WordPress.org
Get WordPress

Plugin Directory

Changeset 3465344


Ignore:
Timestamp:
02/19/2026 07:38:22 PM (6 weeks ago)
Author:
premmerce
Message:

Release 1.1.12

Location:
premmerce-woocommerce-wholesale-pricing
Files:
12 edited
1 copied

Legend:

Unmodified
Added
Removed

  • premmerce-woocommerce-wholesale-pricing/tags/1.1.12/premmerce-price-types.php

    r3465244 r3465344  
    99 * Plugin URI:        https://premmerce.com
    1010 * Description:       Premmerce Wholesale Pricing for WooCommerce is a plugin that allows you to add individual wholesale prices or other price types for WooCommerce products to  any customers roles.
    11  * Version:           1.1.11
     11 * Version:           1.1.12
    1212 * Author:            Premmerce
    1313 * Author URI:        https://profiles.wordpress.org/premmerce

  • premmerce-woocommerce-wholesale-pricing/tags/1.1.12/readme.txt

    r3465244 r3465344  
    44Requires at least: 4.8
    55Tested up to: 6.9
    6 Stable tag: 1.1.11
     6Stable tag: 1.1.12
    77Requires PHP: 5.6
    88License: GPLv2 or later
     
    6060
    6161== Changelog ==
     62
     63= 1.1.12 (19th Feb 2026) =
     64
     65* Security Fix: Missing authorization and CSRF on bulk delete action (CVE-2025-64285)
     66* Security Fix: Escape role output in price types table
    6267
    6368= 1.1.11 (19th Feb 2026) =

  • premmerce-woocommerce-wholesale-pricing/tags/1.1.12/src/Admin/Admin.php

    r3465244 r3465344  
    206206        } else {
    207207            $action = '';
     208        }
     209
     210        if ($action === '') {
     211            return;
     212        }
     213
     214        if (! isset($data['_wpnonce']) || ! wp_verify_nonce(wp_unslash($data['_wpnonce']), 'bulk-price-types')) {
     215            wp_die(__('Security check failed.', 'premmerce-price-types'), 403);
     216        }
     217
     218        if (! current_user_can('manage_woocommerce')) {
     219            wp_die(__('You do not have permission to perform this action.', 'premmerce-price-types'), 403);
    208220        }
    209221

  • premmerce-woocommerce-wholesale-pricing/tags/1.1.12/src/Admin/PriceTypesTable.php

    r3465244 r3465344  
    8080    protected function column_roles($item)
    8181    {
    82         return implode(', ', $item['roles']);
     82        return esc_html(implode(', ', $item['roles']));
    8383    }
    8484

  • premmerce-woocommerce-wholesale-pricing/tags/1.1.12/vendor/composer/installed.php

    r3465244 r3465344  
    22    'root' => array(
    33        'name' => 'premmerce/premmerce-woocommerce-wholesale-pricing',
    4         'pretty_version' => '1.1.11',
    5         'version' => '1.1.11.0',
    6         'reference' => '94699436461f737ea85ca720b2970d0258d0f709',
     4        'pretty_version' => '1.1.12',
     5        'version' => '1.1.12.0',
     6        'reference' => 'b9afc716161f2d89c3f2bd98ecb8747983db2d42',
    77        'type' => 'library',
    88        'install_path' => __DIR__ . '/../../',
     
    1212    'versions' => array(
    1313        'premmerce/premmerce-woocommerce-wholesale-pricing' => array(
    14             'pretty_version' => '1.1.11',
    15             'version' => '1.1.11.0',
    16             'reference' => '94699436461f737ea85ca720b2970d0258d0f709',
     14            'pretty_version' => '1.1.12',
     15            'version' => '1.1.12.0',
     16            'reference' => 'b9afc716161f2d89c3f2bd98ecb8747983db2d42',
    1717            'type' => 'library',
    1818            'install_path' => __DIR__ . '/../../',

  • premmerce-woocommerce-wholesale-pricing/tags/1.1.12/views/admin/tabs/list.php

    r1928116 r3465344  
    2525                    <select data-select="roles" name="roles[]" multiple>
    2626                        <?php foreach ($roles as $key => $name): ?>
    27                             <option value="<?php echo $key; ?>"><?php echo $name; ?></option>
     27                            <option value="<?php echo esc_attr($key); ?>"><?php echo esc_html($name); ?></option>
    2828                        <?php endforeach; ?>
    2929                    </select>
     
