Changeset 3348751

Timestamp:

08/22/2025 05:25:22 PM (6 months ago)

Author:

xpro

Message:

V 1.2.10 - 22 August 2025

• Fix: Resolved issue related to Access Control.

Location:

xpro-theme-builder/trunk

Files:

• admin/class-xpro-rest-api.php (modified) (1 diff)
• changelog.txt (modified) (1 diff)
• readme.txt (modified) (2 diffs)
• xpro-theme-builder.php (modified) (1 diff)

xpro-theme-builder/trunk/admin/class-xpro-rest-api.php

@@ -530 +530 @@
      * @return boolean
      */
-    public static function check_permission() {
-        return current_user_can( 'edit_posts' );
-    }
+    // public static function check_permission() {
+    //  return current_user_can( 'edit_posts' );
+    // }
+
+    /**
+     * Checks permission.
+     *
+     * @param WP_REST_Request $request The request.
+     *
+     * @return boolean|WP_Error
+     */
+    public static function check_permission( $request ) {
+        $route = $request->get_route();
+        
+        if ( strpos( $route, 'create-post' ) !== false ) {
+            return current_user_can( 'publish_posts' );
+        }
+
+        if ( strpos( $route, 'update-post' ) !== false || strpos( $route, 'delete-post' ) !== false ) {
+            $post_id = (int) $request['id'];
+            $post    = get_post( $post_id );
+            if ( ! $post ) {
+                return new WP_Error( 'rest_post_invalid', __( 'Invalid post.' ), array( 'status' => 404 ) );
+            }
+
+            $allowed_types = array( 'post', 'page' );
+            if ( ! in_array( $post->post_type, $allowed_types, true ) ) {
+                return new WP_Error( 'rest_forbidden', __( 'Post type not allowed.' ), array( 'status' => 403 ) );
+            }
+
+            if ( $post->post_author != get_current_user_id() && ! current_user_can( 'edit_others_posts' ) ) {
+                return new WP_Error( 'rest_forbidden', __( 'Dilshad is testing not deleted or edit' ), array( 'status' => 403 ) );
+            }
+
+            return true;
+        }
+
+        if ( strpos( $route, 'update-settings' ) !== false ) {
+            return current_user_can( 'manage_options' );
+        }
+
+        return new WP_Error( 'rest_forbidden', __( 'Invalid permission.' ), array( 'status' => 403 ) );
+    }
 }
 

xpro-theme-builder/trunk/changelog.txt

@@ +1 @@
+= V 1.2.10 - 22 August 2025 =
+
+- Fix: Resolved issue related to Access Control.
+
+
 = V 1.2.9 - 09 July 2025 =
 

xpro-theme-builder/trunk/readme.txt

@@ -1 +1 @@
 === Xpro Theme Builder For Elementor - FREE ===
 Plugin Name: Xpro Theme Builder For Elementor - FREE
-Version: 1.2.9
+Version: 1.2.10
 Contributors: Xpro
 Tags: elementor, theme builder, header footer builder, sticky header, free theme builder
 Requires at least: 5.0
-Tested up to: 6.8.1
+Tested up to: 6.8.2
 Stable tag: trunk
 Requires PHP: 7.0
@@ -290 +290 @@
 == Changelog ==
 
+= V 1.2.10 - 22 August 2025 =
+
+- Fix: Resolved issue related to Access Control.
+
+
 = V 1.2.9 - 09 July 2025 =
 

xpro-theme-builder/trunk/xpro-theme-builder.php

@@ -6 +6 @@
  * Author:      Xpro
  * Author URI:  https://www.wpxpro.com/
- * Version:     1.2.9
+ * Version:     1.2.10
  * Developer:   Xpro Team
  * Text Domain: xpro-theme-builder
- * Elementor tested up to: 3.30.1
+ * Elementor tested up to: 3.31.2
  *
  * @package xpro-theme-builder
  */
 
-define( 'XPRO_THEME_BUILDER_VER', '1.2.9' );
+define( 'XPRO_THEME_BUILDER_VER', '1.2.10' );
 define( 'XPRO_THEME_BUILDER_FILE', __FILE__ );
 define( 'XPRO_THEME_BUILDER_BASE', plugin_basename( __FILE__ ) );