diff --git a/.distignore b/.distignore index 55b299c5..5f290b9e 100644 --- a/.distignore +++ b/.distignore @@ -8,4 +8,7 @@ .gitignore composer.json CHANGELOG.txt -README.md \ No newline at end of file +README.md +.wp-env.json +package-lock.json +package.json \ No newline at end of file diff --git a/CHANGELOG.txt b/CHANGELOG.txt index e3dae123..3b90250b 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,4 +1,11 @@ == Changelog == += 6.12.24 - Dec 19, 2024 = +- Plugin code improvements for better security and stability. + += 6.12.23 - Dec 5, 2024 = +- Fixed a PHP error message ("Deprecated: Use of "self" in callables is deprecated") for PHP versions since 8.2. +- Internal improvements and optimizations. + = 6.12.22 - Nov 7, 2024 = - **WordPress 6.7 and Twenty Twenty Five theme compatibility.** The new WordPress version will be released soon. The Ecwid ecommerce shopping cart plugin is ready for the new release — everything works well in your WordPress admin and storefront pages. Feel free to upgrade your site to WordPress 6.7 and try a new theme. - Fixed issue with links of Product Small block when it contains non-latin characters. diff --git a/ecwid-shopping-cart.php b/ecwid-shopping-cart.php index 15f428e1..8886d267 100644 --- a/ecwid-shopping-cart.php +++ b/ecwid-shopping-cart.php @@ -5,7 +5,7 @@ Description: Ecwid by Lightspeed is a free full-featured shopping cart. It can be easily integrated with any Wordpress blog and takes less than 5 minutes to set up. Text Domain: ecwid-shopping-cart Author: Ecwid Ecommerce -Version: 6.12.22 +Version: 6.12.23 Author URI: https://ecwid.to/ecwid-site License: GPLv2 or later */ @@ -2906,7 +2906,7 @@ function ecwid_sso() { $user_data_encoded = base64_encode(json_encode($user_data)); $time = time(); - $hmac = ecwid_hmacsha1("$user_data_encoded $time", $key); + $hmac = hash_hmac('sha256', "$user_data_encoded $time", $key); $ecwid_sso_profile = "$user_data_encoded $hmac $time"; } @@ -2945,31 +2945,6 @@ function ecwid_sso() { return $ecwid_sso_script; } -// from: http://www.php.net/manual/en/function.sha1.php#39492 -function ecwid_hmacsha1($data, $key) { - if (function_exists("hash_hmac")) { - return hash_hmac('sha1', $data, $key); - } else { - $blocksize=64; - $hashfunc='sha1'; - if (strlen($key)>$blocksize) - $key=pack('H*', $hashfunc($key)); - $key=str_pad($key,$blocksize,chr(0x00)); - $ipad=str_repeat(chr(0x36),$blocksize); - $opad=str_repeat(chr(0x5c),$blocksize); - $hmac = pack( - 'H*',$hashfunc( - ($key^$opad).pack( - 'H*',$hashfunc( - ($key^$ipad).$data - ) - ) - ) - ); - return bin2hex($hmac); - } -} - function ecwid_should_display_escaped_fragment_catalog() { if (!isset($_GET['_escaped_fragment_'])) return; diff --git a/lib/ecwid_api_v3.php b/lib/ecwid_api_v3.php index 59ee06d4..e465e401 100644 --- a/lib/ecwid_api_v3.php +++ b/lib/ecwid_api_v3.php @@ -827,8 +827,6 @@ public function create_store( $params = array() ) { } $request_params = array( - 'appClientId', - 'appSecretKey', 'returnApiToken' => 'true', ); $url = $this->build_request_url( $this->_stores_api_url, $request_params ); @@ -840,6 +838,8 @@ public function create_store( $params = array() ) { 'timeout' => 20, 'headers' => array( 'Content-Type' => 'application/json;charset="utf-8"', + 'X-Ecwid-App-Client-Id' => Ecwid_Config::get_oauth_appid(), + 'X-Ecwid-App-Secret-Key' => Ecwid_Config::get_oauth_appsecret() ), ) ); diff --git a/readme.txt b/readme.txt index 6d643692..7e975bac 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Requires at least: 4.4 Tested up to: 6.7 -Stable tag: 6.12.22 +Stable tag: 6.12.24 Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support. Free plan available. @@ -153,6 +153,13 @@ You can use Ecwid’s built-in import tools to copy your store products from any * [Ecwid Help Center](http://help.ecwid.com "Ecwid Help") == Changelog == += 6.12.24 - Dec 19, 2024 = +- Plugin code improvements for better security and stability. + += 6.12.23 - Dec 5, 2024 = +- Fixed a PHP error message ("Deprecated: Use of "self" in callables is deprecated") for PHP versions since 8.2. +- Internal improvements and optimizations. + = 6.12.22 - Nov 7, 2024 = - **WordPress 6.7 and Twenty Twenty Five theme compatibility.** The new WordPress version will be released soon. The Ecwid ecommerce shopping cart plugin is ready for the new release — everything works well in your WordPress admin and storefront pages. Feel free to upgrade your site to WordPress 6.7 and try a new theme. - Fixed issue with links of Product Small block when it contains non-latin characters.