Skip to content

Commit

Permalink
Merge pull request #58 from brainstormforce/strengthen-cap-check
Browse files Browse the repository at this point in the history
AST-3502 - Fix: Strengthen the plugin AJAX callback with capability check
  • Loading branch information
imnavanath authored Sep 22, 2023
2 parents 1faf484 + 7fdf267 commit 2c697dc
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 28 deletions.
7 changes: 5 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
**Donate link:** https://www.paypal.me/BrainstormForce
**Tags:** bulk edit Astra meta settings, Astra meta settings, meta settings bulk edit, wordpress bulk edit plugin, page bulk edit, post bulk edit
**Requires at least:** 4.4
**Tested up to:** 6.3.1
**Stable tag:** 1.2.7
**Tested up to:** 6.3
**Stable tag:** 1.2.8
**Requires PHP:** 5.2
**License:** GPLv2 or later
**License URI:** http://www.gnu.org/licenses/gpl-2.0.html
Expand Down Expand Up @@ -61,6 +61,9 @@ Astra Bulk Edit plugin can be used only with the Astra theme.

## Changelog ##

### 1.2.8 ###
- Improved codebase for improved security. (Props - Patchstack)

### 1.2.7 ###
- Improvement: Compatibility with the Latest Astra Revamped Layout Options.

Expand Down
4 changes: 2 additions & 2 deletions astra-bulk-edit.php
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Plugin Name: Astra Bulk Edit
* Plugin URI: http://www.wpastra.com/pro/
* Description: Easier way to edit Astra meta options in bulk.
* Version: 1.2.7
* Version: 1.2.8
* Author: Brainstorm Force
* Author URI: https://www.brainstormforce.com
* Domain Path: /languages
Expand All @@ -19,7 +19,7 @@
/**
* Set constants.
*/
define( 'ASTRA_BLK_VER', '1.2.7' );
define( 'ASTRA_BLK_VER', '1.2.8' );
define( 'ASTRA_BLK_FILE', __FILE__ );
define( 'ASTRA_BLK_BASE', plugin_basename( ASTRA_BLK_FILE ) );
define( 'ASTRA_BLK_DIR', plugin_dir_path( ASTRA_BLK_FILE ) );
Expand Down
43 changes: 22 additions & 21 deletions classes/class-astra-blk-meta-boxes-bulk-edit.php
Original file line number Diff line number Diff line change
Expand Up @@ -260,34 +260,35 @@ public function save_post_bulk_edit() {
$post_meta = self::get_meta_option();

foreach ( $post_ids as $post_id ) {
if ( current_user_can( 'edit_post', $post_id ) ) {
foreach ( $post_meta as $key => $data ) {

foreach ( $post_meta as $key => $data ) {
// Sanitize values.
$sanitize_filter = ( isset( $data['sanitize'] ) ) ? $data['sanitize'] : 'FILTER_DEFAULT';

// Sanitize values.
$sanitize_filter = ( isset( $data['sanitize'] ) ) ? $data['sanitize'] : 'FILTER_DEFAULT';
switch ( $sanitize_filter ) {

switch ( $sanitize_filter ) {
case 'FILTER_SANITIZE_STRING':
$meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_STRING );
break;

case 'FILTER_SANITIZE_STRING':
$meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_STRING );
break;
case 'FILTER_SANITIZE_URL':
$meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_URL );
break;

case 'FILTER_SANITIZE_URL':
$meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_URL );
break;
case 'FILTER_SANITIZE_NUMBER_INT':
$meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_NUMBER_INT );
break;

case 'FILTER_SANITIZE_NUMBER_INT':
$meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_NUMBER_INT );
break;

default:
$meta_value = filter_input( INPUT_POST, $key, FILTER_DEFAULT );
break;
}
default:
$meta_value = filter_input( INPUT_POST, $key, FILTER_DEFAULT );
break;
}

// Store values.
if ( 'no-change' !== $meta_value ) {
update_post_meta( $post_id, $key, $meta_value );
// Store values.
if ( 'no-change' !== $meta_value ) {
update_post_meta( $post_id, $key, $meta_value );
}
}
}
}
Expand Down
6 changes: 5 additions & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@
"scripts": {
"format": "phpcbf --standard=phpcs.xml.dist --report-summary --report-source",
"lint": "phpcs --standard=phpcs.xml.dist --report-summary --report-source"
},
"config": {
"allow-plugins": {
"dealerdirect/phpcodesniffer-composer-installer": true
}
}
}

7 changes: 5 additions & 2 deletions readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ Contributors: brainstormforce
Donate link: https://www.paypal.me/BrainstormForce
Tags: bulk edit Astra meta settings, Astra meta settings, meta settings bulk edit, wordpress bulk edit plugin, page bulk edit, post bulk edit
Requires at least: 4.4
Tested up to: 6.3.1
Stable tag: 1.2.7
Tested up to: 6.3
Stable tag: 1.2.8
Requires PHP: 5.2
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Expand Down Expand Up @@ -61,6 +61,9 @@ Astra Bulk Edit plugin can be used only with the Astra theme.

== Changelog ==

= 1.2.8 =
- Improved codebase for improved security. (Props - Patchstack)

= 1.2.7 =
- Improvement: Compatibility with the Latest Astra Revamped Layout Options.

Expand Down

0 comments on commit 2c697dc

Please sign in to comment.