Page Builder: PageLayer – Drag and Drop website builder - Version 1.1.1

Version Description

(May 2, 2020) = * [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed. * [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes. * [Premium-Feature] The Pagelayer settings have added the option to add custom header and footer code for the entire site, and you can also add custom header and footer code for particular pages / posts from the "Edit Body and Post Props" option in the Pagelayer editor. * [Premium-Feature] Added "From Email" and "Additional Headers" options for the contact forms in the Pagelayer settings. * [Premium-Feature] Added options to create custom mail template for the contact forms in the "Contact form" widget. * [Task] The new property type "model" is defined. * [Bug-Fix] In the audio widget, the play and volume icon was invisible. This is fixed. * [Bug-Fix] In the contact form widget, the Redirect option was not working. This is fixed. * [Bug-Fix] In some cases, memory was exhausted while loading the shortcodes.

Download this release

Release Info

Developer pagelayer
Plugin Icon 128x128 Page Builder: PageLayer – Drag and Drop website builder
Version 1.1.1
Comparing to
See all releases

Code changes from version 1.1.0 to 1.1.1

css/pagelayer-admin.css CHANGED
@@ -27,3 +27,13 @@ display:none;
27
.pagelayer-setting-form td .pagelayer-app-id{
28
width:350px;
29
}
27
.pagelayer-setting-form td .pagelayer-app-id{
28
width:350px;
29
}
30
+
31
+ .pagelayer-cf table{
32
+ width: 80%;
33
+ }
34
+
35
+ .pagelayer-cf table label,
36
+ .pagelayer-cf table input:not([type="checkbox"]):not([type="radio"]),
37
+ .pagelayer-cf table textarea{
38
+ width: 100%;
39
+ }
css/pagelayer-editor.css CHANGED
@@ -853,6 +853,7 @@ position:relative;
853
border: 1px solid #2EA5DF;
854
}
855
856
.pagelayer-elp-access{
857
cursor: pointer;
858
padding: 10px;
@@ -3115,4 +3116,46 @@ font: bold 2em Poppins, sans-serif
3115
}
3116
}
3117
3118
- /* Pre-Loading animaiton classes end*/
853
border: 1px solid #2EA5DF;
854
}
855
856
+ .pagelayer-elp-modal,
857
.pagelayer-elp-access{
858
cursor: pointer;
859
padding: 10px;
3116
}
3117
}
3118
3119
+ /* Pre-Loading animaiton classes end*/
3120
+ /* Property modal start*/
3121
+ .pagelayer-elp-modal-wrapper{
3122
+ position: fixed;
3123
+ top: 0;
3124
+ bottom: 0;
3125
+ left: 0;
3126
+ right: 0;
3127
+ overflow-y: auto;
3128
+ background: #0000009c;
3129
+ z-index: 999;
3130
+ color: #fff;
3131
+ display:none;
3132
+ }
3133
+
3134
+ .pagelayer-elp-modal-wrap{
3135
+ width: 500px;
3136
+ background-color: #fff;
3137
+ position: relative;
3138
+ margin: 20px auto;
3139
+ border-radius: 5px;
3140
+ box-shadow: 0px 0px 7px 0px #fff;
3141
+ }
3142
+
3143
+ .pagelayer-elp-modal-close{
3144
+ float:right;
3145
+ padding: 5px;
3146
+ cursor:pointer
3147
+ }
3148
+
3149
+ .pagelayer-elp-modal-header{
3150
+ padding:15px 20px 10px;
3151
+ margin-top: 10px;
3152
+ font-size: 13px;
3153
+ font-weight: bold;
3154
+ color: #555;
3155
+ }
3156
+
3157
+ .pagelayer-elp-modal-holder{
3158
+ padding: 5px 20px 10px;
3159
+ }
3160
+
3161
+ /* Property modal end*/
init.php CHANGED
@@ -5,7 +5,7 @@ if (!defined('ABSPATH')) exit;
5
6
define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
7
define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
8
- define('PAGELAYER_VERSION', '1.1.0');
9
define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
10
define('PAGELAYER_SLUG', 'pagelayer');
11
define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));
@@ -266,7 +266,7 @@ function pagelayer_load_live_body(){
266
}
267
268
// Are you allowed to edit ?
269
- if(!pagelayer_user_can_edit()){
270
return;
271
}
272
@@ -436,7 +436,7 @@ function pagelayer_load_live(){
436
}
437
438
// Are you allowed to edit ?
439
- if(!pagelayer_user_can_edit()){
440
return;
441
}
442
@@ -552,5 +552,47 @@ function pagelayer_plugin_action_links($links){
552
return $links;
553
}
554
555
// Pagelayer Template Loading Mechanism
556
include_once(PAGELAYER_DIR.'/main/template.php');
5
6
define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
7
define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
8
+ define('PAGELAYER_VERSION', '1.1.1');
9
define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
10
define('PAGELAYER_SLUG', 'pagelayer');
11
define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));
266
}
267
268
// Are you allowed to edit ?
269
+ if(!pagelayer_user_can_edit($post->ID)){
270
return;
271
}
272
436
}
437
438
// Are you allowed to edit ?
439
+ if(!pagelayer_user_can_edit($post->ID)){
440
return;
441
}
442
552
return $links;
553
}
554
555
+ // Add custom header
556
+ add_action('wp_head', 'pagelayer_add_custom_head');
557
+ function pagelayer_add_custom_head(){
558
+ global $post;
559
+
560
+ $global_code = wp_unslash( get_option('pagelayer_header_code') );
561
+
562
+ if(!empty($post)){
563
+ $header_code = get_post_meta($post->ID , 'pagelayer_header_code', true);
564
+ }
565
+
566
+ if(!empty($global_code)){
567
+ echo $global_code."\n";
568
+ }
569
+
570
+ if(!empty($header_code)){
571
+ echo $header_code."\n";
572
+ }
573
+
574
+ }
575
+
576
+ // Add custom footer
577
+ add_action('wp_footer', 'pagelayer_add_custom_footer');
578
+ function pagelayer_add_custom_footer(){
579
+ global $post;
580
+
581
+ $global_code = wp_unslash( get_option('pagelayer_footer_code') );
582
+
583
+ if(!empty($post)){
584
+ $footer_code = get_post_meta($post->ID , 'pagelayer_footer_code', true);
585
+ }
586
+
587
+ if(!empty($global_code)){
588
+ echo $global_code."\n";
589
+ }
590
+
591
+ if(!empty($footer_code)){
592
+ echo $footer_code."\n";
593
+ }
594
+
595
+ }
596
+
597
// Pagelayer Template Loading Mechanism
598
include_once(PAGELAYER_DIR.'/main/template.php');
js/pagelayer-editor.js CHANGED
@@ -2726,6 +2726,36 @@ function pagelayer_add_action(act, func){
2726
jQuery(document).on(act, func);
2727
}
2728
2729
// Save the post
2730
function pagelayer_save(){
2731
@@ -2743,13 +2773,17 @@ function pagelayer_save(){
2743
props = tmp.atts;
2744
}
2745
2746
jQuery.ajax({
2747
type: "POST",
2748
url: pagelayerajaxurl,
2749
data: {
2750
pagelayer_update_content : post,
2751
pagelayer_nonce: pagelayer_ajax_nonce,
2752
- page_props: props
2753
},
2754
success: function(response, status, xhr){
2755
//alert(data);
2726
jQuery(document).on(act, func);
2727
}
2728
2729
+ // Create array of the contact from template params
2730
+ function pagelayer_get_contact_templates(){
2731
+
2732
+ var contacts = jQuery(pagelayer_editable+' [pagelayer-tag=pl_contact]');
2733
+ var contacts_props = {};
2734
+ if(contacts.length > 0){
2735
+
2736
+ contacts.each(function(){
2737
+
2738
+ var tmp = pagelayer_data(jQuery(this));
2739
+ var con_allowed = ['to_email', 'from_email', 'cont_subject', 'cont_header', 'cont_body', 'cont_use_html'];
2740
+
2741
+ if(pagelayer_empty(tmp.atts['contact_custom_templ'])) return true;
2742
+
2743
+ // Define blank array
2744
+ contacts_props[tmp.id] = {};
2745
+
2746
+ for(var x in con_allowed){
2747
+ var key = con_allowed[x];
2748
+ if(!pagelayer_empty(tmp.atts[key])){
2749
+ contacts_props[tmp.id][key] = tmp.atts[key];
2750
+ }
2751
+ }
2752
+
2753
+ });
2754
+ }
2755
+
2756
+ return contacts_props;
2757
+ }
2758
+
2759
// Save the post
2760
function pagelayer_save(){
2761
2773
props = tmp.atts;
2774
}
2775
2776
+ // Do we have contact templates ?
