diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c1dfb371b..70503c27a5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## Releases
+### [5.0.31]
+
+#### Fixed
+ - [Add Nonce for Add New State AJAX Requests (#1630)](https://github.com/eventespresso/cafe/pull/1630)
+ - [PUE Fix - Dont translate plugin data when checking version numbers (#1632)](https://github.com/eventespresso/cafe/pull/1632)
+
+#### Changed
+ - [BuildMachine 5.0.30 changes (#1629)](https://github.com/eventespresso/cafe/pull/1629)
+ - [Set the min required WP User integration version number to be 2.1.3 (#1633)](https://github.com/eventespresso/cafe/pull/1633)
+
### [5.0.30]
#### Added
@@ -33,6 +43,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- [Improve Loco Translate bundle to include both translation filenames (#1626)](https://github.com/eventespresso/cafe/pull/1626)
+
+
+
+
### [5.0.29]
#### Fixed
diff --git a/admin_pages/general_settings/General_Settings_Admin_Page.core.php b/admin_pages/general_settings/General_Settings_Admin_Page.core.php
index 85f975bb10..dd2de21177 100644
--- a/admin_pages/general_settings/General_Settings_Admin_Page.core.php
+++ b/admin_pages/general_settings/General_Settings_Admin_Page.core.php
@@ -107,9 +107,10 @@ protected function _set_page_routes()
],
'update_country_settings' => [
- 'func' => [$this, '_update_country_settings'],
- 'capability' => 'manage_options',
- 'noheader' => true,
+ 'func' => [$this, '_update_country_settings'],
+ 'capability' => 'manage_options',
+ 'noheader' => true,
+ 'require_nonce' => true,
],
'display_country_settings' => [
@@ -119,18 +120,20 @@ protected function _set_page_routes()
],
'add_new_state' => [
- 'func' => [$this, 'add_new_state'],
- 'capability' => 'manage_options',
- 'noheader' => true,
+ 'func' => [$this, 'add_new_state'],
+ 'capability' => 'manage_options',
+ 'noheader' => true,
+ 'require_nonce' => true,
],
- 'delete_state' => [
- 'func' => [$this, 'delete_state'],
- 'capability' => 'manage_options',
- 'noheader' => true,
+ 'delete_state' => [
+ 'func' => [$this, 'delete_state'],
+ 'capability' => 'manage_options',
+ 'noheader' => true,
+ 'require_nonce' => true,
],
- 'privacy_settings' => [
+ 'privacy_settings' => [
'func' => [$this, 'privacySettings'],
'capability' => 'manage_options',
],
@@ -921,62 +924,56 @@ public function display_country_states(string $CNT_ISO = '', ?EE_Country $countr
}
}
}
- if (is_array($states)) {
- foreach ($states as $STA_ID => $state) {
- if ($state instanceof EE_State) {
- $inputs = EE_Question_Form_Input::generate_question_form_inputs_for_object(
- $state,
- [
- 'STA_abbrev' => [
- 'type' => 'TEXT',
- 'label' => esc_html__('Code', 'event_espresso'),
- 'input_name' => "states[$STA_ID]",
- 'class' => 'ee-input-width--tiny',
- 'add_mobile_label' => true,
- ],
- 'STA_name' => [
- 'type' => 'TEXT',
- 'label' => esc_html__('Name', 'event_espresso'),
- 'input_name' => "states[$STA_ID]",
- 'class' => 'ee-input-width--big',
- 'add_mobile_label' => true,
- ],
- 'STA_active' => [
- 'type' => 'RADIO_BTN',
- 'label' => esc_html__(
- 'State Appears in Dropdown Select Lists',
- 'event_espresso'
- ),
- 'input_name' => "states[$STA_ID]",
- 'options' => $this->_yes_no_values,
- 'use_desc_4_label' => true,
- 'add_mobile_label' => true,
- ],
- ]
- );
-
- $delete_state_url = EE_Admin_Page::add_query_args_and_nonce(
- [
- 'action' => 'delete_state',
- 'STA_ID' => $STA_ID,
- 'CNT_ISO' => $CNT_ISO,
- 'STA_abbrev' => $state->abbrev(),
+ foreach ($states as $STA_ID => $state) {
+ if ($state instanceof EE_State) {
+ $inputs = EE_Question_Form_Input::generate_question_form_inputs_for_object(
+ $state,
+ [
+ 'STA_abbrev' => [
+ 'type' => 'TEXT',
+ 'label' => esc_html__('Code', 'event_espresso'),
+ 'input_name' => "states[$STA_ID]",
+ 'class' => 'ee-input-width--tiny',
+ 'add_mobile_label' => true,
],
- GEN_SET_ADMIN_URL
- );
+ 'STA_name' => [
+ 'type' => 'TEXT',
+ 'label' => esc_html__('Name', 'event_espresso'),
+ 'input_name' => "states[$STA_ID]",
+ 'class' => 'ee-input-width--big',
+ 'add_mobile_label' => true,
+ ],
+ 'STA_active' => [
+ 'type' => 'RADIO_BTN',
+ 'label' => esc_html__(
+ 'State Appears in Dropdown Select Lists',
+ 'event_espresso'
+ ),
+ 'input_name' => "states[$STA_ID]",
+ 'options' => $this->_yes_no_values,
+ 'use_desc_4_label' => true,
+ 'add_mobile_label' => true,
+ ],
+ ]
+ );
