Skip to content

Commit 356fcb0

Browse files
committed
Latest cafe changes 5.0.31.p
1 parent 8de7dd7 commit 356fcb0

File tree

9 files changed

+100
-75
lines changed

9 files changed

+100
-75
lines changed

CHANGELOG.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## Releases
88

9+
### [5.0.31]
10+
11+
#### Fixed
12+
- [Add Nonce for Add New State AJAX Requests (#1630)](https://github.com/eventespresso/cafe/pull/1630)
13+
- [PUE Fix - Dont translate plugin data when checking version numbers (#1632)](https://github.com/eventespresso/cafe/pull/1632)
14+
15+
#### Changed
16+
- [BuildMachine 5.0.30 changes (#1629)](https://github.com/eventespresso/cafe/pull/1629)
17+
- [Set the min required WP User integration version number to be 2.1.3 (#1633)](https://github.com/eventespresso/cafe/pull/1633)
18+
919
### [5.0.30]
1020

1121
#### Added
@@ -33,6 +43,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
3343
- [Improve Loco Translate bundle to include both translation filenames (#1626)](https://github.com/eventespresso/cafe/pull/1626)
3444

3545

46+
47+
48+
49+
3650
### [5.0.29]
3751

3852
#### Fixed

admin_pages/general_settings/General_Settings_Admin_Page.core.php

Lines changed: 62 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -107,9 +107,10 @@ protected function _set_page_routes()
107107
],
108108

109109
'update_country_settings' => [
110-
'func' => [$this, '_update_country_settings'],
111-
'capability' => 'manage_options',
112-
'noheader' => true,
110+
'func' => [$this, '_update_country_settings'],
111+
'capability' => 'manage_options',
112+
'noheader' => true,
113+
'require_nonce' => true,
113114
],
114115

115116
'display_country_settings' => [
@@ -119,18 +120,20 @@ protected function _set_page_routes()
119120
],
120121

121122
'add_new_state' => [
122-
'func' => [$this, 'add_new_state'],
123-
'capability' => 'manage_options',
124-
'noheader' => true,
123+
'func' => [$this, 'add_new_state'],
124+
'capability' => 'manage_options',
125+
'noheader' => true,
126+
'require_nonce' => true,
125127
],
126128

127-
'delete_state' => [
128-
'func' => [$this, 'delete_state'],
129-
'capability' => 'manage_options',
130-
'noheader' => true,
129+
'delete_state' => [
130+
'func' => [$this, 'delete_state'],
131+
'capability' => 'manage_options',
132+
'noheader' => true,
133+
'require_nonce' => true,
131134
],
132135

133-
'privacy_settings' => [
136+
'privacy_settings' => [
134137
'func' => [$this, 'privacySettings'],
135138
'capability' => 'manage_options',
136139
],
@@ -921,62 +924,56 @@ public function display_country_states(string $CNT_ISO = '', ?EE_Country $countr
921924
}
922925
}
923926
}
924-
if (is_array($states)) {
925-
foreach ($states as $STA_ID => $state) {
926-
if ($state instanceof EE_State) {
927-
$inputs = EE_Question_Form_Input::generate_question_form_inputs_for_object(
928-
$state,
929-
[
930-
'STA_abbrev' => [
931-
'type' => 'TEXT',
932-
'label' => esc_html__('Code', 'event_espresso'),
933-
'input_name' => "states[$STA_ID]",
934-
'class' => 'ee-input-width--tiny',
935-
'add_mobile_label' => true,
936-
],
937-
'STA_name' => [
938-
'type' => 'TEXT',
939-
'label' => esc_html__('Name', 'event_espresso'),
940-
'input_name' => "states[$STA_ID]",
941-
'class' => 'ee-input-width--big',
942-
'add_mobile_label' => true,
943-
],
944-
'STA_active' => [
945-
'type' => 'RADIO_BTN',
946-
'label' => esc_html__(
947-
'State Appears in Dropdown Select Lists',
948-
'event_espresso'
949-
),
950-
'input_name' => "states[$STA_ID]",
951-
'options' => $this->_yes_no_values,
952-
'use_desc_4_label' => true,
953-
'add_mobile_label' => true,
954-
],
955-
]
956-
);
957-
958-
$delete_state_url = EE_Admin_Page::add_query_args_and_nonce(
959-
[
960-
'action' => 'delete_state',
961-
'STA_ID' => $STA_ID,
962-
'CNT_ISO' => $CNT_ISO,
963-
'STA_abbrev' => $state->abbrev(),
927+
foreach ($states as $STA_ID => $state) {
928+
if ($state instanceof EE_State) {
929+
$inputs = EE_Question_Form_Input::generate_question_form_inputs_for_object(
930+
$state,
931+
[
932+
'STA_abbrev' => [
933+
'type' => 'TEXT',
934+
'label' => esc_html__('Code', 'event_espresso'),
935+
'input_name' => "states[$STA_ID]",
936+
'class' => 'ee-input-width--tiny',
937+
'add_mobile_label' => true,
964938
],
965-
GEN_SET_ADMIN_URL
966-
);
939+
'STA_name' => [
940+
'type' => 'TEXT',
941+
'label' => esc_html__('Name', 'event_espresso'),
942+
'input_name' => "states[$STA_ID]",
943+
'class' => 'ee-input-width--big',
944+
'add_mobile_label' => true,
945+
],
946+
'STA_active' => [
947+
'type' => 'RADIO_BTN',
948+
'label' => esc_html__(
949+
'State Appears in Dropdown Select Lists',
950+
'event_espresso'
951+
),
952+
'input_name' => "states[$STA_ID]",
953+
'options' => $this->_yes_no_values,
954+
'use_desc_4_label' => true,
955+
'add_mobile_label' => true,
956+
],
957+
]
958+
);
967959

