Changeset 3265445

Timestamp:

04/02/2025 06:36:12 AM (12 months ago)

Author:

tlamedia

Message:

Update to version 2.3.2 from GitHub

Location:

gtm-kit

Files:

• tags/2.3.2 (copied) (copied from gtm-kit/trunk)
• tags/2.3.2/changelog.txt (modified) (1 diff)
• tags/2.3.2/gtm-kit.php (modified) (2 diffs)
• tags/2.3.2/languages/gtm-kit.pot (modified) (4 diffs)
• tags/2.3.2/readme.txt (modified) (2 diffs)
• tags/2.3.2/src/Admin/AbstractOptionsPage.php (modified) (1 diff)
• tags/2.3.2/src/Admin/AdminAPI.php (modified) (1 diff)
• tags/2.3.2/src/Common/RestAPIServer.php (modified) (1 diff)
• tags/2.3.2/vendor/composer/installed.php (modified) (2 diffs)
• trunk/changelog.txt (modified) (1 diff)
• trunk/gtm-kit.php (modified) (2 diffs)
• trunk/languages/gtm-kit.pot (modified) (4 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/src/Admin/AbstractOptionsPage.php (modified) (1 diff)
• trunk/src/Admin/AdminAPI.php (modified) (1 diff)
• trunk/src/Common/RestAPIServer.php (modified) (1 diff)
• trunk/vendor/composer/installed.php (modified) (2 diffs)

gtm-kit/tags/2.3.2/changelog.txt

@@ -1 +1 @@
 *** GTM Kit ***
+
+2025-04-02 - version 2.3.2
+* Fix: Permission were not checked correct on the admin API.
 
 2025-03-12 - version 2.3.1

gtm-kit/tags/2.3.2/gtm-kit.php

@@ -4 +4 @@
  *
  * Plugin Name: GTM Kit
- * Version:     2.3.1
+ * Version:     2.3.2
  * Plugin URI:  https://gtmkit.com/
  * Description: Google Tag Manager implementation focusing on flexibility and pagespeed.
@@ -28 +28 @@
 }
 
-const GTMKIT_VERSION = '2.3.1';
+const GTMKIT_VERSION = '2.3.2';
 
 if ( ! defined( 'GTMKIT_FILE' ) ) {

gtm-kit/tags/2.3.2/languages/gtm-kit.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: GTM Kit 2.3.1\n"
+"Project-Id-Version: GTM Kit 2.3.2\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/gtm-kit\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2025-03-11T08:57:32+00:00\n"
+"POT-Creation-Date: 2025-04-01T14:54:13+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.9.0\n"
@@ -61 +61 @@
 msgstr ""
 
-#: src/Admin/AdminAPI.php:96
-#: src/Common/RestAPIServer.php:33
-msgid "Only authenticated users can access endpoint."
-msgstr ""
-
-#: src/Admin/AdminAPI.php:142
-#: src/Admin/AdminAPI.php:147
+#: src/Admin/AdminAPI.php:126
+#: src/Admin/AdminAPI.php:131
 msgid "The support ticket was not found. Please check that you have entered the correct ticket."
 msgstr ""
 
-#: src/Admin/AdminAPI.php:144
+#: src/Admin/AdminAPI.php:128
 msgid "Thank you! We have received the data."
 msgstr ""
@@ -247 +242 @@
 msgstr ""
 
+#: src/Common/RestAPIServer.php:33
+msgid "Only authenticated users can access endpoint."
+msgstr ""
+
 #: src/Common/Util.php:159
 msgid "Server type:"

gtm-kit/tags/2.3.2/readme.txt

@@ -4 +4 @@
 Tags: google tag manager, gtm, woocommerce, analytics, ga4
 Tested up to: 6.7
-Stable tag: 2.3.1
+Stable tag: 2.3.2
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -93 +93 @@
 == Changelog ==
 
+= 2.3.2 =
+
+Release date: 2025-04-02
+
+#### Security:
+* Permissions were not checked correct on the admin API - [CVE-2025-31001](https://www.cve.org/CVERecord?id=CVE-2025-31001).
+
 = 2.3.1 =
 

gtm-kit/tags/2.3.2/src/Admin/AbstractOptionsPage.php

@@ -198 +198 @@
             #gtmkit-settings-loader {
                 visibility: hidden;
-                animation: loadGTMKitSettingsNoJSView 0s 2s forwards;
+                animation: loadGTMKitSettingsNoJSView 0s 5s forwards;
             }
 

gtm-kit/tags/2.3.2/src/Admin/AdminAPI.php

@@ -82 +82 @@
             ]
         );
-    }
-
-    /**
-     * Permission callback
-     *
-     * @return true|WP_Error
-     */
-    public function permission_callback() {
-        $capability = is_multisite() ? 'manage_network_options' : 'manage_options';
-        $capability = apply_filters( 'gtmkit_admin_capability', $capability );
-
-        if ( ! current_user_can( $capability ) ) {
-            return new WP_Error( 'rest_forbidden', esc_html__( 'Only authenticated users can access endpoint.', 'gtm-kit' ), [ 'status' => 401 ] );
-        }
-
-        return true;
     }
 

gtm-kit/tags/2.3.2/src/Common/RestAPIServer.php

@@ -46 +46 @@
      */
     public function register_rest_route( string $route, array $args ): void {
-        if ( ! isset( $args['permissions_callback'] ) ) {
+        if ( ! isset( $args['permission_callback'] ) ) {
             $args['permission_callback'] = [ $this, 'permission_callback' ];
         }