2777
+ var contacts_props = pagelayer_get_contact_templates();
2778
+
2779
jQuery.ajax({
2780
type: "POST",
2781
url: pagelayerajaxurl,
2782
data: {
2783
pagelayer_update_content : post,
2784
pagelayer_nonce: pagelayer_ajax_nonce,
2785
+ page_props: props,
2786
+ contacts: contacts_props
2787
},
2788
success: function(response, status, xhr){
2789
//alert(data);
js/pagelayer-frontend.js CHANGED
@@ -185,8 +185,14 @@ function pagelayer_pl_row_full(jEle){
185
// Now give the row the width
186
jEle.css({'width': vw, 'max-width': '100vw'});
187
188
jEle.offset({left: 0});
189
190
};
191
192
// Modal open
185
// Now give the row the width
186
jEle.css({'width': vw, 'max-width': '100vw'});
187
188
+ // Set the offset
189
jEle.offset({left: 0});
190
191
+ // Set a timeout as well as some themes can interfere with us
192
+ setTimeout(function(){
193
+ jEle.offset({left: 0});
194
+ }, 500);
195
+
196
};
197
198
// Modal open
js/properties.js CHANGED
@@ -99,7 +99,9 @@ function pagelayer_data(jEle, clean){
99
var sep = 'sep' in prop ? prop['sep'] : ',';
100
var tmp2 = prop['default'].split(sep);
101
for(var k in tmp2){
102
- tmp2[k] = tmp2[k]+prop['units'][0];
103
}
104
tmp_val = tmp2.join(sep);
105
}
@@ -2036,6 +2038,50 @@ function pagelayer_elp_access(row, prop){
2036
2037
};
2038
2039
// The Color Property
2040
function pagelayer_elp_color(row, prop){
2041
99
var sep = 'sep' in prop ? prop['sep'] : ',';
100
var tmp2 = prop['default'].split(sep);
101
for(var k in tmp2){
102
+ if(jQuery.isNumeric(tmp2[k])){
103
+ tmp2[k] = tmp2[k]+prop['units'][0];
104
+ }
105
}
106
tmp_val = tmp2.join(sep);
107
}
2038
2039
};
2040
2041
+ // The Modal Property
2042
+ function pagelayer_elp_modal(row, prop){
2043
+
2044
+ var style = pagelayer_empty(prop.width) ? '' : 'style="width:'+prop.width+'"';
2045
+
2046
+ var div = '<div class="pagelayer-elp-modal-div">'+
2047
+ '<span class="pagelayer-elp-modal"><i class="pli pli-window" /></span>'+
2048
+ '<div class="pagelayer-elp-modal-wrapper">'+
2049
+ '<div class="pagelayer-elp-modal-wrap" '+style+'>'+
2050
+ '<div class="pagelayer-elp-modal-header">'+
2051
+ prop.label +'<i class="pagelayer-elp-modal-close pli pli-cross" aria-hidden="true"></i>'+
2052
+ '</div><hr>'+
2053
+ '<div class="pagelayer-elp-modal-holder"></div>'+
2054
+ '</div>'+
2055
+ '</div>'+
2056
+ '</div>';
2057
+
2058
+ row.append(div);
2059
+
2060
+ var wrapper = row.find('.pagelayer-elp-modal-wrapper');
2061
+ var holder = row.find('.pagelayer-elp-modal-holder');
2062
+
2063
+ row.find('.pagelayer-elp-modal').on('click', function(){
2064
+
2065
+ // Setup first
2066
+ if(holder.children().length < 1){
2067
+
2068
+ var p = row.parent().find('[pagelayer-access-item='+prop.show_group+']').detach();
2069
+ p.appendTo(holder);
2070
+ p.addClass('pagelayer-access-item-visible');
2071
+ }
2072
+
2073
+ // Show and hide
2074
+ wrapper.show();
2075
+
2076
+ });
2077
+
2078
+ // Close Modal Property
2079
+ row.find('.pagelayer-elp-modal-close').on('click', function(){
2080
+ wrapper.hide();
2081
+ });
2082
+
2083
+ };
2084
+
2085
// The Color Property
2086
function pagelayer_elp_color(row, prop){
2087
languages/en.json CHANGED
@@ -821,6 +821,7 @@
821
"service_box_media_alignment": "Image Alignment",
822
"service_box_media_vertical_alignment": "Vertical Alignment",
823
"service_box_text_alignment": "Content Alignment",
824
"justify": "Justify",
825
"service_btn_url_label": "URL",
826
"service_button_text_label": "Text",
@@ -901,6 +902,7 @@
901
"embed_paste_code": "Paste HTML code",
902
"shortcodes": "Shortcodes",
903
"shortcodes_paste_code": "Shortcode",
904
"google_map_address_label": "Address",
905
"google_map_address_desc": "To find a specific address or location, just enter what you're looking for and press Enter",
906
"google_map_noscroll": "Deactivate Scroll",
@@ -1685,5 +1687,22 @@
1685
"popup_cookie_name" : "Cookie Name",
1686
"popup_cookie_exp" : "Cookie Expires",
1687
"select_images" : "Please select images from the left Widget properties !",
1688
- "ele_id" : "Element ID"
1689
}
821
"service_box_media_alignment": "Image Alignment",
822
"service_box_media_vertical_alignment": "Vertical Alignment",
823
"service_box_text_alignment": "Content Alignment",
824
+ "service_box_heading_alignment": "Heading Alignment",
825
"justify": "Justify",
826
"service_btn_url_label": "URL",
827
"service_button_text_label": "Text",
902
"embed_paste_code": "Paste HTML code",
903
"shortcodes": "Shortcodes",
904
"shortcodes_paste_code": "Shortcode",
905
+ "shortcodes_paste": "Paste your shortcode here",
906
"google_map_address_label": "Address",
907
"google_map_address_desc": "To find a specific address or location, just enter what you're looking for and press Enter",
908
"google_map_noscroll": "Deactivate Scroll",
1687
"popup_cookie_name" : "Cookie Name",
1688
"popup_cookie_exp" : "Cookie Expires",
1689
"select_images" : "Please select images from the left Widget properties !",
1690
+ "ele_id" : "Element ID",
1691
+ "prefix_suffix" : "Prefix and Suffix",
1692
+ "prefix_name" : "Prefix Title",
1693
+ "suffix_name" : "Suffix Title",
1694
+ "mail_template" : "Mail Template",
1695
+ "to_email" : "To Email",
1696
+ "from_email" : "From Email",
1697
+ "additional_head" : "Additional Header",
1698
+ "message_body" : "Message Body",
1699
+ "subject" : "Subject",
1700
+ "custom_hf_code" : "Custom Header Footer Code",
1701
+ "header_code" : "Header Code",
1702
+ "footer_code" : "Footer Code",
1703
+ "subject" : "Subject",
1704
+ "create_mail_templ" : "Create Mail Template",
1705
+ "use_html" : "Use HTML",
1706
+ "custom_templ" : "Use Custom Template",
1707
+ "technology" : "Technology"
1708
}
main/ajax.php CHANGED
@@ -38,6 +38,11 @@ function pagelayer_wp_widget_ajax(){
38
// Some AJAX security
39
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
40
41
pagelayer_load_shortcodes();
42
43
header('Content-Type: application/json');
@@ -128,13 +133,27 @@ function pagelayer_save_content(){
128
$content = $_POST['pagelayer_update_content'];
129
130
$postID = (int) $_GET['postID'];
131
-
132
if(empty($postID)){
133
- $msg['error'] = __pl('invalid_post_id');
134
}
135
136
- // Check if the post exists
137
138
if(!empty($postID) && !empty($content)){
139
140
$post = array(
@@ -153,6 +172,20 @@ function pagelayer_save_content(){
153
}
154
}
155
156
$_REQUEST['page_props']['featured_image'] = (int) $_REQUEST['page_props']['featured_image'];
157
if(!empty($_REQUEST['page_props']['featured_image'])){
158
set_post_thumbnail($postID, $_REQUEST['page_props']['featured_image']);
@@ -160,6 +193,29 @@ function pagelayer_save_content(){
160
delete_post_thumbnail($postID);
161
}
162
163
}
164
165
// Apply a filter
@@ -169,13 +225,13 @@ function pagelayer_save_content(){
169
wp_update_post($post);
170
171
if (is_wp_error($postID)) {
172
- $msg['error'] = __pl('post_update_err');
173
}else{
174
- $msg['success'] = __pl('post_update_success');
175
}
176
177
}else{
178
