Latest cafe changes 5.0.31.p

CHANGELOG.md

@@ -6,6 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Releases
 
+### [5.0.31]
+
+#### Fixed
+ - [Add Nonce for Add New State AJAX Requests (#1630)](https://github.com/eventespresso/cafe/pull/1630)
+ - [PUE Fix - Dont translate plugin data when checking version numbers (#1632)](https://github.com/eventespresso/cafe/pull/1632)
+
+#### Changed
+ - [BuildMachine 5.0.30 changes (#1629)](https://github.com/eventespresso/cafe/pull/1629)
+ - [Set the min required WP User integration version number to be 2.1.3 (#1633)](https://github.com/eventespresso/cafe/pull/1633)
+
 ### [5.0.30]
 
 #### Added
@@ -33,6 +43,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  - [Improve Loco Translate bundle to include both translation filenames (#1626)](https://github.com/eventespresso/cafe/pull/1626)
 
 
+
+
+
+
 ### [5.0.29]
 
 #### Fixed

admin_pages/general_settings/General_Settings_Admin_Page.core.php

@@ -107,9 +107,10 @@ protected function _set_page_routes()
             ],
 
             'update_country_settings' => [
-                'func'       => [$this, '_update_country_settings'],
-                'capability' => 'manage_options',
-                'noheader'   => true,
+                'func'          => [$this, '_update_country_settings'],
+                'capability'    => 'manage_options',
+                'noheader'      => true,
+                'require_nonce' => true,
             ],
 
             'display_country_settings' => [
@@ -119,18 +120,20 @@ protected function _set_page_routes()
             ],
 
             'add_new_state' => [
-                'func'       => [$this, 'add_new_state'],
-                'capability' => 'manage_options',
-                'noheader'   => true,
+                'func'          => [$this, 'add_new_state'],
+                'capability'    => 'manage_options',
+                'noheader'      => true,
+                'require_nonce' => true,
             ],
 
-            'delete_state'            => [
-                'func'       => [$this, 'delete_state'],
-                'capability' => 'manage_options',
-                'noheader'   => true,
+            'delete_state' => [
+                'func'          => [$this, 'delete_state'],
+                'capability'    => 'manage_options',
+                'noheader'      => true,
+                'require_nonce' => true,
             ],
 
-            'privacy_settings'        => [
+            'privacy_settings' => [
                 'func'       => [$this, 'privacySettings'],
                 'capability' => 'manage_options',
             ],
@@ -921,62 +924,56 @@ public function display_country_states(string $CNT_ISO = '', ?EE_Country $countr
                 }
             }
         }
-        if (is_array($states)) {
-            foreach ($states as $STA_ID => $state) {
-                if ($state instanceof EE_State) {
-                    $inputs = EE_Question_Form_Input::generate_question_form_inputs_for_object(
-                        $state,
-                        [
-                            'STA_abbrev' => [
-                                'type'             => 'TEXT',
-                                'label'            => esc_html__('Code', 'event_espresso'),
-                                'input_name'       => "states[$STA_ID]",
-                                'class'            => 'ee-input-width--tiny',
-                                'add_mobile_label' => true,
-                            ],
-                            'STA_name'   => [
-                                'type'             => 'TEXT',
-                                'label'            => esc_html__('Name', 'event_espresso'),
-                                'input_name'       => "states[$STA_ID]",
-                                'class'            => 'ee-input-width--big',
-                                'add_mobile_label' => true,
-                            ],
-                            'STA_active' => [
-                                'type'             => 'RADIO_BTN',
-                                'label'            => esc_html__(
-                                    'State Appears in Dropdown Select Lists',
-                                    'event_espresso'
-                                ),
-                                'input_name'       => "states[$STA_ID]",
-                                'options'          => $this->_yes_no_values,
-                                'use_desc_4_label' => true,
-                                'add_mobile_label' => true,
-                            ],
-                        ]
-                    );
-
-                    $delete_state_url = EE_Admin_Page::add_query_args_and_nonce(
-                        [
-                            'action'     => 'delete_state',
-                            'STA_ID'     => $STA_ID,
-                            'CNT_ISO'    => $CNT_ISO,
-                            'STA_abbrev' => $state->abbrev(),
+        foreach ($states as $STA_ID => $state) {
+            if ($state instanceof EE_State) {
+                $inputs = EE_Question_Form_Input::generate_question_form_inputs_for_object(
+                    $state,
+                    [
+                        'STA_abbrev' => [
+                            'type'             => 'TEXT',
+                            'label'            => esc_html__('Code', 'event_espresso'),
+                            'input_name'       => "states[$STA_ID]",
+                            'class'            => 'ee-input-width--tiny',
+                            'add_mobile_label' => true,
                         ],
-                        GEN_SET_ADMIN_URL
-                    );
+                        'STA_name'   => [
+                            'type'             => 'TEXT',
+                            'label'            => esc_html__('Name', 'event_espresso'),
+                            'input_name'       => "states[$STA_ID]",
+                            'class'            => 'ee-input-width--big',
+                            'add_mobile_label' => true,
+                        ],
+                        'STA_active' => [
+                            'type'             => 'RADIO_BTN',
+                            'label'            => esc_html__(
+                                'State Appears in Dropdown Select Lists',
+                                'event_espresso'
+                            ),
+                            'input_name'       => "states[$STA_ID]",
+                            'options'          => $this->_yes_no_values,
+                            'use_desc_4_label' => true,
+                            'add_mobile_label' => true,
+                        ],
+                    ]
+                );
 
