Changeset 3384308
- Timestamp:
- 10/25/2025 05:52:52 AM (3 months ago)
- Location:
- image-hover-effects-elementor-addon
- Files:
-
- 58 added
- 4 edited
-
tags/1.0.2.4 (added)
-
tags/1.0.2.4/Inc (added)
-
tags/1.0.2.4/Inc/Addon (added)
-
tags/1.0.2.4/Inc/Addon/Image_Hover_Effects.php (added)
-
tags/1.0.2.4/Inc/Classes (added)
-
tags/1.0.2.4/Inc/Classes/Feedback.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Ask_For_Rating.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Base (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Base/Data.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Base/Date.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Base/User_Data.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Manager.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Model (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Model/Notice.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Model/Notification.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Model/Popup.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Notifications.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Subscribe.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/Upgrade_Notice.php (added)
-
tags/1.0.2.4/Inc/Classes/Notifications/What_We_Collect.php (added)
-
tags/1.0.2.4/Inc/Classes/Pro_Upgrade.php (added)
-
tags/1.0.2.4/Inc/Classes/Recommended_Plugins.php (added)
-
tags/1.0.2.4/Inc/Classes/Row_Links.php (added)
-
tags/1.0.2.4/Inc/Classes/Upgrade_Plugin.php (added)
-
tags/1.0.2.4/Inc/Upgrades (added)
-
tags/1.0.2.4/Inc/Upgrades/upgrade-1.0.0.php (added)
-
tags/1.0.2.4/Inc/functions.php (added)
-
tags/1.0.2.4/Libs (added)
-
tags/1.0.2.4/Libs/Assets.php (added)
-
tags/1.0.2.4/Libs/Featured.php (added)
-
tags/1.0.2.4/Libs/Helper.php (added)
-
tags/1.0.2.4/Libs/Recommended.php (added)
-
tags/1.0.2.4/Libs/RowLinks.php (added)
-
tags/1.0.2.4/Libs/Upgrader.php (added)
-
tags/1.0.2.4/assets (added)
-
tags/1.0.2.4/assets/css (added)
-
tags/1.0.2.4/assets/css/image-hover-effects-elementor-addon-admin.css (added)
-
tags/1.0.2.4/assets/css/image-hover-effects-elementor-addon-frontend.css (added)
-
tags/1.0.2.4/assets/css/plugin-survey.css (added)
-
tags/1.0.2.4/assets/js (added)
-
tags/1.0.2.4/assets/js/image-hover-effects-elementor-addon-admin.js (added)
-
tags/1.0.2.4/assets/js/image-hover-effects-elementor-addon-frontend.js (added)
-
tags/1.0.2.4/class-image-hover-effects-elementor-addon.php (added)
-
tags/1.0.2.4/image-hover-effects-elementor-addon.php (added)
-
tags/1.0.2.4/readme.txt (added)
-
tags/1.0.2.4/vendor (added)
-
tags/1.0.2.4/vendor/autoload.php (added)
-
tags/1.0.2.4/vendor/composer (added)
-
tags/1.0.2.4/vendor/composer/ClassLoader.php (added)
-
tags/1.0.2.4/vendor/composer/InstalledVersions.php (added)
-
tags/1.0.2.4/vendor/composer/autoload_classmap.php (added)
-
tags/1.0.2.4/vendor/composer/autoload_files.php (added)
-
tags/1.0.2.4/vendor/composer/autoload_namespaces.php (added)
-
tags/1.0.2.4/vendor/composer/autoload_psr4.php (added)
-
tags/1.0.2.4/vendor/composer/autoload_real.php (added)
-
tags/1.0.2.4/vendor/composer/autoload_static.php (added)
-
tags/1.0.2.4/vendor/composer/installed.php (added)
-
trunk/Inc/Addon/Image_Hover_Effects.php (modified) (1 diff)
-
trunk/Libs/Recommended.php (modified) (5 diffs)
-
trunk/image-hover-effects-elementor-addon.php (modified) (1 diff)
-
trunk/readme.txt (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
image-hover-effects-elementor-addon/trunk/Inc/Addon/Image_Hover_Effects.php
r2957172 r3384308 1096 1096 1097 1097 } 1098 -
image-hover-effects-elementor-addon/trunk/Libs/Recommended.php