- $msg['error'] = __pl('post_update_err');
179
}
180
181
pagelayer_json_output($msg);
@@ -189,6 +245,11 @@ function pagelayer_do_shortcodes(){
189
// Some AJAX security
190
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
191
192
$data = '';
193
if(isset($_REQUEST['shortcode_data'])){
194
$data = stripslashes($_REQUEST['shortcode_data']);
@@ -237,10 +298,21 @@ function pagelayer_get_section_shortcodes(){
237
// Some AJAX security
238
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
239
240
$data = '';
241
if(isset($_REQUEST['pagelayer_section_id'])){
242
243
$get_url = PAGELAYER_API.'/library.php?give_id='.$_REQUEST['pagelayer_section_id'].(!empty($pagelayer->license['license']) ? '&license='.$pagelayer->license['license'] : '');
244
$fetch = wp_remote_get($get_url, array('timeout' => 60));
245
246
if ( is_array( $fetch ) && ! is_wp_error( $fetch ) && isset( $fetch['body'] ) ) {
@@ -319,6 +391,11 @@ function pagelayer_update_site_title(){
319
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
320
321
$site_title = $_POST['site_title'];
322
323
update_option('blogname', $site_title);
324
@@ -384,14 +461,19 @@ function pagelayer_create_post_autosave(){
384
385
// Some AJAX security
386
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
387
-
388
- $postID = (int) $_GET['postID'];
389
- $post_revisions = array();
390
391
$content = $_REQUEST['pagelayer_post_content'];
392
393
if(empty($postID)){
394
- $post_revisions['error'] = __pl('invalid_post_id');
395
}else{
396
397
$post = array(
@@ -399,12 +481,12 @@ function pagelayer_create_post_autosave(){
399
'post_content' => $content,
400
);
401
402
- $post_revisions['id'] = wp_create_post_autosave($post);
403
}
404
405
- $post_revisions['url'] = get_preview_post_link($postID);
406
407
- pagelayer_json_output($post_revisions);
408
409
}
410
@@ -415,20 +497,26 @@ function pagelayer_get_revision(){
415
// Some AJAX security
416
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
417
418
$postID = (int) $_GET['postID'];
419
- $post_revisions = array();
420
421
if(empty($postID)){
422
- $post_revisions['error'] = __pl('invalid_post_id');
423
}else{
424
- $post_revisions = pagelayer_get_post_revision_by_id($postID);
425
}
426
427
- pagelayer_json_output($post_revisions);
428
429
}
430
431
- // Get post revision
432
add_action('wp_ajax_pagelayer_apply_revision', 'pagelayer_apply_revision');
433
function pagelayer_apply_revision(){
434
@@ -436,17 +524,24 @@ function pagelayer_apply_revision(){
436
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
437
438
$revisionID = (int) $_REQUEST['revisionID'];
439
- $post_data = array();
440
441
if(empty($revisionID)){
442
- $post_data['error'] = __pl('invalid_post_id');
443
}else{
444
445
$post = get_post( $revisionID );
446
447
if ( empty( $post ) ) {
448
- $post_data['error'] = __pl('invalid_revision');
449
- pagelayer_json_output($post_data);
450
}
451
452
// Need to make the reviews post global
@@ -455,18 +550,18 @@ function pagelayer_apply_revision(){
455
// Need to reload the shortcodes
456
pagelayer_load_shortcodes();
457
458
- $post_data['content'] = do_shortcode($post->post_content);
459
460
if (is_wp_error($postID)) {
461
- $post_data['error'] = __pl('rev_load_error');
462
}else{
463
- $post_data['success'] = __pl('rev_load_success');
464
}
465
466
wp_reset_postdata();
467
}
468
469
- pagelayer_json_output($post_data);
470
471
}
472
@@ -478,38 +573,44 @@ function pagelayer_delete_revision() {
478
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
479
480
$revisionID = (int) $_REQUEST['revisionID'];
481
482
if(empty($revisionID)){
483
- $post_data['error'] = __pl('invalid_post_id');
484
}else{
485
486
$revision = get_post( $revisionID );
487
488
if ( empty( $revision ) ) {
489
- $post_data['error'] = __pl('invalid_revision');
490
}else{
491
492
- if ( ! current_user_can( 'delete_post', $revision->ID ) ) {
493
- $post_data['error'] = __pl('access_denied');
494
- pagelayer_json_output($post_data);
495
- return false;
496
}
497
498
$deleted = wp_delete_post_revision( $revision->ID );
499
500
if ( ! $deleted || is_wp_error( $deleted ) ) {
501
- $post_data['error'] = __pl('delete_rev_error');
502
}else{
503
- $post_data['success'] = __pl('delete_rev_success');
504
}
505
}
506
}
507
508
- pagelayer_json_output($post_data);
509
510
}
511
512
- // Get post revision
513
add_action('wp_ajax_pagelayer_post_nav', 'pagelayer_post_nav');
514
function pagelayer_post_nav() {
515
@@ -559,7 +660,7 @@ function pagelayer_post_nav() {
559
560
}
561
562
- // Get post comment template
563
add_action('wp_ajax_pagelayer_post_comment', 'pagelayer_post_comment');
564
function pagelayer_post_comment() {
565
global $post;
@@ -699,7 +800,7 @@ function pagelayer_fetch_posts(){
699
700
// Some AJAX security
701
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
702
-
703
echo pagelayer_widget_posts($_POST);
704
705
wp_die();
@@ -714,7 +815,7 @@ function pagelayer_posts_data(){
714
715
// Load shortcodes
716
pagelayer_load_shortcodes();
717
-
718
echo pagelayer_posts($_POST);
719
wp_die();
720
}
@@ -736,7 +837,7 @@ function pagelayer_archive_posts_data(){
736
737
// Load shortcodes
738
pagelayer_load_shortcodes();
739
-
740
echo pagelayer_posts($_POST, $_POST['pagelayer_wp_query']);
741
wp_die();
742
}
@@ -745,20 +846,110 @@ function pagelayer_archive_posts_data(){
745
add_action('wp_ajax_pagelayer_contact_submit', 'pagelayer_contact_submit');
746
add_action('wp_ajax_nopriv_pagelayer_contact_submit', 'pagelayer_contact_submit' );
747
function pagelayer_contact_submit(){
748
-
749
- $to_mail = get_option('pagelayer_cf_to_email');
750
- $subject = get_option('pagelayer_cf_subject');
751
752
$fdata = $_POST['form_data'];
753
parse_str($fdata, $formdata);
754
755
- // Make the email content
756
- foreach($formdata as $k => $i){
757
- $data .= ''.$k.'\t : \t'.$i.'\n';
758
}
759
760
// Send the email
761
- $r = wp_mail( $to_mail, $subject, $data );
762
763
if($r == TRUE){
764
$wp['success'] = get_option( 'pagelayer_cf_success' );
@@ -770,20 +961,10 @@ function pagelayer_contact_submit(){
770
771
}
772
773
- // Fetch Google reCaptcha Key
774
- add_action('wp_ajax_pagelayer_fetch_grecaptcha_key', 'pagelayer_fetch_grecaptcha_key');
775
- function pagelayer_fetch_grecaptcha_key(){
776
-
777
- $data['key'] = get_option('pagelayer_google_captcha');
778
-
779
- pagelayer_json_output($data);
780
-
781
- }
782
-
783
// Handle Login Submit
784
add_action('wp_ajax_pagelayer_login_submit', 'pagelayer_login_submit');
785
add_action('wp_ajax_nopriv_pagelayer_login_submit', 'pagelayer_login_submit');
786
- function pagelayer_login_submit(){
787
788
$fdata = $_POST['form_data'];
789
parse_str($fdata, $formdata);
@@ -816,8 +997,12 @@ function pagelayer_login_submit(){
816
add_action('wp_logout', 'pagelayer_after_logout');
817
function pagelayer_after_logout(){
818
819
$url = get_user_option('pagelayer_logout_url');
820
821
// We will redirect if we have the given item set.
