Elementor Essential Addons - Version 5.0.5

Version Description

  • 28/01/2022 =

  • Improved: Enhanced Security to prevent inclusion of unwanted file form remote server through ajax request

Download this release

Release Info

Developer wpdevteam
Plugin Icon 128x128 Elementor Essential Addons
Version 5.0.5
Comparing to
See all releases

Code changes from version 5.0.4 to 5.0.5

Files changed (4) hide show
  1. essential_adons_elementor.php +2 -2
  2. includes/Traits/Helper.php +15 -12
  3. languages/essential-addons-for-elementor-lite.pot +15 -15
  4. readme.txt +5 -1
essential_adons_elementor.php CHANGED
@@ -4,7 +4,7 @@
4
  * Description: The Essential plugin you install after Elementor! Packed with 40+ stunning free elements including Advanced Data Table, Event Calendar, Filterable Gallery, WooCommerce, and many more.
5
  * Plugin URI: https://essential-addons.com/elementor/
6
  * Author: WPDeveloper
7
- * Version: 5.0.4
8
  * Author URI: https://wpdeveloper.com/
9
  * Text Domain: essential-addons-for-elementor-lite
10
  * Domain Path: /languages
@@ -27,7 +27,7 @@ define('EAEL_PLUGIN_FILE', __FILE__);
27
  define('EAEL_PLUGIN_BASENAME', plugin_basename(__FILE__));
28
  define('EAEL_PLUGIN_PATH', trailingslashit(plugin_dir_path(__FILE__)));
29
  define('EAEL_PLUGIN_URL', trailingslashit(plugins_url('/', __FILE__)));
30
- define('EAEL_PLUGIN_VERSION', '5.0.4');
31
  define('EAEL_ASSET_PATH', wp_upload_dir()['basedir'] . '/essential-addons-elementor');
32
  define('EAEL_ASSET_URL', wp_upload_dir()['baseurl'] . '/essential-addons-elementor');
33
  /**
4
  * Description: The Essential plugin you install after Elementor! Packed with 40+ stunning free elements including Advanced Data Table, Event Calendar, Filterable Gallery, WooCommerce, and many more.
5
  * Plugin URI: https://essential-addons.com/elementor/
6
  * Author: WPDeveloper
7
+ * Version: 5.0.5
8
  * Author URI: https://wpdeveloper.com/
9
  * Text Domain: essential-addons-for-elementor-lite
10
  * Domain Path: /languages
27
  define('EAEL_PLUGIN_BASENAME', plugin_basename(__FILE__));
28
  define('EAEL_PLUGIN_PATH', trailingslashit(plugin_dir_path(__FILE__)));
29
  define('EAEL_PLUGIN_URL', trailingslashit(plugins_url('/', __FILE__)));
30
+ define('EAEL_PLUGIN_VERSION', '5.0.5');
31
  define('EAEL_ASSET_PATH', wp_upload_dir()['basedir'] . '/essential-addons-elementor');
32
  define('EAEL_ASSET_URL', wp_upload_dir()['baseurl'] . '/essential-addons-elementor');
33
  /**
includes/Traits/Helper.php CHANGED
@@ -123,12 +123,12 @@ trait Helper
123
  $dir_path = sprintf("%sincludes",EAEL_PLUGIN_PATH);
124
  }
125
 
126
- $file_path = sprintf(
127
- '%s/Template/%s/%s',
128
- $dir_path,
129
- $template_info[ 'name' ],
130
- $template_info[ 'file_name' ]
131
- );
132
 
133
  if ( ! $file_path || 0 !== strpos( $file_path, $dir_path ) ) {
134
  wp_send_json_error( 'Invalid template', 'invalid_template', 400 );
@@ -615,9 +615,12 @@ trait Helper
615
  $args['offset'] = $paginationOffsetValue;
616
  }
617
 
618
- $template_info = $_REQUEST['templateInfo'];
 