r2957172 r3384308 290 290 wp_send_json_error( array( 'mess' => __( 'Nonce is invalid', 'image-hover-effects-elementor-addon' ) ) ); 291 291 } 292 293 // Check if user has permission to activate plugins 294 if ( ! current_user_can( 'activate_plugins' ) ) { 295 wp_send_json_error( array( 'mess' => __( 'You do not have permission to activate plugins.', 'image-hover-effects-elementor-addon' ) ) ); 296 } 297 292 298 $file = sanitize_text_field( wp_unslash( $_POST['file'] ) ); 293 299 $result = activate_plugin( $file ); … … 345 351 wp_send_json_error( array( 'mess' => __( 'Nonce is invalid', 'image-hover-effects-elementor-addon' ) ) ); 346 352 } 347 $plugin = sanitize_text_field( wp_unslash( $_POST['plugin'] ) ); 353 354 // Check if user has permission to install/update plugins 355 if ( ! current_user_can( 'install_plugins' ) ) { 356 wp_send_json_error( array( 'mess' => __( 'You do not have permission to install or update plugins.', 'image-hover-effects-elementor-addon' ) ) ); 357 } 358 359 $plugin = esc_url_raw( wp_unslash( $_POST['plugin'] ) ); 348 360 $type = isset( $_POST['type'] ) ? sanitize_text_field( wp_unslash( $_POST['type'] ) ) : 'install'; 361 362 // Validate plugin URL to ensure it's from wordpress.org or allowed sources 363 $allowed_hosts = array( 'downloads.wordpress.org', 'wordpress.org' ); 364 $plugin_host = wp_parse_url( $plugin, PHP_URL_HOST ); 365 366 if ( ! in_array( $plugin_host, $allowed_hosts, true ) ) { 367 wp_send_json_error( array( 'mess' => __( 'Invalid plugin source. Only WordPress.org plugins are allowed.', 'image-hover-effects-elementor-addon' ) ) ); 368 } 369 349 370 $skin = new \WP_Ajax_Upgrader_Skin(); 350 371 $upgrader = new \Plugin_Upgrader( $skin ); … … 385 406 if ( $plugin_data && ! is_wp_error( $plugin_data ) ) { 386 407 $install_status = \install_plugin_install_status( $plugin_data ); 408 409 // Check activation permission before activating 410 if ( ! current_user_can( 'activate_plugins' ) ) { 411 wp_send_json_error( array( 'mess' => __( 'Plugin installed but you do not have permission to activate it.', 'image-hover-effects-elementor-addon' ) ) ); 412 } 413 387 414 $active_plugin = activate_plugin( $install_status['file'] ); 388 415 … … 408 435 } 409 436 } else { 437 // For updates, validate that the plugin parameter is a valid plugin file path 438 if ( ! validate_file( $plugin ) === 0 ) { 439 wp_send_json_error( array( 'mess' => __( 'Invalid plugin file path.', 'image-hover-effects-elementor-addon' ) ) ); 440 } 441 410 442 $is_active = is_plugin_active( $plugin ); 411 443 $result = $upgrader->upgrade( $plugin ); … … 418 450 ); 419 451 } else { 420 activate_plugin( $plugin ); 452 // Check activation permission before re-activating 453 if ( $is_active && current_user_can( 'activate_plugins' ) ) { 454 activate_plugin( $plugin ); 455 } 421 456 wp_send_json_success( 422 457 array( -
image-hover-effects-elementor-addon/trunk/image-hover-effects-elementor-addon.php
r2959929 r3384308 4 4 * Plugin URI: https://master-addons.com/demos/image-hover-effects/ 5 5 * Description: Image Hover Effects addon for elementor page builder plugin. Compare Before and After Images beautifully. 6 * Version: 1.0.2. 36 * Version: 1.0.2.4 7 7 * Author: Jewel Theme 8 8 * Author URI: https://jeweltheme.com -
image-hover-effects-elementor-addon/trunk/readme.txt
r2959929 r3384308 4 4 Tags: media, gallery, image, hover, effects, image hover, image hover effects, photo hover, image title, elementor, elementor addon 5 5 Requires at least: 4.0 6 Tested up to: 6. 37 Stable tag: 1.0.2. 36 Tested up to: 6.8 7 Stable tag: 1.0.2.4 8 8 Requires PHP: 5.6 9 9 License: GPLv3 or later … … 127 127 128 128 129 = 1.0.2 (23-08-2022)= 129 130 == Changelog == 131 = 1.0.2.4 (25-10-2025) = 132 * Security: Fixed Security Issues 133 * Security: Added capability checks to prevent unauthorized plugin installations 134 * Security: Added URL validation to restrict plugin sources to WordPress.org only 135 * Updated: WordPress 6.8 compatibility tested 136 137 = 1.0.2 (23-08-2022) = 130 138 * Updated: WordPress 6.3 compatibility checked and fixed bugs 131 139 132 133 == Changelog == 134 = 1.0.0 (09-06-2020)= 140 = 1.0.0 (09-06-2020) = 135 141 * Initial Release 136 142
Note: See TracChangeset
for help on using the changeset viewer.