WordPress.org
Get WordPress

Plugin Directory

Changeset 3486071


Ignore:
Timestamp:
03/18/2026 10:49:00 PM (10 days ago)
Author:
claudiosanches
Message:

Tagging version 3.2.25

Location:
restrict-content/tags/3.2.25
Files:
9 edited
1 copied

Legend:

Unmodified
Added
Removed

  • restrict-content/tags/3.2.25/composer.json

    r3480366 r3486071  
    11{
    22    "name": "restrictcontent/restrict-content",
    3     "version": "3.2.24",
     3    "version": "3.2.25",
    44    "type": "wordpress-plugin",
    55    "description": "A simple, yet powerful membership solution for WordPress.",

  • restrict-content/tags/3.2.25/core/includes/class-restrict-content.php

    r3480366 r3486071  
    2727     */
    2828    final class Restrict_Content_Pro {
    29         const VERSION = '3.5.57';
     29        const VERSION = '3.5.58.1';
    3030
    3131        /**

  • restrict-content/tags/3.2.25/core/includes/login-functions.php

    r3420370 r3486071  
    185185 *
    186186 * @since  2.3
     187 * @since 3.5.58 Improved validation of redirect URLs
     188 * @since 3.5.58.1 Change sanitization of redirect URLs from sanitize_text_field to sanitize_url
    187189 * @return void
    188190 */
     
    200202
    201203    if ( ! is_wp_error( $errors ) ) {
    202         $redirect_to = esc_url($_POST['rcp_redirect']) . '?rcp_action=lostpassword_checkemail';
    203         wp_redirect( $redirect_to );
     204        $redirect_to = wp_validate_redirect( isset( $_POST['rcp_redirect'] ) ? sanitize_url( wp_unslash( $_POST['rcp_redirect'] ) ) : '', home_url() ); // phpcs:ignore WordPress.WP.DeprecatedFunctions.sanitize_urlFound, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
     205        wp_safe_redirect( add_query_arg( 'rcp_action', 'lostpassword_checkemail', $redirect_to ) );
    204206        exit();
    205207    }
     
    245247     *
    246248     * @since 3.4.3
     249     * @since 3.5.58 Improved validation of redirect URLs
     250     * @since 3.5.58.1 Change sanitization of redirect URLs from sanitize_text_field to sanitize_url
    247251     *
    248252     * @param array   $_POST     The form $_POST data.
     
    268272    $message .= __('If this was a mistake, just ignore this email and nothing will happen.', 'rcp') . "\r\n\r\n";
    269273    $message .= __('To reset your password, visit the following address:', 'rcp') . "\r\n\r\n";
    270     $message .= esc_url_raw( add_query_arg( array( 'rcp_action' => 'lostpassword_reset', 'key' => $key, 'login' => rawurlencode( $user_login ) ), $_POST['rcp_redirect'] ) ) . "\r\n";
     274    $redirect_base = wp_validate_redirect( isset( $_POST['rcp_redirect'] ) ? sanitize_url( wp_unslash( $_POST['rcp_redirect'] ) ) : '', home_url() ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.WP.DeprecatedFunctions.sanitize_urlFound, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
     275    $message .= esc_url_raw(
     276        add_query_arg(
     277            array(
     278                'rcp_action' => 'lostpassword_reset',
     279                'key'        => $key,
     280                'login'      => rawurlencode( $user_login ),
     281            ),
     282            $redirect_base
     283        )
     284    ) . "\r\n";
    271285
    272286    if ( is_multisite() ) {

  • restrict-content/tags/3.2.25/core/includes/member-functions.php

    r3420370 r3486071  
    436436 * @access  private
    437437 * @since   1.5
     438 * @since 3.5.58 Improved validation of redirect URLs
     439 * @since 3.5.58.1 Change sanitization of redirect URLs from sanitize_text_field to sanitize_url
    438440 * @return  void
    439441*/
     
    442444    // Profile field change request
    443445    if ( empty( $_POST['rcp_action'] ) || $_POST['rcp_action'] !== 'edit_user_profile' || !is_user_logged_in() )
    444         return false;
     446        return;
    445447
    446448
    447449    // Nonce security
    448450    if ( ! wp_verify_nonce( $_POST['rcp_profile_editor_nonce'], 'rcp-profile-editor-nonce' ) )
    449         return false;
     451        return;
    450452
    451453    $user_id      = get_current_user_id();
     
