diff --git a/composer.json b/composer.json index cd36b808d..20c92bb7f 100644 --- a/composer.json +++ b/composer.json @@ -6,7 +6,7 @@ "require": { "php": "^7.0", "composer-runtime-api": "^2.0", - "enshrined/svg-sanitize": "^0.15.0", + "enshrined/svg-sanitize": "^0.16.0", "micropackage/ajax": "^1.0", "micropackage/cache": "^1.0", "micropackage/dochooks": "1.0.2", diff --git a/composer.lock b/composer.lock index 4496ee025..a337d1abc 100644 --- a/composer.lock +++ b/composer.lock @@ -4,30 +4,30 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "821368760623d445a19d450a436f1744", + "content-hash": "858bf31c6c396d961ef9cc1593bfd90a", "packages": [ { "name": "enshrined/svg-sanitize", - "version": "0.15.0", + "version": "0.16.0", "source": { "type": "git", "url": "https://github.com/darylldoyle/svg-sanitizer.git", - "reference": "17e12ba9c2881caa6b167d0fbea555c11207fbb0" + "reference": "239e257605e2141265b429e40987b2ee51bba4b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/17e12ba9c2881caa6b167d0fbea555c11207fbb0", - "reference": "17e12ba9c2881caa6b167d0fbea555c11207fbb0", + "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/239e257605e2141265b429e40987b2ee51bba4b4", + "reference": "239e257605e2141265b429e40987b2ee51bba4b4", "shasum": "" }, "require": { "ext-dom": "*", "ext-libxml": "*", - "php": "^7.0 || ^8.0" + "ezyang/htmlpurifier": "^4.16", + "php": "^5.6 || ^7.0 || ^8.0" }, "require-dev": { - "codeclimate/php-test-reporter": "^0.1.2", - "phpunit/phpunit": "^6.5 || ^8.5" + "phpunit/phpunit": "^5.7 || ^6.5 || ^8.5" }, "type": "library", "autoload": { @@ -48,9 +48,70 @@ "description": "An SVG sanitizer for PHP", "support": { "issues": "https://github.com/darylldoyle/svg-sanitizer/issues", - "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.15.0" + "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.16.0" }, - "time": "2022-02-13T00:42:56+00:00" + "time": "2023-03-20T10:51:12+00:00" + }, + { + "name": "ezyang/htmlpurifier", + "version": "v4.16.0", + "source": { + "type": "git", + "url": "https://github.com/ezyang/htmlpurifier.git", + "reference": "523407fb06eb9e5f3d59889b3978d5bfe94299c8" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/523407fb06eb9e5f3d59889b3978d5bfe94299c8", + "reference": "523407fb06eb9e5f3d59889b3978d5bfe94299c8", + "shasum": "" + }, + "require": { + "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0" + }, + "require-dev": { + "cerdic/css-tidy": "^1.7 || ^2.0", + "simpletest/simpletest": "dev-master" + }, + "suggest": { + "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.", + "ext-bcmath": "Used for unit conversion and imagecrash protection", + "ext-iconv": "Converts text to and from non-UTF-8 encodings", + "ext-tidy": "Used for pretty-printing HTML" + }, + "type": "library", + "autoload": { + "files": [ + "library/HTMLPurifier.composer.php" + ], + "psr-0": { + "HTMLPurifier": "library/" + }, + "exclude-from-classmap": [ + "/library/HTMLPurifier/Language/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-or-later" + ], + "authors": [ + { + "name": "Edward Z. Yang", + "email": "admin@htmlpurifier.org", + "homepage": "http://ezyang.com" + } + ], + "description": "Standards compliant HTML filter written in PHP", + "homepage": "http://htmlpurifier.org/", + "keywords": [ + "html" + ], + "support": { + "issues": "https://github.com/ezyang/htmlpurifier/issues", + "source": "https://github.com/ezyang/htmlpurifier/tree/v4.16.0" + }, + "time": "2022-09-18T07:06:19+00:00" }, { "name": "micropackage/ajax", @@ -2975,5 +3036,5 @@ "composer-runtime-api": "^2.0" }, "platform-dev": [], - "plugin-api-version": "2.2.0" + "plugin-api-version": "2.3.0" } diff --git a/notification.php b/notification.php index 792aa8e3f..736c47030 100644 --- a/notification.php +++ b/notification.php @@ -4,7 +4,7 @@ * Description: Customisable email and webhook notifications with powerful developer friendly API for custom triggers