Gantry 4 Framework - Version 4.1.6

Version Description

  • Fixed XSS security vulnerability - thanks to Ingo Chao @ingochao for reporting
  • Replaced .live deprecated jQuery call in gantry-widgets.js
Download this release

Release Info

Developer gantry
Plugin Icon 128x128 Gantry 4 Framework
Version 4.1.6
Comparing to
See all releases

Code changes from version 4.1.5 to 4.1.6

Files changed (14) hide show
  1. CHANGELOG.php +5 -1
  2. admin/forms/fields/imagepicker.php +1 -1
  3. admin/forms/fields/updater.php +1 -1
  4. admin/widgets/colorchooser/css/mooRainbow-2.0.css +1 -1
  5. admin/widgets/gantry-widgets.js +2 -2
  6. core/gantry.class.php +11 -10
  7. core/utilities/gantrycache.class.php +2 -2
  8. functions.php +1 -1
  9. gantry.php +1 -1
  10. gizmos/searchhighlight.php +1 -1
  11. readme.txt +8 -1
  12. widgets/breadcrumbs.php +1 -1
  13. widgets/loginbutton.php +1 -1
  14. widgets/loginform.php +1 -1
CHANGELOG.php CHANGED
@@ -2,7 +2,7 @@
2
  /**
3
  * Gantry For Wordpress
4
  *
5
- * @version $Id: CHANGELOG.php 61395 2015-07-04 09:53:17Z jakub $
6
  * @author RocketTheme http://www.rockettheme.com
7
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
8
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
@@ -27,6 +27,10 @@ Legend:
27
  - -> Removed
28
  ! -> Note
29
 
 
 
 
 
30
  ------- 4.1.5 Release [] ------
31
  # Fixed layout issues when using WPML and multilingual widgets
32
  # Fixed strict standards error in invertPositionOrder for RTL languages
2
  /**
3
  * Gantry For Wordpress
4
  *
5
+ * @version $Id: CHANGELOG.php 61405 2015-07-20 08:11:28Z jakub $
6
  * @author RocketTheme http://www.rockettheme.com
7
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
8
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
27
  - -> Removed
28
  ! -> Note
29
 
30
+ ------- 4.1.6 Release [] ------
31
+ * Fixed XSS security vulnerability - thanks to Ingo Chao @ingochao for reporting
32
+ # Replaced .live deprecated jQuery call in gantry-widgets.js
33
+
34
  ------- 4.1.5 Release [] ------
35
  # Fixed layout issues when using WPML and multilingual widgets
36
  # Fixed strict standards error in invertPositionOrder for RTL languages
admin/forms/fields/imagepicker.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
  /**
3
- * @version 4.1.5 July 6, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
1
  <?php
2
  /**
3
+ * @version 4.1.6 July 20, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
admin/forms/fields/updater.php CHANGED
@@ -27,7 +27,7 @@ class GantryFormFieldUpdater extends GantryFormField
27
 
28
  $currentVersion = GANTRY_VERSION;
29
 
30
- if ($currentVersion == "\4.1.5") $currentVersion = "[DEV]";
31
 
32
  // curl check
33
  if (!function_exists('curl_version')) {
27
 
28
  $currentVersion = GANTRY_VERSION;
29
 
30
+ if ($currentVersion == "\4.1.6") $currentVersion = "[DEV]";
31
 
32
  // curl check
33
  if (!function_exists('curl_version')) {
admin/widgets/colorchooser/css/mooRainbow-2.0.css CHANGED
@@ -1,5 +1,5 @@
1
  /**
2
- * @version 4.1.5 July 6, 2015
3
  * @author RocketTheme http://www.rockettheme.com
4
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
5
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
1
  /**
2
+ * @version 4.1.6 July 20, 2015
3
  * @author RocketTheme http://www.rockettheme.com
4
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
5
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
admin/widgets/gantry-widgets.js CHANGED
@@ -1,5 +1,5 @@
1
  /**
2
- * @version $Id: gantry-widgets.js 60855 2014-05-15 21:42:30Z jakub $
3
  * @author RocketTheme http://www.rockettheme.com
4
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
5
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
@@ -25,7 +25,7 @@ var GantryWidgets = {
25
 
