Nested Pages - Version 3.1.13

Version Description

  • Corrects permission issues introduced in previous update
Download this release

Release Info

Developer kylephillips
Plugin Icon 128x128 Nested Pages
Version 3.1.13
Comparing to
See all releases

Code changes from version 3.1.12 to 3.1.13

Files changed (4) hide show
  1. app/Entities/Post/PostUpdateRepository.php +18 -10
  2. app/NestedPages.php +1 -1
  3. nestedpages.php +1 -1
  4. readme.txt +5 -2
app/Entities/Post/PostUpdateRepository.php CHANGED
@@ -4,6 +4,7 @@ namespace NestedPages\Entities\Post;
4
  use NestedPages\Form\Validation\Validation;
5
  use NestedPages\Entities\NavMenu\NavMenuRepository;
6
  use NestedPages\Entities\PostType\PostTypeRepository;
 
7
 
8
  /**
9
  * Post Create/Update Methods
@@ -26,6 +27,11 @@ class PostUpdateRepository
26
  */
27
  protected $post_type_repo;
28
 
 
 
 
 
 
29
  /**
30
  * New Post ID
31
  * @var int
@@ -37,6 +43,7 @@ class PostUpdateRepository
37
  $this->validation = new Validation;
38
  $this->nav_menu_repo = new NavMenuRepository;
39
  $this->post_type_repo = new PostTypeRepository;
 
40
  }
41
 
42
  /**
@@ -47,8 +54,9 @@ class PostUpdateRepository
47
  */
48
  public function updateOrder($posts, $parent = 0, $filtered = false)
49
  {
50
- if ( !current_user_can('manage_options') ) return;
51
  $this->validation->validatePostIDs($posts);
 
 
52
  global $wpdb;
53
  foreach( $posts as $key => $post )
54
  {
@@ -171,7 +179,7 @@ class PostUpdateRepository
171
  */
172
  public function updateTemplate($data)
173
  {
174
- if ( isset($data['page_template']) && current_user_can('edit_post_meta', $data['post_id'], '_wp_page_template') ){
175
  $template = sanitize_text_field($data['page_template']);
176
  update_post_meta(
177
  $data['post_id'],
@@ -188,7 +196,7 @@ class PostUpdateRepository
188
  */
189
  public function updateNavStatus($data)
190
  {
191
- if ( !current_user_can('edit_post_meta', $data['post_id'], '_np_nav_status') ) return;
192
  $status = ( isset($data['nav_status']) && $data['nav_status'] == 'hide' ) ? 'hide' : 'show';
193
  $id = ( isset($data['post_id']) ) ? $data['post_id'] : $this->new_id;
194
  update_post_meta(
@@ -205,7 +213,7 @@ class PostUpdateRepository
205
  */
206
  private function updateNestedPagesStatus($data)
207
  {
208
- if ( !current_user_can('edit_post_meta', $data['post_id'], '_nested_pages_status') ) return;
209
  if ( $this->post_type_repo->standardFieldDisabled('hide_in_np', sanitize_text_field($data['post_type'])) ) return;
210
 
