Version Description
Download this release
Release Info
Developer | brainstormworg |
Plugin | Astra Starter Sites |
Version | 1.3.21 |
Comparing to | |
See all releases |
Code changes from version 1.3.20 to 1.3.21
- astra-sites.php +2 -2
- inc/assets/js/admin-page.js +24 -3
- inc/classes/class-astra-sites-importer.php +93 -1
- inc/classes/class-astra-sites.php +23 -1
- inc/importers/wxr-importer/class-astra-wxr-importer.php +7 -0
- inc/lib/astra-notices/class-astra-notices.php +14 -2
- inc/lib/astra-notices/notices.js +1 -1
- readme.txt +4 -1
astra-sites.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: Astra Starter Sites
|
4 |
* Plugin URI: http://www.wpastra.com/pro/
|
5 |
* Description: Import free sites build with Astra theme.
|
6 |
-
* Version: 1.3.
|
7 |
* Author: Brainstorm Force
|
8 |
* Author URI: http://www.brainstormforce.com
|
9 |
* Text Domain: astra-sites
|
@@ -19,7 +19,7 @@ if ( ! defined( 'ASTRA_SITES_NAME' ) ) {
|
|
19 |
}
|
20 |
|
21 |
if ( ! defined( 'ASTRA_SITES_VER' ) ) {
|
22 |
-
define( 'ASTRA_SITES_VER', '1.3.
|
23 |
}
|
24 |
|
25 |
if ( ! defined( 'ASTRA_SITES_FILE' ) ) {
|
3 |
* Plugin Name: Astra Starter Sites
|
4 |
* Plugin URI: http://www.wpastra.com/pro/
|
5 |
* Description: Import free sites build with Astra theme.
|
6 |
+
* Version: 1.3.21
|
7 |
* Author: Brainstorm Force
|
8 |
* Author URI: http://www.brainstormforce.com
|
9 |
* Text Domain: astra-sites
|
19 |
}
|
20 |
|
21 |
if ( ! defined( 'ASTRA_SITES_VER' ) ) {
|
22 |
+
define( 'ASTRA_SITES_VER', '1.3.21' );
|
23 |
}
|
24 |
|
25 |
if ( ! defined( 'ASTRA_SITES_FILE' ) ) {
|
inc/assets/js/admin-page.js
CHANGED
@@ -298,7 +298,8 @@ var AstraSitesAjaxQueue = (function() {
|
|
298 |
url : astraSitesAdmin.ajaxurl,
|
299 |
type : 'POST',
|
300 |
data : {
|
301 |
-
action : 'astra-sites-reset-customizer-data'
|
|
|
302 |
},
|
303 |
beforeSend: function() {
|
304 |
AstraSitesAdmin._log_title( 'Reseting Customizer Data..' );
|
@@ -319,7 +320,8 @@ var AstraSitesAjaxQueue = (function() {
|
|
319 |
url : astraSitesAdmin.ajaxurl,
|
320 |
type : 'POST',
|
321 |
data : {
|
322 |
-
action : 'astra-sites-reset-site-options'
|
|
|
323 |
},
|
324 |
beforeSend: function() {
|
325 |
AstraSitesAdmin._log_title( 'Reseting Site Options..' );
|
@@ -340,7 +342,8 @@ var AstraSitesAjaxQueue = (function() {
|
|
340 |
url : astraSitesAdmin.ajaxurl,
|
341 |
type : 'POST',
|
342 |
data : {
|
343 |
-
action : 'astra-sites-reset-widgets-data'
|
|
|
344 |
},
|
345 |
beforeSend: function() {
|
346 |
AstraSitesAdmin._log_title( 'Reseting Widgets..' );
|
@@ -370,6 +373,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
370 |
data: {
|
371 |
action : 'astra-sites-delete-posts',
|
372 |
post_id : post_id,
|
|
|
373 |
},
|
374 |
success: function( result ){
|
375 |
|
@@ -408,6 +412,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
408 |
data: {
|
409 |
action : 'astra-sites-delete-wp-forms',
|
410 |
post_id : post_id,
|
|
|
411 |
},
|
412 |
success: function( result ){
|
413 |
|
@@ -446,6 +451,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
446 |
data: {
|
447 |
action : 'astra-sites-delete-terms',
|
448 |
term_id : term_id,
|
|
|
449 |
},
|
450 |
success: function( result ){
|
451 |
if( AstraSitesAdmin.reset_processed_terms < AstraSitesAdmin.site_imported_data['reset_terms'].length ) {
|
@@ -493,6 +499,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
493 |
type : 'POST',
|
494 |
data : {
|
495 |
action : 'astra-sites-backup-settings',
|
|
|
496 |
},
|
497 |
beforeSend: function() {
|
498 |
