diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
new file mode 100644
index 0000000..cae1fa9
--- /dev/null
+++ b/.github/workflows/publish-release.yml
@@ -0,0 +1,150 @@
+name: Publish Release
+run-name: Publish Release
+
+on:
+ workflow_dispatch:
+ inputs:
+ release:
+ description: 'Release version (e.g. 1.2.3)'
+ required: true
+ prerelease:
+ description: 'Pre-release version (e.g. RC1, beta, etc...)'
+ required: false
+
+permissions:
+ contents: write
+
+env:
+ TAG: ${{ github.event.inputs.release }}
+ PRETAG: ${{ github.event.inputs.prerelease }}
+ BRANCH: temp-release-${{ github.event.inputs.release }}
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Prepare vars
+ id: vars
+ uses: actions/github-script@v7
+ with:
+ script: |
+ const full_tag = [
+ process.env.TAG,
+ process.env.PRETAG
+ ].filter(Boolean).join('-');
+ const branch = `temp-release-${full_tag}`;
+ const is_prerelease = !!process.env.PRETAG;
+
+ core.setOutput('full_tag', full_tag );
+ core.setOutput('branch', branch );
+ core.setOutput('is_prerelease', is_prerelease );
+
+ # 'ref' and 'repository' are required, otherwise repo could appear in detached head state
+ - name: Checkout
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ github.head_ref }}
+ repository: ${{ github.repository }}
+
+ - name: Parse Changelog Entries
+ uses: actions/github-script@v7
+ id: changelog
+ with:
+ script: |
+ const { open } = require('fs/promises');
+
+ const version = process.env.TAG;
+ const delimiter = '#### ';
+ const file = await open('./changes.md');
+
+ let description = [];
+ let found = false;
+
+ for await (let line of file.readLines()) {
+ line = line.trim();
+
+ if ( line.startsWith(`${delimiter}${version}`) ) {
+ found = true;
+ continue;
+ }
+
+ if (!found) continue;
+ if ( line.startsWith(delimiter) ) break;
+
+ description.push(line);
+ }
+
+ if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);
+
+ core.setOutput('description', description.join('\n') );
+
+
+ # cleanup files that are not needed for the release
+ # but keep the .git folder, because we need it for the next step
+ - name: Cleanup files
+ run: |
+ rm -f composer.lock || true
+ rm -rf vendor/composer/installers || true
+ find ./ -name '.git*' -not -path './.git' -type f -delete || true
+ find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true
+ find ./vendor -name .svn -exec rm -rf {} \; || true
+
+ # cleanup files, specific to Google API PHP library
+ - name: Cleanup files for Google API library
+ run: |
+ rm -f lib/Google/phpstan.neon.dist || true
+ rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
+ find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
+ find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true
+
+ # commit changes to temporary release branch and create a new tag
+ - name: Commit changes
+ uses: EndBug/add-and-commit@v9
+ with:
+ message: Cleanup files for release
+ new_branch: ${{ steps.vars.outputs.branch }}
+ tag: ${{ steps.vars.outputs.full_tag }}
+
+ # generate SBOM that will be attached to a release as an artifact
+ - name: Create SBOM
+ id: sbom
+ uses: anchore/sbom-action@v0
+ with:
+ path: .
+ output-file: sbom.spdx.json
+ format: spdx-json
+
+ # create a draft release with the version changelog as a description
+ - name: Create Draft Release
+ id: draft_release
+ uses: softprops/action-gh-release@v1
+ with:
+ name: "Release ${{ steps.vars.outputs.full_tag }}"
+ body: "${{ steps.changelog.outputs.description }}"
+ tag_name: ${{ steps.vars.outputs.full_tag }}
+ draft: true
+ prerelease: ${{ steps.vars.outputs.is_prerelease }}
+
+ # attach SBOM to release
+ - name: Upload SBOM to release
+ uses: actions/upload-release-asset@v1.0.1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ steps.draft_release.outputs.upload_url }}
+ asset_path: ./sbom.spdx.json
+ asset_name: sbom.spdx.json
+ asset_content_type: application/json
+
+ # publish release using an ID from the 'draft_release' step
+ - name: Publish Release
+ uses: eregon/publish-release@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ release_id: ${{ steps.draft_release.outputs.id }}
+
+ # delete temporary release branch
+ - name: Delete temporary release branch
+ run: |
+ git push origin --delete ${{ steps.vars.outputs.branch }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 076dde0..153a3ce 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,9 +2,7 @@ name: Tests
on:
push:
- branches: [main]
pull_request:
- branches: [main]
jobs:
build:
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a5dc6c4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy Overview
+
+Thank you for using and contributing to our product. At [UDX](https://udx.io), we take the security of our products seriously and appreciate collaborative efforts to ensure the safety of our users and contributors.
