Merge pull request #147 from brainstormforce/astra-notice-update

EPS-1150: Update Astra notices to latest

Author: sushmak02

README.md

@@ -4,7 +4,7 @@
 **Donate link:** https://www.paypal.me/BrainstormForce  
 **Requires at least:** 3.6  
 **Tested up to:** 6.7  
-**Stable tag:** 1.2.2  
+**Stable tag:** 1.2.3  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -97,6 +97,9 @@ href=”https://www.brainstormforce.com/go/brainstorm-force-twitter-page/?utm_so
 
 ## Changelog ##
 
+### 1.2.3 ###
+- This update addressed a security bug. Please make sure you are using the latest version on your website.
+
 ### 1.2.2 ###
 - Improvement: WordPress 5.9 compatibility.
 

bb-header-footer.php

@@ -7,7 +7,7 @@
  * Author URI:      https://www.brainstormforce.com/
  * Text Domain:     bb-header-footer
  * Domain Path:     /languages
- * Version:         1.2.2
+ * Version:         1.2.3
  *
  * @package         BB_Header_Footer
  */
@@ -17,7 +17,7 @@
  */
 require_once 'class-bb-header-footer.php';
 
-define( 'BBHF_VER', '1.2.2' );
+define( 'BBHF_VER', '1.2.3' );
 define( 'BBHF_DIR', plugin_dir_path( __FILE__ ) );
 define( 'BBHF_URL', plugins_url( '/', __FILE__ ) );
 define( 'BBHF_PATH', plugin_basename( __FILE__ ) );

lib/astra-notices/class-astra-notices.php

@@ -28,7 +28,7 @@ class Astra_Notices {
 		 * @var array Notices.
 		 * @since 1.0.0
 		 */
-		private static $version = '1.1.8';
+		private static $version = '1.1.12';
 
 		/**
 		 * Notices
@@ -96,6 +96,12 @@ public function add_data_attributes( $allowedposttags, $context ) {
 		 */
 		public static function add_notice( $args = array() ) {
 			self::$notices[] = $args;
+			$notice_id = $args['id']; // Notice ID.
+			$notices = get_option( 'allowed_astra_notices', array() );
+			if(array_search($notice_id, $notices) === false) { 
+				$notices[] = $notice_id; // Add notice id to the array.
+				update_option( 'allowed_astra_notices', $notices ); // Update the option.
+			}
 		}
 
 		/**
@@ -115,13 +121,33 @@ public function dismiss_notice() {
 				return;
 			}
 
+			$allowed_notices = get_option( 'allowed_astra_notices', array() ); // Get allowed notices.
+
+			 // Define restricted user meta keys
+			 $wp_default_meta_keys = array(
+				'wp_capabilities',
+				'wp_user_level',
+				'wp_user-settings',
+				'account_status',
+				'session_tokens',
+			);
+
+			// Verify that the notice being dismissed is in the list of allowed notices.
+			if(array_search($notice_id, $allowed_notices) === false) { 
+				return;
+			}
+
 			if ( false === wp_verify_nonce( $nonce, 'astra-notices' ) ) {
 				wp_send_json_error( esc_html_e( 'WordPress Nonce not validated.' ) );
 			}
 
 			// Valid inputs?
 			if ( ! empty( $notice_id ) ) {
 
+				if ( in_array( $notice_id, $wp_default_meta_keys, true ) ) {
+					wp_send_json_error( esc_html_e( 'Invalid notice ID.' ) );
+				}
+
 				if ( ! empty( $repeat_notice_after ) ) {
 					set_transient( $notice_id, true, $repeat_notice_after );
 				} else {
@@ -141,6 +167,7 @@ public function dismiss_notice() {
 		 * @return void
 		 */
 		public function enqueue_scripts() {
+			wp_register_style( 'astra-notices', self::get_url() . 'notices.css', array(), self::$version );
 			wp_register_script( 'astra-notices', self::get_url() . 'notices.js', array( 'jquery' ), self::$version, true );
 			wp_localize_script(
 				'astra-notices',
@@ -269,14 +296,15 @@ public function show_notices() {
 		 */
 		public static function markup( $notice = array() ) {
 			wp_enqueue_script( 'astra-notices' );
+			wp_enqueue_style( 'astra-notices' );
 
 			do_action( 'astra_notice_before_markup' );
 
 			do_action( "astra_notice_before_markup_{$notice['id']}" );
 
