Changeset 2298584

Timestamp:

05/05/2020 02:57:49 PM (6 years ago)

Author:

gpriday

Message:

2.10.16 release

Location:

siteorigin-panels

Files:

• tags/2.10.16 (copied) (copied from siteorigin-panels/trunk)
• tags/2.10.16/compat/js/siteorigin-panels-layout-block.js (copied) (copied from siteorigin-panels/trunk/compat/js/siteorigin-panels-layout-block.js)
• tags/2.10.16/compat/js/siteorigin-panels-layout-block.min.js (copied) (copied from siteorigin-panels/trunk/compat/js/siteorigin-panels-layout-block.min.js)
• tags/2.10.16/compat/widget-options.php (copied) (copied from siteorigin-panels/trunk/compat/widget-options.php)
• tags/2.10.16/css/admin.css (copied) (copied from siteorigin-panels/trunk/css/admin.css)
• tags/2.10.16/css/admin.min.css (copied) (copied from siteorigin-panels/trunk/css/admin.min.css)
• tags/2.10.16/inc/admin.php (copied) (copied from siteorigin-panels/trunk/inc/admin.php) (1 diff)
• tags/2.10.16/inc/live-editor.php (modified) (1 diff)
• tags/2.10.16/inc/renderer.php (copied) (copied from siteorigin-panels/trunk/inc/renderer.php)
• tags/2.10.16/inc/styles.php (copied) (copied from siteorigin-panels/trunk/inc/styles.php)
• tags/2.10.16/inc/widgets/post-loop-helper.php (copied) (copied from siteorigin-panels/trunk/inc/widgets/post-loop-helper.php)
• tags/2.10.16/inc/widgets/post-loop.php (copied) (copied from siteorigin-panels/trunk/inc/widgets/post-loop.php)
• tags/2.10.16/js/live-editor/jquery.scrollTo.min.js (copied) (copied from siteorigin-panels/trunk/js/live-editor/jquery.scrollTo.min.js)
• tags/2.10.16/js/live-editor/live-editor-front.min.js (copied) (copied from siteorigin-panels/trunk/js/live-editor/live-editor-front.min.js)
• tags/2.10.16/js/siteorigin-panels-21016.js (added)
• tags/2.10.16/js/siteorigin-panels-21016.min.js (added)
• tags/2.10.16/js/siteorigin-panels-2108.js (deleted)
• tags/2.10.16/js/siteorigin-panels-2108.min.js (deleted)
• tags/2.10.16/js/siteorigin-parallax.min.js (copied) (copied from siteorigin-panels/trunk/js/siteorigin-parallax.min.js)
• tags/2.10.16/js/styling-21016.js (added)
• tags/2.10.16/js/styling-21016.min.js (added)
• tags/2.10.16/js/styling-2108.js (deleted)
• tags/2.10.16/js/styling-2108.min.js (deleted)
• tags/2.10.16/js/yoast-compat.min.js (copied) (copied from siteorigin-panels/trunk/js/yoast-compat.min.js)
• tags/2.10.16/lang/siteorigin-panels.pot (copied) (copied from siteorigin-panels/trunk/lang/siteorigin-panels.pot) (3 diffs)
• tags/2.10.16/readme.txt (copied) (copied from siteorigin-panels/trunk/readme.txt) (2 diffs)
• tags/2.10.16/settings/admin-settings.min.js (copied) (copied from siteorigin-panels/trunk/settings/admin-settings.min.js)
• tags/2.10.16/siteorigin-panels.php (copied) (copied from siteorigin-panels/trunk/siteorigin-panels.php) (3 diffs)
• tags/2.10.16/tpl/admin-home-page.php (modified) (1 diff)
• tags/2.10.16/widgets/js/admin.min.js (copied) (copied from siteorigin-panels/trunk/widgets/js/admin.min.js)
• tags/2.10.16/widgets/js/embedded-video.min.js (copied) (copied from siteorigin-panels/trunk/widgets/js/embedded-video.min.js)
• tags/2.10.16/widgets/js/jquery.fitvids.min.js (copied) (copied from siteorigin-panels/trunk/widgets/js/jquery.fitvids.min.js)
• tags/2.10.16/widgets/widgets/animated-image/js/main.min.js (copied) (copied from siteorigin-panels/trunk/widgets/widgets/animated-image/js/main.min.js)
• tags/2.10.16/widgets/widgets/animated-image/js/onscreen.min.js (copied) (copied from siteorigin-panels/trunk/widgets/widgets/animated-image/js/onscreen.min.js)
• trunk/inc/admin.php (modified) (1 diff)
• trunk/inc/live-editor.php (modified) (1 diff)
• trunk/js/siteorigin-panels-21015.js (deleted)
• trunk/js/siteorigin-panels-21015.min.js (deleted)
• trunk/js/siteorigin-panels-21016.js (added)
• trunk/js/siteorigin-panels-21016.min.js (added)
• trunk/js/styling-21015.js (deleted)
• trunk/js/styling-21015.min.js (deleted)
• trunk/js/styling-21016.js (added)
• trunk/js/styling-21016.min.js (added)
• trunk/lang/siteorigin-panels.pot (modified) (3 diffs)
• trunk/readme.txt (modified) (2 diffs)
• trunk/siteorigin-panels.php (modified) (3 diffs)
• trunk/tpl/admin-home-page.php (modified) (1 diff)