-                    $this->_template_args['states'][ $STA_ID ]['inputs']           = $inputs;
-                    $this->_template_args['states'][ $STA_ID ]['delete_state_url'] = $delete_state_url;
-                }
+                $delete_state_url = EE_Admin_Page::add_query_args_and_nonce(
+                    [
+                        'action'     => 'delete_state',
+                        'STA_ID'     => $STA_ID,
+                        'CNT_ISO'    => $CNT_ISO,
+                        'STA_abbrev' => $state->abbrev(),
+                    ],
+                    GEN_SET_ADMIN_URL
+                );
+
+                $this->_template_args['states'][ $STA_ID ]['inputs']           = $inputs;
+                $this->_template_args['states'][ $STA_ID ]['delete_state_url'] = $delete_state_url;
             }
-        } else {
-            $this->_template_args['states'] = false;
         }
 
-        $this->_template_args['add_new_state_url'] = EE_Admin_Page::add_query_args_and_nonce(
-            ['action' => 'add_new_state'],
-            GEN_SET_ADMIN_URL
-        );
+        $this->_template_args['add_new_state_nonce'] = wp_create_nonce('espresso_add_new_state');
+        $this->_template_args['delete_state_nonce'] = wp_create_nonce('espresso_delete_state');
 
         $state_details_settings = EEH_Template::display_template(
             GEN_SET_TEMPLATE_PATH . 'state_details_settings.template.php',
@@ -1009,6 +1006,8 @@ public function display_country_states(string $CNT_ISO = '', ?EE_Country $countr
      */
     public function add_new_state()
     {
+        $this->_verify_nonce();
+        // add_new_state_nonce
         if (! $this->capabilities->current_user_can('manage_options', __FUNCTION__)) {
             wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
         }
@@ -1080,6 +1079,7 @@ public function add_new_state()
      */
     public function delete_state()
     {
+        $this->_verify_nonce();
         if (! $this->capabilities->current_user_can('manage_options', __FUNCTION__)) {
             wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
         }

admin_pages/general_settings/assets/gen_settings_countries.js

@@ -215,12 +215,13 @@ jQuery(document).ready(function($) {
 		 */
 		add_new_state : function () {
 			// post data to be sent
-			var formData = {
+			const formData = {
                 page: 'espresso_general_settings',
 				action: 'espresso_add_new_state',
 				CNT_ISO: $('#country').val(),
 				STA_abbrev: $('#STA_abbrev-XXX').val(),
 				STA_name: $('#STA_name-XXX').val(),
+                espresso_add_new_state_nonce: $('#add_new_state_nonce').val(),
 				ee_admin_ajax: true,
 				noheader : 'true'
 			};
@@ -237,7 +238,11 @@ jQuery(document).ready(function($) {
 					//console.log(response);
 					if ( typeof response.errors !== 'undefined' && response.errors !== '' ) {
 						show_admin_page_ajax_msg( response );
-					} else if ( typeof(response.return_data) !== 'undefined' && response.return_data !== false && response.return_data !== null ) {
+					} else if (
+                        typeof(response.return_data) !== 'undefined'
+                        && response.return_data !== false
+                        && response.return_data !== null
+                    ) {
 						EE_CNT_STA.get_country_states( response.return_data );
 						show_admin_page_ajax_msg( response );
 					} else {
@@ -279,6 +284,7 @@ jQuery(document).ready(function($) {
 				CNT_ISO: CNT_ISO,
 				STA_ID: STA_ID,
 				STA_abbrev: STA_abbrev,
+                espresso_delete_state_nonce: $('#delete_state_nonce').val(),
 				ee_admin_ajax : true,
 				noheader : 'true'
 			};
@@ -319,4 +325,4 @@ jQuery(document).ready(function($) {
 
 	EE_CNT_STA.init();
 
-});
+});

admin_pages/general_settings/templates/state_details_settings.template.php

@@ -1,6 +1,8 @@
 <?php
 /**
  * @var string[][] $states
+ * @var string     $add_new_state_nonce
+ * @var string     $delete_state_nonce
  */
 ?>
 
