release: version 2.6.4

### Improvements - **Improved Re-Loading Behaviour Between FSE Onboarding Steps**: Enhances the user experience by streamlining transitions and re-loading behavior between steps in the Full Site Editing (FSE) onboarding process. ### Bug Fixes - **Resolves Compatibility Issue with Blocks on WordPress.com**: Fixes a critical issue to ensure the plugin now works seamlessly on WordPress.com. - **Hardens Security in Form Block**: Enhances sanitization of SVG files uploaded through the Form Block to protect against security vulnerabilities. - **Hardens Security in Pro Form Blocks**: Improves sanitization processes in Pro Form Blocks to bolster security measures.
Codeinwp · Feb 26, 2024 · f5703e8 · f5703e8
2 parents 7fe9ea4 + 77ee06f
commit f5703e8
Show file tree

Hide file tree

Showing 17 changed files with 258 additions and 182 deletions.
diff --git a/composer.json b/composer.json
@@ -62,6 +62,7 @@
 		"tubalmartin/cssmin": "^4.1",
 		"wptt/webfont-loader": "^1.1",
 		"sabberworm/php-css-parser": "^8.4",
-		"stripe/stripe-php": "^13.1"
+		"stripe/stripe-php": "^13.1",
+		"enshrined/svg-sanitize": "^0.18.0"
 	}
 }
diff --git a/composer.lock b/composer.lock
diff --git a/inc/integrations/class-form-utils.php b/inc/integrations/class-form-utils.php
@@ -7,6 +7,8 @@
 
 namespace ThemeIsle\GutenbergBlocks\Integration;
 
+use enshrined\svgSanitize\Sanitizer;
+
 /**
  * Form Utils
  *
@@ -21,7 +23,6 @@ class Form_Utils {
 	 * @since 2.0.3
 	 */
 	public static function generate_test_email() {
-
 		$words = array(
 			'alfa',
 			'bravo',
@@ -50,7 +51,7 @@ public static function generate_test_email() {
 		$name_1 = $words[ wp_rand( 0, count( $words ) - 1 ) ];
 		$name_2 = $words[ wp_rand( 2, count( $words ) ) - 1 ];
 
-		return "Otter-Form-successfully-connected.delete-on-confirmation.$name_1.$name_2@otter-blocks.com";
+		return "Otter-Form-successfully-connected.delete-on-confirmation.$name_1.$name_2@themeisle.com";
 	}
 
 	/**
@@ -92,7 +93,6 @@ public static function save_file_from_field( $field, $files ) {
 			'error'     => null,
 		);
 
-
 		$file_name     = self::generate_file_name( $field['metadata']['name'] );
 		$file_data_key = $field['metadata']['data'];
 
@@ -103,6 +103,22 @@ public static function save_file_from_field( $field, $files ) {
 		try {
 			$file_data = $files[ $file_data_key ];
 
+			if ( 'svg' === pathinfo( $file_name, PATHINFO_EXTENSION ) ) {
+				$file_contents = file_get_contents( $file_data['tmp_name'] );
+
+				$sanitizer     = new Sanitizer();
+				$file_contents = $sanitizer->sanitize( $file_contents );
+
+				global $wp_filesystem;
+
+				if ( ! is_a( $wp_filesystem, 'WP_Filesystem_Base' ) ) {
+					$creds = request_filesystem_credentials( site_url() );
+					wp_filesystem( $creds );
+				}
+
+				$wp_filesystem->put_contents( $file_data['tmp_name'], $file_contents );
+			}
+
 			// Save file to uploads folder.
 			require_once ABSPATH . 'wp-admin/includes/file.php';
 

diff --git a/inc/plugins/class-limited-offers.php b/inc/plugins/class-limited-offers.php
@@ -31,31 +31,45 @@ class LimitedOffers {
 	public $wp_option_dismiss_notification_key_base = 'dismiss_themeisle_notice_event_';
 
 	/**
-	 * Offer Links
+	 * Metadata for announcements.
 	 *
-	 * @var array<string>
+	 * @var array
 	 */
-	public $offer_metadata = array();
+	public $assets = array();
 
 	/**
 	 * Timeline for the offers.
 	 *
-	 * @var array[]
+	 * @var array
 	 */
-	public $timelines = array(
-		'bf' => array(
-			'start' => '2023-11-20 00:00:00',
-			'end'   => '2023-11-27 23:59:00',
-		),
-	);
+	public $announcements = array();
 