AstraSitesAdmin._log_title( 'Processing Customizer Settings Backup..' );
|
@@ -526,6 +533,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
526 |
data : {
|
527 |
action : 'astra-sites-import-customizer-settings',
|
528 |
customizer_data : AstraSitesAdmin.current_site['astra-site-customizer-data'],
|
|
|
529 |
},
|
530 |
beforeSend: function() {
|
531 |
AstraSitesAdmin._log_title( 'Importing Customizer Settings..' );
|
@@ -562,6 +570,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
562 |
dataType: 'json',
|
563 |
data : {
|
564 |
action : 'astra-sites-import-end',
|
|
|
565 |
},
|
566 |
beforeSend: function() {
|
567 |
AstraSitesAdmin._log_title( 'Import Complete!' );
|
@@ -629,6 +638,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
629 |
data : {
|
630 |
action : 'astra-sites-import-widgets',
|
631 |
widgets_data : AstraSitesAdmin.widgets_data,
|
|
|
632 |
},
|
633 |
beforeSend: function() {
|
634 |
AstraSitesAdmin._log_title( 'Importing Widgets..' );
|
@@ -668,6 +678,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
668 |
data : {
|
669 |
action : 'astra-sites-import-options',
|
670 |
options_data : AstraSitesAdmin.options_data,
|
|
|
671 |
},
|
672 |
beforeSend: function() {
|
673 |
AstraSitesAdmin._log_title( 'Importing Options..' );
|
@@ -706,6 +717,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
706 |
data : {
|
707 |
action : 'astra-sites-import-prepare-xml',
|
708 |
wxr_url : AstraSitesAdmin.current_site['astra-site-wxr-path'],
|
|
|
709 |
},
|
710 |
beforeSend: function() {
|
711 |
$('.astra-site-import-process-wrap').show();
|
@@ -717,6 +729,8 @@ var AstraSitesAjaxQueue = (function() {
|
|
717 |
})
|
718 |
.done(function ( xml_data ) {
|
719 |
|
|
|
|
|
720 |
// 2. Fail - Prepare XML Data.
|
721 |
if( false === xml_data.success ) {
|
722 |
AstraSitesAdmin._log_title( xml_data );
|
@@ -819,6 +833,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
819 |
data : {
|
820 |
action : 'astra-sites-import-wpforms',
|
821 |
wpforms_url : AstraSitesAdmin.wpforms_url,
|
|
|
822 |
},
|
823 |
beforeSend: function() {
|
824 |
AstraSitesAdmin._log_title( 'Importing WP Forms..' );
|
@@ -855,6 +870,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
855 |
data : {
|
856 |
action : 'astra-sites-import-customizer-settings',
|
857 |
customizer_data : AstraSitesAdmin.customizer_data,
|
|
|
858 |
},
|
859 |
beforeSend: function() {
|
860 |
},
|
@@ -1033,6 +1049,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
1033 |
'init' : $init,
|
1034 |
'options' : $siteOptions,
|
1035 |
'enabledExtensions' : $enabledExtensions,
|
|
|
1036 |
},
|
1037 |
})
|
1038 |
.done(function (result) {
|
@@ -1120,6 +1137,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
1120 |
'init' : $init,
|
1121 |
'options' : $siteOptions,
|
1122 |
'enabledExtensions' : $enabledExtensions,
|
|
|
1123 |
},
|
1124 |
})
|
1125 |
.done(function (result) {
|
@@ -1219,6 +1237,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
1219 |
'init' : single_plugin.init,
|
1220 |
'options' : $siteOptions,
|
1221 |
'enabledExtensions' : $enabledExtensions,
|
|
|
1222 |
},
|
1223 |
success: function( result ){
|
1224 |
|
@@ -1337,6 +1356,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
1337 |
data : {
|
1338 |
'action' : 'astra-sites-import-set-site-data',
|
1339 |
'api_url' : apiURL,
|
|
|
1340 |
},
|
1341 |
})
|
1342 |
.fail(function( jqXHR ){
|
@@ -1575,6 +1595,7 @@ var AstraSitesAjaxQueue = (function() {
|
|
1575 |
type : 'POST',
|
1576 |
data : {
|
1577 |
action : 'astra-sites-set-reset-data',
|
|
|
1578 |
},
|
1579 |
})
|
1580 |
.done(function ( response ) {
