diff --git a/changelog.txt b/changelog.txt index af1cc4f8a3..96dab631ac 100755 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,16 @@ *** Changelog *** +## 4.24.1 - 2024-06-13 +### Security +- Improve security for lessons and modules ordering + +### Fixed +- Avoid creating a new translation if it exists already [#7609](https://github.com/Automattic/sensei/pull/7609) +- Change some taxonomy capabilities to fix some behaviors [#7613](https://github.com/Automattic/sensei/pull/7613) +- Contact teacher form not displaying correctly in Learning Mode [#7610](https://github.com/Automattic/sensei/pull/7610) +- Register Sensei LMS custom post types without delay [#7607](https://github.com/Automattic/sensei/pull/7607) +- Support "0" or other falsy values as an answer for a quiz question [#7614](https://github.com/Automattic/sensei/pull/7614) + ## 4.24.0 - 2024-04-25 ### Security - Prevent unauthenticated flushing of rewrite rules [#7596](https://github.com/Automattic/sensei/pull/7596) diff --git a/changelog/fix-capability-issue b/changelog/fix-capability-issue deleted file mode 100644 index 33077391a1..0000000000 --- a/changelog/fix-capability-issue +++ /dev/null @@ -1,4 +0,0 @@ -Significance: patch -Type: fixed - -Change some taxonomy capabilities to fix some behaviors diff --git a/changelog/fix-contact-teacher-block-in-learning-mode b/changelog/fix-contact-teacher-block-in-learning-mode deleted file mode 100644 index 7a749fd478..0000000000 --- a/changelog/fix-contact-teacher-block-in-learning-mode +++ /dev/null @@ -1,4 +0,0 @@ -Significance: patch -Type: fixed - -Contact teacher form not displaying correctly in Learning Mode diff --git a/changelog/fix-quiz-questions-with-falsy-answers b/changelog/fix-quiz-questions-with-falsy-answers deleted file mode 100644 index 8e9e7b06d4..0000000000 --- a/changelog/fix-quiz-questions-with-falsy-answers +++ /dev/null @@ -1,4 +0,0 @@ -Significance: patch -Type: fixed - -Support "0" or other falsy values as an answer for a quiz question diff --git a/changelog/fix-wpml-slug-translation b/changelog/fix-wpml-slug-translation deleted file mode 100644 index f3a4c475cc..0000000000 --- a/changelog/fix-wpml-slug-translation +++ /dev/null @@ -1,4 +0,0 @@ -Significance: patch -Type: fixed - -Register Sensei LMS custom post types without delay diff --git a/changelog/fix-wpml-translate-updated-content b/changelog/fix-wpml-translate-updated-content deleted file mode 100644 index 510cb8c115..0000000000 --- a/changelog/fix-wpml-translate-updated-content +++ /dev/null @@ -1,4 +0,0 @@ -Significance: patch -Type: fixed - -Avoid creating a new translation if it exists already diff --git a/includes/class-sensei-admin.php b/includes/class-sensei-admin.php index e40d2a4d4d..89dcc0dcd7 100755 --- a/includes/class-sensei-admin.php +++ b/includes/class-sensei-admin.php @@ -1248,12 +1248,18 @@ public function save_course_order( $order_string = '' ) { */ public function handle_order_lessons() { check_admin_referer( 'order_lessons' ); - if ( ! current_user_can( 'edit_published_lessons' ) ) { + + $course_id = isset( $_POST['course_id'] ) ? intval( $_POST['course_id'] ) : 0; + + if ( + ! current_user_can( 'edit_published_lessons' ) + || ! Sensei_Course::can_current_user_edit_course( $course_id ) + ) { wp_die( esc_html__( 'Insufficient permissions', 'sensei-lms' ) ); } if ( - empty( $_POST['course_id'] ) + empty( $course_id ) || empty( $_POST['lessons'] ) ) { _doing_it_wrong( @@ -1273,8 +1279,7 @@ public function handle_order_lessons() { ]; } - $course_id = (int) $_POST['course_id']; - $ordered = $this->sync_lesson_order( + $ordered = $this->sync_lesson_order( $lessons_order, $course_id ); diff --git a/includes/class-sensei-modules.php b/includes/class-sensei-modules.php index 14849972f5..e5eb42914d 100644 --- a/includes/class-sensei-modules.php +++ b/includes/class-sensei-modules.php @@ -1261,7 +1261,7 @@ public function add_submenus() { '', // Hide the submenu. __( 'Order Modules', 'sensei-lms' ), __( 'Order Modules', 'sensei-lms' ), - 'edit_lessons', + 'edit_courses', $this->order_page_slug, array( $this, 'module_order_screen' ) ); @@ -1275,18 +1275,27 @@ public function add_submenus() { public function handle_order_modules() { check_admin_referer( 'order_modules' ); + $course_id = isset( $_POST['course_id'] ) ? intval( $_POST['course_id'] ) : 0; + $module_order = isset( $_POST['module-order'] ) ? sanitize_text_field( wp_unslash( $_POST['module-order'] ) ) : ''; + + if ( + ! Sensei_Course::can_current_user_edit_course( $course_id ) + ) { + wp_die( esc_html__( 'Insufficient permissions', 'sensei-lms' ) ); + } + $ordered = false; - if ( isset( $_POST['module-order'] ) && 0 < strlen( $_POST['module-order'] ) ) { - $ordered = $this->save_course_module_order( esc_attr( $_POST['module-order'] ), esc_attr( $_POST['course_id'] ) ); + if ( 0 < strlen( $module_order ) ) { + $ordered = $this->save_course_module_order( esc_attr( $module_order ), $course_id ); } - wp_redirect( + wp_safe_redirect( esc_url_raw( add_query_arg( array( 'page' => $this->order_page_slug, 'ordered' => $ordered, - 'course_id' => $_POST['course_id'], + 'course_id' => $course_id, ), admin_url( 'admin.php' ) ) diff --git a/lang/sensei-lms.pot b/lang/sensei-lms.pot index 7b1d05ee12..bb89fe6a89 100644 --- a/lang/sensei-lms.pot +++ b/lang/sensei-lms.pot @@ -2,14 +2,14 @@ # This file is distributed under the GPL version 2 or later - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. msgid "" msgstr "" -"Project-Id-Version: Sensei LMS 4.24.0\n" +"Project-Id-Version: Sensei LMS 4.24.1\n" "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/sensei-lms\n" "Last-Translator: \n" "Language-Team: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"POT-Creation-Date: 2024-04-25T13:32:28+00:00\n" +"POT-Creation-Date: 2024-06-13T12:20:37+00:00\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "X-Generator: WP-CLI 2.10.0\n" "X-Domain: sensei-lms\n" @@ -379,7 +379,7 @@ msgstr "" #. translators: %d: the number of links to be displayed #: includes/admin/class-sensei-learners-admin-bulk-actions-view.php:503 -#: includes/class-sensei-modules.php:1490 +#: includes/class-sensei-modules.php:1499 msgid "+%d more" msgstr "" @@ -658,12 +658,12 @@ msgstr "" #: includes/admin/class-sensei-learners-main.php:1198 #: includes/blocks/class-sensei-course-outline-module-block.php:98 -#: includes/class-sensei-admin.php:1610 +#: includes/class-sensei-admin.php:1615 #: includes/class-sensei-analysis-overview-list-table.php:1196 #: includes/class-sensei-analysis.php:112 #: includes/class-sensei-course.php:3516 #: includes/class-sensei-lesson.php:244 -#: includes/class-sensei-modules.php:1621 +#: includes/class-sensei-modules.php:1630 #: includes/class-sensei-posttypes.php:936 #: includes/class-sensei-posttypes.php:937 #: includes/class-sensei-posttypes.php:1208 @@ -737,7 +737,7 @@ msgstr "" #: includes/admin/class-sensei-setup-wizard-pages.php:60 #: includes/admin/home/quick-links/class-sensei-home-quick-links-provider.php:24 -#: includes/class-sensei-admin.php:1609 +#: includes/class-sensei-admin.php:1614 #: includes/class-sensei-analysis-overview-list-table.php:1195 #: includes/class-sensei-analysis-user-profile-list-table.php:362 #: includes/class-sensei-analysis.php:111 @@ -766,7 +766,7 @@ msgid "my-courses" msgstr "" #: includes/admin/class-sensei-setup-wizard-pages.php:64 -#: includes/class-sensei-admin.php:1611 +#: includes/class-sensei-admin.php:1616 #: widgets/class-sensei-course-component-widget.php:338 msgid "My Courses" msgstr "" @@ -2187,7 +2187,7 @@ msgid "Your Total Grade" msgstr "" #: includes/blocks/class-sensei-learner-messages-button-block.php:76 -#: includes/class-sensei-admin.php:1613 +#: includes/class-sensei-admin.php:1618 #: includes/class-sensei-course.php:2215 #: includes/class-sensei-messages.php:935 #: includes/class-sensei-messages.php:1031 @@ -2360,7 +2360,7 @@ msgstr "" #: includes/class-sensei-admin.php:155 #: includes/class-sensei-admin.php:156 -#: includes/class-sensei-admin.php:1306 +#: includes/class-sensei-admin.php:1311 #: includes/class-sensei-lesson.php:248 msgid "Order Lessons" msgstr "" @@ -2404,7 +2404,8 @@ msgid "Invalid post type. Can duplicate only lessons and courses" msgstr "" #: includes/class-sensei-admin.php:656 -#: includes/class-sensei-admin.php:1252 +#: includes/class-sensei-admin.php:1258 +#: includes/class-sensei-modules.php:1284 #: includes/internal/emails/class-email-list-table-actions.php:115 #: includes/internal/emails/class-email-list-table-actions.php:129 #: includes/internal/emails/class-email-preview.php:200 @@ -2423,72 +2424,72 @@ msgstr "" msgid "Save course order" msgstr "" -#: includes/class-sensei-admin.php:1314 +#: includes/class-sensei-admin.php:1319 msgid "The lesson order has been saved." msgstr "" -#: includes/class-sensei-admin.php:1337 +#: includes/class-sensei-admin.php:1342 #: includes/class-sensei-analysis-overview-list-table.php:1146 #: includes/class-sensei-grading-main.php:432 #: includes/class-sensei-grading.php:569 -#: includes/class-sensei-modules.php:1326 +#: includes/class-sensei-modules.php:1335 #: includes/reports/overview/list-table/class-sensei-reports-overview-list-table-abstract.php:377 msgid "Select a course" msgstr "" -#: includes/class-sensei-admin.php:1348 -#: includes/class-sensei-modules.php:1339 +#: includes/class-sensei-admin.php:1353 +#: includes/class-sensei-modules.php:1348 msgid "Select" msgstr "" -#: includes/class-sensei-admin.php:1386 +#: includes/class-sensei-admin.php:1391 #: includes/class-sensei-course.php:3511 #: templates/course-results/lessons.php:123 msgid "Other Lessons" msgstr "" -#: includes/class-sensei-admin.php:1401 +#: includes/class-sensei-admin.php:1406 msgid "Save lesson order" msgstr "" -#: includes/class-sensei-admin.php:1404 +#: includes/class-sensei-admin.php:1409 msgid "There are no lessons in this course." msgstr "" -#: includes/class-sensei-admin.php:1612 +#: includes/class-sensei-admin.php:1617 msgid "My Profile" msgstr "" -#: includes/class-sensei-admin.php:1614 +#: includes/class-sensei-admin.php:1619 #: includes/class-sensei-frontend.php:383 #: templates/user/login-form.php:25 #: templates/user/login-form.php:67 msgid "Login" msgstr "" -#: includes/class-sensei-admin.php:1614 +#: includes/class-sensei-admin.php:1619 #: includes/class-sensei-frontend.php:381 msgid "Logout" msgstr "" -#: includes/class-sensei-admin.php:1647 +#: includes/class-sensei-admin.php:1652 msgid "Add to Menu" msgstr "" -#: includes/class-sensei-admin.php:1720 +#: includes/class-sensei-admin.php:1725 msgid "Settings > General" msgstr "" -#: includes/class-sensei-admin.php:1721 +#: includes/class-sensei-admin.php:1726 msgid "add a new Administrator" msgstr "" -#: includes/class-sensei-admin.php:1722 +#: includes/class-sensei-admin.php:1727 msgid "existing Administrator" msgstr "" #. translators: The %s placeholders are as follows: - A link to the General Settings page with the translated text "Settings > General". - A link to add an admin user with the translated text "add a new Administrator". - The current admin email address from the Settings. - A link to view the existing admin users, with the translated text "existing Administrator". -#: includes/class-sensei-admin.php:1733 +#: includes/class-sensei-admin.php:1738 msgid "To prevent issues with Sensei LMS module names, your Email Address in %1$s should also belong to an Administrator user. You can either %2$s with the email address %3$s, or change that email address to match the email of an %4$s." msgstr "" @@ -4258,10 +4259,10 @@ msgstr "" #: includes/class-sensei-modules.php:251 #: includes/class-sensei-modules.php:1248 -#: includes/class-sensei-modules.php:1418 -#: includes/class-sensei-modules.php:1998 -#: includes/class-sensei-modules.php:2150 -#: includes/class-sensei-modules.php:2161 +#: includes/class-sensei-modules.php:1427 +#: includes/class-sensei-modules.php:2007 +#: includes/class-sensei-modules.php:2159 +#: includes/class-sensei-modules.php:2170 #: includes/class-sensei-posttypes.php:1200 #: includes/class-sensei-posttypes.php:1201 #: assets/blocks/course-outline/outline-block/outline-settings.js:26 @@ -4275,16 +4276,16 @@ msgstr "" #: includes/class-sensei-modules.php:1251 #: includes/class-sensei-modules.php:1262 #: includes/class-sensei-modules.php:1263 -#: includes/class-sensei-modules.php:1308 -#: includes/class-sensei-modules.php:1512 +#: includes/class-sensei-modules.php:1317 +#: includes/class-sensei-modules.php:1521 msgid "Order Modules" msgstr "" #: includes/class-sensei-modules.php:278 -#: includes/class-sensei-modules.php:1529 -#: includes/class-sensei-modules.php:1681 -#: includes/class-sensei-modules.php:1734 -#: includes/class-sensei-modules.php:2151 +#: includes/class-sensei-modules.php:1538 +#: includes/class-sensei-modules.php:1690 +#: includes/class-sensei-modules.php:1743 +#: includes/class-sensei-modules.php:2160 #: assets/blocks/course-outline/module-block/index.js:21 #: assets/blocks/course-outline/outline-block/outline-appender.js:49 #: assets/course-theme/blocks/lesson-blocks/module-title/module-title-edit.js:10 @@ -4339,68 +4340,68 @@ msgstr "" msgid "Please sign up for the %1$s before starting the module." msgstr "" -#: includes/class-sensei-modules.php:1316 +#: includes/class-sensei-modules.php:1325 msgid "The module order has been saved for this course." msgstr "" -#: includes/class-sensei-modules.php:1363 +#: includes/class-sensei-modules.php:1372 msgid "Save module order" msgstr "" -#: includes/class-sensei-modules.php:1364 +#: includes/class-sensei-modules.php:1373 msgid "Edit course" msgstr "" -#: includes/class-sensei-modules.php:1953 +#: includes/class-sensei-modules.php:1962 msgid "Search for courses" msgstr "" -#: includes/class-sensei-modules.php:2152 +#: includes/class-sensei-modules.php:2161 msgid "Search Modules" msgstr "" -#: includes/class-sensei-modules.php:2153 +#: includes/class-sensei-modules.php:2162 msgid "All Modules" msgstr "" -#: includes/class-sensei-modules.php:2154 +#: includes/class-sensei-modules.php:2163 msgid "Parent Module" msgstr "" -#: includes/class-sensei-modules.php:2155 +#: includes/class-sensei-modules.php:2164 msgid "Parent Module:" msgstr "" -#: includes/class-sensei-modules.php:2156 +#: includes/class-sensei-modules.php:2165 msgid "View Module" msgstr "" -#: includes/class-sensei-modules.php:2157 +#: includes/class-sensei-modules.php:2166 msgid "Edit Module" msgstr "" -#: includes/class-sensei-modules.php:2158 +#: includes/class-sensei-modules.php:2167 msgid "Update Module" msgstr "" -#: includes/class-sensei-modules.php:2159 +#: includes/class-sensei-modules.php:2168 msgid "Add New Module" msgstr "" -#: includes/class-sensei-modules.php:2160 +#: includes/class-sensei-modules.php:2169 msgid "New Module Name" msgstr "" -#: includes/class-sensei-modules.php:2162 +#: includes/class-sensei-modules.php:2171 msgid "No modules found." msgstr "" -#: includes/class-sensei-modules.php:2163 +#: includes/class-sensei-modules.php:2172 msgid "← Back to Modules" msgstr "" #. translators: %s: add new taxonomy label -#: includes/class-sensei-modules.php:2406 +#: includes/class-sensei-modules.php:2415 msgid "+ %s" msgstr "" @@ -5641,27 +5642,27 @@ msgid "Enable for all courses" msgstr "" #: includes/class-sensei-teacher.php:140 -#: includes/class-sensei-teacher.php:255 -#: includes/class-sensei-teacher.php:1330 +#: includes/class-sensei-teacher.php:259 +#: includes/class-sensei-teacher.php:1334 #: assets/dist/js/admin/course-edit.js:127 #: assets/js/admin/course-general-sidebar.js:122 msgid "Teacher" msgstr "" -#: includes/class-sensei-teacher.php:1106 +#: includes/class-sensei-teacher.php:1110 msgid "New course created." msgstr "" -#: includes/class-sensei-teacher.php:1121 +#: includes/class-sensei-teacher.php:1125 msgid "New course created by" msgstr "" -#: includes/class-sensei-teacher.php:1477 +#: includes/class-sensei-teacher.php:1481 msgid "Show all teachers" msgstr "" #. translators: Placeholder is the author name. -#: includes/class-sensei-teacher.php:1803 +#: includes/class-sensei-teacher.php:1807 msgid "All courses by %s" msgstr "" @@ -7218,11 +7219,11 @@ msgstr "" msgid "Please ensure the question has a title before saving." msgstr "" -#: includes/rest-api/class-sensei-rest-api-questions-controller.php:239 +#: includes/rest-api/class-sensei-rest-api-questions-controller.php:245 msgid "Sorry, you are not allowed to view posts in this post type." msgstr "" -#: includes/rest-api/class-sensei-rest-api-questions-controller.php:275 +#: includes/rest-api/class-sensei-rest-api-questions-controller.php:281 msgid "Sorry, you are not allowed to view this item." msgstr "" diff --git a/package-lock.json b/package-lock.json index d0e1c90515..7b1e930bfe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "sensei-lms", - "version": "4.24.0", + "version": "4.24.