Changeset 2701591

Timestamp:

03/30/2022 01:13:44 AM (4 years ago)

Author:

upcasted

Message:

Security fix, Plugin rename and path fix for some users.

Location:

upcasted-s3-offload/trunk

Files:

• README.txt (modified) (2 diffs)
• admin/providers/AmazonCloudManipulator.php (modified) (1 diff)
• freemius/includes/class-freemius.php (modified) (4 diffs)
• freemius/includes/managers/class-fs-admin-notice-manager.php (modified) (1 diff)
• freemius/includes/sdk/Exceptions/ArgumentNotExistException.php (modified) (1 diff)
• freemius/includes/sdk/Exceptions/EmptyArgumentException.php (modified) (1 diff)
• freemius/includes/sdk/Exceptions/Exception.php (modified) (1 diff)
• freemius/includes/sdk/Exceptions/InvalidArgumentException.php (modified) (1 diff)
• freemius/includes/sdk/Exceptions/OAuthException.php (modified) (1 diff)
• freemius/includes/sdk/FreemiusBase.php (modified) (1 diff)
• freemius/includes/sdk/FreemiusWordPress.php (modified) (1 diff)
• freemius/require.php (modified) (1 diff)
• freemius/start.php (modified) (1 diff)
• freemius/templates/account/partials/addon.php (modified) (1 diff)
• freemius/templates/ajax-loader.php (modified) (1 diff)
• freemius/templates/debug.php (modified) (4 diffs)
• freemius/templates/firewall-issues-js.php (modified) (2 diffs)
• freemius/templates/partials/network-activation.php (modified) (1 diff)
• freemius/templates/sticky-admin-notice-js.php (modified) (1 diff)
• upcasted-s3-offload.php (modified) (3 diffs)

upcasted-s3-offload/trunk/README.txt

@@ -1 +1 @@
 === AWS S3 for WordPress Plugin - Upcasted ===
 Contributors: upcasted
-Tags: aws s3, s3, aws, amazon s3, media gallery
+Tags: aws s3, s3, minio, amazon s3, digital ocean spaces
 Plugin URI: https://upcasted.com/upcasted-s3-offload
 Author URI: https://upcasted.com/
 Requires at least: 4.9
-Tested up to: 5.9
+Tested up to: 5.9.2
 Requires PHP: 7.0
 Stable tag: trunk
@@ -149 +149 @@
 
 == Changelog ==
+= 3.0.1 =
+* Upgraded: AWS SDK, Guzzle & more
+* Security fix
+* Fix: Image path was wrong for certain users
+
 = 3.0.0 =
 * Upgraded: minimum PHP version to 7.0

upcasted-s3-offload/trunk/admin/providers/AmazonCloudManipulator.php

@@ -135 +135 @@
     {
         $settings = get_option(UPCASTED_S3_OFFLOAD_SETTINGS);
+        if (isset($settings[UPCASTED_S3_OFFLOAD_PROTOCOL], $settings[UPCASTED_S3_OFFLOAD_CUSTOM_DOMAIN])) {
+            return $settings[UPCASTED_S3_OFFLOAD_PROTOCOL] . $settings[UPCASTED_S3_OFFLOAD_CUSTOM_DOMAIN];
+        }
         if (!empty($settings[UPCASTED_CUSTOM_ENDPOINT])) {
             return "https://{$settings[UPCASTED_S3_OFFLOAD_BUCKET]}.{$settings[UPCASTED_CUSTOM_ENDPOINT]}";
         }
-        if (isset($settings[UPCASTED_S3_OFFLOAD_PROTOCOL], $settings[UPCASTED_S3_OFFLOAD_CUSTOM_DOMAIN])) {
-            return $settings[UPCASTED_S3_OFFLOAD_PROTOCOL] . $settings[UPCASTED_S3_OFFLOAD_CUSTOM_DOMAIN];
+        if (!empty($settings[UPCASTED_OFFLOAD_REGION])) {
+            return "https://{$settings[UPCASTED_S3_OFFLOAD_BUCKET]}.s3.{$settings[UPCASTED_OFFLOAD_REGION]}.amazonaws.com";
         }
 

upcasted-s3-offload/trunk/freemius/includes/class-freemius.php

@@ -3551 +3551 @@
          */
         static function _toggle_debug_mode() {
+            check_admin_referer( 'fs_toggle_debug_mode' );
+
             if ( ! is_super_admin() ) {
                 return;
@@ -3572 +3574 @@
          */
         static function _get_debug_log() {
+            check_admin_referer( 'fs_get_debug_log' );
+
+            if ( ! is_super_admin() ) {
+                return;
+            }
+
+            $limit  = min( ! empty( $_POST['limit'] ) ? absint( $_POST['limit'] ) : 200, 200 );
+            $offset = min( ! empty( $_POST['offset'] ) ? absint( $_POST['offset'] ) : 200, 200 );
+
             $logs = FS_Logger::load_db_logs(
                 fs_request_get( 'filters', false, 'post' ),
-                ! empty( $_POST['limit'] ) && is_numeric( $_POST['limit'] ) ? $_POST['limit'] : 200,
-                ! empty( $_POST['offset'] ) && is_numeric( $_POST['offset'] ) ? $_POST['offset'] : 0
+                $limit,
+                $offset
             );
 
