Changeset 3253223

Timestamp:

03/10/2025 10:00:33 AM (9 months ago)

Author:

themeum

Message:

Update to version 1.8.14 from GitHub

Location:

qubely

Files:

• tags/1.8.14 (copied) (copied from qubely/trunk)
• tags/1.8.14/core/QUBELY.php (modified) (1 diff)
• tags/1.8.14/qubely.php (modified) (2 diffs)
• tags/1.8.14/readme.txt (modified) (2 diffs)
• trunk/core/QUBELY.php (modified) (1 diff)
• trunk/qubely.php (modified) (2 diffs)
• trunk/readme.txt (modified) (2 diffs)

qubely/tags/1.8.14/core/QUBELY.php

@@ -1172 +1172 @@
     public function qubely_get_content($request)
     {
+
         $params = $request->get_params();
+        $post_id = sanitize_text_field( wp_unslash( $params['postId'] ?? 0 ) );
+
         try {
-            if (isset($params['postId'])) {
+            if ( $post_id ) {
+                if ( current_user_can( 'edit_post', $post_id ) ) {
+                    return [
+                        'success' => true,
+                        'data'    => get_post( $post_id )->post_content,
+                        'message' => 'Get Data Success!!',
+                    ];
+                } else {
+                    return [
+                        'success' => false,
+                        'message' => 'You are not allowed to edit this post',
+                    ];
+                }
+
+            } else {
                 return [
-                    'success' => true,
-                    'data'    => !empty($params['postId']) ? get_post($params['postId'])->post_content : '',
-                    'message' => 'Get Data Success!!',
+                    'success' => false,
+                    'message' => 'Post ID is required',
                 ];
             }

qubely/tags/1.8.14/qubely.php

@@ -4 +4 @@
  * Plugin URI:        https://www.themeum.com/
  * Description:       The one and only Gutenberg block plugin you will ever need.
- * Version:           1.8.13
+ * Version:           1.8.14
  * Author:            Themeum
  * Author URI:        https://www.themeum.com/
@@ -25 +25 @@
 
 // Define Version
-define('QUBELY_VERSION', '1.8.13');
+define('QUBELY_VERSION', '1.8.14');
 
 // Define License

qubely/tags/1.8.14/readme.txt

@@ -5 +5 @@
 Requires at least: 5.3
 Tested up to: 6.7
-Stable tag: 1.8.13
+Stable tag: 1.8.14
 Requires PHP: 7.0
 License: GPL-2.0+
@@ -231 +231 @@
 == Changelog ==
 
+= 1.8.14 =
+Update: Security update to protect `qubely_get_content` from unauthorized access to sensitive post data.
+
 = 1.8.13 =
 Update: Security Update(Prevent Cross-Site Scripting)

qubely/trunk/core/QUBELY.php

@@ -1172 +1172 @@
     public function qubely_get_content($request)
     {
+
         $params = $request->get_params();
+        $post_id = sanitize_text_field( wp_unslash( $params['postId'] ?? 0 ) );
+
         try {
-            if (isset($params['postId'])) {
+            if ( $post_id ) {
+                if ( current_user_can( 'edit_post', $post_id ) ) {
+                    return [
+                        'success' => true,
+                        'data'    => get_post( $post_id )->post_content,
+                        'message' => 'Get Data Success!!',
+                    ];
+                } else {
+                    return [
+                        'success' => false,
+                        'message' => 'You are not allowed to edit this post',
+                    ];
+                }
+
+            } else {
                 return [
-                    'success' => true,
-                    'data'    => !empty($params['postId']) ? get_post($params['postId'])->post_content : '',
-                    'message' => 'Get Data Success!!',
+                    'success' => false,
+                    'message' => 'Post ID is required',
                 ];
             }

qubely/trunk/qubely.php

@@ -4 +4 @@
  * Plugin URI:        https://www.themeum.com/
  * Description:       The one and only Gutenberg block plugin you will ever need.
- * Version:           1.8.13
+ * Version:           1.8.14
  * Author:            Themeum
  * Author URI:        https://www.themeum.com/
@@ -25 +25 @@
 
 // Define Version
-define('QUBELY_VERSION', '1.8.13');
+define('QUBELY_VERSION', '1.8.14');
 
 // Define License

qubely/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 5.3
 Tested up to: 6.7
-Stable tag: 1.8.13
+Stable tag: 1.8.14
 Requires PHP: 7.0
 License: GPL-2.0+
@@ -231 +231 @@
 == Changelog ==
 
+= 1.8.14 =
+Update: Security update to protect `qubely_get_content` from unauthorized access to sensitive post data.
+
 = 1.8.13 =
 Update: Security Update(Prevent Cross-Site Scripting)