diff --git a/.distignore b/.distignore index 47a7700..7b224e8 100644 --- a/.distignore +++ b/.distignore @@ -10,6 +10,8 @@ # Files to ignore /.distignore /.editorconfig +/.eslintignore +/.eslintrc.js /.gitattributes /.gitignore /.phpcs.xml.dist diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e003a3..7d7e766 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file, per [the Ke ## [Unreleased] - TBD +## [2.5.1] - 2023-05-16 +### Security +- Ensure we check user permissions properly in our REST endpoint (props [@mikhail-net](https://github.com/mikhail-net), [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)). + ## [2.5.0] - 2023-04-18 **Note that this release bumps the minimum required versions of PHP from 5.6 to 7.4 and WordPress from 3.8 to 5.7.** @@ -248,6 +252,7 @@ All notable changes to this project will be documented in this file, per [the Ke - Updated version requirements. [Unreleased]: https://github.com/10up/simple-page-ordering/compare/trunk...develop +[2.5.1]: https://github.com/10up/simple-page-ordering/compare/2.5.0...2.5.1 [2.5.0]: https://github.com/10up/simple-page-ordering/compare/2.4.4...2.5.0 [2.4.4]: https://github.com/10up/simple-page-ordering/compare/2.4.3...2.4.4 [2.4.3]: https://github.com/10up/simple-page-ordering/compare/2.4.2...2.4.3 diff --git a/CREDITS.md b/CREDITS.md index 12ee3bc..c23b388 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -10,7 +10,7 @@ The following individuals are responsible for curating the list of issues, respo Thank you to all the people who have already contributed to this repository via bug reports, code, design, ideas, project management, translation, testing, etc. -[10up (@10up)](https://github.com/10up), [Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Oomph, Inc. (@oomphinc)](https://github.com/oomphinc), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Ashar Irfan (@asharirfan)](https://github.com/asharirfan), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Ben Huson (@benhuson)](https://github.com/benhuson), [Jake Jackson (@jakejackson1)](https://github.com/jakejackson1), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [@dtbaker](https://github.com/dtbaker), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Marco Pereirinha (@pereirinha)](https://github.com/pereirinha), [Brent van Rensburg (@brentvr)](https://github.com/brentvr), [Caspar Hübinger (@glueckpress)](https://github.com/glueckpress), [Thomas Griffin (@thomasgriffin)](https://github.com/thomasgriffin), [Simon Waters (@SimonWaters)](https://github.com/SimonWaters), [Dion Hulse (@dd32)](https://github.com/dd32), [Tim Moore (@tmoorewp)](https://github.com/tmoorewp), [Jeffrey Carandang (@phpbits)](https://github.com/phpbits), [Michele Cipriani (@ciprianimike)](https://github.com/ciprianimike), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Max Lyuchin (@cadic)](https://github.com/cadic), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Ankit Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Siddharth Thevaril (@Sidsector9)](https://profiles.wordpress.org/Sidsector9/), [(@dzulfriday)](https://profiles.wordpress.org/dzulfriday/), [Erik Betshammar (@kebbet)](https://github.com/kebbet), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Dan Ruscoe (@ruscoe)](https://github.com/ruscoe), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [Konstantinos Galanakis (@kmgalanakis)](https://github.com/kmgalanakis), [Dependabot (@dependabot)](https://github.com/apps/dependabot). +[10up (@10up)](https://github.com/10up), [Jake Goldman (@jakemgold)](https://github.com/jakemgold), [Ryan Welcher (@ryanwelcher)](https://github.com/ryanwelcher), [Helen Hou-Sandí (@helen)](https://github.com/helen), [Oomph, Inc. (@oomphinc)](https://github.com/oomphinc), [Jeffrey Paul (@jeffpaul)](https://github.com/jeffpaul), [Oscar Sanchez S. (@oscarssanchez)](https://github.com/oscarssanchez), [Ashar Irfan (@asharirfan)](https://github.com/asharirfan), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Ben Huson (@benhuson)](https://github.com/benhuson), [Jake Jackson (@jakejackson1)](https://github.com/jakejackson1), [Darin Kotter (@dkotter)](https://github.com/dkotter), [Tung Du (@dinhtungdu)](https://github.com/dinhtungdu), [@dtbaker](https://github.com/dtbaker), [Adam Silverstein (@adamsilverstein)](https://github.com/adamsilverstein), [Marco Pereirinha (@pereirinha)](https://github.com/pereirinha), [Brent van Rensburg (@brentvr)](https://github.com/brentvr), [Caspar Hübinger (@glueckpress)](https://github.com/glueckpress), [Thomas Griffin (@thomasgriffin)](https://github.com/thomasgriffin), [Simon Waters (@SimonWaters)](https://github.com/SimonWaters), [Dion Hulse (@dd32)](https://github.com/dd32), [Tim Moore (@tmoorewp)](https://github.com/tmoorewp), [Jeffrey Carandang (@phpbits)](https://github.com/phpbits), [Michele Cipriani (@ciprianimike)](https://github.com/ciprianimike), [Sudip Dadhaniya (@sudip-10up)](https://github.com/sudip-10up), [Faisal Alvi (@faisal-alvi)](https://github.com/faisal-alvi), [Max Lyuchin (@cadic)](https://github.com/cadic), [Leho Kraav (@lkraav)](https://github.com/lkraav), [Dharmesh Patel (@iamdharmesh)](https://github.com/iamdharmesh), [Ankit Gupta (@ankitguptaindia)](https://github.com/ankitguptaindia), [Siddharth Thevaril (@Sidsector9)](https://profiles.wordpress.org/Sidsector9/), [(@dzulfriday)](https://profiles.wordpress.org/dzulfriday/), [Erik Betshammar (@kebbet)](https://github.com/kebbet), [Viktor Szépe (@szepeviktor)](https://github.com/szepeviktor), [Peter Wilson (@peterwilsoncc)](https://github.com/peterwilsoncc), [Vikram Moparthy (@vikrampm1)](https://github.com/vikrampm1), [Dhanendran Rajagopal (@dhanendran)](https://github.com/dhanendran), [Jayedul Kabir (@jayedul)](https://github.com/jayedul), [William Patton (@pattonwebz)](https://github.com/pattonwebz), [Dan Ruscoe (@ruscoe)](https://github.com/ruscoe), [Ravinder Kumar (@ravinderk)](https://github.com/ravinderk), [Konstantinos Galanakis (@kmgalanakis)](https://github.com/kmgalanakis), [Dependabot (@dependabot)](https://github.com/apps/dependabot), [Mika (@mikhail-net)](https://github.com/mikhail-net). ## Libraries diff --git a/package-lock.json b/package-lock.json index 5d9f504..de5ada0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "simple-page-ordering", - "version": "2.5.0", + "version": "2.5.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "simple-page-ordering", - "version": "2.5.0", + "version": "2.5.1", "license": "GPLv2 ( or later )", "devDependencies": { "@10up/babel-preset-default": "^2.0.4", diff --git a/package.json b/package.json index f4b4092..d610dba 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "simple-page-ordering", "description": "Order your pages and other hierarchical post types with simple drag and drop right from the standard page list.", - "version": "2.5.0", + "version": "2.5.1", "author": "10up ", "license": "GPLv2 ( or later )", "devDependencies": { diff --git a/readme.txt b/readme.txt index 37e1edc..c2fcfc6 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Tags: order, re-order, ordering, pages, page, manage, menu_order, h Requires at least: 5.7 Requires PHP: 7.4 Tested up to: 6.2 -Stable tag: 2.5.0 +Stable tag: 2.5.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -110,6 +110,9 @@ Yes. The plugin registers the REST endpoint `simple-page-ordering/v1/page_orderi == Changelog == += 2.5.1 - 2023-05-16 = +* **Security:** Ensure we check user permissions properly in our REST endpoint (props [@mikhail-net](https://github.com/mikhail-net), [@dkotter](https://github.com/dkotter), [@peterwilsoncc](https://github.com/peterwilsoncc)). + = 2.5.0 - 2023-04-18 = **Note that this release bumps the minimum required versions of PHP from 5.6 to 7.4 and WordPress from 3.8 to 5.7.** @@ -269,7 +272,7 @@ Yes. The plugin registers the REST endpoint `simple-page-ordering/v1/page_orderi * **Changed:** Simplified code - consolidated hooks. * **Changed:** Updated version requirements. -== Upgrade Notice == +== Upgrade Notice == = 2.5.0 = This release bumps the minimum required versions of PHP from 5.6 to 7.4 and WordPress from 3.8 to 5.7. diff --git a/simple-page-ordering.php b/simple-page-ordering.php index f99a6eb..053e4ad 100644 --- a/simple-page-ordering.php +++ b/simple-page-ordering.php @@ -3,7 +3,7 @@ * Plugin Name: Simple Page Ordering * Plugin URI: http://10up.com/plugins/simple-page-ordering-wordpress/ * Description: Order your pages and hierarchical post types using drag and drop on the built in page list. For further instructions, open the "Help" tab on the Pages screen. - * Version: 2.5.0 + * Version: 2.5.1 * Requires at least: 5.7 * Requires PHP: 7.4 * Author: 10up @@ -16,7 +16,7 @@ */ // Useful global constants. -define( 'SIMPLE_PAGE_ORDERING_VERSION', '2.5.0' ); +define( 'SIMPLE_PAGE_ORDERING_VERSION', '2.5.1' ); if ( ! class_exists( 'Simple_Page_Ordering' ) ) :