Page Builder: PageLayer – Drag and Drop website builder

Version Description

(May 2, 2020) = * [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed. * [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes. * [Premium-Feature] The Pagelayer settings have added the option to add custom header and footer code for the entire site, and you can also add custom header and footer code for particular pages / posts from the "Edit Body and Post Props" option in the Pagelayer editor. * [Premium-Feature] Added "From Email" and "Additional Headers" options for the contact forms in the Pagelayer settings. * [Premium-Feature] Added options to create custom mail template for the contact forms in the "Contact form" widget. * [Task] The new property type "model" is defined. * [Bug-Fix] In the audio widget, the play and volume icon was invisible. This is fixed. * [Bug-Fix] In the contact form widget, the Redirect option was not working. This is fixed. * [Bug-Fix] In some cases, memory was exhausted while loading the shortcodes.

Download this release

Release Info

Developer	pagelayer
Plugin	Page Builder: PageLayer – Drag and Drop website builder
Version	1.1.1
Comparing to
See all releases

Code changes from version 1.1.0 to 1.1.1

Files changed (15) hide show

css/pagelayer-admin.css +10 -0
css/pagelayer-editor.css +44 -1
init.php +45 -3
js/pagelayer-editor.js +35 -1
js/pagelayer-frontend.js +6 -0
js/properties.js +47 -1
languages/en.json +20 -1
main/ajax.php +260 -60
main/functions.php +81 -8
main/license.php +4 -0
main/settings.php +112 -14
main/shortcode_functions.php +3 -0
main/shortcodes.php +18 -3
pagelayer.php +1 -1
readme.txt +12 -1

css/pagelayer-admin.css CHANGED Viewed

@@ -27,3 +27,13 @@ display:none;
             .pagelayer-setting-form td .pagelayer-app-id{
             width:350px;
+            }


27	.pagelayer-setting-form td .pagelayer-app-id{
28	width:350px;
29	}
30	+
31	+ .pagelayer-cf table{
32	+ width: 80%;
33	+ }
34	+
35	+ .pagelayer-cf table label,
36	+ .pagelayer-cf table input:not([type="checkbox"]):not([type="radio"]),
37	+ .pagelayer-cf table textarea{
38	+ width: 100%;
39	+ }

css/pagelayer-editor.css CHANGED Viewed

@@ -853,6 +853,7 @@ position:relative;
             border: 1px solid #2EA5DF;
+            }
             .pagelayer-elp-access{
             cursor: pointer;
             padding: 10px;
@@ -3115,4 +3116,46 @@ font: bold 2em Poppins, sans-serif
+            }
+            }
-            -
            /* Pre-Loading animaiton classes end*/


853	border: 1px solid #2EA5DF;
854	}
855
856	+ .pagelayer-elp-modal,
857	.pagelayer-elp-access{
858	cursor: pointer;
859	padding: 10px;

3116	}
3117	}
3118
3119	+ /* Pre-Loading animaiton classes end*/
3120	+ /* Property modal start*/
3121	+ .pagelayer-elp-modal-wrapper{
3122	+ position: fixed;
3123	+ top: 0;
3124	+ bottom: 0;
3125	+ left: 0;
3126	+ right: 0;
3127	+ overflow-y: auto;
3128	+ background: #0000009c;
3129	+ z-index: 999;
3130	+ color: #fff;
3131	+ display:none;
3132	+ }
3133	+
3134	+ .pagelayer-elp-modal-wrap{
3135	+ width: 500px;
3136	+ background-color: #fff;
3137	+ position: relative;
3138	+ margin: 20px auto;
3139	+ border-radius: 5px;
3140	+ box-shadow: 0px 0px 7px 0px #fff;
3141	+ }
3142	+
3143	+ .pagelayer-elp-modal-close{
3144	+ float:right;
3145	+ padding: 5px;
3146	+ cursor:pointer
3147	+ }
3148	+
3149	+ .pagelayer-elp-modal-header{
3150	+ padding:15px 20px 10px;
3151	+ margin-top: 10px;
3152	+ font-size: 13px;
3153	+ font-weight: bold;
3154	+ color: #555;
3155	+ }
3156	+
3157	+ .pagelayer-elp-modal-holder{
3158	+ padding: 5px 20px 10px;
3159	+ }
3160	+
3161	+ /* Property modal end*/

init.php CHANGED Viewed

@@ -5,7 +5,7 @@ if (!defined('ABSPATH')) exit;
             define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
             define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
-            -
            define('PAGELAYER_VERSION', '1.1.0');
             define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
             define('PAGELAYER_SLUG', 'pagelayer');
             define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));
@@ -266,7 +266,7 @@ function pagelayer_load_live_body(){
+            	}
             	// Are you allowed to edit ?
-            -
            	if(!pagelayer_user_can_edit()){
             		return;
+            	}
@@ -436,7 +436,7 @@ function pagelayer_load_live(){
+            	}
             	// Are you allowed to edit ?
-            -
            	if(!pagelayer_user_can_edit()){
             		return;
+            	}
@@ -552,5 +552,47 @@ function pagelayer_plugin_action_links($links){
             	return $links;
+            }
             // Pagelayer Template Loading Mechanism
             include_once(PAGELAYER_DIR.'/main/template.php');


5
6	define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
7	define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
8	+ define('PAGELAYER_VERSION', '1.1.1');
9	define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
10	define('PAGELAYER_SLUG', 'pagelayer');
11	define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));

266	}
267
268	// Are you allowed to edit ?
269	+ if(!pagelayer_user_can_edit($post->ID)){
270	return;
271	}
272

436	}
437
438	// Are you allowed to edit ?
439	+ if(!pagelayer_user_can_edit($post->ID)){
440	return;
441	}
442

552	return $links;
553	}
554
555	+ // Add custom header
556	+ add_action('wp_head', 'pagelayer_add_custom_head');
557	+ function pagelayer_add_custom_head(){
558	+ global $post;
559	+
560	+ $global_code = wp_unslash( get_option('pagelayer_header_code') );
561	+
562	+ if(!empty($post)){
563	+ $header_code = get_post_meta($post->ID , 'pagelayer_header_code', true);
564	+ }
565	+
566	+ if(!empty($global_code)){
567	+ echo $global_code."\n";
568	+ }
569	+
570	+ if(!empty($header_code)){
571	+ echo $header_code."\n";
572	+ }
573	+
574	+ }
575	+
576	+ // Add custom footer
577	+ add_action('wp_footer', 'pagelayer_add_custom_footer');
578	+ function pagelayer_add_custom_footer(){
579	+ global $post;
580	+
581	+ $global_code = wp_unslash( get_option('pagelayer_footer_code') );
582	+
583	+ if(!empty($post)){
584	+ $footer_code = get_post_meta($post->ID , 'pagelayer_footer_code', true);
585	+ }
586	+
587	+ if(!empty($global_code)){
588	+ echo $global_code."\n";
589	+ }
590	+
591	+ if(!empty($footer_code)){
592	+ echo $footer_code."\n";
593	+ }
594	+
595	+ }
596	+
597	// Pagelayer Template Loading Mechanism
598	include_once(PAGELAYER_DIR.'/main/template.php');

js/pagelayer-editor.js CHANGED Viewed

@@ -2726,6 +2726,36 @@ function pagelayer_add_action(act, func){
             	jQuery(document).on(act, func);
+            }
             // Save the post
             function pagelayer_save(){
@@ -2743,13 +2773,17 @@ function pagelayer_save(){
             		props = tmp.atts;
+            	}
             	jQuery.ajax({
             		type: "POST",
             		url: pagelayerajaxurl,
             		data: {
             			pagelayer_update_content : post,
             			pagelayer_nonce: pagelayer_ajax_nonce,
-            -
            			page_props: props
             		},
             		success: function(response, status, xhr){
             			//alert(data);


2726	jQuery(document).on(act, func);
2727	}
2728
2729	+ // Create array of the contact from template params
2730	+ function pagelayer_get_contact_templates(){
2731	+
2732	+ var contacts = jQuery(pagelayer_editable+' [pagelayer-tag=pl_contact]');
2733	+ var contacts_props = {};
2734	+ if(contacts.length > 0){
2735	+
2736	+ contacts.each(function(){
2737	+
2738	+ var tmp = pagelayer_data(jQuery(this));
2739	+ var con_allowed = ['to_email', 'from_email', 'cont_subject', 'cont_header', 'cont_body', 'cont_use_html'];
2740	+
2741	+ if(pagelayer_empty(tmp.atts['contact_custom_templ'])) return true;
2742	+
2743	+ // Define blank array
2744	+ contacts_props[tmp.id] = {};
2745	+
2746	+ for(var x in con_allowed){
2747	+ var key = con_allowed[x];
2748	+ if(!pagelayer_empty(tmp.atts[key])){
2749	+ contacts_props[tmp.id][key] = tmp.atts[key];
2750	+ }
2751	+ }
2752	+
2753	+ });
2754	+ }
2755	+
2756	+ return contacts_props;
2757	+ }
2758	+
2759	// Save the post
2760	function pagelayer_save(){
2761

