awesomemotive
diff --git a/‎all_in_one_seo_pack.php‎
Lines changed: 1 addition & 1 deletion b/‎all_in_one_seo_pack.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Common/Admin/Admin.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Common/Admin/Admin.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Common/Admin/Notices/Review.php‎
Lines changed: 2 additions & 2 deletions b/‎app/Common/Admin/Notices/Review.php‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎app/Common/Admin/Pointers.php‎
Lines changed: 6 additions & 7 deletions b/‎app/Common/Admin/Pointers.php‎
Lines changed: 6 additions & 7 deletions
diff --git a/‎app/Common/Admin/PostSettings.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Common/Admin/PostSettings.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Common/Ai/Assistant.php‎
Lines changed: 2 additions & 0 deletions b/‎app/Common/Ai/Assistant.php‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/Common/Ai/Image.php‎
Lines changed: 1 addition & 1 deletion b/‎app/Common/Ai/Image.php‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/Common/Api/Ai.php‎
Lines changed: 48 additions & 8 deletions b/‎app/Common/Api/Ai.php‎
Lines changed: 48 additions & 8 deletions
diff --git a/‎app/Common/Api/Network.php‎
Lines changed: 15 additions & 0 deletions b/‎app/Common/Api/Network.php‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎app/Common/Api/PostsTerms.php‎
Lines changed: 2 additions & 2 deletions b/‎app/Common/Api/PostsTerms.php‎
Lines changed: 2 additions & 2 deletions
@@ -5,7 +5,7 @@
  * Description: SEO for WordPress. Features like XML Sitemaps, SEO for custom post types, SEO for blogs, business sites, ecommerce sites, and much more. More than 100 million downloads since 2007.
  * Author:      All in One SEO Team
  * Author URI:  https://aioseo.com/
- * Version:     4.9.2
+ * Version:     4.9.3
  * Text Domain: all-in-one-seo-pack
  * Domain Path: /languages
  * License:     GPL-3.0+
 
@@ -988,7 +988,7 @@ public function enqueueAssets() {
 	 */
 	public function addFooterText() {
 		$linkText = esc_html__( 'Give us a 5-star rating!', 'all-in-one-seo-pack' );
-		$href     = 'https://wordpress.org/support/plugin/all-in-one-seo-pack/reviews/?filter=5#new-post';
+		$href     = 'https://aioseo.com/aioseo-wordpress-rating';
 
 		$link1 = sprintf(
 			'<a href="%1$s" target="_blank" title="%2$s">&#9733;&#9733;&#9733;&#9733;&#9733;</a>',
 
@@ -126,7 +126,7 @@ public function showNotice() {
 			<div class="step-3" style="display:none;">
 				<p><?php echo esc_html( $string7 ); ?></p>
 				<p>
-					<a href="https://wordpress.org/support/plugin/all-in-one-seo-pack/reviews/?filter=5#new-post" class="aioseo-dismiss-review-notice" target="_blank" rel="noopener noreferrer">
+					<a href="https://aioseo.com/aioseo-wordpress-rating" class="aioseo-dismiss-review-notice" target="_blank" rel="noopener noreferrer">
 						<?php echo esc_html( $string9 ); ?>
 					</a>&nbsp;&bull;&nbsp;
 					<a href="#" class="aioseo-dismiss-review-notice-delay" target="_blank" rel="noopener noreferrer">
@@ -165,7 +165,7 @@ public function showNotice2() {
 			<div class="step-3">
 				<p><?php echo $string1; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?></p>
 				<p>
-					<a href="https://wordpress.org/support/plugin/all-in-one-seo-pack/reviews/?filter=5#new-post" class="aioseo-dismiss-review-notice" target="_blank" rel="noopener noreferrer">
+					<a href="https://aioseo.com/aioseo-wordpress-rating" class="aioseo-dismiss-review-notice" target="_blank" rel="noopener noreferrer">
 						<?php echo esc_html( $string9 ); ?>
 					</a>&nbsp;&bull;&nbsp;
 					<a href="#" class="aioseo-dismiss-review-notice-delay" target="_blank" rel="noopener noreferrer">
 
