Changeset 3372940

Timestamp:

10/04/2025 07:08:54 PM (4 months ago)

Author:

elementinvader

Message:

v1.4.0

Location:

elementinvader-addons-for-elementor

Files:

• tags/1.4.0 (added)
• tags/1.4.0/.gitignore (added)
• tags/1.4.0/LICENSE.txt (added)
• tags/1.4.0/README.txt (added)
• tags/1.4.0/assets (added)
• tags/1.4.0/assets/admin (added)
• tags/1.4.0/assets/admin/css (added)
• tags/1.4.0/assets/admin/css/bootstrap-wrapper.css (added)
• tags/1.4.0/assets/admin/css/dist (added)
• tags/1.4.0/assets/admin/css/dist/eli-wrapper.css (added)
• tags/1.4.0/assets/admin/css/dist/style.css (added)
• tags/1.4.0/assets/admin/css/eli-content-basic.css (added)
• tags/1.4.0/assets/admin/css/eli-content-basic.scss (added)
• tags/1.4.0/assets/admin/css/eli-wrapper.css (added)
• tags/1.4.0/assets/admin/css/eli-wrapper.scss (added)
• tags/1.4.0/assets/admin/css/font-awesome.css (added)
• tags/1.4.0/assets/admin/css/font-awesome.min.css (added)
• tags/1.4.0/assets/admin/css/select.dataTables.min.css (added)
• tags/1.4.0/assets/admin/css/style.css (added)
• tags/1.4.0/assets/admin/css/style.scss (added)
• tags/1.4.0/assets/admin/fonts (added)
• tags/1.4.0/assets/admin/fonts/FontAwesome.otf (added)
• tags/1.4.0/assets/admin/fonts/fontawesome-webfont.eot (added)
• tags/1.4.0/assets/admin/fonts/fontawesome-webfont.svg (added)
• tags/1.4.0/assets/admin/fonts/fontawesome-webfont.ttf (added)
• tags/1.4.0/assets/admin/fonts/fontawesome-webfont.woff (added)
• tags/1.4.0/assets/admin/fonts/fontawesome-webfont.woff2 (added)
• tags/1.4.0/assets/admin/fonts/glyphicons-halflings-regular.eot (added)
• tags/1.4.0/assets/admin/fonts/glyphicons-halflings-regular.svg (added)
• tags/1.4.0/assets/admin/fonts/glyphicons-halflings-regular.ttf (added)
• tags/1.4.0/assets/admin/fonts/glyphicons-halflings-regular.woff (added)
• tags/1.4.0/assets/admin/fonts/glyphicons-halflings-regular.woff2 (added)
• tags/1.4.0/assets/admin/fonts/verdana.ttf (added)
• tags/1.4.0/assets/admin/img (added)
• tags/1.4.0/assets/admin/img/details_close.png (added)
• tags/1.4.0/assets/admin/img/details_open.png (added)
• tags/1.4.0/assets/admin/img/log_bullet.jpg (added)
• tags/1.4.0/assets/admin/img/logo.png (added)
• tags/1.4.0/assets/admin/js (added)
• tags/1.4.0/assets/admin/js/dataTables.responsive.js (added)
• tags/1.4.0/assets/admin/js/dataTables.select.min.js (added)
• tags/1.4.0/assets/admin/js/datatables.min.js (added)
• tags/1.4.0/assets/admin/js/datetime-picker (added)
• tags/1.4.0/assets/admin/js/datetime-picker/css (added)
• tags/1.4.0/assets/admin/js/datetime-picker/css/bootstrap-datetimepicker-standalone.css (added)
• tags/1.4.0/assets/admin/js/datetime-picker/css/bootstrap-datetimepicker.css (added)
• tags/1.4.0/assets/admin/js/datetime-picker/css/bootstrap-datetimepicker.min.css (added)
• tags/1.4.0/assets/admin/js/datetime-picker/js (added)
• tags/1.4.0/assets/admin/js/datetime-picker/js/bootstrap-datetimepicker.min.js (added)
• tags/1.4.0/assets/admin/js/datetime-picker/js/moment-with-locales.js (added)
• tags/1.4.0/assets/admin/js/jquery-confirm (added)
• tags/1.4.0/assets/admin/js/jquery-confirm/jquery-confirm.min.css (added)