2773	props = tmp.atts;
2774	}
2775
2776	+ // Do we have contact templates ?
2777	+ var contacts_props = pagelayer_get_contact_templates();
2778	+
2779	jQuery.ajax({
2780	type: "POST",
2781	url: pagelayerajaxurl,
2782	data: {
2783	pagelayer_update_content : post,
2784	pagelayer_nonce: pagelayer_ajax_nonce,
2785	+ page_props: props,
2786	+ contacts: contacts_props
2787	},
2788	success: function(response, status, xhr){
2789	//alert(data);

js/pagelayer-frontend.js CHANGED Viewed

	@@ -185,8 +185,14 @@ function pagelayer_pl_row_full(jEle){
185	// Now give the row the width
186	jEle.css({'width': vw, 'max-width': '100vw'});
187

188	jEle.offset({left: 0});
189





190	};
191
192	// Modal open


185	// Now give the row the width
186	jEle.css({'width': vw, 'max-width': '100vw'});
187
188	+ // Set the offset
189	jEle.offset({left: 0});
190
191	+ // Set a timeout as well as some themes can interfere with us
192	+ setTimeout(function(){
193	+ jEle.offset({left: 0});
194	+ }, 500);
195	+
196	};
197
198	// Modal open

js/properties.js CHANGED Viewed

@@ -99,7 +99,9 @@ function pagelayer_data(jEle, clean){
             									var sep = 'sep' in prop ? prop['sep'] : ',';
             									var tmp2 = prop['default'].split(sep);
             									for(var k in tmp2){
-            -
            										tmp2[k] = tmp2[k]+prop['units'][0];
+            									}
             									tmp_val = tmp2.join(sep);
+            								}
@@ -2036,6 +2038,50 @@ function pagelayer_elp_access(row, prop){
             };
             // The Color Property
             function pagelayer_elp_color(row, prop){


99	var sep = 'sep' in prop ? prop['sep'] : ',';
100	var tmp2 = prop['default'].split(sep);
101	for(var k in tmp2){
102	+ if(jQuery.isNumeric(tmp2[k])){
103	+ tmp2[k] = tmp2[k]+prop['units'][0];
104	+ }
105	}
106	tmp_val = tmp2.join(sep);
107	}

2038
2039	};
2040
2041	+ // The Modal Property
2042	+ function pagelayer_elp_modal(row, prop){
2043	+
2044	+ var style = pagelayer_empty(prop.width) ? '' : 'style="width:'+prop.width+'"';
2045	+
2046	+ var div = '<div class="pagelayer-elp-modal-div">'+
2047	+ '<span class="pagelayer-elp-modal"><i class="pli pli-window" /></span>'+
2048	+ '<div class="pagelayer-elp-modal-wrapper">'+
2049	+ '<div class="pagelayer-elp-modal-wrap" '+style+'>'+
2050	+ '<div class="pagelayer-elp-modal-header">'+
2051	+ prop.label +'<i class="pagelayer-elp-modal-close pli pli-cross" aria-hidden="true"></i>'+
2052	+ '</div><hr>'+
2053	+ '<div class="pagelayer-elp-modal-holder"></div>'+
2054	+ '</div>'+
2055	+ '</div>'+
2056	+ '</div>';
2057	+
2058	+ row.append(div);
2059	+
2060	+ var wrapper = row.find('.pagelayer-elp-modal-wrapper');
2061	+ var holder = row.find('.pagelayer-elp-modal-holder');
2062	+
2063	+ row.find('.pagelayer-elp-modal').on('click', function(){
2064	+
2065	+ // Setup first
2066	+ if(holder.children().length < 1){
2067	+
2068	+ var p = row.parent().find('[pagelayer-access-item='+prop.show_group+']').detach();
2069	+ p.appendTo(holder);
2070	+ p.addClass('pagelayer-access-item-visible');
2071	+ }
2072	+
2073	+ // Show and hide
2074	+ wrapper.show();
2075	+
2076	+ });
2077	+
2078	+ // Close Modal Property
2079	+ row.find('.pagelayer-elp-modal-close').on('click', function(){
2080	+ wrapper.hide();
2081	+ });
2082	+
2083	+ };
2084	+
2085	// The Color Property
2086	function pagelayer_elp_color(row, prop){
2087

languages/en.json CHANGED Viewed

	@@ -821,6 +821,7 @@
821	"service_box_media_alignment": "Image Alignment",
822	"service_box_media_vertical_alignment": "Vertical Alignment",
823	"service_box_text_alignment": "Content Alignment",

824	"justify": "Justify",
825	"service_btn_url_label": "URL",
826	"service_button_text_label": "Text",
	@@ -901,6 +902,7 @@
901	"embed_paste_code": "Paste HTML code",
902	"shortcodes": "Shortcodes",
903	"shortcodes_paste_code": "Shortcode",

904	"google_map_address_label": "Address",
905	"google_map_address_desc": "To find a specific address or location, just enter what you're looking for and press Enter",
906	"google_map_noscroll": "Deactivate Scroll",
	@@ -1685,5 +1687,22 @@
1685	"popup_cookie_name" : "Cookie Name",
1686	"popup_cookie_exp" : "Cookie Expires",
1687	"select_images" : "Please select images from the left Widget properties !",
1688	- "ele_id" : "Element ID"

















1689	}


821	"service_box_media_alignment": "Image Alignment",
822	"service_box_media_vertical_alignment": "Vertical Alignment",
823	"service_box_text_alignment": "Content Alignment",
824	+ "service_box_heading_alignment": "Heading Alignment",
825	"justify": "Justify",
826	"service_btn_url_label": "URL",
827	"service_button_text_label": "Text",

902	"embed_paste_code": "Paste HTML code",
903	"shortcodes": "Shortcodes",
904	"shortcodes_paste_code": "Shortcode",
905	+ "shortcodes_paste": "Paste your shortcode here",
906	"google_map_address_label": "Address",
907	"google_map_address_desc": "To find a specific address or location, just enter what you're looking for and press Enter",
908	"google_map_noscroll": "Deactivate Scroll",

1687	"popup_cookie_name" : "Cookie Name",
1688	"popup_cookie_exp" : "Cookie Expires",
1689	"select_images" : "Please select images from the left Widget properties !",
1690	+ "ele_id" : "Element ID",
1691	+ "prefix_suffix" : "Prefix and Suffix",
1692	+ "prefix_name" : "Prefix Title",
1693	+ "suffix_name" : "Suffix Title",
1694	+ "mail_template" : "Mail Template",
1695	+ "to_email" : "To Email",
1696	+ "from_email" : "From Email",
1697	+ "additional_head" : "Additional Header",
1698	+ "message_body" : "Message Body",
1699	+ "subject" : "Subject",
1700	+ "custom_hf_code" : "Custom Header Footer Code",
1701	+ "header_code" : "Header Code",
1702	+ "footer_code" : "Footer Code",
1703	+ "subject" : "Subject",
1704	+ "create_mail_templ" : "Create Mail Template",
1705	+ "use_html" : "Use HTML",
1706	+ "custom_templ" : "Use Custom Template",
1707	+ "technology" : "Technology"
1708	}

main/ajax.php CHANGED Viewed

	@@ -38,6 +38,11 @@ function pagelayer_wp_widget_ajax(){
38	// Some AJAX security
39	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
40





41	pagelayer_load_shortcodes();
42
43	header('Content-Type: application/json');
	@@ -128,13 +133,27 @@ function pagelayer_save_content(){
128	$content = $_POST['pagelayer_update_content'];
129
130	$postID = (int) $_GET['postID'];
131	-
132	if(empty($postID)){
133	- $msg['error'] = __pl('invalid_post_id');

134	}
135
136	- // ~~Check~~ ~~if the post exists~~












137

138	if(!empty($postID) && !empty($content)){
139
140	$post = array(
	@@ -153,6 +172,20 @@ function pagelayer_save_content(){
153	}
154	}
155














