Astra Starter Sites - Version 1.3.21

Version Description

Release Info

Developer	brainstormworg
Plugin	Astra Starter Sites
Version	1.3.21
Comparing to
See all releases

Code changes from version 1.3.20 to 1.3.21

Files changed (8) hide show

astra-sites.php +2 -2
inc/assets/js/admin-page.js +24 -3
inc/classes/class-astra-sites-importer.php +93 -1
inc/classes/class-astra-sites.php +23 -1
inc/importers/wxr-importer/class-astra-wxr-importer.php +7 -0
inc/lib/astra-notices/class-astra-notices.php +14 -2
inc/lib/astra-notices/notices.js +1 -1
readme.txt +4 -1

astra-sites.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Astra Starter Sites
4	* Plugin URI: http://www.wpastra.com/pro/
5	* Description: Import free sites build with Astra theme.
6	- * Version: 1.3.20
7	* Author: Brainstorm Force
8	* Author URI: http://www.brainstormforce.com
9	* Text Domain: astra-sites
	@@ -19,7 +19,7 @@ if ( ! defined( 'ASTRA_SITES_NAME' ) ) {
19	}
20
21	if ( ! defined( 'ASTRA_SITES_VER' ) ) {
22	- define( 'ASTRA_SITES_VER', '1.3.20' );
23	}
24
25	if ( ! defined( 'ASTRA_SITES_FILE' ) ) {


3	* Plugin Name: Astra Starter Sites
4	* Plugin URI: http://www.wpastra.com/pro/
5	* Description: Import free sites build with Astra theme.
6	+ * Version: 1.3.21
7	* Author: Brainstorm Force
8	* Author URI: http://www.brainstormforce.com
9	* Text Domain: astra-sites

19	}
20
21	if ( ! defined( 'ASTRA_SITES_VER' ) ) {
22	+ define( 'ASTRA_SITES_VER', '1.3.21' );
23	}
24
25	if ( ! defined( 'ASTRA_SITES_FILE' ) ) {

inc/assets/js/admin-page.js CHANGED Viewed

	@@ -298,7 +298,8 @@ var AstraSitesAjaxQueue = (function() {
298	url : astraSitesAdmin.ajaxurl,
299	type : 'POST',
300	data : {
301	- action : 'astra-sites-reset-customizer-data'

302	},
303	beforeSend: function() {
304	AstraSitesAdmin._log_title( 'Reseting Customizer Data..' );
	@@ -319,7 +320,8 @@ var AstraSitesAjaxQueue = (function() {
319	url : astraSitesAdmin.ajaxurl,
320	type : 'POST',
321	data : {
322	- action : 'astra-sites-reset-site-options'

323	},
324	beforeSend: function() {
325	AstraSitesAdmin._log_title( 'Reseting Site Options..' );
	@@ -340,7 +342,8 @@ var AstraSitesAjaxQueue = (function() {
340	url : astraSitesAdmin.ajaxurl,
341	type : 'POST',
342	data : {
343	- action : 'astra-sites-reset-widgets-data'

344	},
345	beforeSend: function() {
346	AstraSitesAdmin._log_title( 'Reseting Widgets..' );
	@@ -370,6 +373,7 @@ var AstraSitesAjaxQueue = (function() {
370	data: {
371	action : 'astra-sites-delete-posts',
372	post_id : post_id,

373	},
374	success: function( result ){
375
	@@ -408,6 +412,7 @@ var AstraSitesAjaxQueue = (function() {
408	data: {
409	action : 'astra-sites-delete-wp-forms',
410	post_id : post_id,

411	},
412	success: function( result ){
413
	@@ -446,6 +451,7 @@ var AstraSitesAjaxQueue = (function() {
446	data: {
447	action : 'astra-sites-delete-terms',
448	term_id : term_id,

449	},
450	success: function( result ){
451	if( AstraSitesAdmin.reset_processed_terms < AstraSitesAdmin.site_imported_data['reset_terms'].length ) {
	@@ -493,6 +499,7 @@ var AstraSitesAjaxQueue = (function() {
493	type : 'POST',
494	data : {
495	action : 'astra-sites-backup-settings',

496	},
497	beforeSend: function() {
498	AstraSitesAdmin._log_title( 'Processing Customizer Settings Backup..' );
	@@ -526,6 +533,7 @@ var AstraSitesAjaxQueue = (function() {
526	data : {
527	action : 'astra-sites-import-customizer-settings',
528	customizer_data : AstraSitesAdmin.current_site['astra-site-customizer-data'],

