From a96a7a08b45b390f35671aeadd6e32d3f1202fd9 Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Fri, 11 Apr 2025 11:39:55 +0600 Subject: [PATCH 01/20] Alert WP Admins When Transactional Email Is Disabled After Failure --- includes/Rest/Help/Help.php | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/includes/Rest/Help/Help.php b/includes/Rest/Help/Help.php index 1984407..05e5e89 100644 --- a/includes/Rest/Help/Help.php +++ b/includes/Rest/Help/Help.php @@ -60,6 +60,16 @@ public function register_routes() { ), ) ); + register_rest_route( + $this->namespace, + $this->rest_base . '/admin/users', + array( + array( + 'methods' => WP_REST_Server::READABLE, + 'callback' => array( $this, 'users' ), + ), + ) + ); } /** @@ -111,4 +121,21 @@ public function disconnect_wemail() { ) ); } + + public function users() { + $args = array( + 'role' => 'administrator', + ); + + $users = get_users($args); + + $emails = array_map( + function($user) { + return $user->user_email; + }, + $users + ); + + return rest_ensure_response($emails); + } } From e6c3813db0abe44dd5c227baa3c9c06e4930aefd Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Fri, 11 Apr 2025 13:17:14 +0600 Subject: [PATCH 02/20] Fix phpcs --- includes/Rest/Help/Help.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/Rest/Help/Help.php b/includes/Rest/Help/Help.php index 05e5e89..b412ea0 100644 --- a/includes/Rest/Help/Help.php +++ b/includes/Rest/Help/Help.php @@ -127,15 +127,15 @@ public function users() { 'role' => 'administrator', ); - $users = get_users($args); + $users = get_users( $args ); $emails = array_map( - function($user) { + function ( $user ) { return $user->user_email; }, $users ); - return rest_ensure_response($emails); + return rest_ensure_response( $emails ); } } From 063cd8b662a5058f1a38ad51ada1193c7ed2e0dd Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 15 Apr 2025 12:19:41 +0600 Subject: [PATCH 03/20] Handle permission for new endpoint --- includes/Rest/Help/Help.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/includes/Rest/Help/Help.php b/includes/Rest/Help/Help.php index b412ea0..a34482d 100644 --- a/includes/Rest/Help/Help.php +++ b/includes/Rest/Help/Help.php @@ -67,6 +67,9 @@ public function register_routes() { array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'users' ), + 'permission_callback' => function () { + return true; + }, ), ) ); From 861911db35396f15f590cc1c4b93bcd325ff5c6a Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 15 Apr 2025 16:40:16 +0600 Subject: [PATCH 04/20] Added functionality to send transaction disable notification emails to all admin users --- includes/WeMail.php | 2 +- package.json | 2 +- readme.txt | 5 ++++- wemail.php | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/includes/WeMail.php b/includes/WeMail.php index 7d8126e..d156bce 100644 --- a/includes/WeMail.php +++ b/includes/WeMail.php @@ -23,7 +23,7 @@ final class WeMail { * * @var string */ - public $version = '1.14.12'; + public $version = '1.14.13'; /** * DB version diff --git a/package.json b/package.json index 97a5781..6a5c39c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "wemail", - "version": "1.14.12", + "version": "1.14.13", "description": "Send Beautiful Email Newsletters with WordPress", "scripts": { "build": "node build", diff --git a/readme.txt b/readme.txt index 3da96f4..200adf3 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Donate link: https://getwemail.io Tags: email marketing, newsletter, subscription, smtp, optins Requires at least: 5.6 Tested up to: 6.7.2 -Stable tag: 1.14.12 +Stable tag: 1.14.13 Requires PHP: 7.4 License: GPLv2 or later License URL: https://www.gnu.org/licenses/gpl-2.0.html @@ -274,6 +274,9 @@ emails. == Changelog == += v1.14.13 - (15th Apr, 2025) = +* **Enhancement**: Added functionality to send transaction disable notification emails to all admin users, with a compatibility layer for both updated and legacy plugin versions + = v1.14.12 - (5th Mar, 2025) = * Updated tested up to WordPress 5.6 or higher * Updated tested up to PHP 7.4 or higher diff --git a/wemail.php b/wemail.php index b420edf..58aefc5 100644 --- a/wemail.php +++ b/wemail.php @@ -6,7 +6,7 @@ * Plugin URI: https://wordpress.org/plugins/wemail/ * Author: weDevs * Author URI: https://getwemail.io/?utm_source=wp-org&utm_medium=author-uri - * Version: 1.14.12 + * Version: 1.14.13 * License: GPL-3.0 * License URI: https://www.gnu.org/licenses/gpl-2.0.html * Text Domain: wemail From 9ab6eb31d53591cc2c16490b79769b5751fb0ba4 Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Thu, 24 Apr 2025 17:06:44 +0600 Subject: [PATCH 05/20] Fix vulnerability issue. --- includes/Rest/Help/Help.php | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/includes/Rest/Help/Help.php b/includes/Rest/Help/Help.php index a34482d..a83e452 100644 --- a/includes/Rest/Help/Help.php +++ b/includes/Rest/Help/Help.php @@ -7,6 +7,7 @@ use WeDevs\WeMail\RestController; use WeDevs\WeMail\Core\Help\SystemInfo; use WP_REST_Server; +use WP_User_Query; class Help extends RestController { @@ -67,9 +68,7 @@ public function register_routes() { array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'users' ), - 'permission_callback' => function () { - return true; - }, + 'permission_callback' => array( $this, 'permission' ) ), ) ); @@ -141,4 +140,20 @@ function ( $user ) { return rest_ensure_response( $emails ); } + + public function permission( $request ) { + $api_key = $request->get_header( 'X-WeMail-Key' ); + + if ( ! empty( $api_key ) ) { + $query = new WP_User_Query( + array( + 'fields' => 'ID', + 'meta_key' => 'wemail_api_key', + 'meta_value' => $api_key, + ) + ); + return (bool)$query->get_total(); + } + return false; + } } From 18625b1ad2e54bc7023f3ef77b8f656602ae3012 Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Fri, 25 Apr 2025 09:41:49 +0600 Subject: [PATCH 06/20] Fix phpcs. --- includes/Rest/Help/Help.