kawaiipunk/laipower
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated plugin Simple Local Avatars version 2.8.6

Browse Source
This commit is contained in:
KawaiiPunk
2026-06-03 21:29:14 +00:00
committed by Gitium
parent 766faf9ed9
commit e410ed67cf
8 changed files with 166 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
wp-content/plugins/simple-local-avatars/includes/class-simple-local-avatars.php
View File

@ -74,7 +74,9 @@ class Simple_Local_Avatars {
&& ( && (
( // And either an ajax request not in the network admin. ( // And either an ajax request not in the network admin.
defined( 'DOING_AJAX' ) && DOING_AJAX defined( 'DOING_AJAX' ) && DOING_AJAX
&& isset( $_SERVER['HTTP_REFERER'] ) && ! preg_match( '#^' . network_admin_url() . '#i', $_SERVER['HTTP_REFERER'] ) && isset( $_SERVER['HTTP_REFERER'] )
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- this validates rather than sanitizes
&& ! preg_match( '#^' . preg_quote( network_admin_url(), '#' ) . '#i', wp_unslash( $_SERVER['HTTP_REFERER'] ) )
) )
|| ||
( // Or normal request not in the network admin. ( // Or normal request not in the network admin.
@ -143,13 +145,30 @@ class Simple_Local_Avatars {
}, 10, 1 ); }, 10, 1 );
} }
// Fix: An error occurred cropping the image (https://github.com/10up/simple-local-avatars/issues/141). add_action(
if ( isset( $_POST['action'] ) && 'crop-image' === $_POST['action'] && is_admin() && wp_doing_ajax() ) { 'plugins_loaded',
add_action( 'plugins_loaded', function () { function () {
/*
* Fix: An error occurred cropping the image
*
* @see https://github.com/10up/simple-local-avatars/issues/141
* @see wp_ajax_crop_image() in wp-admin/includes/ajax-actions.php
*
* During a WordPress Core crop-image ajax request, bypass the theme_setup hook.
*/
if (
isset( $_POST['action'] )
&& 'crop-image' === $_POST['action']
&& isset( $_POST['id'] )
&& is_admin()
&& wp_doing_ajax()
&& check_ajax_referer( 'image_editor-' . absint( $_POST['id'] ), 'nonce', false )
) {
remove_all_actions( 'setup_theme' ); remove_all_actions( 'setup_theme' );
} );
} }
} }
);
}
/** /**
* Determine if plugin is network activated. * Determine if plugin is network activated.
@ -437,6 +456,8 @@ class Simple_Local_Avatars {
// generate the new size // generate the new size
$editor = wp_get_image_editor( $avatar_full_path ); $editor = wp_get_image_editor( $avatar_full_path );
if ( ! is_wp_error( $editor ) ) { if ( ! is_wp_error( $editor ) ) {
$image_size = $editor->get_size();
if ( ! is_array( $image_size ) || $image_size['width'] !== $size || $image_size['height'] !== $size ) {
$resized = $editor->resize( $size, $size, true ); $resized = $editor->resize( $size, $size, true );
if ( ! is_wp_error( $resized ) ) { if ( ! is_wp_error( $resized ) ) {
$dest_file = $editor->generate_filename(); $dest_file = $editor->generate_filename();
@ -454,6 +475,7 @@ class Simple_Local_Avatars {
} }
} }
} }
}
// save updated avatar sizes // save updated avatar sizes
update_user_meta( $user_id, $this->user_key, $local_avatars ); update_user_meta( $user_id, $this->user_key, $local_avatars );
@ -771,15 +793,18 @@ class Simple_Local_Avatars {
$sanitized = array(); $sanitized = array();
foreach ( $options as $option_name ) { foreach ( $options as $option_name ) {
if ( ! isset( $_POST['simple_local_avatars'][ $option_name ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification // phpcs:ignore WordPress.Security.NonceVerification -- checked by wp-admin/network/settings.php
if ( ! isset( $_POST['simple_local_avatars'][ $option_name ] ) ) {
continue; continue;
} }
switch ( $option_name ) { switch ( $option_name ) {
case 'mode': case 'mode':
update_site_option( 'simple_local_avatars_mode', sanitize_text_field( $_POST['simple_local_avatars'][ $option_name ] ) ); // phpcs:ignore WordPress.Security.NonceVerification -- checked by wp-admin/network/settings.php
update_site_option( 'simple_local_avatars_mode', sanitize_text_field( wp_unslash( $_POST['simple_local_avatars'][ $option_name ] ) ) );
break; break;
default: default:
// phpcs:ignore WordPress.Security.NonceVerification -- checked by wp-admin/network/settings.php
$sanitized[ $option_name ] = empty( $_POST['simple_local_avatars'][ $option_name ] ) ? 0 : 1; $sanitized[ $option_name ] = empty( $_POST['simple_local_avatars'][ $option_name ] ) ? 0 : 1;
} }
} }
@ -1059,7 +1084,7 @@ class Simple_Local_Avatars {
*/ */
public function edit_user_profile_update( $user_id ) { public function edit_user_profile_update( $user_id ) {
// check nonces // check nonces
if ( empty( $_POST['_simple_local_avatar_nonce'] ) || ! wp_verify_nonce( $_POST['_simple_local_avatar_nonce'], 'simple_local_avatar_nonce' ) ) { if ( empty( $_POST['_simple_local_avatar_nonce'] ) || ! wp_verify_nonce( wp_unslash( $_POST['_simple_local_avatar_nonce'] ), 'simple_local_avatar_nonce' ) ) {
return; return;
} }
@ -1068,8 +1093,9 @@ class Simple_Local_Avatars {
// need to be more secure since low privilege users can upload // need to be more secure since low privilege users can upload
$allowed_mime_types = wp_get_mime_types(); $allowed_mime_types = wp_get_mime_types();
$file_mime_type = strtolower( $_FILES['simple-local-avatar']['type'] );
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- validated in following lines.
