PHP 8.2 and nonce validation issue fix (#1713)

* add changelog

* build files

* Fixed capability issue

* Fixed php undefined array key issue

* Updated version and changelog

* Removed duplicate log

---------

Co-authored-by: vairafiq <[email protected]>

config.php

@@ -1,6 +1,6 @@
 <?php
 // Plugin version.
-if ( ! defined( 'ATBDP_VERSION' ) ) {define( 'ATBDP_VERSION', '7.8.5' );}
+if ( ! defined( 'ATBDP_VERSION' ) ) {define( 'ATBDP_VERSION', '7.8.6' );}
 // Plugin Folder Path.
 if ( ! defined( 'ATBDP_DIR' ) ) { define( 'ATBDP_DIR', plugin_dir_path( __FILE__ ) ); }
 // Plugin Folder URL.

directorist-base.php

@@ -3,7 +3,7 @@
  * Plugin Name: Directorist - Business Directory Plugin
  * Plugin URI: https://wpwax.com
  * Description: A comprehensive solution to create professional looking directory site of any kind. Like Yelp, Foursquare, etc.
- * Version: 7.8.5
+ * Version: 7.8.6
  * Author: wpWax
  * Author URI: https://wpwax.com
  * Text Domain: directorist
@@ -675,15 +675,15 @@ public function add_custom_meta_keys_for_old_listings() {
 
 	/**
 	 * Deprecated: 7.8.0
-	 * 
+	 *
 	 * This function is deprecated since version 7.8.0. Please use parse_video() instead.
 	 *
 	 * @param string $url The URL to parse for videos.
 	 * @return mixed The parsed video URL.
 	 *
 	 * @deprecated Use parse_video() for video parsing.
 	 */
-	public function atbdp_parse_videos( $url ) {	
+	public function atbdp_parse_videos( $url ) {
 		_deprecated_function( __METHOD__, '7.8.0', 'Directorist\Helper::parse_video()' );
 
 		return \Directorist\Helper::parse_video( $url );

includes/classes/class-upgrade.php

@@ -40,17 +40,17 @@ public function is_pro_user() {
 	}
 
 	public function promo_banner(){
-		if( ! self::is_pro_user() ) {
+		if ( self::can_manage_plugins() && ! self::is_pro_user() ) {
 			ATBDP()->load_template( 'admin-templates/admin-promo-banner' );
 		}
 	}
 
-	public function bfcm_notice() {
-		if ( !current_user_can( 'manage_options' ) ) {
-			return;
-		}
+	protected static function can_manage_plugins() {
+		return ( current_user_can( 'install_plugins' ) || current_user_can( 'manage_options' ) );
+	}
 
-		if( self::is_pro_user() ) {
+	public function bfcm_notice() {
+		if ( ! self::can_manage_plugins() || self::is_pro_user() ) {
 			return;
 		}
 
@@ -118,13 +118,18 @@ public static function promo_remote_get() {
 		return $response_body;
 	}
 
-	public function upgrade_notice()
-	{
-		if (!current_user_can('administrator')) return;
+	public function upgrade_notice() {
+		if ( ! self::can_manage_plugins() ) {
+			return;
+		}
 
-		if( '7.0' !== ATBDP_VERSION ) return;
+		if ( '7.0' !== ATBDP_VERSION ) {
+			return;
+		}
 
-		if ( get_user_meta( get_current_user_id(), $this->upgrade_notice_id, true ) || ! empty( $this->directorist_migration[ $this->upgrade_notice_id ] ) ) return;
+		if ( get_user_meta( get_current_user_id(), $this->upgrade_notice_id, true ) || ! empty( $this->directorist_migration[ $this->upgrade_notice_id ] ) ) {
+			return;
+		}
 
 		$text = '';
 
@@ -143,7 +148,10 @@ public function upgrade_notice()
 
 	}
 
-	public function configure_notices(){
+	public function configure_notices() {
+		if ( ! self::can_manage_plugins() ) {
+			return;
+		}
 
 		$this->directorist_notices      = get_option( 'directorist_notices' );
 
@@ -157,7 +165,6 @@ public function configure_notices(){
 		if ( isset( $_GET['directorist-depricated-notice'] ) ) {
 			$this->directorist_notices[ $this->legacy_notice_id ] = 1;
 			update_option( 'directorist_notices', $this->directorist_notices );
-
 		}
 
 		if ( isset( $_GET['close-directorist-promo-version'], $_GET['directorist_promo_nonce'] ) && wp_verify_nonce( $_GET['directorist_promo_nonce'], 'close-directorist-promo-version' ) ) {

includes/model/ListingDashboard.php

@@ -188,7 +188,7 @@ public function get_listing_thumbnail() {
 		$listing_prv_img   = get_post_meta($id, '_listing_prv_img', true);
 		$listing_img       = get_post_meta($id, '_listing_img', true);
 
-		if ( is_array( $listing_img ) && ! empty( $listing_img ) ) {
+		if ( is_array( $listing_img ) && ! empty( $listing_img[0] ) ) {
 			$thumbnail_img = atbdp_get_image_source( $listing_img[0], $image_quality );
 			$thumbnail_id = $listing_img[0];
 		}

readme.txt

@@ -5,7 +5,7 @@ Tags: member directory, listing, classifieds, directory plugin, business directo
 Requires at least: 4.6
 Tested up to: 6.4
 Requires PHP: 7.0
-Stable tag: 7.8.5
+Stable tag: 7.8.6
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 
@@ -410,6 +410,11 @@ Directorist is a complete directory solution and in combination with its advance
 
 == Changelog ==
 
+7.8.6 - Mar 12, 2024
+
+* Fix - Undefined array index issue
+* Fix - Promo banner nonce validation issue
+
 7.8.5 - Feb 12, 2024
 
 * Fix - Setup wizard user permission issue (#1702)
@@ -515,10 +520,10 @@ Directorist is a complete directory solution and in combination with its advance
 * Fix -  Column Issue in All Categories & Locations Page
 * Fix - Publish Date Issue when Importing Listings
 * Fix - Typo Issue in Users REST API
-* Fix - Image Size Issue in Single Listing Slider 
+* Fix - Image Size Issue in Single Listing Slider
 * Fix - Listing Count Issue in All Categories & Locations Page
 * Fix - PHP 8 Deprecated Notices
-* Fix - inlineEditPost JS Console Error 
+* Fix - inlineEditPost JS Console Error
 
 7.5.5 - Jun 01, 2023