and notifications. Send alerts easily. * Author: BracketSpace * Author URI: https://bracketspace.com - * Version: 8.0.14 + * Version: 8.0.15 * License: GPL3 * Text Domain: notification * Domain Path: /languages diff --git a/readme.txt b/readme.txt index 8e695cbbb..a3e807466 100644 --- a/readme.txt +++ b/readme.txt @@ -2,8 +2,8 @@ Contributors: notification, bracketspace, Kubitomakita, tomaszadamowicz, insejn, mateuszgbiorczyk Tags: notification, notify, alert, email, mail, webhook, API, developer, framework Requires at least: 4.9 -Tested up to: 6.1 -Stable tag: 8.0.14 +Tested up to: 6.2 +Stable tag: 8.0.15 Requires PHP: 7.0 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.html @@ -302,6 +302,12 @@ Yes! We're offering a [custom plugin development](https://bracketspace.com/custo == Changelog == += 8.0.15 = + +* [Fixed] Comment merge tags rendering empty values. +* [Changed] Development dependencies got some security patches. +* [Changed] `notification/merge_tag/value/resolve` now accepts unsanitized value. + = 8.0.14 = * [Fixed] Outdated dochoooks compatibility file, causing a fatal error while adding new post in some environments. diff --git a/src/Abstracts/MergeTag.php b/src/Abstracts/MergeTag.php index cea221470..0e87b1529 100644 --- a/src/Abstracts/MergeTag.php +++ b/src/Abstracts/MergeTag.php @@ -159,7 +159,7 @@ public function resolve() { $this->resolved = true; - $this->value = apply_filters( 'notification/merge_tag/value/resolve', $this->sanitize( $value ) ); + $this->value = apply_filters( 'notification/merge_tag/value/resolve', $this->sanitize( $value ), $value ); return $this->get_value(); diff --git a/src/Defaults/MergeTag/Comment/CommentActionApprove.php b/src/Defaults/MergeTag/Comment/CommentActionApprove.php index c4e515738..8379baed6 100644 --- a/src/Defaults/MergeTag/Comment/CommentActionApprove.php +++ b/src/Defaults/MergeTag/Comment/CommentActionApprove.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentActionDelete.php b/src/Defaults/MergeTag/Comment/CommentActionDelete.php index 4864a50c6..c71fc588f 100644 --- a/src/Defaults/MergeTag/Comment/CommentActionDelete.php +++ b/src/Defaults/MergeTag/Comment/CommentActionDelete.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentActionSpam.php b/src/Defaults/MergeTag/Comment/CommentActionSpam.php index b409b1166..149e225c8 100644 --- a/src/Defaults/MergeTag/Comment/CommentActionSpam.php +++ b/src/Defaults/MergeTag/Comment/CommentActionSpam.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentActionTrash.php b/src/Defaults/MergeTag/Comment/CommentActionTrash.php index 4e5a1df74..b2c88debc 100644 --- a/src/Defaults/MergeTag/Comment/CommentActionTrash.php +++ b/src/Defaults/MergeTag/Comment/CommentActionTrash.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentAuthorIP.php b/src/Defaults/MergeTag/Comment/CommentAuthorIP.php index cd81d5781..43fd3cad1 100644 --- a/src/Defaults/MergeTag/Comment/CommentAuthorIP.php +++ b/src/Defaults/MergeTag/Comment/CommentAuthorIP.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentAuthorUrl.php b/src/Defaults/MergeTag/Comment/CommentAuthorUrl.php index c4d5f3469..1c40c6946 100644 --- a/src/Defaults/MergeTag/Comment/CommentAuthorUrl.php +++ b/src/Defaults/MergeTag/Comment/CommentAuthorUrl.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentAuthorUserAgent.php b/src/Defaults/MergeTag/Comment/CommentAuthorUserAgent.php index 8fbd66136..4ce9e51a9 100644 --- a/src/Defaults/MergeTag/Comment/CommentAuthorUserAgent.php +++ b/src/Defaults/MergeTag/Comment/CommentAuthorUserAgent.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentContent.php b/src/Defaults/MergeTag/Comment/CommentContent.php index 0f1300910..ef105529c 100644 --- a/src/Defaults/MergeTag/Comment/CommentContent.php +++ b/src/Defaults/MergeTag/Comment/CommentContent.