26
  new Tips('.rok-tips', {title: 'data-tips'});
27
  (function($){
28
- $('a.widget-action').live('click', function(){
29
  new Tips('.rok-tips', {title: 'data-tips'});
30
  });
31
  })(jQuery);
1
  /**
2
+ * @version $Id: gantry-widgets.js 61404 2015-07-13 09:22:40Z jakub $
3
  * @author RocketTheme http://www.rockettheme.com
4
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
5
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
25
 
26
  new Tips('.rok-tips', {title: 'data-tips'});
27
  (function($){
28
+ $(document).on('click', 'a.widget-action', function(){
29
  new Tips('.rok-tips', {title: 'data-tips'});
30
  });
31
  })(jQuery);
core/gantry.class.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
  /**
3
- * @version $Id: gantry.class.php 61394 2015-07-04 09:48:11Z jakub $
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
@@ -570,7 +570,8 @@ class Gantry
570
  $this->_displayHead($output);
571
  $this->_displayFooter($output);
572
  $this->_displayBodyTag($output);
573
- echo $output;
 
574
  }
575
 
576
  /**
@@ -1055,7 +1056,7 @@ class Gantry
1055
  $path = '/' . preg_replace('#^' . quotemeta($this->baseUrl) . '#', "", $path);
1056
  }
1057
  $filename = strtolower(basename($path, '.css')) . rand(0, 1000);
1058
- wp_enqueue_style($filename, $path, array(), '4.1.5');
1059
  $deps[] = $path;
1060
  }
1061
  }
@@ -1068,11 +1069,11 @@ class Gantry
1068
  if ($this->baseUrl != "/") {
1069
  $path = '/' . preg_replace('#^' . quotemeta($this->baseUrl) . '#', "", $path);
1070
  }
1071
- wp_enqueue_script($path, $path, $deps, '4.1.5');
1072
  $deps[] = $path;
1073
  }
1074
  foreach ($this->_header_full_scripts as $strSrc) {
1075
- wp_enqueue_script($strSrc, $strSrc, $deps, '4.1.5');
1076
  $deps[] = $strSrc;
1077
  }
1078
 
@@ -1112,11 +1113,11 @@ class Gantry
1112
  if ($this->baseUrl != "/") {
1113
  $path = '/' . preg_replace('#^' . quotemeta($this->baseUrl) . '#', "", $path);
1114
  }
1115
- wp_enqueue_script($path, $path, $deps, '4.1.5', true);
1116
  $deps[] = $path;
1117
  }
1118
  foreach ($this->_footer_full_scripts as $strSrc) {
1119
- wp_enqueue_script($strSrc, $strSrc, $deps, '4.1.5', true);
1120
  $deps[] = $strSrc;
1121
  }
1122
 
@@ -1764,7 +1765,7 @@ class Gantry
1764
  if (!defined('GANTRY_FINALIZED')) {
1765
  $this->_styles[$priority][] = $link;
1766
  } else {
1767
- wp_enqueue_style($link->getUrl(), $link->getUrl(), array(), '4.1.5');
1768
  }
1769
  }
1770
  }
@@ -1878,7 +1879,7 @@ class Gantry
1878
  $this->_footerscripts[$full_path] = $check_url_path . $query_string;
1879
  }
1880
  } else {
1881
- wp_enqueue_script($check_url_path, $check_url_path, array(), '4.1.5', $in_footer);
1882
  }
1883
  break;
1884
  }
@@ -1916,7 +1917,7 @@ class Gantry
1916
  $this->_footerscripts[$check_path] = $check_url_path . $query_string;
1917
  }
1918
  } else {
1919
- wp_enqueue_script($check_url_path, $check_url_path, array(), '4.1.5', $in_footer);
1920
  }
1921
  break(2);
1922
  }
1
  <?php
2
  /**
3
+ * @version $Id: gantry.class.php 61405 2015-07-20 08:11:28Z jakub $
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
570
  $this->_displayHead($output);
571
  $this->_displayFooter($output);
572
  $this->_displayBodyTag($output);
573
+
574
+ echo apply_filters('gantry_before_render_output', $output);
575
  }
576
 
