Changeset 3394336
- Timestamp:
- 11/12/2025 12:55:32 PM (5 months ago)
- Location:
- propertyhive/trunk
- Files:
-
- 7 edited
-
README.txt (modified) (2 diffs)
-
includes/admin/class-ph-admin-applicant-list.php (modified) (2 diffs)
-
includes/admin/class-ph-admin-merge-contacts.php (modified) (1 diff)
-
includes/admin/post-types/class-ph-admin-cpt-property.php (modified) (2 diffs)
-
includes/class-ph-ajax.php (modified) (3 diffs)
-
includes/class-ph-install.php (modified) (4 diffs)
-
propertyhive.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
propertyhive/trunk/README.txt
r3393246 r3394336 4 4 Requires at least: 5.6 5 5 Tested up to: 6.8.3 6 Stable tag: 2.1.1 26 Stable tag: 2.1.13 7 7 License: GPLv3 8 8 License URI: http://www.gnu.org/licenses/gpl-3.0.html … … 182 182 183 183 == Changelog == 184 185 = 2.1.13 - 2025-11-12 = 186 * Created search page and assign to 'Search Results Page' setting by default upon installation. This is one of the main sticking points when using Property Hive for the first time. 187 * Flagged the search results page as 'Property Search Results' in the list of pages so it's clear which is being used 188 * Updated default maps provider to OpenStreetMaps upon installation. This ensures maps show by default and there is no warning shown to new users about missing Google API key 189 * Security enhancement surrounding merging contacts 190 * Security enhancement surrounding generating applicant lists 184 191 185 192 = 2.1.12 - 2025-11-10 = -
propertyhive/trunk/includes/admin/class-ph-admin-applicant-list.php
r3292381 r3394336 36 36 37 37 <input type="hidden" name="submitted_applicant_list" value="1"> 38 <?php wp_nonce_field( 'ph_applicant_export', 'ph_applicant_export_nonce' ); ?> 38 39 39 40 <div id="poststuff" class="propertyhive_meta_box"> … … 1060 1061 public function export() 1061 1062 { 1063 if ( !isset( $_POST['ph_applicant_export_nonce'] ) || ! check_admin_referer( 'ph_applicant_export', 'ph_applicant_export_nonce', false ) ) 1064 { 1065 wp_die( esc_html__( 'Invalid request (nonce failure)', 'propertyhive' ), 403 ); 1066 } 1067 1068 if ( !current_user_can( 'manage_propertyhive' ) ) 1069 { 1070 wp_die( esc_html__( 'Insufficient permissions', 'propertyhive' ), 403 ); 1071 } 1072 1062 1073 $filename = 'applicant-list-' . date("YmdHis") . '.csv'; 1063 1074 -
propertyhive/trunk/includes/admin/class-ph-admin-merge-contacts.php
r3292381 r3394336 164 164 contact_ids : '<?php echo esc_js(ph_clean($_GET['merge_ids'])); ?>', 165 165 primary_contact_id: selected_primary, 166 nonce: '<?php echo wp_create_nonce( 'propertyhive_merge_contact' ); ?>', 166 167 }; 167 168 -
propertyhive/trunk/includes/admin/post-types/class-ph-admin-cpt-property.php
r3365891 r3394336 54 54 add_filter( 'manage_edit-property_sortable_columns', array( $this, 'custom_columns_sort' ) ); 55 55 add_filter( 'request', array( $this, 'custom_columns_orderby' ) ); 56 add_filter( 'display_post_states', array( $this, 'flag_search_results_page' ), 10, 2 ); 56 57 57 58 // Sort link … … 82 83 // Call PH_Admin_CPT constructor 83 84 parent::__construct(); 85 } 86 87 public function flag_search_results_page( $post_states, $post ) 88 { 89 // Get the page ID set in your option 90 $search_results_page_id = get_option( 'propertyhive_search_results_page_id' ); 91 92 // Check if this is that page 93 if ( $post->ID == $search_results_page_id ) 94 { 95 $post_states['property_search_results'] = __( 'Property Search Results', 'propertyhive' ); 96 } 97 98 return $post_states; 84 99 } 85 100 -
propertyhive/trunk/includes/class-ph-ajax.php
