Page Builder: PageLayer – Drag and Drop website builder - Version 1.1.2

Version Description

(May 6, 2020) = * [Security] For security reasons, we have changed the nonce names for the editor and for non-editor tasks. We urge all users to update to Pagelayer 1.1.2 as soon as possible.

Download this release

Release Info

Developer pagelayer
Plugin Icon 128x128 Page Builder: PageLayer – Drag and Drop website builder
Version 1.1.2
Comparing to
See all releases

Code changes from version 1.1.1 to 1.1.2

Files changed (4) hide show
  1. init.php +2 -2
  2. main/ajax.php +10 -6
  3. pagelayer.php +1 -1
  4. readme.txt +4 -1
init.php CHANGED
@@ -5,7 +5,7 @@ if (!defined('ABSPATH')) exit;
5
6
define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
7
define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
8
- define('PAGELAYER_VERSION', '1.1.1');
9
define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
10
define('PAGELAYER_SLUG', 'pagelayer');
11
define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));
@@ -396,7 +396,7 @@ function pagelayer_global_js(){
396
397
echo '<script>
398
var pagelayer_ajaxurl = "'.admin_url( 'admin-ajax.php' ).'?";
399
- var pagelayer_ajax_nonce = "'.wp_create_nonce('pagelayer_ajax').'";
400
var pagelayer_server_time = '.time().';
401
var pagelayer_facebook_id = "'.get_option('pagelayer-fbapp-id').'";
402
var pagelayer_settings = '.json_encode($pagelayer->settings).';
5
6
define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
7
define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
8
+ define('PAGELAYER_VERSION', '1.1.2');
9
define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
10
define('PAGELAYER_SLUG', 'pagelayer');
11
define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));
396
397
echo '<script>
398
var pagelayer_ajaxurl = "'.admin_url( 'admin-ajax.php' ).'?";
399
+ var pagelayer_global_nonce = "'.wp_create_nonce('pagelayer_global').'";
400
var pagelayer_server_time = '.time().';
401
var pagelayer_facebook_id = "'.get_option('pagelayer-fbapp-id').'";
402
var pagelayer_settings = '.json_encode($pagelayer->settings).';
main/ajax.php CHANGED
@@ -848,7 +848,7 @@ add_action('wp_ajax_nopriv_pagelayer_contact_submit', 'pagelayer_contact_submit'
848
function pagelayer_contact_submit(){
849
850
// Some AJAX security
851
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
852
853
$fdata = $_POST['form_data'];
854
parse_str($fdata, $formdata);
@@ -1013,8 +1013,10 @@ function pagelayer_after_logout(){
1013
1014
// Get Page List for SiteMap
1015
add_action('wp_ajax_pagelayer_get_pages_list', 'pagelayer_get_pages_list');
1016
- add_action('wp_ajax_nopriv_pagelayer_get_pages_list', 'pagelayer_get_pages_list');
1017
function pagelayer_get_pages_list(){
1018
1019
$args = array(
1020
'post_type' => $_POST['type'],
@@ -1042,7 +1044,7 @@ add_action('wp_ajax_pagelayer_search_ids', 'pagelayer_search_ids');
1042
function pagelayer_search_ids() {
1043
1044
// Some AJAX security
1045
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1046
1047
if ( empty( $_POST['filter_type'] ) || empty( $_POST['search'] ) ) {
1048
wp_die();
@@ -1125,7 +1127,7 @@ add_action('wp_ajax_pagelayer_save_template', 'pagelayer_save_template');
1125
function pagelayer_save_template() {
1126
1127
// Some AJAX security
1128
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1129
1130
$done = [];
1131
@@ -1446,9 +1448,11 @@ function pagelayer_products_ajax(){
1446
1447
// Get Taxamony List for SiteMap
1448
add_action('wp_ajax_pagelayer_get_taxonomy_list', 'pagelayer_get_taxonomy_list');