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Rest/Help/Help.php b/includes/Rest/Help/Help.php index a83e452..169541e 100644 --- a/includes/Rest/Help/Help.php +++ b/includes/Rest/Help/Help.php @@ -68,7 +68,7 @@ public function register_routes() { array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'users' ), - 'permission_callback' => array( $this, 'permission' ) + 'permission_callback' => array( $this, 'permission' ), ), ) ); @@ -152,7 +152,7 @@ public function permission( $request ) { 'meta_value' => $api_key, ) ); - return (bool)$query->get_total(); + return (bool) $query->get_total(); } return false; } From b74b730edd6b42c29dfa35e557deb99d5971853c Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Fri, 25 Apr 2025 10:37:29 +0600 Subject: [PATCH 07/20] Fix vulnerability issue. --- includes/WeMail.php | 2 +- package.json | 2 +- readme.txt | 5 ++++- wemail.php | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/includes/WeMail.php b/includes/WeMail.php index d156bce..b9e6cfd 100644 --- a/includes/WeMail.php +++ b/includes/WeMail.php @@ -23,7 +23,7 @@ final class WeMail { * * @var string */ - public $version = '1.14.13'; + public $version = '1.14.14'; /** * DB version diff --git a/package.json b/package.json index 6a5c39c..5c557d5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "wemail", - "version": "1.14.13", + "version": "1.14.14", "description": "Send Beautiful Email Newsletters with WordPress", "scripts": { "build": "node build", diff --git a/readme.txt b/readme.txt index 200adf3..b9cf45d 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Donate link: https://getwemail.io Tags: email marketing, newsletter, subscription, smtp, optins Requires at least: 5.6 Tested up to: 6.7.2 -Stable tag: 1.14.13 +Stable tag: 1.14.14 Requires PHP: 7.4 License: GPLv2 or later License URL: https://www.gnu.org/licenses/gpl-2.0.html @@ -274,6 +274,9 @@ emails. == Changelog == += v1.14.14 - (25th Apr, 2025) = +* **Fix** Fix vulnerability issue for access admin user + = v1.14.13 - (15th Apr, 2025) = * **Enhancement**: Added functionality to send transaction disable notification emails to all admin users, with a compatibility layer for both updated and legacy plugin versions diff --git a/wemail.php b/wemail.php index 58aefc5..9d47e01 100644 --- a/wemail.php +++ b/wemail.php @@ -6,7 +6,7 @@ * Plugin URI: https://wordpress.org/plugins/wemail/ * Author: weDevs * Author URI: https://getwemail.io/?utm_source=wp-org&utm_medium=author-uri - * Version: 1.14.13 + * Version: 1.14.14 * License: GPL-3.0 * License URI: https://www.gnu.org/licenses/gpl-2.0.html * Text Domain: wemail From 264020c26499f45aaabd6f637cee6bf71409c00f Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 24 Jun 2025 14:41:09 +0600 Subject: [PATCH 08/20] chore: update league/csv to version 9.8 --- composer.json | 2 +- composer.lock | 179 ++++++++++++++++++++++++++---------------- includes/Rest/Csv.php | 49 ++++++++++-- 3 files changed, 152 insertions(+), 78 deletions(-) diff --git a/composer.json b/composer.json index e9347ec..3b7bda8 100644 --- a/composer.json +++ b/composer.json @@ -24,7 +24,7 @@ ], "require": { "php": ">=5.5", - "league/csv": "^7.2", + "league/csv": "9.8", "appsero/client": "v2.0.4" }, "require-dev": { diff --git a/composer.lock b/composer.lock index c066b82..e46cb9c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "a2fe228cac617207769d110eeea55340", + "content-hash": "942fcc0350a4e5312066bccd2765e5a2", "packages": [ { "name": "appsero/client", @@ -62,33 +62,46 @@ }, { "name": "league/csv", - "version": "7.2.0", + "version": "9.8.0", "source": { "type": "git", "url": "https://github.com/thephpleague/csv.git", - "reference": "69bafa6ff924fbf9effe4275d6eb16be81a853ef" + "reference": "9d2e0265c5d90f5dd601bc65ff717e05cec19b47" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/thephpleague/csv/zipball/69bafa6ff924fbf9effe4275d6eb16be81a853ef", - "reference": "69bafa6ff924fbf9effe4275d6eb16be81a853ef", + "url": "https://api.github.com/repos/thephpleague/csv/zipball/9d2e0265c5d90f5dd601bc65ff717e05cec19b47", + "reference": "9d2e0265c5d90f5dd601bc65ff717e05cec19b47", "shasum": "" }, "require": { + "ext-json": "*", "ext-mbstring": "*", - "php": ">=5.4.0" + "php": "^7.4 || ^8.0" }, "require-dev": { - "fabpot/php-cs-fixer": "^1.9", - "phpunit/phpunit": "^4.0" + "ext-curl": "*", + "ext-dom": "*", + "friendsofphp/php-cs-fixer": "^v3.4.0", + "phpstan/phpstan": "^1.3.0", + "phpstan/phpstan-phpunit": "^1.0.0", + "phpstan/phpstan-strict-rules": "^1.1.0", + "phpunit/phpunit": "^9.5.11" + }, + "suggest": { + "ext-dom": "Required to use the XMLConverter and or the HTMLConverter classes", + "ext-iconv": "Needed to ease transcoding CSV using iconv stream filters" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "7.2-dev" + "dev-master": "9.x-dev" } }, "autoload": { + "files": [ + "src/functions_include.php" + ], "psr-4": { "League\\Csv\\": "src" } @@ -105,22 +118,31 @@ "role": "Developer" } ], - "description": "Csv data manipulation made easy in PHP", - "homepage": "http://csv.thephpleague.com", + "description": "CSV data manipulation made easy in PHP", + "homepage": "https://csv.thephpleague.com", "keywords": [ + "convert", "csv", "export", "filter", "import", "read", + "transform", "write" ], "support": { - "forum": "https://groups.google.com/forum/#!forum/thephpleague", + "docs": "https://csv.thephpleague.com", "issues": "https://github.com/thephpleague/csv/issues", - "source": "https://github.com/thephpleague/csv/tree/master" + "rss": "https://github.com/thephpleague/csv/releases.atom", + "source": "https://github.com/thephpleague/csv" }, - "time": "2015-11-02T07:36:25+00:00" + "funding": [ + { + "url": "https://github.com/sponsors/nyamsprod", + "type": "github" + } + ], + "time": "2022-01-04T00:13:07+00:00" } ], "packages-dev": [ @@ -339,17 +361,18 @@ "source": { "type": "git", "url": "https://github.com/PHPCompatibility/PHPCompatibilityWP.git", - "reference": "01c1ff2704a58e46f0cb1ca9d06aee07b3589082" + "reference": "ab217cfc57bebbf3efa44fa059baafd0d9e4064c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPCompatibility/PHPCompatibilityWP/zipball/01c1ff2704a58e46f0cb1ca9d06aee07b3589082", - "reference": "01c1ff2704a58e46f0cb1ca9d06aee07b3589082", + "url": "https://api.github.com/repos/PHPCompatibility/PHPCompatibilityWP/zipball/ab217cfc57bebbf3efa44fa059baafd0d9e4064c", + "reference": "ab217cfc57bebbf3efa44fa059baafd0d9e4064c", "shasum": "" }, "require": { "phpcompatibility/php-compatibility": "^9.0", - "phpcompatibility/phpcompatibility-paragonie": "^1.0" + "phpcompatibility/phpcompatibility-paragonie": "^1.0", + "squizlabs/php_codesniffer": "^3.3" }, "require-dev": { "dealerdirect/phpcodesniffer-composer-installer": "^1.0" @@ -400,35 +423,39 @@ { "url": "https://opencollective.com/php_codesniffer", "type": "open_collective" + }, + { + "url": "https://thanks.dev/u/gh/phpcompatibility", + "type": "thanks_dev" } ], - "time": "2024-04-24T21:37:59+00:00" + "time": "2025-06-13T07:13:41+00:00" }, { "name": "phpcsstandards/phpcsextra", - "version": "1.2.1", + "version": "1.4.0", "source": { "type": "git", "url": "https://github.com/PHPCSStandards/PHPCSExtra.git", - "reference": "11d387c6642b6e4acaf0bd9bf5203b8cca1ec489" + "reference": "fa4b8d051e278072928e32d817456a7fdb57b6ca" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPCSStandards/PHPCSExtra/zipball/11d387c6642b6e4acaf0bd9bf5203b8cca1ec489", - "reference": "11d387c6642b6e4acaf0bd9bf5203b8cca1ec489", + "url": "https://api.github.com/repos/PHPCSStandards/PHPCSExtra/zipball/fa4b8d051e278072928e32d817456a7fdb57b6ca", + "reference": "fa4b8d051e278072928e32d817456a7fdb57b6ca", "shasum": "" }, "require": { "php": ">=5.4", - "phpcsstandards/phpcsutils": "^1.0.9", - "squizlabs/php_codesniffer": "^3.8.0" + "phpcsstandards/phpcsutils": "^1.1.0", + "squizlabs/php_codesniffer": "^3.13.0 || ^4.0" }, "require-dev": { "php-parallel-lint/php-console-highlighter": "^1.0", - "php-parallel-lint/php-parallel-lint": "^1.3.2", + "php-parallel-lint/php-parallel-lint": "^1.4.0", "phpcsstandards/phpcsdevcs": "^1.1.6", "phpcsstandards/phpcsdevtools": "^1.2.1", - "phpunit/phpunit": "^4.5 || ^5.0 || ^6.0 || ^7.0 || ^8.0 || ^9.0" + "phpunit/phpunit": "^4.5 || ^5.0 || ^6.0 || ^7.0 || ^8.0 || ^9.3.4" }, "type": "phpcodesniffer-standard", "extra": { @@ -478,35 +505,39 @@ { "url": "https://opencollective.com/php_codesniffer", "type": "open_collective" + }, + { + "url": "https://thanks.dev/u/gh/phpcsstandards", + "type": "thanks_dev" } ], - "time": "2023-12-08T16:49:07+00:00" + "time": "2025-06-14T07:40:39+00:00" }, { "name": "phpcsstandards/phpcsutils", - "version": "1.0.12", + "version": "1.1.0", "source": { "type": "git", "url": "https://github.com/PHPCSStandards/PHPCSUtils.git", - "reference": "87b233b00daf83fb70f40c9a28692be017ea7c6c" + "reference": "65355670ac17c34cd235cf9d3ceae1b9252c4dad" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPCSStandards/PHPCSUtils/zipball/87b233b00daf83fb70f40c9a28692be017ea7c6c", - "reference": "87b233b00daf83fb70f40c9a28692be017ea7c6c", + "url": "https://api.github.com/repos/PHPCSStandards/PHPCSUtils/zipball/65355670ac17c34cd235cf9d3ceae1b9252c4dad", + "reference": "65355670ac17c34cd235cf9d3ceae1b9252c4dad", "shasum": "" }, "require": { "dealerdirect/phpcodesniffer-composer-installer": "^0.4.1 || ^0.5 || ^0.6.2 || ^0.7 || ^1.0", "php": ">=5.4", - "squizlabs/php_codesniffer": "^3.10.0 || 4.0.x-dev@dev" + "squizlabs/php_codesniffer": "^3.13.0 || ^4.0" }, "require-dev": { "ext-filter": "*", "php-parallel-lint/php-console-highlighter": "^1.0", - "php-parallel-lint/php-parallel-lint": "^1.3.2", + "php-parallel-lint/php-parallel-lint": "^1.4.0", "phpcsstandards/phpcsdevcs": "^1.1.6", - "yoast/phpunit-polyfills": "^1.1.0 || ^2.0.0" + "yoast/phpunit-polyfills": "^1.1.0 || ^2.0.0 || ^3.0.0" }, "type": "phpcodesniffer-standard", "extra": { @@ -543,6 +574,7 @@ "phpcodesniffer-standard", "phpcs", "phpcs3", + "phpcs4", "standards", "static analysis", "tokens", @@ -566,22 +598,26 @@ { "url": "https://opencollective.com/php_codesniffer", "type": "open_collective" + }, + { + "url": "https://thanks.dev/u/gh/phpcsstandards", + "type": "thanks_dev" } ], - "time": "2024-05-20T13:34:27+00:00" + "time": "2025-06-12T04:32:33+00:00" }, { "name": "squizlabs/php_codesniffer", - "version": "3.10.2", + "version": "3.13.2", "source": { "type": "git", "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git", - "reference": "86e5f5dd9a840c46810ebe5ff1885581c42a3017" + "reference": "5b5e3821314f947dd040c70f7992a64eac89025c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/86e5f5dd9a840c46810ebe5ff1885581c42a3017", - "reference": "86e5f5dd9a840c46810ebe5ff1885581c42a3017", + "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/5b5e3821314f947dd040c70f7992a64eac89025c", + "reference": "5b5e3821314f947dd040c70f7992a64eac89025c", "shasum": "" }, "require": { @@ -646,26 +682,31 @@ { "url": "https://opencollective.com/php_codesniffer", "type": "open_collective" + }, + { + "url": "https://thanks.dev/u/gh/phpcsstandards", + "type": "thanks_dev" } ], - "time": "2024-07-21T23:26:44+00:00" + "time": "2025-06-17T22:17:01+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.30.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c" + "reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c", - "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6d857f4d76bd4b343eac26d6b539585d2bc56493", + "reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493", "shasum": "" }, "require": { - "php": ">=7.1" + "ext-iconv": "*", + "php": ">=7.2" }, "provide": { "ext-mbstring": "*" @@ -676,8 +717,8 @@ "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -712,7 +753,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.32.0" }, "funding": [ { @@ -728,30 +769,30 @@ "type": "tidelift" } ], - "time": "2024-06-19T12:30:46+00:00" + "time": "2024-12-23T08:48:59+00:00" }, { "name": "symfony/polyfill-php80", - "version": "v1.30.0", + "version": "v1.32.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "77fa7995ac1b21ab60769b7323d600a991a90433" + "reference": "0cc9dd0f17f61d8131e7df6b84bd344899fe2608" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/77fa7995ac1b21ab60769b7323d600a991a90433", - "reference": "77fa7995ac1b21ab60769b7323d600a991a90433", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/0cc9dd0f17f61d8131e7df6b84bd344899fe2608", + "reference": "0cc9dd0f17f61d8131e7df6b84bd344899fe2608", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.2" }, "type": "library", "extra": { "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "url": "https://github.com/symfony/polyfill", + "name": "symfony/polyfill" } }, "autoload": { @@ -792,7 +833,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.30.