156	$_REQUEST['page_props']['featured_image'] = (int) $_REQUEST['page_props']['featured_image'];
157	if(!empty($_REQUEST['page_props']['featured_image'])){
158	set_post_thumbnail($postID, $_REQUEST['page_props']['featured_image']);
	@@ -160,6 +193,29 @@ function pagelayer_save_content(){
160	delete_post_thumbnail($postID);
161	}
162























163	}
164
165	// Apply a filter
	@@ -169,13 +225,13 @@ function pagelayer_save_content(){
169	wp_update_post($post);
170
171	if (is_wp_error($postID)) {
172	- $msg['error'] = __pl('post_update_err');
173	}else{
174	- $msg['success'] = __pl('post_update_success');
175	}
176
177	}else{
178	- $msg['error'] = __pl('post_update_err');
179	}
180
181	pagelayer_json_output($msg);
	@@ -189,6 +245,11 @@ function pagelayer_do_shortcodes(){
189	// Some AJAX security
190	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
191





192	$data = '';
193	if(isset($_REQUEST['shortcode_data'])){
194	$data = stripslashes($_REQUEST['shortcode_data']);
	@@ -237,10 +298,21 @@ function pagelayer_get_section_shortcodes(){
237	// Some AJAX security
238	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
239





240	$data = '';
241	if(isset($_REQUEST['pagelayer_section_id'])){
242
243	$get_url = PAGELAYER_API.'/library.php?give_id='.$_REQUEST['pagelayer_section_id'].(!empty($pagelayer->license['license']) ? '&license='.$pagelayer->license['license'] : '');






244	$fetch = wp_remote_get($get_url, array('timeout' => 60));
245
246	if ( is_array( $fetch ) && ! is_wp_error( $fetch ) && isset( $fetch['body'] ) ) {
	@@ -319,6 +391,11 @@ function pagelayer_update_site_title(){
319	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
320
321	$site_title = $_POST['site_title'];





322
323	update_option('blogname', $site_title);
324
	@@ -384,14 +461,19 @@ function pagelayer_create_post_autosave(){
384
385	// Some AJAX security
386	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
387	-
388	- $postID = (int) $_GET['postID'];
389	- $post_revisions = array();
390


391	$content = $_REQUEST['pagelayer_post_content'];






392
393	if(empty($postID)){
394	- $~~post_revisions~~['error'] = __pl('invalid_post_id');
395	}else{
396
397	$post = array(
	@@ -399,12 +481,12 @@ function pagelayer_create_post_autosave(){
399	'post_content' => $content,
400	);
401
402	- $~~post_revisions~~['id'] = wp_create_post_autosave($post);
403	}
404
405	- $~~post_revisions~~['url'] = get_preview_post_link($postID);
406
407	- pagelayer_json_output($~~post_revisions~~);
408
409	}
410
	@@ -415,20 +497,26 @@ function pagelayer_get_revision(){
415	// Some AJAX security
416	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
417

418	$postID = (int) $_GET['postID'];
419	- ~~$post_revisions = array();~~





420
421	if(empty($postID)){
422	- $~~post_revisions~~['error'] = __pl('invalid_post_id');
423	}else{
424	- $~~post_revisions~~ = pagelayer_get_post_revision_by_id($postID);
425	}
426
427	- pagelayer_json_output($~~post_revisions~~);
428
429	}
430
431	- // ~~Get~~ post revision
432	add_action('wp_ajax_pagelayer_apply_revision', 'pagelayer_apply_revision');
433	function pagelayer_apply_revision(){
434
	@@ -436,17 +524,24 @@ function pagelayer_apply_revision(){
436	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
437
438	$revisionID = (int) $_REQUEST['revisionID'];
439	- $~~post_data~~ = ~~array~~();







440
441	if(empty($revisionID)){
442	- $~~post_data~~['error'] = __pl('invalid_post_id');
443	}else{
444
445	$post = get_post( $revisionID );
446
447	if ( empty( $post ) ) {
448	- $~~post_data~~['error'] = __pl('invalid_revision');
449	- pagelayer_json_output($~~post_data~~);
450	}
451
452	// Need to make the reviews post global
	@@ -455,18 +550,18 @@ function pagelayer_apply_revision(){
455	// Need to reload the shortcodes
456	pagelayer_load_shortcodes();
457
458	- $~~post_data~~['content'] = do_shortcode($post->post_content);
459
460	if (is_wp_error($postID)) {
461	- $~~post_data~~['error'] = __pl('rev_load_error');
462	}else{
463	- $~~post_data~~['success'] = __pl('rev_load_success');
464	}
465
466	wp_reset_postdata();
467	}
468
469	- pagelayer_json_output($~~post_data~~);
470
471	}
472
	@@ -478,38 +573,44 @@ function pagelayer_delete_revision() {
478	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
479
480	$revisionID = (int) $_REQUEST['revisionID'];







481
482	if(empty($revisionID)){
483	- $~~post_data~~['error'] = __pl('invalid_post_id');
484	}else{
485
486	$revision = get_post( $revisionID );
487
488	if ( empty( $revision ) ) {
489	- $~~post_data~~['error'] = __pl('invalid_revision');
490	}else{
491
492	- if ( ! current_user_can( 'delete_post', $~~revision->ID~~ ) ) {
493	- $~~post_data~~['error'] = __pl('access_denied');
494	- pagelayer_json_output($~~post_data~~);
495	- return false;
496	}
497
498	$deleted = wp_delete_post_revision( $revision->ID );
499
500	if ( ! $deleted \|\| is_wp_error( $deleted ) ) {
501	- $~~post_data~~['error'] = __pl('delete_rev_error');
502	}else{
503	- $~~post_data~~['success'] = __pl('delete_rev_success');
504	}
505	}
506	}
507
508	- pagelayer_json_output($~~post_data~~);
509
510	}
511
512	- // Get post ~~revision~~
513	add_action('wp_ajax_pagelayer_post_nav', 'pagelayer_post_nav');
514	function pagelayer_post_nav() {
515
	@@ -559,7 +660,7 @@ function pagelayer_post_nav() {
559
560	}
561
562	- // Get post comment template
563	add_action('wp_ajax_pagelayer_post_comment', 'pagelayer_post_comment');
564	function pagelayer_post_comment() {
565	global $post;
	@@ -699,7 +800,7 @@ function pagelayer_fetch_posts(){
699
700	// Some AJAX security
701	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
702	-
703	echo pagelayer_widget_posts($_POST);
704
705	wp_die();
	@@ -714,7 +815,7 @@ function pagelayer_posts_data(){
714
715	// Load shortcodes
716	pagelayer_load_shortcodes();
717	-
718	echo pagelayer_posts($_POST);
719	wp_die();
720	}
	@@ -736,7 +837,7 @@ function pagelayer_archive_posts_data(){
736
737	// Load shortcodes
738	pagelayer_load_shortcodes();
739	-
740	echo pagelayer_posts($_POST, $_POST['pagelayer_wp_query']);
741	wp_die();
742	}
	@@ -745,20 +846,110 @@ function pagelayer_archive_posts_data(){
745	add_action('wp_ajax_pagelayer_contact_submit', 'pagelayer_contact_submit');
746	add_action('wp_ajax_nopriv_pagelayer_contact_submit', 'pagelayer_contact_submit' );
747	function pagelayer_contact_submit(){
748	-
749	- ~~$to_mail~~ = ~~get_option('pagelayer_cf_to_email');~~
750	- ~~$subject = get_option~~('~~pagelayer_cf_subject~~');
751
752	$fdata = $_POST['form_data'];
753	parse_str($fdata, $formdata);
754
755	- // ~~Make~~ ~~the email content~~
756	- ~~foreach(~~$~~formdata~~ as ~~$k => $i~~){
757	- $~~data~~ .= ''~~.$k.'\t : \t'.$i.'\n'~~;


























































































758	}
759
760	// Send the email
761	- $r = wp_mail( $to_mail, $subject, $~~data~~ );
762
763	if($r == TRUE){
764	$wp['success'] = get_option( 'pagelayer_cf_success' );
	@@ -770,20 +961,10 @@ function pagelayer_contact_submit(){
770
771	}
772
773	- // Fetch Google reCaptcha Key
774	- add_action('wp_ajax_pagelayer_fetch_grecaptcha_key', 'pagelayer_fetch_grecaptcha_key');
775	- function pagelayer_fetch_grecaptcha_key(){
776	-
777	- $data['key'] = get_option('pagelayer_google_captcha');
778	-
779	- pagelayer_json_output($data);
780	-
781	- }
782	-
783	// Handle Login Submit
784	add_action('wp_ajax_pagelayer_login_submit', 'pagelayer_login_submit');
785	add_action('wp_ajax_nopriv_pagelayer_login_submit', 'pagelayer_login_submit');
786	- function pagelayer_login_submit(){
787
788	$fdata = $_POST['form_data'];
789	parse_str($fdata, $formdata);
	@@ -816,8 +997,12 @@ function pagelayer_login_submit(){
816	add_action('wp_logout', 'pagelayer_after_logout');
817	function pagelayer_after_logout(){
818

819	$url = get_user_option('pagelayer_logout_url');
820



821	// We will redirect if we have the given item set.
822	if(!empty($url)){
823	wp_redirect( $url );
	@@ -847,10 +1032,9 @@ function pagelayer_get_pages_list(){
847	}
848	$option .= '</ul>';
849
850	-
851	echo $option;
852
853	- wp_die();
854	}
855
856	// Get the data for template
	@@ -946,10 +1130,21 @@ function pagelayer_save_template() {
946	$done = [];
947
948	$post_id = (int) $_GET['postID'];






949
950	// We need to create the post
951	if(empty($post_id)){
952





953	// Get the template type
954	if(empty($_POST['pagelayer_template_type'])){
955	$done['error'] = __pl('temp_error_type');
	@@ -1289,6 +1484,11 @@ function pagelayer_export_template(){
1289
1290	$done = [];
1291





1292	// Load the templates
1293	pagelayer_builder_load_templates();
1294


38	// Some AJAX security
39	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
40
41	+ if(!current_user_can('edit_theme_options')){
42	+ $ret['error'][] = __pl('no_permission');
43	+ pagelayer_json_output($ret);
44	+ }
45	+
46	pagelayer_load_shortcodes();
47
48	header('Content-Type: application/json');

133	$content = $_POST['pagelayer_update_content'];
134
135	$postID = (int) $_GET['postID'];
136	+
137	if(empty($postID)){
138	+ $msg['error'] = __pl('invalid_post_id');
139	+ pagelayer_json_output($msg);
140	}
141
142	+ $_post = get_post($postID);
143	+
144	+ // Post found ?
145	+ if(empty($_post)){
146	+ $msg['error'] = __pl('invalid_post_id');
147	+ pagelayer_json_output($msg);
148	+ }
149	+
150	+ // Are you allowed to edit ?
151	+ if(!pagelayer_user_can_edit($postID)){
152	+ $msg['error'][] = __pl('no_permission');
153	+ pagelayer_json_output($msg);
154	+ }
155
156	+ // Check if the post exists
157	if(!empty($postID) && !empty($content)){
158
159	$post = array(

172	}
173	}
174
175	+ if(!empty($post['post_status']) && $post['post_status'] == 'publish'){
176	+
177	+ // Allowed to publish pages ?
178	+ if($_post->post_type == 'page' && !current_user_can('publish_pages')){
179	+ $msg['error'][] = __pl('no_publish_permission');
180	+ pagelayer_json_output($msg);
181	+ }
182	+
183	+ // Allowed to publish posts ?
184	+ if($_post->post_type == 'post' && !current_user_can('publish_posts')){
185	+ $post['post_status'] = 'pending';
186	+ }
187	+ }
188	+
189	$_REQUEST['page_props']['featured_image'] = (int) $_REQUEST['page_props']['featured_image'];
190	if(!empty($_REQUEST['page_props']['featured_image'])){
191	set_post_thumbnail($postID, $_REQUEST['page_props']['featured_image']);

193	delete_post_thumbnail($postID);
194	}
195
196	+ $header_code = !empty($_REQUEST['page_props']['header_code']) ? $_REQUEST['page_props']['header_code'] : '' ;
197	+ $footer_code = !empty($_REQUEST['page_props']['footer_code']) ? $_REQUEST['page_props']['footer_code'] : '' ;
198	+
199	+ // Set Custom header footer code
200	+ if(!empty($header_code)){
201	+ update_post_meta($postID, 'pagelayer_header_code', $header_code);
202	+ }else{
203	+ delete_post_meta($postID, 'pagelayer_header_code');
204	+ }
205	+
206	+ if(!empty($footer_code)){
207	+ update_post_meta($postID, 'pagelayer_footer_code', $footer_code);
208	+ }else{
209	+ delete_post_meta($postID, 'pagelayer_footer_code');
210	+ }
211	+
212	+ }
213	+
214	+ // Any contact templates ?
215	+ if(!empty($_REQUEST['contacts'])){
216	+ update_post_meta($postID, 'pagelayer_contact_templates', $_REQUEST['contacts']);
217	+ }else{
218	+ delete_post_meta($postID, 'pagelayer_contact_templates');
219	}
220
221	// Apply a filter

225	wp_update_post($post);
226
227	if (is_wp_error($postID)) {
228	+ $msg['error'] = __pl('post_update_err');
229	}else{
230	+ $msg['success'] = __pl('post_update_success');
231	}
232
233	}else{
234	+ $msg['error'] = __pl('post_update_err');
235	}
236
237	pagelayer_json_output($msg);

245	// Some AJAX security
246	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
247
248	+ if(!current_user_can('edit_posts')){// TODO : WooCommerce
249	+ $ret['error'][] = __pl('no_permission');
250	+ pagelayer_json_output($ret);
251	+ }
252	+
253	$data = '';
254	if(isset($_REQUEST['shortcode_data'])){
255	$data = stripslashes($_REQUEST['shortcode_data']);

298	// Some AJAX security
299	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
300
301	+ if(!current_user_can('edit_posts')){
302	+ $ret['error'][] = __pl('no_permission');
303	+ pagelayer_json_output($ret);
304	+ }
305	+
306	$data = '';
307	if(isset($_REQUEST['pagelayer_section_id'])){
308
309	$get_url = PAGELAYER_API.'/library.php?give_id='.$_REQUEST['pagelayer_section_id'].(!empty($pagelayer->license['license']) ? '&license='.$pagelayer->license['license'] : '');
310	+
311	+ // For SitePad users
312	+ if(function_exists('get_softaculous_file')){
313	+ $get_url = get_softaculous_file($get_url, 1);
314	+ }
315	+
316	$fetch = wp_remote_get($get_url, array('timeout' => 60));
317
318	if ( is_array( $fetch ) && ! is_wp_error( $fetch ) && isset( $fetch['body'] ) ) {

391	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
392
393	$site_title = $_POST['site_title'];
394	+
395	+ if(!current_user_can('manage_options')){
396	+ $ret['error'][] = __pl('no_permission');
397	+ pagelayer_json_output($ret);
398	+ }
399
400	update_option('blogname', $site_title);
401

461
462	// Some AJAX security
463	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');



464
465	+ $ret = array();
466	+ $postID = (int) $_GET['postID'];
467	$content = $_REQUEST['pagelayer_post_content'];
468	+
469	+ // Are you allowed to edit ?
470	+ if(!pagelayer_user_can_edit($postID)){
471	+ $ret['error'][] = __pl('no_permission');
472	+ pagelayer_json_output($ret);
473	+ }
474
475	if(empty($postID)){
476	+ $ret['error'] = __pl('invalid_post_id');
477	}else{
478
479	$post = array(

481	'post_content' => $content,
482	);
483
484	+ $ret['id'] = wp_create_post_autosave($post);
485	}
486
487	+ $ret['url'] = get_preview_post_link($postID);
488
489	+ pagelayer_json_output($ret);
490
491	}
492

497	// Some AJAX security
498	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
499
500	+ $ret = array();
501	$postID = (int) $_GET['postID'];
502	+
503	+ // Are you allowed to edit ?
504	+ if(!pagelayer_user_can_edit($postID)){
505	+ $ret['error'][] = __pl('no_permission');
506	+ pagelayer_json_output($ret);
507	+ }
508
509	if(empty($postID)){
510	+ $ret['error'] = __pl('invalid_post_id');
511	}else{
512	+ $ret = pagelayer_get_post_revision_by_id($postID);
513	}
514
515	+ pagelayer_json_output($ret);
516
517	}
518
519	+ // Apply post revision
520	add_action('wp_ajax_pagelayer_apply_revision', 'pagelayer_apply_revision');
521	function pagelayer_apply_revision(){
522

524	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
525
526	$revisionID = (int) $_REQUEST['revisionID'];
527	+ $parID = wp_get_post_parent_id($revisionID);
528	+ $ret = array();
529	+
530	+ // Are you allowed to edit ?
531	+ if(!pagelayer_user_can_edit($parID)){
532	+ $ret['error'][] = __pl('no_permission');
533	+ pagelayer_json_output($ret);
534	+ }
535
536	if(empty($revisionID)){
537	+ $ret['error'] = __pl('invalid_post_id');
538	}else{
539
540	$post = get_post( $revisionID );
541
542	if ( empty( $post ) ) {
543	+ $ret['error'] = __pl('invalid_revision');
544	+ pagelayer_json_output($ret);
545	}
546
547	// Need to make the reviews post global

550	// Need to reload the shortcodes
551	pagelayer_load_shortcodes();
552
553	+ $ret['content'] = do_shortcode($post->post_content);
554
555	if (is_wp_error($postID)) {
556	+ $ret['error'] = __pl('rev_load_error');
557	}else{
558	+ $ret['success'] = __pl('rev_load_success');
559	}
560
561	wp_reset_postdata();
562	}
563
564	+ pagelayer_json_output($ret);
565
566	}
567

573	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
574
575	$revisionID = (int) $_REQUEST['revisionID'];
576	+ $parID = wp_get_post_parent_id($revisionID);
577	+
578	+ // Are you allowed to edit ?
579	+ if(!pagelayer_user_can_edit($parID)){
580	+ $ret['error'][] = __pl('no_permission');
581	+ pagelayer_json_output($ret);
582	+ }
583
584	if(empty($revisionID)){
585	+ $ret['error'] = __pl('invalid_post_id');
586	}else{
587
588	$revision = get_post( $revisionID );
589
590	if ( empty( $revision ) ) {
591	+ $ret['error'] = __pl('invalid_revision');
592	}else{
593
594	+ if ( ! current_user_can( 'delete_post', $parID ) ) {
595	+ $ret['error'] = __pl('access_denied');
596	+ pagelayer_json_output($ret);

597	}
598
599	$deleted = wp_delete_post_revision( $revision->ID );
600
601	if ( ! $deleted \|\| is_wp_error( $deleted ) ) {
602	+ $ret['error'] = __pl('delete_rev_error');
603	}else{
604	+ $ret['success'] = __pl('delete_rev_success');
605	}
606	}
607	}
608
609	+ pagelayer_json_output($ret);
610
611	}
612
613	+ // Get post navigation
614	add_action('wp_ajax_pagelayer_post_nav', 'pagelayer_post_nav');
615	function pagelayer_post_nav() {
616

660
661	}
662
663	+ // Get post comment template
664	add_action('wp_ajax_pagelayer_post_comment', 'pagelayer_post_comment');
665	function pagelayer_post_comment() {
666	global $post;

800
801	// Some AJAX security
802	check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
803	+ // TODO : Allowed
804	echo pagelayer_widget_posts($_POST);
805
806	wp_die();

815
816	// Load shortcodes
817	pagelayer_load_shortcodes();
818	+ // TODO : Allowed
819	echo pagelayer_posts($_POST);
820	wp_die();
821	}

837
838	// Load shortcodes
839	pagelayer_load_shortcodes();
840	+ // TODO : Allowed
841	echo pagelayer_posts($_POST, $_POST['pagelayer_wp_query']);
842	wp_die();
843	}

846	add_action('wp_ajax_pagelayer_contact_submit', 'pagelayer_contact_submit');
847	add_action('wp_ajax_nopriv_pagelayer_contact_submit', 'pagelayer_contact_submit' );
848	function pagelayer_contact_submit(){
849	+
850	+ // Some AJAX security
851	+ check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
852
853	$fdata = $_POST['form_data'];
854	parse_str($fdata, $formdata);
855
856	+ $to_mail = get_option('pagelayer_cf_to_email');
857	+ $from_mail = get_option('pagelayer_cf_from_email');
858	+ $subject = get_option('pagelayer_cf_subject');
859	+ $additional_headers = get_option('pagelayer_cf_headers');
860	+ $body = '';
861	+ $headers = '';
862	+ $custom_templ = array();
863	+ $use_custom = false;
864	+ $use_html = false;
865	+ $pagelayer_id = $formdata['cfa-pagelayer-id'];
866	+
867	+ if(isset($formdata['cfa-custom-template']) && !empty($formdata['cfa-post-id'])){
868	+ $post_id = (int) $formdata['cfa-post-id'];
869	+
870	+ if(!empty($post_id)){
871	+ $contact_array = get_post_meta($post_id, 'pagelayer_contact_templates', true);
872	+
873	+ if(!empty($contact_array) && !empty($contact_array[$pagelayer_id])){
874	+ $custom_templ = $contact_array[$pagelayer_id];
875	+ $use_custom = true;
876	+ }
877	+ }
878	+ }
879	+
880	+ if($use_custom && !empty($custom_templ)){
881	+
882	+ if(!empty($custom_templ['to_email'])){
883	+ $to_mail = $custom_templ['to_email'];
884	+ }
885	+
886	+ if(!empty($custom_templ['from_email'])){
887	+ $from_mail = $custom_templ['from_email'];
888	+ }
889	+
890	+ if(!empty($custom_templ['cont_subject'])){
891	+ $subject = $custom_templ['cont_subject'];
892	+ }
893	+
894	+ if(!empty($custom_templ['cont_header'])){
895	+ $additional_headers = $custom_templ['cont_header'];
896	+ }
897	+
898	+ if(!empty($custom_templ['cont_body'])){
899	+ $body = $custom_templ['cont_body'];
900	+ }
901	+
902	+ if(!empty($custom_templ['cont_use_html'])){
903	+ $use_html = true;
904	+ $headers .= "Content-Type: text/html\n";
905	+ }
906	+ }
907	+
908	+ if(!empty($from_mail)){
909	+ $headers .= "From: $from_mail\n";
910	+ }
911	+
912	+ if ( empty($additional_headers) ) {
913	+ $headers .= $additional_headers . "\n";
914	+ }
915	+
916	+ if ( empty($body) ) {
917	+
918	+ // Make the email content
919	+ foreach($formdata as $k => $i){
920	+
921	+ $not_allow = ['cfa-pagelayer-id', 'cfa-redirect', 'cfa-post-id', 'cfa-custom-template', 'pagelayer-contact-submit'];
922	+ if(in_array($k, $not_allow)){
923	+ continue;
924	+ }
925	+
926	+ $body .= $k."\t : \t".$i."\n";
927	+ }
928	+
929	+ $body .= "\n\n --\n This e-mail was sent from a contact form (".get_home_url().")";
930	+
931	+ }
932	+
933	+ // Do parse a variables
934	+ $to_mail = pagelayer_replace_vars($to_mail, $formdata, '$');
935	+ $from_mail = pagelayer_replace_vars($from_mail, $formdata, '$');
936	+ $subject = pagelayer_replace_vars($subject, $formdata, '$');
937	+ $additional_headers = pagelayer_replace_vars($additional_headers, $formdata, '$');
938	+ $body = pagelayer_replace_vars($body, $formdata, '$');
939	+
940	+ if ( $use_html && ! preg_match( '%<html[>\s].*</html>%is', $body ) ) {
941	+ $header = '<!doctype html>
942	+ <html xmlns="http://www.w3.org/1999/xhtml">
943	+ <head><title>' . esc_html( $subject ) . '</title></head>
944	+ <body>';
945	+
946	+ $footer = '</body></html>';
947	+
948	+ $body = $header . wpautop( $body ) . $footer;
949	}
950
951	// Send the email
952	+ $r = wp_mail( $to_mail, $subject, $body, $headers );
953
954	if($r == TRUE){
955	$wp['success'] = get_option( 'pagelayer_cf_success' );

961
962	}
963










964	// Handle Login Submit
965	add_action('wp_ajax_pagelayer_login_submit', 'pagelayer_login_submit');
966	add_action('wp_ajax_nopriv_pagelayer_login_submit', 'pagelayer_login_submit');
967	+ function pagelayer_login_submit(){
968
969	$fdata = $_POST['form_data'];
970	parse_str($fdata, $formdata);

997	add_action('wp_logout', 'pagelayer_after_logout');
998	function pagelayer_after_logout(){
999
1000	+ // Get the URL
1001	$url = get_user_option('pagelayer_logout_url');
1002
1003	+ // Now blank it
1004	+ update_user_option('pagelayer_logout_url', '');
1005	+
1006	// We will redirect if we have the given item set.
1007	if(!empty($url)){
1008	wp_redirect( $url );

1032	}
1033	$option .= '</ul>';
1034

1035	echo $option;
1036
1037	+ wp_die();
1038	}
1039
1040	// Get the data for template

1130	$done = [];
1131
1132	$post_id = (int) $_GET['postID'];
1133	+
1134	+ // Are you allowed to edit ?
1135	+ if(!empty($post_id) && !pagelayer_user_can_edit($post_id)){
1136	+ $done['error'][] = __pl('no_permission');
1137	+ pagelayer_json_output($done);
1138	+ }
1139
1140	// We need to create the post
1141	if(empty($post_id)){
1142
1143	+ if (!current_user_can('edit_posts')) {
1144	+ $done['error'] = __pl('access_denied');
1145	+ pagelayer_json_output($done);
1146	+ }
1147	+
1148	// Get the template type
1149	if(empty($_POST['pagelayer_template_type'])){
1150	$done['error'] = __pl('temp_error_type');

1484
1485	$done = [];
1486
1487	+ if(!current_user_can('edit_theme_options')){
1488	+ $done['error'][] = __pl('no_permission');
1489	+ pagelayer_json_output($done);
1490	+ }
1491	+
1492	// Load the templates
1493	pagelayer_builder_load_templates();
1494

main/functions.php CHANGED Viewed

@@ -443,19 +443,48 @@ function pagelayer_is_live_iframe(){
             // Can the current user edit the post ?
             function pagelayer_user_can_edit($post = NULL){
-            -
            	global $wp_the_query, $current_user;
-            -
            	if(!isset($post) || empty($post) || $post === NULL){
-            -
            		global $post;
+            	}
-            -
            	wp_get_current_user();
-            -
-            -
            	if(isset($post) && is_object($post) && isset($post->ID) && isset($post->post_author) && isset($current_user) && is_object($current_user) && isset($current_user->ID) && (current_user_can('edit_others_posts', $post->ID) || ($post->post_author == $current_user->ID))){
-            -
            		return true;
+            	}
-            -
            	return false;
+            }
@@ -477,8 +506,38 @@ function pagelayer_icon_sources(){
             	return array();
+            }
             // Loads the shortcodes
             function pagelayer_load_shortcodes(){
             	include_once(PAGELAYER_DIR.'/main/shortcode_functions.php');
             	if(defined('PAGELAYER_PREMIUM')){
@@ -1166,6 +1225,9 @@ function pagelayer_posts($params, $args = []){
+            	}
             	//pagelayer_print($args);
             	$postsquery = new WP_Query($args);
             	$data = '';
@@ -1956,4 +2018,15 @@ color: red;
+            		}
+            	}
+            }


443	// Can the current user edit the post ?
444	function pagelayer_user_can_edit($post = NULL){
445
446	+ global $wp_the_query, $current_user, $pagelayer;
447	+
448	+ $post = get_post($post);
449
450	+ if(empty($post)){
451	+ return false;
452	}
453
454	+ // No trash editing
455	+ if(get_post_status($post->ID) === 'trash'){
456	+ return false;
457	+ }
458	+
459	+ // Is pagelayer supposed to edit this ?
460	+ if(!in_array($post->post_type, $pagelayer->settings['post_types']) && $post->post_type != 'pagelayer-template'){
461	+ return false;
462	+ }
463	+
464	+ // Get the post type object
465	+ $object = get_post_type_object($post->post_type);
466	+
467	+ // Is this type editable by the user ?
468	+ if(!current_user_can($object->cap->edit_posts)){
469	+ return false;
470	+ }
471	+
472	+ // Is this type editable ?
473	+ if(!isset($object->cap->edit_post)){
474	+ return false;
475	+ }
476	+
477	+ // Can this user edit the post type ?
478	+ if(!current_user_can($object->cap->edit_post, $post->ID)){
479	+ return false;
480	+ }
481	+
482	+ // Page for blogs not allowed
483	+ if(get_option('page_for_posts') === $post->ID){
484	+ return false;
485	}
486
487	+ return true;
488
489	}
490

506	return array();
507	}
508
509	+ // Sets the memory limit
510	+ function pagelayer_memory_limit($mb){
511	+
512	+ $bytes = ($mb * 1024 * 1024);
513	+ $mb_str = (string) $mb.'M';
514	+
515	+ // Some servers might have ini_get disabled
516	+ if(function_exists('ini_get')){
517	+ $memory_limit = @ini_get('memory_limit');
518	+ }
519	+
520	+ if(empty($memory_limit)){
521	+ return;
522	+ }
523	+
524	+ $memory_limit_bytes = (strpos($memory_limit, 'M') ? (intval($memory_limit) * 1024 * 1024) : intval($memory_limit));
525	+
526	+ //$memory_limit_bytes > 0 is for memory limit = -1
527	+ if($memory_limit_bytes <= $bytes && $memory_limit_bytes > 0){
528	+
529	+ // Some servers might have ini_set disabled
530	+ if(function_exists('ini_set')){
531	+ @ini_set('memory_limit', $mb_str);
532	+ }
533	+ }
534	+
535	+ }
536	+
537	// Loads the shortcodes
538	function pagelayer_load_shortcodes(){
539	+
540	+ pagelayer_memory_limit(64);
541
542	include_once(PAGELAYER_DIR.'/main/shortcode_functions.php');
543	if(defined('PAGELAYER_PREMIUM')){

1225	}
1226	//pagelayer_print($args);
1227
1228	+ // Only see published posts
1229	+ $args['post_status'] = 'publish';
1230	+
1231	$postsquery = new WP_Query($args);
1232	$data = '';
1233

2018	}
2019	}
2020
2021	+ }
2022	+
2023	+ // Parse the array variables
2024	+ function pagelayer_replace_vars( $string, $array, $pre = '', $suf = ''){
2025	+
2026	+ $array = (array) $array;
2027	+
2028	+ foreach($array as $kk => $vv){
2029	+ $string = str_replace($pre.$kk.$suf, $vv, $string);
2030	+ }
2031	+ return $string;
2032	}

main/license.php CHANGED Viewed

	@@ -88,6 +88,10 @@ function pagelayer_license_T(){
88	global $pagelayer, $pl_error;
89
90	pagelayer_page_header('Pagelayer License');




91
92	// Saved ?
93	if(!empty($GLOBALS['pl_saved'])){


88	global $pagelayer, $pl_error;
89
90	pagelayer_page_header('Pagelayer License');
91	+
92	+ if(isset($_REQUEST['save_pl_license'])){
93	+ check_admin_referer('pagelayer-options');
94	+ }
95
96	// Saved ?
97	if(!empty($GLOBALS['pl_saved'])){

main/settings.php CHANGED Viewed

	@@ -157,6 +157,10 @@ function pagelayer_settings_page(){
157
158	$option_name = 'pl_gen_setting' ;
159	$new_value = '';




160
161	if(isset($_REQUEST['pl_gen_setting'])){
162	$new_value = $_REQUEST['pl_gen_setting'];
	@@ -354,6 +358,42 @@ function pagelayer_settings_page(){
354	}
355	}
356




































357	if(isset($_REQUEST['pagelayer_cf_success'])){
358
359	$success = $_REQUEST['pagelayer_cf_success'];
	@@ -415,6 +455,16 @@ function pagelayer_settings_page(){
415	// Save it
416	update_option( 'pagelayer-fbapp-id', $fb_app_id );
417	}










418	}
419
420	$post_type = array('post', 'page', 'product');
	@@ -428,6 +478,7 @@ function pagelayer_settings_page(){
428
429	?>
430	<form class="pagelayer-setting-form" method="post" action="">

431	<div class="tabs-wrapper">
432	<h2 class="nav-tab-wrapper pagelayer-wrapper">
433	<a href="#general" class="nav-tab">General</a>
	@@ -463,50 +514,72 @@ function pagelayer_settings_page(){
463	<div class="pagelayer-tab-panel" id="settings">
464	<table>
465	<tr>
466	- <th>Content Width</th>
467	<td>
468	<input name="pagelayer_content_width" type="number" step="1" min="320" max="5000" placeholder="1170" <?php if(get_option('pagelayer_content_width')){
469	echo 'value="'.get_option('pagelayer_content_width').'"';
470	}?>>
471	- <p>Set the custom width of the content area. The default width set is 1170px</p>
472	</td>
473	<tr>
474	<tr>
475	- <th>Space Between Widgets</th>
476	<td>
477	<input name="pagelayer_between_widgets" type="number" step="1" min="0" max="500" placeholder="15" <?php if(get_option('pagelayer_between_widgets')){
478	echo 'value="'.get_option('pagelayer_between_widgets').'"';
479	}?>>
480	- <p>Set the Space Between Widgets. The default Space set is 15px</p>
481	</td>
482	<tr>
483	<tr>
484	- <th>Body Font</th>
485	<td>
486	<input name="pagelayer_body_font" type="text" placeholder="Open Sans" <?php if(get_option('pagelayer_body_font')){
487	echo 'value="'.get_option('pagelayer_body_font').'"';
488	}?>>
489	- <p>Please give font name as it appears on Google fonts site. You can check all google fonts here: <a href="https://fonts.google.com" target="_blank">https://fonts.google.com</a~~></~~p>
490	</td>
491	<tr>
492	<tr>
493	- <th>Tablet Breakpoint</th>
494	<td>
495	<input name="pagelayer_tablet_breakpoint" type="number" step="1" min="320" max="5000" placeholder="768" <?php if(get_option('pagelayer_tablet_breakpoint')){
496	echo 'value="'.get_option('pagelayer_tablet_breakpoint').'"';
497	}?>>
498	- <p>Set the breakpoint for tablet devices. The default breakpoint for tablet layout is 768px</p>
499	</td>
500	</tr>
501	<tr>
502	- <th>Mobile Breakpoint</th>
503	<td>
504	<input name="pagelayer_mobile_breakpoint" type="number" step="1" min="320" max="5000" placeholder="360" <?php if(get_option('pagelayer_mobile_breakpoint')){
505	echo 'value="'.get_option('pagelayer_mobile_breakpoint').'"';
506	}?>>
507	- <p>Set the breakpoint for mobile devices. The default breakpoint for mobile layout is 360px</p>







508	</td>
509	</tr>















510	</table>
511	</div>
512	<div class="pagelayer-tab-panel" id="icons">
	@@ -615,7 +688,7 @@ function pagelayer_settings_page(){
615	</tr>
616	</table>
617	</div>
618	- <div class="pagelayer-tab-panel" id="contactform">
619	<table>
620	<tr>
621	<th scope="row">To Email:</th>
	@@ -627,6 +700,17 @@ function pagelayer_settings_page(){
627	</label>
628	</td>
629	</tr>











630	<tr>
631	<th scope="row">Subject:</th>
632	<td>
	@@ -638,7 +722,21 @@ function pagelayer_settings_page(){
638	</td>
639	</tr>
640	<tr>
641	- <th scope="row">~~Success~~ ~~Message:</~~th>














642	<td>
643	<label>
644	<input name="pagelayer_cf_success" type="text" placeholder="Success" <?php if(get_option('pagelayer_cf_success')){
	@@ -648,7 +746,7 @@ function pagelayer_settings_page(){
648	</td>
649	</tr>
650	<tr>
651	- <th scope="row">Failed Message: </th>
652	<td>
653	<label>
654	<input name="pagelayer_cf_failed" type="text" placeholder="Failed" <?php if(get_option('pagelayer_cf_failed')){
	@@ -702,4 +800,4 @@ function pagelayer_settings_page(){
702
703	pagelayer_page_footer();
704
705	- }


157
158	$option_name = 'pl_gen_setting' ;
159	$new_value = '';
160	+
161	+ if(isset($_REQUEST['submit'])){
162	+ check_admin_referer('pagelayer-options');
163	+ }
164
165	if(isset($_REQUEST['pl_gen_setting'])){
166	$new_value = $_REQUEST['pl_gen_setting'];

358	}
359	}
360
361	+ if(isset($_REQUEST['pagelayer_cf_headers'])){
362	+
363	+ $subject = $_REQUEST['pagelayer_cf_headers'];
364	+
365	+ if ( get_option( 'pagelayer_cf_headers' ) !== false ) {
366	+
367	+ // The option already exists, so we just update it.
368	+ update_option( 'pagelayer_cf_headers', $subject );
369	+
370	+ } else {
371	+
372	+ // The option hasn't been added yet. We'll add it with $autoload set to 'no'.
373	+ $deprecated = null;
374	+ $autoload = 'no';
375	+ add_option( 'pagelayer_cf_headers', $subject, $deprecated, $autoload );
376	+ }
377	+ }
378	+
379	+ if(isset($_REQUEST['pagelayer_cf_from_email'])){
380	+
381	+ $subject = $_REQUEST['pagelayer_cf_from_email'];
382	+
383	+ if ( get_option( 'pagelayer_cf_from_email' ) !== false ) {
384	+
385	+ // The option already exists, so we just update it.
386	+ update_option( 'pagelayer_cf_from_email', $subject );
387	+
388	+ } else {
389	+
390	+ // The option hasn't been added yet. We'll add it with $autoload set to 'no'.
391	+ $deprecated = null;
392	+ $autoload = 'no';
393	+ add_option( 'pagelayer_cf_from_email', $subject, $deprecated, $autoload );
394	+ }
395	+ }
396	+
397	if(isset($_REQUEST['pagelayer_cf_success'])){
398
399	$success = $_REQUEST['pagelayer_cf_success'];

455	// Save it
456	update_option( 'pagelayer-fbapp-id', $fb_app_id );
457	}
458	+
459	+ // Save Header code
460	+ if(isset($_REQUEST['pagelayer_header_code'])){
461	+ update_option( 'pagelayer_header_code', wp_unslash($_REQUEST['pagelayer_header_code'] ));
462	+ }
463	+
464	+ // Save Footyer code
465	+ if(isset($_REQUEST['pagelayer_footer_code'])){
466	+ update_option( 'pagelayer_footer_code', wp_unslash($_REQUEST['pagelayer_footer_code'] ));
467	+ }
468	}
469
470	$post_type = array('post', 'page', 'product');

478
479	?>
480	<form class="pagelayer-setting-form" method="post" action="">
481	+ <?php wp_nonce_field('pagelayer-options'); ?>
482	<div class="tabs-wrapper">
483	<h2 class="nav-tab-wrapper pagelayer-wrapper">
484	<a href="#general" class="nav-tab">General</a>

514	<div class="pagelayer-tab-panel" id="settings">
515	<table>
516	<tr>
517	+ <th><?php echo __('Content Width') ?></th>
518	<td>
519	<input name="pagelayer_content_width" type="number" step="1" min="320" max="5000" placeholder="1170" <?php if(get_option('pagelayer_content_width')){
520	echo 'value="'.get_option('pagelayer_content_width').'"';
521	}?>>
522	+ <p><?php echo __('Set the custom width of the content area. The default width set is 1170px.') ?></p>
523	</td>
524	<tr>
525	<tr>
526	+ <th><?php echo __('Space Between Widgets') ?></th>
527	<td>
528	<input name="pagelayer_between_widgets" type="number" step="1" min="0" max="500" placeholder="15" <?php if(get_option('pagelayer_between_widgets')){
529	echo 'value="'.get_option('pagelayer_between_widgets').'"';
530	}?>>
531	+ <p><?php echo __('Set the Space Between Widgets. The default Space set is 15px.') ?></p>
532	</td>
533	<tr>
534	<tr>
535	+ <th><?php echo __('Body Font') ?></th>
536	<td>
537	<input name="pagelayer_body_font" type="text" placeholder="Open Sans" <?php if(get_option('pagelayer_body_font')){
538	echo 'value="'.get_option('pagelayer_body_font').'"';
539	}?>>
540	+ <p><?php echo __('Please give font name as it appears on Google fonts site. You can check all google fonts here: <a href="https://fonts.google.com" target="_blank">https://fonts.google.com</a>.') ?></p>
541	</td>
542	<tr>
543	<tr>
544	+ <th><?php echo __('Tablet Breakpoint') ?></th>
545	<td>
546	<input name="pagelayer_tablet_breakpoint" type="number" step="1" min="320" max="5000" placeholder="768" <?php if(get_option('pagelayer_tablet_breakpoint')){
547	echo 'value="'.get_option('pagelayer_tablet_breakpoint').'"';
548	}?>>
549	+ <p><?php echo __('Set the breakpoint for tablet devices. The default breakpoint for tablet layout is 768px.') ?></p>
550	</td>
551	</tr>
552	<tr>
553	+ <th><?php echo __('Mobile Breakpoint') ?></th>
554	<td>
555	<input name="pagelayer_mobile_breakpoint" type="number" step="1" min="320" max="5000" placeholder="360" <?php if(get_option('pagelayer_mobile_breakpoint')){
556	echo 'value="'.get_option('pagelayer_mobile_breakpoint').'"';
557	}?>>
558	+ <p><?php echo __('Set the breakpoint for mobile devices. The default breakpoint for mobile layout is 360px.') ?></p>
559	+ </td>
560	+ </tr>
561	+ <?php if(defined('PAGELAYER_PREMIUM')){ ?>
562	+ <tr>
563	+ <td colspan="2">
564	+ <b><?php echo __('Header and Footer code :');?></b>
565	+ <p><?php echo __('You can add custom code like HTML, JavaScript, CSS etc. which will be inserted throughout your site.');?></p>
566	</td>
567	</tr>
568	+ <tr>
569	+ <th><?php echo __('Header Code : ');?></th>
570	+ <td>
571	+ <textarea name="pagelayer_header_code" style="width:80%;" rows="6"><?php echo get_option( 'pagelayer_header_code' ); ?></textarea>
572	+ <p> <?php echo __('These Code will be printed in <code><head></code> Section.') ?> </p>
573	+ </td>
574	+ </tr>
575	+ <tr>
576	+ <th><?php echo __('Footer Code: ');?></th>
577	+ <td>
578	+ <textarea name="pagelayer_footer_code" style="width:80%;" rows="6"><?php echo get_option( 'pagelayer_footer_code' ); ?></textarea>
579	+ <p> <?php echo __('These Code will be printed before closing the <code></body></code> Section.') ?> </p>
580	+ </td>
581	+ </tr>
582	+ <?php } ?>
583	</table>
584	</div>
585	<div class="pagelayer-tab-panel" id="icons">

