diff --git a/changelog.txt b/changelog.txt
index af1cc4f8a3..96dab631ac 100755
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,5 +1,16 @@
*** Changelog ***
+## 4.24.1 - 2024-06-13
+### Security
+- Improve security for lessons and modules ordering
+
+### Fixed
+- Avoid creating a new translation if it exists already [#7609](https://github.com/Automattic/sensei/pull/7609)
+- Change some taxonomy capabilities to fix some behaviors [#7613](https://github.com/Automattic/sensei/pull/7613)
+- Contact teacher form not displaying correctly in Learning Mode [#7610](https://github.com/Automattic/sensei/pull/7610)
+- Register Sensei LMS custom post types without delay [#7607](https://github.com/Automattic/sensei/pull/7607)
+- Support "0" or other falsy values as an answer for a quiz question [#7614](https://github.com/Automattic/sensei/pull/7614)
+
## 4.24.0 - 2024-04-25
### Security
- Prevent unauthenticated flushing of rewrite rules [#7596](https://github.com/Automattic/sensei/pull/7596)
diff --git a/changelog/fix-capability-issue b/changelog/fix-capability-issue
deleted file mode 100644
index 33077391a1..0000000000
--- a/changelog/fix-capability-issue
+++ /dev/null
@@ -1,4 +0,0 @@
-Significance: patch
-Type: fixed
-
-Change some taxonomy capabilities to fix some behaviors
diff --git a/changelog/fix-contact-teacher-block-in-learning-mode b/changelog/fix-contact-teacher-block-in-learning-mode
deleted file mode 100644
index 7a749fd478..0000000000
--- a/changelog/fix-contact-teacher-block-in-learning-mode
+++ /dev/null
@@ -1,4 +0,0 @@
-Significance: patch
-Type: fixed
-
-Contact teacher form not displaying correctly in Learning Mode
diff --git a/changelog/fix-quiz-questions-with-falsy-answers b/changelog/fix-quiz-questions-with-falsy-answers
deleted file mode 100644
index 8e9e7b06d4..0000000000
--- a/changelog/fix-quiz-questions-with-falsy-answers
+++ /dev/null
@@ -1,4 +0,0 @@
-Significance: patch
-Type: fixed
-
-Support "0" or other falsy values as an answer for a quiz question
diff --git a/changelog/fix-wpml-slug-translation b/changelog/fix-wpml-slug-translation
deleted file mode 100644
index f3a4c475cc..0000000000
--- a/changelog/fix-wpml-slug-translation
+++ /dev/null
@@ -1,4 +0,0 @@
-Significance: patch
-Type: fixed
-
-Register Sensei LMS custom post types without delay
diff --git a/changelog/fix-wpml-translate-updated-content b/changelog/fix-wpml-translate-updated-content
deleted file mode 100644
index 510cb8c115..0000000000
--- a/changelog/fix-wpml-translate-updated-content
+++ /dev/null
@@ -1,4 +0,0 @@
-Significance: patch
-Type: fixed
-
-Avoid creating a new translation if it exists already
diff --git a/includes/class-sensei-admin.php b/includes/class-sensei-admin.php
index e40d2a4d4d..89dcc0dcd7 100755
--- a/includes/class-sensei-admin.php
+++ b/includes/class-sensei-admin.php
@@ -1248,12 +1248,18 @@ public function save_course_order( $order_string = '' ) {
*/
public function handle_order_lessons() {
check_admin_referer( 'order_lessons' );
- if ( ! current_user_can( 'edit_published_lessons' ) ) {
+
+ $course_id = isset( $_POST['course_id'] ) ? intval( $_POST['course_id'] ) : 0;
+
+ if (
+ ! current_user_can( 'edit_published_lessons' )
+ || ! Sensei_Course::can_current_user_edit_course( $course_id )
+ ) {
wp_die( esc_html__( 'Insufficient permissions', 'sensei-lms' ) );
}
if (
- empty( $_POST['course_id'] )
+ empty( $course_id )
|| empty( $_POST['lessons'] )
) {
_doing_it_wrong(
@@ -1273,8 +1279,7 @@ public function handle_order_lessons() {
];
}
- $course_id = (int) $_POST['course_id'];
- $ordered = $this->sync_lesson_order(
+ $ordered = $this->sync_lesson_order(
$lessons_order,
$course_id
);
diff --git a/includes/class-sensei-modules.php b/includes/class-sensei-modules.php
index 14849972f5..e5eb42914d 100644
--- a/includes/class-sensei-modules.php
+++ b/includes/class-sensei-modules.php
@@ -1261,7 +1261,7 @@ public function add_submenus() {
'', // Hide the submenu.
