Changeset 3434387
- Timestamp:
- 01/07/2026 01:33:27 PM (2 months ago)
- Location:
- review-for-discount
- Files:
-
- 39 added
- 1 deleted
- 5 edited
-
tags/1.0.8 (added)
-
tags/1.0.8/admin (added)
-
tags/1.0.8/admin/class-xswcrd-review-discounts-admin.php (added)
-
tags/1.0.8/admin/class-xswcrd-review-discounts-settings.php (added)
-
tags/1.0.8/admin/css (added)
-
tags/1.0.8/admin/css/select2.min.css (added)
-
tags/1.0.8/admin/css/wc-review-discounts-admin.css (added)
-
tags/1.0.8/admin/js (added)
-
tags/1.0.8/admin/js/select2.full.min.js (added)
-
tags/1.0.8/admin/js/wc-review-discounts-admin.js (added)
-
tags/1.0.8/admin/partials (added)
-
tags/1.0.8/admin/partials/wc-photo-reviews-admin-display.php (added)
-
tags/1.0.8/admin/partials/wc-review-discounts-admin-sendgrid.php (added)
-
tags/1.0.8/admin/partials/wc-review-discounts-admin-settings.php (added)
-
tags/1.0.8/admin/partials/wc-review-discounts-meta-box.php (added)
-
tags/1.0.8/admin/partials/wc-review-discounts-support.php (added)
-
tags/1.0.8/common (added)
-
tags/1.0.8/common/class-xswcrd-review-discounts-email-strings.php (added)
-
tags/1.0.8/images (added)
-
tags/1.0.8/images/rocket.svg (added)
-
tags/1.0.8/includes (added)
-
tags/1.0.8/includes/class-xswcrd-review-discounts-activator.php (added)
-
tags/1.0.8/includes/class-xswcrd-review-discounts-deactivator.php (added)
-
tags/1.0.8/includes/class-xswcrd-review-discounts-loader.php (added)
-
tags/1.0.8/includes/class-xswcrd-review-discounts.php (added)
-
tags/1.0.8/languages (added)
-
tags/1.0.8/languages/review-for-discount-it_IT.mo (added)
-
tags/1.0.8/languages/review-for-discount-it_IT.po (added)
-
tags/1.0.8/languages/review-for-discount.pot (added)
-
tags/1.0.8/public (added)
-
tags/1.0.8/public/class-xswcrd-review-discounts-public.php (added)
-
tags/1.0.8/public/css (added)
-
tags/1.0.8/public/css/wc-photo-reviews-public.css (added)
-
tags/1.0.8/public/js (added)
-
tags/1.0.8/public/js/wc-photo-reviews-public.js (added)
-
tags/1.0.8/public/partials (added)
-
tags/1.0.8/readme.txt (added)
-
tags/1.0.8/review-for-review.php (added)
-
tags/1.0.8/uninstall.php (added)
-
trunk/admin/class-xswcrd-review-discounts-admin.php (modified) (3 diffs)
-
trunk/includes/class-xswcrd-review-discounts-activator.php (modified) (1 diff)
-
trunk/includes/class-xswcrd-review-discounts.php (modified) (1 diff)
-
trunk/photo-review-diagnostic.php (deleted)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/review-for-review.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
review-for-discount/trunk/admin/class-xswcrd-review-discounts-admin.php
r3405128 r3434387 162 162 'not_found_in_trash' => esc_html__( 'No Review Discount found in trash', 'review-for-discount' ), 163 163 ), 164 'public' => true,164 'public' => false, 165 165 'supports' => array( 'title' ), 166 166 'show_ui' => true, 167 'capability_type' => 'post', 167 'capability_type' => array( 'review_discount', 'review_discounts' ), 168 'map_meta_cap' => true, 168 169 'show_in_menu' => true, 169 170 'menu_icon' => 'dashicons-awards', 170 'map_meta_cap' => true, 171 'publicly_queryable' => true, 172 'exclude_from_search' => false, 171 'publicly_queryable' => false, 172 'exclude_from_search' => true, 173 173 'hierarchical' => false, 174 'rewrite' => array( 175 'slug' => 'xswc-review-discount', 176 'with_front' => true, 177 ), 174 'rewrite' => false, 178 175 'query_var' => false, 179 'has_archive' => 'false',176 'has_archive' => false, 180 177 181 178 ) … … 424 421 */ 425 422 public function xswcrd_send_test_email() { 423 // Verify nonce for CSRF protection. 426 424 if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ?? '' ) ), 'xswcrd_test_email' ) ) { 427 425 wp_die( 'Security check failed.' ); 426 } 427 428 // Verify user has admin capabilities - fixes CVE-2025-14070. 