968-
$this->_template_args['states'][ $STA_ID ]['inputs'] = $inputs;
969-
$this->_template_args['states'][ $STA_ID ]['delete_state_url'] = $delete_state_url;
970-
}
960+
$delete_state_url = EE_Admin_Page::add_query_args_and_nonce(
961+
[
962+
'action' => 'delete_state',
963+
'STA_ID' => $STA_ID,
964+
'CNT_ISO' => $CNT_ISO,
965+
'STA_abbrev' => $state->abbrev(),
966+
],
967+
GEN_SET_ADMIN_URL
968+
);
969+
970+
$this->_template_args['states'][ $STA_ID ]['inputs'] = $inputs;
971+
$this->_template_args['states'][ $STA_ID ]['delete_state_url'] = $delete_state_url;
971972
}
972-
} else {
973-
$this->_template_args['states'] = false;
974973
}
975974

976-
$this->_template_args['add_new_state_url'] = EE_Admin_Page::add_query_args_and_nonce(
977-
['action' => 'add_new_state'],
978-
GEN_SET_ADMIN_URL
979-
);
975+
$this->_template_args['add_new_state_nonce'] = wp_create_nonce('espresso_add_new_state');
976+
$this->_template_args['delete_state_nonce'] = wp_create_nonce('espresso_delete_state');
980977

981978
$state_details_settings = EEH_Template::display_template(
982979
GEN_SET_TEMPLATE_PATH . 'state_details_settings.template.php',
@@ -1009,6 +1006,8 @@ public function display_country_states(string $CNT_ISO = '', ?EE_Country $countr
10091006
*/
10101007
public function add_new_state()
10111008
{
1009+
$this->_verify_nonce();
1010+
// add_new_state_nonce
10121011
if (! $this->capabilities->current_user_can('manage_options', __FUNCTION__)) {
10131012
wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
10141013
}
@@ -1080,6 +1079,7 @@ public function add_new_state()
10801079
*/
10811080
public function delete_state()
10821081
{
1082+
$this->_verify_nonce();
10831083
if (! $this->capabilities->current_user_can('manage_options', __FUNCTION__)) {
10841084
wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
10851085
}

admin_pages/general_settings/assets/gen_settings_countries.js

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -215,12 +215,13 @@ jQuery(document).ready(function($) {
215215
*/
216216
add_new_state : function () {
217217
// post data to be sent
218-
var formData = {
218+
const formData = {
219219
page: 'espresso_general_settings',
220220
action: 'espresso_add_new_state',
221221
CNT_ISO: $('#country').val(),
222222
STA_abbrev: $('#STA_abbrev-XXX').val(),
223223
STA_name: $('#STA_name-XXX').val(),
224+
espresso_add_new_state_nonce: $('#add_new_state_nonce').val(),
224225
ee_admin_ajax: true,
225226
noheader : 'true'
226227
};
@@ -237,7 +238,11 @@ jQuery(document).ready(function($) {
237238
//console.log(response);
238239
if ( typeof response.errors !== 'undefined' && response.errors !== '' ) {
239240
show_admin_page_ajax_msg( response );
240-
} else if ( typeof(response.return_data) !== 'undefined' && response.return_data !== false && response.return_data !== null ) {
241+
} else if (
242+
typeof(response.return_data) !== 'undefined'
243+
&& response.return_data !== false
244+
&& response.return_data !== null
245+
) {
241246
EE_CNT_STA.get_country_states( response.return_data );
242247
show_admin_page_ajax_msg( response );
243248
} else {
@@ -279,6 +284,7 @@ jQuery(document).ready(function($) {
279284
CNT_ISO: CNT_ISO,
280285
STA_ID: STA_ID,
281286
STA_abbrev: STA_abbrev,
287+
espresso_delete_state_nonce: $('#delete_state_nonce').val(),
282288
ee_admin_ajax : true,
283289
noheader : 'true'
284290
};
@@ -319,4 +325,4 @@ jQuery(document).ready(function($) {
319325

320326
EE_CNT_STA.init();
321327

322-
});
328+
});

admin_pages/general_settings/templates/state_details_settings.template.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
<?php
22
/**
33
* @var string[][] $states
4+
* @var string $add_new_state_nonce
5+
* @var string $delete_state_nonce
46
*/
57
?>
68