__( 'Order Modules', 'sensei-lms' ),
__( 'Order Modules', 'sensei-lms' ),
- 'edit_lessons',
+ 'edit_courses',
$this->order_page_slug,
array( $this, 'module_order_screen' )
);
@@ -1275,18 +1275,27 @@ public function add_submenus() {
public function handle_order_modules() {
check_admin_referer( 'order_modules' );
+ $course_id = isset( $_POST['course_id'] ) ? intval( $_POST['course_id'] ) : 0;
+ $module_order = isset( $_POST['module-order'] ) ? sanitize_text_field( wp_unslash( $_POST['module-order'] ) ) : '';
+
+ if (
+ ! Sensei_Course::can_current_user_edit_course( $course_id )
+ ) {
+ wp_die( esc_html__( 'Insufficient permissions', 'sensei-lms' ) );
+ }
+
$ordered = false;
- if ( isset( $_POST['module-order'] ) && 0 < strlen( $_POST['module-order'] ) ) {
- $ordered = $this->save_course_module_order( esc_attr( $_POST['module-order'] ), esc_attr( $_POST['course_id'] ) );
+ if ( 0 < strlen( $module_order ) ) {
+ $ordered = $this->save_course_module_order( esc_attr( $module_order ), $course_id );
}
- wp_redirect(
+ wp_safe_redirect(
esc_url_raw(
add_query_arg(
array(
'page' => $this->order_page_slug,
'ordered' => $ordered,
- 'course_id' => $_POST['course_id'],
+ 'course_id' => $course_id,
),
admin_url( 'admin.php' )
)
diff --git a/lang/sensei-lms.pot b/lang/sensei-lms.pot
index 7b1d05ee12..bb89fe6a89 100644
--- a/lang/sensei-lms.pot
+++ b/lang/sensei-lms.pot
@@ -2,14 +2,14 @@
# This file is distributed under the GPL version 2 or later - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
msgid ""
msgstr ""
-"Project-Id-Version: Sensei LMS 4.24.0\n"
+"Project-Id-Version: Sensei LMS 4.24.1\n"
"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/sensei-lms\n"
"Last-Translator: \n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2024-04-25T13:32:28+00:00\n"
+"POT-Creation-Date: 2024-06-13T12:20:37+00:00\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"X-Generator: WP-CLI 2.10.0\n"
"X-Domain: sensei-lms\n"
@@ -379,7 +379,7 @@ msgstr ""
#. translators: %d: the number of links to be displayed
#: includes/admin/class-sensei-learners-admin-bulk-actions-view.php:503
-#: includes/class-sensei-modules.php:1490
+#: includes/class-sensei-modules.php:1499
msgid "+%d more"
msgstr ""
@@ -658,12 +658,12 @@ msgstr ""
#: includes/admin/class-sensei-learners-main.php:1198
#: includes/blocks/class-sensei-course-outline-module-block.php:98
-#: includes/class-sensei-admin.php:1610
+#: includes/class-sensei-admin.php:1615
#: includes/class-sensei-analysis-overview-list-table.php:1196
#: includes/class-sensei-analysis.php:112
#: includes/class-sensei-course.php:3516
#: includes/class-sensei-lesson.php:244
-#: includes/class-sensei-modules.php:1621
+#: includes/class-sensei-modules.php:1630
#: includes/class-sensei-posttypes.php:936
#: includes/class-sensei-posttypes.php:937
#: includes/class-sensei-posttypes.php:1208
@@ -737,7 +737,7 @@ msgstr ""
#: includes/admin/class-sensei-setup-wizard-pages.php:60
