader->classMap = ComposerStaticInit6d833ab4d20e6c5fec2c3f6dffe8964c::$classMap;
    344343
    345344        }, null, ClassLoader::class);

  • all-in-one-seo-pack/trunk/vendor/composer/installed.php

    r3352761 r3372531  
    44        'pretty_version' => 'dev-develop',
    55        'version' => 'dev-develop',
    6         'reference' => '933e7e7c28398d253a84d9dd545ec6a958513a0a',
     6        'reference' => '6a5c0bbb4a81dfc24b44e3e86955c962ead9d47b',
    77        'type' => 'library',
    88        'install_path' => __DIR__ . '/../../',
     
    1414            'pretty_version' => 'dev-develop',
    1515            'version' => 'dev-develop',
    16             'reference' => '933e7e7c28398d253a84d9dd545ec6a958513a0a',
     16            'reference' => '6a5c0bbb4a81dfc24b44e3e86955c962ead9d47b',
    1717            'type' => 'library',
    1818            'install_path' => __DIR__ . '/../../',
Note: See TracChangeset for help on using the changeset viewer.