From 126091772f0d86030ff277c41b3eb649291263c2 Mon Sep 17 00:00:00 2001 From: balexey88 Date: Fri, 16 Jan 2026 15:55:05 +0200 Subject: [PATCH 1/2] Release 4.4.1 --- changelog.txt | 6 +- changes.md | 6 +- lib/classes/class-module.php | 5 -- lib/classes/class-utility.php | 56 +++++++++++-- .../woo-extra-product-options.php | 82 ------------------- readme.txt | 8 +- static/data/addons.php | 10 +++ vendor/composer/autoload_classmap.php | 1 - vendor/composer/autoload_static.php | 1 - vendor/composer/installed.php | 4 +- wp-stateless-media.php | 4 +- 11 files changed, 81 insertions(+), 102 deletions(-) delete mode 100644 lib/classes/compatibility/woo-extra-product-options.php diff --git a/changelog.txt b/changelog.txt index e9c588860..8a695217c 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,9 @@ == Changelog == -= 4.4.0 = += 4.4.1 - 2026-01-16 = +* COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/). +* FIX - resolve critical errors with `firebase/php-jwt` library if AUTH_SALT is not set or too short. + += 4.4.0 - 2026-01-10 = * NEW - plugin requires PHP 8.1+. * ENHANCEMENT - updated `firebase/php-jwt` library from 6.11.1 to 7.0.2. * ENHANCEMENT - Updated Client library for Google APIs from 2.18.3 to 2.19.0. diff --git a/changes.md b/changes.md index f4b5d9760..9e09e3e88 100644 --- a/changes.md +++ b/changes.md @@ -1,4 +1,8 @@ -#### 4.4.0 +#### 4.4.1 - 2026-01-16 +* COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/). +* FIX - resolve critical errors with `firebase/php-jwt` library if AUTH_SALT is not set or too short. + +#### 4.4.0 - 2026-01-10 * NEW - plugin requires PHP 8.1+. * ENHANCEMENT - updated `firebase/php-jwt` library from 6.11.1 to 7.0.2. * ENHANCEMENT - Updated Client library for Google APIs from 2.18.3 to 2.19.0. diff --git a/lib/classes/class-module.php b/lib/classes/class-module.php index 1078dd9d8..479db761d 100644 --- a/lib/classes/class-module.php +++ b/lib/classes/class-module.php @@ -50,11 +50,6 @@ public function __construct() { */ new TheEventsCalendar(); - /** - * Support for WooCommerce Extra Product Options - */ - new CompatibilityWooExtraProductOptions(); - /** * Support for WPBakery Page Builder */ diff --git a/lib/classes/class-utility.php b/lib/classes/class-utility.php index d4f0d23e3..94725bbb6 100644 --- a/lib/classes/class-utility.php +++ b/lib/classes/class-utility.php @@ -712,8 +712,54 @@ public static function sync_get_attachment_if_exist($url, $save_to) { } /** - * Generate JWT token signed by current site AUTH_SALT - * If no AUTH_SALT defined - admin email used + * Get a secure JWT signing key + * Priority: AUTH_SALT (if valid length) > Plugin-specific stored key > Generated key + * + * @return string A key suitable for HS256 (minimum 32 bytes) + */ + public static function get_jwt_signing_key() { + // Minimum key length for HS256 (256 bits = 32 bytes) + $min_key_length = 32; + + // Try AUTH_SALT first if it's long enough + if (defined('AUTH_SALT') && !empty(AUTH_SALT) && strlen(AUTH_SALT) >= $min_key_length) { + return AUTH_SALT; + } + + // Try to get stored plugin-specific key + $stored_key = get_option('wp_stateless_jwt_key'); + + if ($stored_key && strlen($stored_key) >= $min_key_length) { + return $stored_key; + } + + // Generate a new secure key + $new_key = self::generate_secure_key($min_key_length); + update_option('wp_stateless_jwt_key', $new_key, false); + + return $new_key; + } + + /** + * Generate a cryptographically secure random key + * + * @param int $length Key length in bytes + * @return string Base64-encoded key + */ + private static function generate_secure_key($length = 32) { + try { + // Use random_bytes for PHP 7+ + $random_bytes = random_bytes($length); + return base64_encode($random_bytes); + } catch (\Exception $e) { + // Fallback: use wp_generate_password + return wp_generate_password($length * 2, true, true); + } + } + + /** + * Generate JWT token signed by secure key + * Uses AUTH_SALT if valid, otherwise uses plugin-specific stored key * * @param $payload * @param int $ttl @@ -727,13 +773,13 @@ public static function generate_jwt_token($payload, $ttl = 3600) { 'exp' => $now + $ttl ]); - $key = defined('AUTH_SALT') && !empty(AUTH_SALT) ? AUTH_SALT : get_option('admin_email'); + $key = self::get_jwt_signing_key(); return