Changeset 3382885
- Timestamp:
- 10/22/2025 07:00:12 PM (5 months ago)
- Location:
- generateblocks
- Files:
-
- 12 edited
- 1 copied
-
tags/2.1.2 (copied) (copied from generateblocks/trunk)
-
tags/2.1.2/includes/class-meta-handler.php (modified) (1 diff)
-
tags/2.1.2/includes/functions.php (modified) (1 diff)
-
tags/2.1.2/includes/general.php (modified) (1 diff)
-
tags/2.1.2/package.json (modified) (1 diff)
-
tags/2.1.2/plugin.php (modified) (2 diffs)
-
tags/2.1.2/readme.txt (modified) (2 diffs)
-
trunk/includes/class-meta-handler.php (modified) (1 diff)
-
trunk/includes/functions.php (modified) (1 diff)
-
trunk/includes/general.php (modified) (1 diff)
-
trunk/package.json (modified) (1 diff)
-
trunk/plugin.php (modified) (2 diffs)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
generateblocks/tags/2.1.2/includes/class-meta-handler.php
r3350576 r3382885 82 82 'methods' => 'GET', 83 83 'callback' => [ $this, 'get_option_rest' ], 84 'permission_callback' => function() { 85 return current_user_can( 'edit_posts' ); 84 'permission_callback' => function( $request ) { 85 // Only allow users who can edit posts to access options. 86 if ( ! current_user_can( 'edit_posts' ) ) { 87 return false; 88 } 89 90 // Admins can access all options. 91 if ( current_user_can( 'manage_options' ) ) { 92 return true; 93 } 94 95 $allowed_keys = apply_filters( 96 'generateblocks_allowed_option_keys_rest_api', 97 [ 98 'siteurl', 99 'blogname', 100 'blogdescription', 101 'home', 102 'time_format', 103 'user_count', 104 ] 105 ); 106 107 if ( ! is_array( $allowed_keys ) ) { 108 return false; 109 } 110 111 $key = $request->get_param( 'key' ) ?? ''; 112 113 if ( ! is_string( $key ) ) { 114 return false; 115 } 116 117 // Allow access to allowed keys. 118 if ( in_array( $key, $allowed_keys, true ) ) { 119 return true; 120 } 121 122 // Fallback: check parent key for dot notation. 123 if ( strpos( $key, '.' ) !== false ) { 124 $parent_key = trim( explode( '.', $key )[0] ); 125 126 if ( '' !== $parent_key && in_array( $parent_key, $allowed_keys, true ) ) { 127 return true; 128 } 129 } 130 131 return false; 86 132 }, 87 133 ] -
generateblocks/tags/2.1.2/includes/functions.php
r3350576 r3382885 2224 2224 ]; 2225 2225 } 2226 2227 /** 2228 * Get ACF option field keys. 2229 * 2230 * @since 2.1.2 2231 * @return array The ACF option field keys. 2232 */ 2233 function generateblocks_get_acf_option_field_keys() { 2234 if ( ! function_exists( 'acf_get_option_meta' ) ) { 2235 return []; 2236 } 2237 2238 $acf_options = acf_get_option_meta( 'options' ); 2239 2240 if ( ! is_array( $acf_options ) || empty( $acf_options ) ) { 2241 return []; 2242 } 2243 2244 $options = array_filter( 2245 $acf_options, 2246 function( $key ) { 2247 // Only allow string keys that don't start with underscore. 2248 return is_string( $key ) && strpos( $key, '_' ) !== 0; 2249 }, 2250 ARRAY_FILTER_USE_KEY 2251 ); 2252 2253 return array_keys( $options ); 2254 } -
generateblocks/tags/2.1.2/includes/general.php
r3288568 r3382885 724 724 return $content; 725 725 } 726 727 add_filter( 'generateblocks_allowed_option_keys_rest_api', 'generateblocks_allow_additional_option_keys_rest_api' ); 728 /** 729 * Allow additional option keys to be accessible via the REST API. 730 * 731 * @param array $allowed_keys Existing allowed keys. 732 */ 733 function generateblocks_allow_additional_option_keys_rest_api( $allowed_keys ) { 734 if ( ! is_array( $allowed_keys ) ) { 735 $allowed_keys = []; 736 } 737 738 $acf_option_keys = generateblocks_get_acf_option_field_keys(); 739 $allowed_keys = array_merge( $allowed_keys, $acf_option_keys ); 740 741 return $allowed_keys; 742 } -
generateblocks/tags/2.1.2/package.json
r3350576 r3382885 1 1 { 2 2 "name": "generateblocks", 3 "version": "2.1. 1",3 "version": "2.1.2", 4 4 "private": true, 5 5 "description": "A small collection of lightweight WordPress blocks that can accomplish nearly anything.", -
generateblocks/tags/2.1.2/plugin.php
r3350576 r3382885 6 6 * Author: Tom Usborne 7 7 * Author URI: https://tomusborne.com 8 * Version: 2.1. 18 * Version: 2.1.2 9 9 * Requires at least: 6.5 10 10 * Requires PHP: 7.2 … … 20 20 } 21 21 22 define( 'GENERATEBLOCKS_VERSION', '2.1. 1' );22 define( 'GENERATEBLOCKS_VERSION', '2.1.2' ); 23 23 define( 'GENERATEBLOCKS_DIR', plugin_dir_path( __FILE__ ) ); 24 24 define( 'GENERATEBLOCKS_DIR_URL', plugin_dir_url( __FILE__ ) ); -