#: includes/admin/home/quick-links/class-sensei-home-quick-links-provider.php:24
-#: includes/class-sensei-admin.php:1609
+#: includes/class-sensei-admin.php:1614
#: includes/class-sensei-analysis-overview-list-table.php:1195
#: includes/class-sensei-analysis-user-profile-list-table.php:362
#: includes/class-sensei-analysis.php:111
@@ -766,7 +766,7 @@ msgid "my-courses"
msgstr ""
#: includes/admin/class-sensei-setup-wizard-pages.php:64
-#: includes/class-sensei-admin.php:1611
+#: includes/class-sensei-admin.php:1616
#: widgets/class-sensei-course-component-widget.php:338
msgid "My Courses"
msgstr ""
@@ -2187,7 +2187,7 @@ msgid "Your Total Grade"
msgstr ""
#: includes/blocks/class-sensei-learner-messages-button-block.php:76
-#: includes/class-sensei-admin.php:1613
+#: includes/class-sensei-admin.php:1618
#: includes/class-sensei-course.php:2215
#: includes/class-sensei-messages.php:935
#: includes/class-sensei-messages.php:1031
@@ -2360,7 +2360,7 @@ msgstr ""
#: includes/class-sensei-admin.php:155
#: includes/class-sensei-admin.php:156
-#: includes/class-sensei-admin.php:1306
+#: includes/class-sensei-admin.php:1311
#: includes/class-sensei-lesson.php:248
msgid "Order Lessons"
msgstr ""
@@ -2404,7 +2404,8 @@ msgid "Invalid post type. Can duplicate only lessons and courses"
msgstr ""
#: includes/class-sensei-admin.php:656
-#: includes/class-sensei-admin.php:1252
+#: includes/class-sensei-admin.php:1258
+#: includes/class-sensei-modules.php:1284
#: includes/internal/emails/class-email-list-table-actions.php:115
#: includes/internal/emails/class-email-list-table-actions.php:129
#: includes/internal/emails/class-email-preview.php:200
@@ -2423,72 +2424,72 @@ msgstr ""
msgid "Save course order"
msgstr ""
-#: includes/class-sensei-admin.php:1314
+#: includes/class-sensei-admin.php:1319
msgid "The lesson order has been saved."
msgstr ""
-#: includes/class-sensei-admin.php:1337
+#: includes/class-sensei-admin.php:1342
#: includes/class-sensei-analysis-overview-list-table.php:1146
#: includes/class-sensei-grading-main.php:432
#: includes/class-sensei-grading.php:569
-#: includes/class-sensei-modules.php:1326
+#: includes/class-sensei-modules.php:1335
#: includes/reports/overview/list-table/class-sensei-reports-overview-list-table-abstract.php:377
msgid "Select a course"
msgstr ""
-#: includes/class-sensei-admin.php:1348
-#: includes/class-sensei-modules.php:1339
+#: includes/class-sensei-admin.php:1353
+#: includes/class-sensei-modules.php:1348
msgid "Select"
msgstr ""
-#: includes/class-sensei-admin.php:1386
+#: includes/class-sensei-admin.php:1391
#: includes/class-sensei-course.php:3511
#: templates/course-results/lessons.php:123
msgid "Other Lessons"
msgstr ""
-#: includes/class-sensei-admin.php:1401
+#: includes/class-sensei-admin.php:1406
msgid "Save lesson order"
msgstr ""
-#: includes/class-sensei-admin.php:1404
+#: includes/class-sensei-admin.php:1409
msgid "There are no lessons in this course."