+
+## Reporting a Security Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you find a security vulnerability, please [submit a vulnerability report](https://github.com/udx/wp-stateless-siteorigin-css-addon/security/advisories/new). Provide detailed information about the vulnerability to help us understand and address the issue promptly. We kindly request that you avoid public disclosure until we've had the opportunity to analyze and resolve the reported issue.
+
+## Responsible Disclosure
+
+Responsible disclosure is crucial to maintaining the security of our product. We ask for your cooperation in allowing us sufficient time to investigate and address the reported vulnerability before making it public. We will keep you informed of our progress and make every effort to address the issue promptly.
+
+## Supported Versions
+
+Security updates are provided for the latest stable release. Please ensure that you are using a supported version before reporting a security vulnerability.
+
+## Contact Information
+
+For security-related matters, please contact our security team at [security@udx.io](mailto:security@udx.io). For general inquiries, feature requests, and other non-security-related discussions, please use our regular [issue tracker](https://github.com/udx/wp-stateless-siteorigin-css-addon/issues).
+
+Thank you for helping us ensure the security of WP-Stateless - SiteOrigin CSS Addon. Your contributions are greatly appreciated.
diff --git a/class-siteorigin-css.php b/class-siteorigin-css.php
index 2b31dba..767ca6f 100644
--- a/class-siteorigin-css.php
+++ b/class-siteorigin-css.php
@@ -1,16 +1,12 @@
get_gs_host() . '/' . $name;
}
return $url;
@@ -52,17 +47,13 @@ public function set_url_scheme($url, $scheme, $orig_scheme) {
* Change Upload BaseURL when CDN Used.
*/
public function action_admin_menu() {
- if (current_user_can('edit_theme_options') && isset($_POST['siteorigin_custom_css_save'])) {
+ if ( current_user_can('edit_theme_options') && isset($_POST['siteorigin_custom_css_save']) ) {
+ check_admin_referer( 'custom_css', '_sononce' );
+
try {
$prefix = apply_filters('wp_stateless_file_name', 'so-css', 0);
do_action('sm:sync::deleteFiles', $prefix);
- // die();
- // $object_list = ud_get_stateless_media()->get_client()->list_objects("prefix=$prefix");
- // $files_array = $object_list->getItems();
- // foreach ($files_array as $file) {
- // do_action( 'sm:sync::deleteFile', $file->name );
- // }
- } catch (Exception $e) {
+ } catch (\Throwable $e) {
}
}
}
diff --git a/readme.txt b/readme.txt
index f08f08f..c06e73c 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,11 +1,11 @@
=== WP-Stateless - SiteOrigin CSS Addon ===
Contributors: usability_dynamics, andypotanin, ideric, maxim.peshkov, planvova, obolgun
Donate link: https://udx.io
-Tags: siteorigin, css editor, customize design, visual css, google, google cloud, google cloud storage, cdn, uploads, media, stateless, backup
+Tags: siteorigin css, siteorigin css addon extension, google cloud storage, stateless, wp-stateless
License: GPLv2 or later
Requires PHP: 8.0
Requires at least: 5.0
-Tested up to: 6.4.1
+Tested up to: 6.4.3
Stable tag: 0.0.1
Provides compatibility between the SiteOrigin CSS and the WP-Stateless plugins.