siteorigin-panels/tags/2.10.16/inc/admin.php

@@ -1038 +1038 @@
         header( 'content-type: text/html' );
 
+        if ( ! wp_verify_nonce( $_GET['_panelsnonce'], 'panels_action' ) ) {
+            wp_die();
+        }
+
         if ( ! current_user_can( 'edit_post', $_POST['post_id'] ) ) {
             wp_die();

siteorigin-panels/tags/2.10.16/inc/live-editor.php

@@ -27 +27 @@
             ! empty( $_POST['live_editor_panels_data'] ) &&
             ! empty( $post->ID ) &&
-            current_user_can( 'edit_post', $post->ID )
+            current_user_can( 'edit_post', $post->ID ) &&
+            isset( $_GET['_panelsnonce'] ) &&
+            ! wp_verify_nonce( $_GET['_panelsnonce'], 'panels_action' )
         ) {
             // Disable XSS protection when in the Live Editor
             header( 'X-XSS-Protection: 0' );
+        } else {
+            // If this class has been loaded, we know we're in the Live Editor
+            // In the case that data or the nonce isn't valid, wp_die as a security precaution.
+            // This will happen on template_redirect.
+            wp_die();
         }
     }

siteorigin-panels/tags/2.10.16/lang/siteorigin-panels.pot

@@ -158 +158 @@
 msgstr ""
 
-#: inc/admin.php:178, inc/admin.php:574, inc/admin.php:1172, inc/admin.php:1177, inc/settings.php:199, tpl/js-templates.php:197
+#: inc/admin.php:178, inc/admin.php:574, inc/admin.php:1176, inc/admin.php:1181, inc/settings.php:199, tpl/js-templates.php:197
 msgid "Page Builder"
 msgstr ""
@@ -476 +476 @@
 msgstr ""
 
-#: inc/admin.php:1075, inc/styles-admin.php:23
+#: inc/admin.php:1079, inc/styles-admin.php:23
 msgid "The supplied nonce is invalid."
 msgstr ""
 
-#: inc/admin.php:1076, inc/styles-admin.php:24
+#: inc/admin.php:1080, inc/styles-admin.php:24
 msgid "Invalid nonce."
 msgstr ""
 
-#: inc/admin.php:1082
+#: inc/admin.php:1086
 msgid "Please specify the type of widget form to be rendered."
 msgstr ""
 
-#: inc/admin.php:1083
+#: inc/admin.php:1087
 msgid "Missing widget type."
 msgstr ""
 
-#: inc/admin.php:1190
+#: inc/admin.php:1194
 msgid "%s Widget"
 msgid_plural "%s Widgets"
@@ -498 +498 @@
 msgstr[1] ""
 
-#: inc/admin.php:1233
+#: inc/admin.php:1237
 msgid "Get a lightbox addon for SiteOrigin widgets"
 msgstr ""
 
-#: inc/admin.php:1237
+#: inc/admin.php:1241
 msgid "Get the row, cell and widget animations addon"
 msgstr ""
 
-#: inc/admin.php:1241
+#: inc/admin.php:1245
 msgid "Get premium email support for SiteOrigin Page Builder"
 msgstr ""
 
-#: inc/admin.php:1426
+#: inc/admin.php:1430
 msgid "Toggle editor selection menu"
 msgstr ""
 
-#: inc/admin.php:1427, inc/admin.php:1474, inc/settings.php:199, settings/tpl/settings.php:9
+#: inc/admin.php:1431, inc/admin.php:1478, inc/settings.php:199, settings/tpl/settings.php:9
 msgid "SiteOrigin Page Builder"
 msgstr ""
 
-#: inc/admin.php:1428
+#: inc/admin.php:1432
 msgid "Block Editor"
 msgstr ""

siteorigin-panels/tags/2.10.16/readme.txt

@@ -3 +3 @@
 Requires at least: 4.7
 Tested up to: 5.4
-Stable tag: 2.10.15
-Build time: 2020-04-07T11:25:41+02:00
+Stable tag: 2.10.16
+Build time: 2020-05-05T16:17:06+02:00
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl.html
@@ -96 +96 @@
 
 == Changelog ==
+
+= 2.10.16 - 05 May 2020 =
+* Security: Added nonce checks to Live Editor.
 