    499501            do_action( 'rcp_user_profile_updated', $user_id, $userdata, $old_data );
    500502
    501             wp_safe_redirect( add_query_arg( 'rcp-message', 'profile-updated', sanitize_text_field( $_POST['rcp_redirect'] ) ) );
     503            wp_safe_redirect( add_query_arg( 'rcp-message', 'profile-updated', wp_validate_redirect( isset( $_POST['rcp_redirect'] ) ? sanitize_url( wp_unslash( $_POST['rcp_redirect'] ) ) : '', home_url() ) ) ); // phpcs:ignore WordPress.WP.DeprecatedFunctions.sanitize_urlFound, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    502504
    503505            exit;
     
    514516 * @access  public
    515517 * @since   1.0
     518 * @since 3.5.58 Improved validation of redirect URLs
     519 * @since 3.5.58.1 Change sanitization of redirect URLs from sanitize_text_field to sanitize_url
    516520 * @return  void
    517521 */
     
    559563                setcookie( $rp_cookie, ' ', time() - YEAR_IN_SECONDS, $rp_path, COOKIE_DOMAIN, is_ssl(), true );
    560564                // send password change email here (if WP doesn't)
    561                 wp_safe_redirect( add_query_arg( 'password-reset', 'true', $_POST['rcp_redirect'] ) );
     565                wp_safe_redirect( add_query_arg( 'password-reset', 'true', wp_validate_redirect( isset( $_POST['rcp_redirect'] ) ? sanitize_url( wp_unslash( $_POST['rcp_redirect'] ) ) : '', home_url() ) ) ); // phpcs:ignore WordPress.WP.DeprecatedFunctions.sanitize_urlFound, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
    562566                exit;
    563567            }

  • restrict-content/tags/3.2.25/lang/restrict-content.pot

    r3480366 r3486071  
    33msgid ""
    44msgstr ""
    5 "Project-Id-Version: Restrict Content 3.2.24\n"
     5"Project-Id-Version: Restrict Content 3.2.25\n"
    66"Report-Msgid-Bugs-To: http://ithemes.com/support/\n"
    7 "POT-Creation-Date: 2026-03-11 16:09:47+00:00\n"
     7"POT-Creation-Date: 2026-03-18 22:45:16+00:00\n"
    88"PO-Revision-Date: 2026-MO-DA HO:MI+ZONE\n"
    99"MIME-Version: 1.0\n"
     
    51545154msgstr ""
    51555155
    5156 #: core/includes/class-rcp-cli.php:396 core/includes/login-functions.php:267
     5156#: core/includes/class-rcp-cli.php:396 core/includes/login-functions.php:271
    51575157#: legacy/includes/forms.php:303
    51585158msgid "Username: %s"
     