822
if(!empty($url)){
823
wp_redirect( $url );
@@ -847,10 +1032,9 @@ function pagelayer_get_pages_list(){
847
}
848
$option .= '</ul>';
849
850
-
851
echo $option;
852
853
- wp_die();
854
}
855
856
// Get the data for template
@@ -946,10 +1130,21 @@ function pagelayer_save_template() {
946
$done = [];
947
948
$post_id = (int) $_GET['postID'];
949
950
// We need to create the post
951
if(empty($post_id)){
952
953
// Get the template type
954
if(empty($_POST['pagelayer_template_type'])){
955
$done['error'] = __pl('temp_error_type');
@@ -1289,6 +1484,11 @@ function pagelayer_export_template(){
1289
1290
$done = [];
1291
1292
// Load the templates
1293
pagelayer_builder_load_templates();
1294
38
// Some AJAX security
39
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
40
41
+ if(!current_user_can('edit_theme_options')){
42
+ $ret['error'][] = __pl('no_permission');
43
+ pagelayer_json_output($ret);
44
+ }
45
+
46
pagelayer_load_shortcodes();
47
48
header('Content-Type: application/json');
133
$content = $_POST['pagelayer_update_content'];
134
135
$postID = (int) $_GET['postID'];
136
+
137
if(empty($postID)){
138
+ $msg['error'] = __pl('invalid_post_id');
139
+ pagelayer_json_output($msg);
140
}
141
142
+ $_post = get_post($postID);
143
+
144
+ // Post found ?
145
+ if(empty($_post)){
146
+ $msg['error'] = __pl('invalid_post_id');
147
+ pagelayer_json_output($msg);
148
+ }
149
+
150
+ // Are you allowed to edit ?
151
+ if(!pagelayer_user_can_edit($postID)){
152
+ $msg['error'][] = __pl('no_permission');
153
+ pagelayer_json_output($msg);
154
+ }
155
156
+ // Check if the post exists
157
if(!empty($postID) && !empty($content)){
158
159
$post = array(
172
}
173
}
174
175
+ if(!empty($post['post_status']) && $post['post_status'] == 'publish'){
176
+
177
+ // Allowed to publish pages ?
178
+ if($_post->post_type == 'page' && !current_user_can('publish_pages')){
179
+ $msg['error'][] = __pl('no_publish_permission');
180
+ pagelayer_json_output($msg);
181
+ }
182
+
183
+ // Allowed to publish posts ?
184
+ if($_post->post_type == 'post' && !current_user_can('publish_posts')){
185
+ $post['post_status'] = 'pending';
186
+ }
187
+ }
188
+
189
$_REQUEST['page_props']['featured_image'] = (int) $_REQUEST['page_props']['featured_image'];
190
if(!empty($_REQUEST['page_props']['featured_image'])){
191
set_post_thumbnail($postID, $_REQUEST['page_props']['featured_image']);
193
delete_post_thumbnail($postID);
194
}
195
196
+ $header_code = !empty($_REQUEST['page_props']['header_code']) ? $_REQUEST['page_props']['header_code'] : '' ;
197
+ $footer_code = !empty($_REQUEST['page_props']['footer_code']) ? $_REQUEST['page_props']['footer_code'] : '' ;
198
+
199
+ // Set Custom header footer code
200
+ if(!empty($header_code)){
201
+ update_post_meta($postID, 'pagelayer_header_code', $header_code);
202
+ }else{
203
+ delete_post_meta($postID, 'pagelayer_header_code');
204
+ }
205
+
206
+ if(!empty($footer_code)){
207
+ update_post_meta($postID, 'pagelayer_footer_code', $footer_code);
208
+ }else{
209
+ delete_post_meta($postID, 'pagelayer_footer_code');
210
+ }
211
+
212
+ }
213
+
214
+ // Any contact templates ?
215
+ if(!empty($_REQUEST['contacts'])){
216
+ update_post_meta($postID, 'pagelayer_contact_templates', $_REQUEST['contacts']);
217
+ }else{
218
+ delete_post_meta($postID, 'pagelayer_contact_templates');
219
}
220
221
// Apply a filter
225
wp_update_post($post);
226
227
if (is_wp_error($postID)) {
228
+ $msg['error'] = __pl('post_update_err');
229
}else{
230
+ $msg['success'] = __pl('post_update_success');
231
}
232
233
}else{
234
+ $msg['error'] = __pl('post_update_err');
235
}
236
237
pagelayer_json_output($msg);
245
// Some AJAX security
246
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
247
248
+ if(!current_user_can('edit_posts')){// TODO : WooCommerce
249
+ $ret['error'][] = __pl('no_permission');
250
+ pagelayer_json_output($ret);
251
+ }
252
+
253
$data = '';
254
if(isset($_REQUEST['shortcode_data'])){
255
$data = stripslashes($_REQUEST['shortcode_data']);
298
// Some AJAX security
299
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
300
301
+ if(!current_user_can('edit_posts')){
302
+ $ret['error'][] = __pl('no_permission');
303
+ pagelayer_json_output($ret);
304
+ }
305
+
306
$data = '';
307
if(isset($_REQUEST['pagelayer_section_id'])){
308
309
$get_url = PAGELAYER_API.'/library.php?give_id='.$_REQUEST['pagelayer_section_id'].(!empty($pagelayer->license['license']) ? '&license='.$pagelayer->license['license'] : '');
310
+
311
+ // For SitePad users
312
+ if(function_exists('get_softaculous_file')){
313
+ $get_url = get_softaculous_file($get_url, 1);
314
+ }
315
+
316
$fetch = wp_remote_get($get_url, array('timeout' => 60));
317
318
if ( is_array( $fetch ) && ! is_wp_error( $fetch ) && isset( $fetch['body'] ) ) {
391
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
392
393
$site_title = $_POST['site_title'];
394
+
395
+ if(!current_user_can('manage_options')){
396
+ $ret['error'][] = __pl('no_permission');
397
+ pagelayer_json_output($ret);
398
+ }
399
400
update_option('blogname', $site_title);
401
461
462
// Some AJAX security
463
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
464
465
+ $ret = array();
466
+ $postID = (int) $_GET['postID'];
467
$content = $_REQUEST['pagelayer_post_content'];
468
+
469
+ // Are you allowed to edit ?
470
+ if(!pagelayer_user_can_edit($postID)){
471
+ $ret['error'][] = __pl('no_permission');
472
+ pagelayer_json_output($ret);
473
+ }
474
475
if(empty($postID)){
476
+ $ret['error'] = __pl('invalid_post_id');
477
}else{
478
479
$post = array(
481
'post_content' => $content,
482
);
483
484
+ $ret['id'] = wp_create_post_autosave($post);
485
}
486
487
+ $ret['url'] = get_preview_post_link($postID);
488
489
+ pagelayer_json_output($ret);
490
491
}
492
497
// Some AJAX security
498
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
499
500
+ $ret = array();
501
$postID = (int) $_GET['postID'];
502
+
503
+ // Are you allowed to edit ?
504
+ if(!pagelayer_user_can_edit($postID)){
505
+ $ret['error'][] = __pl('no_permission');
506
+ pagelayer_json_output($ret);
507
+ }
508
509
if(empty($postID)){
510
+ $ret['error'] = __pl('invalid_post_id');
511
}else{
512
+ $ret = pagelayer_get_post_revision_by_id($postID);
513
}
514
515
+ pagelayer_json_output($ret);
516
517
}
518
519
+ // Apply post revision
520
add_action('wp_ajax_pagelayer_apply_revision', 'pagelayer_apply_revision');
521
function pagelayer_apply_revision(){
522
524
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
525
526
$revisionID = (int) $_REQUEST['revisionID'];
527
+ $parID = wp_get_post_parent_id($revisionID);
528
+ $ret = array();
529
+
530
+ // Are you allowed to edit ?
