4.8.7 Release

Author: flschaves

all_in_one_seo_pack.php

@@ -5,7 +5,7 @@
  * Description: SEO for WordPress. Features like XML Sitemaps, SEO for custom post types, SEO for blogs, business sites, ecommerce sites, and much more. More than 100 million downloads since 2007.
  * Author:      All in One SEO Team
  * Author URI:  https://aioseo.com/
- * Version:     4.8.6
+ * Version:     4.8.7
  * Text Domain: all-in-one-seo-pack
  * Domain Path: /languages
  * License:     GPL-3.0+

app/AIOSEO.php

@@ -153,8 +153,7 @@ private function includes() {
 			$dependencies = [
 				'/vendor/autoload.php'                                      => true,
 				'/vendor/woocommerce/action-scheduler/action-scheduler.php' => true,
-				'/vendor/jwhennessey/phpinsight/autoload.php'               => false,
-				'/vendor_prefixed/monolog/monolog/src/Monolog/Logger.php'   => false
+				'/vendor/jwhennessey/phpinsight/autoload.php'               => false
 			];
 
 			foreach ( $dependencies as $path => $shouldRequire ) {

app/Common/Ai/Ai.php

@@ -43,7 +43,10 @@ public function __construct() {
 		add_action( $this->creditFetchAction, [ $this, 'updateCredits' ] );
 
 		// If param is set, fetch credits but just once per 5 minutes to prevent abuse.
-		if ( isset( $_REQUEST['aioseo-ai-credits'] ) && ! aioseo()->core->cache->get( 'ai_get_credits' ) ) { // phpcs:ignore HM.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Recommended
+		if (
+			isset( $_REQUEST['aioseo-ai-credits'] ) && // phpcs:ignore HM.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Recommended
+			! aioseo()->core->cache->get( 'ai_get_credits' )
+		) {
 			add_action( 'init', [ $this, 'updateCredits' ] );
 
 			aioseo()->core->cache->update( 'ai_get_credits', true, 5 * MINUTE_IN_SECONDS );

app/Common/Api/Api.php

@@ -31,12 +31,12 @@ class Api {
 	protected $routes = [
 		// phpcs:disable WordPress.Arrays.ArrayDeclarationSpacing.AssociativeArrayFound
 		'GET'    => [
-			'options'                                     => [ 'callback' => [ 'Settings', 'getOptions' ], 'access' => 'everyone' ],
-			'ping'                                        => [ 'callback' => [ 'Ping', 'ping' ], 'access' => 'everyone' ],
-			'post'                                        => [ 'callback' => [ 'PostsTerms', 'getPostData' ], 'access' => 'everyone' ],
+			'options'                                     => [ 'callback' => [ 'Settings', 'getOptions' ], 'access' => 'any' ],
+			'ping'                                        => [ 'callback' => [ 'Ping', 'ping' ], 'access' => 'any' ],
+			'post'                                        => [ 'callback' => [ 'PostsTerms', 'getPostData' ], 'access' => 'any' ],
 			'post/(?P<postId>[\d]+)/first-attached-image' => [ 'callback' => [ 'PostsTerms', 'getFirstAttachedImage' ], 'access' => 'aioseo_page_social_settings' ],
 			'user/(?P<userId>[\d]+)/image'                => [ 'callback' => [ 'User', 'getUserImage' ], 'access' => 'aioseo_page_social_settings' ],
-			'tags'                                        => [ 'callback' => [ 'Tags', 'getTags' ], 'access' => 'everyone' ],
+			'tags'                                        => [ 'callback' => [ 'Tags', 'getTags' ], 'access' => 'any' ],
 			'search-statistics/url/auth'                  => [ 'callback' => [ 'SearchStatistics', 'getAuthUrl' ], 'access' => [ 'aioseo_search_statistics_settings', 'aioseo_general_settings', 'aioseo_setup_wizard' ] ], // phpcs:ignore Generic.Files.LineLength.MaxExceeded
 			'search-statistics/url/reauth'                => [ 'callback' => [ 'SearchStatistics', 'getReauthUrl' ], 'access' => [ 'aioseo_search_statistics_settings', 'aioseo_general_settings' ] ],
 			'writing-assistant/keyword/(?P<postId>[\d]+)' => [ 'callback' => [ 'WritingAssistant', 'getPostKeyword' ], 'access' => 'aioseo_page_writing_assistant_settings' ],
@@ -74,7 +74,7 @@ class Api {
 			'terms-list/update-details-column'                      => [ 'callback' => [ 'PostsTerms', 'updateTermDetailsColumn' ], 'access' => 'aioseo_page_general_settings' ],
 			'keyphrases'                                            => [ 'callback' => [ 'PostsTerms', 'updatePostKeyphrases' ], 'access' => 'aioseo_page_analysis' ],
 			'analyze'                                               => [ 'callback' => [ 'Analyze', 'analyzeSite' ], 'access' => 'aioseo_seo_analysis_settings' ],
-			'analyze-headline'                                      => [ 'callback' => [ 'Analyze', 'analyzeHeadline' ], 'access' => 'everyone' ],
+			'analyze-headline'                                      => [ 'callback' => [ 'Analyze', 'analyzeHeadline' ], 'access' => 'any' ],
 			'analyze-headline/delete'                               => [ 'callback' => [ 'Analyze', 'deleteHeadline' ], 'access' => 'aioseo_seo_analysis_settings' ],
 			'analyze/delete-site'                                   => [ 'callback' => [ 'Analyze', 'deleteSite' ], 'access' => 'aioseo_seo_analysis_settings' ],
 			'clear-log'                                             => [ 'callback' => [ 'Tools', 'clearLog' ], 'access' => 'aioseo_tools_settings' ],
@@ -100,7 +100,7 @@ class Api {
 			'notification/v3-migration-schema-number-reminder'      => [ 'callback' => [ 'Notifications', 'migrationSchemaNumberReminder' ], 'access' => 'any' ],
 			'notifications/dismiss'                                 => [ 'callback' => [ 'Notifications', 'dismissNotifications' ], 'access' => 'any' ],
 			'objects'                                               => [ 'callback' => [ 'PostsTerms', 'searchForObjects' ], 'access' => [ 'aioseo_search_appearance_settings', 'aioseo_sitemap_settings' ] ], // phpcs:ignore Generic.Files.LineLength.MaxExceeded
-			'options'                                               => [ 'callback' => [ 'Settings', 'saveChanges' ], 'access' => 'any' ],
+			'options'                                               => [ 'callback' => [ 'Settings', 'saveChanges' ], 'access' => 'options' ],
 			'plugins/deactivate'                                    => [ 'callback' => [ 'Plugins', 'deactivatePlugins' ], 'access' => 'aioseo_feature_manager_settings' ],
 			'plugins/install'                                       => [ 'callback' => [ 'Plugins', 'installPlugins' ], 'access' => [ 'install_plugins', 'aioseo_feature_manager_settings' ] ],
 			'plugins/upgrade'                                       => [ 'callback' => [ 'Plugins', 'upgradePlugins' ], 'access' => [ 'update_plugins', 'aioseo_feature_manager_settings' ] ],
@@ -308,9 +308,34 @@ public function validateAccess( $request ) {
 		}
 
 		switch ( $routeData['access'] ) {
-			case 'everyone':
-				// Any user is able to access the route.
-				return true;
+			case 'any':
+				// The user has access if he has any of our capabilities.
+				$user       = wp_get_current_user();
+				$aioseoCaps = aioseo()->access->getCapabilityList();
+				foreach ( $user->get_role_caps() as $capability => $enabled ) {
+					if ( $enabled && in_array( $capability, $aioseoCaps, true ) ) {
+						return true;
+					}
+				}
+
+				return false;
+			case 'options':
+				// Check that user has access to any of the options pages.
+				$user       = wp_get_current_user();
+				$aioseoCaps = aioseo()->access->getCapabilityList();
+
+				// Remove all caps that start with aioseo_page_
+				$aioseoCaps = array_filter( $aioseoCaps, function( $capability ) {
+					return strpos( $capability, 'aioseo_page_' ) !== 0;
+				} );
+
+				foreach ( $user->get_role_caps() as $capability => $enabled ) {
+					if ( $enabled && in_array( $capability, $aioseoCaps, true ) ) {
+						return true;
+					}
+				}
+
+				return false;
 			default:
 				return aioseo()->access->hasCapability( $routeData['access'] );
 		}

