OneSignal – Free Web Push Notifications - Version 2.0.1

Version Description

  • Bug fix: link expired issue due to failing nonce check when creating posts from other WordPress plugins
Download this release

Release Info

Developer OneSignal
Plugin Icon 128x128 OneSignal – Free Web Push Notifications
Version 2.0.1
Comparing to
See all releases

Code changes from version 2.0.0 to 2.0.1

Files changed (3) hide show
  1. onesignal-admin.php +15 -12
  2. onesignal.php +1 -1
  3. readme.txt +6 -2
onesignal-admin.php CHANGED
@@ -602,17 +602,22 @@ class OneSignal_Admin
602
  public static function send_notification_on_wp_post($new_status, $old_status, $post)
603
  {
604
  try {
605
- // quirk of Gutenberg editor leads to two passes if meta box is added
606
- // conditional removes first pass
607
- if( defined( 'REST_REQUEST' ) && REST_REQUEST ) {
608
- return;
609
- }
610
-
611
- // Verify that the nonce is valid.
612
- if (!check_admin_referer(OneSignal_Admin::$SAVE_POST_NONCE_ACTION, OneSignal_Admin::$SAVE_POST_NONCE_KEY)) {
613
- return;
614
- }
615
 
 
 
 
 
 
616
  $time_to_wait = self::get_sending_rate_limit_wait_time();
617
  if ($time_to_wait > 0) {
618
  set_transient('onesignal_transient_error', '<div class="error notice onesignal-error-notice">
@@ -633,8 +638,6 @@ class OneSignal_Admin
633
 
634
  /* When this post was created or updated, the OneSignal meta box in the WordPress post editor screen was visible */
635
  $onesignal_meta_box_present = $was_posted && isset($_POST['onesignal_meta_box_present'], $_POST['onesignal_meta_box_present']) && $_POST['onesignal_meta_box_present'] === 'true';
636
- /* The checkbox "Send notification on post publish/update" on the OneSignal meta box is checked */
637
- $onesignal_meta_box_send_notification_checked = $was_posted && array_key_exists('send_onesignal_notification', $_POST) && $_POST['send_onesignal_notification'] === 'true';
638
 
639
  /* This is a scheduled post and the OneSignal meta box was present. */
640
  $post_metadata_was_onesignal_meta_box_present = (get_post_meta($post->ID, 'onesignal_meta_box_present') === true);
602
  public static function send_notification_on_wp_post($new_status, $old_status, $post)
603
  {
604
  try {
605
+ // quirk of Gutenberg editor leads to two passes if meta box is added
606
+ // conditional removes first pass
607
+ if( defined( 'REST_REQUEST' ) && REST_REQUEST ) {
608
+ return;
609
+ }
610
+
611
+ /* The checkbox "Send notification on post publish/update" on the OneSignal meta box is checked */
612
+ $onesignal_meta_box_send_notification_checked = $was_posted && array_key_exists('send_onesignal_notification', $_POST) && $_POST['send_onesignal_notification'] === 'true';
613
+
614
+ $nonce = (isset($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]) ? filter_var(isset($_POST[OneSignal_Admin::$SAVE_POST_NONCE_KEY]), FILTER_SANITIZE_STRING) : '');
615
 
616
+ // Verify that the nonce is valid.
617
+ if ($onesignal_meta_box_send_notification_checked && !wp_verify_nonce($nonce, OneSignal_Admin::$SAVE_POST_NONCE_ACTION)) {
618
+ return;
619
+ }
620
+
621
  $time_to_wait = self::get_sending_rate_limit_wait_time();
622
  if ($time_to_wait > 0) {
623
  set_transient('onesignal_transient_error', '<div class="error notice onesignal-error-notice">
638
 
639
  /* When this post was created or updated, the OneSignal meta box in the WordPress post editor screen was visible */
640
  $onesignal_meta_box_present = $was_posted && isset($_POST['onesignal_meta_box_present'], $_POST['onesignal_meta_box_present']) && $_POST['onesignal_meta_box_present'] === 'true';
 