529	},
530	beforeSend: function() {
531	AstraSitesAdmin._log_title( 'Importing Customizer Settings..' );
	@@ -562,6 +570,7 @@ var AstraSitesAjaxQueue = (function() {
562	dataType: 'json',
563	data : {
564	action : 'astra-sites-import-end',

565	},
566	beforeSend: function() {
567	AstraSitesAdmin._log_title( 'Import Complete!' );
	@@ -629,6 +638,7 @@ var AstraSitesAjaxQueue = (function() {
629	data : {
630	action : 'astra-sites-import-widgets',
631	widgets_data : AstraSitesAdmin.widgets_data,

632	},
633	beforeSend: function() {
634	AstraSitesAdmin._log_title( 'Importing Widgets..' );
	@@ -668,6 +678,7 @@ var AstraSitesAjaxQueue = (function() {
668	data : {
669	action : 'astra-sites-import-options',
670	options_data : AstraSitesAdmin.options_data,

671	},
672	beforeSend: function() {
673	AstraSitesAdmin._log_title( 'Importing Options..' );
	@@ -706,6 +717,7 @@ var AstraSitesAjaxQueue = (function() {
706	data : {
707	action : 'astra-sites-import-prepare-xml',
708	wxr_url : AstraSitesAdmin.current_site['astra-site-wxr-path'],

709	},
710	beforeSend: function() {
711	$('.astra-site-import-process-wrap').show();
	@@ -717,6 +729,8 @@ var AstraSitesAjaxQueue = (function() {
717	})
718	.done(function ( xml_data ) {
719


720	// 2. Fail - Prepare XML Data.
721	if( false === xml_data.success ) {
722	AstraSitesAdmin._log_title( xml_data );
	@@ -819,6 +833,7 @@ var AstraSitesAjaxQueue = (function() {
819	data : {
820	action : 'astra-sites-import-wpforms',
821	wpforms_url : AstraSitesAdmin.wpforms_url,

822	},
823	beforeSend: function() {
824	AstraSitesAdmin._log_title( 'Importing WP Forms..' );
	@@ -855,6 +870,7 @@ var AstraSitesAjaxQueue = (function() {
855	data : {
856	action : 'astra-sites-import-customizer-settings',
857	customizer_data : AstraSitesAdmin.customizer_data,

858	},
859	beforeSend: function() {
860	},
	@@ -1033,6 +1049,7 @@ var AstraSitesAjaxQueue = (function() {
1033	'init' : $init,
1034	'options' : $siteOptions,
1035	'enabledExtensions' : $enabledExtensions,

1036	},
1037	})
1038	.done(function (result) {
	@@ -1120,6 +1137,7 @@ var AstraSitesAjaxQueue = (function() {
1120	'init' : $init,
1121	'options' : $siteOptions,
1122	'enabledExtensions' : $enabledExtensions,

1123	},
1124	})
1125	.done(function (result) {
	@@ -1219,6 +1237,7 @@ var AstraSitesAjaxQueue = (function() {
1219	'init' : single_plugin.init,
1220	'options' : $siteOptions,
1221	'enabledExtensions' : $enabledExtensions,

1222	},
1223	success: function( result ){
1224
	@@ -1337,6 +1356,7 @@ var AstraSitesAjaxQueue = (function() {
1337	data : {
1338	'action' : 'astra-sites-import-set-site-data',
1339	'api_url' : apiURL,

1340	},
1341	})
1342	.fail(function( jqXHR ){
	@@ -1575,6 +1595,7 @@ var AstraSitesAjaxQueue = (function() {
1575	type : 'POST',
1576	data : {
1577	action : 'astra-sites-set-reset-data',

1578	},
1579	})
1580	.done(function ( response ) {


298	url : astraSitesAdmin.ajaxurl,
299	type : 'POST',
300	data : {
301	+ action : 'astra-sites-reset-customizer-data',
302	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
303	},
304	beforeSend: function() {
305	AstraSitesAdmin._log_title( 'Reseting Customizer Data..' );

320	url : astraSitesAdmin.ajaxurl,
321	type : 'POST',
322	data : {
323	+ action : 'astra-sites-reset-site-options',
324	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
325	},
326	beforeSend: function() {
327	AstraSitesAdmin._log_title( 'Reseting Site Options..' );