• tags/1.4.0/assets/admin/js/jquery-confirm/jquery-confirm.min.js (added)
• tags/1.4.0/assets/admin/js/magnific-popup (added)
• tags/1.4.0/assets/admin/js/magnific-popup/jquery.magnific-popup.js (added)
• tags/1.4.0/assets/admin/js/magnific-popup/jquery.magnific-popup.min.js (added)
• tags/1.4.0/assets/admin/js/magnific-popup/magnific-popup.css (added)
• tags/1.4.0/assets/css (added)
• tags/1.4.0/assets/css/_animation.css (added)
• tags/1.4.0/assets/css/custom-inline.css (added)
• tags/1.4.0/assets/css/eli-hover.css (added)
• tags/1.4.0/assets/css/eli-hover.scss (added)
• tags/1.4.0/assets/css/eli-modal.css (added)
• tags/1.4.0/assets/css/eli-modal.scss (added)
• tags/1.4.0/assets/css/main.css (added)
• tags/1.4.0/assets/css/widgets (added)
• tags/1.4.0/assets/css/widgets.css (added)
• tags/1.4.0/assets/css/widgets/blog-grid.css (added)
• tags/1.4.0/assets/css/widgets/blog-preview.css (added)
• tags/1.4.0/assets/css/widgets/blog-preview.scss (added)
• tags/1.4.0/assets/css/widgets/blog-search.css (added)
• tags/1.4.0/assets/css/widgets/contact_form.css (added)
• tags/1.4.0/assets/css/widgets/dist (added)
• tags/1.4.0/assets/css/widgets/dist/slider.css (added)
• tags/1.4.0/assets/css/widgets/logo.css (added)
• tags/1.4.0/assets/css/widgets/logo.scss (added)
• tags/1.4.0/assets/css/widgets/map.css (added)
• tags/1.4.0/assets/css/widgets/menu.css (added)
• tags/1.4.0/assets/css/widgets/newslatter_form.css (added)
• tags/1.4.0/assets/css/widgets/slider.css (added)
• tags/1.4.0/assets/css/widgets/slider.scss (added)
• tags/1.4.0/assets/img (added)
• tags/1.4.0/assets/img/ajax-loader-white-small.gif (added)
• tags/1.4.0/assets/img/cancel.png (added)
• tags/1.4.0/assets/img/map-preview.jpg (added)
• tags/1.4.0/assets/img/mark.png (added)
• tags/1.4.0/assets/img/mark_content_b.png (added)
• tags/1.4.0/assets/img/mark_content_bac.png (added)
• tags/1.4.0/assets/img/placeholder.jpg (added)
• tags/1.4.0/assets/img/placeholder_agent.jpg (added)
• tags/1.4.0/assets/img/plus.png (added)
• tags/1.4.0/assets/img/wl_content.png (added)
• tags/1.4.0/assets/js (added)
• tags/1.4.0/assets/js/eli-modal.js (added)
• tags/1.4.0/assets/js/main.js (added)
• tags/1.4.0/assets/libs (added)
• tags/1.4.0/assets/libs/fontawesome-5.8 (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/css (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/css/fontawesome-5.css (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/css/fontawesome-5.min.css (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-brands-400.eot (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-brands-400.svg (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-brands-400.ttf (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-brands-400.woff (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-brands-400.woff2 (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-regular-400.eot (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-regular-400.svg (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-regular-400.ttf (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-regular-400.woff (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-regular-400.woff2 (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-solid-900.eot (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-solid-900.svg (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-solid-900.ttf (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-solid-900.woff (added)