@@ -6,8 +6,6 @@
 	exit;
 }
 
-use AIOSEO\Plugin\Common\Models;
-
 /**
  * Handles the pointers for the admin.
  *
@@ -50,7 +48,7 @@ public function maybeDismissPointer() {
 		if (
 			! isset( $_GET['aioseo-dismiss-pointer'] ) ||
 			! isset( $_GET['aioseo-dismiss-pointer-nonce'] ) ||
-			! wp_verify_nonce( $_GET['aioseo-dismiss-pointer-nonce'], 'aioseo-dismiss-pointer' )
+			! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['aioseo-dismiss-pointer-nonce'] ) ), 'aioseo-dismiss-pointer' )
 		) {
 			return;
 		}
@@ -85,14 +83,14 @@ public function registerPointer( $id, $pageSlug, $args ) {
 				const $menuItem = $( '#toplevel_page_aioseo' );
 				const $pointer  = $menuItem.pointer( {
 					content :
-						"<h3><?php esc_html_e( $args['title'], 'all-in-one-seo-pack' ); ?><\/h3>" +
-						"<h4><?php esc_html_e( $args['subtitle'], 'all-in-one-seo-pack' ); ?><\/h4>" +
-						"<p><?php esc_html_e( $args['content'], 'all-in-one-seo-pack' ); ?><\/p>" +
+						"<h3><?php esc_html( $args['title'], 'all-in-one-seo-pack' ); ?><\/h3>" +
+						"<h4><?php esc_html( $args['subtitle'], 'all-in-one-seo-pack' ); ?><\/h4>" +
+						"<p><?php esc_html( $args['content'], 'all-in-one-seo-pack' ); ?><\/p>" +
 						"<?php
 							echo sprintf(
 								'<p><a class=\"button button-primary\" href=\"%s\">%s</a></p>',
 								esc_attr( esc_url( $args['url'] ) ),
-								esc_html__( $args['button'], 'all-in-one-seo-pack' )
+								esc_html( $args['button'], 'all-in-one-seo-pack' )
 							);
 						?>",
 					position : {
@@ -134,6 +132,7 @@ public function registerPointer( $id, $pageSlug, $args ) {
 	 */
 	public function registerKwRankTracker() {
 		if (
+			version_compare( aioseo()->version, '4.9.0', '>=' ) || // We only want to show this pointer up to 4.9.0.
 			! current_user_can( 'aioseo_search_statistics_settings' ) ||
 			(
 				is_object( aioseo()->license ) &&
 
@@ -237,7 +237,7 @@ public function saveSettingsMetabox( $postId ) {
 			return;
 		}
 
-		$currentPost = json_decode( wp_unslash( ( $_POST['aioseo-post-settings'] ) ), true );
+		$currentPost = json_decode( wp_unslash( ( $_POST['aioseo-post-settings'] ) ), true ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
 		$currentPost = aioseo()->helpers->sanitize( $currentPost );
 
 		// If there is no data, there likely was an error, e.g. if the hidden field wasn't populated on load and the user saved the post without making changes in the metabox.
 
@@ -25,7 +25,9 @@ public function getVueDataEdit( $objectId = null ) {
 
 		return [
 			'extend' => [
+				'block'                     => aioseo()->standalone->standaloneBlocks['aiAssistant']->isEnabled(),
 				'blockEditorInserterButton' => apply_filters( 'aioseo_ai_assistant_extend_block_editor_inserter_button', true, $objectId ),
+				'paragraphPlaceholder'      => apply_filters( 'aioseo_ai_assistant_extend_paragraph_placeholder', true, $objectId )
 			]
 		];
 	}
 
@@ -81,7 +81,7 @@ public function createAttachment( $base64Data, $prompt, $format, $postId, $metad
 		$style       = trim( $metadata['style'] ?? '' );
 		$aspectRatio = trim( $metadata['aspectRatio'] ?? '' );
 