342	url : astraSitesAdmin.ajaxurl,
343	type : 'POST',
344	data : {
345	+ action : 'astra-sites-reset-widgets-data',
346	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
347	},
348	beforeSend: function() {
349	AstraSitesAdmin._log_title( 'Reseting Widgets..' );

373	data: {
374	action : 'astra-sites-delete-posts',
375	post_id : post_id,
376	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
377	},
378	success: function( result ){
379

412	data: {
413	action : 'astra-sites-delete-wp-forms',
414	post_id : post_id,
415	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
416	},
417	success: function( result ){
418

451	data: {
452	action : 'astra-sites-delete-terms',
453	term_id : term_id,
454	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
455	},
456	success: function( result ){
457	if( AstraSitesAdmin.reset_processed_terms < AstraSitesAdmin.site_imported_data['reset_terms'].length ) {

499	type : 'POST',
500	data : {
501	action : 'astra-sites-backup-settings',
502	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
503	},
504	beforeSend: function() {
505	AstraSitesAdmin._log_title( 'Processing Customizer Settings Backup..' );

533	data : {
534	action : 'astra-sites-import-customizer-settings',
535	customizer_data : AstraSitesAdmin.current_site['astra-site-customizer-data'],
536	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
537	},
538	beforeSend: function() {
539	AstraSitesAdmin._log_title( 'Importing Customizer Settings..' );

570	dataType: 'json',
571	data : {
572	action : 'astra-sites-import-end',
573	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
574	},
575	beforeSend: function() {
576	AstraSitesAdmin._log_title( 'Import Complete!' );

638	data : {
639	action : 'astra-sites-import-widgets',
640	widgets_data : AstraSitesAdmin.widgets_data,
641	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
642	},
643	beforeSend: function() {
644	AstraSitesAdmin._log_title( 'Importing Widgets..' );

678	data : {
679	action : 'astra-sites-import-options',
680	options_data : AstraSitesAdmin.options_data,
681	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
682	},
683	beforeSend: function() {
684	AstraSitesAdmin._log_title( 'Importing Options..' );

717	data : {
718	action : 'astra-sites-import-prepare-xml',
719	wxr_url : AstraSitesAdmin.current_site['astra-site-wxr-path'],
720	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
721	},
722	beforeSend: function() {
723	$('.astra-site-import-process-wrap').show();

729	})
730	.done(function ( xml_data ) {
731
732	+ xml_data.data.url = wp.url.addQueryArgs( xml_data.data.url, { _ajax_nonce: astraSitesAdmin._ajax_nonce } )
733	+
734	// 2. Fail - Prepare XML Data.
735	if( false === xml_data.success ) {
736	AstraSitesAdmin._log_title( xml_data );

833	data : {
834	action : 'astra-sites-import-wpforms',
835	wpforms_url : AstraSitesAdmin.wpforms_url,
836	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
837	},
838	beforeSend: function() {
839	AstraSitesAdmin._log_title( 'Importing WP Forms..' );

870	data : {
871	action : 'astra-sites-import-customizer-settings',
872	customizer_data : AstraSitesAdmin.customizer_data,
873	+ _ajax_nonce : astraSitesAdmin._ajax_nonce,
874	},
875	beforeSend: function() {
876	},

1049	'init' : $init,
1050	'options' : $siteOptions,
1051	'enabledExtensions' : $enabledExtensions,
1052	+ '_ajax_nonce' : astraSitesAdmin._ajax_nonce,
1053	},
1054	})
1055	.done(function (result) {

1137	'init' : $init,
1138	'options' : $siteOptions,
1139	'enabledExtensions' : $enabledExtensions,
1140	+ '_ajax_nonce' : astraSitesAdmin._ajax_nonce,
1141	},
1142	})
1143	.done(function (result) {

1237	'init' : single_plugin.init,
1238	'options' : $siteOptions,
1239	'enabledExtensions' : $enabledExtensions,
1240	+ '_ajax_nonce' : astraSitesAdmin._ajax_nonce,
1241	},
1242	success: function( result ){
1243

1356	data : {
1357	'action' : 'astra-sites-import-set-site-data',
1358	'api_url' : apiURL,
1359	+ '_ajax_nonce' : astraSitesAdmin._ajax_nonce,
1360	},
1361	})
1362	.fail(function( jqXHR ){

