From e1550f6d8184a51721ceafa9ff163285e6059de7 Mon Sep 17 00:00:00 2001
From: Josh Oakes <josh@joshoak.es>
Date: Tue, 19 Nov 2024 10:31:06 -0600
Subject: [PATCH] Bump permissions requirement

---
 includes/class-kadence-blocks-cpt-import-export.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/includes/class-kadence-blocks-cpt-import-export.php b/includes/class-kadence-blocks-cpt-import-export.php
index 214e7dcfc..c87ba0b26 100644
--- a/includes/class-kadence-blocks-cpt-import-export.php
+++ b/includes/class-kadence-blocks-cpt-import-export.php
@@ -76,7 +76,7 @@ public function handle_bulk_export($redirect_to, $action, $post_ids)
 			return $redirect_to;
 		}
 
-		if (!current_user_can('edit_posts')) {
+		if (!current_user_can('manage_options')) {
 			wp_die(__('You do not have sufficient permissions to export content.', 'kadence-blocks'));
 		}
 
@@ -201,7 +201,7 @@ public function display_import_notices() {
 	public function add_import_export_buttons() {
 		global $pagenow, $typenow;
 
-		if ('edit.php' === $pagenow && $this->slug === $typenow && current_user_can('edit_posts') ) {
+		if ('edit.php' === $pagenow && $this->slug === $typenow && current_user_can('manage_options') ) {
 			add_action('admin_notices', array($this, 'render_import_export_buttons'));
 		}
 	}
@@ -240,7 +240,7 @@ public function render_import_export_buttons() {
 	 * Export to zip and download.
 	 */
 	public function handle_export( $post_ids = array(), $check_referrer = true ) {
-		if (!current_user_can('edit_posts')) {
+		if (!current_user_can('manage_options')) {
 			$this->redirect_with_error( __('You do not have sufficient permissions to export content.', 'kadence-blocks') );
 		}
 
@@ -339,7 +339,7 @@ private function get_related_posts_recursive($content, &$related_posts, $parent_
 	}
 
 	public function handle_import() {
-		if (!current_user_can('publish_posts')) {
+		if (!current_user_can('manage_options')) {
 			$this->redirect_with_error( __('You do not have sufficient permissions to import content.', 'kadence-blocks' ) );
 			return;
 		}
@@ -367,6 +367,11 @@ public function handle_import() {
 
 		$zip = new ZipArchive();
 		if ($zip->open($file['tmp_name']) === TRUE) {
+			if ($zip->numFiles > 5) {
+				$this->redirect_with_error( __('Invalid data in import file.', 'kadence-blocks' ) );
+				return;
+			}
+
 			$zip->extractTo($temp_dir);
 			$zip->close();