|
298 |
url : astraSitesAdmin.ajaxurl,
|
299 |
type : 'POST',
|
300 |
data : {
|
301 |
+
action : 'astra-sites-reset-customizer-data',
|
302 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
303 |
},
|
304 |
beforeSend: function() {
|
305 |
AstraSitesAdmin._log_title( 'Reseting Customizer Data..' );
|
320 |
url : astraSitesAdmin.ajaxurl,
|
321 |
type : 'POST',
|
322 |
data : {
|
323 |
+
action : 'astra-sites-reset-site-options',
|
324 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
325 |
},
|
326 |
beforeSend: function() {
|
327 |
AstraSitesAdmin._log_title( 'Reseting Site Options..' );
|
342 |
url : astraSitesAdmin.ajaxurl,
|
343 |
type : 'POST',
|
344 |
data : {
|
345 |
+
action : 'astra-sites-reset-widgets-data',
|
346 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
347 |
},
|
348 |
beforeSend: function() {
|
349 |
AstraSitesAdmin._log_title( 'Reseting Widgets..' );
|
373 |
data: {
|
374 |
action : 'astra-sites-delete-posts',
|
375 |
post_id : post_id,
|
376 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
377 |
},
|
378 |
success: function( result ){
|
379 |
|
412 |
data: {
|
413 |
action : 'astra-sites-delete-wp-forms',
|
414 |
post_id : post_id,
|
415 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
416 |
},
|
417 |
success: function( result ){
|
418 |
|
451 |
data: {
|
452 |
action : 'astra-sites-delete-terms',
|
453 |
term_id : term_id,
|
454 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
455 |
},
|
456 |
success: function( result ){
|
457 |
if( AstraSitesAdmin.reset_processed_terms < AstraSitesAdmin.site_imported_data['reset_terms'].length ) {
|
499 |
type : 'POST',
|
500 |
data : {
|
501 |
action : 'astra-sites-backup-settings',
|
502 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
503 |
},
|
504 |
beforeSend: function() {
|
505 |
AstraSitesAdmin._log_title( 'Processing Customizer Settings Backup..' );
|
533 |
data : {
|
534 |
action : 'astra-sites-import-customizer-settings',
|
535 |
customizer_data : AstraSitesAdmin.current_site['astra-site-customizer-data'],
|
536 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
537 |
},
|
538 |
beforeSend: function() {
|
539 |
AstraSitesAdmin._log_title( 'Importing Customizer Settings..' );
|
570 |
dataType: 'json',
|
571 |
data : {
|
572 |
action : 'astra-sites-import-end',
|
573 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
574 |
},
|
575 |
beforeSend: function() {
|
576 |
AstraSitesAdmin._log_title( 'Import Complete!' );
|
638 |
data : {
|
639 |
action : 'astra-sites-import-widgets',
|
640 |
widgets_data : AstraSitesAdmin.widgets_data,
|
641 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
642 |
},
|
643 |
beforeSend: function() {
|
644 |
AstraSitesAdmin._log_title( 'Importing Widgets..' );
|
678 |
data : {
|
679 |
action : 'astra-sites-import-options',
|
680 |
options_data : AstraSitesAdmin.options_data,
|
681 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
682 |
},
|
683 |
beforeSend: function() {
|
684 |
AstraSitesAdmin._log_title( 'Importing Options..' );
|
717 |
data : {
|
718 |
action : 'astra-sites-import-prepare-xml',
|
719 |
wxr_url : AstraSitesAdmin.current_site['astra-site-wxr-path'],
|
720 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
721 |
},
|
722 |
beforeSend: function() {
|
723 |
$('.astra-site-import-process-wrap').show();
|
729 |
})
|
730 |
.done(function ( xml_data ) {
|
731 |
|
732 |
+
xml_data.data.url = wp.url.addQueryArgs( xml_data.data.url, { _ajax_nonce: astraSitesAdmin._ajax_nonce } )
|
733 |
+
|
734 |
// 2. Fail - Prepare XML Data.