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.32.0" }, "funding": [ { @@ -808,20 +849,20 @@ "type": "tidelift" } ], - "time": "2024-05-31T15:07:36+00:00" + "time": "2025-01-02T08:10:11+00:00" }, { "name": "symfony/var-dumper", - "version": "v5.4.42", + "version": "v5.4.48", "source": { "type": "git", "url": "https://github.com/symfony/var-dumper.git", - "reference": "0c17c56d8ea052fc33942251c75d0e28936e043d" + "reference": "42f18f170aa86d612c3559cfb3bd11a375df32c8" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/var-dumper/zipball/0c17c56d8ea052fc33942251c75d0e28936e043d", - "reference": "0c17c56d8ea052fc33942251c75d0e28936e043d", + "url": "https://api.github.com/repos/symfony/var-dumper/zipball/42f18f170aa86d612c3559cfb3bd11a375df32c8", + "reference": "42f18f170aa86d612c3559cfb3bd11a375df32c8", "shasum": "" }, "require": { @@ -881,7 +922,7 @@ "dump" ], "support": { - "source": "https://github.com/symfony/var-dumper/tree/v5.4.42" + "source": "https://github.com/symfony/var-dumper/tree/v5.4.48" }, "funding": [ { @@ -897,7 +938,7 @@ "type": "tidelift" } ], - "time": "2024-07-26T12:23:09+00:00" + "time": "2024-11-08T15:21:10+00:00" }, { "name": "tareq1988/wp-php-cs-fixer", @@ -1007,15 +1048,15 @@ "aliases": [], "minimum-stability": "stable", "stability-flags": { - "wp-coding-standards/wpcs": 20, + "phpcompatibility/phpcompatibility-wp": 20, "tareq1988/wp-php-cs-fixer": 20, - "phpcompatibility/phpcompatibility-wp": 20 + "wp-coding-standards/wpcs": 20 }, "prefer-stable": false, "prefer-lowest": false, "platform": { "php": ">=5.5" }, - "platform-dev": [], - "plugin-api-version": "2.3.0" + "platform-dev": {}, + "plugin-api-version": "2.6.0" } diff --git a/includes/Rest/Csv.php b/includes/Rest/Csv.php index c257812..0e6da41 100644 --- a/includes/Rest/Csv.php +++ b/includes/Rest/Csv.php @@ -109,10 +109,13 @@ public function csv_file_info( $request ) { $reader = $this->reader( $file_id ); - $query = $reader->query(); + $count = 0; + foreach ( $reader as $record ) { + $count++; + } $data = array( - 'total' => iterator_count( $query ) - 1, + 'total' => $count - 1, // Subtract 1 for header row ); return new WP_REST_Response( $data, 200 ); @@ -144,14 +147,44 @@ public function subscribers( $request ) { $reader = $this->reader( $file_id ); - $meta_fields = $reader->fetchOne(); - $meta_fields = array_filter( $meta_fields ); + // Get header row first + $header_record = $reader->fetchOne(); + $meta_fields = array_filter( $header_record ); $meta_fields = array_unique( $meta_fields ); - $subscribers = $reader - ->setOffset( $offset + 1 ) // +1 to ignore the header - ->setLimit( $limit ) - ->fetchAssoc( $meta_fields ); + // Manually implement offset and limit by iterating through records + $subscribers = []; + $current_row = 0; + $collected = 0; + + foreach ( $reader as $record ) { + // Skip header row + if ( $current_row === 0 ) { + $current_row++; + continue; + } + + // Skip rows until we reach the offset + if ( $current_row - 1 < $offset ) { + $current_row++; + continue; + } + + // Stop if we've collected enough records + if ( $collected >= $limit ) { + break; + } + + // Convert to associative array using header + $subscriber = []; + foreach ( $meta_fields as $index => $field ) { + $subscriber[$field] = isset( $record[$index] ) ? $record[$index] : null; + } + $subscribers[] = $subscriber; + + $current_row++; + $collected++; + } $data = array( 'subscribers' => $subscribers, From d88c2e300bb804e457fcb18100b781a19955734b Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 24 Jun 2025 15:01:13 +0600 Subject: [PATCH 09/20] Refactor --- includes/Rest/Csv.php | 44 ++++++++----------------------------------- 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/includes/Rest/Csv.php b/includes/Rest/Csv.php index 0e6da41..86c898f 100644 --- a/includes/Rest/Csv.php +++ b/includes/Rest/Csv.php @@ -147,44 +147,16 @@ public function subscribers( $request ) { $reader = $this->reader( $file_id ); - // Get header row first - $header_record = $reader->fetchOne(); - $meta_fields = array_filter( $header_record ); - $meta_fields = array_unique( $meta_fields ); + // Set the header offset so records are returned as associative arrays + $reader->setHeaderOffset(0); - // Manually implement offset and limit by iterating through records - $subscribers = []; - $current_row = 0; - $collected = 0; + // Use Statement for offset/limit + $stmt = \League\Csv\Statement::create() + ->offset($offset) + ->limit($limit); - foreach ( $reader as $record ) { - // Skip header row - if ( $current_row === 0 ) { - $current_row++; - continue; - } - - // Skip rows until we reach the offset - if ( $current_row - 1 < $offset ) { - $current_row++; - continue; - } - - // Stop if we've collected enough records - if ( $collected >= $limit ) { - break; - } - - // Convert to associative array using header - $subscriber = []; - foreach ( $meta_fields as $index => $field ) { - $subscriber[$field] = isset( $record[$index] ) ? $record[$index] : null; - } - $subscribers[] = $subscriber; - - $current_row++; - $collected++; - } + $records = $stmt->process($reader); // Iterator of associative arrays + $subscribers = iterator_to_array($records); $data = array( 'subscribers' => $subscribers, From 7a59d021a756c53c9508eef0c1b4764fb95f6e8b Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 24 Jun 2025 15:09:20 +0600 Subject: [PATCH 10/20] Fix phpcs --- includes/Rest/Csv.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/includes/Rest/Csv.php b/includes/Rest/Csv.php index 86c898f..141c6dd 100644 --- a/includes/Rest/Csv.php +++ b/includes/Rest/Csv.php @@ -111,7 +111,7 @@ public function csv_file_info( $request ) { $count = 0; foreach ( $reader as $record ) { - $count++; + ++$count; } $data = array( @@ -148,15 +148,15 @@ public function subscribers( $request ) { $reader = $this->reader( $file_id ); // Set the header offset so records are returned as associative arrays - $reader->setHeaderOffset(0); + $reader->setHeaderOffset( 0 ); // Use Statement for offset/limit $stmt = \League\Csv\Statement::create() - ->offset($offset) - ->limit($limit); + ->offset( $offset ) + ->limit( $limit ); - $records = $stmt->process($reader); // Iterator of associative arrays - $subscribers = iterator_to_array($records); + $records = $stmt->process( $reader ); // Iterator of associative arrays + $subscribers = iterator_to_array( $records ); $data = array( 'subscribers' => $subscribers, From 2b03acb1bf0d45d536e41754f6c43729570e227c Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 24 Jun 2025 15:46:28 +0600 Subject: [PATCH 11/20] Fix phpcs --- .github/workflows/phpcs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml index 98fd798..d94b57d 100644 --- a/.github/workflows/phpcs.yml +++ b/.github/workflows/phpcs.yml @@ -11,7 +11,7 @@ jobs: - name: Setup PHP uses: shivammathur/setup-php@v2 with: - php-version: "7.3" + php-version: "7.4" coverage: none tools: composer, cs2pr From b3da42468fff7dd1bb9d0c2bb27dba8e9cb1e7af Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 24 Jun 2025 15:59:16 +0600 Subject: [PATCH 12/20] Refactor --- includes/Rest/Csv.