brianhansonxyz/homeproz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Hanson.xyz Dev
2026-01-04 17:50:08 -06:00
parent 7e45ce0756
commit acc8ac87a0
4131 changed files with 232562 additions and 250244 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wp-content/plugins/webp-converter-for-media/assets/build/css/styles.css
+1 -1
View File
File diff suppressed because one or more lines are too long
wp-content/plugins/webp-converter-for-media/changelog.txt
+6 -3
View File
@@ -1,5 +1,9 @@
== Changelog ==
= 6.4.0 (2025-12-08) =
* `[Security]` Added permission check to ensure the user can edit the post before manually converting an image in the Media Library (CVE-2025-13750)
* `[Security]` Added stricter permission checks to REST API endpoints for authenticated users
= 6.3.2 (2025-11-24) =
* `[Added]` Support for WordPress 6.9
@@ -9,7 +13,6 @@
= 6.3.0 (2025-10-28) =
* `[Changed]` Message about rewrites_uploads_blocked server configuration error
* `[Added]` Support for WordPress 6.9
= 6.2.4 (2025-09-09) =
* `[Fixed]` Deprecated notice for implicitly nullable parameter when converting images
@@ -417,7 +420,7 @@
* `[Changed]` Message after successfully completing conversion of images
= 4.0.3 (2021-12-20) =
* `[Security]` Added URL validation for Pass Thru loading mode ([CVE-2021-25074](https://wpscan.com/vulnerability/f3c0a155-9563-4533-97d4-03b9bac83164/))
* `[Security]` Added URL validation for Pass Thru loading mode (CVE-2021-25074)
* `[Fixed]` Auto-conversion images with unsupported extensions when uploading files
* `[Fixed]` Generating directory paths when ABSPATH constant is invalid
@@ -688,7 +691,7 @@
* `[Changed]` Limits of maximum execution time
= 1.0.3 (2019-06-26) =
* `[Security]` Fixed CSRF vulnerability when saving plugin settings ([CVE-2019-15834](https://wpscan.com/vulnerability/65483794-f22f-41c7-b286-fd70c38ae160/))
* `[Security]` Fixed CSRF vulnerability when saving plugin settings (CVE-2019-15834)
= 1.0.2 (2019-06-25) =
* `[Changed]` Error messages
wp-content/plugins/webp-converter-for-media/readme.txt
+5 -1
View File
@@ -5,7 +5,7 @@ Tags: convert webp, webp, optimize images, image optimization, compress images
Requires at least: 4.9
Tested up to: 6.9
Requires PHP: 7.1
Stable tag: 6.3.2
Stable tag: 6.4.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -309,6 +309,10 @@ Current list of supported CDN servers:
== Changelog ==
= 6.4.0 (2025-12-08) =
* `[Security]` Added permission check to ensure the user can edit the post before manually converting an image in the Media Library (CVE-2025-13750)
* `[Security]` Added stricter permission checks to REST API endpoints for authenticated users
= 6.3.2 (2025-11-24) =
* `[Added]` Support for WordPress 6.9
wp-content/plugins/webp-converter-for-media/src/Conversion/Endpoint/CronConversionEndpoint.php
+1 -1
View File
@@ -53,7 +53,7 @@ class CronConversionEndpoint extends EndpointAbstract {
/**
* {@inheritdoc}
*/
public function is_valid_request( string $request_nonce ): bool {
public function is_valid_request( string $request_nonce, array $request_params ): bool {
$nonce_value = $this->cron_status_manager->get_conversion_request_id();
if ( $nonce_value === null ) {
return false;
wp-content/plugins/webp-converter-for-media/src/Conversion/Endpoint/EndpointAbstract.php
+3 -2
View File
@@ -12,8 +12,9 @@ abstract class EndpointAbstract implements EndpointInterface {
/**
* {@inheritdoc}
*/
public function is_valid_request( string $request_nonce ): bool {
return (bool) wp_verify_nonce( $request_nonce, 'wp_rest' );
public function is_valid_request( string $request_nonce, array $request_params ): bool {
return ( ( wp_verify_nonce( $request_nonce, 'wp_rest' ) !== false )
&& current_user_can( 'manage_options' ) );
}
/**
wp-content/plugins/webp-converter-for-media/src/Conversion/Endpoint/EndpointIntegrator.php
+2 -1
View File
@@ -43,13 +43,14 @@ class EndpointIntegrator implements HookableInterface {
'methods' => $this->endpoint_object->get_http_methods(),
'permission_callback' => function ( \WP_REST_Request $request ) {
$header_value = $request->get_header( $this->endpoint_object->get_route_nonce_header() );
$params = $request->get_params();
if ( $header_value === null ) {
return new \WP_Error(
'webpc_rest_token_not_found',
__( 'Sorry, you do not have permission to do that.', 'webp-converter-for-media' ),
[ 'status' => rest_authorization_required_code() ]
);
} elseif ( ! $this->endpoint_object->is_valid_request( $header_value ) ) {
} elseif ( ! $this->endpoint_object->is_valid_request( $header_value, $params ) ) {
return new \WP_Error(
'webpc_rest_token_invalid',
__( 'Sorry, you do not have permission to do that.', 'webp-converter-for-media' ),
wp-content/plugins/webp-converter-for-media/src/Conversion/Endpoint/EndpointInterface.php
+3 -2
View File
@@ -24,11 +24,12 @@ interface EndpointInterface {
/**
* Returns whether request can be executed.
*
* @param string $request_nonce .
* @param string $request_nonce .
* @param mixed[] $request_params .
*
* @return bool
*/
public function is_valid_request( string $request_nonce ): bool;
public function is_valid_request( string $request_nonce, array $request_params ): bool;
/**
* Returns list of params for endpoint.
wp-content/plugins/webp-converter-for-media/src/Conversion/Endpoint/RegenerateAttachmentEndpoint.php
+8
View File
@@ -21,6 +21,14 @@ class RegenerateAttachmentEndpoint extends EndpointAbstract {
return \WP_REST_Server::CREATABLE;
}
/**
* {@inheritdoc}
*/
public function is_valid_request( string $request_nonce, array $request_params ): bool {
return ( ( wp_verify_nonce( $request_nonce, 'wp_rest' ) !== false )
&& current_user_can( 'edit_post', $request_params['post_id'] ?? 0 ) );
}
/**
* {@inheritdoc}
*/
wp-content/plugins/webp-converter-for-media/src/Notice/BlackFridayNotice.php
+5 -5
View File
@@ -12,10 +12,10 @@ use WebpConverter\Settings\Page\PageIntegrator;
*/
class BlackFridayNotice extends NoticeAbstract implements NoticeInterface {
const NOTICE_OPTION = 'webpc_notice_bf2025';
const NOTICE_OPTION = 'webpc_notice_bf2026';
const NOTICE_VIEW_PATH = 'components/notices/discount-coupon.php';
const NOTICE_DATE_START = '2025-11-24';
const NOTICE_DATE_END = '2025-12-01';
const NOTICE_DATE_START = '2026-11-23';
const NOTICE_DATE_END = '2026-11-30';
/**
* @var PluginData
@@ -83,9 +83,9 @@ class BlackFridayNotice extends NoticeAbstract implements NoticeInterface {
return [
'ajax_url' => admin_url( 'admin-ajax.php' ),
'close_action' => self::NOTICE_OPTION,
'coupon_code' => 'BF2025',
'coupon_code' => 'BF2026',
'discount_value' => '50%',
'button_url' => 'https://url.mattplugins.com/converter-notice-bf2025-button-read',
'button_url' => 'https://url.mattplugins.com/converter-notice-bf2026-button-read',
'promotion_date' => self::NOTICE_DATE_END,
];
}
wp-content/plugins/webp-converter-for-media/src/Plugin/Uninstall/PluginSettingsManager.php
+1
View File
@@ -41,6 +41,7 @@ class PluginSettingsManager {
OptionsAccessManager::delete_option( 'webpc_notice_bf2022' );
OptionsAccessManager::delete_option( 'webpc_notice_bf2023' );
OptionsAccessManager::delete_option( 'webpc_notice_bf2024' );
OptionsAccessManager::delete_option( 'webpc_notice_bf2025' );
OptionsAccessManager::delete_option( 'webpc_notice_upgrade' );
OptionsAccessManager::delete_option( ErrorDetectorAggregator::ERRORS_CACHE_OPTION );
wp-content/plugins/webp-converter-for-media/src/Service/MediaStatusViewer.php
+1 -1
View File
@@ -117,7 +117,7 @@ class MediaStatusViewer implements HookableInterface {
* @internal
*/
public function print_table_column_value( string $column_name, int $post_id ) {
if ( $column_name !== 'webpc_status' ) {
if ( ( $column_name !== 'webpc_status' ) || ! current_user_can( 'edit_post', $post_id ) ) {
return;
}
wp-content/plugins/webp-converter-for-media/vendor/composer/installed.php
Vendored
+2 -2
View File
@@ -3,7 +3,7 @@
'name' => 'gbiorczyk/webp-converter-for-media',
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => 'ce2723372b8386c8e62e0ba89fe02680a0c41fd2',
'reference' => '0ae416ff99cbab871fb23fecc15d9ea6da468344',
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@@ -13,7 +13,7 @@
'gbiorczyk/webp-converter-for-media' => array(
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => 'ce2723372b8386c8e62e0ba89fe02680a0c41fd2',
'reference' => '0ae416ff99cbab871fb23fecc15d9ea6da468344',
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
wp-content/plugins/webp-converter-for-media/webp-converter-for-media.php
+3 -2
View File
@@ -2,8 +2,9 @@
/**
* Plugin Name: Converter for Media
* Plugin URI: https://mattplugins.com/products/webp-converter-for-media-pro
* Description: Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!
* Version: 6.3.2
* Version: 6.4.0
* Author: matt plugins
* Author URI: https://url.mattplugins.com/converter-plugin-author-link
* Text Domain: webp-converter-for-media
@@ -17,5 +18,5 @@ if ( ! defined( 'ABSPATH' ) ) {
require_once __DIR__ . '/vendor/autoload.php';
new WebpConverter\WebpConverter(
new WebpConverter\PluginInfo( __FILE__, '6.3.2' )
new WebpConverter\PluginInfo( __FILE__, '6.4.0' )
);