|
735 |
if( false === xml_data.success ) {
|
736 |
AstraSitesAdmin._log_title( xml_data );
|
833 |
data : {
|
834 |
action : 'astra-sites-import-wpforms',
|
835 |
wpforms_url : AstraSitesAdmin.wpforms_url,
|
836 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
837 |
},
|
838 |
beforeSend: function() {
|
839 |
AstraSitesAdmin._log_title( 'Importing WP Forms..' );
|
870 |
data : {
|
871 |
action : 'astra-sites-import-customizer-settings',
|
872 |
customizer_data : AstraSitesAdmin.customizer_data,
|
873 |
+
_ajax_nonce : astraSitesAdmin._ajax_nonce,
|
874 |
},
|
875 |
beforeSend: function() {
|
876 |
},
|
1049 |
'init' : $init,
|
1050 |
'options' : $siteOptions,
|
1051 |
'enabledExtensions' : $enabledExtensions,
|
1052 |
+
'_ajax_nonce' : astraSitesAdmin._ajax_nonce,
|
1053 |
},
|
1054 |
})
|
1055 |
.done(function (result) {
|
1137 |
'init' : $init,
|
1138 |
'options' : $siteOptions,
|
1139 |
'enabledExtensions' : $enabledExtensions,
|
1140 |
+
'_ajax_nonce' : astraSitesAdmin._ajax_nonce,
|
1141 |
},
|
1142 |
})
|
1143 |
.done(function (result) {
|
1237 |
'init' : single_plugin.init,
|
1238 |
'options' : $siteOptions,
|
1239 |
'enabledExtensions' : $enabledExtensions,
|
1240 |
+
'_ajax_nonce' : astraSitesAdmin._ajax_nonce,
|
1241 |
},
|
1242 |
success: function( result ){
|
1243 |
|
1356 |
data : {
|
1357 |
'action' : 'astra-sites-import-set-site-data',
|
1358 |
'api_url' : apiURL,
|
1359 |
+
'_ajax_nonce' : astraSitesAdmin._ajax_nonce,
|
1360 |
},
|
1361 |
})
|
1362 |
.fail(function( jqXHR ){
|
1595 |
type : 'POST',
|
1596 |
data : {
|
1597 |
action : 'astra-sites-set-reset-data',
|
1598 |
+
'_ajax_nonce' : astraSitesAdmin._ajax_nonce,
|
1599 |
},
|
1600 |
})
|
1601 |
.done(function ( response ) {
|
inc/classes/class-astra-sites-importer.php
CHANGED
@@ -122,8 +122,11 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
122 |
*/
|
123 |
function import_start() {
|
124 |
|
|
|
|
|
|
|
125 |
if ( ! current_user_can( 'customize' ) ) {
|
126 |
-
wp_send_json_error( __( 'You
|
127 |
}
|
128 |
|
129 |
$demo_api_uri = isset( $_POST['api_url'] ) ? esc_url( $_POST['api_url'] ) : '';
|
@@ -160,6 +163,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
160 |
*/
|
161 |
function import_wpforms() {
|
162 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
163 |
$wpforms_url = ( isset( $_REQUEST['wpforms_url'] ) ) ? urldecode( $_REQUEST['wpforms_url'] ) : '';
|
164 |
$ids_mapping = array();
|
165 |
|
@@ -232,6 +242,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
232 |
*/
|
233 |
function import_customizer_settings() {
|
234 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
235 |
$customizer_data = ( isset( $_POST['customizer_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['customizer_data'] ), 1 ) : array();
|
236 |
|
237 |
if ( ! empty( $customizer_data ) ) {
|
@@ -259,6 +276,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
259 |
*/
|
260 |
function prepare_xml_data() {
|
261 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
262 |
if ( ! class_exists( 'XMLReader' ) ) {
|
263 |
wp_send_json_error( __( 'If XMLReader is not available, it imports all other settings and only skips XML import. This creates an incomplete website. We should bail early and not import anything if this is not present.', 'astra-sites' ) );
|
264 |
}
|
@@ -297,6 +321,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
297 |
*/
|
298 |
function import_options() {
|
299 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
300 |
$options_data = ( isset( $_POST['options_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['options_data'] ), 1 ) : '';
|
301 |
|
302 |
if ( ! empty( $options_data ) ) {
|
@@ -324,6 +355,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
324 |
*/
|
325 |
function import_widgets() {
|
326 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
327 |
$widgets_data = ( isset( $_POST['widgets_data'] ) ) ? (object) json_decode( stripcslashes( $_POST['widgets_data'] ) ) : '';
|
328 |
|
329 |
Astra_Sites_Importer_Log::add( 'Imported - Widgets ' . json_encode( $widgets_data ) );
|
@@ -353,6 +391,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
353 |
* @return void
|
354 |
*/
|
355 |
function import_end() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
356 |
do_action( 'astra_sites_import_complete' );
|
357 |
}
|
358 |
|
@@ -470,6 +516,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
470 |
* @return void
|
471 |
*/
|
472 |
function reset_customizer_data() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
473 |
Astra_Sites_Importer_Log::add( 'Deleted customizer Settings ' . json_encode( get_option( 'astra-settings', array() ) ) );
|
474 |
|
475 |
delete_option( 'astra-settings' );
|
@@ -485,6 +539,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
485 |
*/
|
486 |
function reset_site_options() {
|
487 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
488 |
$options = get_option( '_astra_sites_old_site_options', array() );
|
489 |
|
490 |
Astra_Sites_Importer_Log::add( 'Deleted - Site Options ' . json_encode( $options ) );
|
@@ -505,6 +566,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
505 |
* @return void
|
506 |
*/
|
507 |
function reset_widgets_data() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
508 |
$old_widgets = get_option( '_astra_sites_old_widgets_data', array() );
|
509 |
|
510 |
Astra_Sites_Importer_Log::add( 'DELETED - WIDGETS ' . json_encode( $old_widgets ) );
|
@@ -539,6 +608,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
539 |
* @return void
|
540 |
*/
|
541 |
function delete_imported_posts() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
542 |
$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
|
543 |
$message = 'Deleted - Post ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );
|
544 |
|
@@ -556,6 +633,14 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
556 |
* @return void
|
557 |
*/
|
558 |
function delete_imported_wp_forms() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
559 |
$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
|
560 |
|
561 |
$message = 'Deleted - Form ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );
|
@@ -576,6 +661,13 @@ if ( ! class_exists( 'Astra_Sites_Importer' ) ) :
|
|
576 |
*/
|
577 |
function delete_imported_terms() {
|
578 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
579 |
$term_id = isset( $_REQUEST['term_id'] ) ? absint( $_REQUEST['term_id'] ) : '';
|
580 |
|
581 |
$message = '';
|
122 |
*/
|
123 |
function import_start() {
|
124 |
|
125 |
+
// Verify Nonce.