577
  /**
1056
  $path = '/' . preg_replace('#^' . quotemeta($this->baseUrl) . '#', "", $path);
1057
  }
1058
  $filename = strtolower(basename($path, '.css')) . rand(0, 1000);
1059
+ wp_enqueue_style($filename, $path, array(), '4.1.6');
1060
  $deps[] = $path;
1061
  }
1062
  }
1069
  if ($this->baseUrl != "/") {
1070
  $path = '/' . preg_replace('#^' . quotemeta($this->baseUrl) . '#', "", $path);
1071
  }
1072
+ wp_enqueue_script($path, $path, $deps, '4.1.6');
1073
  $deps[] = $path;
1074
  }
1075
  foreach ($this->_header_full_scripts as $strSrc) {
1076
+ wp_enqueue_script($strSrc, $strSrc, $deps, '4.1.6');
1077
  $deps[] = $strSrc;
1078
  }
1079
 
1113
  if ($this->baseUrl != "/") {
1114
  $path = '/' . preg_replace('#^' . quotemeta($this->baseUrl) . '#', "", $path);
1115
  }
1116
+ wp_enqueue_script($path, $path, $deps, '4.1.6', true);
1117
  $deps[] = $path;
1118
  }
1119
  foreach ($this->_footer_full_scripts as $strSrc) {
1120
+ wp_enqueue_script($strSrc, $strSrc, $deps, '4.1.6', true);
1121
  $deps[] = $strSrc;
1122
  }
1123
 
1765
  if (!defined('GANTRY_FINALIZED')) {
1766
  $this->_styles[$priority][] = $link;
1767
  } else {
1768
+ wp_enqueue_style($link->getUrl(), $link->getUrl(), array(), '4.1.6');
1769
  }
1770
  }
1771
  }
1879
  $this->_footerscripts[$full_path] = $check_url_path . $query_string;
1880
  }
1881
  } else {
1882
+ wp_enqueue_script($check_url_path, $check_url_path, array(), '4.1.6', $in_footer);
1883
  }
1884
  break;
1885
  }
1917
  $this->_footerscripts[$check_path] = $check_url_path . $query_string;
1918
  }
1919
  } else {
1920
+ wp_enqueue_script($check_url_path, $check_url_path, array(), '4.1.6', $in_footer);
1921
  }
1922
  break(2);
1923
  }
core/utilities/gantrycache.class.php CHANGED
@@ -26,7 +26,7 @@ class GantryCache
26
  /**
27
  *
28
  */
29
- const ADMIN_GROUP_NAME = 'GantryAdmin-4.1.5';
30
 
31
  const ADMIN_LIFETIME = 86400;
32
 
@@ -122,7 +122,7 @@ class GantryCache
122
  $this->cache->addDriver('frontend', new WpTransientCacheDriver($this->group, $this->lifetime));
123
  } elseif (is_admin()) {
124
  // TODO get lifetime for backend cache
125
- $this->group = self::ADMIN_GROUP_NAME . '-4.1.5';
126
  $this->cache->addDriver('admin', new WpTransientCacheDriver($this->group, self::ADMIN_LIFETIME));
127
  }
128
  }
26
  /**
27
  *
28
  */
29
+ const ADMIN_GROUP_NAME = 'GantryAdmin-4.1.6';
30
 
31
  const ADMIN_LIFETIME = 86400;
32
 
122
  $this->cache->addDriver('frontend', new WpTransientCacheDriver($this->group, $this->lifetime));
123
  } elseif (is_admin()) {
124
  // TODO get lifetime for backend cache
125
+ $this->group = self::ADMIN_GROUP_NAME . '-4.1.6';
126
  $this->cache->addDriver('admin', new WpTransientCacheDriver($this->group, self::ADMIN_LIFETIME));
127
  }
128
  }
functions.php CHANGED
@@ -168,7 +168,7 @@ function gantry_construct()
168
  /**
169
  * @name GANTRY_VERSION
170
  */
171
- define('GANTRY_VERSION', '4.1.5');
172
 
173
 
174
  if (!defined('DS')) {
168
  /**
169
  * @name GANTRY_VERSION
170
  */
171
+ define('GANTRY_VERSION', '4.1.6');
172
 
