gocodebox · brianhogg · Aug 22, 2024 · Aug 15, 2024 · Aug 20, 2024 · Aug 20, 2024
@@ -1,6 +1,23 @@
 LifterLMS Changelog
 ===================
 
+v7.7.6 - 2024-08-22
+-------------------
+
+##### Bug Fixes
+
++ Avoid modifying the Lost Password link if no LifterLMS Dashboard page is set. [#2741](https://github.com/gocodebox/lifterlms/issues/2741)
++ Fixes placeholder label on the Dashboard Page selection dropdown. [#2708](https://github.com/gocodebox/lifterlms/issues/2708)
++ Avoid outputting lifterlms_membership_link content if the membership is not published. [#2724](https://github.com/gocodebox/lifterlms/issues/2724)
++ Fix display of quiz question when viewing the quiz results if it contains formatting. [#2734](https://github.com/gocodebox/lifterlms/issues/2734)
++ Fixes sanitization as reported by FKSEC.
++ Fixes warning when trying to get the contents of a media protection file that does not exist. [#2735](https://github.com/gocodebox/lifterlms/issues/2735)
+
+##### Updated Templates
+
++ [templates/quiz/results-attempt-questions-list.php](https://github.com/gocodebox/lifterlms/blob/7.7.6/templates/quiz/results-attempt-questions-list.php)
+
+
 v7.7.5 - 2024-08-15
 -------------------
 

@@ -34,7 +34,7 @@ final class LifterLMS {
 	 *
 	 * @var string
 	 */
-	public $version = '7.7.5';
+	public $version = '7.7.6';
 
 	/**
 	 * LLMS_Assets instance

@@ -232,7 +232,6 @@ protected function sql_limit() {
 	 * @return string
 	 */
 	protected function sql_orderby() {
-
 		$sql = '';
 
 		$sort = $this->get( 'sort' );
@@ -244,7 +243,7 @@ protected function sql_orderby() {
 
 			foreach ( $sort as $orderby => $order ) {
 				$pre   = ( $comma ) ? ', ' : ' ';
-				$sql  .= $pre . "{$orderby} {$order}";
+				$sql  .= $pre . sanitize_sql_orderby( "{$orderby} {$order}" );
 				$comma = true;
 			}
 		}

@@ -71,7 +71,8 @@ public function get_settings() {
 				'class'             => 'llms-select2-post',
 				'type'              => 'select',
 				'custom_attributes' => array(
-					'data-post-type' => 'page',
+					'data-post-type'   => 'page',
+					'data-placeholder' => __( 'Select a page', 'lifterlms' ),
 				),
 				'options'           => llms_make_select2_post_array( get_option( 'lifterlms_myaccount_page_id', '' ) ),
 			),
@@ -372,7 +373,6 @@ public function get_settings() {
 		 * @param array $account_settings The account page settings.
 		 */
 		return apply_filters( "lifterlms_{$this->id}_settings", $account_settings );
-
 	}
 
 	/**
@@ -385,7 +385,6 @@ public function get_settings() {
 	protected function set_label() {
 		return __( 'Accounts', 'lifterlms' );
 	}
-
 }
 
 return new LLMS_Settings_Accounts();
@@ -648,9 +648,11 @@ public function save_mod_rewrite_rules() {
 			$rules  = "Options -Indexes\n";
 			$rules .= "deny from all\n";
 
-			if ( false === $wp_filesystem->exists( $htaccess_file ) ) {
+			if ( $upload_path_writeable && ! $wp_filesystem->exists( $htaccess_file ) ) {
+				$wp_filesystem->put_contents( $htaccess_file, $rules, 0644 );
+			} elseif ( $upload_path_writeable ) {
 				$contents = $wp_filesystem->get_contents( $htaccess_file );
-				if ( $upload_path_writeable && ( ! $contents || $contents !== $rules ) ) {
+				if ( $contents !== $rules ) {
 					$wp_filesystem->put_contents( $htaccess_file, $rules, 0644 );
 				}
 			}