1449
- add_action('wp_ajax_nopriv_pagelayer_get_taxonomy_list', 'pagelayer_get_taxonomy_list');
1450
function pagelayer_get_taxonomy_list(){
1451
1452
$args = array(
1453
'title_li' => 0,
1454
'orderby' => $_POST['post_order'],
@@ -1480,7 +1484,7 @@ function pagelayer_export_template(){
1480
global $pagelayer;
1481
1482
// Some AJAX security
1483
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1484
1485
$done = [];
1486
848
function pagelayer_contact_submit(){
849
850
// Some AJAX security
851
+ check_ajax_referer('pagelayer_global', 'pagelayer_nonce');
852
853
$fdata = $_POST['form_data'];
854
parse_str($fdata, $formdata);
1013
1014
// Get Page List for SiteMap
1015
add_action('wp_ajax_pagelayer_get_pages_list', 'pagelayer_get_pages_list');
1016
function pagelayer_get_pages_list(){
1017
+
1018
+ // Some AJAX security
1019
+ check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1020
1021
$args = array(
1022
'post_type' => $_POST['type'],
1044
function pagelayer_search_ids() {
1045
1046
// Some AJAX security
1047
+ check_ajax_referer('pagelayer_builder', 'pagelayer_nonce');
1048
1049
if ( empty( $_POST['filter_type'] ) || empty( $_POST['search'] ) ) {
1050
wp_die();
1127
function pagelayer_save_template() {
1128
1129
// Some AJAX security
1130
+ check_ajax_referer('pagelayer_builder', 'pagelayer_nonce');
1131
1132
$done = [];
1133
1448
1449
// Get Taxamony List for SiteMap
1450
add_action('wp_ajax_pagelayer_get_taxonomy_list', 'pagelayer_get_taxonomy_list');
1451
function pagelayer_get_taxonomy_list(){
1452
1453
+ // Some AJAX security
1454
+ check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1455
+
1456
$args = array(
1457
'title_li' => 0,
1458
'orderby' => $_POST['post_order'],
1484
global $pagelayer;
1485
1486
// Some AJAX security
1487
+ check_ajax_referer('pagelayer_builder', 'pagelayer_nonce');
1488
1489
$done = [];
1490
pagelayer.php CHANGED
@@ -3,7 +3,7 @@
3
Plugin Name: PageLayer
4
Plugin URI: http://wordpress.org/plugins/pagelayer/
5
Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6
- Version: 1.1.1
7
Author: Pagelayer Team
8
Author URI: https://pagelayer.com/
9
License: LGPL v2.1
3
Plugin Name: PageLayer
4
Plugin URI: http://wordpress.org/plugins/pagelayer/
5
Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6
+ Version: 1.1.2
7
Author: Pagelayer Team
8
Author URI: https://pagelayer.com/
9
License: LGPL v2.1
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: page builder, editor, landing page, drag-and-drop, pagelayer, form-builder
4
Requires at least: 4.7
5
Tested up to: 5.4
6
Requires PHP: 5.5
7
- Stable tag: 1.1.1
8
License: LGPL v2.1
9
License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10
@@ -109,6 +109,9 @@ Do you have questions related to PageLayer ? Use the following links :
109
110
== Changelog ==
111
112
= 1.1.1 (May 2, 2020) =
113
* [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed.
114
* [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes.
4
Requires at least: 4.7
5
Tested up to: 5.4
6
Requires PHP: 5.5
7
+ Stable tag: 1.1.2
8
License: LGPL v2.1
9
License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10
109
110
== Changelog ==
111
112
+ = 1.1.2 (May 6, 2020) =
113
+ * [Security] For security reasons, we have changed the nonce names for the editor and for non-editor tasks. We urge all users to update to Pagelayer 1.1.2 as soon as possible.
114
+
115
= 1.1.1 (May 2, 2020) =
116
* [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed.
117
* [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes.