Skip to content

Commit

Permalink
New version: 5.3.2
Browse files Browse the repository at this point in the history
  • Loading branch information
oleksandr-mykhailenko committed Jan 4, 2023
1 parent f77371f commit 6064db2
Show file tree
Hide file tree
Showing 8 changed files with 20 additions and 14 deletions.
5 changes: 4 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
- Tags: email, marketing, signup, newsletter, widget, smtp, woocommerce, contact form 7
- Requires at least: 4.4
- Tested up to: 6.1.1
- Stable tag: 5.3.1
- Stable tag: 5.3.2
- Requires PHP: 5.6
- License: GPLv2 or later
- License URI: http://www.gnu.org/licenses/gpl-2.0.html
Expand Down Expand Up @@ -205,6 +205,9 @@ find vendor/ -type d -name ".git" -exec rm -rf {} \;
7. Configure abandoned cart notifications for WooCommerce

## Changelog
##### 5.3.2
* Fixed security issues according to plugin scanning. Sanitized some input args.

##### 5.3.1
* Fixed security issues according to plugin scanning. Added escaping for shown strings.

Expand Down
5 changes: 4 additions & 1 deletion readme.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Contributors: Mailjet
Tags: email, marketing, signup, newsletter, widget, smtp, woocommerce, contact form 7
Requires at least: 4.4
Tested up to: 6.1.1
Stable tag: 5.3.1
Stable tag: 5.3.2
Requires PHP: 5.6
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Expand Down Expand Up @@ -196,6 +196,9 @@ find vendor/ -type d -name ".git" -exec rm -rf {} \;
7. Configure abandoned cart notifications for WooCommerce

== Upgrade notice ==
= 5.3.2 =
* Fixed security issues according to plugin scanning. Sanitized some input args.

= 5.3.1 =
* Fixed security issues according to plugin scanning. Added escaping for shown strings.