msgstr ""
-#: includes/class-sensei-admin.php:1612
+#: includes/class-sensei-admin.php:1617
msgid "My Profile"
msgstr ""
-#: includes/class-sensei-admin.php:1614
+#: includes/class-sensei-admin.php:1619
#: includes/class-sensei-frontend.php:383
#: templates/user/login-form.php:25
#: templates/user/login-form.php:67
msgid "Login"
msgstr ""
-#: includes/class-sensei-admin.php:1614
+#: includes/class-sensei-admin.php:1619
#: includes/class-sensei-frontend.php:381
msgid "Logout"
msgstr ""
-#: includes/class-sensei-admin.php:1647
+#: includes/class-sensei-admin.php:1652
msgid "Add to Menu"
msgstr ""
-#: includes/class-sensei-admin.php:1720
+#: includes/class-sensei-admin.php:1725
msgid "Settings > General"
msgstr ""
-#: includes/class-sensei-admin.php:1721
+#: includes/class-sensei-admin.php:1726
msgid "add a new Administrator"
msgstr ""
-#: includes/class-sensei-admin.php:1722
+#: includes/class-sensei-admin.php:1727
msgid "existing Administrator"
msgstr ""
#. translators: The %s placeholders are as follows: - A link to the General Settings page with the translated text "Settings > General". - A link to add an admin user with the translated text "add a new Administrator". - The current admin email address from the Settings. - A link to view the existing admin users, with the translated text "existing Administrator".
-#: includes/class-sensei-admin.php:1733
+#: includes/class-sensei-admin.php:1738
msgid "To prevent issues with Sensei LMS module names, your Email Address in %1$s should also belong to an Administrator user. You can either %2$s with the email address %3$s, or change that email address to match the email of an %4$s."
msgstr ""
@@ -4258,10 +4259,10 @@ msgstr ""
#: includes/class-sensei-modules.php:251
#: includes/class-sensei-modules.php:1248
-#: includes/class-sensei-modules.php:1418
-#: includes/class-sensei-modules.php:1998
-#: includes/class-sensei-modules.php:2150
-#: includes/class-sensei-modules.php:2161
+#: includes/class-sensei-modules.php:1427
+#: includes/class-sensei-modules.php:2007
+#: includes/class-sensei-modules.php:2159
+#: includes/class-sensei-modules.php:2170
#: includes/class-sensei-posttypes.php:1200
#: includes/class-sensei-posttypes.php:1201
#: assets/blocks/course-outline/outline-block/outline-settings.js:26
@@ -4275,16 +4276,16 @@ msgstr ""
#: includes/class-sensei-modules.php:1251
#: includes/class-sensei-modules.php:1262
#: includes/class-sensei-modules.php:1263
-#: includes/class-sensei-modules.php:1308
-#: includes/class-sensei-modules.php:1512
+#: includes/class-sensei-modules.php:1317
+#: includes/class-sensei-modules.php:1521
msgid "Order Modules"
msgstr ""
#: includes/class-sensei-modules.php:278
-#: includes/class-sensei-modules.php:1529
-#: includes/class-sensei-modules.php:1681
-#: includes/class-sensei-modules.php:1734
-#: includes/class-sensei-modules.php:2151
+#: includes/class-sensei-modules.php:1538
+#: includes/class-sensei-modules.php:1690
+#: includes/class-sensei-modules.php:1743
+#: includes/class-sensei-modules.php:2160
#: assets/blocks/course-outline/module-block/index.js:21
#: assets/blocks/course-outline/outline-block/outline-appender.js:49
#: assets/course-theme/blocks/lesson-blocks/module-title/module-title-edit.js:10
@@ -4339,68 +4340,68 @@ msgstr ""
msgid "Please sign up for the %1$s before starting the module."
msgstr ""
-#: includes/class-sensei-modules.php:1316
+#: includes/class-sensei-modules.php:1325
msgid "The module order has been saved for this course."