531
+ if(!pagelayer_user_can_edit($parID)){
532
+ $ret['error'][] = __pl('no_permission');
533
+ pagelayer_json_output($ret);
534
+ }
535
536
if(empty($revisionID)){
537
+ $ret['error'] = __pl('invalid_post_id');
538
}else{
539
540
$post = get_post( $revisionID );
541
542
if ( empty( $post ) ) {
543
+ $ret['error'] = __pl('invalid_revision');
544
+ pagelayer_json_output($ret);
545
}
546
547
// Need to make the reviews post global
550
// Need to reload the shortcodes
551
pagelayer_load_shortcodes();
552
553
+ $ret['content'] = do_shortcode($post->post_content);
554
555
if (is_wp_error($postID)) {
556
+ $ret['error'] = __pl('rev_load_error');
557
}else{
558
+ $ret['success'] = __pl('rev_load_success');
559
}
560
561
wp_reset_postdata();
562
}
563
564
+ pagelayer_json_output($ret);
565
566
}
567
573
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
574
575
$revisionID = (int) $_REQUEST['revisionID'];
576
+ $parID = wp_get_post_parent_id($revisionID);
577
+
578
+ // Are you allowed to edit ?
579
+ if(!pagelayer_user_can_edit($parID)){
580
+ $ret['error'][] = __pl('no_permission');
581
+ pagelayer_json_output($ret);
582
+ }
583
584
if(empty($revisionID)){
585
+ $ret['error'] = __pl('invalid_post_id');
586
}else{
587
588
$revision = get_post( $revisionID );
589
590
if ( empty( $revision ) ) {
591
+ $ret['error'] = __pl('invalid_revision');
592
}else{
593
594
+ if ( ! current_user_can( 'delete_post', $parID ) ) {
595
+ $ret['error'] = __pl('access_denied');
596
+ pagelayer_json_output($ret);
597
}
598
599
$deleted = wp_delete_post_revision( $revision->ID );
600
601
if ( ! $deleted || is_wp_error( $deleted ) ) {
602
+ $ret['error'] = __pl('delete_rev_error');
603
}else{
604
+ $ret['success'] = __pl('delete_rev_success');
605
}
606
}
607
}
608
609
+ pagelayer_json_output($ret);
610
611
}
612
613
+ // Get post navigation
614
add_action('wp_ajax_pagelayer_post_nav', 'pagelayer_post_nav');
615
function pagelayer_post_nav() {
616
660
661
}
662
663
+ // Get post comment template
664
add_action('wp_ajax_pagelayer_post_comment', 'pagelayer_post_comment');
665
function pagelayer_post_comment() {
666
global $post;
800
801
// Some AJAX security
802
check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
803
+ // TODO : Allowed
804
echo pagelayer_widget_posts($_POST);
805
806
wp_die();
815
816
// Load shortcodes
817
pagelayer_load_shortcodes();
818
+ // TODO : Allowed
819
echo pagelayer_posts($_POST);
820
wp_die();
821
}
837
838
// Load shortcodes
839
pagelayer_load_shortcodes();
840
+ // TODO : Allowed
841
echo pagelayer_posts($_POST, $_POST['pagelayer_wp_query']);
842
wp_die();
843
}
846
add_action('wp_ajax_pagelayer_contact_submit', 'pagelayer_contact_submit');
847
add_action('wp_ajax_nopriv_pagelayer_contact_submit', 'pagelayer_contact_submit' );
848
function pagelayer_contact_submit(){
849
+
850
+ // Some AJAX security
851
+ check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
852
853
$fdata = $_POST['form_data'];
854
parse_str($fdata, $formdata);
855
856
+ $to_mail = get_option('pagelayer_cf_to_email');
857
+ $from_mail = get_option('pagelayer_cf_from_email');
858
+ $subject = get_option('pagelayer_cf_subject');
859
+ $additional_headers = get_option('pagelayer_cf_headers');
860
+ $body = '';
861
+ $headers = '';
862
+ $custom_templ = array();
863
+ $use_custom = false;
864
+ $use_html = false;
865
+ $pagelayer_id = $formdata['cfa-pagelayer-id'];
866
+
867
+ if(isset($formdata['cfa-custom-template']) && !empty($formdata['cfa-post-id'])){
868
+ $post_id = (int) $formdata['cfa-post-id'];
869
+
870
+ if(!empty($post_id)){
871
+ $contact_array = get_post_meta($post_id, 'pagelayer_contact_templates', true);
872
+
873
+ if(!empty($contact_array) && !empty($contact_array[$pagelayer_id])){
874
+ $custom_templ = $contact_array[$pagelayer_id];
875
+ $use_custom = true;
876
+ }
877
+ }
878
+ }
879
+
880
+ if($use_custom && !empty($custom_templ)){
881
+
882
+ if(!empty($custom_templ['to_email'])){
883
+ $to_mail = $custom_templ['to_email'];
884
+ }
885
+
886
+ if(!empty($custom_templ['from_email'])){
887
+ $from_mail = $custom_templ['from_email'];
888
+ }
889
+
890
+ if(!empty($custom_templ['cont_subject'])){
891
+ $subject = $custom_templ['cont_subject'];
892
+ }
893
+
894
+ if(!empty($custom_templ['cont_header'])){
895
+ $additional_headers = $custom_templ['cont_header'];
896
+ }
897
+
898
+ if(!empty($custom_templ['cont_body'])){
899
+ $body = $custom_templ['cont_body'];
900
+ }
901
+
902
+ if(!empty($custom_templ['cont_use_html'])){
903
+ $use_html = true;
904
+ $headers .= "Content-Type: text/html\n";
905
+ }
906
+ }
907
+
908
+ if(!empty($from_mail)){
909
+ $headers .= "From: $from_mail\n";
910
+ }
911
+
912
+ if ( empty($additional_headers) ) {
913
+ $headers .= $additional_headers . "\n";
914
+ }
915
+
916
+ if ( empty($body) ) {
917
+
918
+ // Make the email content
919
+ foreach($formdata as $k => $i){
920
+
921
+ $not_allow = ['cfa-pagelayer-id', 'cfa-redirect', 'cfa-post-id', 'cfa-custom-template', 'pagelayer-contact-submit'];
922
+ if(in_array($k, $not_allow)){
923
+ continue;
924
+ }
925
+
926
+ $body .= $k."\t : \t".$i."\n";
927
+ }
928
+
929
+ $body .= "\n\n --\n This e-mail was sent from a contact form (".get_home_url().")";
930
+
931
+ }
932
+
933
+ // Do parse a variables
934
+ $to_mail = pagelayer_replace_vars($to_mail, $formdata, '#x27;);
935
+ $from_mail = pagelayer_replace_vars($from_mail, $formdata, '#x27;);
936
+ $subject = pagelayer_replace_vars($subject, $formdata, '#x27;);
937
+ $additional_headers = pagelayer_replace_vars($additional_headers, $formdata, '#x27;);
938
+ $body = pagelayer_replace_vars($body, $formdata, '#x27;);
939
+
940
+ if ( $use_html && ! preg_match( '%<html[>\s].*</html>%is', $body ) ) {
941
+ $header = '<!doctype html>
942
+ <html xmlns="http://www.w3.org/1999/xhtml">
943
+ <head><title>' . esc_html( $subject ) . '</title></head>
944
+ <body>';
945
+
946
+ $footer = '</body></html>';
947
+
948
+ $body = $header . wpautop( $body ) . $footer;
949
}
950
951
// Send the email
952
+ $r = wp_mail( $to_mail, $subject, $body, $headers );
953
954
if($r == TRUE){
955
$wp['success'] = get_option( 'pagelayer_cf_success' );
961
962
}
963
964
// Handle Login Submit
965
add_action('wp_ajax_pagelayer_login_submit', 'pagelayer_login_submit');
966
add_action('wp_ajax_nopriv_pagelayer_login_submit', 'pagelayer_login_submit');
967
+ function pagelayer_login_submit(){
968
969
$fdata = $_POST['form_data'];
970
parse_str($fdata, $formdata);
997
add_action('wp_logout', 'pagelayer_after_logout');
998
function pagelayer_after_logout(){
999
1000
+ // Get the URL
1001
$url = get_user_option('pagelayer_logout_url');
1002
1003
+ // Now blank it
1004
+ update_user_option('pagelayer_logout_url', '');
1005
+
1006
// We will redirect if we have the given item set.
1007
if(!empty($url)){
1008
wp_redirect( $url );
1032
}
1033
$option .= '</ul>';
1034
1035
echo $option;
1036
1037
+ wp_die();
1038
}
1039
1040
// Get the data for template
1130
$done = [];
1131
1132
$post_id = (int) $_GET['postID'];
1133
+
1134
+ // Are you allowed to edit ?