429 if ( ! current_user_can( 'manage_options' ) ) { 430 wp_die( 'Insufficient permissions.' ); 428 431 } 429 432 global $current_user; … … 600 603 */ 601 604 public function xs_send_mail() { 605 // Verify user has admin capabilities. 606 if ( ! current_user_can( 'manage_options' ) ) { 607 wp_send_json( array( 'status' => false ) ); 608 wp_die(); 609 } 610 602 611 $data = array(); 603 612 if ( isset( $_POST['nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['nonce'] ) ), 'xswcrd_test_email' ) && isset( $_POST['data'] ) && ! empty( $_POST['data'] ) ) { -
review-for-discount/trunk/includes/class-xswcrd-review-discounts-activator.php
r3404686 r3434387 30 30 */ 31 31 public static function xswcrd_activate() { 32 $roles = array( 'administrator', 'shop_manager' ); 33 34 $caps = array( 35 'edit_review_discount', 36 'read_review_discount', 37 'delete_review_discount', 38 'edit_review_discounts', 39 'edit_others_review_discounts', 40 'publish_review_discounts', 41 'read_private_review_discounts', 42 'delete_review_discounts', 43 ); 44 45 foreach ( $roles as $role_name ) { 46 $role = get_role( $role_name ); 47 if ( ! $role ) { 48 continue; 49 } 50 51 foreach ( $caps as $cap ) { 52 $role->add_cap( $cap ); 53 } 54 } 32 55 $default_settings = array( 33 56 'enable' => 'on', -
review-for-discount/trunk/includes/class-xswcrd-review-discounts.php
r3404686 r3434387 67 67 */ 68 68 public function __construct() { 69 if ( defined( ' WC_REVIEW_DISCOUNTS_VERSION' ) ) {70 $this->version = WC_REVIEW_DISCOUNTS_VERSION;69 if ( defined( 'XSWCRD_REVIEW_DISCOUNTS_VERSION' ) ) { 70 $this->version = XSWCRD_REVIEW_DISCOUNTS_VERSION; 71 71 } else { 72 72 $this->version = '1.0.0'; -
review-for-discount/trunk/readme.txt
r3418682 r3434387 7 7 Tested up to: 6.9 8 8 WC requires at least: 5.0 9 WC tested up to: 10. 210 Stable tag: 1.0. 79 WC tested up to: 10.4 10 Stable tag: 1.0.8 11 11 License: GPLv2 or later 12 12 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 276 276 277 277 == Changelog == 278 **1.0.8** 279 Security: Fixed missing authorization vulnerability in AJAX handlers (CVE-2025-14070). 280 Security: Added capability checks to send_test_email and xs_send_mail functions. 281 Security: Restricted custom post type access to administrators only (prevent nonce extraction). 282 Security: Changed custom post type from public to private with manage_options capability. 283 Security: Improved nonce verification and access control for admin-only functions. 284 278 285 **1.0.7** 279 Fix: Cpoupon amount issue. 286 Fix: Coupon amount issue. 287 280 288 **1.0.6** 281 289 Fix: All issue show plugin check. -
review-for-discount/trunk/review-for-review.php
r3418682 r3434387 15 15 * Plugin Name: Reviewify — Review Discounts & Photo/Video Reviews for WooCommerce 16 16 * Description: Give customers discount coupons for reviews via automated emails and enable photo and video reviews for WooCommerce. 17 * Version: 1.0. 717 * Version: 1.0.8 18 18 * Author: XfinitySoft 19 19 * Author URI: https://xfinitysoft.com/ … … 24 24 * Tested up to: 6.9 25 25 * WC requires at least: 5.0. 26 * WC tested up to: 10. 226 * WC tested up to: 10.4 27 27 * License: GPLv2 or later 28 28 * License URI: https://www.gnu.org/licenses/gpl-2.0.html … … 53 53 ); 54 54 55 if ( ! defined( 'WC_REVIEW_DISCOUNTS_VERSION' ) ) {56 define( 'WC_REVIEW_DISCOUNTS_VERSION', '1.0.6' );57 }58 55 if ( ! defined( 'XSWCRD_REVIEW_DISCOUNTS_VERSION' ) ) { 59 define( 'XSWCRD_REVIEW_DISCOUNTS_VERSION', '1.0. 6' );56 define( 'XSWCRD_REVIEW_DISCOUNTS_VERSION', '1.0.8' ); 60 57 } 61 58 if ( ! defined( 'XSWCRD_ROOT_URL' ) ) {
Note: See TracChangeset
for help on using the changeset viewer.