$file_mime_type = strtolower( $_FILES['simple-local-avatar']['type'] );
if ( ! ( 0 === strpos( $file_mime_type, 'image/' ) ) || ! in_array( $file_mime_type, $allowed_mime_types, true ) ) { if ( ! ( 0 === strpos( $file_mime_type, 'image/' ) ) || ! in_array( $file_mime_type, $allowed_mime_types, true ) ) {
$this->avatar_upload_error = __( 'Only images can be uploaded as an avatar', 'simple-local-avatars' ); $this->avatar_upload_error = __( 'Only images can be uploaded as an avatar', 'simple-local-avatars' );
add_action( 'user_profile_update_errors', array( $this, 'user_profile_update_errors' ) ); add_action( 'user_profile_update_errors', array( $this, 'user_profile_update_errors' ) );
@ -1126,11 +1152,13 @@ class Simple_Local_Avatars {
// Handle ratings // Handle ratings
if ( isset( $avatar_id ) || ! empty( $this->get_user_local_avatar( $user_id ) ) ) { if ( isset( $avatar_id ) || ! empty( $this->get_user_local_avatar( $user_id ) ) ) {
if ( empty( $_POST['simple_local_avatar_rating'] ) || ! array_key_exists( $_POST['simple_local_avatar_rating'], $this->avatar_ratings ) ) { $passed_avatar_rating = isset( $_POST['simple_local_avatar_rating'] ) ? sanitize_text_field( wp_unslash( $_POST['simple_local_avatar_rating'] ) ) : '';
$_POST['simple_local_avatar_rating'] = key( $this->avatar_ratings ); if ( empty( $passed_avatar_rating ) || ! in_array( $passed_avatar_rating, array_keys( $this->avatar_ratings ), true ) ) {
$passed_avatar_rating = key( $this->avatar_ratings );
$_POST['simple_local_avatar_rating'] = wp_slash( $passed_avatar_rating ); // May be access later in execution.
} }
update_user_meta( $user_id, $this->rating_key, $_POST['simple_local_avatar_rating'] ); update_user_meta( $user_id, $this->rating_key, wp_slash( $passed_avatar_rating ) );
} }
} }
@ -1148,7 +1176,7 @@ class Simple_Local_Avatars {
* Runs when a user clicks the Remove button for the avatar * Runs when a user clicks the Remove button for the avatar
*/ */
public function action_remove_simple_local_avatar() { public function action_remove_simple_local_avatar() {
if ( ! empty( $_GET['user_id'] ) && ! empty( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'remove_simple_local_avatar_nonce' ) ) { if ( ! empty( $_GET['user_id'] ) && ! empty( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'remove_simple_local_avatar_nonce' ) ) {
$user_id = (int) $_GET['user_id']; $user_id = (int) $_GET['user_id'];
if ( ! current_user_can( 'edit_user', $user_id ) ) { if ( ! current_user_can( 'edit_user', $user_id ) ) {
@ -1172,7 +1200,14 @@ class Simple_Local_Avatars {
*/ */
public function ajax_assign_simple_local_avatar_media() { public function ajax_assign_simple_local_avatar_media() {
// check required information and permissions // check required information and permissions
if ( empty( $_POST['user_id'] ) || empty( $_POST['media_id'] ) || ! current_user_can( 'upload_files' ) || ! current_user_can( 'edit_user', $_POST['user_id'] ) || empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'assign_simple_local_avatar_nonce' ) ) { if (
empty( $_POST['user_id'] )
|| empty( $_POST['media_id'] )
|| ! current_user_can( 'upload_files' )
|| ! current_user_can( 'edit_user', absint( wp_unslash( $_POST['user_id'] ) ) )
|| empty( $_POST['_wpnonce'] )
|| ! wp_verify_nonce( wp_unslash( $_POST['_wpnonce'] ), 'assign_simple_local_avatar_nonce' )
) {
die; die;
} }
@ -1553,6 +1588,11 @@ class Simple_Local_Avatars {
return; return;
} }
// Ensure user has proper capability.
