Plugin version v4.7.4 release #2202
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix: Missing Authorization to Unauthenticated Information Disclosure via handle_rest_pre_dispatch Function
rtMedia Gallery Allowed Media Upload of all types for different Media types
Fixed typo on readme.txt
Add PHPCS on PULL request workflow
…evelop Add new formats for audio and video.
* Address the Direct database call queries, and no-caching security issues app/importers/* ignore the phpcs errors, as app/importers directory contains data migration and import utilities which require direct DB calls and caching of queries should not be there for such operations * Fix phpcs indentation fixes * Fix the WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQL.NotPrepared PHPCS erros * Fix the WordPress.Security.ValidatedSanitizedInput.InputNotValidated issue on RTMediaMigration.php file * Fix mission validation, sanitization issues, and few nonce verification issues * fix: add proper ignore comments for nonce verification * Fixed Filesystem errors in rtUploadAttachment * Fixed filesystem errors in RTMediaSupport * Fixed filesystem errors in BPMediaImporter * fix: missing nonce handle * fix: update the nonce comment to explain more elaborately * feat: add nonce for todos * fix: repeated phpcs:ignore * Resolve the all posible inline script related issues * Add missing changes for godam notice dismisal * Replace inline script form upload-file-types notices template * Made filechanges fixes for RTMediaAdmin.php * Made filechanges fixes for RTMediaSupport.php * Made filechanges fixes for RTDBUpdate.php * Made filechanges fixes for BPMediaImporter.php * Made filechanges fixes for RTMediaMigration.php * Made filechanges fixes for RTMediaMedia.php * Made filechanges fixes for RTMediaUploadFile.php * Move rtmedia-migration page inline script into migration.js * Add localize variables with rtmedia-main.js for rtmedia-actions.php file * Remove console logs * fix: nonce action for convert_videos_mailchimp_send ajax call * feat: hide global album function nonce error * Code refactoring and add fix nonce input element selector * Remove begug comments * feat: update nonce comment for global album * Revert "Fix Nonce Verification flags in the Codebase" * Revert "Revert "Fix Nonce Verification flags in the Codebase"" * Add comments for unchanged <script> and <style> tags * feat: add nonce for file upload * Sanitization and Nonce changes * Undo redundant nonce verification * Fixed PHPCS Issues * Add missing sanitization, and input validation functions * Add phpcs:ignore comment for missing nonce verification * Refactored the changes to sanitize individually * Implemented PR feedback * Implemented Feedback changes * Add documentation related changes * Implemented Copilot changes * Remove unused variable * Revert "Fix Sanitization issues " (#2199) * Made bug fixes for nonce verification * Removed nonce verification from places not required. * Updated todo comment * fix: remove nonce from mailchimp verification * Re-added the sanitization changes * Added documentation * Bug fix for media not loading * Bug Fix for filter * Made bug fixes for group featureed media --------- Co-authored-by: KMchaudhary <kuldipkumar.chaudhary@rtcamp.com> Co-authored-by: Vedant Gandhi <vedantgandhipersonal@gmail.com> Co-authored-by: Chirag Mathur <mchirag2002@gmail.com> Co-authored-by: Chirag Mathur <71757438+mchirag2002@users.noreply.github.com>
* Version update v4.7.4 * Add vedantgandhi28 wordpress profile in contributor list --------- Co-authored-by: KMchaudhary <kuldipkumar.chaudhary@rtcamp.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+5
to
+18
| name: Run PHPCS inspection | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| - name: Run PHPCS inspection | ||
| uses: rtCamp/action-phpcs-code-review@master | ||
| env: | ||
| SKIP_FOLDERS: "tests,.github,lib,node_modules,vendor" | ||
| GH_BOT_TOKEN: ${{ secrets.RTBOT_TOKEN }} | ||
| PHPCS_SNIFFS_EXCLUDE: "WordPress.Files.FileName" | ||
| with: | ||
| args: WordPress,WordPress-Core,WordPress-Docs No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, the workflow file (.github/workflows/phpcs_on_pull_request.yml) should be edited to include a permissions: block. According to recommended practice, this block can be set at the workflow root (applies to all jobs by default, unless jobs override it), or at the individual job level. Since the job appears to only need to read repository contents (for code checkout and inspection), setting contents: read may be sufficient. If the inspection action posts comments or reviews to pull requests, then pull-requests: write should also be added. The best method is to add the permissions: block directly beneath name: at the root of the YAML file, above the jobs: block.
No additional methods, libraries, or dependencies are needed; only the YAML key should be added.
Suggested changeset
1
.github/workflows/phpcs_on_pull_request.yml
| @@ -1,5 +1,7 @@ | ||
| on: pull_request | ||
| name: Inspections | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| runPHPCSInspection: | ||
| name: Run PHPCS inspection |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
… support (#2204) * Remove mxf, vob, and mts file format support, and add m4v file format support * Fix media_type attribute issue on rtmedia/uploader block and rtmedia_uploader shortcode --------- Co-authored-by: KMchaudhary <kuldipkumar.chaudhary@rtcamp.com>
Co-authored-by: KMchaudhary <kuldipkumar.chaudhary@rtcamp.com>
Contributor
|
Unable to PHPCS or SVG scan one or more files due to error running PHPCS/SVG scanner:
The error may be temporary. If the error persists, please contact a human (commit-ID: ddbe344). |
kishan-gondaliya-7270
approved these changes
Oct 30, 2025
kishan-gondaliya-7270
left a comment
kishan-gondaliya-7270
left a comment
There was a problem hiding this comment.
Approving to unblock merge as it is already reviewed by @gagan0123
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.