Changeset 3101672

Timestamp:

06/12/2024 09:36:54 AM (18 months ago)

Author:

Nikschavan

Message:

Update to version 1.6.36 from GitHub

Location:

header-footer-elementor

Files:

• tags/1.6.36 (copied) (copied from header-footer-elementor/trunk)
• tags/1.6.36/header-footer-elementor.php (modified) (2 diffs)
• tags/1.6.36/inc/widgets-manager/widgets/class-navigation-menu.php (modified) (1 diff)
• tags/1.6.36/inc/widgets-manager/widgets/class-page-title.php (modified) (3 diffs)
• tags/1.6.36/inc/widgets-manager/widgets/class-site-tagline.php (modified) (1 diff)
• tags/1.6.36/inc/widgets-manager/widgets/class-site-title.php (modified) (3 diffs)
• tags/1.6.36/languages/header-footer-elementor.pot (modified) (1 diff)
• tags/1.6.36/readme.txt (modified) (2 diffs)
• trunk/header-footer-elementor.php (modified) (2 diffs)
• trunk/inc/widgets-manager/widgets/class-navigation-menu.php (modified) (1 diff)
• trunk/inc/widgets-manager/widgets/class-page-title.php (modified) (3 diffs)
• trunk/inc/widgets-manager/widgets/class-site-tagline.php (modified) (1 diff)
• trunk/inc/widgets-manager/widgets/class-site-title.php (modified) (3 diffs)
• trunk/languages/header-footer-elementor.pot (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)

header-footer-elementor/tags/1.6.36/header-footer-elementor.php

@@ -8 +8 @@
  * Text Domain: header-footer-elementor
  * Domain Path: /languages
- * Version: 1.6.35
+ * Version: 1.6.36
  * Elementor tested up to: 3.22
  * Elementor Pro tested up to: 3.22
@@ -15 +15 @@
  */
 
-define( 'HFE_VER', '1.6.35' );
+define( 'HFE_VER', '1.6.36' );
 define( 'HFE_FILE', __FILE__ );
 define( 'HFE_DIR', plugin_dir_path( __FILE__ ) );

header-footer-elementor/tags/1.6.36/inc/widgets-manager/widgets/class-navigation-menu.php

@@ -1926 +1926 @@
         if ( 'yes' === $settings['schema_support'] ) {
             $this->add_render_attribute( 'hfe-nav-menu', 'itemscope', 'itemscope' );
-            $this->add_render_attribute( 'hfe-nav-menu', 'itemtype', 'http://schema.org/SiteNavigationElement' );
+            $this->add_render_attribute( 'hfe-nav-menu', 'itemtype', 'https://schema.org/SiteNavigationElement' );
 
             add_filter( 'hfe_nav_menu_attrs', [ $this, 'handle_link_attrs' ] );

header-footer-elementor/tags/1.6.36/inc/widgets-manager/widgets/class-page-title.php

@@ -475 +475 @@
 
         if ( '' != settings.page_heading_link.url ) {
-            view.addRenderAttribute( 'url', 'href', settings.page_heading_link.url );
+            var urlPattern = /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$|^www\.[^\s/$.?#].[^\s]*$/;
+            if( urlPattern.test( settings.page_heading_link.url ) ){
+                var sanitizedPgUrl = _.escape( settings.page_heading_link.url );
+                view.addRenderAttribute( 'url', 'href', sanitizedPgUrl );
+            }
         }
         var iconHTML = elementor.helpers.renderIcon( view, settings.new_page_title_select_icon, { 'aria-hidden': true }, 'i' , 'object' );
 