@@ -34,6 +36,7 @@ class="button button--secondary button--icon-only delete-state-lnk"
3436
>
3537
<span class="dashicons dashicons-post-trash"></span>
3638
</a>
39+
<input type="hidden" id="delete_state_nonce" name="espresso_delete_state" value="<?php echo esc_attr($delete_state_nonce); ?>">
3740
</td>
3841
</tr>
3942
<?php
@@ -85,6 +88,7 @@ class="STA_name ee-input-width--big"
8588
title=""
8689
value=""
8790
/>
91+
<input type="hidden" id="add_new_state_nonce" name="espresso_add_new_state_nonce" value="<?php echo esc_attr($add_new_state_nonce); ?>">
8892
</td>
8993
</tr>
9094
<tr>

caffeinated/admin/extend/registrations/Extend_Registrations_Admin_Page.core.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -299,9 +299,9 @@ public function get_newsletter_form_content()
299299
wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
300300
}
301301
// do a nonce check because we're not coming in from a normal route here.
302-
$nonce = isset($this->_req_data['get_newsletter_form_content_nonce']) ? sanitize_text_field(
303-
$this->_req_data['get_newsletter_form_content_nonce']
304-
) : '';
302+
$nonce = isset($this->_req_data['get_newsletter_form_content_nonce'])
303+
? sanitize_text_field($this->_req_data['get_newsletter_form_content_nonce'])
304+
: '';
305305
$nonce_ref = 'get_newsletter_form_content_nonce';
306306
$this->_verify_nonce($nonce, $nonce_ref);
307307
// let's get the mtp for the incoming MTP_ ID

core/admin/EE_Admin_Page.core.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1042,8 +1042,10 @@ protected function _verify_route(string $route): bool
10421042
* @throws InvalidDataTypeException
10431043
* @throws InvalidInterfaceException
10441044
*/
1045-
protected function _verify_nonce(string $nonce, string $nonce_ref)
1045+
protected function _verify_nonce(string $nonce = '', string $nonce_ref = '')
10461046
{
1047+
$nonce = $nonce ?: $this->request->getRequestParam($this->_req_nonce, '');
1048+
$nonce_ref = $nonce_ref ?: $this->_req_action;
10471049
// verify nonce against expected value
10481050
if (! wp_verify_nonce($nonce, $nonce_ref)) {
10491051
// these are not the droids you are looking for !!!

core/libraries/plugin_api/EE_Register_Addon.lib.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ class EE_Register_Addon implements EEI_Plugin_API
5252
protected static $_incompatible_addons = [
5353
'Multi_Event_Registration' => '2.0.11.rc.002',
5454
'Promotions' => '1.0.0.rc.084',
55+
'EE_WPUsers' => '2.1.3.p',
5556
];
5657

5758
/**

core/third_party_libs/pue/pue-client.php

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1717,12 +1717,10 @@ public function dashboard_dismiss_upgrade()
17171717
*/
17181718
private function getInstalledVersion()
17191719
{
1720-
if (function_exists('get_plugin_data')) {
1721-
$plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile);
1722-
} else {
1720+
if (! function_exists('get_plugin_data')) {
17231721
require_once(ABSPATH . 'wp-admin/includes/plugin.php');
1724-
$plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile);
17251722
}
1723+
$plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile, true, false);
17261724
if (! empty($plugin_data)) {
17271725
$this->pluginName = $plugin_data['Name'];
17281726
$this->lang_domain = empty($this->lang_domain)

espresso.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
Plugin Name: Event Espresso
44
Plugin URI: https://eventespresso.com/pricing/?ee_ver=ee4&utm_source=ee4_plugin_admin&utm_medium=link&utm_campaign=wordpress_plugins_page&utm_content=support_link
55
Description: Manage events, sell tickets, and receive payments from your WordPress website. Reduce event administration time, cut-out ticketing fees, and own your customer data. | <a href="https://eventespresso.com/add-ons/?utm_source=plugin_activation_screen&utm_medium=link&utm_campaign=plugin_description">Extensions</a> | <a href="https://eventespresso.com/pricing/?utm_source=plugin_activation_screen&utm_medium=link&utm_campaign=plugin_description">Sales</a> | <a href="admin.php?page=espresso_support">Support</a>
6-
Version: 5.0.31.rc.000
6+
Version: 5.0.31.rc.004
77
Author: Event Espresso
88
Author URI: https://eventespresso.com/?ee_ver=ee4&utm_source=ee4_plugin_admin&utm_medium=link&utm_campaign=wordpress_plugins_page&utm_content=support_link
99
License: GPLv3
@@ -104,7 +104,7 @@ function espresso_minimum_php_version_error()
104104
*/
105105
function espresso_version(): string
106106
{
107-
return apply_filters('FHEE__espresso__espresso_version', '5.0.31.rc.000');
107+
return apply_filters('FHEE__espresso__espresso_version', '5.0.31.rc.004');
108108
}
109109

110110
/**

0 commit comments

Comments
 (0)