r3365891 r3394336 2731 2731 $this->json_headers(); 2732 2732 2733 if ( !isset( $_POST['contact_ids'] ) || !isset( $_POST['primary_contact_id'] ) ) 2733 if ( ! isset( $_POST['nonce'] ) || ! check_ajax_referer( 'propertyhive_merge_contact', 'nonce', false ) ) 2734 { 2735 $return = array('error' => 'Invalid nonce'); 2736 echo json_encode( $return ); 2737 die(); 2738 } 2739 2740 if ( !isset( $_POST['contact_ids'] ) || empty( $_POST['contact_ids'] ) || !isset( $_POST['primary_contact_id'] ) || empty( $_POST['primary_contact_id'] ) ) 2734 2741 { 2735 2742 $return = array('error' => 'Invalid parameters received'); … … 2738 2745 } 2739 2746 2740 $contacts_to_merge = explode('|', $_POST['contact_ids']); 2741 $primary_contact_id = $_POST['primary_contact_id']; 2747 $contacts_to_merge = array_filter( array_map( 'absint', explode( '|', $_POST['contact_ids'] ) ) ); 2748 2749 $primary_contact_id = absint( wp_unslash( $_POST['primary_contact_id'] ) ); 2742 2750 2743 2751 if ( !is_array($contacts_to_merge) || !in_array( $primary_contact_id, $contacts_to_merge ) ) … … 2748 2756 } 2749 2757 2758 if ( get_post_type( $primary_contact_id ) !== 'contact' ) 2759 { 2760 $return = array('error' => 'Primary contact ' . $primary_contact_id . ' is not a contact'); 2761 echo json_encode( $return ); 2762 die(); 2763 } 2764 2765 if ( !current_user_can( 'edit_post', $primary_contact_id ) ) 2766 { 2767 $return = array('error' => 'Insufficient permissions for primary contact'); 2768 echo json_encode( $return ); 2769 die(); 2770 } 2771 2750 2772 // Check each post ID passed through is in fact of post type 'contact' 2751 2773 foreach ( $contacts_to_merge as $child_contact_id ) 2752 2774 { 2753 if ( get_post_type((int)$child_contact_id) != 'contact' ) 2754 { 2755 $return = array('error' => 'Contact ID ' . $child_contact_id . ' received which is not a contact'); 2775 if ( get_post_type((int)$child_contact_id) !== 'contact' ) 2776 { 2777 $return = array('error' => 'Contact ID ' . $child_contact_id . ' is not a contact'); 2778 echo json_encode( $return ); 2779 die(); 2780 } 2781 2782 if ( !current_user_can( 'edit_post', $child_contact_id ) ) 2783 { 2784 $return = array('error' => 'Insufficient permissions for contact ID ' . $child_contact_id ); 2756 2785 echo json_encode( $return ); 2757 2786 die(); -
propertyhive/trunk/includes/class-ph-install.php
r3318353 r3394336 97 97 { 98 98 $this->create_terms(); 99 $this->create_pages(); 99 100 set_transient( '_ph_activation_redirect', 1, 30 ); 100 101 } … … 213 214 * @return void 214 215 */ 215 public staticfunction create_pages() {216 public function create_pages() { 216 217 217 218 // Create page object … … 226 227 227 228 // Insert the post into the database 228 $page_id = wp_insert_post( $my_post );229 $page_id = wp_insert_post( $my_post, true ); 229 230 230 update_option( 'propertyhive_search_results_page_id', $page_id ); 231 if ( !is_wp_error($page_id) ) 232 { 233 update_option( 'propertyhive_search_results_page_id', $page_id ); 234 } 231 235 } 232 236 … … 624 628 add_option( 'propertyhive_primary_department', 'residential-sales', '', 'yes' ); 625 629 630 add_option( 'propertyhive_maps_provider', 'osm', '', 'no' ); 631 add_option( 'propertyhive_geocoding_provider', 'osm', '', 'no' ); 632 626 633 add_option( 'propertyhive_default_country', 'GB', '', 'yes' ); 627 634 add_option( 'propertyhive_countries', array('GB'), '', 'yes' ); -
propertyhive/trunk/propertyhive.php
r3393246 r3394336 4 4 * Plugin URI: https://wordpress.org/plugins/propertyhive/ 5 5 * Description: Property Hive has everything you need to build estate agency websites 6 * Version: 2.1.1 26 * Version: 2.1.13 7 7 * Author: PropertyHive 8 8 * Author URI: https://wp-property-hive.com … … 28 28 * 29 29 * @class PropertyHive 30 * @version 2.1.1 230 * @version 2.1.13 31 31 */ 32 32 final class PropertyHive { … … 35 35 * @var string 36 36 */ 37 public $version = '2.1.1 2';37 public $version = '2.1.13'; 38 38 39 39 /**
Note: See TracChangeset
for help on using the changeset viewer.