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/includes/Rest/Csv.php b/includes/Rest/Csv.php index 141c6dd..6927179 100644 --- a/includes/Rest/Csv.php +++ b/includes/Rest/Csv.php @@ -109,10 +109,7 @@ public function csv_file_info( $request ) { $reader = $this->reader( $file_id ); - $count = 0; - foreach ( $reader as $record ) { - ++$count; - } + $count = iterator_count($reader); $data = array( 'total' => $count - 1, // Subtract 1 for header row From cb0292de1698a43b45168f1bf24123efcfddac0a Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 24 Jun 2025 16:00:18 +0600 Subject: [PATCH 13/20] Fix phpcs --- includes/Rest/Csv.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Rest/Csv.php b/includes/Rest/Csv.php index 6927179..a5a7e5b 100644 --- a/includes/Rest/Csv.php +++ b/includes/Rest/Csv.php @@ -109,7 +109,7 @@ public function csv_file_info( $request ) { $reader = $this->reader( $file_id ); - $count = iterator_count($reader); + $count = iterator_count( $reader ); $data = array( 'total' => $count - 1, // Subtract 1 for header row From c18d081085512ead6f117bd2ab2f2054209920e9 Mon Sep 17 00:00:00 2001 From: sumaisa-mou Date: Tue, 24 Jun 2025 16:18:59 +0600 Subject: [PATCH 14/20] fix: Resolved CSV import issues on PHP 8.1 and 8.2 --- includes/WeMail.php | 2 +- package.json | 2 +- readme.txt | 5 ++++- wemail.php | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/includes/WeMail.php b/includes/WeMail.php index b9e6cfd..bf5ba76 100644 --- a/includes/WeMail.php +++ b/includes/WeMail.php @@ -23,7 +23,7 @@ final class WeMail { * * @var string */ - public $version = '1.14.14'; + public $version = '1.14.15'; /** * DB version diff --git a/package.json b/package.json index 5c557d5..7ffe30d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "wemail", - "version": "1.14.14", + "version": "1.14.15", "description": "Send Beautiful Email Newsletters with WordPress", "scripts": { "build": "node build", diff --git a/readme.txt b/readme.txt index b9cf45d..93aa5cc 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Donate link: https://getwemail.io Tags: email marketing, newsletter, subscription, smtp, optins Requires at least: 5.6 Tested up to: 6.7.2 -Stable tag: 1.14.14 +Stable tag: 1.14.15 Requires PHP: 7.4 License: GPLv2 or later License URL: https://www.gnu.org/licenses/gpl-2.0.html @@ -274,6 +274,9 @@ emails. == Changelog == += v1.14.15 - (23rd June, 2025) = +* **Fix** Resolved CSV import issues on PHP 8.1 and 8.2. + = v1.14.14 - (25th Apr, 2025) = * **Fix** Fix vulnerability issue for access admin user diff --git a/wemail.php b/wemail.php index 9d47e01..1a74373 100644 --- a/wemail.php +++ b/wemail.php @@ -6,7 +6,7 @@ * Plugin URI: https://wordpress.org/plugins/wemail/ * Author: weDevs * Author URI: https://getwemail.io/?utm_source=wp-org&utm_medium=author-uri - * Version: 1.14.14 + * Version: 1.14.15 * License: GPL-3.0 * License URI: https://www.gnu.org/licenses/gpl-2.0.html * Text Domain: wemail From 79ff7b2674884a027d2eb13911d3e21323902f40 Mon Sep 17 00:00:00 2001 From: bdmehedi Date: Mon, 21 Jul 2025 18:44:39 +0600 Subject: [PATCH 15/20] Old plugin version compatibility --- includes/Admin/Notice.php | 2 +- includes/Admin/Scripts.php | 3 +- includes/Core/Api/Api.php | 39 ++++++++++---- includes/Core/User/Integrations/WpUser.php | 27 +++++----- includes/Core/User/User.php | 59 ++++++++++------------ includes/Rest/Remote.php | 45 +++++++++++++++++ includes/Rest/Rest.php | 1 + 7 files changed, 118 insertions(+), 58 deletions(-) create mode 100644 includes/Rest/Remote.php diff --git a/includes/Admin/Notice.php b/includes/Admin/Notice.php index 94c192a..cdc6730 100644 --- a/includes/Admin/Notice.php +++ b/includes/Admin/Notice.php @@ -71,7 +71,7 @@ public function connect_notice() { update_option( 'wemail_site_connection_notice', 1 ); } } - if ( ! get_user_meta( get_current_user_id(), 'wemail_api_key', true ) && (int) get_option( 'wemail_site_connection_notice' ) !== 1 && ! ( isset( $_GET['page'] ) && $_GET['page'] === 'wemail' ) ) { + if ( ! get_option( 'wemail_api_key') && (int) get_option( 'wemail_site_connection_notice' ) !== 1 && ! ( isset( $_GET['page'] ) && $_GET['page'] === 'wemail' ) ) { add_action( 'admin_notices', array( $this, 'connect_notice_html' ) ); } } diff --git a/includes/Admin/Scripts.php b/includes/Admin/Scripts.php index 7886b6c..fae49db 100644 --- a/includes/Admin/Scripts.php +++ b/includes/Admin/Scripts.php @@ -139,7 +139,8 @@ public function enqueue_scripts() { 'user' => array( 'hash' => $user->hash, 'role' => $user->role, - 'permissions' => $user->permissions, + 'allowed' => $user->allowed, + // 'permissions' => $user->permissions, ), 'currentUser' => $current_user ? array( 'name' => $current_user->display_name, diff --git a/includes/Core/Api/Api.php b/includes/Core/Api/Api.php index b8d8797..91243ff 100644 --- a/includes/Core/Api/Api.php +++ b/includes/Core/Api/Api.php @@ -169,6 +169,17 @@ public function has_api_key() { return (bool) $this->api_key; } + /** + * Added url + * + * @param [string] $url + * @return void + */ + public function url($url) { + $this->url = $url; + return $this; + } + /** * Magic method to set resource and endpoints * @@ -367,7 +378,23 @@ public function send_json( $json = true ) { * @return mixed */ public function put( $data, $args = array() ) { - $data['_method'] = 'put'; + $data['method'] = 'PUT'; + + return $this->post( $data, $args ); + } + + /** + * API - PATCH request caller + * + * @since 2.0.0 + * + * @param array $data PUT data + * @param array $args wp_remote_request argument overrides + * + * @return mixed + */ + public function patch( $data, $args = array() ) { + $data['method'] = 'PATCH'; return $this->post( $data, $args ); } @@ -385,15 +412,9 @@ public function put( $data, $args = array() ) { public function delete( $data = array(), $args = array() ) { $args = $this->args( $args ); - $args['method'] = 'delete'; + $args['method'] = 'DELETE'; - $args['body'] = ! empty( $data ) ? $data : null; - - $url = $this->build_url(); - - $response = wp_remote_request( $url, $args ); - - return $this->response( $response ); + return $this->post($data, $args); } /** diff --git a/includes/Core/User/Integrations/WpUser.php b/includes/Core/User/Integrations/WpUser.php index acf31c2..2899573 100644 --- a/includes/Core/User/Integrations/WpUser.php +++ b/includes/Core/User/Integrations/WpUser.php @@ -47,7 +47,7 @@ public function wemail_user_profile_updated( $user_id, $old_user_data ) { return; } - $access_token = get_user_meta( $user_id, 'wemail_api_key', true ); + $access_token = get_option('wemail_api_key'); if ( empty( $access_token ) ) { return; @@ -56,7 +56,6 @@ public function wemail_user_profile_updated( $user_id, $old_user_data ) { $data = array( 