if ( ! current_user_can( 'manage_options' ) ) {
return;
}
$file_id = filter_input( INPUT_POST, 'simple-local-avatar-file-id', FILTER_SANITIZE_NUMBER_INT ); $file_id = filter_input( INPUT_POST, 'simple-local-avatar-file-id', FILTER_SANITIZE_NUMBER_INT );
// check for uploaded files // check for uploaded files
@ -1658,13 +1698,18 @@ class Simple_Local_Avatars {
* @return void * @return void
*/ */
public function ajax_migrate_from_wp_user_avatar() { public function ajax_migrate_from_wp_user_avatar() {
// Check if user has the required capability.
if ( ! current_user_can( 'manage_options' ) ) {
wp_die( esc_html__( 'You do not have sufficient permissions to access this page.', 'simple-local-avatars' ) );
}
// Bail early if nonce is not available. // Bail early if nonce is not available.
if ( empty( sanitize_text_field( $_POST['migrateFromWpUserAvatarNonce'] ) ) ) { if ( empty( $_POST['migrateFromWpUserAvatarNonce'] ) ) {
die; die;
} }
// Bail early if nonce is invalid. // Bail early if nonce is invalid.
if ( ! wp_verify_nonce( sanitize_text_field( $_POST['migrateFromWpUserAvatarNonce'] ), 'migrate_from_wp_user_avatar_nonce' ) ) { if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['migrateFromWpUserAvatarNonce'] ) ), 'migrate_from_wp_user_avatar_nonce' ) ) {
die(); die();
} }

117
wp-content/plugins/simple-local-avatars/readme.txt
View File

@ -1,10 +1,9 @@
=== Simple Local Avatars === === Simple Local Avatars ===
Contributors: jakemgold, 10up, thinkoomph, jeffpaul, faisal03 Contributors: jakemgold, 10up, thinkoomph, jeffpaul, faisal03, dkotter
Donate link: https://10up.com/plugins/simple-local-avatars-wordpress/ Donate link: https://10up.com/plugins/simple-local-avatars-wordpress/
Tags: avatar, gravatar, user photos, users, profile Tags: avatar, gravatar, user photos, users, profile
Requires at least: 6.6 Tested up to: 7.0
Tested up to: 6.8 Stable tag: 2.8.6
Stable tag: 2.8.3
License: GPL-2.0-or-later License: GPL-2.0-or-later
License URI: https://spdx.org/licenses/GPL-2.0-or-later.html License URI: https://spdx.org/licenses/GPL-2.0-or-later.html
@ -23,6 +22,10 @@ Just edit a user profile, and scroll down to the new "Avatar" field. The plug-in
5. Lets you decide whether lower privilege users (subscribers, contributors) can upload their own avatar. 5. Lets you decide whether lower privilege users (subscribers, contributors) can upload their own avatar.
6. Enables rating of local avatars, just like Gravatar. 6. Enables rating of local avatars, just like Gravatar.
== Support Level ==
Simple Local Avatars' support level is marked as `stable`. 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress.
== Installation == == Installation ==
1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted folder to the `/wp-content/plugins/` directory 1. Install easily with the WordPress plugin control panel or manually download the plugin and upload the extracted folder to the `/wp-content/plugins/` directory
@ -40,102 +43,48 @@ You can also use `get_simple_local_avatar()` (with the same arguments) to retrie
No. Simple Local Avatars neither collects, stores, nor sends any PII data of visitors or avatar users on the host site or to 10up or other services. No. Simple Local Avatars neither collects, stores, nor sends any PII data of visitors or avatar users on the host site or to 10up or other services.
= Where do I report security bugs found in this plugin? =
Please report security bugs found in the source code of the Simple Local Avatars plugin through the [Patchstack Vulnerability Disclosure  Program](https://patchstack.com/database/vdp/9e5fbad0-dfe4-4c2d-bf43-c5d71f99bb7d). The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.
== Screenshots == == Screenshots ==
1. Avatar upload field on a user profile page 1. Avatar upload field on a user profile page
== Changelog == == Changelog ==
= 2.8.3 - 2024-11-18 = = 2.8.6 - 2026-02-17 =
* **Changed:** Only allow images that were uploaded by the same user be used when setting the avatar via a REST request (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [#317](https://github.com/10up/simple-local-avatars/pull/317)).
* **Fixed:** Only allow image files to be set as the avatar in REST requests (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [#317](https://github.com/10up/simple-local-avatars/pull/317)).
* **Security:** Bump `@10up/cypress-wp-utils` from 0.2.0 to 0.4.0, `@sentry/node` from 6.19.7 to 8.38.0, `@wordpress/env` from 9.2.0 to 10.11.0, `cypress` from 13.2.0 to 13.15.2, `cypress-mochawesome-reporter` from 3.6.0 to 3.8.2, `puppeteer-core` from 23.3.0 to 23.8.0 (props [@dkotter](https://github.com/dkotter) via [#319](https://github.com/10up/simple-local-avatars/pull/319)).
= 2.8.2 - 2024-11-12 = * **Changed:** Bump WordPress "tested up to" version 6.9 (props [@peterwilsoncc](https://github.com/peterwilsoncc), [@dkotter](https://github.com/dkotter) via [#352](https://github.com/10up/simple-local-avatars/pull/352)).