@@ -4448 +4459 @@
          */
         function _email_about_firewall_issue() {
+            check_admin_referer( 'fs_resolve_firewall_issues' );
+
+            if ( ! current_user_can( is_multisite() ? 'manage_options' : 'activate_plugins' ) ) {
+                return;
+            }
+
             $this->_admin_notices->remove_sticky( 'failed_connect_api' );
 
@@ -4522 +4539 @@
          */
         function _retry_connectivity_test() {
+            check_admin_referer( 'fs_retry_connectivity_test' );
+
+            if ( ! current_user_can( is_multisite() ? 'manage_options' : 'activate_plugins' ) ) {
+                return;
+            }
+
             $this->_admin_notices->remove_sticky( 'failed_connect_api_first' );
 

upcasted-s3-offload/trunk/freemius/includes/managers/class-fs-admin-notice-manager.php

@@ -176 +176 @@
          */
         function dismiss_notice_ajax_callback() {
-            $this->_sticky_storage->remove( $_POST['message_id'] );
+            check_admin_referer( 'fs_dismiss_notice_action' );
+
+            if ( ! is_numeric( $_POST['message_id'] ) ) {
+                $this->_sticky_storage->remove( $_POST['message_id'] );
+            }
+
             wp_die();
         }

upcasted-s3-offload/trunk/freemius/includes/sdk/Exceptions/ArgumentNotExistException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
         exit;

upcasted-s3-offload/trunk/freemius/includes/sdk/Exceptions/EmptyArgumentException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_InvalidArgumentException' ) ) {
         exit;

upcasted-s3-offload/trunk/freemius/includes/sdk/Exceptions/Exception.php

@@ -1 +1 @@
 <?php
+        if ( ! defined( 'ABSPATH' ) ) {
+            exit;
+        }
+
     if ( ! class_exists( 'Freemius_Exception' ) ) {
         /**

upcasted-s3-offload/trunk/freemius/includes/sdk/Exceptions/InvalidArgumentException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_Exception' ) ) {
         exit;

upcasted-s3-offload/trunk/freemius/includes/sdk/Exceptions/OAuthException.php

@@ -1 +1 @@
 <?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! class_exists( 'Freemius_Exception' ) ) {
         exit;

upcasted-s3-offload/trunk/freemius/includes/sdk/FreemiusBase.php

@@ -16 +16 @@
      */
 
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     if ( ! defined( 'FS_API__VERSION' ) ) {
         define( 'FS_API__VERSION', '1' );

upcasted-s3-offload/trunk/freemius/includes/sdk/FreemiusWordPress.php

@@ -15 +15 @@
      * under the License.
      */
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
 
     require_once dirname( __FILE__ ) . '/FreemiusBase.php';

upcasted-s3-offload/trunk/freemius/require.php

@@ -6 +6 @@
      * @since       1.1.9
      */
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
 
     // Configuration should be loaded first.

upcasted-s3-offload/trunk/freemius/start.php

@@ -16 +16 @@
      * @var string
      */
-    $this_sdk_version = '2.4.2';
+    $this_sdk_version = '2.4.3';
 
     #region SDK Selection Logic --------------------------------------------------------------------

upcasted-s3-offload/trunk/freemius/templates/account/partials/addon.php

@@ -1 +1 @@
 <?php
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     /**
      * @var array    $VARS

upcasted-s3-offload/trunk/freemius/templates/ajax-loader.php

@@ +1 @@
+<?php
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+?>
 <div class="fs-ajax-loader" style="display: none"><?php for ( $i = 1; $i <= 8; $i ++ ) : ?><div class="fs-ajax-loader-bar fs-ajax-loader-bar-<?php echo $i ?>"></div><?php endfor ?></div>

