Changeset 3427589
- Timestamp:
- 12/26/2025 07:09:54 AM (2 months ago)
- Location:
- litextension-data-migration-to-woocommerce/trunk
- Files:
-
- 5 edited
-
changelog.txt (modified) (1 diff)
-
class/LitAutoLoad.php (modified) (3 diffs)
-
class/LitView.php (modified) (3 diffs)
-
litextension.php (modified) (2 diffs)
-
readme.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
litextension-data-migration-to-woocommerce/trunk/changelog.txt
r3422581 r3427589 1 = 1.2.5 = 2 * Security and compatibility improvements 3 * Fixed WooCommerce Helper notice 4 * Improved HPOS compatibility 5 1 6 = 1.2.4 = 2 7 * Tested up to: 6.9 -
litextension-data-migration-to-woocommerce/trunk/class/LitAutoLoad.php
r3422581 r3427589 34 34 35 35 // Only handle our own namespace. 36 if ( 0 !== strpos( $className, $prefix ) ) {36 if ( 0 !== strpos( (string) $className, $prefix ) ) { 37 37 return false; 38 38 } 39 39 40 // Block unexpected characters to avoid traversal / weird encodings.41 if ( ! preg_match( '/^[A-Za-z0-9_\\\\]+$/', $className ) ) {40 // Only allow expected characters. 41 if ( ! preg_match( '/^[A-Za-z0-9_\\\\]+$/', (string) $className ) ) { 42 42 return false; 43 43 } 44 44 45 $relative = substr( $className, strlen( $prefix ) );45 $relative = substr( (string) $className, strlen( $prefix ) ); 46 46 if ( '' === $relative ) { 47 47 return false; … … 56 56 $file_real = realpath( $file_path ); 57 57 58 // realpath() returns false if the file doesn't exist.59 58 if ( false === $base_real || false === $file_real ) { 60 59 return false; 61 60 } 62 61 63 // Ensure resolved file is inside base dir. 64 $base_real = rtrim( $base_real, DIRECTORY_SEPARATOR ) . DIRECTORY_SEPARATOR; 62 // Normalize paths for reliable prefix checking. 63 $base_real = trailingslashit( wp_normalize_path( $base_real ) ); 64 $file_real = wp_normalize_path( $file_real ); 65 66 // Ensure the resolved file is within base directory. 65 67 if ( 0 !== strpos( $file_real, $base_real ) ) { 66 68 return false; … … 68 70 69 71 if ( is_readable( $file_real ) ) { 72 // Semgrep flags variable require args; path is strictly validated above. 73 // nosemgrep: audit.php.lang.security.file.inclusion-arg 70 74 require_once $file_real; 71 75 return true; -
litextension-data-migration-to-woocommerce/trunk/class/LitView.php
r3422581 r3427589 20 20 */ 21 21 public function litView( $file, $_param ) { 22 $file = (string) $file; 23 22 24 // Only allow safe view names (no ../, no slashes). 23 $file = (string) $file;24 25 if ( ! preg_match( '/^[A-Za-z0-9_-]+$/', $file ) ) { 25 26 /* translators: %s: View name. */ 26 throw new \Exception(sprintf(esc_html__( 'Invalid view name: %s', 'litextension-data-migration-to-woocommerce' ), esc_html( $file)));27 throw new \Exception(sprintf(esc_html__( 'Invalid view name: %s', 'litextension-data-migration-to-woocommerce' ), esc_html( $file ))); 27 28 } 28 29 … … 35 36 if ( false === $base_real || false === $file_real ) { 36 37 /* translators: %s: File path. */ 37 throw new \Exception(sprintf(esc_html__( 'File "%s" not found!', 'litextension-data-migration-to-woocommerce' ), esc_html( $filePath)));38 throw new \Exception(sprintf(esc_html__( 'File "%s" not found!', 'litextension-data-migration-to-woocommerce' ), esc_html( $filePath ))); 38 39 } 39 40 40 // Ensure the resolved file is inside the views directory. 41 $base_real = rtrim( $base_real, DIRECTORY_SEPARATOR ) . DIRECTORY_SEPARATOR; 41 // Normalize paths then ensure the resolved file is inside the views directory. 42 $base_real = trailingslashit( wp_normalize_path( $base_real ) ); 43 $file_real = wp_normalize_path( $file_real ); 44 42 45 if ( 0 !== strpos( $file_real, $base_real ) ) { 43 46 /* translators: %s: File path. */ 44 throw new \Exception(sprintf(esc_html__( 'File "%s" not allowed!', 'litextension-data-migration-to-woocommerce' ), esc_html( $filePath)));47 throw new \Exception(sprintf(esc_html__( 'File "%s" not allowed!', 'litextension-data-migration-to-woocommerce' ), esc_html( $filePath ))); 45 48 } 46 49 … … 50 53 } 51 54 55 // Semgrep flags variable require args; path is strictly validated above. 56 // nosemgrep: audit.php.lang.security.file.inclusion-arg 52 57 require $file_real; 53 58 } -
litextension-data-migration-to-woocommerce/trunk/litextension.php
r3422581 r3427589 4 4 * Plugin URI: https://litextension.com/ 5 5 * Description: Migrate your store from 140+ platforms to WooCommerce with no downtime, no data loss, and secure, automated migration. 6 * Version: 1.2. 46 * Version: 1.2.5 7 7 * Author: Litextension 8 8 * Author URI: https://litextension.com 9 * License: GPL2 9 * License: GPLv2 or later 10 * License URI: https://www.gnu.org/licenses/gpl-2.0.html 10 11 * Text Domain: litextension-data-migration-to-woocommerce 11 12 * Requires at least: 5.8 12 13 * Tested up to: 6.9 13 14 * Requires PHP: 7.4 14 * Woo: 6.015 15 * WC requires at least: 6.0 16 16 * WC tested up to: 9.0 … … 23 23 } 24 24 25 define( 'LIT_VERSION', '1.2. 4' );25 define( 'LIT_VERSION', '1.2.5' ); 26 26 define( 'LIT_PATH_PLUGIN', __DIR__ . '/' ); 27 27 define( 'LIT_URL_PLUGIN', plugin_dir_url( __FILE__ ) ); // plugin_dir_url already ends with / -
litextension-data-migration-to-woocommerce/trunk/readme.txt
r3422631 r3427589 4 4 Requires at least: 5.8 5 5 Tested up to: 6.9 6 Stable tag: 1.2. 46 Stable tag: 1.2.5 7 7 License: GPLv2 or later 8 8 License URI: http://www.gnu.org/licenses/gpl-2.0.html
Note: See TracChangeset
for help on using the changeset viewer.