Expand Down
2 changes: 1 addition & 1 deletion src/includes/MailjetSettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,7 @@ public static function redirectJs($urlToRedirect)
?>';
</script>
<?php
echo '<META HTTP-EQUIV="refresh" content="0;URL=' . $urlToRedirect . '">';
echo esc_attr('<META HTTP-EQUIV="refresh" content="0;URL=' . $urlToRedirect . '">');
exit;
}
public static function getCryptoHash()
Expand Down
2 changes: 1 addition & 1 deletion src/includes/SettingsPages/SubscriptionOptionsSettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -352,7 +352,7 @@ public function mailjet_subscribe_confirmation_from_widget($subscription_email,
$test = sprintf(Mailjeti18n::getTranslationsFromFile($locale, 'To receive newsletters from %s please confirm your subscription by clicking the following button:'), $wpUrl);
$email_main_text = !empty($instance[$locale]['email_content_main_text']) ? apply_filters('widget_email_content_main_text', \sprintf($instance[$locale]['email_content_main_text'], get_option('blogname'))) : $test;
$email_content_after_button = !empty($instance[$locale]['email_content_after_button']) ? $instance[$locale]['email_content_after_button'] : Mailjeti18n::getTranslationsFromFile($locale, 'If you received this email by mistake or don\'t wish to subscribe anymore, simply ignore this message.');
$properties = isset($_POST['properties']) ? $_POST['properties'] : array();
$properties = array_map('sanitize_text_field', $_POST['properties'] ?? []);
$preparedProperties = [];
if (!empty($properties)) {
foreach ($properties as $key => $val) {
Expand Down
8 changes: 4 additions & 4 deletions src/includes/SettingsPages/UserAccessSettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,12 @@ public function mailjet_user_access_cb($args)
$hasAccess = isset($role['capabilities'][self::ACCESS_CAP_NAME]) && $role['capabilities'][self::ACCESS_CAP_NAME];
?>
<label class="checkboxLabel" for="<?php
echo self::PREFIX_ACCESS_INPUT_NAME . $roleKey;
echo esc_attr(self::PREFIX_ACCESS_INPUT_NAME . $roleKey);
?>">
<input name="<?php
echo self::PREFIX_ACCESS_INPUT_NAME . $roleKey;
echo esc_attr(self::PREFIX_ACCESS_INPUT_NAME . $roleKey);
?>" type="checkbox" id="<?php
echo self::PREFIX_ACCESS_INPUT_NAME . $roleKey;
echo esc_attr(self::PREFIX_ACCESS_INPUT_NAME . $roleKey);
?>" value="1" <?php
echo esc_attr($hasAccess) ? ' checked="checked"' : '';
echo esc_attr($roleKey) === 'administrator' ? 'disabled' : '';
Expand All @@ -74,7 +74,7 @@ public function mailjet_user_access_cb($args)
}
public function user_access_post_handler()
{
$postData = $_POST;
$postData = array_map('sanitize_text_field', $_POST);
if (!isset($postData['custom_nonce']) || !wp_verify_nonce($postData['custom_nonce'], 'mailjet_user_access_page_html')) {
add_settings_error('mailjet_messages', 'mailjet_message', __('Your permissions don\'t match! Please refresh your session and if the problem persists, contact our support team.', 'mailjet-for-wordpress'), 'error');
settings_errors('mailjet_messages');
Expand Down
6 changes: 3 additions & 3 deletions src/includes/SettingsPages/WooCommerceSettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -605,7 +605,7 @@ public function send_order_status_completed($orderId)
}
public function orders_automation_settings_post()
{
$data = $_POST;
$data = array_map('sanitize_text_field', $_POST);
if (!wp_verify_nonce($data['custom_nonce'], 'mailjet_order_notifications_settings_page_html')) {
update_option('mailjet_post_update_message', ['success' => \false, 'message' => 'Invalid credentials!']);
wp_redirect(add_query_arg(array('page' => 'mailjet_order_notifications_page'), admin_url('admin.php')));
Expand Down Expand Up @@ -643,7 +643,7 @@ private function prepareAutomationHooks($data)
}
public function abandoned_cart_settings_post()
{
$data = $_POST;
$data = array_map('sanitize_text_field', $_POST);
if (!wp_verify_nonce($data['custom_nonce'], 'mailjet_order_notifications_settings_page_html')) {
update_option('mailjet_post_update_message', ['success' => \false, 'message' => 'Invalid credentials!']);
wp_redirect(add_query_arg(array('page' => 'mailjet_abandoned_cart_page'), admin_url('admin.php')));
Expand Down Expand Up @@ -812,7 +812,7 @@ public function enqueueFrontScripts()
}
public function subscribeViaAjax()
{
$post = $_POST;
$post = array_map('sanitize_text_field', $_POST);
if (isset($post['orderId'])) {
$orderId = sanitize_text_field($post['orderId']);
$order = wc_get_order($orderId);
Expand Down
2 changes: 1 addition & 1 deletion src/widget/WP_Mailjet_Subscribe_Widget.php
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ public function sendSubscriptionEmail(): void
echo wp_json_encode(['prop_errors' => $errors]);
wp_die();
}
$properties = isset($_POST['properties']) ? $_POST['properties'] : array();
$properties = array_map('sanitize_text_field', $_POST['properties'] ?? []);
$isValueTypeIncorrect = false;
if (!empty($properties) && is_array($this->mailjetContactProperties) && !empty($this->mailjetContactProperties)) {
foreach ($properties as $propertyId => $propertyValue) {
Expand Down
4 changes: 2 additions & 2 deletions wp-mailjet.php
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
* Plugin Name: Mailjet for WordPress
* Plugin URI: https://www.mailjet.com/partners/wordpress/
* Description: The Best WordPress Plugin For Email Newsletters.
* Version: 5.3.1
* Version: 5.3.2
* Tested up to: 6.1.1
* Author: Mailjet SAS
* Author URI: http://mailjet.com
Expand Down Expand Up @@ -55,7 +55,7 @@
/**
* Mailjet plugin version.
*/
define('MAILJET_VERSION', '5.3.1');
define('MAILJET_VERSION', '5.3.2');

/**
* Mailjet Plugid dir.
Expand Down

0 comments on commit 6064db2

Please sign in to comment.