Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3399154

Timestamp:

11/19/2025 05:16:05 PM (4 months ago)

Author:

Rustaurius

Message:

v2.3.16 released and tagged

Location:

business-profile

Files:

: 8 edited
: 1 copied

tags/2.3.16 (copied) (copied from business-profile/trunk)
tags/2.3.16/bpfwp-templates/contact-card.php (modified) (1 diff)
tags/2.3.16/business-profile.php (modified) (2 diffs)
tags/2.3.16/includes/template-functions.php (modified) (1 diff)
tags/2.3.16/readme.txt (modified) (2 diffs)
trunk/bpfwp-templates/contact-card.php (modified) (1 diff)
trunk/business-profile.php (modified) (2 diffs)
trunk/includes/template-functions.php (modified) (1 diff)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

business-profile/tags/2.3.16/bpfwp-templates/contact-card.php

-                      r2891361
+                      r3399154
     <?php
     foreach ( $data as $data => $callback ) {
+        $return_array = call_user_func( $callback, bpfwp_get_display( 'location' ) );
+        if ( is_array( $return_array ) ) { $json_ld_data = array_merge_recursive( $json_ld_data, $return_array ); }
+        if ( is_callable( $callback ) && bpfwp_is_callback_allowed( $callback ) ) {
+            $return_array = call_user_func( $callback, bpfwp_get_display( 'location' ) );
+            if ( is_array( $return_array ) ) { $json_ld_data = array_merge_recursive( $json_ld_data, $return_array ); }
+        }
+    }
     ?>

business-profile/tags/2.3.16/business-profile.php

-                      r3366778
+                      r3399154
  * Plugin URI:  https://www.fivestarplugins.com/plugins/business-profile/
  * Description: Add schema structured data to any page or post type. Create an SEO friendly contact card with your business info and associated schema. Supports Google Map, opening hours and more.
  * Version:     2.3.15
+ * Version:     2.3.16
  * Author:      Five Star Plugins
  * Author URI:  https://www.fivestarplugins.com
 …
             define( 'BPFWP_PLUGIN_URL', untrailingslashit( plugin_dir_url( __FILE__ ) ) );
             define( 'BPFWP_PLUGIN_FNAME', plugin_basename( __FILE__ ) );
             define( 'BPFWP_VERSION', '2.3.15' );
+            define( 'BPFWP_VERSION', '2.3.16' );
+        }

business-profile/tags/2.3.16/includes/template-functions.php

-                      r3324583
+                      r3399154
+}
+}
+if ( ! function_exists ( 'bpfwp_get_blacklisted_callbacks' ) ) {
+function bpfwp_get_blacklisted_callbacks() {
+    $dangerous_functions = array(
+        // Command execution / processes
+        'system',
+        'exec',
+        'shell_exec',
+        'passthru',
+        'proc_open',
+        'popen',
+        'pcntl_exec',
+        // Dynamic code / evaluation
+        'eval',             // not used as a callback, but block name anyway
+        'assert',
+        'create_function',
+        // File read/write
+        'file_get_contents',
+        'file_put_contents',
+        'fopen',
+        'fwrite',
+        'fputs',
+        'fprintf',
+        'ftruncate',
+        'unlink',
+        'copy',
+        'rename',
+        'rmdir',
+        'mkdir',
+        'scandir',
+        'glob',
+        'readfile',
+        'file',             // reads entire file into array
+        'move_uploaded_file',
+        'chmod',
+        'chown',
+        'chgrp',
+        'symlink',
+        'link',
+        'tempnam',
+        // Network / sockets / external calls
+        'fsockopen',
+        'pfsockopen',
+        'curl_exec',
+        'curl_multi_exec',
+        'stream_socket_client',
+        'stream_socket_server',
+        // Environment manipulation / mail (optional, but often sensitive)
+        'putenv',
+        'apache_setenv',
+        'mail',
+    );
+    return $dangerous_functions;
+}
+}
+if ( ! function_exists ( 'bpfwp_is_callback_allowed' ) ) {
+function bpfwp_is_callback_allowed( $callback ) {
+    $dangerous_functions = bpfwp_get_blacklisted_callbacks();
+    // Disallow closures entirely (you can't inspect them safely)
+    if ( $callback instanceof Closure ) {
+        return false;
+    }
+    // Simple function name
+    if ( is_string( $callback ) ) {
+        $name = strtolower( ltrim( $callback, '\\' ) );
+        return ! in_array( $name, $dangerous_functions, true );
+    }
+    // Array callback: [object|string, 'method']
+    if ( is_array( $callback ) && count( $callback ) === 2 ) {
+        $method = strtolower( $callback[1] );
+        // Optionally reuse same list for methods
+        if ( in_array( $method, $dangerous_functions, true ) ) {
+            return false;
+        }
+        // Optional: block certain classes / namespaces
+        if ( is_string( $callback[0] ) ) {
+            $class = ltrim( $callback[0], '\\' );
+            // Example: disallow callbacks from some class
+            // if ( $class === 'DangerousClass' ) return false;
+        }
+        return true;
+    }
+    return false;
+}
+}

