release: fixes

- Fixed media upload UI in modal view
- Enhanced security

Author: vytisbulkevicius

composer.lock

@@ -124,8 +124,8 @@ public function register_routes() {
 							},
 						),
 					),
-					'permission_callback' => function () {
-						return true;
+					'permission_callback' => function ( $request ) {
+						return $this->check_permission( $request->get_param( 'context' ) );
 					},
 				),
 			)
@@ -140,14 +140,39 @@ public function register_routes() {
 					'callback'            => function( $request ) {
 						return Dynamic_Content::instance()->apply_data( $request->get_params() );
 					},
-					'permission_callback' => function () {
-						return true;
+					'permission_callback' => function ( $request ) {
+						return $this->check_permission( $request->get_param( 'context' ) );
 					},
 				),
 			)
 		);
 	}
 
+	/**
+	 * Check permission to perform the request.
+	 *
+	 * @param int $post_id Post ID.
+	 *
+	 * @return bool
+	 */
+	public function check_permission( $post_id = 0 ) {
+		if ( empty( $post_id ) ) {
+			return false;
+		}
+
+		$post = get_post( $post_id );
+		if ( ! $post ) {
+			return false;
+		}
+
+		// Allow only if the post is published or the user has permission to view it.
+		if ( 'publish' === $post->post_status || current_user_can( 'edit_post', $post_id ) ) {
+			return true;
+		}
+
+		return false;
+	}
+
 	/**
 	 * Get Dynamic Image
 	 *

inc/server/class-dynamic-content-server.php

@@ -241,7 +241,7 @@ const Edit = ({
 												}
 											},
 											[
-												[ 'core/image', { height: '150px' }],
+												[ 'core/image'],
 												[ 'core/heading', { placeholder: __( 'Modal Title', 'otter-pro'  ) }],
 												[ 'core/paragraph', { placeholder: __( 'Modal Content', 'otter-pro'  ) }]
 											]