|
126 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
127 |
+
|
128 |
if ( ! current_user_can( 'customize' ) ) {
|
129 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
130 |
}
|
131 |
|
132 |
$demo_api_uri = isset( $_POST['api_url'] ) ? esc_url( $_POST['api_url'] ) : '';
|
163 |
*/
|
164 |
function import_wpforms() {
|
165 |
|
166 |
+
// Verify Nonce.
|
167 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
168 |
+
|
169 |
+
if ( ! current_user_can( 'customize' ) ) {
|
170 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
171 |
+
}
|
172 |
+
|
173 |
$wpforms_url = ( isset( $_REQUEST['wpforms_url'] ) ) ? urldecode( $_REQUEST['wpforms_url'] ) : '';
|
174 |
$ids_mapping = array();
|
175 |
|
242 |
*/
|
243 |
function import_customizer_settings() {
|
244 |
|
245 |
+
// Verify Nonce.
|
246 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
247 |
+
|
248 |
+
if ( ! current_user_can( 'customize' ) ) {
|
249 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
250 |
+
}
|
251 |
+
|
252 |
$customizer_data = ( isset( $_POST['customizer_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['customizer_data'] ), 1 ) : array();
|
253 |
|
254 |
if ( ! empty( $customizer_data ) ) {
|
276 |
*/
|
277 |
function prepare_xml_data() {
|
278 |
|
279 |
+
// Verify Nonce.
|
280 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
281 |
+
|
282 |
+
if ( ! current_user_can( 'customize' ) ) {
|
283 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
284 |
+
}
|
285 |
+
|
286 |
if ( ! class_exists( 'XMLReader' ) ) {
|
287 |
wp_send_json_error( __( 'If XMLReader is not available, it imports all other settings and only skips XML import. This creates an incomplete website. We should bail early and not import anything if this is not present.', 'astra-sites' ) );
|
288 |
}
|
321 |
*/
|
322 |
function import_options() {
|
323 |
|
324 |
+
// Verify Nonce.
|
325 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
326 |
+
|
327 |
+
if ( ! current_user_can( 'customize' ) ) {
|
328 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
329 |
+
}
|
330 |
+
|
331 |
$options_data = ( isset( $_POST['options_data'] ) ) ? (array) json_decode( stripcslashes( $_POST['options_data'] ), 1 ) : '';
|
332 |
|
333 |
if ( ! empty( $options_data ) ) {
|
355 |
*/
|
356 |
function import_widgets() {
|
357 |
|
358 |
+
// Verify Nonce.
|
359 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
360 |
+
|
361 |
+
if ( ! current_user_can( 'customize' ) ) {
|
362 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
363 |
+
}
|
364 |
+
|
365 |
$widgets_data = ( isset( $_POST['widgets_data'] ) ) ? (object) json_decode( stripcslashes( $_POST['widgets_data'] ) ) : '';
|
366 |
|
367 |
Astra_Sites_Importer_Log::add( 'Imported - Widgets ' . json_encode( $widgets_data ) );
|
391 |
* @return void
|
392 |
*/
|
393 |
function import_end() {
|
394 |
+
|
395 |
+
// Verify Nonce.
|
396 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
397 |
+
|
398 |
+
if ( ! current_user_can( 'customize' ) ) {
|
399 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
400 |
+
}
|
401 |
+
|
402 |
do_action( 'astra_sites_import_complete' );
|
403 |
}
|
404 |
|
516 |
* @return void
|
517 |
*/
|
518 |
function reset_customizer_data() {
|
519 |
+
|
520 |
+
// Verify Nonce.