* **Fixed:** Ensure dependencies are (actually) included properly in the release (props [@dkotter](https://github.com/dkotter) via [#316](https://github.com/10up/simple-local-avatars/pull/316)). * **Changed:** Consider `get_avatar()` wrapper function `get_simple_local_avatar()` escaped (props [@peterwilsoncc](https://github.com/peterwilsoncc), [@dkotter](https://github.com/dkotter) via [#358](https://github.com/10up/simple-local-avatars/pull/358)).
* **Changed:** Consider `wp_verify_nonce()` as auto-sanitized (props [@peterwilsoncc](https://github.com/peterwilsoncc), [@dkotter](https://github.com/dkotter) via [#358](https://github.com/10up/simple-local-avatars/pull/358)).
* **Fixed:** Ensure form data is unslashed as required (props [@peterwilsoncc](https://github.com/peterwilsoncc), [@dkotter](https://github.com/dkotter) via [#358](https://github.com/10up/simple-local-avatars/pull/358)).
* **Security:** (Hardening) Ensure user has `manage_option` cap before saving default avatar (props [@peterwilsoncc](https://github.com/peterwilsoncc), [@dkotter](https://github.com/dkotter) via [#358](https://github.com/10up/simple-local-avatars/pull/358)).
= 2.8.1 - 2024-11-12 = = 2.8.5 - 2025-08-06 =
* **Fixed:** Ensure dependencies are included properly in the release (props [@dkotter](https://github.com/dkotter) via [#315](https://github.com/10up/simple-local-avatars/pull/315)).
= 2.8.0 - 2024-11-12 = * **Security:** Run a user capability check before migrating WP User Avatars. Thank you Håkon Harnes at [Wordfence](https://www.wordfence.com/) for responsibly disclosing this issue. (props [@jeffpaul](https://github.com/jeffpaul), [@peterwilsoncc](https://github.com/peterwilsoncc), [@faisal-alvi](https://github.com/faisal-alvi) via [GHSA-fmhf-27jv-qf37](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-fmhf-27jv-qf37))
**Note that this release bumps the minimum required version of WordPress from 6.4 to 6.5.**
* **Added:** Support for the WordPress.org plugin preview (props [@faisal-alvi](https://github.com/faisal-alvi), [@jeffpaul](https://github.com/jeffpaul) via [#297](https://github.com/10up/simple-local-avatars/pull/297)). = 2.8.4 - 2025-07-14 =
* **Changed:** Update PHP compatibility check to use `10up/wp-compat-validation-tool` (props [@Sidsector9](https://github.com/Sidsector9), [@jeffpaul](https://github.com/jeffpaul), [@faisal-alvi](https://github.com/faisal-alvi) via [#291](https://github.com/10up/simple-local-avatars/pull/291)).
* **Changed:** Bump Wordpress "tested up to" version 6.7 (props [@sudip-md](https://github.com/sudip-md), [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#310](https://github.com/10up/simple-local-avatars/pull/310), [#312](https://github.com/10up/simple-local-avatars/pull/312)).
* **Changed:** Bump WordPress minimum supported version to 6.5 (props [@sudip-md](https://github.com/sudip-md), [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#310](https://github.com/10up/simple-local-avatars/pull/310), [#312](https://github.com/10up/simple-local-avatars/pull/312)).
* **Fixed:** Ensure all strings are properly translated (props [@pedro-mendonca](https://github.com/pedro-mendonca), [@dkotter](https://github.com/dkotter) via [#295](https://github.com/10up/simple-local-avatars/pull/295)).
* **Fixed:** Properly handle malformed `simple_local_avatar` user data (props [@adekbadek](https://github.com/adekbadek), [@dkotter](https://github.com/dkotter), [@faisal-alvi](https://github.com/faisal-alvi) via [#302](https://github.com/10up/simple-local-avatars/pull/302)).
* **Security:** Run a user capability check before we clear the avatar cache (props [@dkotter](https://github.com/dkotter), [@truonghuuphuc](https://github.com/truonghuuphuc), [@Sidsector9](https://github.com/Sidsector9) via [#309](https://github.com/10up/simple-local-avatars/pull/309)).
* **Security:** Ensure REST API requests to set an avatar only allow existing attachment IDs to be used (props [@dkotter](https://github.com/dkotter), [@justus12337](https://github.com/justus12337), [@faisal-alvi](https://github.com/faisal-alvi) via [GHSA-wfjh-m788-w2c5](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-wfjh-m788-w2c5)).
* **Security:** Bump `axios` from 1.6.7 to 1.7.4 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#298](https://github.com/10up/simple-local-avatars/pull/298)).
* **Security:** Bump `webpack` from 5.90.0 to 5.94.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#303](https://github.com/10up/simple-local-avatars/pull/303)).
* **Security:** Bump `ws` from 7.5.10 to 8.18.0 and `@wordpress/scripts` from 27.1.0 to 30.4.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#305](https://github.com/10up/simple-local-avatars/pull/305), [#311](https://github.com/10up/simple-local-avatars/pull/311)).