 
619
  $this->set_widget_name( $template_info['name'] );
620
- $template = $this->get_template( $template_info['file_name'] );
 
621
  ob_start();
622
  $query = new \WP_Query( $args );
623
  if ( $query->have_posts() ) {
@@ -992,12 +995,12 @@ trait Helper
992
  $dir_path = sprintf("%sincludes",EAEL_PLUGIN_PATH);
993
  }
994
 
995
- $file_path = sprintf(
996
  '%s/Template/%s/%s',
997
  $dir_path,
998
- $template_info[ 'name' ],
999
- $template_info[ 'file_name' ]
1000
- );
1001
 
1002
  if ( ! $file_path || 0 !== strpos( $file_path, $dir_path ) ) {
1003
  wp_send_json_error( 'Invalid template', 'invalid_template', 400 );
123
  $dir_path = sprintf("%sincludes",EAEL_PLUGIN_PATH);
124
  }
125
 
126
+ $file_path = realpath( sprintf(
127
+ '%s/Template/%s/%s',
128
+ $dir_path,
129
+ $template_info['name'],
130
+ $template_info['file_name']
131
+ ) );
132
 
133
  if ( ! $file_path || 0 !== strpos( $file_path, $dir_path ) ) {
134
  wp_send_json_error( 'Invalid template', 'invalid_template', 400 );
615
  $args['offset'] = $paginationOffsetValue;
616
  }
617
 
618
+
619
+ $template_info = $this->eael_sanitize_template_param( $_REQUEST['templateInfo'] );
620
+
621
  $this->set_widget_name( $template_info['name'] );
622
+ $template = realpath( $this->get_template( $template_info['file_name'] ) );
623
+
624
  ob_start();
625
  $query = new \WP_Query( $args );
626
  if ( $query->have_posts() ) {
995
  $dir_path = sprintf("%sincludes",EAEL_PLUGIN_PATH);
996
  }
997
 
998
+ $file_path = realpath( sprintf(
999
  '%s/Template/%s/%s',
1000
  $dir_path,
1001
+ $template_info['name'],
1002
+ $template_info['file_name']
1003
+ ) );
1004
 
1005
  if ( ! $file_path || 0 !== strpos( $file_path, $dir_path ) ) {
1006
  wp_send_json_error( 'Invalid template', 'invalid_template', 400 );
languages/essential-addons-for-elementor-lite.pot CHANGED
@@ -61,7 +61,7 @@ msgstr ""
61
  msgid "Install Now!"
62
  msgstr ""
63
 
64
- #: ../includes/Classes/WPDeveloper_Plugin_Installer.php:151, ../includes/Classes/WPDeveloper_Plugin_Installer.php:169, ../includes/Classes/WPDeveloper_Plugin_Installer.php:187, ../includes/Classes/WPDeveloper_Setup_Wizard.php:517, ../includes/Classes/WPDeveloper_Setup_Wizard.php:543, ../includes/Traits/Admin.php:141, ../includes/Traits/Helper.php:845, ../includes/Traits/Library.php:158
65
  msgid "you are not allowed to do this action"
66
  msgstr ""
67
 
@@ -197,7 +197,7 @@ msgstr ""
197
  msgid "Upgrade to PRO"
198
  msgstr ""
199
 
200
- #: ../includes/Classes/WPDeveloper_Setup_Wizard.php:324, ../includes/Traits/Helper.php:821, ../includes/templates/admin/general.php:31
201
  msgid "Install Templately"
202
  msgstr ""
203
 
@@ -8135,23 +8135,23 @@ msgstr ""
8135
  msgid "Post ID is missing"
8136
  msgstr ""
8137
 
8138
- #: ../includes/Traits/Facebook_Feed.php:41, ../includes/Traits/Helper.php:57, ../includes/Traits/Helper.php:957, ../includes/Traits/Login_Registration.php:62, ../includes/Traits/Login_Registration.php:227, ../includes/Traits/Woo_Product_Comparable.php:2133
8139
  msgid "Widget ID is missing"
8140
  msgstr ""
8141
 
