Changeset 3448005
- Timestamp:
- 01/27/2026 03:40:02 PM (6 weeks ago)
- Location:
- insert-php
- Files:
-
- 6 deleted
- 12 edited
- 1 copied
-
tags/2.7.2 (copied) (copied from insert-php/trunk)
-
tags/2.7.2/.wp-env.override.json (deleted)
-
tags/2.7.2/CHANGELOG.md (modified) (1 diff)
-
tags/2.7.2/admin/assets/gulpfile.js (deleted)
-
tags/2.7.2/includes/class.helpers.php (modified) (2 diffs)
-
tags/2.7.2/includes/shortcodes/shortcodes.php (modified) (1 diff)
-
tags/2.7.2/insert_php.php (modified) (2 diffs)
-
tags/2.7.2/phpcs.baseline.xml (deleted)
-
tags/2.7.2/readme.txt (modified) (2 diffs)
-
tags/2.7.2/vendor/composer/installed.php (modified) (2 diffs)
-
trunk/.wp-env.override.json (deleted)
-
trunk/CHANGELOG.md (modified) (1 diff)
-
trunk/admin/assets/gulpfile.js (deleted)
-
trunk/includes/class.helpers.php (modified) (2 diffs)
-
trunk/includes/shortcodes/shortcodes.php (modified) (1 diff)
-
trunk/insert_php.php (modified) (2 diffs)
-
trunk/phpcs.baseline.xml (deleted)
-
trunk/readme.txt (modified) (2 diffs)
-
trunk/vendor/composer/installed.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
insert-php/tags/2.7.2/CHANGELOG.md
r3443800 r3448005 1 ##### Version 2.7.2 (2026-01-27) 2 3 - This release focuses on improving the security and robustness of snippet type handling in the codebase. 4 1 5 ##### Version 2.7.1 (2026-01-21) 2 6 -
insert-php/tags/2.7.2/includes/class.helpers.php
r3442510 r3448005 159 159 * @param mixed $post_id Post ID. 160 160 * 161 * @return array|mixed|string161 * @return string|false Snippet type string, or false if post is not a valid snippet post type or not found. 162 162 */ 163 163 public static function get_snippet_type( $post_id = null ) { … … 175 175 if ( ! empty( $post_id ) ) { 176 176 $_post = get_post( $post_id ); 177 178 // Security: Validate that the post belongs to the snippet post type 179 // to prevent arbitrary post content execution via shortcodes. 180 if ( empty( $_post ) || WINP_SNIPPETS_POST_TYPE !== $_post->post_type ) { 181 return false; 182 } 177 183 } 178 184 -
insert-php/tags/2.7.2/includes/shortcodes/shortcodes.php
r3442510 r3448005 153 153 $id = isset( $attr['id'] ) ? (int) $attr['id'] : null; 154 154 155 if ( $id && WINP_Helper::get_snippet_type( $id ) !== $type ) { 156 $id = 0; 155 $snippet_type = null; 156 157 // Only resolve snippet type when a valid (truthy) ID is provided to avoid 158 // unnecessary request parsing or database lookups for invalid IDs. 159 if ( $id ) { 160 $snippet_type = WINP_Helper::get_snippet_type( $id ); 161 162 // Security: Reject if get_snippet_type() returned false (invalid post type) 163 // or if the snippet type doesn't match the expected type. 164 if ( false === $snippet_type || $snippet_type !== $type ) { 165 $id = 0; 166 } 157 167 } 158 168 -
insert-php/tags/2.7.2/insert_php.php
r3443800 r3448005 5 5 * Description: Executes PHP code, uses conditional logic to insert ads, text, media content and external service's code. Ensures no content duplication. 6 6 * Author: Themeisle 7 * Version: 2.7. 17 * Version: 2.7.2 8 8 * WordPress Available: yes 9 9 * Requires License: no … … 42 42 define( 'WINP_PLUGIN_ACTIVE', true ); 43 43 44 define( 'WINP_PLUGIN_VERSION', '2. 6.1' );44 define( 'WINP_PLUGIN_VERSION', '2.7.2' ); 45 45 46 46 // Root directory of the plugin. -
insert-php/tags/2.7.2/readme.txt
r3445479 r3448005 5 5 Tested up to: 6.9 6 6 Requires PHP: 7.0 7 Stable tag: 2.7. 17 Stable tag: 2.7.2 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 281 281 282 282 == Changelog == 283 284 ##### Version 2.7.2 (2026-01-27) 285 286 - This release focuses on improving the security and robustness of snippet type handling in the codebase. 287 288 289 283 290 284 291 ##### Version 2.7.1 (2026-01-21) -
insert-php/tags/2.7.2/vendor/composer/installed.php