* **Security:** Bump `body-parser` from 1.20.2 to 1.20.3, `express` from 4.19.2 to 4.21.0, `send` from 0.18.0 to 0.19.0 and `serve-static` from 1.15.0 to 1.16.2 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#306](https://github.com/10up/simple-local-avatars/pull/306)).
= 2.7.11 - 2024-07-18 = * **Changed:** Don't resize image if the full version already has the expected height/width (props [@ocean90](https://github.com/ocean90), [@jeffpaul](https://github.com/jeffpaul), [@faisal-alvi](https://github.com/faisal-alvi) via [#324](https://github.com/10up/simple-local-avatars/pull/324)).
**Note that this release bumps the minimum required version of WordPress from 6.3 to 6.4.** * **Changed:** Bump WordPress "tested up to" version 6.8 (props [@qasumitbagthariya](https://github.com/qasumitbagthariya), [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#332](https://github.com/10up/simple-local-avatars/pull/332), [#334](https://github.com/10up/simple-local-avatars/pull/334)).
* **Changed:** Bump WordPress minimum from 6.5 to 6.6 (props [@qasumitbagthariya](https://github.com/qasumitbagthariya), [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#332](https://github.com/10up/simple-local-avatars/pull/332), [#334](https://github.com/10up/simple-local-avatars/pull/334)).
* **Changed:** Bumped WordPress "tested up to" version 6.6 and minimum version to 6.4 (props [@sudip-md](https://github.com/sudip-md), [@ankitguptaindia](https://github.com/ankitguptaindia), [@jeffpaul](https://github.com/jeffpaul) via [#289](https://github.com/10up/simple-local-avatars/pull/289), [#290](https://github.com/10up/simple-local-avatars/pull/290)). * **Security:** Bump `@sentry/node` from 8.38.0 to 8.52.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#325](https://github.com/10up/simple-local-avatars/pull/325)).
* **Security:** Add nonce check when saving the default avatar ID (props [@faisal-alvi](https://github.com/faisal-alvi), [@aaemnnosttv](https://github.com/aaemnnosttv), [@rafiem](https://github.com/rafiem), [@dkotter](https://github.com/dkotter) via [GHSA-46pw-6m35-9m7x](https://github.com/10up/simple-local-avatars/security/advisories/GHSA-46pw-6m35-9m7x)). * **Security:** Bump `axios` from 1.7.7 to 1.8.4 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#330](https://github.com/10up/simple-local-avatars/pull/330)).
* **Security:** Bump `braces` from 3.0.2 to 3.0.3, `pac-resolver` from 7.0.0 to 7.0.1, `socks` from 2.7.1 to 2.8.3 and removes `ip` (props [@dependabot](https://github.com/apps/dependabot), [@Sidsector9](https://github.com/Sidsector9) via [#286](https://github.com/10up/simple-local-avatars/pull/286)). * **Security:** Bump `tar-fs` from 3.0.6 to 3.0.9 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#331](https://github.com/10up/simple-local-avatars/pull/331), [#336](https://github.com/10up/simple-local-avatars/pull/336)).
* **Security:** Bump `ws` from 7.5.9 to 7.5.10 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#287](https://github.com/10up/simple-local-avatars/pull/287)). * **Security:** Bump `http-proxy-middleware` from 2.0.7 to 2.0.9 (props [@dependabot](https://github.com/apps/dependabot), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#335](https://github.com/10up/simple-local-avatars/pull/335)).
= 2.7.10 - 2024-05-24 =
* **Fixed:** Fix Default Avatar Fallback (props [@amirhossein7](https://profiles.wordpress.org/amirhossein7/), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@qasumitbagthariya](https://github.com/qasumitbagthariya/) via [#281](https://github.com/10up/simple-local-avatars/pull/281)).
* **Security:** Bump `express` from 4.18.2 to 4.19.2 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)).
* **Security:** Bump `follow-redirects` from 1.15.5 to 1.15.6 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)).
* **Security:** Bump `ip` from 1.1.8 to 1.1.9 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)).
* **Security:** Bump `webpack-dev-middleware` from 5.3.3 to 5.3.4 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#269](https://github.com/10up/simple-local-avatars/pull/269)).
= 2.7.9 - 2024-05-14 =
* **Fixed:** Ensure default Gravatar avatars are shown correctly (props [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter), [@horrormoviesgr](https://profiles.wordpress.org/horrormoviesgr/), [@inpeaks](https://profiles.wordpress.org/inpeaks/), [@lillylark](https://profiles.wordpress.org/lillylark/), [@rafaucau](https://github.com/rafaucau), [@janrenn](https://profiles.wordpress.org/janrenn/) via [#278](https://github.com/10up/simple-local-avatars/pull/278)).
= 2.7.8 - 2024-05-08 =
**Note that this release bumps the minimum required version of WordPress from 5.7 to 6.3.**
* **Added:** "Testing" section in the `CONTRIBUTING.md` file (props [@kmgalanakis](https://github.com/kmgalanakis), [@jeffpaul](https://github.com/jeffpaul) via [#274](https://github.com/10up/simple-local-avatars/pull/274)).