upcasted-s3-offload/trunk/freemius/templates/debug.php

@@ -38 +38 @@
                     $.post( ajaxurl, {
                         action: 'fs_toggle_debug_mode',
+                        // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                        _wpnonce   : <?php echo wp_json_encode( wp_create_nonce( 'fs_toggle_debug_mode' ) ); ?>,
                         is_on : ($(this).hasClass( 'fs-on' ) ? 1 : 0)
                     }, function ( response ) {
@@ -112 +114 @@
                 $.post(ajaxurl, {
                     action     : 'fs_get_db_option',
-                    _wpnonce   : '<?php echo wp_create_nonce( 'fs_get_db_option' ) ?>',
+                    // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                    _wpnonce   : <?php echo wp_json_encode( wp_create_nonce( 'fs_get_db_option' ) ); ?>,
                     option_name: optionName
                 }, function (response) {
@@ -132 +135 @@
                     $.post(ajaxurl, {
                         action      : 'fs_set_db_option',
-                        _wpnonce   : '<?php echo wp_create_nonce( 'fs_set_db_option' ) ?>',
+                        // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                        _wpnonce    : <?php echo wp_json_encode( wp_create_nonce( 'fs_set_db_option' ) ); ?>,
                         option_name : optionName,
                         option_value: optionValue
@@ -725 +729 @@
                 $.post(ajaxurl, {
                     action : 'fs_get_debug_log',
+                    // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                    _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_get_debug_log' ) ); ?>,
                     filters: filters,
                     offset : offset,

upcasted-s3-offload/trunk/freemius/templates/firewall-issues-js.php

@@ -23 +23 @@
                 ajaxActionSuffix = notice.attr( 'data-manager-id' ).replace( ':', '-' );
 
-            var data = {
-                action    : 'fs_resolve_firewall_issues_' + ajaxActionSuffix,
-                error_type: error_type
-            };
+            var data = {
+                action   : 'fs_resolve_firewall_issues_' + ajaxActionSuffix,
+                // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_resolve_firewall_issues' ) ); ?>,
+                error_type: error_type
+            };
 
             if ( 'squid' === error_type ) {
@@ -40 +42 @@
 
             if ( 'retry_ping' === error_type ) {
-                data.action = 'fs_retry_connectivity_test_' + ajaxActionSuffix;
+                data.action   = 'fs_retry_connectivity_test_' + ajaxActionSuffix;
+                // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                data._wpnonce = <?php echo wp_json_encode( wp_create_nonce( 'fs_retry_connectivity_test' ) ); ?>;
             }
 

upcasted-s3-offload/trunk/freemius/templates/partials/network-activation.php

@@ -1 +1 @@
 <?php
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
     /**
      * @var array $VARS

upcasted-s3-offload/trunk/freemius/templates/sticky-admin-notice-js.php

@@ -24 +24 @@
             notice.fadeOut( 'fast', function() {
                 var data = {
-                    action    : 'fs_dismiss_notice_action_' + ajaxActionSuffix,
+                    action   : 'fs_dismiss_notice_action_' + ajaxActionSuffix,
+                    // As such we don't need to use `wp_json_encode` method but using it to follow wp.org guideline.
+                    _wpnonce : <?php echo wp_json_encode( wp_create_nonce( 'fs_dismiss_notice_action' ) ); ?>,
                     message_id: id
                 };

upcasted-s3-offload/trunk/upcasted-s3-offload.php

@@ -3 +3 @@
 /**
  * @wordpress-plugin
- * Plugin Name:       AWS S3 for WordPress Plugin - Upcasted
+ * Plugin Name:       Upcasted S3 Offload - AWS S3, Digital Ocean Spaces, Minio and more
  * Plugin URI:        https://upcasted.com/upcasted-s3-offload
  * Description:       Seamless sync between your WordPress Media Library and AWS S3 now in a top notch WordPress plugin with easy licensing and no limitations.
- * Version:           3.0.0
+ * Version:           3.0.1
  * Author:            Upcasted
  * Author URI:        https://upcasted.com
@@ -68 +68 @@
         require_once dirname( __FILE__ ) . '/vendor/autoload.php';
     }
-    define( 'UPCASTED_S3_OFFLOAD_VERSION', '3.0.0' );
+    define( 'UPCASTED_S3_OFFLOAD_VERSION', '3.0.1' );
     if ( !defined( 'UPCASTED_S3_OFFLOAD_SETTINGS' ) ) {
         define( 'UPCASTED_S3_OFFLOAD_SETTINGS', 'upcasted_s3_offload_settings' );
@@ -96 +96 @@
         define( 'UPCASTED_REMOVE_CLOUD_FILE', 'upcasted_remove_cloud_file' );
     }
-    if ( !defined( 'UPCASTED_S3_OFFLOAD_REGION' ) ) {
-        define( 'UPCASTED_S3_OFFLOAD_REGION', 'upcasted_s3_offload_region' );
+    if ( !defined( 'UPCASTED_OFFLOAD_REGION' ) ) {
+        define( 'UPCASTED_OFFLOAD_REGION', 'upcasted_offload_region' );
     }
     if ( !defined( 'UPCASTED_S3_OFFLOAD_BUCKET' ) ) {