From 188b0a522574d919f00b13e55b069f36a0cd0a94 Mon Sep 17 00:00:00 2001 From: Brian Hogg Date: Tue, 9 Jul 2024 10:38:53 -0400 Subject: [PATCH] Release 2.5.5 (#226) * Additional plugin checks and escaping (#225) --- CHANGELOG.md | 8 ++++++++ i18n/lifterlms-blocks.pot | 6 +++--- .../blocks/class-llms-blocks-course-progress-block.php | 4 +--- includes/blocks/class-llms-blocks-php-template-block.php | 5 +---- includes/blocks/class-llms-blocks-pricing-table-block.php | 6 ++---- lifterlms-blocks.php | 4 ++-- package-lock.json | 4 ++-- package.json | 2 +- 8 files changed, 20 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8ceed52..0bb14e0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ LifterLMS Blocks Changelog ========================== +v2.5.5 - 2024-07-09 +------------------- + +##### Security Fixes + ++ Adds additional security checks and escaping. + + v2.5.4 - 2024-04-25 ------------------- diff --git a/i18n/lifterlms-blocks.pot b/i18n/lifterlms-blocks.pot index 937972f4..3e8e3d1c 100644 --- a/i18n/lifterlms-blocks.pot +++ b/i18n/lifterlms-blocks.pot @@ -2,14 +2,14 @@ # This file is distributed under the GPLv3. msgid "" msgstr "" -"Project-Id-Version: LifterLMS Blocks 2.5.4\n" +"Project-Id-Version: LifterLMS Blocks 2.5.5\n" "Report-Msgid-Bugs-To: https://lifterlms.com/my-account/my-tickets\n" "Last-Translator: Team LifterLMS \n" "Language-Team: Team LifterLMS \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"POT-Creation-Date: 2024-04-25T16:55:53+00:00\n" +"POT-Creation-Date: 2024-07-09T14:27:22+00:00\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "X-Generator: llms/dev 0.2.1\n" "X-Domain: lifterlms\n" @@ -56,7 +56,7 @@ msgstr "" msgid "No visible instructors were found." msgstr "" -#: includes/blocks/class-llms-blocks-pricing-table-block.php:94 +#: includes/blocks/class-llms-blocks-pricing-table-block.php:93 msgid "No access plans found." msgstr "" diff --git a/includes/blocks/class-llms-blocks-course-progress-block.php b/includes/blocks/class-llms-blocks-course-progress-block.php index 31541749..a6573cc2 100644 --- a/includes/blocks/class-llms-blocks-course-progress-block.php +++ b/includes/blocks/class-llms-blocks-course-progress-block.php @@ -43,7 +43,6 @@ class LLMS_Blocks_Course_Progress_Block extends LLMS_Blocks_Abstract_Block { public function add_hooks( $attributes = array(), $content = '' ) { add_action( $this->get_render_hook(), array( $this, 'output' ), 10 ); - } /** @@ -83,9 +82,8 @@ public function output( $attributes = array() ) { $block_content = apply_filters( 'llms_blocks_render_course_progress_block', $block_content, $attributes, $this ); if ( $block_content ) { - echo $block_content; + echo wp_kses_post( $block_content ); } - } } diff --git a/includes/blocks/class-llms-blocks-php-template-block.php b/includes/blocks/class-llms-blocks-php-template-block.php index 901c38c3..3c29a2c2 100644 --- a/includes/blocks/class-llms-blocks-php-template-block.php +++ b/includes/blocks/class-llms-blocks-php-template-block.php @@ -63,7 +63,6 @@ class LLMS_Blocks_PHP_Template_Block extends LLMS_Blocks_Abstract_Block { public function add_hooks( $attributes = array(), $content = '' ) { add_action( $this->get_render_hook(), array( $this, 'output' ), 10 ); - } /** @@ -134,11 +133,9 @@ public function output( $attributes = array() ) { $block_content = apply_filters( 'llms_blocks_render_php_template_block', $block_content, $attributes, $templates[ $attributes['template'] ], $this ); if ( $block_content ) { - echo $block_content; + echo wp_kses_post( $block_content ); } - } - } return new LLMS_Blocks_PHP_Template_Block(); diff --git a/includes/blocks/class-llms-blocks-pricing-table-block.php b/includes/blocks/class-llms-blocks-pricing-table-block.php index a47d848c..be02caa6 100644 --- a/includes/blocks/class-llms-blocks-pricing-table-block.php +++ b/includes/blocks/class-llms-blocks-pricing-table-block.php @@ -48,7 +48,6 @@ class LLMS_Blocks_Pricing_Table_Block extends LLMS_Blocks_Abstract_Block { public function add_hooks( $attributes = array(), $content = '' ) { add_action( $this->get_render_hook(), array( $this, 'output' ), 10 ); - } /** @@ -91,7 +90,7 @@ public function output( $attributes = array() ) { if ( $id ) { $product = new LLMS_Product( $id ); if ( ! $product->get_access_plans() ) { - echo '

' . __( 'No access plans found.', 'lifterlms' ) . '

'; + echo '

' . esc_html__( 'No access plans found.', 'lifterlms' ) . '

'; } } @@ -120,9 +119,8 @@ public function output( $attributes = array() ) { remove_filter( 'llms_product_is_purchasable', '__return_true' ); if ( $block_content ) { - echo $block_content; + echo wp_kses_post( $block_content ); } - } } diff --git a/lifterlms-blocks.php b/lifterlms-blocks.php index f6b3ec1d..246cfcc2 100644 --- a/lifterlms-blocks.php +++ b/lifterlms-blocks.php @@ -11,7 +11,7 @@ * Plugin Name: LifterLMS Blocks * Plugin URI: https://github.com/gocodebox/lifterlms-blocks * Description: WordPress Editor (Gutenberg) blocks for LifterLMS. - * Version: 2.5.4 + * Version: 2.5.5 * Author: LifterLMS * Author URI: https://lifterlms.com/ * Text Domain: lifterlms @@ -27,7 +27,7 @@ // Define Constants. if ( ! defined( 'LLMS_BLOCKS_VERSION' ) ) { - define( 'LLMS_BLOCKS_VERSION', '2.5.4' ); + define( 'LLMS_BLOCKS_VERSION', '2.5.5' ); } /** diff --git a/package-lock.json b/package-lock.json index 1533d048..116deb02 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "lifterlms-blocks", - "version": "2.5.4", + "version": "2.5.5", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "lifterlms-blocks", - "version": "2.5.4", + "version": "2.5.5", "dependencies": { "@dnd-kit/core": "^3.1.1", "@dnd-kit/modifiers": "^3.0.0", diff --git a/package.json b/package.json index 8eb649c3..eccbd2fc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "lifterlms-blocks", - "version": "2.5.4", + "version": "2.5.5", "description": "blocks", "author": "LifterLMS", "homepage": "https://lifterlms.com/",