- $this->_template_args['states'][ $STA_ID ]['inputs'] = $inputs;
- $this->_template_args['states'][ $STA_ID ]['delete_state_url'] = $delete_state_url;
- }
+ $delete_state_url = EE_Admin_Page::add_query_args_and_nonce(
+ [
+ 'action' => 'delete_state',
+ 'STA_ID' => $STA_ID,
+ 'CNT_ISO' => $CNT_ISO,
+ 'STA_abbrev' => $state->abbrev(),
+ ],
+ GEN_SET_ADMIN_URL
+ );
+
+ $this->_template_args['states'][ $STA_ID ]['inputs'] = $inputs;
+ $this->_template_args['states'][ $STA_ID ]['delete_state_url'] = $delete_state_url;
}
- } else {
- $this->_template_args['states'] = false;
}
- $this->_template_args['add_new_state_url'] = EE_Admin_Page::add_query_args_and_nonce(
- ['action' => 'add_new_state'],
- GEN_SET_ADMIN_URL
- );
+ $this->_template_args['add_new_state_nonce'] = wp_create_nonce('espresso_add_new_state');
+ $this->_template_args['delete_state_nonce'] = wp_create_nonce('espresso_delete_state');
$state_details_settings = EEH_Template::display_template(
GEN_SET_TEMPLATE_PATH . 'state_details_settings.template.php',
@@ -1009,6 +1006,8 @@ public function display_country_states(string $CNT_ISO = '', ?EE_Country $countr
*/
public function add_new_state()
{
+ $this->_verify_nonce();
+ // add_new_state_nonce
if (! $this->capabilities->current_user_can('manage_options', __FUNCTION__)) {
wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
}
@@ -1080,6 +1079,7 @@ public function add_new_state()
*/
public function delete_state()
{
+ $this->_verify_nonce();
if (! $this->capabilities->current_user_can('manage_options', __FUNCTION__)) {
wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
}
diff --git a/admin_pages/general_settings/assets/gen_settings_countries.js b/admin_pages/general_settings/assets/gen_settings_countries.js
index 4bdabab03c..7ef1e8b42b 100644
--- a/admin_pages/general_settings/assets/gen_settings_countries.js
+++ b/admin_pages/general_settings/assets/gen_settings_countries.js
@@ -215,12 +215,13 @@ jQuery(document).ready(function($) {
*/
add_new_state : function () {
// post data to be sent
- var formData = {
+ const formData = {
page: 'espresso_general_settings',
action: 'espresso_add_new_state',
CNT_ISO: $('#country').val(),
STA_abbrev: $('#STA_abbrev-XXX').val(),
STA_name: $('#STA_name-XXX').val(),
+ espresso_add_new_state_nonce: $('#add_new_state_nonce').val(),
ee_admin_ajax: true,
noheader : 'true'
};
@@ -237,7 +238,11 @@ jQuery(document).ready(function($) {
//console.log(response);
if ( typeof response.errors !== 'undefined' && response.errors !== '' ) {
show_admin_page_ajax_msg( response );
- } else if ( typeof(response.return_data) !== 'undefined' && response.return_data !== false && response.return_data !== null ) {
+ } else if (
+ typeof(response.return_data) !== 'undefined'
+ && response.return_data !== false
+ && response.return_data !== null
+ ) {
EE_CNT_STA.get_country_states( response.return_data );
show_admin_page_ajax_msg( response );
} else {
@@ -279,6 +284,7 @@ jQuery(document).ready(function($) {
CNT_ISO: CNT_ISO,
STA_ID: STA_ID,
STA_abbrev: STA_abbrev,
+ espresso_delete_state_nonce: $('#delete_state_nonce').val(),
ee_admin_ajax : true,
noheader : 'true'
};
@@ -319,4 +325,4 @@ jQuery(document).ready(function($) {
EE_CNT_STA.init();
-});
\ No newline at end of file
+});
diff --git a/admin_pages/general_settings/templates/state_details_settings.template.php b/admin_pages/general_settings/templates/state_details_settings.template.php
index 61c2925d93..f402e6c0a7 100644
--- a/admin_pages/general_settings/templates/state_details_settings.template.php
+++ b/admin_pages/general_settings/templates/state_details_settings.template.php
@@ -1,6 +1,8 @@
@@ -34,6 +36,7 @@ class="button button--secondary button--icon-only delete-state-lnk"
>
+
+
diff --git a/caffeinated/admin/extend/registrations/Extend_Registrations_Admin_Page.core.php b/caffeinated/admin/extend/registrations/Extend_Registrations_Admin_Page.core.php
index 8238d27fef..c4061388bf 100644
--- a/caffeinated/admin/extend/registrations/Extend_Registrations_Admin_Page.core.php
+++ b/caffeinated/admin/extend/registrations/Extend_Registrations_Admin_Page.core.php
@@ -299,9 +299,9 @@ public function get_newsletter_form_content()
wp_die(esc_html__('You do not have the required privileges to perform this action', 'event_espresso'));
}
// do a nonce check because we're not coming in from a normal route here.