 = 2.10.15 - 07 April 2020 =

siteorigin-panels/tags/2.10.16/siteorigin-panels.php

@@ -4 +4 @@
 Plugin URI: https://siteorigin.com/page-builder/
 Description: A drag and drop, responsive page builder that simplifies building your website.
-Version: 2.10.15
+Version: 2.10.16
 Author: SiteOrigin
 Author URI: https://siteorigin.com
@@ -12 +12 @@
 */
 
-define( 'SITEORIGIN_PANELS_VERSION', '2.10.15' );
+define( 'SITEORIGIN_PANELS_VERSION', '2.10.16' );
 if ( ! defined( 'SITEORIGIN_PANELS_JS_SUFFIX' ) ) {
     define( 'SITEORIGIN_PANELS_JS_SUFFIX', '.min' );
 }
 define( 'SITEORIGIN_PANELS_CSS_SUFFIX', '.min' );
-define( 'SITEORIGIN_PANELS_VERSION_SUFFIX', '-21015' );
+define( 'SITEORIGIN_PANELS_VERSION_SUFFIX', '-21016' );
 
 require_once plugin_dir_path( __FILE__ ) . 'inc/functions.php';
@@ -245 +245 @@
                 admin_url( 'admin-ajax.php?action=so_panels_live_editor_preview' )
             );
-            $preview_url = wp_nonce_url( $preview_url, 'live-editor-preview', '_panelsnonce' );
         } else {
-            $preview_url = add_query_arg( 'siteorigin_panels_live_editor', 'true', set_url_scheme( get_permalink() ) );
-        }
+            $preview_url = esc_url( add_query_arg( 'siteorigin_panels_live_editor', 'true', set_url_scheme( get_permalink() ) ) );
+        }
+        $preview_url = wp_nonce_url( $preview_url, 'live-editor-preview', '_panelsnonce' );
 
         return $preview_url;

siteorigin-panels/tags/2.10.16/tpl/admin-home-page.php

@@ -12 +12 @@
         data-type="custom_home_page"
         data-post-id="<?php echo get_the_ID() ?>"
-        data-preview-url="<?php echo esc_url( add_query_arg( 'siteorigin_panels_live_editor', 'true', set_url_scheme( get_permalink() ) ) ) ?>"
+        data-preview-url="<?php echo SiteOrigin_Panels::preview_url() ?>"
         data-builder-supports="<?php echo esc_attr( json_encode( $builder_supports ) ) ?>"
         >

siteorigin-panels/trunk/inc/admin.php

@@ -1038 +1038 @@
         header( 'content-type: text/html' );
 
+        if ( ! wp_verify_nonce( $_GET['_panelsnonce'], 'panels_action' ) ) {
+            wp_die();
+        }
+
         if ( ! current_user_can( 'edit_post', $_POST['post_id'] ) ) {
             wp_die();

siteorigin-panels/trunk/inc/live-editor.php

@@ -27 +27 @@
             ! empty( $_POST['live_editor_panels_data'] ) &&
             ! empty( $post->ID ) &&
-            current_user_can( 'edit_post', $post->ID )
+            current_user_can( 'edit_post', $post->ID ) &&
+            isset( $_GET['_panelsnonce'] ) &&
+            ! wp_verify_nonce( $_GET['_panelsnonce'], 'panels_action' )
         ) {
             // Disable XSS protection when in the Live Editor
             header( 'X-XSS-Protection: 0' );
+        } else {
+            // If this class has been loaded, we know we're in the Live Editor
+            // In the case that data or the nonce isn't valid, wp_die as a security precaution.
+            // This will happen on template_redirect.
+            wp_die();
         }
     }

siteorigin-panels/trunk/lang/siteorigin-panels.pot

@@ -158 +158 @@
 msgstr ""
 
-#: inc/admin.php:178, inc/admin.php:574, inc/admin.php:1172, inc/admin.php:1177, inc/settings.php:199, tpl/js-templates.php:197
+#: inc/admin.php:178, inc/admin.php:574, inc/admin.php:1176, inc/admin.php:1181, inc/settings.php:199, tpl/js-templates.php:197
 msgid "Page Builder"
 msgstr ""
@@ -476 +476 @@
 msgstr ""
 
-#: inc/admin.php:1075, inc/styles-admin.php:23
+#: inc/admin.php:1079, inc/styles-admin.php:23
 msgid "The supplied nonce is invalid."
 msgstr ""
 