msgstr ""
-#: includes/class-sensei-modules.php:1363
+#: includes/class-sensei-modules.php:1372
msgid "Save module order"
msgstr ""
-#: includes/class-sensei-modules.php:1364
+#: includes/class-sensei-modules.php:1373
msgid "Edit course"
msgstr ""
-#: includes/class-sensei-modules.php:1953
+#: includes/class-sensei-modules.php:1962
msgid "Search for courses"
msgstr ""
-#: includes/class-sensei-modules.php:2152
+#: includes/class-sensei-modules.php:2161
msgid "Search Modules"
msgstr ""
-#: includes/class-sensei-modules.php:2153
+#: includes/class-sensei-modules.php:2162
msgid "All Modules"
msgstr ""
-#: includes/class-sensei-modules.php:2154
+#: includes/class-sensei-modules.php:2163
msgid "Parent Module"
msgstr ""
-#: includes/class-sensei-modules.php:2155
+#: includes/class-sensei-modules.php:2164
msgid "Parent Module:"
msgstr ""
-#: includes/class-sensei-modules.php:2156
+#: includes/class-sensei-modules.php:2165
msgid "View Module"
msgstr ""
-#: includes/class-sensei-modules.php:2157
+#: includes/class-sensei-modules.php:2166
msgid "Edit Module"
msgstr ""
-#: includes/class-sensei-modules.php:2158
+#: includes/class-sensei-modules.php:2167
msgid "Update Module"
msgstr ""
-#: includes/class-sensei-modules.php:2159
+#: includes/class-sensei-modules.php:2168
msgid "Add New Module"
msgstr ""
-#: includes/class-sensei-modules.php:2160
+#: includes/class-sensei-modules.php:2169
msgid "New Module Name"
msgstr ""
-#: includes/class-sensei-modules.php:2162
+#: includes/class-sensei-modules.php:2171
msgid "No modules found."
msgstr ""
-#: includes/class-sensei-modules.php:2163
+#: includes/class-sensei-modules.php:2172
msgid "← Back to Modules"
msgstr ""
#. translators: %s: add new taxonomy label
-#: includes/class-sensei-modules.php:2406
+#: includes/class-sensei-modules.php:2415
msgid "+ %s"
msgstr ""
@@ -5641,27 +5642,27 @@ msgid "Enable for all courses"
msgstr ""
#: includes/class-sensei-teacher.php:140
-#: includes/class-sensei-teacher.php:255
-#: includes/class-sensei-teacher.php:1330
+#: includes/class-sensei-teacher.php:259
+#: includes/class-sensei-teacher.php:1334
#: assets/dist/js/admin/course-edit.js:127
#: assets/js/admin/course-general-sidebar.js:122
msgid "Teacher"
msgstr ""
-#: includes/class-sensei-teacher.php:1106
+#: includes/class-sensei-teacher.php:1110
msgid "New course created."
msgstr ""
-#: includes/class-sensei-teacher.php:1121
+#: includes/class-sensei-teacher.php:1125
msgid "New course created by"
msgstr ""
-#: includes/class-sensei-teacher.php:1477
+#: includes/class-sensei-teacher.php:1481
msgid "Show all teachers"
msgstr ""
#. translators: Placeholder is the author name.
-#: includes/class-sensei-teacher.php:1803
+#: includes/class-sensei-teacher.php:1807
msgid "All courses by %s"
msgstr ""
@@ -7218,11 +7219,11 @@ msgstr ""
msgid "Please ensure the question has a title before saving."
msgstr ""
-#: includes/rest-api/class-sensei-rest-api-questions-controller.php:239
+#: includes/rest-api/class-sensei-rest-api-questions-controller.php:245
msgid "Sorry, you are not allowed to view posts in this post type."
msgstr ""
-#: includes/rest-api/class-sensei-rest-api-questions-controller.php:275
+#: includes/rest-api/class-sensei-rest-api-questions-controller.php:281
msgid "Sorry, you are not allowed to view this item."