JWT::encode($payload, $key, 'HS256'); } /** * Verify and decode token - * If no AUTH_SALT defined - admin email used + * Uses the same secure key retrieval as generation * Throws exceptions if cannot decode * * @param $token @@ -741,7 +787,7 @@ public static function generate_jwt_token($payload, $ttl = 3600) { * @throws \Exception */ public static function verify_jwt_token($token) { - $key = defined('AUTH_SALT') ? AUTH_SALT : get_option('admin_email'); + $key = self::get_jwt_signing_key(); return JWT::decode($token, new Key($key, 'HS256')); } diff --git a/lib/classes/compatibility/woo-extra-product-options.php b/lib/classes/compatibility/woo-extra-product-options.php deleted file mode 100644 index d489be0f7..000000000 --- a/lib/classes/compatibility/woo-extra-product-options.php +++ /dev/null @@ -1,82 +0,0 @@ -get_client(); - - $file_path = apply_filters('wp_stateless_file_name', $file, 0); - $file_info = @getimagesize($file); - - if ($file_info) { - $_metadata = array( - 'width' => $file_info[0], - 'height' => $file_info[1], - 'object-id' => 'unknown', // we really don't know it - 'source-id' => md5($file . ud_get_stateless_media()->get('sm.bucket')), - 'file-hash' => md5($file) - ); - } - - $media = $client->add_media(apply_filters('sm:item:on_fly:before_add', array( - 'use_root' => false, - 'name' => $file_path, - 'absolutePath' => wp_normalize_path($file), - 'cacheControl' => apply_filters('sm:item:cacheControl', 'public, max-age=36000, must-revalidate', $_metadata), - 'contentDisposition' => null, - 'mimeType' => $type, - 'metadata' => $_metadata - ))); - - $upload['url'] = ud_get_stateless_media()->get_gs_host() . '/' . $file_path; - return $upload; - } - } - } -} diff --git a/readme.txt b/readme.txt index dec5901f2..c93228e6e 100644 --- a/readme.txt +++ b/readme.txt @@ -6,7 +6,7 @@ License: GPLv2 or later Requires PHP: 8.1 Requires at least: 5.0 Tested up to: 6.9 -Stable tag: 4.4.0 +Stable tag: 4.4.1 Upload and serve your WordPress media files from Google Cloud Storage. @@ -136,7 +136,11 @@ Before upgrading to WP-Stateless 3.2.0, please, make sure you use PHP 7.2 or abo Before upgrading to WP-Stateless 3.0, please, make sure you tested it on your development environment. == Changelog == -= 4.4.0 = += 4.4.1 - 2026-01-16 = +* COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/). +* FIX - resolve critical errors with `firebase/php-jwt` library if AUTH_SALT is not set or too short. + += 4.4.0 - 2026-01-10 = * NEW - plugin requires PHP 8.1+. * ENHANCEMENT - updated `firebase/php-jwt` library from 6.11.1 to 7.0.2. * ENHANCEMENT - Updated Client library for Google APIs from 2.18.3 to 2.19.0. diff --git a/static/data/addons.php b/static/data/addons.php index f81f1f7e1..a518aa585 100644 --- a/static/data/addons.php +++ b/static/data/addons.php @@ -167,4 +167,14 @@ 'hubspot_id' => '151480507697', ], + 'woo-extra-product-options' => [ + 'title' => 'WooCommerce Extra Product Options Addon', + 'plugin_files' => ['woocommerce-tm-extra-product-options/tm-woo-extra-product-options.php'], + 'addon_file' => 'wp-stateless-woocommerce-extra-product-options-addon/wp-stateless-woo-extra-product-options-addon.php.php', + 'icon' => 'https://ps.w.org/woocommerce/assets/icon.svg', + 'repo' => 'udx/wp-stateless-woo-extra-product-options-addon', + 'wp' => 'https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/', + 'hubspot_id' => '151478251017', + ], + ]; diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index ff3b61db0..5e368b280 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -40,7 +40,6 @@ 'wpCloud\\StatelessMedia\\Batch\\Migration' => $baseDir . '/lib/classes/batch/class-migration.php', 'wpCloud\\StatelessMedia\\Bootstrap' => $baseDir . '/lib/classes/class-bootstrap.php', 'wpCloud\\StatelessMedia\\Compatibility' => $baseDir . '/lib/classes/class-compatibility.php', - 'wpCloud\\StatelessMedia\\CompatibilityWooExtraProductOptions' => $baseDir . '/lib/classes/compatibility/woo-extra-product-options.php', 'wpCloud\\StatelessMedia\\DB' => $baseDir . '/lib/classes/class-db.php', 'wpCloud\\StatelessMedia\\DynamicImageSupport' => $baseDir . '/lib/classes/class-dynamic-image-support.php', 'wpCloud\\StatelessMedia\\EWWW' => $baseDir . '/lib/classes/compatibility/ewww.php', diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index 787d767c3..936366039 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -73,7 +73,6 @@ class ComposerStaticInitc59d002476a452800baaf79c430753cb 'wpCloud\\StatelessMedia\\Batch\\Migration' => __DIR__ . '/../..' . '/lib/classes/batch/class-migration.php', 'wpCloud\\StatelessMedia\\Bootstrap' => __DIR__ . '/../..' . '/lib/classes/class-bootstrap.php', 'wpCloud\\StatelessMedia\\Compatibility' => __DIR__ . '/../..' . '/lib/classes/class-compatibility.php', - 'wpCloud\\StatelessMedia\\CompatibilityWooExtraProductOptions' => __DIR__ . '/../..' . '/lib/classes/compatibility/woo-extra-product-options.php', 'wpCloud\\StatelessMedia\\DB' => __DIR__ . '/../..' . '/lib/classes/class-db.php', 'wpCloud\\StatelessMedia\\DynamicImageSupport' => __DIR__ . '/../..' . '/lib/classes/class-dynamic-image-support.php', 'wpCloud\\StatelessMedia\\EWWW' => __DIR__ . '/../..' . '/lib/classes/compatibility/ewww.php', diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index e418eea65..a4bee9bf6 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'wpcloud/wp-stateless', 'pretty_version' => 'dev-latest', 'version' => 'dev-latest', - 'reference' => 'b101c6a4d352f985df1f531078959f218d9b1f1a', + 'reference' => 'f85c0f94de8b8e232088265c78c95da7162e2fac', 'type' => 'wordpress-plugin', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -67,7 +67,7 @@ 'wpcloud/wp-stateless' => array( 'pretty_version' => 'dev-latest', 'version' => 'dev-latest', - 'reference' => 'b101c6a4d352f985df1f531078959f218d9b1f1a', + 'reference' => 'f85c0f94de8b8e232088265c78c95da7162e2fac', 'type' => 'wordpress-plugin', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), diff --git a/wp-stateless-media.php b/wp-stateless-media.php index 0d1145b25..d4c442689 100644 --- a/wp-stateless-media.php +++ b/wp-stateless-media.php @@ -4,12 +4,12 @@ * Plugin URI: https://stateless.udx.io/ * Description: Upload and serve your WordPress media files from Google Cloud Storage. * Author: UDX - * Version: 4.4.0 + * Version: 4.4.1 * Text Domain: stateless-media * Author URI: https://udx.io * License: GPLv2 or later * - * Copyright 2012 - 2025 UDX ( email: info@udx.io ) + * Copyright 2012 - 2026 UDX ( email: info@udx.io ) * */ From e9eba240bfb6c9e6c431c0acea96fd7b166c3530 Mon Sep 17 00:00:00 2001 From: balexey88 Date: Fri, 16 Jan 2026 15:57:19 +0200 Subject: [PATCH 2/2] Release 4.4.1 --- changelog.txt | 2 +- changes.md | 2 +- readme.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/changelog.txt b/changelog.txt index 8a695217c..bb81dacae 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,7 +1,7 @@ == Changelog == = 4.4.1 - 2026-01-16 = * COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/). -* FIX - resolve critical errors with `firebase/php-jwt` library if AUTH_SALT is not set or too short. +* FIX - resolve critical errors with `firebase/php-jwt` library if `AUTH_SALT` WordPress constant is not set or too short. = 4.4.0 - 2026-01-10 = * NEW - plugin requires PHP 8.1+. diff --git a/changes.md b/changes.md index 9e09e3e88..bdd35b8a3 100644 --- a/changes.md +++ b/changes.md @@ -1,6 +1,6 @@ #### 4.4.1 - 2026-01-16 * COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/). -* FIX - resolve critical errors with `firebase/php-jwt` library if AUTH_SALT is not set or too short. +* FIX - resolve critical errors with `firebase/php-jwt` library if `AUTH_SALT` WordPress constant is not set or too short. #### 4.4.0 - 2026-01-10 * NEW - plugin requires PHP 8.1+. diff --git a/readme.txt b/readme.txt index c93228e6e..a22bb6a32 100644 --- a/readme.txt +++ b/readme.txt @@ -138,7 +138,7 @@ Before upgrading to WP-Stateless 3.0, please, make sure you tested it on your de == Changelog == = 4.4.1 - 2026-01-16 = * COMPATIBILITY - WooCommerce Extra Product Options Compatibility replaced with [WP-Stateless – WooCommerce Extra Product Options Addon](https://wordpress.org/plugins/wp-stateless-woocommerce-extra-product-options-addon/). -* FIX - resolve critical errors with `firebase/php-jwt` library if AUTH_SALT is not set or too short. +* FIX - resolve critical errors with `firebase/php-jwt` library if `AUTH_SALT` WordPress constant is not set or too short. = 4.4.0 - 2026-01-10 = * NEW - plugin requires PHP 8.1+.