Changeset 3389341

Timestamp:

11/04/2025 05:52:44 AM (2 months ago)

Author:

Litonice13

Message:

Update to version 1.0.4 from GitHub

Location:

content-locker-for-elementor

Files:

• tags/1.0.4 (copied) (copied from content-locker-for-elementor/trunk)
• tags/1.0.4/.gitattributes (added)
• tags/1.0.4/Inc/Addon/Content_Locker.php (modified) (6 diffs)
• tags/1.0.4/Inc/Classes/Feedback.php (modified) (1 diff)
• tags/1.0.4/Inc/Classes/Notifications/Notifications.php (modified) (1 diff)
• tags/1.0.4/Inc/Classes/Notifications/Subscribe.php (modified) (1 diff)
• tags/1.0.4/Inc/Classes/Notifications/What_We_Collect.php (modified) (1 diff)
• tags/1.0.4/Libs/Recommended.php (modified) (3 diffs)
• tags/1.0.4/assets/images/dropdown.png (modified) (previous)
• tags/1.0.4/assets/images/promo-image.png (modified) (previous)
• tags/1.0.4/changelog.txt (added)
• tags/1.0.4/content-locker-for-elementor.php (modified) (1 diff)
• tags/1.0.4/readme.txt (modified) (2 diffs)
• tags/1.0.4/vendor (deleted)
• trunk/.gitattributes (added)
• trunk/Inc/Addon/Content_Locker.php (modified) (6 diffs)
• trunk/Inc/Classes/Feedback.php (modified) (1 diff)
• trunk/Inc/Classes/Notifications/Notifications.php (modified) (1 diff)
• trunk/Inc/Classes/Notifications/Subscribe.php (modified) (1 diff)
• trunk/Inc/Classes/Notifications/What_We_Collect.php (modified) (1 diff)
• trunk/Libs/Recommended.php (modified) (3 diffs)
• trunk/assets/images/dropdown.png (modified) (previous)
• trunk/assets/images/promo-image.png (modified) (previous)
• trunk/changelog.txt (added)
• trunk/content-locker-for-elementor.php (modified) (1 diff)
• trunk/readme.txt (modified) (2 diffs)
• trunk/vendor (deleted)

content-locker-for-elementor/tags/1.0.4/Inc/Addon/Content_Locker.php

@@ -46 +46 @@
     }
 
-    protected function _register_controls() {
+    protected function register_controls() {
 
         /*
@@ -1152 +1152 @@
         ?>
             <div class="cle-restrict-content-fields">
-                <form <?php echo esc_attr( $this->get_render_attribute_string( 'form_wrapper' ) ); ?>>
+                <form <?php echo $this->get_render_attribute_string( 'form_wrapper' ); ?>>
                     <div class="card-body">
 
@@ -1197 +1197 @@
                 'class'                     => [ 'cle-restrict-content-wrap'],
                 'id'                        => 'cle-restrict-content-' . $this->get_id(),
-                'data-restrict-type'        => $settings['cle_restrict_content_type']
+                'data-restrict-type'        => isset($settings['cle_restrict_content_type']) ? $settings['cle_restrict_content_type'] : 'user'
             ]
         ]);
     ?>
 
-            <section <?php echo esc_attr( $this->get_render_attribute_string( 'wrapper' ) ); ?>>
+            <section <?php echo $this->get_render_attribute_string( 'wrapper' ); ?>>
 
                 <?php 
@@ -1225 +1225 @@
 
                         } else {
+                            // Ensure session is started for password validation
+                            if( session_status() == PHP_SESSION_NONE ) { 
+                                session_start(); 
+                            }
 