* **Changed:** Bumped WordPress "tested up to" version 6.5 (props [@sudip-md](https://github.com/sudip-md), [@dkotter](https://github.com/dkotter), [@jeffpaul](https://github.com/jeffpaul) via [#270](https://github.com/10up/simple-local-avatars/pull/270)).
* **Changed:** Move `simple_local_avatar_deleted` action to `avatar_delete` (props [@lllopo](https://github.com/lllopo), [@faisal-alvi](https://github.com/faisal-alvi), [@dkotter](https://github.com/dkotter) via [#255](https://github.com/10up/simple-local-avatars/pull/255)).
* **Changed:** Clean up NPM dependencies and update node to `v20` (props [@Sidsector9](https://github.com/Sidsector9), [@dkotter](https://github.com/dkotter) via [#257](https://github.com/10up/simple-local-avatars/pull/257)).
* **Changed:** Update `CODEOWNERS` of the plugin (props [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#253](https://github.com/10up/simple-local-avatars/pull/253)).
* **Changed:** Disabled auto sync pull requests with target branch (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#263](https://github.com/10up/simple-local-avatars/pull/263)).
* **Changed:** Upgrade `download-artifact` from v3 to v4 (props [@iamdharmesh](https://github.com/iamdharmesh), [@jeffpaul](https://github.com/jeffpaul) via [#265](https://github.com/10up/simple-local-avatars/pull/265)).
* **Changed:** Replaced `lee-dohm/no-response` with `actions/stale` to help with closing `no-response/stale` issues (props [@jeffpaul](https://github.com/jeffpaul), [@dkotter](https://github.com/dkotter) via [#266](https://github.com/10up/simple-local-avatars/pull/266)).
* **Fixed:** Broken default avatar when `Local Avatars Only` is unchecked (props [@faisal-alvi](https://github.com/faisal-alvi), [@ankitguptaindia](https://github.com/ankitguptaindia), [@qasumitbagthariya](https://github.com/qasumitbagthariya) via [#260](https://github.com/10up/simple-local-avatars/pull/260)).
* **Fixed:** Ensure high-quality avatar preview on profile edit screen (props [@ocean90](https://github.com/ocean90), [@dkotter](https://github.com/dkotter) via [#273](https://github.com/10up/simple-local-avatars/pull/273)).
* **Fixed:** Possible PHP warning (props [@BhargavBhandari90](https://github.com/BhargavBhandari90), [@dkotter](https://github.com/dkotter) via [#261](https://github.com/10up/simple-local-avatars/pull/261)).
* **Fixed:** Fixed typos (props [@szepeviktor](https://github.com/szepeviktor), [@dkotter](https://github.com/dkotter) via [#268](https://github.com/10up/simple-local-avatars/pull/268)).
= 2.7.7 - 2023-12-13 =
* **Fixed:** Revert the Host/Domain support for local avatar URL (props [@faisal-alvi](https://github.com/faisal-alvi), [@jakejackson1](https://github.com/jakejackson1), [@leogermani](https://github.com/leogermani), [@dkotter](https://github.com/dkotter) via [#247](https://github.com/10up/simple-local-avatars/pull/247)).
* **Security:** Bump `axios` from 0.25.0 to 1.6.2 and `@wordpress/scripts` from 23.7.2 to 26.18.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#250](https://github.com/10up/simple-local-avatars/pull/250)).
= 2.7.6 - 2023-11-30 =
* **Added:** Check for minimum required PHP version before loading the plugin (props [@kmgalanakis](https://github.com/kmgalanakis), [@faisal-alvi](https://github.com/faisal-alvi) via [#226](https://github.com/10up/simple-local-avatars/pull/226)).
* **Added:** `pre_simple_local_avatar_url` filter to allow an avatar image to be short-circuited before Simple Local Avatars processes it (props [@johnbillion](https://github.com/johnbillion), [@peterwilsoncc](https://github.com/peterwilsoncc) via [#237](https://github.com/10up/simple-local-avatars/pull/237)).
* **Added:** Repo Automator GitHub Action (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#228](https://github.com/10up/simple-local-avatars/pull/228)).
* **Added:** E2E test for checking the front end of avatars (props [@Firestorm980](https://github.com/Firestorm980), [@iamdharmesh](https://github.com/iamdharmesh) via [#219](https://github.com/10up/simple-local-avatars/pull/219)).
* **Changed:** Bumped WordPress "tested up to" version 6.4 (props [@zamanq](https://github.com/zamanq), [@ankitguptaindia](https://github.com/ankitguptaindia), [@faisal-alvi](https://github.com/faisal-alvi), [@qasumitbagthariya](https://github.com/qasumitbagthariya) via [#230](https://github.com/10up/simple-local-avatars/pull/230), [#244](https://github.com/10up/simple-local-avatars/pull/244)).
* **Changed:** Update the Dependency Review GitHub Action to leverage our org-wide config file to check for GPL-compatible licenses (props [@jeffpaul](https://github.com/jeffpaul), [@faisal-alvi](https://github.com/faisal-alvi) via [#215](https://github.com/10up/simple-local-avatars/pull/215)).
* **Changed:** Documentation updates (props [@jeffpaul](https://github.com/jeffpaul), [@faisal-alvi](https://github.com/faisal-alvi) via [#242](https://github.com/10up/simple-local-avatars/pull/242)).