-        var headingSizeTag = settings.heading_tag;
+        var headingSizeTag = elementor.helpers.validateHTMLTag( settings.heading_tag );
 
         if ( typeof elementor.helpers.validateHTMLTag === "function" ) { 
@@ -498 +502 @@
                     </span>
                 <# } #>
-                    <# if ( '' != settings.before ) { #>
-                        {{{ settings.before }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                    <# if ( '' != settings.before ) {
+                        var before = elementor.helpers.sanitize( settings.before ) #>
+                        {{{ before }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                     <# } #>
                     <?php
@@ -508 +513 @@
                     }
                     ?>
-                    <# if ( '' != settings.after ) { #>
-                        {{{ settings.after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                    <# if ( '' != settings.after ) { 
+                        var after = elementor.helpers.sanitize( settings.after )#>
+                        {{{ after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                     <# } #>             
             </{{{ headingSizeTag }}}> <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>

header-footer-elementor/tags/1.6.36/inc/widgets-manager/widgets/class-site-tagline.php

@@ -307 +307 @@
             <# } #>
             <span>
-            <#if ( '' != settings.before ){#>
-                {{{ settings.before}}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+            <#if ( '' != settings.before ){
+                var before = elementor.helpers.sanitize( settings.before ) #>
+                {{{ before }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
             <#}#>
             <?php echo wp_kses_post( get_bloginfo( 'description' ) ); ?>
-            <# if ( '' != settings.after ){#>
-                {{{ settings.after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+            <# if ( '' != settings.after ){
+                var after = elementor.helpers.sanitize( settings.after ) #>
+                {{{ after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
             <#}#>
             </span>

header-footer-elementor/tags/1.6.36/inc/widgets-manager/widgets/class-site-title.php

@@ -459 +459 @@
         }
         if ( '' != settings.heading_link.url ) {
-            view.addRenderAttribute( 'url', 'href', settings.heading_link.url );
+            var urlPattern = /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$|^www\.[^\s/$.?#].[^\s]*$/;
+            if ( urlPattern.test( settings.heading_link.url ) ) {
+                var sanitizedUrl = _.escape( settings.heading_link.url );
+                view.addRenderAttribute( 'url', 'href', sanitizedUrl );
+            }
         }
         var iconHTML = elementor.helpers.renderIcon( view, settings.icon, { 'aria-hidden': true }, 'i' , 'object' );
 
-        var headingSizeTag = settings.heading_tag;
+        var headingSizeTag = elementor.helpers.validateHTMLTag( settings.heading_tag );
 
         if ( typeof elementor.helpers.validateHTMLTag === "function" ) { 
@@ -476 +480 @@
                     <a {{{ view.getRenderAttributeString( 'url' ) }}} > <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <# } #>
-                <{{{ headingSizeTag }}} class="hfe-heading elementor-heading-title elementor-size-{{{ settings.size }}}"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                <{{{ headingSizeTag }}} class="hfe-heading elementor-heading-title elementor-size-{{{ elementor.helpers.sanitize( settings.size ) }}}"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <# if( '' != settings.icon.value ){ #>
                 <span class="hfe-icon">
@@ -483 +487 @@
                 <# } #>
                 <span class="hfe-heading-text  elementor-heading-title" data-elementor-setting-key="heading_title" data-elementor-inline-editing-toolbar="basic" >
-                <#if ( '' != settings.before ){#>
-                    {{{ settings.before }}}  <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                <# if ( '' != settings.before ){
+                    var before = elementor.helpers.sanitize( settings.before )#>
+                    {{{ before }}}  <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <#}#>
                 <?php echo wp_kses_post( get_bloginfo( 'name' ) ); ?>
-                <# if ( '' != settings.after ){#>
-                    {{{ settings.after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                <# if ( '' != settings.after ){
+                    var after = elementor.helpers.sanitize( settings.after )#>
+                    {{{ after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <#}#>
                 </span>

header-footer-elementor/tags/1.6.36/languages/header-footer-elementor.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: Elementor Header & Footer Builder 1.6.35\n"
+"Project-Id-Version: Elementor Header & Footer Builder 1.6.36\n"
 "Report-Msgid-Bugs-To: "
 "https://wordpress.org/support/plugin/header-footer-elementor\n"
-"POT-Creation-Date: 2024-05-29 07:30:13+00:00\n"
+"POT-Creation-Date: 2024-06-12 05:43:35+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"

header-footer-elementor/tags/1.6.36/readme.txt

@@ -6 +6 @@
 Requires PHP: 5.4
 Tested up to: 6.5
-Stable tag: 1.6.35
+Stable tag: 1.6.36
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -141 +141 @@
 == Changelog ==
 