                             if( !empty($settings['cle_restrict_content_pass']) ) {
                                 if( isset($_POST['cle_restrict_content_pass']) && ($settings['cle_restrict_content_pass'] === $_POST['cle_restrict_content_pass']) ) {
-                                    if( !session_status() ) { session_start(); }
                                     $_SESSION['cle_restrict_content_pass'] = true;
-                                    
                                     $this->cle_restrict_content();
+                                } else if( isset($_SESSION['cle_restrict_content_pass']) && $_SESSION['cle_restrict_content_pass'] === true ) {
+                                    // Already authenticated in this session
+                                    $this->cle_restrict_content();
+                                } else {
+                                    // Wrong password or not submitted yet
+                                    if( isset($_POST['cle_restrict_content_pass']) ) {
+                                        Helper::cle_warning_messaage( esc_html__('Incorrect password. Please try again.', 'content-locker-for-elementor') );
+                                    }
+                                    $this->cle_restrict_content_msg();
+                                    $this->cle_restrict_content_form();
                                 }
                             } else {
                                 Helper::cle_warning_messaage( esc_html__('Ops, You Forget to set password!', 'content-locker-for-elementor') );
-                            }
-
-                            if( ! isset($_SESSION['cle_restrict_content_pass']) ) {                                 
                                 $this->cle_restrict_content_msg();
                                 $this->cle_restrict_content_form();
@@ -1243 +1252 @@
                         }
 
-                    } elseif ( isset($settings['cle_restrict_content_type']) == 'math_captcha') {
+                    } elseif ( isset($settings['cle_restrict_content_type']) && $settings['cle_restrict_content_type'] == 'math_captcha') {
 
                         // Math Captcha Content Locker
@@ -1253 +1262 @@
                             $cle_rc_answer_hd = isset($_POST['cle_rc_answer_hd']) ? esc_html( $_POST['cle_rc_answer_hd'] ) : "";
                             if( !empty($_POST['cle_rc_answer']) && ($_POST['cle_rc_answer'] === $cle_rc_answer_hd)) {
-                                if( !session_status() ) { session_start(); }
+                                if( session_status() == PHP_SESSION_NONE ) { session_start(); }
                                 $this->cle_restrict_content();
                             } else if ( ! isset( $_POST['cle_rc_answer'] ) || ! $_POST['cle_rc_answer'] ) { 

content-locker-for-elementor/tags/1.0.4/Inc/Classes/Feedback.php

@@ -58 +58 @@
     public function jltelcl_deactivation_survey(){
         check_ajax_referer( 'jltelcl_deactivation_nonce' );
+
+        // Check if user has permission to deactivate plugins
+        if ( ! current_user_can( 'deactivate_plugins' ) ) {
+            wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+        }
 
         $deactivation_reason  = ! empty( $_POST['deactivation_reason'] ) ? sanitize_text_field( wp_unslash( $_POST['deactivation_reason'] ) ) : '';

content-locker-for-elementor/tags/1.0.4/Inc/Classes/Notifications/Notifications.php

@@ -48 +48 @@
     public function notification_action() {
         check_ajax_referer( 'jltelcl_notification_nonce' );
+
+        // Check if user has permission to manage options
+        if ( ! current_user_can( 'manage_options' ) ) {
+            wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+        }
 
         $action_type       = ! empty( $_REQUEST['action_type'] ) ? sanitize_key( $_REQUEST['action_type'] ) : '';

content-locker-for-elementor/tags/1.0.4/Inc/Classes/Notifications/Subscribe.php

@@ -34 +34 @@
         public function jltelcl_subscribe() {
             check_ajax_referer( 'jltelcl_subscribe_nonce' );
+
+            // Check if user has permission to manage options
+            if ( ! current_user_can( 'manage_options' ) ) {
+                wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+            }
 
             $name  = ! empty( $_POST['name'] ) ? sanitize_text_field( wp_unslash( $_POST['name'] ) ) : '';

content-locker-for-elementor/tags/1.0.4/Inc/Classes/Notifications/What_We_Collect.php

@@ -35 +35 @@
         public function jltelcl_allow_collect() {
             check_ajax_referer( 'jltelcl_allow_collect_nonce' );
+
+            // Check if user has permission to manage options
+            if ( ! current_user_can( 'manage_options' ) ) {
+                wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+            }
 
