Page Builder: PageLayer – Drag and Drop website builder - Version 1.1.2

Version Description

(May 6, 2020) = * [Security] For security reasons, we have changed the nonce names for the editor and for non-editor tasks. We urge all users to update to Pagelayer 1.1.2 as soon as possible.

Download this release

Release Info

Developer pagelayer
Plugin Icon 128x128 Page Builder: PageLayer – Drag and Drop website builder
Version 1.1.2
Comparing to
See all releases

Code changes from version 1.1.1 to 1.1.2

Files changed (4) hide show
  1. init.php +2 -2
  2. main/ajax.php +10 -6
  3. pagelayer.php +1 -1
  4. readme.txt +4 -1
init.php CHANGED
@@ -5,7 +5,7 @@ if (!defined('ABSPATH')) exit;
5
 
6
  define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
7
  define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
8
- define('PAGELAYER_VERSION', '1.1.1');
9
  define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
10
  define('PAGELAYER_SLUG', 'pagelayer');
11
  define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));
@@ -396,7 +396,7 @@ function pagelayer_global_js(){
396
 
397
  echo '<script>
398
  var pagelayer_ajaxurl = "'.admin_url( 'admin-ajax.php' ).'?";
399
- var pagelayer_ajax_nonce = "'.wp_create_nonce('pagelayer_ajax').'";
400
  var pagelayer_server_time = '.time().';
401
  var pagelayer_facebook_id = "'.get_option('pagelayer-fbapp-id').'";
402
  var pagelayer_settings = '.json_encode($pagelayer->settings).';
5
 
6
  define('PAGELAYER_BASE', plugin_basename(PAGELAYER_FILE));
7
  define('PAGELAYER_PRO_BASE', 'pagelayer-pro/pagelayer-pro.php');
8
+ define('PAGELAYER_VERSION', '1.1.2');
9
  define('PAGELAYER_DIR', dirname(PAGELAYER_FILE));
10
  define('PAGELAYER_SLUG', 'pagelayer');
11
  define('PAGELAYER_URL', plugins_url('', PAGELAYER_FILE));
396
 
397
  echo '<script>
398
  var pagelayer_ajaxurl = "'.admin_url( 'admin-ajax.php' ).'?";
399
+ var pagelayer_global_nonce = "'.wp_create_nonce('pagelayer_global').'";
400
  var pagelayer_server_time = '.time().';
401
  var pagelayer_facebook_id = "'.get_option('pagelayer-fbapp-id').'";
402
  var pagelayer_settings = '.json_encode($pagelayer->settings).';
main/ajax.php CHANGED
@@ -848,7 +848,7 @@ add_action('wp_ajax_nopriv_pagelayer_contact_submit', 'pagelayer_contact_submit'
848
  function pagelayer_contact_submit(){
849
 
850
  // Some AJAX security
851
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
852
 
853
  $fdata = $_POST['form_data'];
854
  parse_str($fdata, $formdata);
@@ -1013,8 +1013,10 @@ function pagelayer_after_logout(){
1013
 
1014
  // Get Page List for SiteMap
1015
  add_action('wp_ajax_pagelayer_get_pages_list', 'pagelayer_get_pages_list');
1016
- add_action('wp_ajax_nopriv_pagelayer_get_pages_list', 'pagelayer_get_pages_list');
1017
  function pagelayer_get_pages_list(){
 
 
 
1018
 
1019
  $args = array(
1020
  'post_type' => $_POST['type'],
@@ -1042,7 +1044,7 @@ add_action('wp_ajax_pagelayer_search_ids', 'pagelayer_search_ids');
1042
  function pagelayer_search_ids() {
1043
 
1044
  // Some AJAX security
1045
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1046
 
1047
  if ( empty( $_POST['filter_type'] ) || empty( $_POST['search'] ) ) {
1048
  wp_die();
@@ -1125,7 +1127,7 @@ add_action('wp_ajax_pagelayer_save_template', 'pagelayer_save_template');
1125
  function pagelayer_save_template() {
1126
 
1127
  // Some AJAX security
1128
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1129
 
1130
  $done = [];
1131
 
@@ -1446,9 +1448,11 @@ function pagelayer_products_ajax(){
1446
 
1447
  // Get Taxamony List for SiteMap
1448
  add_action('wp_ajax_pagelayer_get_taxonomy_list', 'pagelayer_get_taxonomy_list');
1449
- add_action('wp_ajax_nopriv_pagelayer_get_taxonomy_list', 'pagelayer_get_taxonomy_list');
1450
  function pagelayer_get_taxonomy_list(){
1451
 