app/Common/Api/PostsTerms.php

@@ -129,18 +129,33 @@ public static function searchForObjects( $request ) {
 	 * @return \WP_REST_Response          The response.
 	 */
 	public static function getPostData( $request ) {
-		$args = $request->get_query_params();
+		$args   = $request->get_query_params();
+		$postId = $args['postId'] ?? null;
 
-		if ( empty( $args['postId'] ) ) {
+		if ( empty( $postId ) ) {
 			return new \WP_REST_Response( [
 				'success' => false,
 				'message' => 'No post ID was provided.'
 			], 400 );
 		}
 
+		if ( ! current_user_can( 'edit_post', $postId ) ) {
+			return new \WP_REST_Response( [
+				'success' => false,
+				'message' => 'You are not allowed to access the data for this post.'
+			], 403 );
+		}
+
+		$data = aioseo()->helpers->getVueData( 'post', $postId, $args['integrationSlug'] ?? null );
+
 		return new \WP_REST_Response( [
 			'success' => true,
-			'data'    => aioseo()->helpers->getVueData( 'post', $args['postId'], $args['integrationSlug'] ?? null )
+			'data'    => [
+				// We just send the minimum data that is needed for the post settings. See #7461
+				'currentPost'  => $data['currentPost'],
+				'redirects'    => ! empty( $data['redirects'] ) ? $data['redirects'] : null,
+				'seoRevisions' => ! empty( $data['seoRevisions'] ) ? $data['seoRevisions'] : null
+			]
 		], 200 );
 	}
 

app/Common/Breadcrumbs/Block.php

@@ -21,6 +21,15 @@ class Block {
 	 */
 	private $primaryTerm = [];
 
+	/**
+	 * The post title.
+	 *
+	 * @since 4.8.7
+	 *
+	 * @var string
+	 */
+	private $postTitle = '';
+
 	/**
 	 * The breadcrumb settings.
 	 *
@@ -63,6 +72,10 @@ public function register() {
 						'type'    => 'string',
 						'default' => null
 					],
+					'postTitle'          => [
+						'type'    => 'string',
+						'default' => null
+					],
 					'breadcrumbSettings' => [
 						'type'    => 'object',
 						'default' => $this->breadcrumbSettings
@@ -90,6 +103,8 @@ public function render( $blockAttributes ) { // phpcs:ignore VariableAnalysis.Co
 			$this->primaryTerm = json_decode( $blockAttributes['primaryTerm'], true );
 		}
 
+		$this->postTitle = $blockAttributes['postTitle'] ?? null;
+
 		if ( ! empty( $blockAttributes['breadcrumbSettings'] ) ) {
 			$this->breadcrumbSettings = $blockAttributes['breadcrumbSettings'];
 		}
@@ -156,7 +171,9 @@ public function temporarilyAddTerm( $terms, $objectIds, $taxonomies ) {
 	private function getBlockOverrides() {
 		$default = filter_var( $this->breadcrumbSettings['default'], FILTER_VALIDATE_BOOLEAN );
 		if ( true === $default || ! aioseo()->pro ) {
-			return [];
+			return [
+				'postTitle' => ! empty( $this->postTitle ) ? $this->postTitle : null
+			];
 		}
 
 		return [
@@ -174,7 +191,8 @@ private function getBlockOverrides() {
 				'templateType' => 'custom',
 				'template'     => aioseo()->helpers->decodeHtmlEntities( aioseo()->helpers->encodeOutputHtml( $this->breadcrumbSettings['parentTemplate'] ) )
 			],
-			'primaryTerm'        => ! empty( $this->primaryTerm[ $this->breadcrumbSettings['taxonomy'] ] ) ? $this->primaryTerm[ $this->breadcrumbSettings['taxonomy'] ] : null
+			'primaryTerm'        => ! empty( $this->primaryTerm[ $this->breadcrumbSettings['taxonomy'] ] ) ? $this->primaryTerm[ $this->breadcrumbSettings['taxonomy'] ] : null,
+			'postTitle'          => ! empty( $this->postTitle ) ? $this->postTitle : null
 		];
 	}
 }

app/Common/Breadcrumbs/Breadcrumbs.php

@@ -765,7 +765,7 @@ public function getOverride( $optionName = null ) {
 				return $optionName ? null : [];
 			}
 