173
 
174
  if (!defined('DS')) {
gantry.php CHANGED
@@ -10,7 +10,7 @@
10
  Plugin Name: Gantry Template Framework
11
  Plugin URI: http://www.gantry-framework.org/
12
  Description: This is a Framework to support easily modifiable themes that are very extensible.
13
- Version: 4.1.5
14
  Author: RocketTheme
15
  Author URI: http://www.rockettheme.com/wordpress
16
  License: http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
10
  Plugin Name: Gantry Template Framework
11
  Plugin URI: http://www.gantry-framework.org/
12
  Description: This is a Framework to support easily modifiable themes that are very extensible.
13
+ Version: 4.1.6
14
  Author: RocketTheme
15
  Author URI: http://www.rockettheme.com/wordpress
16
  License: http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
gizmos/searchhighlight.php CHANGED
@@ -28,7 +28,7 @@ class GantryGizmoSearchHighlight extends GantryGizmo
28
  global $gantry, $s;
29
  if(is_search()) {
30
  $gantry->addScript( 'gantry-search-highlight.js' );
31
- $js = 'window.addEvent(\'domready\', function() { highlight(\'' . $s . '\'); });';
32
  $gantry->addInlineScript( $js );
33
  }
34
  }
28
  global $gantry, $s;
29
  if(is_search()) {
30
  $gantry->addScript( 'gantry-search-highlight.js' );
31
+ $js = 'window.addEvent(\'domready\', function() { highlight(\'' . esc_attr($s) . '\'); });';
32
  $gantry->addInlineScript( $js );
33
  }
34
  }
readme.txt CHANGED
@@ -4,7 +4,7 @@ Author URI: http://gantry-framework.org
4
  Tags: gantry, framework, template, theme, widgets, flexible, extensible, configurable, 960px, grid, columns, powerful, buddypress
5
  Requires at least: 3.2
6
  Tested up to: 4.2.2
7
- Stable tag: 4.1.5
8
 
9
  Gantry is a comprehensive set of building blocks to enable the rapid development and realization of a design into a flexible and powerful web platform
10
 
@@ -87,6 +87,10 @@ Once you downloaded and installed Gantry Framework plugin, please download also
87
 
88
  == Changelog ==
89
 
 
 
 
 
90
  = 4.1.5 =
91
  * Fixed layout issues when using WPML and multilingual widgets
92
  * Fixed strict standards error in invertPositionOrder for RTL languages
@@ -404,6 +408,9 @@ Once you downloaded and installed Gantry Framework plugin, please download also
404
 
405
  == Upgrade Notice ==
406
 
 
 
 
407
  = 4.1.5 =
408
  Please remember to create a full site backup (files + database) before performing update.
409
 
4
  Tags: gantry, framework, template, theme, widgets, flexible, extensible, configurable, 960px, grid, columns, powerful, buddypress
5
  Requires at least: 3.2
6
  Tested up to: 4.2.2
7
+ Stable tag: 4.1.6
8
 
9
  Gantry is a comprehensive set of building blocks to enable the rapid development and realization of a design into a flexible and powerful web platform
10
 
87
 
88
  == Changelog ==
89
 
90
+ = 4.1.6 =
91
+ * Fixed XSS security vulnerability - thanks to Ingo Chao @ingochao for reporting
92
+ * Replaced .live deprecated jQuery call in gantry-widgets.js
93
+
94
  = 4.1.5 =
95
  * Fixed layout issues when using WPML and multilingual widgets
96
  * Fixed strict standards error in invertPositionOrder for RTL languages
408
 
409
  == Upgrade Notice ==
410
 
411
+ = 4.1.6 =
412
+ This update fixes XSS security vulnerability. Please update your Gantry Framework!
413
+
414
  = 4.1.5 =
415
  Please remember to create a full site backup (files + database) before performing update.
416
 
widgets/breadcrumbs.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
  /**
3
- * @version 4.1.5 July 6, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
1
  <?php
2
  /**
3
+ * @version 4.1.6 July 20, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
widgets/loginbutton.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
  /**
3
- * @version 4.1.5 July 6, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
1
  <?php
2
  /**
3
+ * @version 4.1.6 July 20, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
widgets/loginform.php CHANGED
@@ -1,6 +1,6 @@
1
  <?php
2
  /**
3
- * @version 4.1.5 July 6, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
1
  <?php
2
  /**
3
+ * @version 4.1.6 July 20, 2015
4
  * @author RocketTheme http://www.rockettheme.com
5
  * @copyright Copyright (C) 2007 - 2015 RocketTheme, LLC
6
  * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only