From af7302e9b44914ddf9dbdd246f42c4e7fff50f4e Mon Sep 17 00:00:00 2001 From: noschmarrn Date: Fri, 20 Mar 2026 19:35:45 +0000 Subject: [PATCH] release: v1.1.0 --- README.de.md | 2 +- README.md | 2 +- brezngeo/brezngeo.php | 4 ++-- brezngeo/includes/Admin/SchemaMetaBox.php | 7 ++----- brezngeo/includes/Features/LinkSuggest.php | 8 ++++---- brezngeo/readme.txt | 13 +++++++++++-- 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/README.de.md b/README.de.md index 9fdcd6e..b524d5c 100644 --- a/README.de.md +++ b/README.de.md @@ -3,7 +3,7 @@ ![PHP 8.0+](https://img.shields.io/badge/PHP-8.0%2B-blue) ![WordPress 6.0+](https://img.shields.io/badge/WordPress-6.0%2B-21759b) ![License: GPL-2.0](https://img.shields.io/badge/License-GPL--2.0--or--later-green) -![Version](https://img.shields.io/badge/Version-1.0.0-orange) +![Version](https://img.shields.io/badge/Version-1.1.0-orange) ![Tests](https://img.shields.io/badge/Tests-112%20passing-brightgreen) 🇬🇧 [English version → README.md](README.md) diff --git a/README.md b/README.md index 55d9a03..3d39202 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ![PHP 8.0+](https://img.shields.io/badge/PHP-8.0%2B-blue) ![WordPress 6.0+](https://img.shields.io/badge/WordPress-6.0%2B-21759b) ![License: GPL-2.0](https://img.shields.io/badge/License-GPL--2.0--or--later-green) -![Version](https://img.shields.io/badge/Version-1.0.0-orange) +![Version](https://img.shields.io/badge/Version-1.1.0-orange) ![Tests](https://img.shields.io/badge/Tests-112%20passing-brightgreen) 🇩🇪 [Deutsche Version → README.de.md](README.de.md) diff --git a/brezngeo/brezngeo.php b/brezngeo/brezngeo.php index ed82873..b550e78 100644 --- a/brezngeo/brezngeo.php +++ b/brezngeo/brezngeo.php @@ -3,7 +3,7 @@ * Plugin Name: BreznGEO * Plugin URI: https://brezngeo.com/ * Description: AI-powered meta descriptions, GEO structured data, and llms.txt for WordPress. - * Version: 1.0.0 + * Version: 1.1.0 * Requires at least: 6.0 * Requires PHP: 8.0 * Author: NoSchmarrn.dev @@ -18,7 +18,7 @@ if ( ! defined( 'ABSPATH' ) ) { exit; } -define( 'BREZNGEO_VERSION', '1.0.0' ); +define( 'BREZNGEO_VERSION', '1.1.0' ); define( 'BREZNGEO_FILE', __FILE__ ); define( 'BREZNGEO_DIR', plugin_dir_path( __FILE__ ) ); define( 'BREZNGEO_URL', plugin_dir_url( __FILE__ ) ); diff --git a/brezngeo/includes/Admin/SchemaMetaBox.php b/brezngeo/includes/Admin/SchemaMetaBox.php index 5b2779c..16b2b97 100644 --- a/brezngeo/includes/Admin/SchemaMetaBox.php +++ b/brezngeo/includes/Admin/SchemaMetaBox.php @@ -62,18 +62,15 @@ class SchemaMetaBox { } // phpcs:ignore WordPress.Security.NonceVerification.Missing if ( ! isset( $_POST['_brezngeo_schema_nonce'] ) - // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized - || ! wp_verify_nonce( sanitize_key( $_POST['_brezngeo_schema_nonce'] ), 'brezngeo_schema_meta_box' ) ) { + || ! wp_verify_nonce( sanitize_key( wp_unslash( $_POST['_brezngeo_schema_nonce'] ) ), 'brezngeo_schema_meta_box' ) ) { return; } if ( ! current_user_can( 'edit_post', $post_id ) ) { return; } // phpcs:ignore WordPress.Security.NonceVerification.Missing - // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $input = isset( $_POST['brezngeo_schema'] ) && is_array( $_POST['brezngeo_schema'] ) - // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized - ? wp_unslash( $_POST['brezngeo_schema'] ) + ? map_deep( wp_unslash( $_POST['brezngeo_schema'] ), 'sanitize_textarea_field' ) : array(); $clean = self::sanitizeData( $input ); update_post_meta( $post_id, self::META_TYPE, $clean['schema_type'] ); diff --git a/brezngeo/includes/Features/LinkSuggest.php b/brezngeo/includes/Features/LinkSuggest.php index e9f2df4..997a9ff 100644 --- a/brezngeo/includes/Features/LinkSuggest.php +++ b/brezngeo/includes/Features/LinkSuggest.php @@ -431,10 +431,10 @@ class LinkSuggest { return; } - // phpcs:disable WordPress.Security.NonceVerification.Missing,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized - $post_id = (int) ( wp_unslash( $_POST['post_id'] ?? 0 ) ); - $content = wp_kses_post( wp_unslash( $_POST['post_content'] ?? '' ) ); - // phpcs:enable + // phpcs:ignore WordPress.Security.NonceVerification.Missing -- verified via check_ajax_referer() above + $post_id = isset( $_POST['post_id'] ) ? absint( wp_unslash( $_POST['post_id'] ) ) : 0; + // phpcs:ignore WordPress.Security.NonceVerification.Missing -- verified via check_ajax_referer() above + $content = isset( $_POST['post_content'] ) ? wp_kses_post( wp_unslash( $_POST['post_content'] ) ) : ''; if ( $post_id && ! current_user_can( 'edit_post', $post_id ) ) { wp_send_json_error( 'Insufficient permissions' ); diff --git a/brezngeo/readme.txt b/brezngeo/readme.txt index 0fd35c5..c243a3c 100644 --- a/brezngeo/readme.txt +++ b/brezngeo/readme.txt @@ -3,7 +3,7 @@ Contributors: mifupadev Tags: seo, ai, meta description, schema, llms.txt Requires at least: 6.0 Tested up to: 6.9 -Stable tag: 1.0.0 +Stable tag: 1.1.0 Requires PHP: 8.0 License: GPL-2.0-or-later License URI: https://www.gnu.org/licenses/gpl-2.0.html @@ -208,7 +208,7 @@ No data is transmitted during normal page loads or to visitors. * Data sent: Post title and content excerpt (meta descriptions, GEO Block); candidate post titles and URLs (link suggestions). * API endpoint: `https://generativelanguage.googleapis.com/` * Privacy policy: https://policies.google.com/privacy -* Terms of use: https://ai.google.dev/gemini-api/terms +* Terms of use: https://ai.google.dev/gemini-api/terms?hl=en = xAI Grok = * Data sent: Post title and content excerpt (meta descriptions, GEO Block); candidate post titles and URLs (link suggestions). @@ -218,6 +218,12 @@ No data is transmitted during normal page loads or to visitors. == Changelog == += 1.1.0 = +* Fixed Google Gemini API terms URL that caused too many redirects during WordPress.org review. +* Improved input sanitization in Schema.org meta box — uses `map_deep()` with `sanitize_textarea_field` instead of relying on downstream sanitization with phpcs suppression. +* Improved input sanitization in Internal Link Suggestions AJAX handler — uses `absint()` and standard `isset()` pattern. +* Removed all `phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized` comments — all `$_POST` data is now sanitized inline at the point of access. + = 1.0.0 = * Initial release as BreznGEO. * AI Meta Generator with auto-publish trigger, customizable prompt, and Polylang/WPML language detection. @@ -240,5 +246,8 @@ No data is transmitted during normal page loads or to visitors. == Upgrade Notice == += 1.1.0 = +Fixes WordPress.org review issues: corrected Google Gemini terms URL and improved inline input sanitization. + = 1.0.0 = Initial release.