• tags/1.4.0/assets/libs/fontawesome-5.8/webfonts/fa-solid-900.woff2 (added)
• tags/1.4.0/assets/libs/leaflet (added)
• tags/1.4.0/assets/libs/leaflet/MarkerCluster.Default.css (added)
• tags/1.4.0/assets/libs/leaflet/MarkerCluster.css (added)
• tags/1.4.0/assets/libs/leaflet/images (added)
• tags/1.4.0/assets/libs/leaflet/images/layers-2x.png (added)
• tags/1.4.0/assets/libs/leaflet/images/layers.png (added)
• tags/1.4.0/assets/libs/leaflet/images/marker-icon-2x.png (added)
• tags/1.4.0/assets/libs/leaflet/images/marker-icon.png (added)
• tags/1.4.0/assets/libs/leaflet/images/marker-shadow.png (added)
• tags/1.4.0/assets/libs/leaflet/leaflet.css (added)
• tags/1.4.0/assets/libs/leaflet/leaflet.js (added)
• tags/1.4.0/assets/libs/leaflet/leaflet.markercluster.js (added)
• tags/1.4.0/assets/libs/masonry (added)
• tags/1.4.0/assets/libs/masonry/dist (added)
• tags/1.4.0/assets/libs/masonry/dist/imagesloaded.pkgd.min.js (added)
• tags/1.4.0/assets/libs/masonry/dist/masonry.pkgd.min.js (added)
• tags/1.4.0/assets/libs/slick (added)
• tags/1.4.0/assets/libs/slick/ajax-loader.gif (added)
• tags/1.4.0/assets/libs/slick/fonts (added)
• tags/1.4.0/assets/libs/slick/fonts/slick.eot (added)
• tags/1.4.0/assets/libs/slick/fonts/slick.svg (added)
• tags/1.4.0/assets/libs/slick/fonts/slick.ttf (added)
• tags/1.4.0/assets/libs/slick/fonts/slick.woff (added)
• tags/1.4.0/assets/libs/slick/slick-theme.css (added)
• tags/1.4.0/assets/libs/slick/slick.css (added)
• tags/1.4.0/assets/libs/slick/slick.min.js (added)
• tags/1.4.0/assets/libs/wdkscrollmobileswipe (added)
• tags/1.4.0/assets/libs/wdkscrollmobileswipe/wdk-scroll-mobile-swipe.css (added)
• tags/1.4.0/assets/libs/wdkscrollmobileswipe/wdk-scroll-mobile-swipe.js (added)
• tags/1.4.0/core (added)
• tags/1.4.0/core/Elementinvader_Base.php (added)
• tags/1.4.0/elementinvader-addons-for-elementor.php (added)
• tags/1.4.0/helpers (added)
• tags/1.4.0/helpers/plugin_helpers.php (added)
• tags/1.4.0/include (added)
• tags/1.4.0/include/intall.php (added)
• tags/1.4.0/index.php (added)
• tags/1.4.0/locale (added)
• tags/1.4.0/locale/elementinvader-addons-for-elementor.pot (added)
• tags/1.4.0/modules (added)
• tags/1.4.0/modules/forms (added)
• tags/1.4.0/modules/forms/ajax-handler.php (added)
• tags/1.4.0/modules/mail_base (added)
• tags/1.4.0/modules/mail_base/mail_base.php (added)
• tags/1.4.0/pages (added)
• tags/1.4.0/pages/mail_base (added)
• tags/1.4.0/pages/mail_base/index.php (added)
• tags/1.4.0/plugin.php (added)
• tags/1.4.0/screenshot-1.jpg (added)
• tags/1.4.0/screenshot-2.jpg (added)
• tags/1.4.0/screenshot-3.jpg (added)
• tags/1.4.0/screenshot-4.jpg (added)
• tags/1.4.0/shortcodes (added)
• tags/1.4.0/shortcodes/shortcode-eli_option_value.php (added)
• tags/1.4.0/shortcodes/shortcode-newsletter.php (added)