8142
- #: ../includes/Traits/Helper.php:29, ../includes/Traits/Helper.php:929, ../includes/Traits/Login_Registration.php:79, ../includes/Traits/Login_Registration.php:200
8143
  msgid "Insecure form submitted without security token"
8144
  msgstr ""
8145
 
8146
- #: ../includes/Traits/Helper.php:37, ../includes/Traits/Helper.php:937, ../includes/Traits/Login_Registration.php:92, ../includes/Traits/Login_Registration.php:210, ../includes/Traits/Woo_Product_Comparable.php:2170
8147
  msgid "Security token did not match"
8148
  msgstr ""
8149
 
8150
- #: ../includes/Traits/Helper.php:47, ../includes/Traits/Helper.php:947, ../includes/Traits/Login_Registration.php:55, ../includes/Traits/Login_Registration.php:222, ../includes/Traits/Woo_Product_Comparable.php:2128
8151
  msgid "Page ID is missing"
8152
  msgstr ""
8153
 
8154
- #: ../includes/Traits/Helper.php:67, ../includes/Traits/Helper.php:966
8155
  msgid "Widget settings are not found. Did you save the widget before using load more??"
8156
  msgstr ""
8157
 
@@ -8163,35 +8163,35 @@ msgstr ""
8163
  msgid "%s ago"
8164
  msgstr ""
8165
 
8166
- #: ../includes/Traits/Helper.php:803
8167
  msgid "1,700+ Stunning Templates"
8168
  msgstr ""
8169
 
8170
- #: ../includes/Traits/Helper.php:804
8171
  msgid "Supports Elementor & Gutenberg"
8172
  msgstr ""
8173
 
8174
- #: ../includes/Traits/Helper.php:805
8175
  msgid "Powering up 100,000+ Websites"
8176
  msgstr ""
8177
 
8178
- #: ../includes/Traits/Helper.php:806
8179
  msgid "Cloud Collaboration with Team"
8180
  msgstr ""
8181
 
8182
- #: ../includes/Traits/Helper.php:815
8183
  msgid "Don’t Show This Again"
8184
  msgstr ""
8185
 
8186
- #: ../includes/Traits/Helper.php:827
8187
  msgid "Activate Templately"
8188
  msgstr ""
8189
 
8190
- #: ../includes/Traits/Helper.php:824
8191
  msgid "Activated Templately"
8192
  msgstr ""
8193
 
8194
- #: ../includes/Traits/Helper.php:830
8195
  msgid "Submit"
8196
  msgstr ""
8197
 
61
  msgid "Install Now!"
62
  msgstr ""
63
 
64
+ #: ../includes/Classes/WPDeveloper_Plugin_Installer.php:151, ../includes/Classes/WPDeveloper_Plugin_Installer.php:169, ../includes/Classes/WPDeveloper_Plugin_Installer.php:187, ../includes/Classes/WPDeveloper_Setup_Wizard.php:517, ../includes/Classes/WPDeveloper_Setup_Wizard.php:543, ../includes/Traits/Admin.php:141, ../includes/Traits/Helper.php:848, ../includes/Traits/Library.php:158
65
  msgid "you are not allowed to do this action"
66
  msgstr ""
67
 
197
  msgid "Upgrade to PRO"
198
  msgstr ""
199
 
200
+ #: ../includes/Classes/WPDeveloper_Setup_Wizard.php:324, ../includes/Traits/Helper.php:824, ../includes/templates/admin/general.php:31
201
  msgid "Install Templately"
202
  msgstr ""
203
 
8135
  msgid "Post ID is missing"
8136
  msgstr ""
8137
 
8138
+ #: ../includes/Traits/Facebook_Feed.php:41, ../includes/Traits/Helper.php:57, ../includes/Traits/Helper.php:960, ../includes/Traits/Login_Registration.php:62, ../includes/Traits/Login_Registration.php:227, ../includes/Traits/Woo_Product_Comparable.php:2133
8139
  msgid "Widget ID is missing"
8140
  msgstr ""
8141
 