@@ -34,6 +36,7 @@ class="button button--secondary button--icon-only delete-state-lnk"
                 >
                     <span class="dashicons dashicons-post-trash"></span>
                 </a>
+                <input type="hidden" id="delete_state_nonce" name="espresso_delete_state" value="<?php echo esc_attr($delete_state_nonce); ?>">
             </td>
         </tr>
             <?php
@@ -85,6 +88,7 @@ class="STA_name ee-input-width--big"
                        title=""
                        value=""
                 />
+                <input type="hidden" id="add_new_state_nonce" name="espresso_add_new_state_nonce" value="<?php echo esc_attr($add_new_state_nonce); ?>">
             </td>
         </tr>
         <tr>

caffeinated/admin/extend/registrations/Extend_Registrations_Admin_Page.core.php

@@ -299,9 +299,9 @@ public function get_newsletter_form_content()
             wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
         }
         // do a nonce check because we're not coming in from a normal route here.
-        $nonce     = isset($this->_req_data['get_newsletter_form_content_nonce']) ? sanitize_text_field(
-            $this->_req_data['get_newsletter_form_content_nonce']
-        ) : '';
+        $nonce     = isset($this->_req_data['get_newsletter_form_content_nonce'])
+            ? sanitize_text_field($this->_req_data['get_newsletter_form_content_nonce'])
+            : '';
         $nonce_ref = 'get_newsletter_form_content_nonce';
         $this->_verify_nonce($nonce, $nonce_ref);
         // let's get the mtp for the incoming MTP_ ID

core/admin/EE_Admin_Page.core.php

@@ -1042,8 +1042,10 @@ protected function _verify_route(string $route): bool
      * @throws InvalidDataTypeException
      * @throws InvalidInterfaceException
      */
-    protected function _verify_nonce(string $nonce, string $nonce_ref)
+    protected function _verify_nonce(string $nonce = '', string $nonce_ref = '')
     {
+        $nonce = $nonce ?: $this->request->getRequestParam($this->_req_nonce, '');
+        $nonce_ref = $nonce_ref ?: $this->_req_action;
         // verify nonce against expected value
         if (! wp_verify_nonce($nonce, $nonce_ref)) {
             // these are not the droids you are looking for !!!

core/libraries/plugin_api/EE_Register_Addon.lib.php

@@ -52,6 +52,7 @@ class EE_Register_Addon implements EEI_Plugin_API
     protected static $_incompatible_addons = [
         'Multi_Event_Registration' => '2.0.11.rc.002',
         'Promotions'               => '1.0.0.rc.084',
+        'EE_WPUsers'               => '2.1.3.p',
     ];
 
     /**

core/third_party_libs/pue/pue-client.php

@@ -1717,12 +1717,10 @@ public function dashboard_dismiss_upgrade()
          */
         private function getInstalledVersion()
         {
-            if (function_exists('get_plugin_data')) {
-                $plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile);
-            } else {
+            if (! function_exists('get_plugin_data')) {
                 require_once(ABSPATH . 'wp-admin/includes/plugin.php');
-                $plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile);
             }
+            $plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile, true, false);
             if (! empty($plugin_data)) {
                 $this->pluginName  = $plugin_data['Name'];
                 $this->lang_domain = empty($this->lang_domain)

espresso.php

@@ -3,7 +3,7 @@
   Plugin Name: Event Espresso
   Plugin URI: https://eventespresso.com/pricing/?ee_ver=ee4&utm_source=ee4_plugin_admin&utm_medium=link&utm_campaign=wordpress_plugins_page&utm_content=support_link
   Description: Manage events, sell tickets, and receive payments from your WordPress website. Reduce event administration time, cut-out ticketing fees, and own your customer data. | <a href="https://eventespresso.com/add-ons/?utm_source=plugin_activation_screen&utm_medium=link&utm_campaign=plugin_description">Extensions</a> | <a href="https://eventespresso.com/pricing/?utm_source=plugin_activation_screen&utm_medium=link&utm_campaign=plugin_description">Sales</a> | <a href="admin.php?page=espresso_support">Support</a>
-  Version: 5.0.31.rc.000
+  Version: 5.0.31.rc.004
   Author: Event Espresso
   Author URI: https://eventespresso.com/?ee_ver=ee4&utm_source=ee4_plugin_admin&utm_medium=link&utm_campaign=wordpress_plugins_page&utm_content=support_link
   License: GPLv3
@@ -104,7 +104,7 @@ function espresso_minimum_php_version_error()
          */
         function espresso_version(): string
         {
-            return apply_filters('FHEE__espresso__espresso_version', '5.0.31.rc.000');
+            return apply_filters('FHEE__espresso__espresso_version', '5.0.31.rc.004');
         }
 
         /**