@@ -86,7 +86,6 @@ protected static function find_password_fields( $location ) {
 		}
 
 		return $fields;
-
 	}
 
 	/**
@@ -120,7 +119,7 @@ public static function generate_username( $email ) {
 		while ( username_exists( $username ) ) {
 
 			$username = $orig_username . $i;
-			$i++;
+			++$i;
 
 		}
 
@@ -133,7 +132,6 @@ public static function generate_username( $email ) {
 		 * @param string $email    User's email address which was used to generate the username.
 		 */
 		return apply_filters( 'lifterlms_generated_username', $username, $email );
-
 	}
 
 	/**
@@ -196,13 +194,12 @@ public static function get_login_fields( $layout = 'columns' ) {
 					'columns'         => ( 'columns' == $layout ) ? 3 : 6,
 					'id'              => 'llms_lost_password',
 					'last_column'     => true,
-					'description'     => '<a href="' . esc_url( llms_lostpassword_url() ) . '">' . __( 'Lost your password?', 'lifterlms' ) . '</a>',
+					'description'     => '<a href="' . esc_url( wp_lostpassword_url() ) . '">' . __( 'Lost your password?', 'lifterlms' ) . '</a>',
 					'type'            => 'html',
 					'wrapper_classes' => 'align-right',
 				),
 			)
 		);
-
 	}
 
 	/**
@@ -264,7 +261,6 @@ public static function get_lost_password_fields() {
 				),
 			)
 		);
-
 	}
 
 	/**
@@ -313,7 +309,6 @@ private static function get_password_fields() {
 		);
 
 		return $fields;
-
 	}
 
 	/**
@@ -381,7 +376,6 @@ public static function get_password_reset_fields( $key = '', $login = '' ) {
 		 *                          set of fields is generated programmatically.
 		 */
 		return apply_filters( 'llms_password_reset_fields', $fields, $key, $login, $location );
-
 	}
 
 	/**
@@ -483,7 +477,6 @@ public static function login( $data ) {
 		}
 
 		return $signon->ID;
-
 	}
 
 	/**
@@ -533,7 +526,6 @@ protected static function validate_login_fields( $data ) {
 		 * @param array            $data  User submitted login data.
 		 */
 		return apply_filters( 'llms_after_user_login_data_validation', $valid, $data );
-
 	}
 
 	/**
@@ -551,5 +543,4 @@ public static function get_available_fields( $screen = 'registration', $data = a
 		_deprecated_function( 'LLMS_Person_Handler::get_available_fields()', '5.0.0', 'LLMS_Forms::get_form_fields()' );
 		return LLMS_Forms::instance()->get_form_fields( $screen );
 	}
-
 }
@@ -41,7 +41,6 @@ public function init( $args = array() ) {
 				'{user_login}' => $args['login_display'],
 			)
 		);
-
 	}
 
 	/**
@@ -60,7 +59,7 @@ public function get_body_content( $data ) {
 					'key'   => $data['key'],
 					'login' => rawurlencode( $data['user']->user_login ),
 				),
-				llms_lostpassword_url()
+				wp_lostpassword_url()
 			)
 		);
 
@@ -72,7 +71,5 @@ public function get_body_content( $data ) {
 			)
 		);
 		return ob_get_clean();
-
 	}
-
 }
@@ -37,7 +37,6 @@ public function __construct() {
 		add_action( 'init', array( $this, 'reset_password' ) );
 		add_action( 'init', array( $this, 'cancel_subscription' ) );
 		add_action( 'init', array( $this, 'redeem_voucher' ) );
-
 	}
 
 	/**
@@ -88,7 +87,6 @@ public function cancel_subscription() {
 		 * @param integer    $uid   The WP_User ID the student who cancelled the subscription.
 		 */
 		do_action( 'llms_subscription_cancelled_by_student', $order, $uid );
-
 	}
 