 			?>
-			<div id="<?php echo esc_attr( $notice['id'] ); ?>" class="<?php echo esc_attr( $notice['classes'] ); ?>" data-repeat-notice-after="<?php echo esc_attr( $notice['repeat-notice-after'] ); ?>">
-				<div class="notice-container">
+			<div id="<?php echo esc_attr( $notice['id'] ); ?>" class="<?php echo 'astra-notice-wrapper ' . esc_attr( $notice['classes'] ); ?>" data-repeat-notice-after="<?php echo esc_attr( $notice['repeat-notice-after'] ); ?>">
+				<div class="astra-notice-container">
 					<?php do_action( "astra_notice_inside_markup_{$notice['id']}" ); ?>
 					<?php echo wp_kses_post( $notice['message'] ); ?>
 				</div>

lib/astra-notices/composer.json

@@ -2,23 +2,32 @@
     "name": "brainstormforce/astra-notices",
     "type": "wordpress-plugin",
     "description": "Easily create admin notices",
-    "version": "1.1.8",
-    "license": "GPL v3",
+    "license": "GPL-3.0-or-later",
     "authors": [
         {
             "name": "Brainstorm Force",
             "email": "hello@bsf.io"
         }
     ],
     "require": {
-        "composer/installers": "^1.11"
+        "composer/installers": "^2.0"
     },
     "require-dev": {
         "dealerdirect/phpcodesniffer-composer-installer": "^0.7.1",
-        "phpcompatibility/phpcompatibility-wp": "^2.1",
-        "phpunit/phpunit": "^5.7 || ^6.5 || ^7.5",
+        "phpcompatibility/phpcompatibility-wp": "*",
+        "phpunit/phpunit": "^9.0",
         "wp-cli/dist-archive-command": "^2.0",
-        "wp-coding-standards/wpcs": "^2.3"
+        "wp-coding-standards/wpcs": "^2.3",
+        "wp-phpunit/wp-phpunit": "^6.0",
+        "roots/wordpress": "^6.0",
+        "yoast/phpunit-polyfills": "^1.0"
+    },
+    "config": {
+        "allow-plugins": {
+            "composer/installers": true,
+            "dealerdirect/phpcodesniffer-composer-installer": true,
+            "roots/wordpress-core-installer": true
+        }
     },
     "minimum-stability": "stable",
     "scripts": {

lib/astra-notices/notices.css

@@ -0,0 +1,39 @@
+.astra-review-notice-container {
+	display: flex;
+	align-items: center;
+	padding-top: 10px;
+}
+
+.astra-review-notice-container .dashicons {
+    font-size: 1.4em;
+	padding-left: 10px;
+}
+
+.astra-review-notice-container a {
+    padding-left: 5px;
+    text-decoration: none;
+}
+
+.astra-review-notice-container .dashicons:first-child {
+    padding-left: 0;
+}
+
+.astra-notice-container .notice-image img {
+    max-width: 90px;
+}
+
+.astra-notice-container .notice-content .notice-heading {
+    padding-bottom: 5px;
+}
+
+.astra-notice-container .notice-content {
+    margin-left: 15px;
+}
+
+.astra-notice-container {
+    padding-top: 10px;
+    padding-bottom: 10px;
+    display: flex;
+    justify-content: left;
+    align-items: center;
+}

readme.txt

@@ -4,7 +4,7 @@ Tags: header footer for beaver builder, beaver builder addon, beaver builder, pa
 Donate link: https://www.paypal.me/BrainstormForce
 Requires at least: 3.6
 Tested up to: 6.7
-Stable tag: 1.2.2
+Stable tag: 1.2.3
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -97,6 +97,9 @@ href=”https://www.brainstormforce.com/go/brainstorm-force-twitter-page/?utm_so
 
 == Changelog ==
 
+= 1.2.3 =
+- This update addressed a security bug. Please make sure you are using the latest version on your website.
+
 = 1.2.2 =
 - Improvement: WordPress 5.9 compatibility.