-		$filenameContext = substr( $prompt, 0, 25 ) . '-' . $quality . '-' . $style . '-' . $aspectRatio . '-' . date( 'Ymd-His' );
+		$filenameContext = substr( $prompt, 0, 25 ) . '-' . $quality . '-' . $style . '-' . $aspectRatio . '-' . date_i18n( 'Ymd-His' );
 		$filename        = 'aioseo-ai-' . aioseo()->helpers->toLowerCase( sanitize_file_name( $filenameContext ) ) . '.' . $format;
 
 		$upload = wp_upload_bits( $filename, null, $imageData );
 
@@ -40,7 +40,12 @@ public static function storeAccessToken( $request ) {
 
 		return new \WP_REST_Response( [
 			'success'   => true,
-			'aiOptions' => aioseo()->internalOptions->internal->ai->all()
+			'aiOptions' => [
+				'isTrialAccessToken'  => aioseo()->internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => aioseo()->internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => aioseo()->internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => aioseo()->internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 
@@ -60,7 +65,12 @@ public static function getCredits( $request ) {
 
 		return new \WP_REST_Response( [
 			'success'   => true,
-			'aiOptions' => aioseo()->internalOptions->internal->ai->all()
+			'aiOptions' => [
+				'isTrialAccessToken'  => aioseo()->internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => aioseo()->internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => aioseo()->internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => aioseo()->internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 
@@ -153,7 +163,12 @@ public static function generateTitles( $request ) {
 		return new \WP_REST_Response( [
 			'success'   => true,
 			'titles'    => $titles,
-			'aiOptions' => aioseo()->internalOptions->internal->ai->all()
+			'aiOptions' => [
+				'isTrialAccessToken'  => aioseo()->internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => aioseo()->internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => aioseo()->internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => aioseo()->internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 
@@ -246,7 +261,12 @@ public static function generateDescriptions( $request ) {
 		return new \WP_REST_Response( [
 			'success'      => true,
 			'descriptions' => $descriptions,
-			'aiOptions'    => aioseo()->internalOptions->internal->ai->all()
+			'aiOptions'    => [
+				'isTrialAccessToken'  => aioseo()->internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => aioseo()->internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => aioseo()->internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => aioseo()->internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 
@@ -347,7 +367,12 @@ public static function generateSocialPosts( $request ) {
 		return new \WP_REST_Response( [
 			'success'   => true,
 			'snippets'  => $aioseoPost->ai->socialPosts, // Return all the social posts, not just the new ones.
-			'aiOptions' => aioseo()->internalOptions->internal->ai->all()
+			'aiOptions' => [
+				'isTrialAccessToken'  => aioseo()->internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => aioseo()->internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => aioseo()->internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => aioseo()->internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 
@@ -667,7 +692,12 @@ public static function generateFaqs( $request ) {
 		return new \WP_REST_Response( [
 			'success'   => true,
 			'faqs'      => $faqs,
-			'aiOptions' => aioseo()->internalOptions->internal->ai->all()
+			'aiOptions' => [
+				'isTrialAccessToken'  => aioseo()->internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => aioseo()->internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => aioseo()->internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => aioseo()->internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 
@@ -760,7 +790,12 @@ public static function generateKeyPoints( $request ) {
 		return new \WP_REST_Response( [
 			'success'   => true,
 			'keyPoints' => $keyPoints,
-			'aiOptions' => aioseo()->internalOptions->internal->ai->all()
+			'aiOptions' => [
+				'isTrialAccessToken'  => aioseo()->internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => aioseo()->internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => aioseo()->internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => aioseo()->internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 
@@ -839,7 +874,12 @@ public static function deactivate( $request ) {
 
 		return new \WP_REST_Response( [
 			'success' => true,
-			'aiData'  => $internalOptions->internal->ai->all()
+			'aiData'  => [
+				'isTrialAccessToken'  => $internalOptions->internal->ai->isTrialAccessToken,
+				'isManuallyConnected' => $internalOptions->internal->ai->isManuallyConnected,
+				'credits'             => $internalOptions->internal->ai->credits->all(),
+				'costPerFeature'      => $internalOptions->internal->ai->costPerFeature
+			]
 		], 200 );
 	}
 }
@@ -28,6 +28,21 @@ public static function saveNetworkRobots( $request ) {
 		$enabled          = isset( $body['enabled'] ) ? boolval( $body['enabled'] ) : null;
 		$searchAppearance = ! empty( $body['searchAppearance'] ) ? $body['searchAppearance'] : [];
 