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "sensei-lms", - "version": "4.24.0", + "version": "4.24.1", "license": "GPL-2.0-or-later", "dependencies": { "@automattic/calypso-color-schemes": "3.1.1", diff --git a/package.json b/package.json index ad659d4060..bfcaca0959 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "sensei-lms", "title": "Sensei LMS", - "version": "4.24.0", + "version": "4.24.1", "description": "Sensei LMS", "author": "Automattic", "license": "GPL-2.0-or-later", diff --git a/phpcs.xml.dist b/phpcs.xml.dist index b8c97c8983..19fcf79756 100644 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -87,6 +87,8 @@ + + diff --git a/readme.txt b/readme.txt index 59bafe22ee..38dcc7e449 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Tags: lms, eLearning, teach, online courses, woocommerce Requires at least: 6.3 Tested up to: 6.5 Requires PHP: 7.4 -Stable tag: 4.24.0 +Stable tag: 4.24.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -140,6 +140,17 @@ Community members have translated the free Sensei LMS plugin [into 18 languages] == Changelog == +### 4.24.1 - 2024-06-13 +#### Security +- Improve security for lessons and modules ordering + +#### Fixed +- Avoid creating a new translation if it exists already [#7609](https://github.com/Automattic/sensei/pull/7609) +- Change some taxonomy capabilities to fix some behaviors [#7613](https://github.com/Automattic/sensei/pull/7613) +- Contact teacher form not displaying correctly in Learning Mode [#7610](https://github.com/Automattic/sensei/pull/7610) +- Register Sensei LMS custom post types without delay [#7607](https://github.com/Automattic/sensei/pull/7607) +- Support "0" or other falsy values as an answer for a quiz question [#7614](https://github.com/Automattic/sensei/pull/7614) + ### 4.24.0 - 2024-04-25 #### Security - Prevent unauthenticated flushing of rewrite rules [#7596](https://github.com/Automattic/sensei/pull/7596) @@ -166,15 +177,3 @@ Community members have translated the free Sensei LMS plugin [into 18 languages] #### Fixed - Usage of question categories in translated quizzes [#7559](https://github.com/Automattic/sensei/pull/7559) - Lessons being automatically published when course is updated [#7582](https://github.com/Automattic/sensei/pull/7582) - -### 4.23.0 - 2024-04-04 -#### Added -- Sensei pro upsell task in Sensei Home [#7562](https://github.com/Automattic/sensei/pull/7562) - -#### Deprecated -- Remove Sell your course with WooCommerce task from core [#7572](https://github.com/Automattic/sensei/pull/7572) - -#### Fixed -- Ensure student can view the lesson content when rendering the Complete Lesson button [#7579](https://github.com/Automattic/sensei/pull/7579) -- Remove opinionated CSS class from login form [#7542](https://github.com/Automattic/sensei/pull/7542) -- Visibility improved for focus elements of Course tour [#7570](https://github.com/Automattic/sensei/pull/7570) diff --git a/sensei-lms.php b/sensei-lms.php index 91bf23fadd..42326c19ff 100644 --- a/sensei-lms.php +++ b/sensei-lms.php @@ -3,7 +3,7 @@ * Plugin Name: Sensei LMS * Plugin URI: https://senseilms.com/ * Description: Share your knowledge, grow your network, and strengthen your brand by launching an online course. - * Version: 4.24.0 + * Version: 4.24.1 * Author: Automattic * Author URI: https://automattic.com * License: GPL version 2 or later - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html @@ -19,7 +19,7 @@ } if ( ! defined( 'SENSEI_LMS_VERSION' ) ) { - define( 'SENSEI_LMS_VERSION', '4.24.0' ); // WRCS: DEFINED_VERSION. + define( 'SENSEI_LMS_VERSION', '4.24.1' ); // WRCS: DEFINED_VERSION. } if ( ! defined( 'SENSEI_LMS_PLUGIN_FILE' ) ) {