             $email = get_bloginfo( 'admin_email' );

content-locker-for-elementor/tags/1.0.4/Libs/Recommended.php

@@ -41 +41 @@
 
             add_action( 'admin_menu', array( $this, 'admin_menu' ), $this->menu_order );
+            // Only allow logged-in users with appropriate permissions
             add_action( 'wp_ajax_jltelcl_recommended_upgrade_plugin', array( $this, 'jltelcl_recommended_upgrade_plugin' ) );
             add_action( 'wp_ajax_jltelcl_recommended_activate_plugin', array( $this, 'jltelcl_recommended_activate_plugin' ) );
+            // Remove nopriv actions to prevent unauthenticated access
+            remove_action( 'wp_ajax_nopriv_jltelcl_recommended_upgrade_plugin', array( $this, 'jltelcl_recommended_upgrade_plugin' ) );
+            remove_action( 'wp_ajax_nopriv_jltelcl_recommended_activate_plugin', array( $this, 'jltelcl_recommended_activate_plugin' ) );
         }
 
@@ -290 +294 @@
                         wp_send_json_error( array( 'mess' => __( 'Nonce is invalid', 'content-locker-for-elementor' ) ) );
                     }
+
+                    // Check if user has permission to activate plugins
+                    if ( ! current_user_can( 'activate_plugins' ) ) {
+                        wp_send_json_error( array( 'mess' => __( 'You do not have permission to activate plugins', 'content-locker-for-elementor' ) ) );
+                    }
                     $file   = sanitize_text_field( wp_unslash( $_POST['file'] ) );
                     $result = activate_plugin( $file );
@@ -344 +353 @@
                     if ( ! wp_verify_nonce( $nonce, 'jltelcl_recommended_nonce' ) ) {
                         wp_send_json_error( array( 'mess' => __( 'Nonce is invalid', 'content-locker-for-elementor' ) ) );
+                    }
+
+                    // Check if user has permission to install and update plugins
+                    if ( ! current_user_can( 'install_plugins' ) || ! current_user_can( 'update_plugins' ) ) {
+                        wp_send_json_error( array( 'mess' => __( 'You do not have permission to install or update plugins', 'content-locker-for-elementor' ) ) );
                     }
                     $plugin   = sanitize_text_field( wp_unslash( $_POST['plugin'] ) );

content-locker-for-elementor/tags/1.0.4/content-locker-for-elementor.php

@@ -4 +4 @@
  * Plugin URI:  https://master-addons.com/restrict-content-for-elementor/
  * Description: Fast and Easy Elementor way to Restrict your Content. Content Locker for Elementor will give you full independncy over Contents like memebership websites.
- * Version:     1.0.3
+ * Version:     1.0.4
  * Author:      Jewel Theme
  * Author URI:  https://jeweltheme.com

content-locker-for-elementor/tags/1.0.4/readme.txt

@@ -4 +4 @@
 Tags: content locker, restrict content elementor, member, members, membership, memberships, member only, registration form, restricted access, limit access, read only,
 Requires at least: 4.0
-Tested up to: 6.3.1
-Stable tag: trunk
+Tested up to: 6.8
+Stable tag: 1.0.4
 Requires PHP: 5.6
 License: GPLv3 or later
@@ -116 +116 @@
 
 
-
-== Changelog ==
-= 1.0.3 (12-10-2023) =
-* Updated: Blank Admin page issue fixed
-
-= 1.0.0 (18-02-2020)=
-* Initial Release
-
 == Upgrade Notice ==

content-locker-for-elementor/trunk/Inc/Addon/Content_Locker.php

@@ -46 +46 @@
     }
 
-    protected function _register_controls() {
+    protected function register_controls() {
 
         /*
@@ -1152 +1152 @@
         ?>
             <div class="cle-restrict-content-fields">
-                <form <?php echo esc_attr( $this->get_render_attribute_string( 'form_wrapper' ) ); ?>>
+                <form <?php echo $this->get_render_attribute_string( 'form_wrapper' ); ?>>
                     <div class="card-body">
 
@@ -1197 +1197 @@
                 'class'                     => [ 'cle-restrict-content-wrap'],
                 'id'                        => 'cle-restrict-content-' . $this->get_id(),
-                'data-restrict-type'        => $settings['cle_restrict_content_type']
+                'data-restrict-type'        => isset($settings['cle_restrict_content_type']) ? $settings['cle_restrict_content_type'] : 'user'
             ]
         ]);
     ?>
 