|
521 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
522 |
+
|
523 |
+
if ( ! current_user_can( 'customize' ) ) {
|
524 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
525 |
+
}
|
526 |
+
|
527 |
Astra_Sites_Importer_Log::add( 'Deleted customizer Settings ' . json_encode( get_option( 'astra-settings', array() ) ) );
|
528 |
|
529 |
delete_option( 'astra-settings' );
|
539 |
*/
|
540 |
function reset_site_options() {
|
541 |
|
542 |
+
// Verify Nonce.
|
543 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
544 |
+
|
545 |
+
if ( ! current_user_can( 'customize' ) ) {
|
546 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
547 |
+
}
|
548 |
+
|
549 |
$options = get_option( '_astra_sites_old_site_options', array() );
|
550 |
|
551 |
Astra_Sites_Importer_Log::add( 'Deleted - Site Options ' . json_encode( $options ) );
|
566 |
* @return void
|
567 |
*/
|
568 |
function reset_widgets_data() {
|
569 |
+
|
570 |
+
// Verify Nonce.
|
571 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
572 |
+
|
573 |
+
if ( ! current_user_can( 'customize' ) ) {
|
574 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
575 |
+
}
|
576 |
+
|
577 |
$old_widgets = get_option( '_astra_sites_old_widgets_data', array() );
|
578 |
|
579 |
Astra_Sites_Importer_Log::add( 'DELETED - WIDGETS ' . json_encode( $old_widgets ) );
|
608 |
* @return void
|
609 |
*/
|
610 |
function delete_imported_posts() {
|
611 |
+
|
612 |
+
// Verify Nonce.
|
613 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
614 |
+
|
615 |
+
if ( ! current_user_can( 'customize' ) ) {
|
616 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
617 |
+
}
|
618 |
+
|
619 |
$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
|
620 |
$message = 'Deleted - Post ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );
|
621 |
|
633 |
* @return void
|
634 |
*/
|
635 |
function delete_imported_wp_forms() {
|
636 |
+
|
637 |
+
// Verify Nonce.
|
638 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
639 |
+
|
640 |
+
if ( ! current_user_can( 'customize' ) ) {
|
641 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
642 |
+
}
|
643 |
+
|
644 |
$post_id = isset( $_REQUEST['post_id'] ) ? absint( $_REQUEST['post_id'] ) : '';
|
645 |
|
646 |
$message = 'Deleted - Form ID ' . $post_id . ' - ' . get_post_type( $post_id ) . ' - ' . get_the_title( $post_id );
|
661 |
*/
|
662 |
function delete_imported_terms() {
|
663 |
|
664 |
+
// Verify Nonce.
|
665 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
666 |
+
|
667 |
+
if ( ! current_user_can( 'customize' ) ) {
|
668 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
669 |
+
}
|
670 |
+
|
671 |
$term_id = isset( $_REQUEST['term_id'] ) ? absint( $_REQUEST['term_id'] ) : '';
|
672 |
|
673 |
$message = '';
|
inc/classes/class-astra-sites.php
CHANGED
@@ -78,6 +78,13 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
|
|
78 |
* @return void
|
79 |
*/
|
80 |
function getting_started_notice() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
81 |
update_user_meta( get_current_user_id(), '_astra_sites_gettings_started', true );
|
82 |
wp_send_json_success();
|
83 |
}
|
@@ -90,6 +97,13 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
|
|
90 |
*/
|
91 |
function activate_theme() {
|
92 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
93 |
switch_theme( 'astra' );
|
94 |
|
95 |
wp_send_json_success(
|
@@ -104,6 +118,9 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
|
|
104 |
* Set reset data
|
105 |
*/
|
106 |
function set_reset_data() {
|
|
|
|
|
|
|
107 |
if ( ! current_user_can( 'manage_options' ) ) {
|
108 |
return;
|
109 |
}
|
@@ -127,6 +144,9 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
|
|
127 |
* Backup our existing settings.
|
128 |
*/
|
129 |
function backup_settings() {
|
|
|
|
|
|
|
130 |
if ( ! current_user_can( 'manage_options' ) ) {
|
131 |
return;
|
132 |
}
|
@@ -286,7 +306,7 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
|
|
286 |
|
287 |
// Admin Page.