- $nonce = isset($this->_req_data['get_newsletter_form_content_nonce']) ? sanitize_text_field(
- $this->_req_data['get_newsletter_form_content_nonce']
- ) : '';
+ $nonce = isset($this->_req_data['get_newsletter_form_content_nonce'])
+ ? sanitize_text_field($this->_req_data['get_newsletter_form_content_nonce'])
+ : '';
$nonce_ref = 'get_newsletter_form_content_nonce';
$this->_verify_nonce($nonce, $nonce_ref);
// let's get the mtp for the incoming MTP_ ID
diff --git a/core/admin/EE_Admin_Page.core.php b/core/admin/EE_Admin_Page.core.php
index f326cc5974..294124cf57 100644
--- a/core/admin/EE_Admin_Page.core.php
+++ b/core/admin/EE_Admin_Page.core.php
@@ -1042,8 +1042,10 @@ protected function _verify_route(string $route): bool
* @throws InvalidDataTypeException
* @throws InvalidInterfaceException
*/
- protected function _verify_nonce(string $nonce, string $nonce_ref)
+ protected function _verify_nonce(string $nonce = '', string $nonce_ref = '')
{
+ $nonce = $nonce ?: $this->request->getRequestParam($this->_req_nonce, '');
+ $nonce_ref = $nonce_ref ?: $this->_req_action;
// verify nonce against expected value
if (! wp_verify_nonce($nonce, $nonce_ref)) {
// these are not the droids you are looking for !!!
diff --git a/core/libraries/plugin_api/EE_Register_Addon.lib.php b/core/libraries/plugin_api/EE_Register_Addon.lib.php
index 33bb4f91f9..34ffda95c3 100644
--- a/core/libraries/plugin_api/EE_Register_Addon.lib.php
+++ b/core/libraries/plugin_api/EE_Register_Addon.lib.php
@@ -52,6 +52,7 @@ class EE_Register_Addon implements EEI_Plugin_API
protected static $_incompatible_addons = [
'Multi_Event_Registration' => '2.0.11.rc.002',
'Promotions' => '1.0.0.rc.084',
+ 'EE_WPUsers' => '2.1.3.p',
];
/**
diff --git a/core/third_party_libs/pue/pue-client.php b/core/third_party_libs/pue/pue-client.php
index 1a6f467338..01d870a1b5 100644
--- a/core/third_party_libs/pue/pue-client.php
+++ b/core/third_party_libs/pue/pue-client.php
@@ -1717,12 +1717,10 @@ public function dashboard_dismiss_upgrade()
*/
private function getInstalledVersion()
{
- if (function_exists('get_plugin_data')) {
- $plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile);
- } else {
+ if (! function_exists('get_plugin_data')) {
require_once(ABSPATH . 'wp-admin/includes/plugin.php');
- $plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile);
}
+ $plugin_data = get_plugin_data(WP_PLUGIN_DIR . DIRECTORY_SEPARATOR . $this->pluginFile, true, false);
if (! empty($plugin_data)) {
$this->pluginName = $plugin_data['Name'];
$this->lang_domain = empty($this->lang_domain)
diff --git a/espresso.php b/espresso.php
index 8c8e3c641d..1d155230ba 100644
--- a/espresso.php
+++ b/espresso.php
@@ -3,7 +3,7 @@
Plugin Name: Event Espresso
Plugin URI: https://eventespresso.com/pricing/?ee_ver=ee4&utm_source=ee4_plugin_admin&utm_medium=link&utm_campaign=wordpress_plugins_page&utm_content=support_link
Description: Manage events, sell tickets, and receive payments from your WordPress website. Reduce event administration time, cut-out ticketing fees, and own your customer data. | Extensions | Sales | Support
- Version: 5.0.31.rc.000
+ Version: 5.0.31.rc.004
Author: Event Espresso
Author URI: https://eventespresso.com/?ee_ver=ee4&utm_source=ee4_plugin_admin&utm_medium=link&utm_campaign=wordpress_plugins_page&utm_content=support_link
License: GPLv3
@@ -104,7 +104,7 @@ function espresso_minimum_php_version_error()
*/
function espresso_version(): string
{
- return apply_filters('FHEE__espresso__espresso_version', '5.0.31.rc.000');
+ return apply_filters('FHEE__espresso__espresso_version', '5.0.31.rc.004');
}
/**