• tags/1.4.0/shortcodes/shortcode-post_content.php (added)
• tags/1.4.0/shortcodes/shortcodes-init.php (added)
• tags/1.4.0/shortcodes/views (added)
• tags/1.4.0/shortcodes/views/shortcode-newsletter.php (added)
• tags/1.4.0/views (added)
• tags/1.4.0/views/blog_grid (added)
• tags/1.4.0/views/blog_grid/widget_layout.php (added)
• tags/1.4.0/views/blog_post_counter (added)
• tags/1.4.0/views/blog_post_counter/widget_layout.php (added)
• tags/1.4.0/views/blog_preview (added)
• tags/1.4.0/views/blog_preview/button-custom.php (added)
• tags/1.4.0/views/blog_preview/button.php (added)
• tags/1.4.0/views/blog_preview/category.php (added)
• tags/1.4.0/views/blog_preview/content.php (added)
• tags/1.4.0/views/blog_preview/meta.php (added)
• tags/1.4.0/views/blog_preview/thumbnail.php (added)
• tags/1.4.0/views/blog_preview/title.php (added)
• tags/1.4.0/views/current_date (added)
• tags/1.4.0/views/current_date/widget_layout.php (added)
• tags/1.4.0/views/form (added)
• tags/1.4.0/views/form/fields (added)
• tags/1.4.0/views/form/fields/accept.php (added)
• tags/1.4.0/views/form/fields/checkbox.php (added)
• tags/1.4.0/views/form/fields/html.php (added)
• tags/1.4.0/views/form/fields/input.php (added)
• tags/1.4.0/views/form/fields/radio.php (added)
• tags/1.4.0/views/form/fields/recaptcha.php (added)
• tags/1.4.0/views/form/fields/select.php (added)
• tags/1.4.0/views/form/fields/textarea.php (added)
• tags/1.4.0/views/form/widget_layout.php (added)
• tags/1.4.0/views/logo (added)
• tags/1.4.0/views/logo/widget_layout.php (added)
• tags/1.4.0/views/map (added)
• tags/1.4.0/views/map/map_layout.php (added)
• tags/1.4.0/views/menu (added)
• tags/1.4.0/views/menu/menu_layout.php (added)
• tags/1.4.0/views/search_form (added)
• tags/1.4.0/views/search_form/widget_layout.php (added)
• tags/1.4.0/views/slider (added)
• tags/1.4.0/views/slider/widget_layout.php (added)
• tags/1.4.0/widgets (added)
• tags/1.4.0/widgets/blog-grid.php (added)
• tags/1.4.0/widgets/blog-post-counter.php (added)
• tags/1.4.0/widgets/blog-preview-button-custom.php (added)
• tags/1.4.0/widgets/blog-preview-button.php (added)
• tags/1.4.0/widgets/blog-preview-category.php (added)
• tags/1.4.0/widgets/blog-preview-content.php (added)
• tags/1.4.0/widgets/blog-preview-meta.php (added)
• tags/1.4.0/widgets/blog-preview-thumbnail.php (added)
• tags/1.4.0/widgets/blog-preview-title.php (added)
• tags/1.4.0/widgets/blog-search.php (added)
• tags/1.4.0/widgets/contact-form.php (added)
• tags/1.4.0/widgets/current-date.php (added)
• tags/1.4.0/widgets/logo.php (added)
• tags/1.4.0/widgets/map.php (added)
• tags/1.4.0/widgets/menu.php (added)
• tags/1.4.0/widgets/newsletter.php (added)
• tags/1.4.0/widgets/pageloader.php (added)
• tags/1.4.0/widgets/slider.php (added)
• trunk/README.txt (modified) (2 diffs)
• trunk/elementinvader-addons-for-elementor.php (modified) (1 diff)
• trunk/helpers/plugin_helpers.php (modified) (1 diff)
• trunk/modules/forms/ajax-handler.php (modified) (5 diffs)
• trunk/shortcodes/views/shortcode-newsletter.php (modified) (1 diff)
• trunk/views/form/widget_layout.php (modified) (1 diff)