r3443800 r3448005 2 2 'root' => array( 3 3 'name' => 'codeinwp/insert-php', 4 'pretty_version' => 'v2.7. 1',5 'version' => '2.7. 1.0',6 'reference' => 'bc ad6f4886fc15c40b9ea61b3e9e94af766ee790',4 'pretty_version' => 'v2.7.2', 5 'version' => '2.7.2.0', 6 'reference' => 'bc59d77ab35704dae54f5589e1f2871c43b10148', 7 7 'type' => 'library', 8 8 'install_path' => __DIR__ . '/../../', … … 12 12 'versions' => array( 13 13 'codeinwp/insert-php' => array( 14 'pretty_version' => 'v2.7. 1',15 'version' => '2.7. 1.0',16 'reference' => 'bc ad6f4886fc15c40b9ea61b3e9e94af766ee790',14 'pretty_version' => 'v2.7.2', 15 'version' => '2.7.2.0', 16 'reference' => 'bc59d77ab35704dae54f5589e1f2871c43b10148', 17 17 'type' => 'library', 18 18 'install_path' => __DIR__ . '/../../', -
insert-php/trunk/CHANGELOG.md
r3443800 r3448005 1 ##### Version 2.7.2 (2026-01-27) 2 3 - This release focuses on improving the security and robustness of snippet type handling in the codebase. 4 1 5 ##### Version 2.7.1 (2026-01-21) 2 6 -
insert-php/trunk/includes/class.helpers.php
r3442510 r3448005 159 159 * @param mixed $post_id Post ID. 160 160 * 161 * @return array|mixed|string161 * @return string|false Snippet type string, or false if post is not a valid snippet post type or not found. 162 162 */ 163 163 public static function get_snippet_type( $post_id = null ) { … … 175 175 if ( ! empty( $post_id ) ) { 176 176 $_post = get_post( $post_id ); 177 178 // Security: Validate that the post belongs to the snippet post type 179 // to prevent arbitrary post content execution via shortcodes. 180 if ( empty( $_post ) || WINP_SNIPPETS_POST_TYPE !== $_post->post_type ) { 181 return false; 182 } 177 183 } 178 184 -
insert-php/trunk/includes/shortcodes/shortcodes.php
r3442510 r3448005 153 153 $id = isset( $attr['id'] ) ? (int) $attr['id'] : null; 154 154 155 if ( $id && WINP_Helper::get_snippet_type( $id ) !== $type ) { 156 $id = 0; 155 $snippet_type = null; 156 157 // Only resolve snippet type when a valid (truthy) ID is provided to avoid 158 // unnecessary request parsing or database lookups for invalid IDs. 159 if ( $id ) { 160 $snippet_type = WINP_Helper::get_snippet_type( $id ); 161 162 // Security: Reject if get_snippet_type() returned false (invalid post type) 163 // or if the snippet type doesn't match the expected type. 164 if ( false === $snippet_type || $snippet_type !== $type ) { 165 $id = 0; 166 } 157 167 } 158 168 -
insert-php/trunk/insert_php.php
r3443800 r3448005 5 5 * Description: Executes PHP code, uses conditional logic to insert ads, text, media content and external service's code. Ensures no content duplication. 6 6 * Author: Themeisle 7 * Version: 2.7. 17 * Version: 2.7.2 8 8 * WordPress Available: yes 9 9 * Requires License: no … … 42 42 define( 'WINP_PLUGIN_ACTIVE', true ); 43 43 44 define( 'WINP_PLUGIN_VERSION', '2. 6.1' );44 define( 'WINP_PLUGIN_VERSION', '2.7.2' ); 45 45 46 46 // Root directory of the plugin. -
insert-php/trunk/readme.txt
r3445479 r3448005 5 5 Tested up to: 6.9 6 6 Requires PHP: 7.0 7 Stable tag: 2.7. 17 Stable tag: 2.7.2 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 281 281 282 282 == Changelog == 283 284 ##### Version 2.7.2 (2026-01-27) 285 286 - This release focuses on improving the security and robustness of snippet type handling in the codebase. 287 288 289 283 290 284 291 ##### Version 2.7.1 (2026-01-21) -
insert-php/trunk/vendor/composer/installed.php
r3443800 r3448005 2 2 'root' => array( 3 3 'name' => 'codeinwp/insert-php', 4 'pretty_version' => 'v2.7. 1',5 'version' => '2.7. 1.0',6 'reference' => 'bc ad6f4886fc15c40b9ea61b3e9e94af766ee790',4 'pretty_version' => 'v2.7.2', 5 'version' => '2.7.2.0', 6 'reference' => 'bc59d77ab35704dae54f5589e1f2871c43b10148', 7 7 'type' => 'library', 8 8 'install_path' => __DIR__ . '/../../', … … 12 12 'versions' => array( 13 13 'codeinwp/insert-php' => array( 14 'pretty_version' => 'v2.7. 1',15 'version' => '2.7. 1.0',16 'reference' => 'bc ad6f4886fc15c40b9ea61b3e9e94af766ee790',14 'pretty_version' => 'v2.7.2', 15 'version' => '2.7.2.0', 16 'reference' => 'bc59d77ab35704dae54f5589e1f2871c43b10148', 17 17 'type' => 'library', 18 18 'install_path' => __DIR__ . '/../../',
Note: See TracChangeset
for help on using the changeset viewer.