    4040    <div class="col-wrap">
    4141        <form action="" method="POST">
     42            <?php wp_nonce_field( 'bulk-price-types' ); ?>
    4243            <?php $table->display(); ?>
    4344        </form>

  • premmerce-woocommerce-wholesale-pricing/trunk/premmerce-price-types.php

    r3465244 r3465344  
    99 * Plugin URI:        https://premmerce.com
    1010 * Description:       Premmerce Wholesale Pricing for WooCommerce is a plugin that allows you to add individual wholesale prices or other price types for WooCommerce products to  any customers roles.
    11  * Version:           1.1.11
     11 * Version:           1.1.12
    1212 * Author:            Premmerce
    1313 * Author URI:        https://profiles.wordpress.org/premmerce

  • premmerce-woocommerce-wholesale-pricing/trunk/readme.txt

    r3465244 r3465344  
    44Requires at least: 4.8
    55Tested up to: 6.9
    6 Stable tag: 1.1.11
     6Stable tag: 1.1.12
    77Requires PHP: 5.6
    88License: GPLv2 or later
     
    6060
    6161== Changelog ==
     62
     63= 1.1.12 (19th Feb 2026) =
     64
     65* Security Fix: Missing authorization and CSRF on bulk delete action (CVE-2025-64285)
     66* Security Fix: Escape role output in price types table
    6267
    6368= 1.1.11 (19th Feb 2026) =

  • premmerce-woocommerce-wholesale-pricing/trunk/src/Admin/Admin.php

    r3465244 r3465344  
    206206        } else {
    207207            $action = '';
     208        }
     209
     210        if ($action === '') {
     211            return;
     212        }
     213
     214        if (! isset($data['_wpnonce']) || ! wp_verify_nonce(wp_unslash($data['_wpnonce']), 'bulk-price-types')) {
     215            wp_die(__('Security check failed.', 'premmerce-price-types'), 403);
     216        }
     217
     218        if (! current_user_can('manage_woocommerce')) {
     219            wp_die(__('You do not have permission to perform this action.', 'premmerce-price-types'), 403);
    208220        }
    209221

  • premmerce-woocommerce-wholesale-pricing/trunk/src/Admin/PriceTypesTable.php

    r3465244 r3465344  
    8080    protected function column_roles($item)
    8181    {
    82         return implode(', ', $item['roles']);
     82        return esc_html(implode(', ', $item['roles']));
    8383    }
    8484

  • premmerce-woocommerce-wholesale-pricing/trunk/vendor/composer/installed.php

    r3465244 r3465344  
    22    'root' => array(
    33        'name' => 'premmerce/premmerce-woocommerce-wholesale-pricing',
    4         'pretty_version' => '1.1.11',
    5         'version' => '1.1.11.0',
    6         'reference' => '94699436461f737ea85ca720b2970d0258d0f709',
     4        'pretty_version' => '1.1.12',
     5        'version' => '1.1.12.0',
     6        'reference' => 'b9afc716161f2d89c3f2bd98ecb8747983db2d42',
    77        'type' => 'library',
    88        'install_path' => __DIR__ . '/../../',
     
    1212    'versions' => array(
    1313        'premmerce/premmerce-woocommerce-wholesale-pricing' => array(
    14             'pretty_version' => '1.1.11',
    15             'version' => '1.1.11.0',
    16             'reference' => '94699436461f737ea85ca720b2970d0258d0f709',
     14            'pretty_version' => '1.1.12',
     15            'version' => '1.1.12.0',
     16            'reference' => 'b9afc716161f2d89c3f2bd98ecb8747983db2d42',
    1717            'type' => 'library',
    1818            'install_path' => __DIR__ . '/../../',

  • premmerce-woocommerce-wholesale-pricing/trunk/views/admin/tabs/list.php

    r1928116 r3465344  
    2525                    <select data-select="roles" name="roles[]" multiple>
    2626                        <?php foreach ($roles as $key => $name): ?>
    27                             <option value="<?php echo $key; ?>"><?php echo $name; ?></option>
     27                            <option value="<?php echo esc_attr($key); ?>"><?php echo esc_html($name); ?></option>
    2828                        <?php endforeach; ?>
    2929                    </select>
     
    4040    <div class="col-wrap">
    4141        <form action="" method="POST">
     42            <?php wp_nonce_field( 'bulk-price-types' ); ?>
    4243            <?php $table->display(); ?>
    4344        </form>
Note: See TracChangeset for help on using the changeset viewer.