'name' => $user->data->display_name, 'email' => $user->data->user_email, - 'token' => $access_token, ); $response = wemail()->api->set_api_key( $access_token )->auth()->users()->profile()->update()->post( $data ); @@ -65,7 +64,7 @@ public function wemail_user_profile_updated( $user_id, $old_user_data ) { return; } - $this->update_user_permission( $access_token, $user_id ); + // $this->update_user_permission( $access_token, $user_id ); } /** @@ -174,9 +173,9 @@ protected function create_wemail_user( $user, $role ) { return; } - update_user_meta( $user->ID, 'wemail_api_key', $response['access_token'] ); + // update_user_meta( $user->ID, 'wemail_api_key', $response['access_token'] ); - $this->update_user_permission( $response['access_token'], $user->ID ); + // $this->update_user_permission( $response['access_token'], $user->ID ); } /** @@ -186,17 +185,17 @@ protected function create_wemail_user( $user, $role ) { * @param $user_id */ protected function update_user_permission( $access_token, $user_id ) { - $api_key = apply_filters( 'wemail_api_key', $access_token ); - $user_data = wemail()->api->set_api_key( $api_key )->auth()->users()->me()->query( array( 'include' => 'role,permissions' ) )->get(); + // $api_key = apply_filters( 'wemail_api_key', $access_token ); + // $user_data = wemail()->api->set_api_key( $api_key )->auth()->users()->me()->query( array( 'include' => 'role,permissions' ) )->get(); - if ( is_wp_error( $user_data ) ) { - return; - } + // if ( is_wp_error( $user_data ) ) { + // return; + // } - if ( ! empty( $user_data['data'] ) ) { - $user_data = $user_data['data']; + // if ( ! empty( $user_data['data'] ) ) { + // $user_data = $user_data['data']; - update_user_meta( $user_id, 'wemail_user_data', $user_data ); - } + // update_user_meta( $user_id, 'wemail_user_data', $user_data ); + // } } } diff --git a/includes/Core/User/User.php b/includes/Core/User/User.php index 0bd853b..5daee3b 100644 --- a/includes/Core/User/User.php +++ b/includes/Core/User/User.php @@ -45,13 +45,13 @@ class User { public $role = null; /** - * User permissions + * Is user allowed to access weMail * - * @since 1.0.0 + * @since 1.14.16 * - * @var array + * @var boolean */ - public $permissions = array(); + public $allowed = false; /** * API resource query for URL to build @@ -74,25 +74,9 @@ public function boot() { $api_key = apply_filters( 'wemail_api_key', $api_key, $user_id ); if ( $api_key ) { - $user_data = get_user_meta( $user_id, 'wemail_user_data', true ); - $this->check_user_role($user_id); - if ( ! $user_data ) { - $user_data = wemail()->api->wp()->users()->rolePermissions()->query( array( 'email' => $user_email ) )->get(); - - if ( is_wp_error( $user_data ) ) { - return; - } - - if ( ! empty( $user_data['data'] ) ) { - $user_data = $user_data['data']; - - update_user_meta( $user_id, 'wemail_user_data', $user_data ); - } - } - - $this->hash = $user_data['hash']; - $this->role = $user_data['role']; - $this->permissions = $user_data['permissions']; + $this->hash = $api_key ? true : false; + $this->role = wp_get_current_user()->roles; + $this->allowed = $this->check_user_role($user_id); } $this->user_id = $user_id; @@ -109,23 +93,32 @@ public function boot() { * @return bool */ public function can( $permission ) { - if ( $this->permissions && array_key_exists( $permission, $this->permissions ) ) { - return true; - } + // if ( $this->permissions && array_key_exists( $permission, $this->permissions ) ) { + // return true; + // } + + return $this->check_user_role($this->user_id); - return false; + // return false; } - public function check_user_role($user_id) + public function check_user_role($user_id): bool { - $accessible_roles = get_option( 'wemail_accessible_roles' ); - if (!empty(array_intersect(wp_get_current_user()->roles, $accessible_roles)) && empty($this->permissions)) { - delete_user_meta($user_id, 'wemail_user_data'); - } - if (empty(array_intersect(wp_get_current_user()->roles, $accessible_roles))) { + $accessible_roles = get_option( 'wemail_accessible_roles', [] ); + $current_roles = wp_get_current_user()->roles; + + // Check if user has any accessible role + $has_accessible_role = !empty(array_intersect($current_roles, $accessible_roles)); + + if ($has_accessible_role) { + // User has accessible role - keep their data + return true; + } else { + // User doesn't have accessible role - delete their data if (get_user_meta( $user_id, 'wemail_user_data', true )) { delete_user_meta($user_id, 'wemail_user_data'); } + return false; } } } diff --git a/includes/Rest/Remote.php b/includes/Rest/Remote.php new file mode 100644 index 0000000..8d38557 --- /dev/null +++ b/includes/Rest/Remote.php @@ -0,0 +1,45 @@ +post( '/', 'call_remote', 'manage_options' ); + } + + /** + * Call remote api | weMail api + * This is proxy to call weMail api + * + * @since 2.0.0 + * + * @param \WP_REST_Request $request + * + * @return \WP_REST_Response|mixed + */ + public function call_remote( $request ) { + $url = $request->get_param('url'); + $method = strtolower(sanitize_text_field($request->get_param('method'))); + $data = $request->get_param('data'); + $wemail_api_base = wemail()->wemail_api; + $path = str_replace($wemail_api_base, '', $url); + $query = $request->get_param('query'); + + if ($method === 'get') { + $response = wemail()->api->send_json()->get($path, $query); + } else { + $data = array_merge($data ?? [], $query ?? []); + $response = wemail()->api->url($path)->send_json()->{$method}($data, []); + } + + return $response; + } +} diff --git a/includes/Rest/Rest.php b/includes/Rest/Rest.php index 633d103..1c5cf1f 100644 --- a/includes/Rest/Rest.php +++ b/includes/Rest/Rest.php @@ -35,5 +35,6 @@ public function register_controllers() { new Ecommerce(); new Help(); new AffiliateIntegrations(); + new Remote(); } } From 1d0e65a9cf25a5b430c9f7bf4ceddf9338e3fb2c Mon Sep 17 00:00:00 2001 From: bdmehedi Date: Mon, 21 Jul 2025 18:50:45 +0600 Subject: [PATCH 16/20] phpcs fixed --- includes/Admin/Notice.php | 2 +- includes/Core/Api/Api.php | 4 +-- includes/Core/User/Integrations/WpUser.php | 2 +- includes/Core/User/User.php | 17 ++++++------ includes/Core/Users/Menu.php | 2 +- includes/Hooks.php | 2 +- includes/Rest/Remote.php | 18 ++++++------- includes/Rest/Users.php | 31 +++++++++++----------- 8 files changed, 38 insertions(+), 40 deletions(-) diff --git a/includes/Admin/Notice.php b/includes/Admin/Notice.php index cdc6730..11dcecc 100644 --- a/includes/Admin/Notice.php +++ b/includes/Admin/Notice.php @@ -71,7 +71,7 @@ public function connect_notice() { update_option( 'wemail_site_connection_notice', 1 ); } } - if ( ! get_option( 'wemail_api_key') && (int) get_option( 'wemail_site_connection_notice' ) !