* **Fixed:** Address conflicts with other plugins and loading the media API (props [@EHLOVader](https://github.com/EHLOVader), [@dkotter](https://github.com/dkotter) via [#218](https://github.com/10up/simple-local-avatars/pull/218)).
* **Fixed:** Prevent PHP fatal error when switching from a multisite to single site installation (props [@ocean90](https://github.com/ocean90), [@ravinderk](https://github.com/ravinderk), [@faisal-alvi](https://github.com/faisal-alvi) via [#222](https://github.com/10up/simple-local-avatars/pull/222)).
* **Fixed:** Local avatar urls remain old after domain/host change (props [@jayedul](https://github.com/jayedul), [@ravinderk](https://github.com/ravinderk), [@jeffpaul](https://github.com/jeffpaul), [@faisal-alvi](https://github.com/faisal-alvi) via [#216](https://github.com/10up/simple-local-avatars/pull/216)).
* **Security:** Bump `word-wrap` from 1.2.3 to 1.2.4 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#223](https://github.com/10up/simple-local-avatars/pull/223)).
* **Security:** Bump `tough-cookie` from 4.1.2 to 4.1.3 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#225](https://github.com/10up/simple-local-avatars/pull/225)).
* **Security:** Bump `@cypress/request` from 2.88.10 to 3.0.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#225](https://github.com/10up/simple-local-avatars/pull/225), [#234](https://github.com/10up/simple-local-avatars/pull/234)).
* **Security:** Bump `cypress` from 11.2.0 to 13.2.0 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi), [@iamdharmesh](https://github.com/iamdharmesh) via [#234](https://github.com/10up/simple-local-avatars/pull/234), [#236](https://github.com/10up/simple-local-avatars/pull/236)).
* **Security:** Bump `postcss` from 8.4.21 to 8.4.31 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#238](https://github.com/10up/simple-local-avatars/pull/238)).
* **Security:** Bump `@babel/traverse` from 7.20.12 to 7.23.2 (props [@dependabot](https://github.com/apps/dependabot), [@faisal-alvi](https://github.com/faisal-alvi) via [#240](https://github.com/10up/simple-local-avatars/pull/240)).
* **Security:** Bump `@10up/cypress-wp-utils` version to 0.2.0 (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#236](https://github.com/10up/simple-local-avatars/pull/236)).
* **Security:** Bump `@wordpress/env` version from 5.2.0 to 8.7.0 (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#236](https://github.com/10up/simple-local-avatars/pull/236)).
* **Security:** Bump `cypress-mochawesome-reporter` version from 3.0.1 to 3.6.0 (props [@iamdharmesh](https://github.com/iamdharmesh), [@faisal-alvi](https://github.com/faisal-alvi) via [#236](https://github.com/10up/simple-local-avatars/pull/236)).
[View historical changelog details here](https://github.com/10up/simple-local-avatars/blob/develop/CHANGELOG.md). [View historical changelog details here](https://github.com/10up/simple-local-avatars/blob/develop/CHANGELOG.md).
== Upgrade Notice == == Upgrade Notice ==
= 2.8.5 =
**Security release: Fixes an issue migrating WP User Avatars**
= 2.8.4 =
**Note that this release bumps the minimum required version of WordPress from 6.5 to 6.6.**
= 2.8.0 = = 2.8.0 =
**Note that this release bumps the minimum required version of WordPress from 6.4 to 6.5.** **Note that this release bumps the minimum required version of WordPress from 6.4 to 6.5.**

6
wp-content/plugins/simple-local-avatars/simple-local-avatars.php
View File

@ -3,8 +3,8 @@
* Plugin Name: Simple Local Avatars * Plugin Name: Simple Local Avatars
* Plugin URI: https://10up.com/plugins/simple-local-avatars-wordpress/ * Plugin URI: https://10up.com/plugins/simple-local-avatars-wordpress/
* Description: Adds an avatar upload field to user profiles. Generates requested sizes on demand, just like Gravatar! Simple and lightweight. * Description: Adds an avatar upload field to user profiles. Generates requested sizes on demand, just like Gravatar! Simple and lightweight.
* Version: 2.8.3 * Version: 2.8.6
* Requires at least: 6.5 * Requires at least: 6.6
* Requires PHP: 7.4 * Requires PHP: 7.4
* Author: 10up * Author: 10up
* Author URI: https://10up.com * Author URI: https://10up.com
@ -35,7 +35,7 @@ define( 'SLA_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
require_once dirname( __FILE__ ) . '/includes/class-simple-local-avatars.php'; require_once dirname( __FILE__ ) . '/includes/class-simple-local-avatars.php';
// Global constants. // Global constants.
