Release new version 2.5.0

= 2.5.0 - 2022/02/23 =
* This update has 4 code tweaks that harden the plugins security and improve performance - please run this update as soon as you see it.
* Tweak - Nonce check for when settings form is submitted from plugin framework
* Tweak - Capabilities manage_options check for when settings form is submitted from plugin framework
* Tweak - Call update_google_map_api_key when settings form is submitted instead of instance of Admin_UI
* Tweak - Call update_google_font_api_key when settings form is submitted instead of instance of Fonts_Face

Author: alextuan

admin/admin-interface.php

@@ -596,10 +596,19 @@ public function get_settings( $options, $option_name = '' ) {
 	/*-----------------------------------------------------------------------------------*/
 
 	public function save_settings( $options, $option_name = '' ) {
+
+		check_admin_referer( 'save_settings_' . $this->plugin_name );
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return false;
+		}
 
 		if ( !is_array( $options ) || count( $options ) < 1 ) return;
 
 		if ( empty( $_POST ) ) return false;
+
+		$this->update_google_map_api_key();
+		$GLOBALS[$this->plugin_prefix.'fonts_face']->update_google_font_api_key();
 
 		$update_options = array();
 		$update_separate_options = array();
@@ -3691,6 +3700,7 @@ class="<?php echo $class; ?>"
 			</div> <!-- Close Panel Row -->
 		<?php do_action( $this->plugin_name . '-' . trim( $form_key ) . '_settings_end' ); ?>
             <p class="submit">
+            		<?php wp_nonce_field( 'save_settings_'. $this->plugin_name ); ?>
                     <input type="submit" value="<?php _e('Save changes', 'page-views-count'); ?>" class="button button-primary" name="bt_save_settings" />
                     <input type="submit" name="bt_reset_settings" class="button" value="<?php _e('Reset Settings', 'page-views-count'); ?>"  />
                     <input type="hidden" name="form_name_action" value="<?php echo esc_attr( $form_key ); ?>"  />

admin/admin-ui.php

@@ -87,7 +87,6 @@ public function __construct() {
 		}
 
 		$this->support_url = 'https://wordpress.org/support/plugin/page-views-count/';
-		$this->update_google_map_api_key();
 	}
 
 

admin/includes/fonts_face.php

@@ -364,6 +364,34 @@ public function __construct() {
 			return;
 		}
 
+		if ( apply_filters( $this->plugin_name . '_new_google_fonts_enable', true ) ) {
+			$this->is_valid_google_api_key();
+			$google_fonts = get_option( $this->plugin_name . '_google_font_list', array() );
+		} else {
+			$google_fonts = array();
+		}
+
+		if ( ! is_array( $google_fonts ) || count( $google_fonts ) < 1 ) {
+			$google_fonts = apply_filters( $this->plugin_name . '_google_fonts', $this->google_fonts );
+		}
+
+		sort( $google_fonts );
+
+		$new_google_fonts = array();
+		foreach ( $google_fonts as $row ) {
+			$new_google_fonts[$row['name']]  = $row;
+		}
+
+		$this->google_fonts = $new_google_fonts;
+
+	}
+
+	public function update_google_font_api_key() {
+
+		if ( ! $this->is_load_google_fonts ) {
+			return;
+		}
+
 		// Enable Google Font API Key
 		if ( isset( $_POST[ $this->google_api_key_option . '_enable' ] ) ) {
 			$old_google_api_key_enable = get_option( $this->google_api_key_option . '_enable', 0 );
@@ -396,27 +424,6 @@ public function __construct() {
 				delete_transient( $this->google_api_key_option . '_status' );
 			}
 		}
-
-		if ( apply_filters( $this->plugin_name . '_new_google_fonts_enable', true ) ) {
-			$this->is_valid_google_api_key();
-			$google_fonts = get_option( $this->plugin_name . '_google_font_list', array() );
-		} else {
-			$google_fonts = array();
-		}
-
-		if ( ! is_array( $google_fonts ) || count( $google_fonts ) < 1 ) {
-			$google_fonts = apply_filters( $this->plugin_name . '_google_fonts', $this->google_fonts );
-		}
-
-		sort( $google_fonts );
-
-		$new_google_fonts = array();
-		foreach ( $google_fonts as $row ) {
-			$new_google_fonts[$row['name']]  = $row;
-		}
-
-		$this->google_fonts = $new_google_fonts;
-
 	}
 
 	public function validate_google_api_key( $g_key = '' ) {

page-views-count.php

@@ -2,9 +2,9 @@
 /*
 Plugin Name: Page Views Count
 Description: Show front end users all time views and views today on posts, pages, index pages and custom post types with the Page Views Count Plugin. Use the Page Views Count function to add page views to any content type or object created by your theme or plugins.
-Version: 2.4.15
+Version: 2.5.0
 Requires at least: 5.6
-Tested up to: 5.9
+Tested up to: 5.9.1
 Author: a3rev Software
 Author URI: https://a3rev.com
 Text Domain: page-views-count
@@ -23,7 +23,7 @@
 
 define( 'A3_PVC_KEY', 'a3_page_view_count' );
 define( 'A3_PVC_PREFIX', 'wp_pvc_' );
-define( 'A3_PVC_VERSION', '2.4.15' );
+define( 'A3_PVC_VERSION', '2.5.0' );
 define( 'A3_PVC_G_FONTS', false );
 
 use \A3Rev\PageViewsCount\FrameWork;

readme.txt

@@ -2,8 +2,8 @@
 Contributors: a3rev, a3rev Software, nguyencongtuan
 Tags: wordpress page view, page view count , post views, post view count, gutenberg
 Requires at least: 5.6
-Tested up to: 5.9
-Stable tag: 2.4.15
+Tested up to: 5.9.1
+Stable tag: 2.5.0
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -102,6 +102,13 @@ The manual installation method involves down loading our plugin and uploading it
 
 == Changelog ==
 
+= 2.5.0 - 2022/02/23 =
+* This update has 4 code tweaks that harden the plugins security and improve performance - please run this update as soon as you see it.
+* Tweak - Nonce check for when settings form is submitted from plugin framework
+* Tweak - Capabilities manage_options check for when settings form is submitted from plugin framework
+* Tweak - Call update_google_map_api_key when settings form is submitted instead of instance of Admin_UI
+* Tweak - Call update_google_font_api_key when settings form is submitted instead of instance of Fonts_Face
+
 = 2.4.15 - 2022/02/01 =
 * This is an important security release that patches a SQL injection vulnerability that affects all previous versions. Please run this immediately.
 * Security - Patch for SQL injection attack vulnerability
@@ -488,6 +495,9 @@ The manual installation method involves down loading our plugin and uploading it
 
 == Upgrade Notice ==
 
+= 2.5.0 =
+This update has 4 code tweaks that harden the plugins security and improve performance - please run this update as soon as you see it.
+
 = 2.4.15 =
 This is an important security release that patches a SQL injection vulnerability that affects all previous versions. Please run this immediately.