1595	type : 'POST',
1596	data : {
1597	action : 'astra-sites-set-reset-data',
1598	+ '_ajax_nonce' : astraSitesAdmin._ajax_nonce,
1599	},
1600	})
1601	.done(function ( response ) {

inc/classes/class-astra-sites-importer.php CHANGED Viewed

	@@ -122,8 +122,11 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
122	*/
123	function import_start() {
124



125	if ( ! current_user_can( 'customize' ) ) {
126	- wp_send_json_error( __( 'You ~~have~~ not ~~"customize"~~ ~~access~~ to ~~import~~ ~~the~~ ~~Astra site.~~', 'astra-sites' ) );
127	}
128
129	$demo_api_uri = isset( $_POST['api_url'] ) ? esc_url( $_POST['api_url'] ) : '';
	@@ -160,6 +163,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
160	*/
161	function import_wpforms() {
162







163	$wpforms_url = ( isset( $_REQUEST['wpforms_url'] ) ) ? urldecode( $_REQUEST['wpforms_url'] ) : '';
164	$ids_mapping = array();
165
	@@ -232,6 +242,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
232	*/
233	function import_customizer_settings() {
234







235	$customizer_data = ( isset( $_POST['customizer_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['customizer_data'] ), 1 ) : array();
236
237	if ( ! empty( $customizer_data ) ) {
	@@ -259,6 +276,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
259	*/
260	function prepare_xml_data() {
261







262	if ( ! class_exists( 'XMLReader' ) ) {
263	wp_send_json_error( __( 'If XMLReader is not available, it imports all other settings and only skips XML import. This creates an incomplete website. We should bail early and not import anything if this is not present.', 'astra-sites' ) );
264	}
	@@ -297,6 +321,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
297	*/
298	function import_options() {
299







300	$options_data = ( isset( $_POST['options_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['options_data'] ), 1 ) : '';
301
302	if ( ! empty( $options_data ) ) {
	@@ -324,6 +355,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
324	*/
325	function import_widgets() {
326







327	$widgets_data = ( isset( $_POST['widgets_data'] ) ) ? (object) json_decode( stripcslashes( $_POST['widgets_data'] ) ) : '';
328
329	Astra_Sites_Importer_Log::add( 'Imported - Widgets ' . json_encode( $widgets_data ) );
	@@ -353,6 +391,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
353	* @return void
354	*/
355	function import_end() {








356	do_action( 'astra_sites_import_complete' );
357	}
358
	@@ -470,6 +516,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
470	* @return void
471	*/
472	function reset_customizer_data() {








473	Astra_Sites_Importer_Log::add( 'Deleted customizer Settings ' . json_encode( get_option( 'astra-settings', array() ) ) );
474
475	delete_option( 'astra-settings' );
	@@ -485,6 +539,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
485	*/
486	function reset_site_options() {
487







488	$options = get_option( '_astra_sites_old_site_options', array() );
489
490	Astra_Sites_Importer_Log::add( 'Deleted - Site Options ' . json_encode( $options ) );
	@@ -505,6 +566,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
505	* @return void
506	*/
507	function reset_widgets_data() {








508	$old_widgets = get_option( '_astra_sites_old_widgets_data', array() );
509
510	Astra_Sites_Importer_Log::add( 'DELETED - WIDGETS ' . json_encode( $old_widgets ) );
	@@ -539,6 +608,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
539	* @return void
540	*/
541	function delete_imported_posts() {








542	$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
543	$message = 'Deleted - Post ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );
544
	@@ -556,6 +633,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
556	* @return void
557	*/
558	function delete_imported_wp_forms() {








559	$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
560
561	$message = 'Deleted - Form ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );
	@@ -576,6 +661,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
576	*/
577	function delete_imported_terms() {
578







579	$term_id = isset( $_REQUEST['term_id'] ) ? absint( $_REQUEST['term_id'] ) : '';
580
581	$message = '';


122	*/
123	function import_start() {
124
125	+ // Verify Nonce.
126	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
127	+
128	if ( ! current_user_can( 'customize' ) ) {
129	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
130	}
131
132	$demo_api_uri = isset( $_POST['api_url'] ) ? esc_url( $_POST['api_url'] ) : '';