688	</tr>
689	</table>
690	</div>
691	+ <div class="pagelayer-tab-panel pagelayer-cf" id="contactform">
692	<table>
693	<tr>
694	<th scope="row">To Email:</th>

700	</label>
701	</td>
702	</tr>
703	+ <tr>
704	+ <th scope="row">From Email:</th>
705	+ <td>
706	+ <label>
707	+ <input name="pagelayer_cf_from_email" type="text" placeholder="My Site <email@domain.com>" <?php
708	+ if(get_option('pagelayer_cf_from_email')){
709	+ echo 'value="'.get_option('pagelayer_cf_from_email').'"';
710	+ }?>/>
711	+ </label>
712	+ </td>
713	+ </tr>
714	<tr>
715	<th scope="row">Subject:</th>
716	<td>

722	</td>
723	</tr>
724	<tr>
725	+ <th scope="row">Additional Headers: </th>
726	+ <td>
727	+ <label>
728	+ <textarea rows="3" name="pagelayer_cf_headers"><?php
729	+ if(get_option('pagelayer_cf_headers')){
730	+ echo get_option('pagelayer_cf_headers');
731	+ } ?></textarea>
732	+ </label>
733	+ </td>
734	+ </tr>
735	+ <tr>
736	+ <td colspan="2"><b>Messages : </b><p>You can edit messages used for information of your form here.</p></td>
737	+ </tr>
738	+ <tr>
739	+ <th scope="row">Success Message :</th>
740	<td>
741	<label>
742	<input name="pagelayer_cf_success" type="text" placeholder="Success" <?php if(get_option('pagelayer_cf_success')){

746	</td>
747	</tr>
748	<tr>
749	+ <th scope="row">Failed Message : </th>
750	<td>
751	<label>
752	<input name="pagelayer_cf_failed" type="text" placeholder="Failed" <?php if(get_option('pagelayer_cf_failed')){

800
801	pagelayer_page_footer();
802
803	+ }

main/shortcode_functions.php CHANGED Viewed

	@@ -497,6 +497,9 @@ function pagelayer_render_shortcode($atts, $content = '', $tag = ''){
497	$div = str_replace('{{pagelayer_do_shortcode}}', do_shortcode($el['content']), $div);
498	}
499



500	return $div;
501
502	}


497	$div = str_replace('{{pagelayer_do_shortcode}}', do_shortcode($el['content']), $div);
498	}
499
500	+ // Sanitize the content
501	+ $div = apply_filters( 'pagelayer_sanitize_do_shortcode', $div );
502	+
503	return $div;
504
505	}

main/shortcodes.php CHANGED Viewed

	@@ -7525,7 +7525,7 @@ pagelayer_add_shortcode(PAGELAYER_SC_PREFIX.'_embed', array(
7525	'data' => array(
7526	'type' => 'textarea',
7527	'label' => __pl('embed_paste_code'),
7528	- 'default' => '<p>Paste HTML code here...</P>',
7529	'desc' => '',
7530	),
7531	)
	@@ -8596,11 +8596,26 @@ pagelayer_add_shortcode(PAGELAYER_SC_PREFIX.'_post_props', array(
8596	'label' => __pl('excerpt'),
8597	),
8598	),

















8599	)
8600	);
8601
8602	-
8603	-
8604	////////////////////////
8605	// WordPress Group
8606	////////////////////////


7525	'data' => array(
7526	'type' => 'textarea',
7527	'label' => __pl('embed_paste_code'),
7528	+ 'default' => '<p>Paste HTML code here...</p>',
7529	'desc' => '',
7530	),
7531	)

8596	'label' => __pl('excerpt'),
8597	),
8598	),
8599	+ 'custom_hf_code' => array(
8600	+ 'header_code' => array(
8601	+ 'type' => 'textarea',
8602	+ 'label' => __pl('header_code'),
8603	+ 'rows' => 4,
8604	+ 'pro' => 1,
8605	+ ),
8606	+ 'footer_code' => array(
8607	+ 'type' => 'textarea',
8608	+ 'label' => __pl('footer_code'),
8609	+ 'rows' => 4,
8610	+ 'pro' => 1,
8611	+ ),
8612	+ ),
8613	+ 'styles' => array(
8614	+ 'custom_hf_code' => __pl('custom_hf_code'),
8615	+ ),
8616	)
8617	);
8618


8619	////////////////////////
8620	// WordPress Group
8621	////////////////////////

pagelayer.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: PageLayer
4	Plugin URI: http://wordpress.org/plugins/pagelayer/
5	Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6	- Version: 1.1.0
7	Author: Pagelayer Team
8	Author URI: https://pagelayer.com/
9	License: LGPL v2.1


3	Plugin Name: PageLayer
4	Plugin URI: http://wordpress.org/plugins/pagelayer/
5	Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6	+ Version: 1.1.1
7	Author: Pagelayer Team
8	Author URI: https://pagelayer.com/
9	License: LGPL v2.1

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: page builder, editor, landing page, drag-and-drop, pagelayer, form-builder
4	Requires at least: 4.7
5	Tested up to: 5.4
6	Requires PHP: 5.5
7	- Stable tag: 1.1.0
8	License: LGPL v2.1
9	License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10
	@@ -109,6 +109,17 @@ Do you have questions related to PageLayer ? Use the following links :
109
110	== Changelog ==
111











112	= 1.1.0 (April 17, 2020) =
113	* [Task] The "Element ID" option has been added for the items in the accordion and collapse widget, Now you can use the accordion and collapse widget as a reference link.
114	* [Task] Made Pagelayer compatible with the "Smush" plugin.


4	Requires at least: 4.7
5	Tested up to: 5.4
6	Requires PHP: 5.5
7	+ Stable tag: 1.1.1
8	License: LGPL v2.1
9	License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10

109
110	== Changelog ==
111
112	+ = 1.1.1 (May 2, 2020) =
113	+ * [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed.
114	+ * [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes.
115	+ * [Premium-Feature] The Pagelayer settings have added the option to add custom header and footer code for the entire site, and you can also add custom header and footer code for particular pages / posts from the "Edit Body and Post Props" option in the Pagelayer editor.
116	+ * [Premium-Feature] Added "From Email" and "Additional Headers" options for the contact forms in the Pagelayer settings.
117	+ * [Premium-Feature] Added options to create custom mail template for the contact forms in the "Contact form" widget.
118	+ * [Task] The new property type "model" is defined.
119	+ * [Bug-Fix] In the audio widget, the play and volume icon was invisible. This is fixed.
120	+ * [Bug-Fix] In the contact form widget, the Redirect option was not working. This is fixed.
121	+ * [Bug-Fix] In some cases, memory was exhausted while loading the shortcodes.
122	+
123	= 1.1.0 (April 17, 2020) =
124	* [Task] The "Element ID" option has been added for the items in the accordion and collapse widget, Now you can use the accordion and collapse widget as a reference link.
125	* [Task] Made Pagelayer compatible with the "Smush" plugin.

Page Builder: PageLayer – Drag and Drop website builder - Version 1.1.1

Version Description

Release Info

Code changes from version 1.1.0 to 1.1.1