define( 'SLA_VERSION', '2.8.3' ); define( 'SLA_VERSION', '2.8.6' );
define( 'SLA_PLUGIN_URL', plugin_dir_url( __FILE__ ) ); define( 'SLA_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
if ( ! defined( 'SLA_IS_NETWORK' ) ) { if ( ! defined( 'SLA_IS_NETWORK' ) ) {

5
wp-content/plugins/simple-local-avatars/vendor/autoload.php vendored
View File

@ -14,10 +14,7 @@ if (PHP_VERSION_ID < 50600) {
echo $err; echo $err;
} }
} }
trigger_error( throw new RuntimeException($err);
$err,
E_USER_ERROR
);
} }
require_once __DIR__ . '/composer/autoload_real.php'; require_once __DIR__ . '/composer/autoload_real.php';

45
wp-content/plugins/simple-local-avatars/vendor/composer/InstalledVersions.php vendored
View File

@ -26,12 +26,23 @@ use Composer\Semver\VersionParser;
*/ */
class InstalledVersions class InstalledVersions
{ {
/**
* @var string|null if set (by reflection by Composer), this should be set to the path where this class is being copied to
* @internal
*/
private static $selfDir = null;
/** /**
* @var mixed[]|null * @var mixed[]|null
* @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
*/ */
private static $installed; private static $installed;
/**
* @var bool
*/
private static $installedIsLocalDir;
/** /**
* @var bool|null * @var bool|null
*/ */
@ -309,6 +320,24 @@ class InstalledVersions
{ {
self::$installed = $data; self::$installed = $data;
self::$installedByVendor = array(); self::$installedByVendor = array();
// when using reload, we disable the duplicate protection to ensure that self::$installed data is
// always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
// so we have to assume it does not, and that may result in duplicate data being returned when listing
// all installed packages for example
self::$installedIsLocalDir = false;
}
/**
* @return string
*/
private static function getSelfDir()
{
if (self::$selfDir === null) {
self::$selfDir = strtr(__DIR__, '\\', '/');
}
return self::$selfDir;
} }
/** /**
@ -322,19 +351,27 @@ class InstalledVersions
} }
$installed = array(); $installed = array();
$copiedLocalDir = false;
if (self::$canGetVendors) { if (self::$canGetVendors) {
$selfDir = self::getSelfDir();
foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) { foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
$vendorDir = strtr($vendorDir, '\\', '/');
if (isset(self::$installedByVendor[$vendorDir])) { if (isset(self::$installedByVendor[$vendorDir])) {
$installed[] = self::$installedByVendor[$vendorDir]; $installed[] = self::$installedByVendor[$vendorDir];
} elseif (is_file($vendorDir.'/composer/installed.php')) { } elseif (is_file($vendorDir.'/composer/installed.php')) {
/** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */ /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
$required = require $vendorDir.'/composer/installed.php'; $required = require $vendorDir.'/composer/installed.php';
$installed[] = self::$installedByVendor[$vendorDir] = $required; self::$installedByVendor[$vendorDir] = $required;
if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { $installed[] = $required;
self::$installed = $installed[count($installed) - 1]; if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
self::$installed = $required;
self::$installedIsLocalDir = true;
} }
} }
if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
$copiedLocalDir = true;
}
} }
} }
@ -350,7 +387,7 @@ class InstalledVersions
} }
} }
if (self::$installed !== array()) { if (self::$installed !== array() && !$copiedLocalDir) {
$installed[] = self::$installed; $installed[] = self::$installed;
} }

12
wp-content/plugins/simple-local-avatars/vendor/composer/installed.php vendored
View File

@ -1,9 +1,9 @@
<?php return array( <?php return array(
'root' => array( 'root' => array(
'name' => '10up/simple-local-avatars', 'name' => '10up/simple-local-avatars',
'pretty_version' => '2.8.3', 'pretty_version' => '2.8.6',
'version' => '2.8.3.0', 'version' => '2.8.6.0',
'reference' => 'f30aabcce169c2325759a8e9754e8ac82d948396', 'reference' => '32b939b065a11fd5985934b1b74ca9da404029c3',
'type' => 'wordpress-plugin', 'type' => 'wordpress-plugin',
'install_path' => __DIR__ . '/../../', 'install_path' => __DIR__ . '/../../',
'aliases' => array(), 'aliases' => array(),
@ -11,9 +11,9 @@
), ),
'versions' => array( 'versions' => array(
'10up/simple-local-avatars' => array( '10up/simple-local-avatars' => array(
'pretty_version' => '2.8.3', 'pretty_version' => '2.8.6',
'version' => '2.8.3.0', 'version' => '2.8.6.0',
'reference' => 'f30aabcce169c2325759a8e9754e8ac82d948396', 'reference' => '32b939b065a11fd5985934b1b74ca9da404029c3',
'type' => 'wordpress-plugin', 'type' => 'wordpress-plugin',
'install_path' => __DIR__ . '/../../', 'install_path' => __DIR__ . '/../../',
'aliases' => array(), 'aliases' => array(),

5
wp-content/plugins/simple-local-avatars/vendor/composer/platform_check.php vendored
View File

@ -19,8 +19,7 @@ if ($issues) {
echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL; echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL;
} }
} }
trigger_error( throw new \RuntimeException(
'Composer detected issues in your platform: ' . implode(' ', $issues), 'Composer detected issues in your platform: ' . implode(' ', $issues)
E_USER_ERROR
); );
} }