business-profile/tags/2.3.16/readme.txt

-                      r3366778
+                      r3399154
 Tested Up To: 6.8
 Tags: business profile, seo, local seo, schema, address, google map, contact, phone, contact card, vcard, contact info, business location, business address, business map, business schema, organization schema, corporation schema, contact schema, address schema, location schema, map schema, business structured data, business microdata, address microdata, location structured data, location microdata, contact shortcode, location shortcode, address shortcode, schema shortcode, gutenberg schema, gutenberg address
 Stable tag: 2.3.15
+Stable tag: 2.3.16
 License: GPLv3
 License URI:http://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 2.3.16 (2025-11-19) =
+- Patch for reported Patchstack vulnerability.
 = 2.3.15 (2025-09-23) =
 - Updated admin notice capabilities

business-profile/trunk/bpfwp-templates/contact-card.php

-                      r2891361
+                      r3399154
     <?php
     foreach ( $data as $data => $callback ) {
+        $return_array = call_user_func( $callback, bpfwp_get_display( 'location' ) );
+        if ( is_array( $return_array ) ) { $json_ld_data = array_merge_recursive( $json_ld_data, $return_array ); }
+        if ( is_callable( $callback ) && bpfwp_is_callback_allowed( $callback ) ) {
+            $return_array = call_user_func( $callback, bpfwp_get_display( 'location' ) );
+            if ( is_array( $return_array ) ) { $json_ld_data = array_merge_recursive( $json_ld_data, $return_array ); }
+        }
+    }
     ?>

business-profile/trunk/business-profile.php

-                      r3366778
+                      r3399154
  * Plugin URI:  https://www.fivestarplugins.com/plugins/business-profile/
  * Description: Add schema structured data to any page or post type. Create an SEO friendly contact card with your business info and associated schema. Supports Google Map, opening hours and more.
  * Version:     2.3.15
+ * Version:     2.3.16
  * Author:      Five Star Plugins
  * Author URI:  https://www.fivestarplugins.com
 …
             define( 'BPFWP_PLUGIN_URL', untrailingslashit( plugin_dir_url( __FILE__ ) ) );
             define( 'BPFWP_PLUGIN_FNAME', plugin_basename( __FILE__ ) );
             define( 'BPFWP_VERSION', '2.3.15' );
+            define( 'BPFWP_VERSION', '2.3.16' );
+        }

business-profile/trunk/includes/template-functions.php

-                      r3324583
+                      r3399154
+}
+}
+if ( ! function_exists ( 'bpfwp_get_blacklisted_callbacks' ) ) {
+function bpfwp_get_blacklisted_callbacks() {
+    $dangerous_functions = array(
+        // Command execution / processes
+        'system',
+        'exec',
+        'shell_exec',
+        'passthru',
+        'proc_open',
+        'popen',
+        'pcntl_exec',
+        // Dynamic code / evaluation
+        'eval',             // not used as a callback, but block name anyway
+        'assert',
+        'create_function',
+        // File read/write
+        'file_get_contents',
+        'file_put_contents',
+        'fopen',
+        'fwrite',
+        'fputs',
+        'fprintf',
+        'ftruncate',
+        'unlink',
+        'copy',
+        'rename',
+        'rmdir',
+        'mkdir',
+        'scandir',
+        'glob',
+        'readfile',
+        'file',             // reads entire file into array
+        'move_uploaded_file',
+        'chmod',
+        'chown',
+        'chgrp',
+        'symlink',
+        'link',
+        'tempnam',
+        // Network / sockets / external calls
+        'fsockopen',
+        'pfsockopen',
+        'curl_exec',
+        'curl_multi_exec',
+        'stream_socket_client',
+        'stream_socket_server',
+        // Environment manipulation / mail (optional, but often sensitive)
+        'putenv',
+        'apache_setenv',
+        'mail',
+    );
+    return $dangerous_functions;
+}
+}
+if ( ! function_exists ( 'bpfwp_is_callback_allowed' ) ) {
+function bpfwp_is_callback_allowed( $callback ) {
+    $dangerous_functions = bpfwp_get_blacklisted_callbacks();
+    // Disallow closures entirely (you can't inspect them safely)
+    if ( $callback instanceof Closure ) {
+        return false;
+    }
+    // Simple function name
+    if ( is_string( $callback ) ) {
+        $name = strtolower( ltrim( $callback, '\\' ) );
+        return ! in_array( $name, $dangerous_functions, true );
+    }
+    // Array callback: [object|string, 'method']
+    if ( is_array( $callback ) && count( $callback ) === 2 ) {
+        $method = strtolower( $callback[1] );
+        // Optionally reuse same list for methods
+        if ( in_array( $method, $dangerous_functions, true ) ) {
+            return false;
+        }
+        // Optional: block certain classes / namespaces
+        if ( is_string( $callback[0] ) ) {
+            $class = ltrim( $callback[0], '\\' );
+            // Example: disallow callbacks from some class
+            // if ( $class === 'DangerousClass' ) return false;
+        }
+        return true;
+    }
+    return false;
+}
+}

business-profile/trunk/readme.txt

-                      r3366778
+                      r3399154
 Tested Up To: 6.8
 Tags: business profile, seo, local seo, schema, address, google map, contact, phone, contact card, vcard, contact info, business location, business address, business map, business schema, organization schema, corporation schema, contact schema, address schema, location schema, map schema, business structured data, business microdata, address microdata, location structured data, location microdata, contact shortcode, location shortcode, address shortcode, schema shortcode, gutenberg schema, gutenberg address
 Stable tag: 2.3.15
+Stable tag: 2.3.16
 License: GPLv3
 License URI:http://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 2.3.16 (2025-11-19) =
+- Patch for reported Patchstack vulnerability.
 = 2.3.15 (2025-09-23) =
 - Updated admin notice capabilities

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory