Merge pull request #450 from bigcommerce/fix/CVE-2023-49162

fix: CVE-2023-49162 debug logs being exposed

Author: chanceaclark

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [5.0.7]
+
+### Fixed
+- Fix CVE-2023-49162
+
 ## [5.0.6]
 
 ### Changed
@@ -1909,7 +1914,8 @@
   in fact, reset postdata, so far as Gutenberg 3.2.0 is concerned.
 
 
-[5.0.5]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.5...5.0.6
+[5.0.7]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.6...5.0.7
+[5.0.6]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.5...5.0.6
 [5.0.5]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.4...5.0.5
 [5.0.4]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.3...5.0.4
 [5.0.3]: https://github.com/bigcommerce/bigcommerce-for-wordpress/compare/5.0.2...5.0.3

bigcommerce.php

@@ -3,7 +3,7 @@
 Plugin Name:  BigCommerce for WordPress
 Description:  Scale your ecommerce business with WordPress on the front-end and BigCommerce on the back end. Free up server resources from things like catalog management, processing payments, and managing fulfillment logistics.
 Author:       BigCommerce
-Version:      5.0.6
+Version:      5.0.7
 Author URI:   https://www.bigcommerce.com/wordpress
 Requires PHP: 7.4.0
 Text Domain:  bigcommerce

build-timestamp.php

@@ -1,2 +1,2 @@
 <?php
-define('BIGCOMMERCE_ASSETS_BUILD_TIMESTAMP', '9.18.11.13.2023');
+define('BIGCOMMERCE_ASSETS_BUILD_TIMESTAMP', '11.48.12.14.2023');

src/BigCommerce/Logging/Error_Log.php

@@ -153,7 +153,7 @@ private function init_log_dir() {
 	 * @param $directory_path
 	 */
 	private function write_htaccess( $directory_path ) {
-		$htaccess_file = fopen( $directory_path . ".htaccess", "a+" );
+		$htaccess_file = fopen( $directory_path . "/.htaccess", "a+" );
 
 		$rulles = <<<HTACCESS
 # BigCommerce Plugin Rule

src/BigCommerce/Plugin.php

@@ -4,7 +4,7 @@
 namespace BigCommerce;
 
 class Plugin {
-	const VERSION = '5.0.6';
+	const VERSION = '5.0.7';
 
 	protected static $_instance;
 

vendor/autoload.php

@@ -2,6 +2,24 @@
 
 // autoload.php @generated by Composer
 
+if (PHP_VERSION_ID < 50600) {
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    trigger_error(
+        $err,
+        E_USER_ERROR
+    );
+}
+
 require_once __DIR__ . '/composer/autoload_real.php';
 
 return ComposerAutoloaderInite3b7bc6dcf7f80d1326d7975fb9f5e3f::getLoader();