-			$value = $this->override[ $optionName ] ?? null;
+			$value = isset( $this->override[ $optionName ] ) ? $this->override[ $optionName ] : null;
 
 			return $optionName ? $value : $this->override;
 		}

app/Common/EmailReports/Summary/Summary.php

@@ -132,6 +132,10 @@ public function maybeSchedule() {
 		$addToStart += aioseo()->helpers->generateRandomTimeOffset( aioseo()->helpers->getSiteDomain( true ), 1440 * 3 ) * MINUTE_IN_SECONDS;
 
 		foreach ( $allowedFrequencies as $frequency => $data ) {
+			if ( aioseo()->actionScheduler->isScheduled( $this->actionHook, compact( 'frequency' ) ) ) {
+				continue;
+			}
+
 			aioseo()->actionScheduler->scheduleRecurrent( $this->actionHook, $data['start'] + $addToStart, $data['interval'], compact( 'frequency' ) );
 		}
 	}

app/Common/Integrations/Semrush.php

@@ -201,6 +201,11 @@ public static function getKeyphrases( $keyphrase, $database ) {
 			return $results;
 		}
 
+		$accessToken = aioseo()->internalOptions->integrations->semrush->accessToken;
+		if ( empty( $accessToken ) ) {
+			return false;
+		}
+
 		$params = [
 			'phrase'         => $keyphrase,
 			'export_columns' => 'Ph,Nq,Td',
@@ -209,13 +214,28 @@ public static function getKeyphrases( $keyphrase, $database ) {
 			'display_offset' => 0,
 			'display_sort'   => 'nq_desc',
 			'display_filter' => '%2B|Nq|Lt|1000',
-			'access_token'   => aioseo()->internalOptions->integrations->semrush->accessToken
+			'access_token'   => $accessToken
 		];
 
 		$url = 'https://oauth.semrush.com/api/v1/keywords/phrase_fullsearch?' . http_build_query( $params );
 
-		$response = wp_remote_get( $url );
-		$body     = json_decode( wp_remote_retrieve_body( $response ) );
+		$response = wp_remote_get( $url, [
+			'timeout' => 30,
+			'headers' => [
+				'User-Agent' => 'AIOSEO/' . AIOSEO_VERSION
+			]
+		] );
+
+		if ( is_wp_error( $response ) ) {
+			return false;
+		}
+
+		$responseCode = wp_remote_retrieve_response_code( $response );
+		if ( 200 !== $responseCode ) {
+			return false;
+		}
+
+		$body = json_decode( wp_remote_retrieve_body( $response ) );
 
 		aioseo()->core->cache->update( $transientKey, $body );
 

app/Common/Llms/Llms.php

@@ -173,7 +173,7 @@ private function getSitemapUrl() {
 			return '';
 		}
 
-		$sitemapUrl = site_url( 'sitemap.xml' );
+		$sitemapUrl = aioseo()->sitemap->helpers->getUrl( 'general' );
 
 		return "## Sitemaps\n\n- [XML Sitemap]({$sitemapUrl}): Contains all public/indexable URLs for this website.\n\n";
 	}
@@ -267,7 +267,7 @@ public function headers() {
 	 * @return array The LLMs.txt URL if accessible, null otherwise.
 	 */
 	public function getUrl() {
-		$url          = site_url( '/llms.txt' );
+		$url          = home_url( '/llms.txt' );
 		$isAccessible = false;
 
 		if ( aioseo()->options->advanced->llmsTxt ) {