Changeset 3383939

Timestamp:

10/24/2025 10:19:44 AM (7 weeks ago)

Author:

Collizo4sky

Message:

Bumped to 1.1.23.1

Location:

fusewp/trunk

Files:

• changelog.txt (modified) (1 diff)
• fusewp.php (modified) (2 diffs)
• languages/fusewp.pot (modified) (5 diffs)
• readme.txt (modified) (3 diffs)
• src/core/src/Admin/SettingsPage/SyncPage.php (modified) (1 diff)
• src/core/src/Admin/SettingsPage/views/sync/add-edit-sync-rule.php (modified) (1 diff)
• src/core/src/Sync/Sources/AbstractSyncSource.php (modified) (1 diff)

fusewp/trunk/changelog.txt

@@ -1 +1 @@
 == Changelog ==
+
+= 1.1.23.1 =
+* Fixed CSRF issue when saving sync rule.
+* Improved user sync caching.
 
 = 1.1.23.0 =

fusewp/trunk/fusewp.php

@@ -4 +4 @@
  * Plugin URI: https://fusewp.com
  * Description: Connect WordPress to your email marketing software and CRM.
- * Version: 1.1.23.0
+ * Version: 1.1.23.1
  * Author: FuseWP Team
  * Text Domain: fusewp
@@ -16 +16 @@
 
 define('FUSEWP_SYSTEM_FILE_PATH', __FILE__);
-define('FUSEWP_VERSION_NUMBER', '1.1.23.0');
+define('FUSEWP_VERSION_NUMBER', '1.1.23.1');
 
 FuseWP\Core\Core::init();

fusewp/trunk/languages/fusewp.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: FuseWP - Lite 1.1.23.0\n"
+"Project-Id-Version: FuseWP - Lite 1.1.23.1\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/fusewp\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2025-10-03T14:14:17+00:00\n"
+"POT-Creation-Date: 2025-10-24T09:54:38+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.8.1\n"
@@ -553 +553 @@
 #: src/core/src/Admin/SettingsPage/SyncLogList.php:155
 #: src/core/src/Admin/SettingsPage/SyncLogList.php:185
-#: src/core/src/Admin/SettingsPage/SyncPage.php:224
+#: src/core/src/Admin/SettingsPage/SyncPage.php:234
 #: src/core/src/Admin/SettingsPage/views/action.php:48
 #: src/core/src/Admin/SettingsPage/views/sync/sidebar.php:25
@@ -613 +613 @@
 
 #: src/core/src/Admin/SettingsPage/SyncList.php:199
-#: src/core/src/Admin/SettingsPage/SyncPage.php:223
+#: src/core/src/Admin/SettingsPage/SyncPage.php:233
 #: src/core/src/Admin/SettingsPage/views/action.php:47
 msgid "Edit"
@@ -683 +683 @@
 msgstr ""
 
-#: src/core/src/Admin/SettingsPage/SyncPage.php:226
+#: src/core/src/Admin/SettingsPage/SyncPage.php:190
+msgid "You do not have sufficient permissions to access this page."
+msgstr ""
+
+#: src/core/src/Admin/SettingsPage/SyncPage.php:195
+msgid "Security check failed. Please try again."
+msgstr ""
+
+#: src/core/src/Admin/SettingsPage/SyncPage.php:236
 #: src/core/src/Admin/SettingsPage/views/action.php:50
 msgid "New Destination"
 msgstr ""
 
-#: src/core/src/Admin/SettingsPage/SyncPage.php:248
+#: src/core/src/Admin/SettingsPage/SyncPage.php:258
 #: src/core/src/Admin/SettingsPage/views/action.php:72
 msgid "Select Integration"

fusewp/trunk/readme.txt

@@ -6 +6 @@
 Requires PHP: 7.4
 Tested up to: 6.8
-Stable tag: 1.1.23.0
+Stable tag: 1.1.23.1
 License: GPLv2 or later
 
@@ -149 +149 @@
 
 ### Supported Forms, LMS, Ecommerce and Membership Plugins
-WooCommerce, WooCommerce Memberships, WooCommerce Subscriptions, Easy Digital Downloads, MemberPress, Gravity Forms, WPForms, Ninja Forms, Forminator Forms, Fluent Forms, Formidable Forms, Everest Forms, ProfilePress, WP Travel Engine, Paid Memberships Pro, Restrict Content Pro, LearnDash, LifterLMS, Tutor LMS, GiveWP, Academy LMS, MasterStudy LMS, Sensei LMS, Paid Member Subscriptions.
+WooCommerce, WooCommerce Memberships, WooCommerce Subscriptions, Easy Digital Downloads, MemberPress, Gravity Forms, WPForms, Ninja Forms, Forminator Forms, Fluent Forms, Formidable Forms, Everest Forms, SureForms, WS Form, ProfilePress, WP Travel Engine, Paid Memberships Pro, Restrict Content Pro, LearnDash, LifterLMS, Tutor LMS, GiveWP, Academy LMS, MasterStudy LMS, Sensei LMS, FluentCommunity, Paid Member Subscriptions, AffiliateWP, SliceWP.
 
 ### Supported Email Marketing & CRM Integrations
@@ -213 +213 @@
 == Changelog ==
 
+= 1.1.23.1 =
+* Fixed CSRF issue when saving sync rule.
+* Improved user sync caching.
+
 = 1.1.23.0 =
 * Added [SureForms integration](https://fusewp.com/article/sync-sureforms-email-marketing/?ref=changelog).

fusewp/trunk/src/core/src/Admin/SettingsPage/SyncPage.php

@@ -185 +185 @@
 
         if ( ! isset($_POST['fusewp_save_sync_rule'])) return;
+
+        // Security check: Verify user has proper capabilities
+        if ( ! current_user_can('manage_options')) {
+            wp_die(__('You do not have sufficient permissions to access this page.', 'fusewp'));
+        }
+
+        // Security check: Verify nonce for CSRF protection
+        if ( ! isset($_POST['fusewp_sync_nonce']) || ! wp_verify_nonce($_POST['fusewp_sync_nonce'], 'fusewp_save_sync_rule')) {
+            wp_die(__('Security check failed. Please try again.', 'fusewp'));
+        }
 
         // store source with item if item exists and is selected.

fusewp/trunk/src/core/src/Admin/SettingsPage/views/sync/add-edit-sync-rule.php

@@ -82 +82 @@
         <div id="post-body" class="metabox-holder columns-2">
             <form method="post">
+                <?php wp_nonce_field('fusewp_save_sync_rule', 'fusewp_sync_nonce'); ?>
                 <div id="postbox-container-1" class="postbox-container">
                     <?php do_meta_boxes('fusewpsync', 'sidebar', ''); ?>

fusewp/trunk/src/core/src/Sync/Sources/AbstractSyncSource.php

@@ -196 +196 @@
                         $list_id = fusewpVar($destination, $sync_action::EMAIL_LIST_FIELD_ID, '');
 
-                        $bucket_key = md5($sync_action->get_integration_id() . $list_id);
+                        $bucket_key = md5(sprintf('%s:%s:%s:%s', $this->id, $sync_action->get_integration_id(), $list_id, $email_address));
 
                         if ($destination['destination_item'] == 'any') {