generateblocks/tags/2.1.2/readme.txt
r3350576 r3382885 6 6 Tested up to: 6.8 7 7 Requires PHP: 7.2 8 Stable tag: 2.1. 18 Stable tag: 2.1.2 9 9 License: GPLv2 or later 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 128 128 129 129 == Changelog == 130 131 = 2.1.2 = 132 * Security: Restricted options REST API endpoint access for contributors/editors 130 133 131 134 = 2.1.1 = -
generateblocks/trunk/includes/class-meta-handler.php
r3350576 r3382885 82 82 'methods' => 'GET', 83 83 'callback' => [ $this, 'get_option_rest' ], 84 'permission_callback' => function() { 85 return current_user_can( 'edit_posts' ); 84 'permission_callback' => function( $request ) { 85 // Only allow users who can edit posts to access options. 86 if ( ! current_user_can( 'edit_posts' ) ) { 87 return false; 88 } 89 90 // Admins can access all options. 91 if ( current_user_can( 'manage_options' ) ) { 92 return true; 93 } 94 95 $allowed_keys = apply_filters( 96 'generateblocks_allowed_option_keys_rest_api', 97 [ 98 'siteurl', 99 'blogname', 100 'blogdescription', 101 'home', 102 'time_format', 103 'user_count', 104 ] 105 ); 106 107 if ( ! is_array( $allowed_keys ) ) { 108 return false; 109 } 110 111 $key = $request->get_param( 'key' ) ?? ''; 112 113 if ( ! is_string( $key ) ) { 114 return false; 115 } 116 117 // Allow access to allowed keys. 118 if ( in_array( $key, $allowed_keys, true ) ) { 119 return true; 120 } 121 122 // Fallback: check parent key for dot notation. 123 if ( strpos( $key, '.' ) !== false ) { 124 $parent_key = trim( explode( '.', $key )[0] ); 125 126 if ( '' !== $parent_key && in_array( $parent_key, $allowed_keys, true ) ) { 127 return true; 128 } 129 } 130 131 return false; 86 132 }, 87 133 ] -
generateblocks/trunk/includes/functions.php
r3350576 r3382885 2224 2224 ]; 2225 2225 } 2226 2227 /** 2228 * Get ACF option field keys. 2229 * 2230 * @since 2.1.2 2231 * @return array The ACF option field keys. 2232 */ 2233 function generateblocks_get_acf_option_field_keys() { 2234 if ( ! function_exists( 'acf_get_option_meta' ) ) { 2235 return []; 2236 } 2237 2238 $acf_options = acf_get_option_meta( 'options' ); 2239 2240 if ( ! is_array( $acf_options ) || empty( $acf_options ) ) { 2241 return []; 2242 } 2243 2244 $options = array_filter( 2245 $acf_options, 2246 function( $key ) { 2247 // Only allow string keys that don't start with underscore. 2248 return is_string( $key ) && strpos( $key, '_' ) !== 0; 2249 }, 2250 ARRAY_FILTER_USE_KEY 2251 ); 2252 2253 return array_keys( $options ); 2254 } -
generateblocks/trunk/includes/general.php
r3288568 r3382885 724 724 return $content; 725 725 } 726 727 add_filter( 'generateblocks_allowed_option_keys_rest_api', 'generateblocks_allow_additional_option_keys_rest_api' ); 728 /** 729 * Allow additional option keys to be accessible via the REST API. 730 * 731 * @param array $allowed_keys Existing allowed keys. 732 */ 733 function generateblocks_allow_additional_option_keys_rest_api( $allowed_keys ) { 734 if ( ! is_array( $allowed_keys ) ) { 735 $allowed_keys = []; 736 } 737 738 $acf_option_keys = generateblocks_get_acf_option_field_keys(); 739 $allowed_keys = array_merge( $allowed_keys, $acf_option_keys ); 740 741 return $allowed_keys; 742 } -
generateblocks/trunk/package.json
r3350576 r3382885 1 1 { 2 2 "name": "generateblocks", 3 "version": "2.1. 1",3 "version": "2.1.2", 4 4 "private": true, 5 5 "description": "A small collection of lightweight WordPress blocks that can accomplish nearly anything.", -
generateblocks/trunk/plugin.php
r3350576 r3382885 6 6 * Author: Tom Usborne 7 7 * Author URI: https://tomusborne.com 8 * Version: 2.1. 18 * Version: 2.1.2 9 9 * Requires at least: 6.5 10 10 * Requires PHP: 7.2 … … 20 20 } 21 21 22 define( 'GENERATEBLOCKS_VERSION', '2.1. 1' );22 define( 'GENERATEBLOCKS_VERSION', '2.1.2' ); 23 23 define( 'GENERATEBLOCKS_DIR', plugin_dir_path( __FILE__ ) ); 24 24 define( 'GENERATEBLOCKS_DIR_URL', plugin_dir_url( __FILE__ ) ); -
generateblocks/trunk/readme.txt
r3350576 r3382885 6 6 Tested up to: 6.8 7 7 Requires PHP: 7.2 8 Stable tag: 2.1. 18 Stable tag: 2.1.2 9 9 License: GPLv2 or later 10 10 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 128 128 129 129 == Changelog == 130 131 = 2.1.2 = 132 * Security: Restricted options REST API endpoint access for contributors/editors 130 133 131 134 = 2.1.1 =
Note: See TracChangeset
for help on using the changeset viewer.