elementinvader-addons-for-elementor/trunk/README.txt

@@ -6 +6 @@
 Requires PHP: 5.6
 Tested up to: 6.8
-Stable tag: 1.3.9
+Stable tag: 1.4.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -89 +89 @@
 == Changelog ==
 
+= 1.3.10 =
+* Form Poc Protect with Token
+
 = 1.3.9 =
 * Encrypt contact data from shortcode

elementinvader-addons-for-elementor/trunk/elementinvader-addons-for-elementor.php

@@ -5 +5 @@
  * Description: Ready to use Elementor Addon Elements like Menu, Forms, Maps, Newsletter with many styling options
  * Plugin URI:  https://elementinvader.com
- * Version:     1.3.9
+ * Version:     1.4.0
  * Author:      ElementInvader
  * Author URI:  https://elementinvader.com

elementinvader-addons-for-elementor/trunk/helpers/plugin_helpers.php

@@ -371 +371 @@
     return $decrypted !== false ? $decrypted : false;
 }
+
+function eli_generate_form_token() {
+    $token = wp_generate_password(32, false, false);
+
+    $context = eli_get_request_context();
+    set_transient('eli_form_token_' . $token, $context, 30 * MINUTE_IN_SECONDS);
+
+    return $token;
+}
+
+function eli_verify_form_token($token) {
+    $context = eli_get_request_context();
+    $stored  = get_transient('eli_form_token_' . $token);
+
+    if ($stored && hash_equals($stored, $context)) {
+        delete_transient('eli_form_token_' . $token); // одноразовый
+        return true;
+    }
+    return false;
+}
+
+function eli_get_request_context() {
+    $ip    = $_SERVER['REMOTE_ADDR'] ?? '';
+    $agent = $_SERVER['HTTP_USER_AGENT'] ?? '';
+
+    return hash('sha256', $ip . '|' . $agent);
+}

elementinvader-addons-for-elementor/trunk/modules/forms/ajax-handler.php

@@ -277 +277 @@
                 $this->output( $ajax_output );
             }
+
+            if (empty($_POST['eli_token']) || !eli_verify_form_token($_POST['eli_token'])) {
+                $ajax_output['code'] = self::INVALID_FORM;
+                $ajax_output['message'] = $this->generate_alert( esc_html__( 'Security check failed. Please reload the page and try again.(Token)', 'elementinvader-addons-for-elementor' ), 'elementinvader_addons_for_elementor_alert-danger' );
+                $this->output( $ajax_output );
+            }
+
             
             $post = sanitize_post($_POST);
@@ -290 +297 @@
             $form_data = array(); 
             if(isset($post['shortcode']) && !empty($post['shortcode'])){
+                
+                $allowed_fields = [
+                    'mail_data_to_email',
+                    'mail_data_from_email',
+                    'mail_data_from_name',
+                    'Email',
+                    'email',
+                    'custom_class',
+                    'disable_mail_send',
+                    'mail_data_subject',
+                    'recaptcha_site_key',
+                    'recaptcha_secret_key',
+                    'section_send_action_mailchimp_api_key',
+                    'section_send_action_mailchimp_list_id',
+                    'send_action_type',
+                ];
+                $_POST = array_intersect_key($_POST, array_flip($allowed_fields));
+
                 $form_data = array('settings' => $_POST);
 
@@ -297 +322 @@
                     }
                 }
+
+                
             } else {
                 $get_settings   = new ThzelGetElementSettings($post['eli_page_id'],$post['eli_id'],$post['eli_type']); 
@@ -378 +405 @@
 
                     if($key=='element_id') continue;
-                    if(in_array($key, array('eli_id', 'eli_type','ID','filter','action','send_action_type', 'g-recaptcha-response'))) continue;
+                    if(in_array($key, array('eli_id', 'eli_type','ID','filter','action','send_action_type', 'g-recaptcha-response','eli_nonce','eli_token','_wp_http_referer','mail_data_to_email',
+                    'mail_data_from_email',
+                    'mail_data_from_name','shortcode'))) continue;
 
                     if($key  == 'eli_page_id'){
@@ -479 +508 @@
                         if(empty($value)) continue;
 
-                        if(in_array($key, array('eli_id', 'eli_type','ID','filter','action', 'send_action_type', 'g-recaptcha-response'))) continue;
+                        if(in_array($key, array('eli_id', 'eli_type','ID','filter','action', 'send_action_type', 'g-recaptcha-response','eli_nonce','eli_token','_wp_http_referer','mail_data_to_email',
+                        'mail_data_from_email',
+                        'mail_data_from_name','shortcode'))) continue;
 
                         if($key  == 'eli_page_id'){

elementinvader-addons-for-elementor/trunk/shortcodes/views/shortcode-newsletter.php

@@ -5 +5 @@
             <input type="hidden" name="element_id" value="1">
             <input type="hidden" name="shortcode" value="1">
+            <input type="hidden" name="eli_token" value="<?php echo esc_attr(eli_generate_form_token()); ?>">
             <?php
             // Add a nonce field for AJAX security

elementinvader-addons-for-elementor/trunk/views/form/widget_layout.php

@@ -9 +9 @@
         <form class="elementinvader_addons_for_elementor_f" <?php if(isset($settings['disable_scroll_to_form']) && $settings['disable_scroll_to_form'] == 'yes'):?> scroll-disabled="disabled"<?php endif;?>>
             <input type="hidden" name="element_id" value="<?php echo esc_attr($this->get_id_int());?>"/>
+            <input type="hidden" name="eli_token" value="<?php echo esc_attr(eli_generate_form_token()); ?>">
             
             <?php