 
 
 
1452
  $args = array(
1453
  'title_li' => 0,
1454
  'orderby' => $_POST['post_order'],
@@ -1480,7 +1484,7 @@ function pagelayer_export_template(){
1480
  global $pagelayer;
1481
 
1482
  // Some AJAX security
1483
- check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1484
 
1485
  $done = [];
1486
 
848
  function pagelayer_contact_submit(){
849
 
850
  // Some AJAX security
851
+ check_ajax_referer('pagelayer_global', 'pagelayer_nonce');
852
 
853
  $fdata = $_POST['form_data'];
854
  parse_str($fdata, $formdata);
1013
 
1014
  // Get Page List for SiteMap
1015
  add_action('wp_ajax_pagelayer_get_pages_list', 'pagelayer_get_pages_list');
 
1016
  function pagelayer_get_pages_list(){
1017
+
1018
+ // Some AJAX security
1019
+ check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1020
 
1021
  $args = array(
1022
  'post_type' => $_POST['type'],
1044
  function pagelayer_search_ids() {
1045
 
1046
  // Some AJAX security
1047
+ check_ajax_referer('pagelayer_builder', 'pagelayer_nonce');
1048
 
1049
  if ( empty( $_POST['filter_type'] ) || empty( $_POST['search'] ) ) {
1050
  wp_die();
1127
  function pagelayer_save_template() {
1128
 
1129
  // Some AJAX security
1130
+ check_ajax_referer('pagelayer_builder', 'pagelayer_nonce');
1131
 
1132
  $done = [];
1133
 
1448
 
1449
  // Get Taxamony List for SiteMap
1450
  add_action('wp_ajax_pagelayer_get_taxonomy_list', 'pagelayer_get_taxonomy_list');
 
1451
  function pagelayer_get_taxonomy_list(){
1452
 
1453
+ // Some AJAX security
1454
+ check_ajax_referer('pagelayer_ajax', 'pagelayer_nonce');
1455
+
1456
  $args = array(
1457
  'title_li' => 0,
1458
  'orderby' => $_POST['post_order'],
1484
  global $pagelayer;
1485
 
1486
  // Some AJAX security
1487
+ check_ajax_referer('pagelayer_builder', 'pagelayer_nonce');
1488
 
1489
  $done = [];
1490
 
pagelayer.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: PageLayer
4
  Plugin URI: http://wordpress.org/plugins/pagelayer/
5
  Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6
- Version: 1.1.1
7
  Author: Pagelayer Team
8
  Author URI: https://pagelayer.com/
9
  License: LGPL v2.1
3
  Plugin Name: PageLayer
4
  Plugin URI: http://wordpress.org/plugins/pagelayer/
5
  Description: PageLayer is a WordPress page builder plugin. Its very easy to use and very light on the browser.
6
+ Version: 1.1.2
7
  Author: Pagelayer Team
8
  Author URI: https://pagelayer.com/
9
  License: LGPL v2.1
readme.txt CHANGED
@@ -4,7 +4,7 @@ Tags: page builder, editor, landing page, drag-and-drop, pagelayer, form-builder
4
  Requires at least: 4.7
5
  Tested up to: 5.4
6
  Requires PHP: 5.5
7
- Stable tag: 1.1.1
8
  License: LGPL v2.1
9
  License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10
 
@@ -109,6 +109,9 @@ Do you have questions related to PageLayer ? Use the following links :
109
 
110
  == Changelog ==
111
 
 
 
 
112
  = 1.1.1 (May 2, 2020) =
113
  * [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed.
114
  * [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes.
4
  Requires at least: 4.7
5
  Tested up to: 5.4
6
  Requires PHP: 5.5
7
+ Stable tag: 1.1.2
8
  License: LGPL v2.1
9
  License URI: http://www.gnu.org/licenses/lgpl-2.1.html
10
 
109
 
110
  == Changelog ==
111
 
112
+ = 1.1.2 (May 6, 2020) =
113
+ * [Security] For security reasons, we have changed the nonce names for the editor and for non-editor tasks. We urge all users to update to Pagelayer 1.1.2 as soon as possible.
114
+
115
  = 1.1.1 (May 2, 2020) =
116
  * [Security-Fix] There was a missing nonce check in the settings page of Pagelayer. This was reported by WordFence and is fixed.
117
  * [Security-Fix] Capability checks were missing in save content function of Pagelayer. This was reported by WordFence and is fixed. We urge all users to update to Pagelayer 1.1.1 as soon as possible due to these security fixes.