msgstr ""
diff --git a/package-lock.json b/package-lock.json
index d0e1c90515..7b1e930bfe 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "sensei-lms",
- "version": "4.24.0",
+ "version": "4.24.1",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "sensei-lms",
- "version": "4.24.0",
+ "version": "4.24.1",
"license": "GPL-2.0-or-later",
"dependencies": {
"@automattic/calypso-color-schemes": "3.1.1",
diff --git a/package.json b/package.json
index ad659d4060..bfcaca0959 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
{
"name": "sensei-lms",
"title": "Sensei LMS",
- "version": "4.24.0",
+ "version": "4.24.1",
"description": "Sensei LMS",
"author": "Automattic",
"license": "GPL-2.0-or-later",
diff --git a/phpcs.xml.dist b/phpcs.xml.dist
index b8c97c8983..19fcf79756 100644
--- a/phpcs.xml.dist
+++ b/phpcs.xml.dist
@@ -87,6 +87,8 @@
+
+
diff --git a/readme.txt b/readme.txt
index 59bafe22ee..38dcc7e449 100644
--- a/readme.txt
+++ b/readme.txt
@@ -5,7 +5,7 @@ Tags: lms, eLearning, teach, online courses, woocommerce
Requires at least: 6.3
Tested up to: 6.5
Requires PHP: 7.4
-Stable tag: 4.24.0
+Stable tag: 4.24.1
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -140,6 +140,17 @@ Community members have translated the free Sensei LMS plugin [into 18 languages]
== Changelog ==
+### 4.24.1 - 2024-06-13
+#### Security
+- Improve security for lessons and modules ordering
+
+#### Fixed
+- Avoid creating a new translation if it exists already [#7609](https://github.com/Automattic/sensei/pull/7609)
+- Change some taxonomy capabilities to fix some behaviors [#7613](https://github.com/Automattic/sensei/pull/7613)
+- Contact teacher form not displaying correctly in Learning Mode [#7610](https://github.com/Automattic/sensei/pull/7610)
+- Register Sensei LMS custom post types without delay [#7607](https://github.com/Automattic/sensei/pull/7607)
+- Support "0" or other falsy values as an answer for a quiz question [#7614](https://github.com/Automattic/sensei/pull/7614)
+
### 4.24.0 - 2024-04-25
#### Security
- Prevent unauthenticated flushing of rewrite rules [#7596](https://github.com/Automattic/sensei/pull/7596)
@@ -166,15 +177,3 @@ Community members have translated the free Sensei LMS plugin [into 18 languages]
#### Fixed
- Usage of question categories in translated quizzes [#7559](https://github.com/Automattic/sensei/pull/7559)
- Lessons being automatically published when course is updated [#7582](https://github.com/Automattic/sensei/pull/7582)
-
-### 4.23.0 - 2024-04-04
-#### Added
-- Sensei pro upsell task in Sensei Home [#7562](https://github.com/Automattic/sensei/pull/7562)
-
-#### Deprecated
-- Remove Sell your course with WooCommerce task from core [#7572](https://github.com/Automattic/sensei/pull/7572)
-
-#### Fixed
-- Ensure student can view the lesson content when rendering the Complete Lesson button [#7579](https://github.com/Automattic/sensei/pull/7579)
-- Remove opinionated CSS class from login form [#7542](https://github.com/Automattic/sensei/pull/7542)
-- Visibility improved for focus elements of Course tour [#7570](https://github.com/Automattic/sensei/pull/7570)
diff --git a/sensei-lms.php b/sensei-lms.php
index 91bf23fadd..42326c19ff 100644
--- a/sensei-lms.php
+++ b/sensei-lms.php
@@ -3,7 +3,7 @@
* Plugin Name: Sensei LMS
* Plugin URI: https://senseilms.com/
* Description: Share your knowledge, grow your network, and strengthen your brand by launching an online course.
- * Version: 4.24.0
+ * Version: 4.24.1
* Author: Automattic
* Author URI: https://automattic.com
* License: GPL version 2 or later - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
@@ -19,7 +19,7 @@
}
if ( ! defined( 'SENSEI_LMS_VERSION' ) ) {
- define( 'SENSEI_LMS_VERSION', '4.24.0' ); // WRCS: DEFINED_VERSION.
+ define( 'SENSEI_LMS_VERSION', '4.24.1' ); // WRCS: DEFINED_VERSION.
}
if ( ! defined( 'SENSEI_LMS_PLUGIN_FILE' ) ) {