 	/**
 	 * LimitedOffers constructor.
 	 */
 	public function __construct() {
+		$this->announcements = apply_filters( 'themeisle_sdk_announcements', array() );
+
+		if ( empty( $this->announcements ) || ! is_array( $this->announcements ) ) {
+			return;
+		}
+
 		try {
-			if ( $this->is_deal_active( 'bf' ) ) {
-				$this->activate_bff();
+			foreach ( $this->announcements as $announcement => $event_data ) {
+				if ( false !== strpos( $announcement, 'black_friday' ) ) {
+					if (
+						empty( $event_data ) ||
+						! is_array( $event_data ) ||
+						empty( $event_data['active'] ) ||
+						empty( $event_data['otter_dashboard_url'] ) ||
+						! isset( $event_data['urgency_text'] )
+					) {
+						continue;
+					}
+
+					$this->active = $announcement;
+					$this->prepare_black_friday_assets( $event_data );
+				}
 			}
 		} catch ( Exception $e ) {
 			if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
@@ -70,6 +84,11 @@ public function __construct() {
 	 * @return void
 	 */
 	public function load_dashboard_hooks() {
+
+		if ( empty( $this->assets['globalNoticeUrl'] ) ) {
+			return;
+		}
+
 		add_filter( 'themeisle_products_deal_priority', array( $this, 'add_priority' ) );
 		add_action( 'admin_notices', array( $this, 'render_notice' ) );
 		add_action( 'wp_ajax_dismiss_themeisle_event_notice_otter', array( $this, 'disable_notification_ajax' ) );
@@ -87,16 +106,19 @@ public function is_active() {
 	/**
 	 * Activate the Black Friday deal.
 	 *
+	 * @param array $data Event data.
+	 *
 	 * @return void
 	 */
-	public function activate_bff() {
-		$this->active = 'bf';
-
-		$this->offer_metadata = array(
-			'bannerUrl'     => OTTER_BLOCKS_URL . 'assets/images/black-friday-banner.png',
-			'bannerAlt'     => 'Otter Black Friday Sale',
-			'linkDashboard' => tsdk_utmify( 'https://themeisle.com/plugins/otter-blocks/blackfriday/', 'blackfridayltd23', 'dashboard' ),
-			'linkGlobal'    => tsdk_utmify( 'https://themeisle.com/plugins/otter-blocks/blackfriday/', 'blackfridayltd23', 'globalnotice' ),
+	public function prepare_black_friday_assets( $data ) {
+		$this->assets = array_merge(
+			$this->assets,
+			array(
+				'bannerUrl'      => OTTER_BLOCKS_URL . 'assets/images/black-friday-banner.png',
+				'bannerAlt'      => 'Otter Black Friday Sale',
+				'bannerStoreUrl' => esc_url_raw( $data['otter_dashboard_url'] ),
+				'urgencyText'    => esc_html( $data['urgency_text'] ),
+			)
 		);
 	}
 
@@ -109,77 +131,6 @@ public function get_active_deal() {
 		return $this->active;
 	}
 
-	/**
-	 * Check if the deal is active with the given slug.
-	 *
-	 * @param string $slug Slug of the deal.
-	 *
-	 * @throws Exception When date is invalid.
-	 */
-	public function is_deal_active( $slug ) {
-
-		if ( empty( $slug ) || ! array_key_exists( $slug, $this->timelines ) ) {
-			return false;
-		}
-
-		return $this->check_date_range( $this->timelines[ $slug ]['start'], $this->timelines[ $slug ]['end'] );
-	}
-
-	/**
-	 * Get the remaining time for the deal in a human readable format.
-	 *
-	 * @param string $slug Slug of the deal.
-	 * @return string Remaining time for the deal.
-	 */
-	public function get_remaining_time_for_deal( $slug ) {
-		if ( empty( $slug ) || ! array_key_exists( $slug, $this->timelines ) ) {
-			return '';
-		}
-
-		try {
-			$end_date     = new DateTime( $this->timelines[ $slug ]['end'], new DateTimeZone( 'GMT' ) );
-			$current_date = new DateTime( 'now', new DateTimeZone( 'GMT' ) );
-			$diff         = $end_date->diff( $current_date );
-
-			if ( 0 < $diff->days ) {
-				return 1 === $diff->days ? $diff->format( '%a day' ) : $diff->format( '%a days' );
-			}
-
-			if ( 0 < $diff->h ) {
-				return 1 === $diff->h ? $diff->format( '%h hour' ) : $diff->format( '%h hours' );
-			}
-
-			if ( 0 < $diff->i ) {
-				return 1 === $diff->i ? $diff->format( '%i minute' ) : $diff->format( '%i minutes' );
-			}
-
-			return 1 === $diff->s ? $diff->format( '%s second' ) : $diff->format( '%s seconds' );
-		} catch ( Exception $e ) {
-			if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
-				error_log( $e->getMessage() ); // phpcs:ignore
-			}
-		}
-
-		return '';
-	}
-
-	/**
-	 * Check if the current date is in the range of the offer.
-	 *
-	 * @param string $start Start date.
-	 * @param string $end   End date.
-	 *
-	 * @throws Exception When date is invalid.
-	 */
-	public function check_date_range( $start, $end ) {
-
-		$start_date   = new DateTime( $start, new DateTimeZone( 'GMT' ) );
-		$end_date     = new DateTime( $end, new DateTimeZone( 'GMT' ) );
-		$current_date = new DateTime( 'now', new DateTimeZone( 'GMT' ) );
-
-		return $start_date <= $current_date && $current_date <= $end_date;
-	}
-
 	/**
 	 * Get the localized data for the plugin.
 	 *
@@ -188,12 +139,10 @@ public function check_date_range( $start, $end ) {
 	public function get_localized_data() {
 		return array_merge(
 			array(
-				'active'        => $this->is_active(),
-				'dealSlug'      => $this->get_active_deal(),
-				'remainingTime' => $this->get_remaining_time_for_deal( $this->get_active_deal() ),
-				'urgencyText'   => 'Hurry Up! Only ' . $this->get_remaining_time_for_deal( $this->get_active_deal() ) . ' left',
+				'active'   => $this->is_active(),
+				'dealSlug' => $this->get_active_deal(),
 			),
-			$this->offer_metadata
+			$this->assets
 		);
 	}
 
@@ -262,7 +211,7 @@ public function render_notice() {
 			</svg>
 			<span>
 				<?php echo wp_kses_post( $message ); ?>
-				<a href="<?php echo esc_url( ! empty( $this->offer_metadata['linkGlobal'] ) ? $this->offer_metadata['linkGlobal'] : '' ); ?>" target="_blank" rel="external noreferrer noopener">
+				<a href="<?php echo esc_url( ! empty( $this->assets['globalNoticeUrl'] ) ? $this->assets['globalNoticeUrl'] : '' ); ?>" target="_blank" rel="external noreferrer noopener">
 					<?php esc_html_e( 'Learn more', 'otter-blocks' ); ?>
 				</a>
 			</span>