211
  $status = ( isset($data['nested_pages_status']) && $data['nested_pages_status'] == 'hide' ) ? 'hide' : 'show';
@@ -224,7 +232,7 @@ class PostUpdateRepository
224
  */
225
  private function updateNavTitle($data)
226
  {
227
- if ( !current_user_can('edit_post_meta', $data['post_id'], '_np_nav_title') ) return;
228
  if ( isset($data['np_nav_title']) ){
229
  $title = sanitize_text_field($data['np_nav_title']);
230
  update_post_meta(
@@ -242,7 +250,7 @@ class PostUpdateRepository
242
  */
243
  private function updateNavCSS($data)
244
  {
245
- if ( !current_user_can('edit_post_meta', $data['post_id'], '_np_nav_css_classes') ) return;
246
  if ( isset($data['np_nav_css_classes']) ){
247
  $css_classes = sanitize_text_field($data['np_nav_css_classes']);
248
  update_post_meta(
@@ -260,7 +268,7 @@ class PostUpdateRepository
260
  */
261
  private function updateTitleAttribute($data)
262
  {
263
- if ( !current_user_can('edit_post_meta', $data['post_id'], '_np_title_attribute') ) return;
264
  if ( isset($data['np_title_attribute']) ){
265
  $title_attr = sanitize_text_field($data['np_title_attribute']);
266
  update_post_meta(
@@ -280,7 +288,7 @@ class PostUpdateRepository
280
  foreach ( $data as $key => $value ){
281
  if ( strpos($key, 'np_custom_') !== false) {
282
  $field_key = str_replace('np_custom_', '', $key);
283
- if ( !current_user_can('edit_post_meta', $data['post_id'], $field_key) ) continue;
284
  update_post_meta(
285
  $data['post_id'],
286
  $field_key,
@@ -369,7 +377,7 @@ class PostUpdateRepository
369
  */
370
  private function updateLinkTarget($data)
371
  {
372
- if ( !current_user_can('edit_post_meta', $data['post_id'], '_np_link_target') ) return;
373
  $link_target = ( isset($data['link_target']) && $data['link_target'] == "_blank" ) ? "_blank" : "";
374
  $id = ( isset($data['post_id']) ) ? $data['post_id'] : $this->new_id;
375
  update_post_meta(
@@ -461,7 +469,7 @@ class PostUpdateRepository
461
  */
462
  public function saveRedirect($data)
463
  {
464
- if ( !current_user_can('manage_options') ) return;
465
  $new_link = [
466
  'post_title' => sanitize_text_field($data['menuTitle']),
467
  'post_status' => sanitize_text_field('publish'),
4
  use NestedPages\Form\Validation\Validation;
5
  use NestedPages\Entities\NavMenu\NavMenuRepository;
6
  use NestedPages\Entities\PostType\PostTypeRepository;
7
+ use NestedPages\Entities\User\UserRepository;
8
 
9
  /**
10
  * Post Create/Update Methods
27
  */
28
  protected $post_type_repo;
29
 
30
+ /**
31
+ * User Repository
32
+ */
33
+ protected $user_repo;
34
+
35
  /**
36
  * New Post ID
37
  * @var int
43
  $this->validation = new Validation;
44
  $this->nav_menu_repo = new NavMenuRepository;
45
  $this->post_type_repo = new PostTypeRepository;
46
+ $this->user_repo = new UserRepository;
47
  }
48
 
49
  /**
54
  */
55
  public function updateOrder($posts, $parent = 0, $filtered = false)
56
  {
 
57
  $this->validation->validatePostIDs($posts);
58
+ $post_type = get_post_type($posts[0]['id']);
59
+ if ( !$this->user_repo->canSortPosts($post_type) ) return;
60
  global $wpdb;
61
  foreach( $posts as $key => $post )
62
  {
179
  */
180
  public function updateTemplate($data)
181
  {
182
+ if ( isset($data['page_template']) && current_user_can('edit_post', $data['post_id']) ){
183
  $template = sanitize_text_field($data['page_template']);
184
  update_post_meta(
185
  $data['post_id'],
196
  */
197
  public function updateNavStatus($data)
198
  {
199
+ if ( !current_user_can('edit_post', $data['post_id']) ) return;
200
  $status = ( isset($data['nav_status']) && $data['nav_status'] == 'hide' ) ? 'hide' : 'show';
201
  $id = ( isset($data['post_id']) ) ? $data['post_id'] : $this->new_id;
202
  update_post_meta(
213
  */
214
  private function updateNestedPagesStatus($data)
215
  {
216
+ if ( !current_user_can('edit_post', $data['post_id']) ) return;
217
  if ( $this->post_type_repo->standardFieldDisabled('hide_in_np', sanitize_text_field($data['post_type'])) ) return;
218
 