|
288 |
wp_enqueue_style( 'astra-sites-admin', ASTRA_SITES_URI . 'inc/assets/css/admin.css', ASTRA_SITES_VER, true );
|
289 |
-
wp_enqueue_script( 'astra-sites-admin-page', ASTRA_SITES_URI . 'inc/assets/js/admin-page.js', array( 'jquery', 'wp-util', 'updates' ), ASTRA_SITES_VER, true );
|
290 |
wp_enqueue_script( 'astra-sites-render-grid', ASTRA_SITES_URI . 'inc/assets/js/render-grid.js', array( 'wp-util', 'astra-sites-api', 'imagesloaded', 'jquery' ), ASTRA_SITES_VER, true );
|
291 |
|
292 |
$data = apply_filters(
|
@@ -432,6 +452,8 @@ if ( ! class_exists( 'Astra_Sites' ) ) :
|
|
432 |
*/
|
433 |
public function required_plugin_activate() {
|
434 |
|
|
|
|
|
435 |
if ( ! current_user_can( 'install_plugins' ) || ! isset( $_POST['init'] ) || ! $_POST['init'] ) {
|
436 |
wp_send_json_error(
|
437 |
array(
|
78 |
* @return void
|
79 |
*/
|
80 |
function getting_started_notice() {
|
81 |
+
// Verify Nonce.
|
82 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
83 |
+
|
84 |
+
if ( ! current_user_can( 'customize' ) ) {
|
85 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
86 |
+
}
|
87 |
+
|
88 |
update_user_meta( get_current_user_id(), '_astra_sites_gettings_started', true );
|
89 |
wp_send_json_success();
|
90 |
}
|
97 |
*/
|
98 |
function activate_theme() {
|
99 |
|
100 |
+
// Verify Nonce.
|
101 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
102 |
+
|
103 |
+
if ( ! current_user_can( 'customize' ) ) {
|
104 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
105 |
+
}
|
106 |
+
|
107 |
switch_theme( 'astra' );
|
108 |
|
109 |
wp_send_json_success(
|
118 |
* Set reset data
|
119 |
*/
|
120 |
function set_reset_data() {
|
121 |
+
|
122 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
123 |
+
|
124 |
if ( ! current_user_can( 'manage_options' ) ) {
|
125 |
return;
|
126 |
}
|
144 |
* Backup our existing settings.
|
145 |
*/
|
146 |
function backup_settings() {
|
147 |
+
|
148 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
149 |
+
|
150 |
if ( ! current_user_can( 'manage_options' ) ) {
|
151 |
return;
|
152 |
}
|
306 |
|
307 |
// Admin Page.
|
308 |
wp_enqueue_style( 'astra-sites-admin', ASTRA_SITES_URI . 'inc/assets/css/admin.css', ASTRA_SITES_VER, true );
|
309 |
+
wp_enqueue_script( 'astra-sites-admin-page', ASTRA_SITES_URI . 'inc/assets/js/admin-page.js', array( 'jquery', 'wp-util', 'updates', 'wp-url' ), ASTRA_SITES_VER, true );
|
310 |
wp_enqueue_script( 'astra-sites-render-grid', ASTRA_SITES_URI . 'inc/assets/js/render-grid.js', array( 'wp-util', 'astra-sites-api', 'imagesloaded', 'jquery' ), ASTRA_SITES_VER, true );
|
311 |
|
312 |
$data = apply_filters(
|
452 |
*/
|
453 |
public function required_plugin_activate() {
|
454 |
|
455 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
456 |
+
|
457 |
if ( ! current_user_can( 'install_plugins' ) || ! isset( $_POST['init'] ) || ! $_POST['init'] ) {
|
458 |
wp_send_json_error(
|
459 |
array(
|
inc/importers/wxr-importer/class-astra-wxr-importer.php
CHANGED
@@ -182,6 +182,13 @@ class Astra_WXR_Importer {
|
|
182 |
*/
|
183 |
function sse_import() {
|
184 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
185 |
// Start the event stream.
|
186 |
header( 'Content-Type: text/event-stream, charset=UTF-8' );
|
187 |
|
182 |
*/
|
183 |
function sse_import() {
|
184 |
|
185 |
+
// Verify Nonce.
|
186 |
+
check_ajax_referer( 'astra-sites', '_ajax_nonce' );
|
187 |
+
|
188 |
+
if ( ! current_user_can( 'customize' ) ) {
|
189 |
+
wp_send_json_error( __( 'You are not allowed to perform this action', 'astra-sites' ) );
|
190 |
+
}
|
191 |
+
|
192 |
// Start the event stream.
|
193 |
header( 'Content-Type: text/event-stream, charset=UTF-8' );
|
194 |
|
inc/lib/astra-notices/class-astra-notices.php
CHANGED
@@ -35,7 +35,7 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
|
|
35 |
* @var array Notices.
|
36 |
* @since 1.4.0
|
37 |
*/
|
38 |
-
private static $version = '1.1.
