diff --git a/README.md b/README.md index bfd3cca..e1cd54a 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ **Donate link:** https://www.paypal.me/BrainstormForce **Tags:** bulk edit Astra meta settings, Astra meta settings, meta settings bulk edit, wordpress bulk edit plugin, page bulk edit, post bulk edit **Requires at least:** 4.4 -**Tested up to:** 6.3.1 -**Stable tag:** 1.2.7 +**Tested up to:** 6.3 +**Stable tag:** 1.2.8 **Requires PHP:** 5.2 **License:** GPLv2 or later **License URI:** http://www.gnu.org/licenses/gpl-2.0.html @@ -61,6 +61,9 @@ Astra Bulk Edit plugin can be used only with the Astra theme. ## Changelog ## +### 1.2.8 ### +- Improved codebase for improved security. (Props - Patchstack) + ### 1.2.7 ### - Improvement: Compatibility with the Latest Astra Revamped Layout Options. diff --git a/astra-bulk-edit.php b/astra-bulk-edit.php index 2df05b6..40343f6 100644 --- a/astra-bulk-edit.php +++ b/astra-bulk-edit.php @@ -3,7 +3,7 @@ * Plugin Name: Astra Bulk Edit * Plugin URI: http://www.wpastra.com/pro/ * Description: Easier way to edit Astra meta options in bulk. - * Version: 1.2.7 + * Version: 1.2.8 * Author: Brainstorm Force * Author URI: https://www.brainstormforce.com * Domain Path: /languages @@ -19,7 +19,7 @@ /** * Set constants. */ -define( 'ASTRA_BLK_VER', '1.2.7' ); +define( 'ASTRA_BLK_VER', '1.2.8' ); define( 'ASTRA_BLK_FILE', __FILE__ ); define( 'ASTRA_BLK_BASE', plugin_basename( ASTRA_BLK_FILE ) ); define( 'ASTRA_BLK_DIR', plugin_dir_path( ASTRA_BLK_FILE ) ); diff --git a/classes/class-astra-blk-meta-boxes-bulk-edit.php b/classes/class-astra-blk-meta-boxes-bulk-edit.php index 526da8f..037d260 100644 --- a/classes/class-astra-blk-meta-boxes-bulk-edit.php +++ b/classes/class-astra-blk-meta-boxes-bulk-edit.php @@ -260,34 +260,35 @@ public function save_post_bulk_edit() { $post_meta = self::get_meta_option(); foreach ( $post_ids as $post_id ) { + if ( current_user_can( 'edit_post', $post_id ) ) { + foreach ( $post_meta as $key => $data ) { - foreach ( $post_meta as $key => $data ) { + // Sanitize values. + $sanitize_filter = ( isset( $data['sanitize'] ) ) ? $data['sanitize'] : 'FILTER_DEFAULT'; - // Sanitize values. - $sanitize_filter = ( isset( $data['sanitize'] ) ) ? $data['sanitize'] : 'FILTER_DEFAULT'; + switch ( $sanitize_filter ) { - switch ( $sanitize_filter ) { + case 'FILTER_SANITIZE_STRING': + $meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_STRING ); + break; - case 'FILTER_SANITIZE_STRING': - $meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_STRING ); - break; + case 'FILTER_SANITIZE_URL': + $meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_URL ); + break; - case 'FILTER_SANITIZE_URL': - $meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_URL ); - break; + case 'FILTER_SANITIZE_NUMBER_INT': + $meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_NUMBER_INT ); + break; - case 'FILTER_SANITIZE_NUMBER_INT': - $meta_value = filter_input( INPUT_POST, $key, FILTER_SANITIZE_NUMBER_INT ); - break; - - default: - $meta_value = filter_input( INPUT_POST, $key, FILTER_DEFAULT ); - break; - } + default: + $meta_value = filter_input( INPUT_POST, $key, FILTER_DEFAULT ); + break; + } - // Store values. - if ( 'no-change' !== $meta_value ) { - update_post_meta( $post_id, $key, $meta_value ); + // Store values. + if ( 'no-change' !== $meta_value ) { + update_post_meta( $post_id, $key, $meta_value ); + } } } } diff --git a/composer.json b/composer.json index a1c8ece..463307d 100644 --- a/composer.json +++ b/composer.json @@ -9,6 +9,10 @@ "scripts": { "format": "phpcbf --standard=phpcs.xml.dist --report-summary --report-source", "lint": "phpcs --standard=phpcs.xml.dist --report-summary --report-source" + }, + "config": { + "allow-plugins": { + "dealerdirect/phpcodesniffer-composer-installer": true + } } } - \ No newline at end of file diff --git a/readme.txt b/readme.txt index 3b673c4..cf40e57 100644 --- a/readme.txt +++ b/readme.txt @@ -3,8 +3,8 @@ Contributors: brainstormforce Donate link: https://www.paypal.me/BrainstormForce Tags: bulk edit Astra meta settings, Astra meta settings, meta settings bulk edit, wordpress bulk edit plugin, page bulk edit, post bulk edit Requires at least: 4.4 -Tested up to: 6.3.1 -Stable tag: 1.2.7 +Tested up to: 6.3 +Stable tag: 1.2.8 Requires PHP: 5.2 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -61,6 +61,9 @@ Astra Bulk Edit plugin can be used only with the Astra theme. == Changelog == += 1.2.8 = +- Improved codebase for improved security. (Props - Patchstack) + = 1.2.7 = - Improvement: Compatibility with the Latest Astra Revamped Layout Options.