219
  $status = ( isset($data['nested_pages_status']) && $data['nested_pages_status'] == 'hide' ) ? 'hide' : 'show';
232
  */
233
  private function updateNavTitle($data)
234
  {
235
+ if ( !current_user_can('edit_post', $data['post_id']) ) return;
236
  if ( isset($data['np_nav_title']) ){
237
  $title = sanitize_text_field($data['np_nav_title']);
238
  update_post_meta(
250
  */
251
  private function updateNavCSS($data)
252
  {
253
+ if ( !current_user_can('edit_post', $data['post_id']) ) return;
254
  if ( isset($data['np_nav_css_classes']) ){
255
  $css_classes = sanitize_text_field($data['np_nav_css_classes']);
256
  update_post_meta(
268
  */
269
  private function updateTitleAttribute($data)
270
  {
271
+ if ( !current_user_can('edit_post', $data['post_id']) ) return;
272
  if ( isset($data['np_title_attribute']) ){
273
  $title_attr = sanitize_text_field($data['np_title_attribute']);
274
  update_post_meta(
288
  foreach ( $data as $key => $value ){
289
  if ( strpos($key, 'np_custom_') !== false) {
290
  $field_key = str_replace('np_custom_', '', $key);
291
+ if ( !current_user_can('edit_post', $data['post_id']) ) continue;
292
  update_post_meta(
293
  $data['post_id'],
294
  $field_key,
377
  */
378
  private function updateLinkTarget($data)
379
  {
380
+ if ( !current_user_can('edit_post', $data['post_id']) ) return;
381
  $link_target = ( isset($data['link_target']) && $data['link_target'] == "_blank" ) ? "_blank" : "";
382
  $id = ( isset($data['post_id']) ) ? $data['post_id'] : $this->new_id;
383
  update_post_meta(
469
  */
470
  public function saveRedirect($data)
471
  {
472
+ if ( !$this->user_repo->canSortPosts('page') ) return;
473
  $new_link = [
474
  'post_title' => sanitize_text_field($data['menuTitle']),
475
  'post_status' => sanitize_text_field('publish'),
app/NestedPages.php CHANGED
@@ -12,7 +12,7 @@ class NestedPages
12
  $np_env = 'live';
13
 
14
  global $np_version;
15
- $np_version = '3.1.12';
16
 
17
  if ( is_admin() ) $app = new NestedPages\Bootstrap;
18
  if ( !is_admin() ) $app = new NestedPages\FrontEndBootstrap;
12
  $np_env = 'live';
13
 
14
  global $np_version;
15
+ $np_version = '3.1.13';
16
 
17
  if ( is_admin() ) $app = new NestedPages\Bootstrap;
18
  if ( !is_admin() ) $app = new NestedPages\FrontEndBootstrap;
nestedpages.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: Nested Pages
4
  Plugin URI: http://nestedpages.com
5
  Description: Provides an intuitive drag and drop interface for managing pages in the Wordpress admin, while enhancing quick edit. Includes an auto-generated menu to match the nested interface, support for all post types and more.
6
- Version: 3.1.12
7
  Author: Kyle Phillips
8
  Author URI: https://github.com/kylephillips
9
  Text Domain: wp-nested-pages
3
  Plugin Name: Nested Pages
4
  Plugin URI: http://nestedpages.com
5
  Description: Provides an intuitive drag and drop interface for managing pages in the Wordpress admin, while enhancing quick edit. Includes an auto-generated menu to match the nested interface, support for all post types and more.
6
+ Version: 3.1.13
7
  Author: Kyle Phillips
8
  Author URI: https://github.com/kylephillips
9
  Text Domain: wp-nested-pages
readme.txt CHANGED
@@ -3,9 +3,9 @@ Contributors: kylephillips
3
  Donate link: https://github.com/sponsors/kylephillips/
4
  Tags: pages, admin, nested, tree view, page tree, sort, quick edit, structure
5
  Requires at least: 3.8
6
- Tested up to: 5.5
7
  Requires PHP: 5.4
8
- Stable tag: 3.1.11
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -105,6 +105,9 @@ No. The menu synchronization currently only works within the pages post type.
105
 
106
  == Changelog ==
107
 
 
 
 
108
  = 3.1.12 =
109
  * Includes security updates
110
  * Fixes bug where posts not appearing when filtering by a non top-level hierarchical taxonomy. Allows order sorting while the list is filtered (not parent order)
3
  Donate link: https://github.com/sponsors/kylephillips/
4
  Tags: pages, admin, nested, tree view, page tree, sort, quick edit, structure
5
  Requires at least: 3.8
6
+ Tested up to: 5.6
7
  Requires PHP: 5.4
8
+ Stable tag: 3.1.12
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
105
 
106
  == Changelog ==
107
 
108
+ = 3.1.13 =
109
+ * Corrects permission issues introduced in previous update
110
+
111
  = 3.1.12 =
112
  * Includes security updates
113
  * Fixes bug where posts not appearing when filtering by a non top-level hierarchical taxonomy. Allows order sorting while the list is filtered (not parent order)