|
39 |
|
40 |
/**
|
41 |
* Notices
|
@@ -63,7 +63,7 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
|
|
63 |
*/
|
64 |
public static function get_instance() {
|
65 |
if ( ! isset( self::$instance ) ) {
|
66 |
-
self::$instance = new self;
|
67 |
}
|
68 |
return self::$instance;
|
69 |
}
|
@@ -114,6 +114,11 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
|
|
114 |
public function dismiss_notice() {
|
115 |
$notice_id = ( isset( $_POST['notice_id'] ) ) ? sanitize_key( $_POST['notice_id'] ) : '';
|
116 |
$repeat_notice_after = ( isset( $_POST['repeat_notice_after'] ) ) ? absint( $_POST['repeat_notice_after'] ) : '';
|
|
|
|
|
|
|
|
|
|
|
117 |
|
118 |
// Valid inputs?
|
119 |
if ( ! empty( $notice_id ) ) {
|
@@ -138,6 +143,13 @@ if ( ! class_exists( 'Astra_Notices' ) ) :
|
|
138 |
*/
|
139 |
public function enqueue_scripts() {
|
140 |
wp_register_script( 'astra-notices', self::_get_uri() . 'notices.js', array( 'jquery' ), self::$version, true );
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
141 |
}
|
142 |
|
143 |
/**
|
35 |
* @var array Notices.
|
36 |
* @since 1.4.0
|
37 |
*/
|
38 |
+
private static $version = '1.1.5';
|
39 |
|
40 |
/**
|
41 |
* Notices
|
63 |
*/
|
64 |
public static function get_instance() {
|
65 |
if ( ! isset( self::$instance ) ) {
|
66 |
+
self::$instance = new self();
|
67 |
}
|
68 |
return self::$instance;
|
69 |
}
|
114 |
public function dismiss_notice() {
|
115 |
$notice_id = ( isset( $_POST['notice_id'] ) ) ? sanitize_key( $_POST['notice_id'] ) : '';
|
116 |
$repeat_notice_after = ( isset( $_POST['repeat_notice_after'] ) ) ? absint( $_POST['repeat_notice_after'] ) : '';
|
117 |
+
$nonce = ( isset( $_POST['nonce'] ) ) ? sanitize_key( $_POST['nonce'] ) : '';
|
118 |
+
|
119 |
+
if ( false === wp_verify_nonce( $nonce, 'astra-notices' ) ) {
|
120 |
+
wp_send_json_error( _e( 'WordPress Nonce not validated.', 'astra-notices' ) );
|
121 |
+
}
|
122 |
|
123 |
// Valid inputs?
|
124 |
if ( ! empty( $notice_id ) ) {
|
143 |
*/
|
144 |
public function enqueue_scripts() {
|
145 |
wp_register_script( 'astra-notices', self::_get_uri() . 'notices.js', array( 'jquery' ), self::$version, true );
|
146 |
+
wp_localize_script(
|
147 |
+
'astra-notices',
|
148 |
+
'astraNotices',
|
149 |
+
array(
|
150 |
+
'_notice_nonce' => wp_create_nonce( 'astra-notices' ),
|
151 |
+
)
|
152 |
+
);
|
153 |
}
|
154 |
|
155 |
/**
|
inc/lib/astra-notices/notices.js
CHANGED
@@ -91,4 +91,4 @@
|
|
91 |
$( function() {
|
92 |
AstraNotices.init();
|
93 |
} );
|
94 |
-
} )( jQuery );
|
91 |
$( function() {
|
92 |
AstraNotices.init();
|
93 |
} );
|
94 |
+
} )( jQuery );
|
readme.txt
CHANGED
@@ -5,7 +5,7 @@ Tags: Elementor,Beaver Builder,Templates,Gutenberg,Astra Starter Sites
|
|
5 |
Requires at least: 4.4
|
6 |
Requires PHP: 5.3
|
7 |
Tested up to: 5.2
|
8 |
-
Stable tag: 1.3.
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
11 |
|
@@ -117,6 +117,9 @@ We are open to suggestions and would love to work on topics that our users are l
|
|
117 |
|
118 |
== Changelog ==
|
119 |
|
|
|
|
|
|
|
120 |
v1.3.20 - 15-October-2019
|
121 |
- Fix: Updated Astra Notice library to v1.1.4.
|
122 |
|
5 |
Requires at least: 4.4
|
6 |
Requires PHP: 5.3
|
7 |
Tested up to: 5.2
|
8 |
+
Stable tag: 1.3.21
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
11 |
|
117 |
|
118 |
== Changelog ==
|
119 |
|
120 |
+
v1.3.21 - 25-October-2019
|
121 |
+
- Security Fix: XSS vulnerability fixed by adding nonce verification and capability checks.
|
122 |
+
|
123 |
v1.3.20 - 15-October-2019
|
124 |
- Fix: Updated Astra Notice library to v1.1.4.
|
125 |
|