gtm-kit/tags/2.3.2/vendor/composer/installed.php

@@ -4 +4 @@
         'pretty_version' => 'dev-main',
         'version' => 'dev-main',
-        'reference' => '28b39822035526424f406254d41a7060e988065b',
+        'reference' => '5e9a5d2b672646a6181354ffc06b6d9352bf36c0',
         'type' => 'wordpress-plugin',
         'install_path' => __DIR__ . '/../../',
@@ -14 +14 @@
             'pretty_version' => 'dev-main',
             'version' => 'dev-main',
-            'reference' => '28b39822035526424f406254d41a7060e988065b',
+            'reference' => '5e9a5d2b672646a6181354ffc06b6d9352bf36c0',
             'type' => 'wordpress-plugin',
             'install_path' => __DIR__ . '/../../',

gtm-kit/trunk/changelog.txt

@@ -1 +1 @@
 *** GTM Kit ***
+
+2025-04-02 - version 2.3.2
+* Fix: Permission were not checked correct on the admin API.
 
 2025-03-12 - version 2.3.1

gtm-kit/trunk/gtm-kit.php

@@ -4 +4 @@
  *
  * Plugin Name: GTM Kit
- * Version:     2.3.1
+ * Version:     2.3.2
  * Plugin URI:  https://gtmkit.com/
  * Description: Google Tag Manager implementation focusing on flexibility and pagespeed.
@@ -28 +28 @@
 }
 
-const GTMKIT_VERSION = '2.3.1';
+const GTMKIT_VERSION = '2.3.2';
 
 if ( ! defined( 'GTMKIT_FILE' ) ) {

gtm-kit/trunk/languages/gtm-kit.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: GTM Kit 2.3.1\n"
+"Project-Id-Version: GTM Kit 2.3.2\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/gtm-kit\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
@@ -10 +10 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2025-03-11T08:57:32+00:00\n"
+"POT-Creation-Date: 2025-04-01T14:54:13+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.9.0\n"
@@ -61 +61 @@
 msgstr ""
 
-#: src/Admin/AdminAPI.php:96
-#: src/Common/RestAPIServer.php:33
-msgid "Only authenticated users can access endpoint."
-msgstr ""
-
-#: src/Admin/AdminAPI.php:142
-#: src/Admin/AdminAPI.php:147
+#: src/Admin/AdminAPI.php:126
+#: src/Admin/AdminAPI.php:131
 msgid "The support ticket was not found. Please check that you have entered the correct ticket."
 msgstr ""
 
-#: src/Admin/AdminAPI.php:144
+#: src/Admin/AdminAPI.php:128
 msgid "Thank you! We have received the data."
 msgstr ""
@@ -247 +242 @@
 msgstr ""
 
+#: src/Common/RestAPIServer.php:33
+msgid "Only authenticated users can access endpoint."
+msgstr ""
+
 #: src/Common/Util.php:159
 msgid "Server type:"

gtm-kit/trunk/readme.txt

@@ -4 +4 @@
 Tags: google tag manager, gtm, woocommerce, analytics, ga4
 Tested up to: 6.7
-Stable tag: 2.3.1
+Stable tag: 2.3.2
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -93 +93 @@
 == Changelog ==
 
+= 2.3.2 =
+
+Release date: 2025-04-02
+
+#### Security:
+* Permissions were not checked correct on the admin API - [CVE-2025-31001](https://www.cve.org/CVERecord?id=CVE-2025-31001).
+
 = 2.3.1 =
 

gtm-kit/trunk/src/Admin/AbstractOptionsPage.php

@@ -198 +198 @@
             #gtmkit-settings-loader {
                 visibility: hidden;
-                animation: loadGTMKitSettingsNoJSView 0s 2s forwards;
+                animation: loadGTMKitSettingsNoJSView 0s 5s forwards;
             }
 

gtm-kit/trunk/src/Admin/AdminAPI.php

@@ -82 +82 @@
             ]
         );
-    }
-
-    /**
-     * Permission callback
-     *
-     * @return true|WP_Error
-     */
-    public function permission_callback() {
-        $capability = is_multisite() ? 'manage_network_options' : 'manage_options';
-        $capability = apply_filters( 'gtmkit_admin_capability', $capability );
-
-        if ( ! current_user_can( $capability ) ) {
-            return new WP_Error( 'rest_forbidden', esc_html__( 'Only authenticated users can access endpoint.', 'gtm-kit' ), [ 'status' => 401 ] );
-        }
-
-        return true;
     }
 

gtm-kit/trunk/src/Common/RestAPIServer.php

@@ -46 +46 @@
      */
     public function register_rest_route( string $route, array $args ): void {
-        if ( ! isset( $args['permissions_callback'] ) ) {
+        if ( ! isset( $args['permission_callback'] ) ) {
             $args['permission_callback'] = [ $this, 'permission_callback' ];
         }

gtm-kit/trunk/vendor/composer/installed.php

@@ -4 +4 @@
         'pretty_version' => 'dev-main',
         'version' => 'dev-main',
-        'reference' => '28b39822035526424f406254d41a7060e988065b',
+        'reference' => '5e9a5d2b672646a6181354ffc06b6d9352bf36c0',
         'type' => 'wordpress-plugin',
         'install_path' => __DIR__ . '/../../',
@@ -14 +14 @@
             'pretty_version' => 'dev-main',
             'version' => 'dev-main',
-            'reference' => '28b39822035526424f406254d41a7060e988065b',
+            'reference' => '5e9a5d2b672646a6181354ffc06b6d9352bf36c0',
             'type' => 'wordpress-plugin',
             'install_path' => __DIR__ . '/../../',