-#: inc/admin.php:1076, inc/styles-admin.php:24
+#: inc/admin.php:1080, inc/styles-admin.php:24
 msgid "Invalid nonce."
 msgstr ""
 
-#: inc/admin.php:1082
+#: inc/admin.php:1086
 msgid "Please specify the type of widget form to be rendered."
 msgstr ""
 
-#: inc/admin.php:1083
+#: inc/admin.php:1087
 msgid "Missing widget type."
 msgstr ""
 
-#: inc/admin.php:1190
+#: inc/admin.php:1194
 msgid "%s Widget"
 msgid_plural "%s Widgets"
@@ -498 +498 @@
 msgstr[1] ""
 
-#: inc/admin.php:1233
+#: inc/admin.php:1237
 msgid "Get a lightbox addon for SiteOrigin widgets"
 msgstr ""
 
-#: inc/admin.php:1237
+#: inc/admin.php:1241
 msgid "Get the row, cell and widget animations addon"
 msgstr ""
 
-#: inc/admin.php:1241
+#: inc/admin.php:1245
 msgid "Get premium email support for SiteOrigin Page Builder"
 msgstr ""
 
-#: inc/admin.php:1426
+#: inc/admin.php:1430
 msgid "Toggle editor selection menu"
 msgstr ""
 
-#: inc/admin.php:1427, inc/admin.php:1474, inc/settings.php:199, settings/tpl/settings.php:9
+#: inc/admin.php:1431, inc/admin.php:1478, inc/settings.php:199, settings/tpl/settings.php:9
 msgid "SiteOrigin Page Builder"
 msgstr ""
 
-#: inc/admin.php:1428
+#: inc/admin.php:1432
 msgid "Block Editor"
 msgstr ""

siteorigin-panels/trunk/readme.txt

@@ -3 +3 @@
 Requires at least: 4.7
 Tested up to: 5.4
-Stable tag: 2.10.15
-Build time: 2020-04-07T11:25:41+02:00
+Stable tag: 2.10.16
+Build time: 2020-05-05T16:17:06+02:00
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl.html
@@ -96 +96 @@
 
 == Changelog ==
+
+= 2.10.16 - 05 May 2020 =
+* Security: Added nonce checks to Live Editor.
 
 = 2.10.15 - 07 April 2020 =

siteorigin-panels/trunk/siteorigin-panels.php

@@ -4 +4 @@
 Plugin URI: https://siteorigin.com/page-builder/
 Description: A drag and drop, responsive page builder that simplifies building your website.
-Version: 2.10.15
+Version: 2.10.16
 Author: SiteOrigin
 Author URI: https://siteorigin.com
@@ -12 +12 @@
 */
 
-define( 'SITEORIGIN_PANELS_VERSION', '2.10.15' );
+define( 'SITEORIGIN_PANELS_VERSION', '2.10.16' );
 if ( ! defined( 'SITEORIGIN_PANELS_JS_SUFFIX' ) ) {
     define( 'SITEORIGIN_PANELS_JS_SUFFIX', '.min' );
 }
 define( 'SITEORIGIN_PANELS_CSS_SUFFIX', '.min' );
-define( 'SITEORIGIN_PANELS_VERSION_SUFFIX', '-21015' );
+define( 'SITEORIGIN_PANELS_VERSION_SUFFIX', '-21016' );
 
 require_once plugin_dir_path( __FILE__ ) . 'inc/functions.php';
@@ -245 +245 @@
                 admin_url( 'admin-ajax.php?action=so_panels_live_editor_preview' )
             );
-            $preview_url = wp_nonce_url( $preview_url, 'live-editor-preview', '_panelsnonce' );
         } else {
-            $preview_url = add_query_arg( 'siteorigin_panels_live_editor', 'true', set_url_scheme( get_permalink() ) );
-        }
+            $preview_url = esc_url( add_query_arg( 'siteorigin_panels_live_editor', 'true', set_url_scheme( get_permalink() ) ) );
+        }
+        $preview_url = wp_nonce_url( $preview_url, 'live-editor-preview', '_panelsnonce' );
 
         return $preview_url;

siteorigin-panels/trunk/tpl/admin-home-page.php

@@ -12 +12 @@
         data-type="custom_home_page"
         data-post-id="<?php echo get_the_ID() ?>"
-        data-preview-url="<?php echo esc_url( add_query_arg( 'siteorigin_panels_live_editor', 'true', set_url_scheme( get_permalink() ) ) ) ?>"
+        data-preview-url="<?php echo SiteOrigin_Panels::preview_url() ?>"
         data-builder-supports="<?php echo esc_attr( json_encode( $builder_supports ) ) ?>"
         >