diff --git a/tests/ClassSiteOriginCSSTest.php b/tests/ClassSiteOriginCSSTest.php
index 1f44151..c3ca55d 100644
--- a/tests/ClassSiteOriginCSSTest.php
+++ b/tests/ClassSiteOriginCSSTest.php
@@ -1,6 +1,6 @@
justReturn( self::TEST_UPLOAD_DIR );
+ Functions\when('check_admin_referer')->justReturn( true );
// WP_Stateless mocks
Filters\expectApplied('wp_stateless_file_name')
diff --git a/vendor/bin/.phpunit.result.cache b/vendor/bin/.phpunit.result.cache
index f08b816..1061a3c 100644
--- a/vendor/bin/.phpunit.result.cache
+++ b/vendor/bin/.phpunit.result.cache
@@ -1 +1 @@
-{"version":1,"defects":{"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldInitHooks":4,"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldSaveFieldValue":4},"times":{"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldInitHooks":0.11,"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldSaveFieldValue":0.003,"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldDeleteCssFile":0.001}}
\ No newline at end of file
+{"version":1,"defects":{"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldInitHooks":4,"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldSaveFieldValue":4,"SLCA\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldDeleteCssFile":4},"times":{"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldInitHooks":0.11,"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldSaveFieldValue":0.003,"WPSL\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldDeleteCssFile":0.001,"SLCA\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldInitHooks":0.128,"SLCA\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldSaveFieldValue":0.004,"SLCA\\SiteOriginCSS\\ClassSiteOriginCSSTest::testShouldDeleteCssFile":0.001}}
\ No newline at end of file
diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php
index 22c754b..f1b6bc9 100644
--- a/vendor/composer/installed.php
+++ b/vendor/composer/installed.php
@@ -3,7 +3,7 @@
'name' => 'udx/wp-stateless-siteorigin-css-addon',
'pretty_version' => 'dev-main',
'version' => 'dev-main',
- 'reference' => '1ec2a0e4c4c08d7672d13fada35fbc0502f83319',
+ 'reference' => 'd1f485715379686e46294c743ad010f64a16957d',
'type' => 'wordpress-plugin',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@@ -13,7 +13,7 @@
'udx/wp-stateless-siteorigin-css-addon' => array(
'pretty_version' => 'dev-main',
'version' => 'dev-main',
- 'reference' => '1ec2a0e4c4c08d7672d13fada35fbc0502f83319',
+ 'reference' => 'd1f485715379686e46294c743ad010f64a16957d',
'type' => 'wordpress-plugin',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
diff --git a/wp-stateless-siteorigin-css-addon.php b/wp-stateless-siteorigin-css-addon.php
index 49885d9..d14edc0 100644
--- a/wp-stateless-siteorigin-css-addon.php
+++ b/wp-stateless-siteorigin-css-addon.php
@@ -6,25 +6,25 @@
* Description: Provides compatibility between the SiteOrigin CSS and the WP-Stateless plugins.
* Author: UDX
* Version: 0.0.1
- * Text Domain: wpssocss
+ * Text Domain: slca-so-css
* Author URI: https://udx.io
- * License: MIT
+ * License: GPLv2 or later
*
- * Copyright 2023 UDX (email: info@udx.io)
+ * Copyright 2024 UDX (email: info@udx.io)
*/
-namespace WPSL\SiteOriginCSS;
+namespace SLCA\SiteOriginCSS;
add_action('plugins_loaded', function () {
if (class_exists('wpCloud\StatelessMedia\Compatibility')) {
- require_once 'vendor/autoload.php';
+ require_once ( dirname( __FILE__ ) . '/vendor/autoload.php' );
// Load
return new SiteOriginCSS();
}
add_filter('plugin_row_meta', function ($plugin_meta, $plugin_file, $_, $__) {
if ($plugin_file !== join(DIRECTORY_SEPARATOR, [basename(__DIR__), basename(__FILE__)])) return $plugin_meta;
- $plugin_meta[] = sprintf('%s', __('This plugin requires WP-Stateless plugin version 4.0.0 or greater to be installed and active.'));
+ $plugin_meta[] = sprintf('%s', __('This plugin requires WP-Stateless plugin version 3.4.0 or greater to be installed and active.'));
return $plugin_meta;
}, 10, 4);
});