-            <section <?php echo esc_attr( $this->get_render_attribute_string( 'wrapper' ) ); ?>>
+            <section <?php echo $this->get_render_attribute_string( 'wrapper' ); ?>>
 
                 <?php 
@@ -1225 +1225 @@
 
                         } else {
+                            // Ensure session is started for password validation
+                            if( session_status() == PHP_SESSION_NONE ) { 
+                                session_start(); 
+                            }
 
                             if( !empty($settings['cle_restrict_content_pass']) ) {
                                 if( isset($_POST['cle_restrict_content_pass']) && ($settings['cle_restrict_content_pass'] === $_POST['cle_restrict_content_pass']) ) {
-                                    if( !session_status() ) { session_start(); }
                                     $_SESSION['cle_restrict_content_pass'] = true;
-                                    
                                     $this->cle_restrict_content();
+                                } else if( isset($_SESSION['cle_restrict_content_pass']) && $_SESSION['cle_restrict_content_pass'] === true ) {
+                                    // Already authenticated in this session
+                                    $this->cle_restrict_content();
+                                } else {
+                                    // Wrong password or not submitted yet
+                                    if( isset($_POST['cle_restrict_content_pass']) ) {
+                                        Helper::cle_warning_messaage( esc_html__('Incorrect password. Please try again.', 'content-locker-for-elementor') );
+                                    }
+                                    $this->cle_restrict_content_msg();
+                                    $this->cle_restrict_content_form();
                                 }
                             } else {
                                 Helper::cle_warning_messaage( esc_html__('Ops, You Forget to set password!', 'content-locker-for-elementor') );
-                            }
-
-                            if( ! isset($_SESSION['cle_restrict_content_pass']) ) {                                 
                                 $this->cle_restrict_content_msg();
                                 $this->cle_restrict_content_form();
@@ -1243 +1252 @@
                         }
 
-                    } elseif ( isset($settings['cle_restrict_content_type']) == 'math_captcha') {
+                    } elseif ( isset($settings['cle_restrict_content_type']) && $settings['cle_restrict_content_type'] == 'math_captcha') {
 
                         // Math Captcha Content Locker
@@ -1253 +1262 @@
                             $cle_rc_answer_hd = isset($_POST['cle_rc_answer_hd']) ? esc_html( $_POST['cle_rc_answer_hd'] ) : "";
                             if( !empty($_POST['cle_rc_answer']) && ($_POST['cle_rc_answer'] === $cle_rc_answer_hd)) {
-                                if( !session_status() ) { session_start(); }
+                                if( session_status() == PHP_SESSION_NONE ) { session_start(); }
                                 $this->cle_restrict_content();
                             } else if ( ! isset( $_POST['cle_rc_answer'] ) || ! $_POST['cle_rc_answer'] ) { 

content-locker-for-elementor/trunk/Inc/Classes/Feedback.php

@@ -58 +58 @@
     public function jltelcl_deactivation_survey(){
         check_ajax_referer( 'jltelcl_deactivation_nonce' );
+
+        // Check if user has permission to deactivate plugins
+        if ( ! current_user_can( 'deactivate_plugins' ) ) {
+            wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+        }
 
         $deactivation_reason  = ! empty( $_POST['deactivation_reason'] ) ? sanitize_text_field( wp_unslash( $_POST['deactivation_reason'] ) ) : '';

content-locker-for-elementor/trunk/Inc/Classes/Notifications/Notifications.php

@@ -48 +48 @@
     public function notification_action() {
         check_ajax_referer( 'jltelcl_notification_nonce' );
+
+        // Check if user has permission to manage options
+        if ( ! current_user_can( 'manage_options' ) ) {
+            wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+        }
 
         $action_type       = ! empty( $_REQUEST['action_type'] ) ? sanitize_key( $_REQUEST['action_type'] ) : '';

content-locker-for-elementor/trunk/Inc/Classes/Notifications/Subscribe.php

@@ -34 +34 @@
         public function jltelcl_subscribe() {
             check_ajax_referer( 'jltelcl_subscribe_nonce' );
+
+            // Check if user has permission to manage options
+            if ( ! current_user_can( 'manage_options' ) ) {
+                wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+            }
 