1135
+ if(!empty($post_id) && !pagelayer_user_can_edit($post_id)){
1136
+ $done['error'][] = __pl('no_permission');
1137
+ pagelayer_json_output($done);
1138
+ }
1139
1140
// We need to create the post
1141
if(empty($post_id)){
1142
1143
+ if (!current_user_can('edit_posts')) {
1144
+ $done['error'] = __pl('access_denied');
1145
+ pagelayer_json_output($done);
1146
+ }
1147
+
1148
// Get the template type
1149
if(empty($_POST['pagelayer_template_type'])){
1150
$done['error'] = __pl('temp_error_type');
1484
1485
$done = [];
1486
1487
+ if(!current_user_can('edit_theme_options')){
1488
+ $done['error'][] = __pl('no_permission');
1489
+ pagelayer_json_output($done);
1490
+ }
1491
+
1492
// Load the templates
1493
pagelayer_builder_load_templates();
1494
main/functions.php CHANGED
@@ -443,19 +443,48 @@ function pagelayer_is_live_iframe(){
443
// Can the current user edit the post ?
444
function pagelayer_user_can_edit($post = NULL){
445
446
- global $wp_the_query, $current_user;
447
448
- if(!isset($post) || empty($post) || $post === NULL){
449
- global $post;
450
}
451
452
- wp_get_current_user();
453
-
454
- if(isset($post) && is_object($post) && isset($post->ID) && isset($post->post_author) && isset($current_user) && is_object($current_user) && isset($current_user->ID) && (current_user_can('edit_others_posts', $post->ID) || ($post->post_author == $current_user->ID))){
455
- return true;
456
}
457
458
- return false;
459
460
}
461
@@ -477,8 +506,38 @@ function pagelayer_icon_sources(){
477
return array();
478
}
479
480
// Loads the shortcodes
481
function pagelayer_load_shortcodes(){
482
483
include_once(PAGELAYER_DIR.'/main/shortcode_functions.php');
484
if(defined('PAGELAYER_PREMIUM')){
@@ -1166,6 +1225,9 @@ function pagelayer_posts($params, $args = []){
1166
}
1167
//pagelayer_print($args);
1168
1169
$postsquery = new WP_Query($args);
1170
$data = '';
1171
@@ -1956,4 +2018,15 @@ color: red;
1956
}
1957
}
1958
1959
}
443
// Can the current user edit the post ?
444
function pagelayer_user_can_edit($post = NULL){
445
446
+ global $wp_the_query, $current_user, $pagelayer;
447
+
448
+ $post = get_post($post);
449
450
+ if(empty($post)){
451
+ return false;
452
}
453
454
+ // No trash editing
455
+ if(get_post_status($post->ID) === 'trash'){
456
+ return false;
457
+ }
458
+
459
+ // Is pagelayer supposed to edit this ?
460
+ if(!in_array($post->post_type, $pagelayer->settings['post_types']) && $post->post_type != 'pagelayer-template'){
461
+ return false;
462
+ }
463
+
464
+ // Get the post type object
465
+ $object = get_post_type_object($post->post_type);
466
+
467
+ // Is this type editable by the user ?
468
+ if(!current_user_can($object->cap->edit_posts)){
469
+ return false;
470
+ }
471
+
472
+ // Is this type editable ?
473
+ if(!isset($object->cap->edit_post)){
474
+ return false;
475
+ }
476
+
477
+ // Can this user edit the post type ?
478
+ if(!current_user_can($object->cap->edit_post, $post->ID)){
479
+ return false;
480
+ }
481
+
482
+ // Page for blogs not allowed
483
+ if(get_option('page_for_posts') === $post->ID){
484
+ return false;
485
}
486
487
+ return true;
488
489
}
490
506
return array();
507
}
508
509
+ // Sets the memory limit
510
+ function pagelayer_memory_limit($mb){
511
+
512
+ $bytes = ($mb * 1024 * 1024);
513
+ $mb_str = (string) $mb.'M';
514
+
515
+ // Some servers might have ini_get disabled
516
+ if(function_exists('ini_get')){
517
+ $memory_limit = @ini_get('memory_limit');
518
+ }
519
+
520
+ if(empty($memory_limit)){
521
+ return;
522
+ }
523
+
524
+ $memory_limit_bytes = (strpos($memory_limit, 'M') ? (intval($memory_limit) * 1024 * 1024) : intval($memory_limit));
525
+
526
+ //$memory_limit_bytes > 0 is for memory limit = -1
527
+ if($memory_limit_bytes <= $bytes && $memory_limit_bytes > 0){
528
+
529
+ // Some servers might have ini_set disabled
530
+ if(function_exists('ini_set')){
531
+ @ini_set('memory_limit', $mb_str);
532
+ }
533
+ }
534
+
535
+ }
536
+
537
// Loads the shortcodes
538
function pagelayer_load_shortcodes(){
539
+
540
+ pagelayer_memory_limit(64);
541
542
include_once(PAGELAYER_DIR.'/main/shortcode_functions.php');
543
if(defined('PAGELAYER_PREMIUM')){
1225
}
1226
//pagelayer_print($args);
1227
1228
+ // Only see published posts
1229
+ $args['post_status'] = 'publish';
1230
+
1231
$postsquery = new WP_Query($args);
1232
$data = '';
1233
2018
}
2019
}
2020
2021
+ }
2022
+
2023
+ // Parse the array variables
2024
+ function pagelayer_replace_vars( $string, $array, $pre = '', $suf = ''){
2025
+
2026
+ $array = (array) $array;
2027
+
2028
+ foreach($array as $kk => $vv){
2029
+ $string = str_replace($pre.$kk.$suf, $vv, $string);
2030
+ }
2031
+ return $string;
2032
}
main/license.php CHANGED
@@ -88,6 +88,10 @@ function pagelayer_license_T(){
88
global $pagelayer, $pl_error;
89
90
pagelayer_page_header('Pagelayer License');
91
92
// Saved ?
93
if(!empty($GLOBALS['pl_saved'])){
88
global $pagelayer, $pl_error;
89
90
pagelayer_page_header('Pagelayer License');
91
+
92
+ if(isset($_REQUEST['save_pl_license'])){
93
+ check_admin_referer('pagelayer-options');
94
+ }
95
96
// Saved ?
