From cdf8f639e744ce3676ce995f75597e8c0718edd2 Mon Sep 17 00:00:00 2001 From: Tungnx Date: Tue, 31 Oct 2023 11:49:44 +0700 Subject: [PATCH] = 4.2.5.4 = ~ Fixed: security. --- inc/class-lp-helper.php | 3 ++- inc/class-lp-query.php | 4 ++-- inc/lp-webhooks.php | 1 + inc/user-item/class-lp-user-item-course.php | 2 +- learnpress.php | 4 ++-- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/inc/class-lp-helper.php b/inc/class-lp-helper.php index 2fc09af2c..61463f972 100644 --- a/inc/class-lp-helper.php +++ b/inc/class-lp-helper.php @@ -477,7 +477,8 @@ public static function sanitize_params_submitted( $value, string $type_content = } } elseif ( is_array( $value ) ) { foreach ( $value as $k => $v ) { - $value[ $k ] = self::sanitize_params_submitted( $v, $type_content ); + unset( $value[ $k ] ); + $value[ sanitize_key( $k ) ] = self::sanitize_params_submitted( $v, $type_content ); } } diff --git a/inc/class-lp-query.php b/inc/class-lp-query.php index d82d8b2bd..7f9f11a3b 100644 --- a/inc/class-lp-query.php +++ b/inc/class-lp-query.php @@ -132,7 +132,7 @@ public function add_rewrite_rules(): array { } // Todo fix: temporary addons before addons updated, when all addons updated, this code will be removed - if ( class_exists( 'LP_Addon_H5p_Preload' ) ) { + if ( class_exists( 'LP_Addon_H5p_Preload' ) ) { // LP_Addon_H5p fix on v4.0.3 $h5p_slug = urldecode( sanitize_title_with_dashes( LP_Settings::get_option( 'h5p_slug', 'h5p' ) ) ); $rules['course-with-cat-items'][ LP_H5P_CPT ] = [ "^{$course_slug}(?:/{$h5p_slug}/([^/]+))/?$" => @@ -150,7 +150,7 @@ public function add_rewrite_rules(): array { } // Todo Fix: temporary addons before addons updated, when all addons updated, this code will be removed - if ( class_exists( 'LP_Addon_H5p_Preload' ) ) { + if ( class_exists( 'LP_Addon_H5p_Preload' ) ) { // LP_Addon_H5p fix on v4.0.3 $h5p_slug = urldecode( sanitize_title_with_dashes( LP_Settings::get_option( 'h5p_slug', 'h5p' ) ) ); $rules['course-items'][ LP_H5P_CPT ] = [ "^{$course_slug}/([^/]+)(?:/{$h5p_slug}/([^/]+))/?$" => diff --git a/inc/lp-webhooks.php b/inc/lp-webhooks.php index d3c00ebb7..ac4dffe5a 100644 --- a/inc/lp-webhooks.php +++ b/inc/lp-webhooks.php @@ -5,6 +5,7 @@ * @author ThimPress * @package LearnPress/Functions * @version 1.0 + * @deprecated 4.2.5.4 Addon learnpress-2checkout-payment v4.0.1 is using */ defined( 'ABSPATH' ) || exit(); diff --git a/inc/user-item/class-lp-user-item-course.php b/inc/user-item/class-lp-user-item-course.php index 4a16095e3..b321733f0 100644 --- a/inc/user-item/class-lp-user-item-course.php +++ b/inc/user-item/class-lp-user-item-course.php @@ -376,7 +376,7 @@ public function calculate_course_results( bool $force_cache = false ) { LP_Cache::cache_load_first( 'set', $key_first_cache, $results ); } catch ( Throwable $e ) { - + error_log( __METHOD__ . ': ' . $e->getMessage() ); } return $results; diff --git a/learnpress.php b/learnpress.php index f59cd52bf..fc57d3c99 100644 --- a/learnpress.php +++ b/learnpress.php @@ -4,7 +4,7 @@ * Plugin URI: http://thimpress.com/learnpress * Description: LearnPress is a WordPress complete solution for creating a Learning Management System (LMS). It can help you to create courses, lessons and quizzes. * Author: ThimPress - * Version: 4.2.5.3 + * Version: 4.2.5.4-beta-1 * Author URI: http://thimpress.com * Requires at least: 6.2 * Requires PHP: 7.0 @@ -368,7 +368,7 @@ private function include_files_global() { include_once 'inc/lp-core-functions.php'; include_once 'inc/class-lp-autoloader.php'; - include_once 'inc/lp-webhooks.php'; + include_once 'inc/lp-webhooks.php'; // Addon learnpress-2checkout-payment v4.0.1 is using, when update v4.0.2 don't need load it. include_once 'inc/class-lp-request-handler.php'; include_once 'inc/admin/helpers/class-lp-plugins-helper.php';