+= 1.6.36 = 
+- Fix: This update addressed a security bug. Props to Wordfence for privately reporting it to our team. Please make sure you are using the latest version on your website. 
+
 = 1.6.35 = 
 - Improvement: Compatibility with latest Elementor and Elementor Pro 3.22 version.

header-footer-elementor/trunk/header-footer-elementor.php

@@ -8 +8 @@
  * Text Domain: header-footer-elementor
  * Domain Path: /languages
- * Version: 1.6.35
+ * Version: 1.6.36
  * Elementor tested up to: 3.22
  * Elementor Pro tested up to: 3.22
@@ -15 +15 @@
  */
 
-define( 'HFE_VER', '1.6.35' );
+define( 'HFE_VER', '1.6.36' );
 define( 'HFE_FILE', __FILE__ );
 define( 'HFE_DIR', plugin_dir_path( __FILE__ ) );

header-footer-elementor/trunk/inc/widgets-manager/widgets/class-navigation-menu.php

@@ -1926 +1926 @@
         if ( 'yes' === $settings['schema_support'] ) {
             $this->add_render_attribute( 'hfe-nav-menu', 'itemscope', 'itemscope' );
-            $this->add_render_attribute( 'hfe-nav-menu', 'itemtype', 'http://schema.org/SiteNavigationElement' );
+            $this->add_render_attribute( 'hfe-nav-menu', 'itemtype', 'https://schema.org/SiteNavigationElement' );
 
             add_filter( 'hfe_nav_menu_attrs', [ $this, 'handle_link_attrs' ] );

header-footer-elementor/trunk/inc/widgets-manager/widgets/class-page-title.php

@@ -475 +475 @@
 
         if ( '' != settings.page_heading_link.url ) {
-            view.addRenderAttribute( 'url', 'href', settings.page_heading_link.url );
+            var urlPattern = /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$|^www\.[^\s/$.?#].[^\s]*$/;
+            if( urlPattern.test( settings.page_heading_link.url ) ){
+                var sanitizedPgUrl = _.escape( settings.page_heading_link.url );
+                view.addRenderAttribute( 'url', 'href', sanitizedPgUrl );
+            }
         }
         var iconHTML = elementor.helpers.renderIcon( view, settings.new_page_title_select_icon, { 'aria-hidden': true }, 'i' , 'object' );
 
-        var headingSizeTag = settings.heading_tag;
+        var headingSizeTag = elementor.helpers.validateHTMLTag( settings.heading_tag );
 
         if ( typeof elementor.helpers.validateHTMLTag === "function" ) { 
@@ -498 +502 @@
                     </span>
                 <# } #>
-                    <# if ( '' != settings.before ) { #>
-                        {{{ settings.before }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                    <# if ( '' != settings.before ) {
+                        var before = elementor.helpers.sanitize( settings.before ) #>
+                        {{{ before }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                     <# } #>
                     <?php
@@ -508 +513 @@
                     }
                     ?>
-                    <# if ( '' != settings.after ) { #>
-                        {{{ settings.after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                    <# if ( '' != settings.after ) { 
+                        var after = elementor.helpers.sanitize( settings.after )#>
+                        {{{ after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                     <# } #>             
             </{{{ headingSizeTag }}}> <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>