 	/**
@@ -135,7 +133,6 @@ public function update() {
 			llms_redirect_and_exit( apply_filters( 'lifterlms_update_account_redirect', llms_get_endpoint_url( 'edit-account', '', llms_get_page_url( 'myaccount' ) ) ) );
 
 		}
-
 	}
 
 	/**
@@ -247,7 +244,6 @@ public function lost_password() {
 		// Success.
 		llms_add_notice( __( 'Check your e-mail for the confirmation link.', 'lifterlms' ) );
 		return true;
-
 	}
 
 	/**
@@ -275,7 +271,6 @@ public function redeem_voucher() {
 
 		llms_add_notice( __( 'Voucher redeemed successfully!', 'lifterlms' ), 'success' );
 		return true;
-
 	}
 
 	/**
@@ -306,7 +301,6 @@ public function reset_password() {
 		// Success.
 		llms_add_notice( __( 'Your password has been updated.', 'lifterlms' ) );
 		llms_redirect_and_exit( add_query_arg( 'password-reset', 1, llms_get_page_url( 'myaccount' ) ) );
-
 	}
 
 	/**
@@ -377,7 +371,6 @@ private function reset_password_handler() {
 		do_action( 'llms_user_password_reset', $user );
 
 		return true;
-
 	}
 
 	/**
@@ -403,9 +396,8 @@ public function reset_password_link_redirect() {
 
 			( new LLMS_Cache_Helper() )->maybe_no_cache();
 			llms_set_password_reset_cookie( $val );
-			llms_redirect_and_exit( add_query_arg( 'reset-pass', 1, llms_lostpassword_url() ) );
+			llms_redirect_and_exit( add_query_arg( 'reset-pass', 1, wp_lostpassword_url() ) );
 		}
-
 	}
 
 	/**
@@ -452,9 +444,7 @@ protected function validate_password_reset( $posted_data ) {
 		}
 
 		return true;
-
 	}
-
 }
 
 return new LLMS_Controller_Account();
@@ -21,7 +21,6 @@ function llms_cancel_payment_url() {
 
 	$cancel_payment_url = esc_url( get_permalink( llms_get_page_id( 'checkout' ) ) );
 	return apply_filters( 'lifterlms_checkout_confirm_payment_url', $cancel_payment_url );
-
 }
 
 /**
@@ -59,7 +58,6 @@ function llms_confirm_payment_url( $order_key = null ) {
 	 * @param string $url URL to the payment confirmation screen.
 	 */
 	return apply_filters( 'lifterlms_checkout_confirm_payment_url', $url );
-
 }
 
 /**
@@ -180,7 +178,6 @@ function _llms_normalize_endpoint_base_url( $url, $endpoint ) {
 	}
 
 	return $url;
-
 }
 
 /**
@@ -221,7 +218,6 @@ function llms_get_page_id( $page ) {
 	$page = apply_filters( "lifterlms_get_{$page}_page_id", $id );
 
 	return $page ? absint( $page ) : -1;
-
 }
 
 
@@ -249,10 +245,14 @@ function llms_get_page_url( $page, $args = array() ) {
  *
  * @return string
  */
-function llms_lostpassword_url() {
+function llms_lostpassword_url( $lostpassword_url ) {
+	if ( llms_get_page_id( 'myaccount' ) <= 0 || ! get_permalink( llms_get_page_id( 'myaccount' ) ) ) {
+		return $lostpassword_url;
+	}
+
 	return llms_get_endpoint_url( 'lost-password', '', get_permalink( llms_get_page_id( 'myaccount' ) ) );
 }
-add_filter( 'lostpassword_url', 'llms_lostpassword_url', 10, 0 );
+add_filter( 'lostpassword_url', 'llms_lostpassword_url', 10, 1 );
 
 /**
  * Returns the page number query var for the current request.
@@ -278,5 +278,4 @@ function llms_get_paged_query_var() {
 		$paged = 1;
 	}
 	return (int) $paged;
-
 }