Changeset 3443154

Timestamp:

01/20/2026 10:46:59 AM (4 weeks ago)

Author:

jorgegl

Message:

Version 2.0.1: Full cleanup. Removed Freemius files from repository and fixed security issues.

Location:

smartmetadesc

Files:

• tags/2.0.0/README.md (deleted)
• tags/2.0.0/vendor (deleted)
• tags/2.0.1 (copied) (copied from smartmetadesc/trunk)
• tags/2.0.1/assets/css/mittsfcsmd_admin.css (copied) (copied from smartmetadesc/trunk/assets/css/mittsfcsmd_admin.css)
• tags/2.0.1/assets/js/mittsfcsmd_admin.js (copied) (copied from smartmetadesc/trunk/assets/js/mittsfcsmd_admin.js)
• tags/2.0.1/assets/js/mittsfcsmd_column.js (copied) (copied from smartmetadesc/trunk/assets/js/mittsfcsmd_column.js)
• tags/2.0.1/assets/screenshot-1.png (copied) (copied from smartmetadesc/trunk/assets/screenshot-1.png)
• tags/2.0.1/assets/screenshot-2.png (copied) (copied from smartmetadesc/trunk/assets/screenshot-2.png)
• tags/2.0.1/languages/smartmetadesc-en_US.po (copied) (copied from smartmetadesc/trunk/languages/smartmetadesc-en_US.po)
• tags/2.0.1/languages/smartmetadesc-es_ES.mo (deleted)
• tags/2.0.1/languages/smartmetadesc-es_ES.po (deleted)
• tags/2.0.1/languages/smartmetadesc.pot (copied) (copied from smartmetadesc/trunk/languages/smartmetadesc.pot)
• tags/2.0.1/readme.txt (copied) (copied from smartmetadesc/trunk/readme.txt) (2 diffs)
• tags/2.0.1/smartmetadesc.php (copied) (copied from smartmetadesc/trunk/smartmetadesc.php) (4 diffs)
• tags/2.0.1/vendor/freemius (deleted)
• trunk/readme.txt (modified) (2 diffs)
• trunk/smartmetadesc.php (modified) (4 diffs)

smartmetadesc/tags/2.0.1/readme.txt

@@ -4 +4 @@
 Requires at least: 4.7
 Tested up to: 6.9
-Stable tag: 2.0.0
+Stable tag: 2.0.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -51 +51 @@
 == Changelog ==
 
+= 2.0.1 =
+* Fixed sanitization and escaping issues (Security hardening).
+* Removed discouraged load_plugin_textdomain() call.
+* Improved REST API and AJAX nonce verification.
+
 = 2.0.0 =
 * Major Release: Complete code refactor.

smartmetadesc/tags/2.0.1/smartmetadesc.php

@@ -3 +3 @@
 Plugin Name: Smart Meta Desc
 Description: Show a list of posts without a meta description and allow writing or generating them based on their content using AI.
-Version: 2.0.0
+Version: 2.0.1
 Author: Mitts For Code
 Author URI: https://mittsforcode.es
@@ -81 +81 @@
 
 /**
- * Carga de traducciones
- */
-add_action( 'plugins_loaded', 'mittsfcsmd_load_textdomain' );
-function mittsfcsmd_load_textdomain() {
-    load_plugin_textdomain( 'smartmetadesc', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' );
-}
-
-/**
  * Menú de ajustes
  */
@@ -236 +228 @@
         'callback'            => 'mittsfcsmd_save_meta_descripcion',
         'permission_callback' => function () {
-            $nonce = isset( $_SERVER['HTTP_X_WP_NONCE'] ) ? sanitize_text_field( $_SERVER['HTTP_X_WP_NONCE'] ) : '';
+            $nonce = isset( $_SERVER['HTTP_X_WP_NONCE'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_WP_NONCE'] ) ) : '';
             if ( !wp_verify_nonce( $nonce, 'wp_rest' ) ) {
                 return new WP_Error('rest_forbidden', __( 'Nonce invalid.', 'smartmetadesc' ), array('status' => 403));
@@ -294 +286 @@
 add_action( 'wp_ajax_mittsfcsmd_save_meta_desc', 'mittsfcsmd_save_meta_desc_ajax' );
 function mittsfcsmd_save_meta_desc_ajax() {
-    $nonce = isset($_POST['nonce']) ? sanitize_text_field( $_POST['nonce'] ) : '';
+    $nonce = isset($_POST['nonce']) ? sanitize_text_field( wp_unslash( $_POST['nonce'] ) ) : '';
     if ( !wp_verify_nonce( $nonce, 'mittsfcsmd_nonce' ) || !current_user_can( 'edit_posts' ) ) {
         wp_send_json_error( __( 'Permission denied.', 'smartmetadesc' ) );

smartmetadesc/trunk/readme.txt

@@ -4 +4 @@
 Requires at least: 4.7
 Tested up to: 6.9
-Stable tag: 2.0.0
+Stable tag: 2.0.1
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -51 +51 @@
 == Changelog ==
 
+= 2.0.1 =
+* Fixed sanitization and escaping issues (Security hardening).
+* Removed discouraged load_plugin_textdomain() call.
+* Improved REST API and AJAX nonce verification.
+
 = 2.0.0 =
 * Major Release: Complete code refactor.

smartmetadesc/trunk/smartmetadesc.php

@@ -3 +3 @@
 Plugin Name: Smart Meta Desc
 Description: Show a list of posts without a meta description and allow writing or generating them based on their content using AI.
-Version: 2.0.0
+Version: 2.0.1
 Author: Mitts For Code
 Author URI: https://mittsforcode.es
@@ -81 +81 @@
 
 /**
- * Carga de traducciones
- */
-add_action( 'plugins_loaded', 'mittsfcsmd_load_textdomain' );
-function mittsfcsmd_load_textdomain() {
-    load_plugin_textdomain( 'smartmetadesc', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/' );
-}
-
-/**
  * Menú de ajustes
  */
@@ -236 +228 @@
         'callback'            => 'mittsfcsmd_save_meta_descripcion',
         'permission_callback' => function () {
-            $nonce = isset( $_SERVER['HTTP_X_WP_NONCE'] ) ? sanitize_text_field( $_SERVER['HTTP_X_WP_NONCE'] ) : '';
+            $nonce = isset( $_SERVER['HTTP_X_WP_NONCE'] ) ? sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_WP_NONCE'] ) ) : '';
             if ( !wp_verify_nonce( $nonce, 'wp_rest' ) ) {
                 return new WP_Error('rest_forbidden', __( 'Nonce invalid.', 'smartmetadesc' ), array('status' => 403));
@@ -294 +286 @@
 add_action( 'wp_ajax_mittsfcsmd_save_meta_desc', 'mittsfcsmd_save_meta_desc_ajax' );
 function mittsfcsmd_save_meta_desc_ajax() {
-    $nonce = isset($_POST['nonce']) ? sanitize_text_field( $_POST['nonce'] ) : '';
+    $nonce = isset($_POST['nonce']) ? sanitize_text_field( wp_unslash( $_POST['nonce'] ) ) : '';
     if ( !wp_verify_nonce( $nonce, 'mittsfcsmd_nonce' ) || !current_user_can( 'edit_posts' ) ) {
         wp_send_json_error( __( 'Permission denied.', 'smartmetadesc' ) );