163	*/
164	function import_wpforms() {
165
166	+ // Verify Nonce.
167	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
168	+
169	+ if ( ! current_user_can( 'customize' ) ) {
170	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
171	+ }
172	+
173	$wpforms_url = ( isset( $_REQUEST['wpforms_url'] ) ) ? urldecode( $_REQUEST['wpforms_url'] ) : '';
174	$ids_mapping = array();
175

242	*/
243	function import_customizer_settings() {
244
245	+ // Verify Nonce.
246	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
247	+
248	+ if ( ! current_user_can( 'customize' ) ) {
249	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
250	+ }
251	+
252	$customizer_data = ( isset( $_POST['customizer_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['customizer_data'] ), 1 ) : array();
253
254	if ( ! empty( $customizer_data ) ) {

276	*/
277	function prepare_xml_data() {
278
279	+ // Verify Nonce.
280	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
281	+
282	+ if ( ! current_user_can( 'customize' ) ) {
283	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
284	+ }
285	+
286	if ( ! class_exists( 'XMLReader' ) ) {
287	wp_send_json_error( __( 'If XMLReader is not available, it imports all other settings and only skips XML import. This creates an incomplete website. We should bail early and not import anything if this is not present.', 'astra-sites' ) );
288	}

321	*/
322	function import_options() {
323
324	+ // Verify Nonce.
325	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
326	+
327	+ if ( ! current_user_can( 'customize' ) ) {
328	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
329	+ }
330	+
331	$options_data = ( isset( $_POST['options_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['options_data'] ), 1 ) : '';
332
333	if ( ! empty( $options_data ) ) {

355	*/
356	function import_widgets() {
357
358	+ // Verify Nonce.
359	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
360	+
361	+ if ( ! current_user_can( 'customize' ) ) {
362	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
363	+ }
364	+
365	$widgets_data = ( isset( $_POST['widgets_data'] ) ) ? (object) json_decode( stripcslashes( $_POST['widgets_data'] ) ) : '';
366
367	Astra_Sites_Importer_Log::add( 'Imported - Widgets ' . json_encode( $widgets_data ) );

391	* @return void
392	*/
393	function import_end() {
394	+
395	+ // Verify Nonce.
396	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
397	+
398	+ if ( ! current_user_can( 'customize' ) ) {
399	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
400	+ }
401	+
402	do_action( 'astra_sites_import_complete' );
403	}
404

516	* @return void
517	*/
518	function reset_customizer_data() {
519	+
520	+ // Verify Nonce.
521	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
522	+
523	+ if ( ! current_user_can( 'customize' ) ) {
524	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
525	+ }
526	+
527	Astra_Sites_Importer_Log::add( 'Deleted customizer Settings ' . json_encode( get_option( 'astra-settings', array() ) ) );
528
529	delete_option( 'astra-settings' );

539	*/
540	function reset_site_options() {
541
542	+ // Verify Nonce.
543	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
544	+
545	+ if ( ! current_user_can( 'customize' ) ) {
546	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
547	+ }
548	+
549	$options = get_option( '_astra_sites_old_site_options', array() );
550
551	Astra_Sites_Importer_Log::add( 'Deleted - Site Options ' . json_encode( $options ) );

566	* @return void
567	*/
568	function reset_widgets_data() {
569	+
570	+ // Verify Nonce.
571	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
572	+
573	+ if ( ! current_user_can( 'customize' ) ) {
574	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
575	+ }
576	+
577	$old_widgets = get_option( '_astra_sites_old_widgets_data', array() );
578
579	Astra_Sites_Importer_Log::add( 'DELETED - WIDGETS ' . json_encode( $old_widgets ) );

608	* @return void
609	*/
610	function delete_imported_posts() {
611	+
612	+ // Verify Nonce.
613	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
614	+
615	+ if ( ! current_user_can( 'customize' ) ) {
616	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
617	+ }
618	+
619	$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
620	$message = 'Deleted - Post ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );
621

633	* @return void
634	*/
635	function delete_imported_wp_forms() {
636	+
637	+ // Verify Nonce.
638	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
639	+
640	+ if ( ! current_user_can( 'customize' ) ) {
641	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
642	+ }
643	+
644	$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
645
646	$message = 'Deleted - Form ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );

661	*/
662	function delete_imported_terms() {
663
664	+ // Verify Nonce.
665	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
666	+
667	+ if ( ! current_user_can( 'customize' ) ) {
668	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
669	+ }
670	+
671	$term_id = isset( $_REQUEST['term_id'] ) ? absint( $_REQUEST['term_id'] ) : '';
672
673	$message = '';

inc/classes/class-astra-sites.php CHANGED Viewed

	@@ -78,6 +78,13 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
78	* @return void
79	*/
80	function getting_started_notice() {







81	update_user_meta( get_current_user_id(), '_astra_sites_gettings_started', true );
82	wp_send_json_success();
83	}
	@@ -90,6 +97,13 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
90	*/
91	function activate_theme() {
92







93	switch_theme( 'astra' );
94
95	wp_send_json_success(
	@@ -104,6 +118,9 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
104	* Set reset data
105	*/
106	function set_reset_data() {



107	if ( ! current_user_can( 'manage_options' ) ) {
108	return;
109	}
	@@ -127,6 +144,9 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
127	* Backup our existing settings.
128	*/
129	function backup_settings() {



130	if ( ! current_user_can( 'manage_options' ) ) {
131	return;
132	}
	@@ -286,7 +306,7 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
286
287	// Admin Page.
288	wp_enqueue_style( 'astra-sites-admin', ASTRA_SITES_URI . 'inc/assets/css/admin.css', ASTRA_SITES_VER, true );
289	- wp_enqueue_script( 'astra-sites-admin-page', ASTRA_SITES_URI . 'inc/assets/js/admin-page.js', array( 'jquery', 'wp-util', 'updates' ), ASTRA_SITES_VER, true );
290	wp_enqueue_script( 'astra-sites-render-grid', ASTRA_SITES_URI . 'inc/assets/js/render-grid.js', array( 'wp-util', 'astra-sites-api', 'imagesloaded', 'jquery' ), ASTRA_SITES_VER, true );
291
292	$data = apply_filters(
	@@ -432,6 +452,8 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
432	*/
433	public function required_plugin_activate() {
434


435	if ( ! current_user_can( 'install_plugins' ) \|\| ! isset( $_POST['init'] ) \|\| ! $_POST['init'] ) {
436	wp_send_json_error(
437	array(


78	* @return void
79	*/
80	function getting_started_notice() {
81	+ // Verify Nonce.
82	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
83	+
84	+ if ( ! current_user_can( 'customize' ) ) {
85	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
86	+ }
87	+
88	update_user_meta( get_current_user_id(), '_astra_sites_gettings_started', true );
89	wp_send_json_success();
90	}

97	*/
98	function activate_theme() {
99
100	+ // Verify Nonce.
101	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
102	+
103	+ if ( ! current_user_can( 'customize' ) ) {
104	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
105	+ }
106	+
107	switch_theme( 'astra' );
108
109	wp_send_json_success(

118	* Set reset data
119	*/
120	function set_reset_data() {
121	+
122	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
123	+
124	if ( ! current_user_can( 'manage_options' ) ) {
125	return;
126	}

144	* Backup our existing settings.
145	*/
146	function backup_settings() {
147	+
148	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
149	+
150	if ( ! current_user_can( 'manage_options' ) ) {
151	return;
152	}

306
307	// Admin Page.
308	wp_enqueue_style( 'astra-sites-admin', ASTRA_SITES_URI . 'inc/assets/css/admin.css', ASTRA_SITES_VER, true );
309	+ wp_enqueue_script( 'astra-sites-admin-page', ASTRA_SITES_URI . 'inc/assets/js/admin-page.js', array( 'jquery', 'wp-util', 'updates', 'wp-url' ), ASTRA_SITES_VER, true );
310	wp_enqueue_script( 'astra-sites-render-grid', ASTRA_SITES_URI . 'inc/assets/js/render-grid.js', array( 'wp-util', 'astra-sites-api', 'imagesloaded', 'jquery' ), ASTRA_SITES_VER, true );
311
312	$data = apply_filters(

452	*/
453	public function required_plugin_activate() {
454
455	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
456	+
457	if ( ! current_user_can( 'install_plugins' ) \|\| ! isset( $_POST['init'] ) \|\| ! $_POST['init'] ) {
458	wp_send_json_error(
459	array(

inc/importers/wxr-importer/class-astra-wxr-importer.php CHANGED Viewed

	@@ -182,6 +182,13 @@ class Astra_WXR_Importer {
182	*/
183	function sse_import() {
184







185	// Start the event stream.
186	header( 'Content-Type: text/event-stream, charset=UTF-8' );
187


