= 4.3.2.9 =

~ Fixed: security.
~ Check permission: QuestionAnswerModel delete.
~ Check permission become a teach send mail accept/deny.

Author: tungnxt89

inc/Ajax/SendEmailAjax.php

@@ -10,6 +10,8 @@
 
 use Exception;
 use LearnPress\Models\UserItems\UserCourseModel;
+use LearnPress\Models\UserModel;
+use LP_Debug;
 use LP_Email;
 use LP_Email_Become_An_Instructor;
 use LP_Email_Cancelled_Order_Admin;
@@ -321,19 +323,25 @@ public function send_mail_become_a_teacher_request() {
 	 * Send mail when admin accept user become a teacher
 	 *
 	 * @since 4.2.9.1
-	 * @version 1.0.0
+	 * @version 1.0.1
 	 */
 	public function send_mail_become_a_teacher_accept() {
 		$response = new LP_REST_Response();
 
 		try {
+			// Check permission
+			if ( ! current_user_can( UserModel::ROLE_ADMINISTRATOR ) ) {
+				return;
+			}
+
 			$data_send = LP_Helper::sanitize_params_submitted( $_POST['params'] ?? [] );
 
 			$email = new LP_Email_Instructor_Accepted();
 			$email->handle( $data_send );
 		} catch ( Throwable $e ) {
 			$response->status  = 'error';
 			$response->message = $e->getMessage();
+			LP_Debug::error_log( $e );
 		}
 
 		wp_send_json( $response );
@@ -349,13 +357,19 @@ public function send_mail_become_a_teacher_deny() {
 		$response = new LP_REST_Response();
 
 		try {
+			// Check permission
+			if ( ! current_user_can( UserModel::ROLE_ADMINISTRATOR ) ) {
+				return;
+			}
+
 			$data_send = LP_Helper::sanitize_params_submitted( $_POST['params'] ?? [] );
 
 			$email = new LP_Email_Instructor_Denied();
 			$email->handle( $data_send );
 		} catch ( Throwable $e ) {
 			$response->status  = 'error';
 			$response->message = $e->getMessage();
+			LP_Debug::error_log( $e );
 		}
 
 		wp_send_json( $response );

inc/Models/Question/QuestionAnswerModel.php

@@ -216,13 +216,18 @@ public function save() {
 
 	/**
 	 * @throws Exception
+	 *
+	 * @since 4.2.9
+	 * @version 1.0.1
 	 */
 	public function check_valid_before_delete() {
 		$questionPostModel = $this->get_question_post_model();
 		if ( ! $questionPostModel ) {
 			throw new Exception( __( 'Question not found', 'learnpress' ) );
 		}
 
+		$this->check_capabilities_update();
+
 		if ( $questionPostModel->get_type() === 'single_choice' || $questionPostModel->get_type() === 'multi_choice' ) {
 			// For single choice and multiple choice, at least two answer is required.
 			$filter              = new QuestionAnswersFilter();

inc/admin/class-lp-admin.php

@@ -5,6 +5,7 @@
  * @version 1.0.2
  */
 
+use LearnPress\Background\LPBackgroundAjax;
 use LearnPress\Models\CourseModel;
 
 defined( 'ABSPATH' ) || exit;
@@ -549,10 +550,30 @@ public function filter_users( $action ) {
 					$be_teacher = new WP_User( $user_id );
 					$be_teacher->set_role( LP_TEACHER_ROLE );
 
+					/**
+					 * Send email to user when admin accept user become a teacher
+					 * @use SendEmailAjax::send_mail_become_a_teacher_accept
+					 */
+					$data_send = [
+						'params'       => [ $user_data->user_email ],
+						'lp-load-ajax' => 'send_mail_become_a_teacher_accept',
+					];
+					LPBackgroundAjax::handle( $data_send );
+
 					do_action( 'learn-press/user-become-a-teacher-accept', $user_data->user_email );
 					wp_redirect( admin_url( 'users.php?lp-action=accepted-request&user_id=' . $user_id ) );
 					exit();
 				case 'deny-request':
+					/**
+					 * Send email to user when admin accept user become a teacher
+					 * @use SendEmailAjax::send_mail_become_a_teacher_deny
+					 */
+					$data_send = [
+						'params'       => [ $user_data->user_email ],
+						'lp-load-ajax' => 'send_mail_become_a_teacher_deny',
+					];
+					LPBackgroundAjax::handle( $data_send );
+
 					do_action( 'learn-press/user-become-a-teacher-deny', $user_data->user_email );
 					wp_redirect( admin_url( 'users.php?lp-action=denied-request&user_id=' . $user_id ) );
 					exit();

inc/class-lp-forms-handler.php

@@ -1,5 +1,7 @@
 <?php
 
+use LearnPress\Background\LPBackgroundAjax;
+
 /**
  * Class LP_Forms_Handler
  *
@@ -54,6 +56,17 @@ public static function process_become_teacher() {
 			$user                = get_user_by( 'email', $args['bat_email'] );
 
 			update_user_meta( $user->ID, '_requested_become_teacher', 'yes' );
+
+			/**
+			 * Send email to admin when user request to become a teacher
+			 * @use SendEmailAjax::send_mail_become_a_teacher_request
+			 */
+			$data_send = [
+				'params'       => [ $args ],
+				'lp-load-ajax' => 'send_mail_become_a_teacher_request',
+			];
+			LPBackgroundAjax::handle( $data_send );
+
 			do_action( 'learn-press/become-a-teacher-sent', $args );
 		}
 
@@ -490,4 +503,3 @@ public static function init() {
 		self::process_register();
 	}
 }
-

inc/emails/class-lp-email-hooks.php

@@ -15,9 +15,6 @@
 	 * @uses SendEmailAjax::send_mail_order_status_update_to_completed
 	 * @uses SendEmailAjax::send_mail_order_status_update_to_cancelled
 	 * @uses SendEmailAjax::send_mail_user_course_finished
-	 * @uses SendEmailAjax::send_mail_become_a_teacher_request
-	 * @uses SendEmailAjax::send_mail_become_a_teacher_accept
-	 * @uses SendEmailAjax::send_mail_become_a_teacher_deny
 	 */
 	class LP_Email_Hooks {
 		protected static $instance;
@@ -42,10 +39,6 @@ protected function __construct() {
 					'learn-press/order/status-cancelled' => 'send_mail_order_status_update_to_cancelled',
 					// Finished course
 					'learn-press/user-course-finished'   => 'send_mail_user_course_finished',
-					// User become a teacher
-					'learn-press/become-a-teacher-sent'  => 'send_mail_become_a_teacher_request',
-					'learn-press/user-become-a-teacher-accept' => 'send_mail_become_a_teacher_accept',
-					'learn-press/user-become-a-teacher-deny' => 'send_mail_become_a_teacher_deny',
 				]
 			);
 

learnpress.php

@@ -4,7 +4,7 @@
  * Plugin URI: https://thimpress.com/learnpress
  * Description: LearnPress is a WordPress complete solution for creating a Learning Management System (LMS). It can help you to create courses, lessons and quizzes.
  * Author: ThimPress
- * Version: 4.3.2.8
+ * Version: 4.3.2.9-beta.1
  * Author URI: http://thimpress.com
  * Requires at least: 6.0
  * Requires PHP: 7.4