97
if(!empty($GLOBALS['pl_saved'])){
main/settings.php CHANGED
@@ -157,6 +157,10 @@ function pagelayer_settings_page(){
157
158
$option_name = 'pl_gen_setting' ;
159
$new_value = '';
160
161
if(isset($_REQUEST['pl_gen_setting'])){
162
$new_value = $_REQUEST['pl_gen_setting'];
@@ -354,6 +358,42 @@ function pagelayer_settings_page(){
354
}
355
}
356
357
if(isset($_REQUEST['pagelayer_cf_success'])){
358
359
$success = $_REQUEST['pagelayer_cf_success'];
@@ -415,6 +455,16 @@ function pagelayer_settings_page(){
415
// Save it
416
update_option( 'pagelayer-fbapp-id', $fb_app_id );
417
}
418
}
419
420
$post_type = array('post', 'page', 'product');
@@ -428,6 +478,7 @@ function pagelayer_settings_page(){
428
429
?>
430
<form class="pagelayer-setting-form" method="post" action="">
431
<div class="tabs-wrapper">
432
<h2 class="nav-tab-wrapper pagelayer-wrapper">
433
<a href="#general" class="nav-tab">General</a>
@@ -463,50 +514,72 @@ function pagelayer_settings_page(){
463
<div class="pagelayer-tab-panel" id="settings">
464
<table>
465
<tr>
466
- <th>Content Width</th>
467
<td>
468
<input name="pagelayer_content_width" type="number" step="1" min="320" max="5000" placeholder="1170" <?php if(get_option('pagelayer_content_width')){
469
echo 'value="'.get_option('pagelayer_content_width').'"';
470
}?>>
471
- <p>Set the custom width of the content area. The default width set is 1170px</p>
472
</td>
473
<tr>
474
<tr>
475
- <th>Space Between Widgets</th>
476
<td>
477
<input name="pagelayer_between_widgets" type="number" step="1" min="0" max="500" placeholder="15" <?php if(get_option('pagelayer_between_widgets')){
478
echo 'value="'.get_option('pagelayer_between_widgets').'"';
479
}?>>
480
- <p>Set the Space Between Widgets. The default Space set is 15px</p>
481
</td>
482
<tr>
483
<tr>
484
- <th>Body Font</th>
485
<td>
486
<input name="pagelayer_body_font" type="text" placeholder="Open Sans" <?php if(get_option('pagelayer_body_font')){
487
echo 'value="'.get_option('pagelayer_body_font').'"';
488
}?>>
489
- <p>Please give font name as it appears on Google fonts site. You can check all google fonts here: <a href="https://fonts.google.com" target="_blank">https://fonts.google.com</a></p>
490
</td>
491
<tr>
492
<tr>
493
- <th>Tablet Breakpoint</th>
494
<td>
495
<input name="pagelayer_tablet_breakpoint" type="number" step="1" min="320" max="5000" placeholder="768" <?php if(get_option('pagelayer_tablet_breakpoint')){
496
echo 'value="'.get_option('pagelayer_tablet_breakpoint').'"';
497
}?>>
498
- <p>Set the breakpoint for tablet devices. The default breakpoint for tablet layout is 768px</p>
499
</td>
500
</tr>
501
<tr>
502
- <th>Mobile Breakpoint</th>
503
<td>
504
<input name="pagelayer_mobile_breakpoint" type="number" step="1" min="320" max="5000" placeholder="360" <?php if(get_option('pagelayer_mobile_breakpoint')){
505
echo 'value="'.get_option('pagelayer_mobile_breakpoint').'"';
506
}?>>
507
- <p>Set the breakpoint for mobile devices. The default breakpoint for mobile layout is 360px</p>
508
</td>
509
</tr>
510
</table>
511
</div>
512
<div class="pagelayer-tab-panel" id="icons">
@@ -615,7 +688,7 @@ function pagelayer_settings_page(){
615
</tr>
616
</table>
617
</div>
618
- <div class="pagelayer-tab-panel" id="contactform">
619
<table>
620
<tr>
621
<th scope="row">To Email:</th>
@@ -627,6 +700,17 @@ function pagelayer_settings_page(){
627
</label>
628
</td>
629
</tr>
630
<tr>
631
<th scope="row">Subject:</th>
632
<td>
@@ -638,7 +722,21 @@ function pagelayer_settings_page(){
638
</td>
639
</tr>
640
<tr>
641
- <th scope="row">Success Message:</th>
642
<td>
643
<label>
644
<input name="pagelayer_cf_success" type="text" placeholder="Success" <?php if(get_option('pagelayer_cf_success')){
@@ -648,7 +746,7 @@ function pagelayer_settings_page(){
648
</td>
649
</tr>
650
<tr>
651
- <th scope="row">Failed Message: </th>
652
<td>
653
<label>
654
<input name="pagelayer_cf_failed" type="text" placeholder="Failed" <?php if(get_option('pagelayer_cf_failed')){
@@ -702,4 +800,4 @@ function pagelayer_settings_page(){
702
703
pagelayer_page_footer();
704
705
- }
157
158
$option_name = 'pl_gen_setting' ;
159
$new_value = '';
160
+
161
+ if(isset($_REQUEST['submit'])){
162
+ check_admin_referer('pagelayer-options');
163
+ }
164
165
if(isset($_REQUEST['pl_gen_setting'])){
166
$new_value = $_REQUEST['pl_gen_setting'];
358
}
359
}
360
361
+ if(isset($_REQUEST['pagelayer_cf_headers'])){
362
+
363
+ $subject = $_REQUEST['pagelayer_cf_headers'];
364
+
365
+ if ( get_option( 'pagelayer_cf_headers' ) !== false ) {
366
+
367
+ // The option already exists, so we just update it.
368
+ update_option( 'pagelayer_cf_headers', $subject );
369
+
370
+ } else {
371
+
372
+ // The option hasn't been added yet. We'll add it with $autoload set to 'no'.
373
+ $deprecated = null;
374
+ $autoload = 'no';
375
+ add_option( 'pagelayer_cf_headers', $subject, $deprecated, $autoload );
376
+ }
377
+ }
378
+
379
+ if(isset($_REQUEST['pagelayer_cf_from_email'])){
380
+
381
+ $subject = $_REQUEST['pagelayer_cf_from_email'];
382
+
383
+ if ( get_option( 'pagelayer_cf_from_email' ) !== false ) {
384
+
385
+ // The option already exists, so we just update it.
386
+ update_option( 'pagelayer_cf_from_email', $subject );
387
+
388
+ } else {
389
+
390
+ // The option hasn't been added yet. We'll add it with $autoload set to 'no'.
391
+ $deprecated = null;
392
+ $autoload = 'no';
393
+ add_option( 'pagelayer_cf_from_email', $subject, $deprecated, $autoload );
394
+ }
395
+ }
396
+
397
if(isset($_REQUEST['pagelayer_cf_success'])){
398
399
$success = $_REQUEST['pagelayer_cf_success'];
455
// Save it
456
update_option( 'pagelayer-fbapp-id', $fb_app_id );
457
}
458
+
459
+ // Save Header code
460
+ if(isset($_REQUEST['pagelayer_header_code'])){
461
+ update_option( 'pagelayer_header_code', wp_unslash($_REQUEST['pagelayer_header_code'] ));
462
+ }
463
+
464
+ // Save Footyer code
465
+ if(isset($_REQUEST['pagelayer_footer_code'])){
466
+ update_option( 'pagelayer_footer_code', wp_unslash($_REQUEST['pagelayer_footer_code'] ));
467
+ }
468
}
469
470
$post_type = array('post', 'page', 'product');
478
479
?>
480
<form class="pagelayer-setting-form" method="post" action="">
481
+ <?php wp_nonce_field('pagelayer-options'); ?>
482
<div class="tabs-wrapper">
483
<h2 class="nav-tab-wrapper pagelayer-wrapper">
484
<a href="#general" class="nav-tab">General</a>
514
<div class="pagelayer-tab-panel" id="settings">
515
<table>
516
<tr>
517
+ <th><?php echo __('Content Width') ?></th>
518
<td>
519
<input name="pagelayer_content_width" type="number" step="1" min="320" max="5000" placeholder="1170" <?php if(get_option('pagelayer_content_width')){
520
echo 'value="'.get_option('pagelayer_content_width').'"';
521
}?>>
522
+ <p><?php echo __('Set the custom width of the content area. The default width set is 1170px.') ?></p>
523
</td>
524
<tr>
525
<tr>
526
+ <th><?php echo __('Space Between Widgets') ?></th>
527
<td>
528
<input name="pagelayer_between_widgets" type="number" step="1" min="0" max="500" placeholder="15" <?php if(get_option('pagelayer_between_widgets')){
529
echo 'value="'.get_option('pagelayer_between_widgets').'"';
530
}?>>
531
+ <p><?php echo __('Set the Space Between Widgets. The default Space set is 15px.') ?></p>
532
</td>
533
<tr>
534
<tr>
535
+ <th><?php echo __('Body Font') ?></th>
536
<td>
537
<input name="pagelayer_body_font" type="text" placeholder="Open Sans" <?php if(get_option('pagelayer_body_font')){
538
echo 'value="'.get_option('pagelayer_body_font').'"';
539
}?>>
540
+ <p><?php echo __('Please give font name as it appears on Google fonts site. You can check all google fonts here: <a href="https://fonts.google.com" target="_blank">https://fonts.google.com</a>.') ?></p>
541
</td>
542
<tr>
543
<tr>
544
+ <th><?php echo __('Tablet Breakpoint') ?></th>
545
<td>
546
