WordPress.org
Get WordPress

Plugin Directory

Changeset 3121690


Ignore:
Timestamp:
07/18/2024 06:53:08 PM (19 months ago)
Author:
parorrey
Message:

Updating version 3.9.7

Location:
json-api-user/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • json-api-user/trunk/controllers/User.php

    r3116707 r3121690  
    5252    {
    5353
    54         global $json_api;
     54        global $json_api, $wpdb;
    5555
    5656
     
    182182
    183183        if ($user_id) {
    184             $disallowed = array('wp_user_level', 'wp_capabilities');
     184            $disallowed = array("wp_user_level", "wp_capabilities", "{$wpdb->prefix}user_level", "{$wpdb->prefix}capabilities");
    185185
    186186            if (is_array($_REQUEST['custom_fields'])) {
     
    605605    {
    606606
    607         global $json_api;
     607        global $json_api, $wpdb;
    608608
    609609        if (!$json_api->query->cookie) {
     
    627627            $meta_value = $json_api->query->meta_value;
    628628           
    629             $disallowed = array('wp_user_level', 'wp_capabilities');
    630            
     629        $disallowed = array("wp_user_level", "wp_capabilities", "{$wpdb->prefix}user_level", "{$wpdb->prefix}capabilities");
     630   
    631631            if(in_array($meta_key, $disallowed) ){
    632632                $json_api->error("This meta_key '".$meta_key."' is not allowed.");
     
    686686    {
    687687
    688         global $json_api;
     688        global $json_api, $wpdb;
    689689
    690690        if (!$json_api->query->cookie) {
     
    702702            $json_api->error("You must include one or more vars in your request to add or update as user_meta. e.g. 'name', 'website', 'skills'. You must provide multiple meta_key vars in this format: &name=Ali&website=google.com&description=This is test description. If any field has the possibility to hold more than one value for any multi-select fields or check boxes, you must provide an array of values and use POST method.");
    703703     
    704       $disallowed = array('wp_user_level', 'wp_capabilities');
    705      
     704    $disallowed = array("wp_user_level", "wp_capabilities", "{$wpdb->prefix}user_level", "{$wpdb->prefix}capabilities");
     705 
    706706     
    707707      $result = array();

  • json-api-user/trunk/json-api-user.php

    r3116707 r3121690  
    99  Description: Extends the JSON API for RESTful user registration, authentication, password reset, Facebook Login, user meta and BuddyPress Profile related functions. A Pro version is also available.
    1010
    11   Version: 3.9.6
     11  Version: 3.9.7
    1212
    1313  Author: Ali Qureshi
     
    1919 */
    2020
    21 define('JAU_VERSION', '3.9.6');
     21define('JAU_VERSION', '3.9.7');
    2222
    2323include_once(ABSPATH . 'wp-admin/includes/plugin.php');

  • json-api-user/trunk/readme.txt

    r3116707 r3121690  
    44Tags: json api, RESTful user registration, authentication, RESTful Facebook Login, RESTful User Meta and BuddyPress xProfile
    55Contributors: parorrey
    6 Stable tag: 3.9.6
     6Stable tag: 3.9.7
    77Requires at least: 3.0.1
    88Tested up to: 6.6.0
     
    233233== Changelog ==
    234234
     235= 3.9.7 =
     236* fixed security vulnerabilities
     237
    235238= 3.9.6 =
    236239* fixed security vulnerabilities & for new version of WordPress 6.6
Note: See TracChangeset for help on using the changeset viewer.