== 1 && ! ( isset( $_GET['page'] ) && $_GET['page'] === 'wemail' ) ) { + if ( ! get_option( 'wemail_api_key' ) && (int) get_option( 'wemail_site_connection_notice' ) !== 1 && ! ( isset( $_GET['page'] ) && $_GET['page'] === 'wemail' ) ) { add_action( 'admin_notices', array( $this, 'connect_notice_html' ) ); } } diff --git a/includes/Core/Api/Api.php b/includes/Core/Api/Api.php index 91243ff..e4a32ac 100644 --- a/includes/Core/Api/Api.php +++ b/includes/Core/Api/Api.php @@ -175,7 +175,7 @@ public function has_api_key() { * @param [string] $url * @return void */ - public function url($url) { + public function url( $url ) { $this->url = $url; return $this; } @@ -414,7 +414,7 @@ public function delete( $data = array(), $args = array() ) { $args['method'] = 'DELETE'; - return $this->post($data, $args); + return $this->post( $data, $args ); } /** diff --git a/includes/Core/User/Integrations/WpUser.php b/includes/Core/User/Integrations/WpUser.php index 2899573..0e6b115 100644 --- a/includes/Core/User/Integrations/WpUser.php +++ b/includes/Core/User/Integrations/WpUser.php @@ -47,7 +47,7 @@ public function wemail_user_profile_updated( $user_id, $old_user_data ) { return; } - $access_token = get_option('wemail_api_key'); + $access_token = get_option( 'wemail_api_key' ); if ( empty( $access_token ) ) { return; diff --git a/includes/Core/User/User.php b/includes/Core/User/User.php index 5daee3b..a0b6201 100644 --- a/includes/Core/User/User.php +++ b/includes/Core/User/User.php @@ -76,7 +76,7 @@ public function boot() { if ( $api_key ) { $this->hash = $api_key ? true : false; $this->role = wp_get_current_user()->roles; - $this->allowed = $this->check_user_role($user_id); + $this->allowed = $this->check_user_role( $user_id ); } $this->user_id = $user_id; @@ -97,26 +97,25 @@ public function can( $permission ) { // return true; // } - return $this->check_user_role($this->user_id); + return $this->check_user_role( $this->user_id ); // return false; } - public function check_user_role($user_id): bool - { - $accessible_roles = get_option( 'wemail_accessible_roles', [] ); + public function check_user_role( $user_id ): bool { + $accessible_roles = get_option( 'wemail_accessible_roles', array() ); $current_roles = wp_get_current_user()->roles; // Check if user has any accessible role - $has_accessible_role = !empty(array_intersect($current_roles, $accessible_roles)); + $has_accessible_role = ! empty( array_intersect( $current_roles, $accessible_roles ) ); - if ($has_accessible_role) { + if ( $has_accessible_role ) { // User has accessible role - keep their data return true; } else { // User doesn't have accessible role - delete their data - if (get_user_meta( $user_id, 'wemail_user_data', true )) { - delete_user_meta($user_id, 'wemail_user_data'); + if ( get_user_meta( $user_id, 'wemail_user_data', true ) ) { + delete_user_meta( $user_id, 'wemail_user_data' ); } return false; } diff --git a/includes/Core/Users/Menu.php b/includes/Core/Users/Menu.php index 2189f80..674fbc3 100644 --- a/includes/Core/Users/Menu.php +++ b/includes/Core/Users/Menu.php @@ -39,7 +39,7 @@ public function __construct() { * @return array */ public function register_submenu( $menu_items, $capability ) { - if (wemail()->user->can('manage_settings') && in_array('administrator', wp_get_current_user()->roles, true) ) { + if ( wemail()->user->can( 'manage_settings' ) && in_array( 'administrator', wp_get_current_user()->roles, true ) ) { $menu_items[] = array( __( 'Teams', 'wemail' ), $capability, diff --git a/includes/Hooks.php b/includes/Hooks.php index 88e825a..b2f7329 100644 --- a/includes/Hooks.php +++ b/includes/Hooks.php @@ -16,7 +16,7 @@ public function __construct() { new FormIntegrations(); new SyncSubscriberWp(); new SyncSubscriberErp(); -// new SyncWpUser(); + // new SyncWpUser(); new MailHooks(); Ecommerce::instance(); new SyncAffiliateWp(); diff --git a/includes/Rest/Remote.php b/includes/Rest/Remote.php index 8d38557..4aeefa2 100644 --- a/includes/Rest/Remote.php +++ b/includes/Rest/Remote.php @@ -26,18 +26,18 @@ public function register_routes() { * @return \WP_REST_Response|mixed */ public function call_remote( $request ) { - $url = $request->get_param('url'); - $method = strtolower(sanitize_text_field($request->get_param('method'))); - $data = $request->get_param('data'); + $url = $request->get_param( 'url' ); + $method = strtolower( sanitize_text_field( $request->get_param( 'method' ) ) ); + $data = $request->get_param( 'data' ); $wemail_api_base = wemail()->wemail_api; - $path = str_replace($wemail_api_base, '', $url); - $query = $request->get_param('query'); + $path = str_replace( $wemail_api_base, '', $url ); + $query = $request->get_param( 'query' ); - if ($method === 'get') { - $response = wemail()->api->send_json()->get($path, $query); + if ( $method === 'get' ) { + $response = wemail()->api->send_json()->get( $path, $query ); } else { - $data = array_merge($data ?? [], $query ?? []); - $response = wemail()->api->url($path)->send_json()->{$method}($data, []); + $data = array_merge( $data ?? array(), $query ?? array() ); + $response = wemail()->api->url( $path )->send_json()->{$method}( $data, array() ); } return $response; diff --git a/includes/Rest/Users.php b/includes/Rest/Users.php index 967c409..8df2adf 100644 --- a/includes/Rest/Users.php +++ b/includes/Rest/Users.php @@ -53,15 +53,15 @@ function ( $user ) { } public function storeRoles( $request ) { - $roles = $this->saveAccessibleRoles($request); - $access_token = get_option('wemail_api_key'); + $roles = $this->saveAccessibleRoles( $request ); + $access_token = get_option( 'wemail_api_key' ); - if (empty($roles) || !is_array($roles)) { - return $this->respond(array('message' => 'Invalid roles provided'), 422); + if ( empty( $roles ) || ! is_array( $roles ) ) { + return $this->respond( array( 'message' => 'Invalid roles provided' ), 422 ); } - if (empty($access_token)) { - return $this->respond(array('message' => 'API token not available'), 422); + if ( empty( $access_token ) ) { + return $this->respond( array( 'message' => 'API token not available' ), 422 ); } $data = array( @@ -69,13 +69,13 @@ public function storeRoles( $request ) { 'api_token' => $access_token, ); - $response = wemail()->api->wp()->users()->rolePermissions()->post($data); + $response = wemail()->api->wp()->users()->rolePermissions()->post( $data ); - if ($response['success'] === true) { - return $this->respond(array('message' => $response['message']), 200); + if ( $response['success'] === true ) { + return $this->respond( array( 'message' => $response['message'] ), 200 ); } - return $this->respond(array('message' => 'Failed to update roles'), 422); + return $this->respond( array( 'message' => 'Failed to update roles' ), 422 ); } public function update( $request ) { @@ -183,8 +183,8 @@ public function store( $request ) { $users = get_users( $args ); - foreach ($users as $user) { - delete_user_meta($user->ID, 'wemail_user_data'); + foreach ( $users as $user ) { + delete_user_meta( $user->ID, 'wemail_user_data' ); } return $this->respond( array( 'success' => true ), 200 ); @@ -194,11 +194,10 @@ public function store( $request ) { * @param $request * @return mixed */ - public function saveAccessibleRoles($request) - { - $roles = $request->get_param('roles'); + public function saveAccessibleRoles( $request ) { + $roles = $request->get_param( 'roles' ); - update_option('wemail_accessible_roles', $roles); + update_option( 'wemail_accessible_roles', $roles ); return $roles; } } From 6988f912edac650ae1545a30e74231954835a5c3 Mon Sep 17 00:00:00 2001 From: bdmehedi Date: Mon, 21 Jul 2025 22:30:44 +0600 Subject: [PATCH 17/20] Fixed phpcs --- includes/Rest/Remote.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Rest/Remote.php b/includes/Rest/Remote.php index 4aeefa2..e57bb6c 100644 --- a/includes/Rest/Remote.php +++ b/includes/Rest/Remote.php @@ -36,7 +36,7 @@ public function call_remote( $request ) { if ( $method === 'get' ) { $response = wemail()->api->send_json()->get( $path, $query ); } else { - $data = array_merge( $data ?? array(), $query ?? array() ); + $data = array_merge( count($data) ? $data : array(), count($query) ? $query : array() ); $response = wemail()->api->url( $path )->send_json()->{$method}( $data, array() ); } From aeeacce3ae1d586126a1402621c701fad6220338 Mon Sep 17 00:00:00 2001 From: bdmehedi Date: Mon, 21 Jul 2025 22:34:26 +0600 Subject: [PATCH 18/20] Fixed phpcs --- includes/Rest/Remote.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Rest/Remote.php b/includes/Rest/Remote.php index e57bb6c..bf74ec5 100644 --- a/includes/Rest/Remote.php +++ b/includes/Rest/Remote.php @@ -36,7 +36,7 @@ public function call_remote( $request ) { if ( $method === 'get' ) { $response = wemail()->api->send_json()->get( $path, $query ); } else { - $data = array_merge( count($data) ? $data : array(), count($query) ? $query : array() ); + $data = array_merge( count( $data ) ? $data : array(), count( $query ) ? $query : array() ); $response = wemail()->api->url( $path )->send_json()->{$method}( $data, array() ); } From 2882038d683eaaa9b168ac07b10bf3e6fabb22d9 Mon Sep 17 00:00:00 2001 From: bdmehedi Date: Mon, 21 Jul 2025 22:52:19 +0600 Subject: [PATCH 19/20] Fixed phpcs --- includes/Core/User/User.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Core/User/User.php b/includes/Core/User/User.php index a0b6201..7b4a995 100644 --- a/includes/Core/User/User.php +++ b/includes/Core/User/User.php @@ -102,7 +102,7 @@ public function can( $permission ) { // return false; } - public function check_user_role( $user_id ): bool { + public function check_user_role( $user_id ) { $accessible_roles = get_option( 'wemail_accessible_roles', array() ); $current_roles = wp_get_current_user()->roles; From cd2218d685bf8af6f3218ff31fa9e70d2fc91eab Mon Sep 17 00:00:00 2001 From: bdmehedi Date: Tue, 22 Jul 2025 15:26:24 +0600 Subject: [PATCH 20/20] Fixed sanitization, pull and patch request in proxy --- includes/Core/Api/Api.php | 6 ++++-- includes/Rest/Remote.php | 37 ++++++++++++++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/includes/Core/Api/Api.php b/includes/Core/Api/Api.php index e4a32ac..f9ce5bc 100644 --- a/includes/Core/Api/Api.php +++ b/includes/Core/Api/Api.php @@ -378,7 +378,8 @@ public function send_json( $json = true ) { * @return mixed */ public function put( $data, $args = array() ) { - $data['method'] = 'PUT'; + $args = $this->args( $args ); + $args['method'] = 'PUT'; return $this->post( $data, $args ); } @@ -394,7 +395,8 @@ public function put( $data, $args = array() ) { * @return mixed */ public function patch( $data, $args = array() ) { - $data['method'] = 'PATCH'; + $args = $this->args( $args ); + $args['method'] = 'PATCH'; return $this->post( $data, $args ); } diff --git a/includes/Rest/Remote.php b/includes/Rest/Remote.php index bf74ec5..da9e27b 100644 --- a/includes/Rest/Remote.php +++ b/includes/Rest/Remote.php @@ -15,6 +15,28 @@ public function register_routes() { $this->post( '/', 'call_remote', 'manage_options' ); } + /** + * Recursively sanitize input data (array/object/string) + */ + private function wemail_recursive_sanitize( $data ) { + if ( is_array( $data ) ) { + foreach ( $data as $key => $value ) { + $data[ $key ] = $this->wemail_recursive_sanitize( $value ); + } + return $data; + } elseif ( is_bool( $data ) ) { + return $data; + } elseif ( is_email( $data ) ) { + return sanitize_email( $data ); + } elseif ( is_numeric( $data ) ) { + return absint( $data ); + } elseif ( filter_var( $data, FILTER_VALIDATE_URL ) ) { + return esc_url_raw( $data ); + } else { + return sanitize_text_field( $data ); + } + } + /** * Call remote api | weMail api * This is proxy to call weMail api @@ -26,17 +48,26 @@ public function register_routes() { * @return \WP_REST_Response|mixed */ public function call_remote( $request ) { - $url = $request->get_param( 'url' ); + $url = esc_url_raw( $request->get_param( 'url' ) ); $method = strtolower( sanitize_text_field( $request->get_param( 'method' ) ) ); + $data = $request->get_param( 'data' ); + if ( is_array( $data ) ) { + $data = $this->wemail_recursive_sanitize( $data ); + } + + $query = $request->get_param( 'query' ); + if ( is_array( $query ) ) { + $query = $this->wemail_recursive_sanitize( $query ); + } + $wemail_api_base = wemail()->wemail_api; $path = str_replace( $wemail_api_base, '', $url ); - $query = $request->get_param( 'query' ); if ( $method === 'get' ) { $response = wemail()->api->send_json()->get( $path, $query ); } else { - $data = array_merge( count( $data ) ? $data : array(), count( $query ) ? $query : array() ); + $data = array_merge( $data ? $data : array(), $query ? $query : array() ); $response = wemail()->api->url( $path )->send_json()->{$method}( $data, array() ); }