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentContentHtml.php b/src/Defaults/MergeTag/Comment/CommentContentHtml.php index a4e32c1b8..946d23247 100644 --- a/src/Defaults/MergeTag/Comment/CommentContentHtml.php +++ b/src/Defaults/MergeTag/Comment/CommentContentHtml.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentID.php b/src/Defaults/MergeTag/Comment/CommentID.php index ff378ebf6..b4dbef559 100644 --- a/src/Defaults/MergeTag/Comment/CommentID.php +++ b/src/Defaults/MergeTag/Comment/CommentID.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentIsReply.php b/src/Defaults/MergeTag/Comment/CommentIsReply.php index 1fc10fbd3..1e0dcb3c1 100644 --- a/src/Defaults/MergeTag/Comment/CommentIsReply.php +++ b/src/Defaults/MergeTag/Comment/CommentIsReply.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentStatus.php b/src/Defaults/MergeTag/Comment/CommentStatus.php index 12a72a139..74dc9e926 100644 --- a/src/Defaults/MergeTag/Comment/CommentStatus.php +++ b/src/Defaults/MergeTag/Comment/CommentStatus.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $comment_type_name = WpObjectHelper::get_comment_type_name( $this->comment_type ); diff --git a/src/Defaults/MergeTag/Comment/CommentType.php b/src/Defaults/MergeTag/Comment/CommentType.php index cb237c9c6..9b623173e 100644 --- a/src/Defaults/MergeTag/Comment/CommentType.php +++ b/src/Defaults/MergeTag/Comment/CommentType.php @@ -34,7 +34,7 @@ public function __construct( $params = [] ) { $this->comment_type = $params['comment_type']; } - $this->set_trigger_prop( $params['property_name'] ?? $this->comment_type ); + $this->set_trigger_prop( $params['property_name'] ?? 'comment' ); $args = wp_parse_args( $params, diff --git a/yarn.lock b/yarn.lock index 669a3ced1..2ff76206f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2842,9 +2842,9 @@ decamelize@^1.1.0, decamelize@^1.1.2, decamelize@^1.2.0: integrity sha1-9lNNFRSCabIDUue+4m9QH5oZEpA= decode-uri-component@^0.2.0: - version "0.2.0" - resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.0.tgz#eb3913333458775cb84cd1a1fae062106bb87545" - integrity sha1-6zkTMzRYd1y4TNGh+uBiEGu4dUU= + version "0.2.2" + resolved "https://registry.yarnpkg.com/decode-uri-component/-/decode-uri-component-0.2.2.tgz#e69dbe25d37941171dd540e024c444cd5188e1e9" + integrity sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ== decompress-response@^3.2.0, decompress-response@^3.3.0: version "3.3.0" @@ -5130,9 +5130,9 @@ json2php@^0.0.4: integrity sha1-a9haHdpqXdfpECK7JEA8wbfC7jQ= json5@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.1.tgz#779fb0018604fa854eacbf6252180d83543e3dbe" - integrity sha512-aKS4WQjPenRxiQsC93MNfjx+nbF4PAdYzmd/1JIj8HYzqfbu86beTuNgXDzPknWk0n0uARlyewZo4s++ES36Ow== + version "1.0.2" + resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.2.tgz#63d98d60f21b313b77c4d6da18bfa69d80e1d593" + integrity sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA== dependencies: minimist "^1.2.0" @@ -5655,12 +5655,7 @@ minimist-options@4.1.0: is-plain-obj "^1.1.0" kind-of "^6.0.3" -minimist@^1.1.3, minimist@^1.2.5: - version "1.2.5" - resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602" - integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw== - -minimist@^1.2.0: +minimist@^1.1.3, minimist@^1.2.0, minimist@^1.2.5: version "1.2.7" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.7.tgz#daa1c4d91f507390437c6a8bc01078e7000c4d18" integrity sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g== @@ -6755,9 +6750,9 @@ qs@^6.4.0: integrity sha512-TIRk4aqYLNoJUbd+g2lEdz5kLWIuTMRagAXxl78Q0RiVjAOugHmeKNGdd3cwo/ktpf9aL9epCfFqWDEKysUlLQ== qs@~6.5.2: - version "6.5.2" - resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36" - integrity sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA== + version "6.5.3" + resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.3.tgz#3aeeffc91967ef6e35c0e488ef46fb296ab76aad" + integrity sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA== query-string@^4.1.0: version "4.3.4"