             $name  = ! empty( $_POST['name'] ) ? sanitize_text_field( wp_unslash( $_POST['name'] ) ) : '';

content-locker-for-elementor/trunk/Inc/Classes/Notifications/What_We_Collect.php

@@ -35 +35 @@
         public function jltelcl_allow_collect() {
             check_ajax_referer( 'jltelcl_allow_collect_nonce' );
+
+            // Check if user has permission to manage options
+            if ( ! current_user_can( 'manage_options' ) ) {
+                wp_send_json_error( __( 'You do not have permission to perform this action', 'content-locker-for-elementor' ) );
+            }
 
             $email = get_bloginfo( 'admin_email' );

content-locker-for-elementor/trunk/Libs/Recommended.php

@@ -41 +41 @@
 
             add_action( 'admin_menu', array( $this, 'admin_menu' ), $this->menu_order );
+            // Only allow logged-in users with appropriate permissions
             add_action( 'wp_ajax_jltelcl_recommended_upgrade_plugin', array( $this, 'jltelcl_recommended_upgrade_plugin' ) );
             add_action( 'wp_ajax_jltelcl_recommended_activate_plugin', array( $this, 'jltelcl_recommended_activate_plugin' ) );
+            // Remove nopriv actions to prevent unauthenticated access
+            remove_action( 'wp_ajax_nopriv_jltelcl_recommended_upgrade_plugin', array( $this, 'jltelcl_recommended_upgrade_plugin' ) );
+            remove_action( 'wp_ajax_nopriv_jltelcl_recommended_activate_plugin', array( $this, 'jltelcl_recommended_activate_plugin' ) );
         }
 
@@ -290 +294 @@
                         wp_send_json_error( array( 'mess' => __( 'Nonce is invalid', 'content-locker-for-elementor' ) ) );
                     }
+
+                    // Check if user has permission to activate plugins
+                    if ( ! current_user_can( 'activate_plugins' ) ) {
+                        wp_send_json_error( array( 'mess' => __( 'You do not have permission to activate plugins', 'content-locker-for-elementor' ) ) );
+                    }
                     $file   = sanitize_text_field( wp_unslash( $_POST['file'] ) );
                     $result = activate_plugin( $file );
@@ -344 +353 @@
                     if ( ! wp_verify_nonce( $nonce, 'jltelcl_recommended_nonce' ) ) {
                         wp_send_json_error( array( 'mess' => __( 'Nonce is invalid', 'content-locker-for-elementor' ) ) );
+                    }
+
+                    // Check if user has permission to install and update plugins
+                    if ( ! current_user_can( 'install_plugins' ) || ! current_user_can( 'update_plugins' ) ) {
+                        wp_send_json_error( array( 'mess' => __( 'You do not have permission to install or update plugins', 'content-locker-for-elementor' ) ) );
                     }
                     $plugin   = sanitize_text_field( wp_unslash( $_POST['plugin'] ) );

content-locker-for-elementor/trunk/content-locker-for-elementor.php

@@ -4 +4 @@
  * Plugin URI:  https://master-addons.com/restrict-content-for-elementor/
  * Description: Fast and Easy Elementor way to Restrict your Content. Content Locker for Elementor will give you full independncy over Contents like memebership websites.
- * Version:     1.0.3
+ * Version:     1.0.4
  * Author:      Jewel Theme
  * Author URI:  https://jeweltheme.com

content-locker-for-elementor/trunk/readme.txt

@@ -4 +4 @@
 Tags: content locker, restrict content elementor, member, members, membership, memberships, member only, registration form, restricted access, limit access, read only,
 Requires at least: 4.0
-Tested up to: 6.3.1
-Stable tag: trunk
+Tested up to: 6.8
+Stable tag: 1.0.4
 Requires PHP: 5.6
 License: GPLv3 or later
@@ -116 +116 @@
 
 
-
-== Changelog ==
-= 1.0.3 (12-10-2023) =
-* Updated: Blank Admin page issue fixed
-
-= 1.0.0 (18-02-2020)=
-* Initial Release
-
 == Upgrade Notice ==