182	*/
183	function sse_import() {
184
185	+ // Verify Nonce.
186	+ check_ajax_referer( 'astra-sites', '_ajax_nonce' );
187	+
188	+ if ( ! current_user_can( 'customize' ) ) {
189	+ wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
190	+ }
191	+
192	// Start the event stream.
193	header( 'Content-Type: text/event-stream, charset=UTF-8' );
194

inc/lib/astra-notices/class-astra-notices.php CHANGED Viewed

	@@ -35,7 +35,7 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
35	* @var array Notices.
36	* @since 1.4.0
37	*/
38	- private static $version = '1.1.4';
39
40	/**
41	* Notices
	@@ -63,7 +63,7 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
63	*/
64	public static function get_instance() {
65	if ( ! isset( self::$instance ) ) {
66	- self::$instance = new self;
67	}
68	return self::$instance;
69	}
	@@ -114,6 +114,11 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
114	public function dismiss_notice() {
115	$notice_id = ( isset( $_POST['notice_id'] ) ) ? sanitize_key( $_POST['notice_id'] ) : '';
116	$repeat_notice_after = ( isset( $_POST['repeat_notice_after'] ) ) ? absint( $_POST['repeat_notice_after'] ) : '';





117
118	// Valid inputs?
119	if ( ! empty( $notice_id ) ) {
	@@ -138,6 +143,13 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
138	*/
139	public function enqueue_scripts() {
140	wp_register_script( 'astra-notices', self::_get_uri() . 'notices.js', array( 'jquery' ), self::$version, true );







141	}
142
143	/**


35	* @var array Notices.
36	* @since 1.4.0
37	*/
38	+ private static $version = '1.1.5';
39
40	/**
41	* Notices

63	*/
64	public static function get_instance() {
65	if ( ! isset( self::$instance ) ) {
66	+ self::$instance = new self();
67	}
68	return self::$instance;
69	}

114	public function dismiss_notice() {
115	$notice_id = ( isset( $_POST['notice_id'] ) ) ? sanitize_key( $_POST['notice_id'] ) : '';
116	$repeat_notice_after = ( isset( $_POST['repeat_notice_after'] ) ) ? absint( $_POST['repeat_notice_after'] ) : '';
117	+ $nonce = ( isset( $_POST['nonce'] ) ) ? sanitize_key( $_POST['nonce'] ) : '';
118	+
119	+ if ( false === wp_verify_nonce( $nonce, 'astra-notices' ) ) {
120	+ wp_send_json_error( _e( 'WordPress Nonce not validated.', 'astra-notices' ) );
121	+ }
122
123	// Valid inputs?
124	if ( ! empty( $notice_id ) ) {

143	*/
144	public function enqueue_scripts() {
145	wp_register_script( 'astra-notices', self::_get_uri() . 'notices.js', array( 'jquery' ), self::$version, true );
146	+ wp_localize_script(
147	+ 'astra-notices',
148	+ 'astraNotices',
149	+ array(
150	+ '_notice_nonce' => wp_create_nonce( 'astra-notices' ),
151	+ )
152	+ );
153	}
154
155	/**

inc/lib/astra-notices/notices.js CHANGED Viewed

	@@ -91,4 +91,4 @@
91	$( function() {
92	AstraNotices.init();
93	} );
94	- } )( jQuery );


91	$( function() {
92	AstraNotices.init();
93	} );
94	+ } )( jQuery );

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ Tags: Elementor,Beaver Builder,Templates,Gutenberg,Astra Starter Sites
5	Requires at least: 4.4
6	Requires PHP: 5.3
7	Tested up to: 5.2
8	- Stable tag: 1.3.20
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
	@@ -117,6 +117,9 @@ We are open to suggestions and would love to work on topics that our users are l
117
118	== Changelog ==
119



120	v1.3.20 - 15-October-2019
121	- Fix: Updated Astra Notice library to v1.1.4.
122


5	Requires at least: 4.4
6	Requires PHP: 5.3
7	Tested up to: 5.2
8	+ Stable tag: 1.3.21
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11

117
118	== Changelog ==
119
120	+ v1.3.21 - 25-October-2019
121	+ - Security Fix: XSS vulnerability fixed by adding nonce verification and capability checks.
122	+
123	v1.3.20 - 15-October-2019
124	- Fix: Updated Astra Notice library to v1.1.4.
125