<input name="pagelayer_tablet_breakpoint" type="number" step="1" min="320" max="5000" placeholder="768" <?php if(get_option('pagelayer_tablet_breakpoint')){
547
echo 'value="'.get_option('pagelayer_tablet_breakpoint').'"';
548
}?>>
549
+ <p><?php echo __('Set the breakpoint for tablet devices. The default breakpoint for tablet layout is 768px.') ?></p>
550
</td>
551
</tr>
552
<tr>
553
+ <th><?php echo __('Mobile Breakpoint') ?></th>
554
<td>
555
<input name="pagelayer_mobile_breakpoint" type="number" step="1" min="320" max="5000" placeholder="360" <?php if(get_option('pagelayer_mobile_breakpoint')){
556
echo 'value="'.get_option('pagelayer_mobile_breakpoint').'"';
557
}?>>
558
+ <p><?php echo __('Set the breakpoint for mobile devices. The default breakpoint for mobile layout is 360px.') ?></p>
559
+ </td>
560
+ </tr>
561
+ <?php if(defined('PAGELAYER_PREMIUM')){ ?>
562
+ <tr>
563
+ <td colspan="2">
564
+ <b><?php echo __('Header and Footer code :');?></b>
565
+ <p><?php echo __('You can add custom code like HTML, JavaScript, CSS etc. which will be inserted throughout your site.');?></p>
566
</td>
567
</tr>
568
+ <tr>
569
+ <th><?php echo __('Header Code : ');?></th>
570
+ <td>
571
+ <textarea name="pagelayer_header_code" style="width:80%;" rows="6"><?php echo get_option( 'pagelayer_header_code' ); ?></textarea>
572
+ <p> <?php echo __('These Code will be printed in <code>&lt;head&gt;</code> Section.') ?> </p>
573
+ </td>
574
+ </tr>
575
+ <tr>
576
+ <th><?php echo __('Footer Code: ');?></th>
577
+ <td>
578
+ <textarea name="pagelayer_footer_code" style="width:80%;" rows="6"><?php echo get_option( 'pagelayer_footer_code' ); ?></textarea>
579
+ <p> <?php echo __('These Code will be printed before closing the <code>&lt;/body&gt;</code> Section.') ?> </p>
580
+ </td>
581
+ </tr>
582
+ <?php } ?>
583
</table>
584
</div>
585
<div class="pagelayer-tab-panel" id="icons">
688
</tr>
689
</table>
690
</div>
691
+ <div class="pagelayer-tab-panel pagelayer-cf" id="contactform">
692
<table>
693
<tr>
694
<th scope="row">To Email:</th>
700
</label>
701
</td>
702
</tr>
703
+ <tr>
704
+ <th scope="row">From Email:</th>
705
+ <td>
706
+ <label>
707
+ <input name="pagelayer_cf_from_email" type="text" placeholder="My Site <email@domain.com>" <?php
708
+ if(get_option('pagelayer_cf_from_email')){
709
+ echo 'value="'.get_option('pagelayer_cf_from_email').'"';
710
+ }?>/>
711
+ </label>
712
+ </td>
713
+ </tr>
714
<tr>
715
<th scope="row">Subject:</th>
716
<td>
722
</td>
723
</tr>
724
<tr>
725
+ <th scope="row">Additional Headers: </th>
726
+ <td>
727
+ <label>
728
+ <textarea rows="3" name="pagelayer_cf_headers"><?php
729
+ if(get_option('pagelayer_cf_headers')){
730
+ echo get_option('pagelayer_cf_headers');
731
+ } ?></textarea>
732
+ </label>
733
+ </td>
734
+ </tr>
735
+ <tr>
736
+ <td colspan="2"><b>Messages : </b><p>You can edit messages used for information of your form here.</p></td>
737
+ </tr>
738
+ <tr>
739
+ <th scope="row">Success Message :</th>
740
<td>
741
<label>
742
<input name="pagelayer_cf_success" type="text" placeholder="Success" <?php if(get_option('pagelayer_cf_success')){
746
</td>
747
</tr>
748
<tr>
749
+ <th scope="row">Failed Message : </th>
750
<td>
751
<label>
752
<input name="pagelayer_cf_failed" type="text" placeholder="Failed" <?php if(get_option('pagelayer_cf_failed')){
800
801
pagelayer_page_footer();
802
803
+ }
main/shortcode_functions.php CHANGED
@@ -497,6 +497,9 @@ function pagelayer_render_shortcode($atts, $content = '', $tag = ''){
497
$div = str_replace('{{pagelayer_do_shortcode}}', do_shortcode($el['content']), $div);
498
}
499
500
return $div;
501
502
}
497
$div = str_replace('{{pagelayer_do_shortcode}}', do_shortcode($el['content']), $div);
498
}
499
500
+ // Sanitize the content
501
+ $div = apply_filters( 'pagelayer_sanitize_do_shortcode', $div );
502
+
503
return $div;
504
505
}
main/shortcodes.php CHANGED
@@ -7525,7 +7525,7 @@ pagelayer_add_shortcode(PAGELAYER_SC_PREFIX.'_embed', array(
7525
'data' => array(
7526
'type' => 'textarea',
7527
'label' => __pl('embed_paste_code'),
7528
- 'default' => '<p>Paste HTML code here...</P>',
7529
'desc' => '',
7530
),
7531
)
@@ -8596,11 +8596,26 @@ pagelayer_add_shortcode(PAGELAYER_SC_PREFIX.'_post_props', array(
8596
'label' => __pl('excerpt'),
8597
),
8598
),
8599
)
8600
);
8601
8602
-
8603
-
8604
////////////////////////
8605
// WordPress Group
8606
////////////////////////
7525
'data' => array(
7526
'type' => 'textarea',
7527
'label' => __pl('embed_paste_code'),
7528
+ 'default' => '<p>Paste HTML code here...</p>',
7529
'desc' => '',
7530
),
7531
)
8596
'label' => __pl('excerpt'),
8597
),
8598
),
8599
+ 'custom_hf_code' => array(
8600
+ 'header_code' => array(
8601
+ 'type' => 'textarea',
8602
+ 'label' => __pl('header_code'),
8603
+ 'rows' => 4,
8604
+ 'pro' => 1,
8605
+ ),
8606
+ 'footer_code' => array(
8607
+ 'type' => 'textarea',
8608
+ 'label' => __pl('footer_code'),
8609
+ 'rows' => 4,
8610
+ 'pro' => 1,
8611
+ ),
8612
+ ),
8613
+ 'styles' => array(
8614
+ 'custom_hf_code' => __pl('custom_hf_code'),
8615
+ ),
8616
)
8617
);
8618
8619
////////////////////////
8620
// WordPress Group
8621
////////////////////////
pagelayer.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: PageLayer
4
Plugin URI: http://wordpress.org/plugins/pagelayer/
5
Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6
- Version: 1.1.0
7
Author: Pagelayer Team
8
Author URI: https://pagelayer.com/
9
License: LGPL v2.1
3
Plugin Name: PageLayer
4
Plugin URI: http://wordpress.org/plugins/pagelayer/
5
Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6
+ Version: 1.1.1
7
Author: Pagelayer Team
8
Author URI: https://pagelayer.com/
9
License: LGPL v2.1
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: page builder, editor, landing page, drag-and-drop, pagelayer, form-builder
4
Requires at least: 4.7
5
Tested up to: 5.4
6
Requires PHP: 5.5
7
- Stable tag: 1.1.0
8
License: LGPL v2.1
9
License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10
@@ -109,6 +109,17 @@ Do you have questions related to PageLayer ? Use the following links :
109
110
== Changelog ==
111
112
= 1.1.0 (April 17, 2020) =
113
* [Task] The "Element ID" option has been added for the items in the accordion and collapse widget, Now you can use the accordion and collapse widget as a reference link.
114
* [Task] Made Pagelayer compatible with the "Smush" plugin.
4
Requires at least: 4.7
5
Tested up to: 5.4
6
Requires PHP: 5.5
7
+ Stable tag: 1.1.1
8
License: LGPL v2.1
9
License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10
109
110
== Changelog ==
111
112
+ = 1.1.1 (May 2, 2020) =
113
+ * [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed.
114
+ * [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes.
115
+ * [Premium-Feature] The Pagelayer settings have added the option to add custom header and footer code for the entire site, and you can also add custom header and footer code for particular pages / posts from the "Edit Body and Post Props" option in the Pagelayer editor.
116
+ * [Premium-Feature] Added "From Email" and "Additional Headers" options for the contact forms in the Pagelayer settings.
117
+ * [Premium-Feature] Added options to create custom mail template for the contact forms in the "Contact form" widget.
118
+ * [Task] The new property type "model" is defined.
119
+ * [Bug-Fix] In the audio widget, the play and volume icon was invisible. This is fixed.
120
+ * [Bug-Fix] In the contact form widget, the Redirect option was not working. This is fixed.
121
+ * [Bug-Fix] In some cases, memory was exhausted while loading the shortcodes.
122
+
123
= 1.1.0 (April 17, 2020) =
124
* [Task] The "Element ID" option has been added for the items in the accordion and collapse widget, Now you can use the accordion and collapse widget as a reference link.
125
* [Task] Made Pagelayer compatible with the "Smush" plugin.