    64456445msgstr ""
    64466446
    6447 #: core/includes/login-functions.php:219
     6447#: core/includes/login-functions.php:221
    64486448msgid "Enter a username or e-mail address."
    64496449msgstr ""
    64506450
    6451 #: core/includes/login-functions.php:223 legacy/includes/forms.php:272
     6451#: core/includes/login-functions.php:225 legacy/includes/forms.php:272
    64526452msgid "There is no user registered with that email address."
    64536453msgstr ""
    64546454
    6455 #: core/includes/login-functions.php:235 legacy/includes/forms.php:286
     6455#: core/includes/login-functions.php:237 legacy/includes/forms.php:286
    64566456#: legacy/includes/forms.php:291
    64576457msgid "Invalid username or e-mail."
    64586458msgstr ""
    64596459
    6460 #: core/includes/login-functions.php:265 legacy/includes/forms.php:301
     6460#: core/includes/login-functions.php:269 legacy/includes/forms.php:301
    64616461msgid "Someone requested that the password be reset for the following account:"
    64626462msgstr ""
    64636463
    6464 #: core/includes/login-functions.php:268 legacy/includes/forms.php:304
     6464#: core/includes/login-functions.php:272 legacy/includes/forms.php:304
    64656465msgid "If this was a mistake, just ignore this email and nothing will happen."
    64666466msgstr ""
    64676467
    6468 #: core/includes/login-functions.php:269 legacy/includes/forms.php:305
     6468#: core/includes/login-functions.php:273 legacy/includes/forms.php:305
    64696469msgid "To reset your password, visit the following address:"
    64706470msgstr ""
    64716471
    6472 #: core/includes/login-functions.php:284 legacy/includes/forms.php:322
     6472#: core/includes/login-functions.php:298 legacy/includes/forms.php:322
    64736473msgid "[%s] Password Reset"
    64746474msgstr ""
    64756475
    6476 #: core/includes/login-functions.php:293
     6476#: core/includes/login-functions.php:307
    64776477msgid "The e-mail could not be sent."
    64786478msgstr ""
    64796479
    6480 #: core/includes/login-functions.php:293
     6480#: core/includes/login-functions.php:307
    64816481msgid "Possible reason: your host may have disabled the mail() function."
    64826482msgstr ""
    64836483
    6484 #: core/includes/member-functions.php:469
     6484#: core/includes/member-functions.php:471
    64856485msgid "Please enter a valid email address"
    64866486msgstr ""
    64876487
    6488 #: core/includes/member-functions.php:474
     6488#: core/includes/member-functions.php:476
    64896489msgid "The email you entered belongs to another user. Please use another."
    64906490msgstr ""
    64916491
    6492 #: core/includes/member-functions.php:480
     6492#: core/includes/member-functions.php:482
    64936493msgid "The passwords you entered do not match. Please try again."
    64946494msgstr ""
    64956495
    6496 #: core/includes/member-functions.php:505
     6496#: core/includes/member-functions.php:507
    64976497msgid "There was an error updating your profile. Please try again."
    64986498msgstr ""
    64996499
    6500 #: core/includes/member-functions.php:539
     6500#: core/includes/member-functions.php:543
    65016501msgid "Please enter a password, and confirm it"
    65026502msgstr ""
    65036503
    6504 #: core/includes/member-functions.php:543
     6504#: core/includes/member-functions.php:547
    65056505#: core/includes/registration-functions.php:830 legacy/includes/forms.php:674
    65066506msgid "Passwords do not match"
    65076507msgstr ""
    65086508
    6509 #: core/includes/member-functions.php:918
     6509#: core/includes/member-functions.php:922
    65106510msgid "Recurring charge failed in %s."
    65116511msgstr ""
    65126512
    6513 #: core/includes/member-functions.php:921
     6513#: core/includes/member-functions.php:925
    65146514msgid " Event ID: %s"
    65156515msgstr ""
    65166516
    6517 #: core/includes/member-functions.php:949
     6517#: core/includes/member-functions.php:953
    65186518msgid "%s subscription started."
    65196519msgstr ""
    65206520
    6521 #: core/includes/member-functions.php:954
     6521#: core/includes/member-functions.php:958
    65226522msgid "%s subscription renewed."
    65236523msgstr ""
    65246524
    6525 #: core/includes/member-functions.php:959
     6525#: core/includes/member-functions.php:963
    65266526msgid "Subscription changed from %s to %s."
    65276527msgstr ""

  • restrict-content/tags/3.2.25/legacy/restrictcontent.php

    r3480366 r3486071  
    2222
    2323if ( ! defined( 'RC_PLUGIN_VERSION' ) ) {
    24     define( 'RC_PLUGIN_VERSION', '3.2.24' );
     24    define( 'RC_PLUGIN_VERSION', '3.2.25' );
    2525}
    2626

  • restrict-content/tags/3.2.25/package.json

    r3480366 r3486071  
    11{
    22  "name": "restrict-content",
    3   "version": "3.2.24",
     3  "version": "3.2.25",
    44  "description": "Set up a complete membership system for your WordPress site and deliver premium content to your members. Unlimited membership packages, membership management, discount codes, registration / login forms, and more.",
    55  "homepage": "https://restrictcontentpro.com/",

  • restrict-content/tags/3.2.25/readme.txt

    r3480366 r3486071  
    77Requires PHP: 7.4
    88Tested up to: 6.9
    9 Stable tag: 3.2.24
     9Stable tag: 3.2.25
    1010
    1111Restrict Content is a powerful WordPress membership plugin that gives you full control over who can and cannot view content on your WordPress site.
     
    258258== Changelog ==
    259259
     260= 3.2.25 =
     261* Security: Improved sanitization and validation of member-related POST data.
     262* Fix: Improved redirect URLs sanitization of member-related POST data.
     263
    260264= 3.2.24 =
    261265* Fix: Fixed incorrect date array key in payment import process.

  • restrict-content/tags/3.2.25/restrictcontent.php

    r3480366 r3486071  
    44 * Plugin URI: https://restrictcontentpro.com
    55 * Description: Set up a complete membership system for your WordPress site and deliver premium content to your members. Unlimited membership packages, membership management, discount codes, registration / login forms, and more.
    6  * Version: 3.2.24
     6 * Version: 3.2.25
    77 * Author: StellarWP
    88 * Author URI: https://stellarwp.com/
     
    1919define('RCP_ROOT', plugin_dir_path(__FILE__));
    2020define('RCP_WEB_ROOT', plugin_dir_url(__FILE__));
    21 define('RCF_VERSION', '3.2.24');
     21define('RCF_VERSION', '3.2.25');
    2222
    2323// Load Strauss autoload.
Note: See TracChangeset for help on using the changeset viewer.