+		// Ensure the user has access to the target site.
+		if (
+			$siteId &&
+			is_multisite() &&
+			(
+				! is_user_member_of_blog( get_current_user_id(), $siteId ) &&
+				! is_super_admin()
+			)
+		) {
+			return new \WP_REST_Response( [
+				'success' => false,
+				'message' => 'You do not have permission to access this site.'
+			], 403 );
+		}
+
 		aioseo()->helpers->switchToBlog( $siteId );
 
 		$options = $isNetwork ? aioseo()->networkOptions : aioseo()->options;
 
@@ -354,8 +354,8 @@ public static function updatePostDetailsColumn( $request ) {
 			update_post_meta( $postId, '_wp_attachment_image_alt', sanitize_text_field( $body['imageAltTag'] ) );
 		}
 
-		$aioseoPost->title       = $body['title'];
-		$aioseoPost->description = $body['description'];
+		$aioseoPost->title       = ! empty( $body['title'] ) ? sanitize_text_field( $body['title'] ) : null;
+		$aioseoPost->description = ! empty( $body['description'] ) ? sanitize_textarea_field( $body['description'] ) : null;
 		$aioseoPost->updated     = gmdate( 'Y-m-d H:i:s' );
 		$aioseoPost->save();
Original file line number	Diff line number	Diff line change
`@@ -237,7 +237,7 @@ public function saveSettingsMetabox( $postId ) {`
`237`	`237`	`return;`
`238`	`238`	`}`
`239`	`239`
`240`		`- $currentPost = json_decode( wp_unslash( ( $_POST['aioseo-post-settings'] ) ), true );`
	`240`	`+ $currentPost = json_decode( wp_unslash( ( $_POST['aioseo-post-settings'] ) ), true ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized`
`241`	`241`	`$currentPost = aioseo()->helpers->sanitize( $currentPost );`
`242`	`242`
`243`	`243`	`// If there is no data, there likely was an error, e.g. if the hidden field wasn't populated on load and the user saved the post without making changes in the metabox.`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,9 @@ public function getVueDataEdit( $objectId = null ) {`
`25`	`25`
`26`	`26`	`return [`
`27`	`27`	`'extend' => [`
	`28`	`+ 'block' => aioseo()->standalone->standaloneBlocks['aiAssistant']->isEnabled(),`
`28`	`29`	`'blockEditorInserterButton' => apply_filters( 'aioseo_ai_assistant_extend_block_editor_inserter_button', true, $objectId ),`
	`30`	`+ 'paragraphPlaceholder' => apply_filters( 'aioseo_ai_assistant_extend_paragraph_placeholder', true, $objectId )`
`29`	`31`	`]`
`30`	`32`	`];`
`31`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -354,8 +354,8 @@ public static function updatePostDetailsColumn( $request ) {`
`354`	`354`	`update_post_meta( $postId, '_wp_attachment_image_alt', sanitize_text_field( $body['imageAltTag'] ) );`
`355`	`355`	`}`
`356`	`356`
`357`		`- $aioseoPost->title = $body['title'];`
`358`		`- $aioseoPost->description = $body['description'];`
	`357`	`+ $aioseoPost->title = ! empty( $body['title'] ) ? sanitize_text_field( $body['title'] ) : null;`
	`358`	`+ $aioseoPost->description = ! empty( $body['description'] ) ? sanitize_textarea_field( $body['description'] ) : null;`
`359`	`359`	`$aioseoPost->updated = gmdate( 'Y-m-d H:i:s' );`
`360`	`360`	`$aioseoPost->save();`
`361`	`361`