header-footer-elementor/trunk/inc/widgets-manager/widgets/class-site-tagline.php

@@ -307 +307 @@
             <# } #>
             <span>
-            <#if ( '' != settings.before ){#>
-                {{{ settings.before}}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+            <#if ( '' != settings.before ){
+                var before = elementor.helpers.sanitize( settings.before ) #>
+                {{{ before }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
             <#}#>
             <?php echo wp_kses_post( get_bloginfo( 'description' ) ); ?>
-            <# if ( '' != settings.after ){#>
-                {{{ settings.after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+            <# if ( '' != settings.after ){
+                var after = elementor.helpers.sanitize( settings.after ) #>
+                {{{ after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
             <#}#>
             </span>

header-footer-elementor/trunk/inc/widgets-manager/widgets/class-site-title.php

@@ -459 +459 @@
         }
         if ( '' != settings.heading_link.url ) {
-            view.addRenderAttribute( 'url', 'href', settings.heading_link.url );
+            var urlPattern = /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$|^www\.[^\s/$.?#].[^\s]*$/;
+            if ( urlPattern.test( settings.heading_link.url ) ) {
+                var sanitizedUrl = _.escape( settings.heading_link.url );
+                view.addRenderAttribute( 'url', 'href', sanitizedUrl );
+            }
         }
         var iconHTML = elementor.helpers.renderIcon( view, settings.icon, { 'aria-hidden': true }, 'i' , 'object' );
 
-        var headingSizeTag = settings.heading_tag;
+        var headingSizeTag = elementor.helpers.validateHTMLTag( settings.heading_tag );
 
         if ( typeof elementor.helpers.validateHTMLTag === "function" ) { 
@@ -476 +480 @@
                     <a {{{ view.getRenderAttributeString( 'url' ) }}} > <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <# } #>
-                <{{{ headingSizeTag }}} class="hfe-heading elementor-heading-title elementor-size-{{{ settings.size }}}"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                <{{{ headingSizeTag }}} class="hfe-heading elementor-heading-title elementor-size-{{{ elementor.helpers.sanitize( settings.size ) }}}"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <# if( '' != settings.icon.value ){ #>
                 <span class="hfe-icon">
@@ -483 +487 @@
                 <# } #>
                 <span class="hfe-heading-text  elementor-heading-title" data-elementor-setting-key="heading_title" data-elementor-inline-editing-toolbar="basic" >
-                <#if ( '' != settings.before ){#>
-                    {{{ settings.before }}}  <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                <# if ( '' != settings.before ){
+                    var before = elementor.helpers.sanitize( settings.before )#>
+                    {{{ before }}}  <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <#}#>
                 <?php echo wp_kses_post( get_bloginfo( 'name' ) ); ?>
-                <# if ( '' != settings.after ){#>
-                    {{{ settings.after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+                <# if ( '' != settings.after ){
+                    var after = elementor.helpers.sanitize( settings.after )#>
+                    {{{ after }}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
                 <#}#>
                 </span>

header-footer-elementor/trunk/languages/header-footer-elementor.pot

@@ -3 +3 @@
 msgid ""
 msgstr ""
-"Project-Id-Version: Elementor Header & Footer Builder 1.6.35\n"
+"Project-Id-Version: Elementor Header & Footer Builder 1.6.36\n"
 "Report-Msgid-Bugs-To: "
 "https://wordpress.org/support/plugin/header-footer-elementor\n"
-"POT-Creation-Date: 2024-05-29 07:30:13+00:00\n"
+"POT-Creation-Date: 2024-06-12 05:43:35+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"

header-footer-elementor/trunk/readme.txt

@@ -6 +6 @@
 Requires PHP: 5.4
 Tested up to: 6.5
-Stable tag: 1.6.35
+Stable tag: 1.6.36
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -141 +141 @@
 == Changelog ==
 
+= 1.6.36 = 
+- Fix: This update addressed a security bug. Props to Wordfence for privately reporting it to our team. Please make sure you are using the latest version on your website. 
+
 = 1.6.35 = 
 - Improvement: Compatibility with latest Elementor and Elementor Pro 3.22 version.