 
641
 
642
  /* This is a scheduled post and the OneSignal meta box was present. */
643
  $post_metadata_was_onesignal_meta_box_present = (get_post_meta($post->ID, 'onesignal_meta_box_present') === true);
onesignal.php CHANGED
@@ -6,7 +6,7 @@ defined('ABSPATH') or die('This page may not be accessed directly.');
6
  * Plugin Name: OneSignal Push Notifications
7
  * Plugin URI: https://onesignal.com/
8
  * Description: Free web push notifications.
9
- * Version: 2.0.0
10
  * Author: OneSignal
11
  * Author URI: https://onesignal.com
12
  * License: MIT
6
  * Plugin Name: OneSignal Push Notifications
7
  * Plugin URI: https://onesignal.com/
8
  * Description: Free web push notifications.
9
+ * Version: 2.0.1
10
  * Author: OneSignal
11
  * Author URI: https://onesignal.com
12
  * License: MIT
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://onesignal.com
4
  Tags: chrome, firefox, safari, push, push notifications, push notification, chrome push, safari push, firefox push, notification, notifications, web push, notify, mavericks, android, android push, android notifications, android notification, mobile notification, mobile notifications, mobile, desktop notification, roost, goroost, desktop notifications, gcm, push messages, onesignal
5
  Requires at least: 3.8
6
  Tested up to: 5.2.2
7
- Stable tag: 2.0.0
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
@@ -21,7 +21,7 @@ You can configure notification delivery at preset intervals, create user segment
21
  OneSignal’s free plan allows targeting up to 30,000 subscribers with push notifications. Contact support@onesignal.com if you have any questions. We’d love to hear from you!
22
 
23
  = Company =
24
- OneSignal is trusted by over 845,000 developers and marketing strategists. We power push notifications for everyone from early stage startups to Fortune 500 Companies, sending 4 billion notifications per day. It is the most popular push notification plugin on Wordpress with 90,000+ installations.
25
 
26
  = Features =
27
  * **Supports Chrome** (Desktop & Android), **Safari** (Mac OS X), **Microsoft Edge** (Desktop & Android), **Opera** (Desktop & Android) and **Firefox** (Desktop & Android) on both HTTP and HTTPS sites.
@@ -65,6 +65,10 @@ HTTPS Setup Video: [youtube https://www.youtube.com/watch?v=BeTZ2KgytC0]
65
 
66
  == Changelog ==
67
 
 
 
 
 
68
  = 2.0.0 =
69
 
70
  - Wordpress VIP support, general refactoring, bug fixes
4
  Tags: chrome, firefox, safari, push, push notifications, push notification, chrome push, safari push, firefox push, notification, notifications, web push, notify, mavericks, android, android push, android notifications, android notification, mobile notification, mobile notifications, mobile, desktop notification, roost, goroost, desktop notifications, gcm, push messages, onesignal
5
  Requires at least: 3.8
6
  Tested up to: 5.2.2
7
+ Stable tag: 2.0.1
8
  License: GPLv2 or later
9
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
 
21
  OneSignal’s free plan allows targeting up to 30,000 subscribers with push notifications. Contact support@onesignal.com if you have any questions. We’d love to hear from you!
22
 
23
  = Company =
24
+ OneSignal is trusted by over 860,000 developers and marketing strategists. We power push notifications for everyone from early stage startups to Fortune 500 Companies, sending 4 billion notifications per day. It is the most popular push notification plugin on Wordpress with 90,000+ installations.
25
 
26
  = Features =
27
  * **Supports Chrome** (Desktop & Android), **Safari** (Mac OS X), **Microsoft Edge** (Desktop & Android), **Opera** (Desktop & Android) and **Firefox** (Desktop & Android) on both HTTP and HTTPS sites.
65
 
66
  == Changelog ==
67
 
68
+ = 2.0.1 =
69
+
70
+ - Bug fix: link expired issue due to failing nonce check when creating posts from other WordPress plugins
71
+
72
  = 2.0.0 =
73
 
74
  - Wordpress VIP support, general refactoring, bug fixes