8142
+ #: ../includes/Traits/Helper.php:29, ../includes/Traits/Helper.php:932, ../includes/Traits/Login_Registration.php:79, ../includes/Traits/Login_Registration.php:200
8143
  msgid "Insecure form submitted without security token"
8144
  msgstr ""
8145
 
8146
+ #: ../includes/Traits/Helper.php:37, ../includes/Traits/Helper.php:940, ../includes/Traits/Login_Registration.php:92, ../includes/Traits/Login_Registration.php:210, ../includes/Traits/Woo_Product_Comparable.php:2170
8147
  msgid "Security token did not match"
8148
  msgstr ""
8149
 
8150
+ #: ../includes/Traits/Helper.php:47, ../includes/Traits/Helper.php:950, ../includes/Traits/Login_Registration.php:55, ../includes/Traits/Login_Registration.php:222, ../includes/Traits/Woo_Product_Comparable.php:2128
8151
  msgid "Page ID is missing"
8152
  msgstr ""
8153
 
8154
+ #: ../includes/Traits/Helper.php:67, ../includes/Traits/Helper.php:969
8155
  msgid "Widget settings are not found. Did you save the widget before using load more??"
8156
  msgstr ""
8157
 
8163
  msgid "%s ago"
8164
  msgstr ""
8165
 
8166
+ #: ../includes/Traits/Helper.php:806
8167
  msgid "1,700+ Stunning Templates"
8168
  msgstr ""
8169
 
8170
+ #: ../includes/Traits/Helper.php:807
8171
  msgid "Supports Elementor & Gutenberg"
8172
  msgstr ""
8173
 
8174
+ #: ../includes/Traits/Helper.php:808
8175
  msgid "Powering up 100,000+ Websites"
8176
  msgstr ""
8177
 
8178
+ #: ../includes/Traits/Helper.php:809
8179
  msgid "Cloud Collaboration with Team"
8180
  msgstr ""
8181
 
8182
+ #: ../includes/Traits/Helper.php:818
8183
  msgid "Don’t Show This Again"
8184
  msgstr ""
8185
 
8186
+ #: ../includes/Traits/Helper.php:830
8187
  msgid "Activate Templately"
8188
  msgstr ""
8189
 
8190
+ #: ../includes/Traits/Helper.php:827
8191
  msgid "Activated Templately"
8192
  msgstr ""
8193
 
8194
+ #: ../includes/Traits/Helper.php:833
8195
  msgid "Submit"
8196
  msgstr ""
8197
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: elementor, elements, addons, elementor addons, elementor widget, elementor
4
  Requires at least: 5.0
5
  Tested up to: 5.9
6
  Requires PHP: 5.6
7
- Stable tag: 5.0.4
8
  License: GPLv3
9
  License URI: https://opensource.org/licenses/GPL-3.0
10
 
@@ -241,6 +241,10 @@ Your existing elements/content will work with premium version. So you won't lose
241
 
242
  == Changelog ==
243
 
 
 
 
 
244
  = 5.0.4 - 27/01/2022 =
245
 
246
  - Improved: Sanitized template file paths for Security Enhancement
4
  Requires at least: 5.0
5
  Tested up to: 5.9
6
  Requires PHP: 5.6
7
+ Stable tag: 5.0.5
8
  License: GPLv3
9
  License URI: https://opensource.org/licenses/GPL-3.0
10
 
241
 
242
  == Changelog ==
243
 
244
+ = 5.0.5 - 28/01/2022 =
245
+
246
+ - Improved: Enhanced Security to prevent inclusion of unwanted file form remote server through ajax request
247
+
248
  = 5.0.4 - 27/01/2022 =
249
 
250
  - Improved: Sanitized template file paths for Security Enhancement