Changeset 2984903

Timestamp:

10/27/2023 11:42:09 AM (2 years ago)

Author:

davecpage

Message:

Updated to version 1.6.5

Location:

wp-dxp/trunk

Files:

• README.txt (modified) (2 diffs)
• admin/class-wp-dxp-admin-categories-page.php (modified) (2 diffs)
• admin/class-wp-dxp-admin-rules-page.php (modified) (2 diffs)
• admin/class-wp-dxp-admin.php (modified) (2 diffs)
• admin/css/wp-dxp-admin.css (modified) (1 diff)
• includes/class-wp-dxp-db-manager.php (modified) (1 diff)
• includes/class-wp-dxp.php (modified) (1 diff)
• includes/models/category.php (modified) (1 diff)
• wp-dxp.php (modified) (2 diffs)

wp-dxp/trunk/README.txt

@@ -3 +3 @@
 Tags: personalization, personalisation, gutenberg, digital experience platform, show content, hide content, segmentation, conditions, rules, location
 Requires at least: 6.0.0
-Tested up to: 6.3.2
-Stable tag: 1.6.4
+Tested up to: 6.4
+Stable tag: 1.6.5
 Requires PHP: 7.3
 License: GPLv2 or later
@@ -67 +67 @@
 
 == Changelog ==
+
+= 1.6.5 =
+* Fix: Restore the ability to delete custom categories when there are no attached rules
+* Security: Added extra checks around processing of data in the admin
 
 = 1.6.4 =

wp-dxp/trunk/admin/class-wp-dxp-admin-categories-page.php

@@ -7 +7 @@
     public function process()
     {
+        // Double check for user caps before any possible processing of data.
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
+
         $action = $this->request->get('wp_dxp_action');
         if (!empty($this->request->form())) {
@@ -28 +33 @@
     public function route()
     {
+        // Double check for user caps before any possible processing of data.
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
+
         $action = $this->request->get('wp_dxp_action');
 

wp-dxp/trunk/admin/class-wp-dxp-admin-rules-page.php

@@ -7 +7 @@
     public function process()
     {
+        // Double check for user caps before any possible processing of data.
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
+
         $action = $this->request->get('wp_dxp_action');
         if (!empty($this->request->form())) {
@@ -30 +35 @@
     public function route()
     {
+        // Double check for user caps before any possible processing of data.
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
+
         $action = $this->request->get('wp_dxp_action');
 

wp-dxp/trunk/admin/class-wp-dxp-admin.php

@@ -322 +322 @@
     public function process()
     {
+        // Double check for user caps before any possible processing of data.
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
+
         $request = Wp_Dxp_Request::getInstance();
         $page = $request->get('page', false);
@@ -415 +420 @@
     public function migrateDb()
     {
+        // Double check for user caps before any possible processing of data.
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
+
         Wp_Dxp_DB_Manager::getInstance()->migrate();
     }

wp-dxp/trunk/admin/css/wp-dxp-admin.css

@@ -9240 +9240 @@
   outline: 0;
 }
+#wp-dxp .is-invalid ~ .invalid-feedback {
+  display: block;
+}
 #wp-dxp .rule-message {
   color: red;

wp-dxp/trunk/includes/class-wp-dxp-db-manager.php

@@ -15 +15 @@
     {
         global $wpdb;
+
+        // Double check for user caps before any possible processing of data.
+        if ( ! current_user_can( 'manage_options' ) ) {
+            return;
+        }
 
         if(is_admin()) {

wp-dxp/trunk/includes/class-wp-dxp.php

@@ -203 +203 @@
         $this->loader->add_filter( 'parent_file', $plugin_admin, 'setActiveAdminMenu' );
 
-        $this->loader->add_action( 'init', $plugin_admin, 'migrateDb' );
-
-        $this->loader->add_action( 'init', $plugin_admin, 'process' );
+        // Restrict database changes to only occur within the admin.
+        $this->loader->add_action( 'admin_init', $plugin_admin, 'migrateDb' );
+
+        // Restrict admin processing to running only in the admin.
+        $this->loader->add_action( 'admin_init', $plugin_admin, 'process' );
 
         $this->loader->add_action( 'rest_api_init', $plugin_admin, 'registerApiRoutes');

wp-dxp/trunk/includes/models/category.php

@@ -71 +71 @@
     public function getCanDeleteAttribute()
     {
-        return 0 === $this->rules_count;
+        return empty( $this->getRulesCountAttribute() );
     }
 

wp-dxp/trunk/wp-dxp.php

@@ -5 +5 @@
  * Plugin URI:        https://filter.agency/about/personalizewp/
  * Description:       Use WordPress as a digital experience platform, adding personalization and conditional rules to the content that your users see and can interact with. Compete with commercial enterprise platforms and add your own rules to match user behavior on, then show or hide blocks based on if your conditions are met.
- * Version:           1.6.4
+ * Version:           1.6.5
  * Author:            Filter
  * Author URI:        https://filter.agency
  * Requires at least: 6.0.0
- * Tested up to:      6.3.2
+ * Tested up to:      6.4
  * Requires PHP:      7.3
  * License:           GPL-2.0+
@@ -27 +27 @@
  * Rename this for your plugin and update it as you release new versions.
  */
-define( 'WP_DXP_VERSION', '1.6.4' );
+define( 'WP_DXP_VERSION', '1.6.5' );
 
 /**