Release

- [Fix] Security vulnerability
Codeinwp · May 14, 2020 · 5027a38 · 5027a38
2 parents b96c753 + a4a59d0
commit 5027a38
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 5 deletions.
diff --git a/includes/class-wppr.php b/includes/class-wppr.php
@@ -67,7 +67,7 @@ class WPPR {
 	 */
 	public function __construct() {
 		$this->plugin_name = 'wppr';
-		$this->version     = '3.7.5';
+		$this->version     = '3.7.6';
 
 		$this->load_dependencies();
 		$this->set_locale();

diff --git a/includes/functions.php b/includes/functions.php
@@ -228,7 +228,7 @@ function wppr_layout_get_image( $review_object, $class_a = '', $class_img = '' )
 			$image_link     = $review_object->get_image();
 		}
 		?>
-		<a title="<?php echo $review_object->get_name(); ?>" class="<?php echo $class_a; ?>" href="<?php echo esc_url( $image_link ); ?>" <?php echo $lightbox; ?> rel="nofollow" target="_blank">
+		<a title="<?php echo esc_attr( $review_object->get_name() ); ?>" class="<?php echo $class_a; ?>" href="<?php echo esc_url( $image_link ); ?>" <?php echo $lightbox; ?> rel="nofollow" target="_blank">
 			<img
 				src="<?php echo esc_attr( $src ); ?>"
 				alt="<?php echo esc_attr( $review_object->get_image_alt() ); ?>"

diff --git a/includes/gutenberg/class-wppr-gutenberg.php b/includes/gutenberg/class-wppr-gutenberg.php
@@ -96,6 +96,9 @@ public function update_posts_endpoints() {
 			array(
 				'methods'  => 'POST',
 				'callback' => array( $this, 'update_review_callback' ),
+				'permission_callback' => function () {
+					return current_user_can( 'edit_posts' );
+				},
 				'args'     => array(
 					'id' => array(
 						'sanitize_callback' => 'absint',

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "wp-product-review",
-  "version": "3.7.5",
+  "version": "3.7.6",
   "description": "WP Product Review WordPress plugin.",
   "repository": {
     "type": "git",

diff --git a/wp-product-review.php b/wp-product-review.php
@@ -15,7 +15,7 @@
  * Plugin Name:       WP Product Review Lite
  * Plugin URI:        https://themeisle.com/plugins/wp-product-review/
  * Description:       The highest rated and most complete review plugin, now with rich snippets support. Easily turn your basic posts into in-depth reviews.
- * Version:           3.7.5
+ * Version:           3.7.6
  * Author:            ThemeIsle
  * Author URI:        https://themeisle.com/
  * Requires at least: 3.5
@@ -66,7 +66,7 @@ function deactivate_wppr() {
  */
 function run_wppr() {
 
-	define( 'WPPR_LITE_VERSION', '3.7.5' );
+	define( 'WPPR_LITE_VERSION', '3.7.6' );
 	define( 'WPPR_PATH', dirname( __FILE__ ) );
 	define( 'WPPR_SLUG', 'wppr' );
 	define( 'WPPR_UPSELL_LINK', 'https://themeisle.com/plugins/wp-product-review/' );