Release1135 (#925)

tw2113 · web-flow · commit ef86903e524f · 2023-03-27T09:37:43.000-05:00
* revise nonce checking to prevent untintentional emailing of debug info

* move textdomain loading to init instead of plugins_loaded

* add empty checks for can_export

* update version and tested up to

* changelog

* update version in main php file

* juggle tags and update short description

* these two parameters got moved to main file only as of WP 5.8

* update readme with release date
diff --git a/custom-post-type-ui.php b/custom-post-type-ui.php
@@ -16,11 +16,13 @@
  * Plugin URI: https://github.com/WebDevStudios/custom-post-type-ui/
  * Description: Admin UI panel for registering custom post types and taxonomies in WordPress
  * Author: WebDevStudios
- * Version: 1.13.4
+ * Version: 1.13.5
  * Author URI: https://webdevstudios.com/
  * Text Domain: custom-post-type-ui
  * Domain Path: /languages
  * License: GPL-2.0+
+ * Requires at least: 5.9
+ * Requires PHP: 5.6
  */
 
 // phpcs:disable WebDevStudios.All.RequireAuthor
@@ -31,8 +33,8 @@
 	exit;
 }
 
-define( 'CPT_VERSION', '1.13.4' ); // Left for legacy purposes.
-define( 'CPTUI_VERSION', '1.13.4' );
+define( 'CPT_VERSION', '1.13.5' ); // Left for legacy purposes.
+define( 'CPTUI_VERSION', '1.13.5' );
 define( 'CPTUI_WP_VERSION', get_bloginfo( 'version' ) );
 
 /**
@@ -118,7 +120,7 @@ function cptui_deactivation() {
 function cptui_load_textdomain() {
 	load_plugin_textdomain( 'custom-post-type-ui' );
 }
-add_action( 'plugins_loaded', 'cptui_load_textdomain' );
+add_action( 'init', 'cptui_load_textdomain' );
 
 /**
  * Load our main menu.
diff --git a/inc/post-types.php b/inc/post-types.php
@@ -1223,7 +1223,7 @@ function cptui_manage_post_types() {
 								],
 							];
 
-							$selected           = isset( $current ) ? disp_boolean( $current['can_export'] ) : '';
+							$selected           = ( isset( $current ) && ! empty( $current['can_export'] ) ) ? disp_boolean( $current['can_export'] ) : '';
 							$select['selected'] = ! empty( $selected ) ? $current['can_export'] : '';
 							echo $ui->get_select_input( // phpcs:ignore.
 								[
diff --git a/inc/tools-sections/tools-debug.php b/inc/tools-sections/tools-debug.php
@@ -20,11 +20,11 @@ function cptui_render_debuginfo_section() {
 	wp_nonce_field( 'cptui_debuginfo_nonce_action', 'cptui_debuginfo_nonce_field' );
 
 	if ( ! empty( $_POST ) && isset( $_POST['cptui_debug_info_email'] ) && isset( $_POST['cptui_debuginfo_nonce_field'] ) ) {
-		wp_verify_nonce( 'cptui_debuginfo_nonce_field', 'cptui_debuginfo_nonce_action' );
-
-		$email_args          = [];
-		$email_args['email'] = sanitize_text_field( $_POST['cptui_debug_info_email'] );
-		$debuginfo->send_email( $email_args );
+		if ( wp_verify_nonce( 'cptui_debuginfo_nonce_field', 'cptui_debuginfo_nonce_action' ) ) {
+			$email_args          = [];
+			$email_args['email'] = sanitize_text_field( $_POST['cptui_debug_info_email'] );
+			$debuginfo->send_email( $email_args );
+		}
 	}
 
 	echo '<p><label for="cptui_debug_info_email">' . esc_html__( 'Please provide an email address to send debug information to: ', 'custom-post-type-ui' ) . '</label><input type="email" id="cptui_debug_info_email" name="cptui_debug_info_email" value="" /></p>';
diff --git a/readme.txt b/readme.txt
@@ -1,14 +1,14 @@
 === Custom Post Type UI ===
 Contributors: webdevstudios, pluginize, tw2113, vegasgeek, modemlooper, williamsba1
 Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=3084056
-Tags: custom post types, CPT, CMS, post, types, post type, taxonomy, tax, custom, content types, post types
+Tags: custom post types, post type, taxonomy, content types, CPT, CMS, post, types, custom
 Requires at least: 5.9
-Tested up to: 6.1.1
-Stable tag: 1.13.4
+Tested up to: 6.2
+Stable tag: 1.13.5
 License: GPL-2.0+
 Requires PHP: 5.6
 
-Admin UI for creating custom post types and custom taxonomies for WordPress
+Admin UI for creating custom content types like post types and taxonomies
 
 == Description ==
 
@@ -36,6 +36,11 @@ Custom Post Type UI development is managed on GitHub, with official releases pub
 
 == Changelog ==
 
+= 1.13.5 - 2023-03-27 =
+* Fixed: Security issue in CPTUI Debug Info screen.
+* Fixed: Added `empty()` check for `can_export` parameters.
+* Updated: Changed textdomain loading from `plugins_loaded` to `init`.
+
 = 1.13.4 - 2022-12-16 =
 * Fixed: Character encoding issue on CPTUI setting save in conjunction with PHP8 compatibility.
 
@@ -91,6 +96,11 @@ Custom Post Type UI development is managed on GitHub, with official releases pub
 
 == Upgrade Notice ==
 
+= 1.13.5 - 2023-03-27 =
+* Fixed: Security issue in CPTUI Debug Info screen.
+* Fixed: Added `empty()` check for `can_export` parameters.
+* Updated: Changed textdomain loading from `plugins_loaded` to `init`.
+
 = 1.13.4 - 2022-12-16 =
 * Fixed: Character encoding issue on CPTUI setting save in conjunction with PHP8 compatibility.
 

Original file line number	Diff line number	Diff line change
`@@ -1223,7 +1223,7 @@ function cptui_manage_post_types() {`
`1223`	`1223`	`],`
`1224`	`1224`	`];`
`1225`	`1225`
`1226`		`- $selected = isset( $current ) ? disp_boolean( $current['can_export'] ) : '';`
	`1226`	`+ $selected = ( isset( $current ) && ! empty( $current['can_export'] ) ) ? disp_boolean( $current['can_export'] ) : '';`
`1227`	`1227`	`$select['selected'] = ! empty( $selected ) ? $current['can_export'] : '';`
`1228`	`1228`	`echo $ui->get_select_input( // phpcs:ignore.`
`1229`	`1229`	`[`