Version Description
Current Version of Popup Builder is 3.65.1
Download this release
Release Info
| Developer | Sygnoos |
| Plugin |  Popup Builder – Responsive WordPress Pop up |
| Version | 3.65.1 |
| Comparing to | |
| See all releases | |
Code changes from version 3.65 to 3.65.1
- com/classes/Filters.php +1 -1
- com/config/configPackage.php +1 -1
- com/helpers/AdminHelper.php +16 -0
- popup-builder.php +1 -1
- public/js/PopupBuilder.js +9 -0
- readme.txt +5 -2
com/classes/Filters.php
CHANGED
|
@@ -391,7 +391,7 @@ class Filters
|
|
| 391 |
if (empty($targets['sgpb-target'][0])) {
|
| 392 |
return $previewLink .= '/?sg_popup_preview_id='.$popupId;
|
| 393 |
}
|
| 394 |
-
$targetParams =
|
| 395 |
if ((!empty($targetParams) && $targetParams == 'not_rule') || empty($targetParams)) {
|
| 396 |
$previewLink = home_url();
|
| 397 |
$previewLink .= '/?sg_popup_preview_id='.$popupId;
|
| 391 |
if (empty($targets['sgpb-target'][0])) {
|
| 392 |
return $previewLink .= '/?sg_popup_preview_id='.$popupId;
|
| 393 |
}
|
| 394 |
+
$targetParams = @$targets['sgpb-target'][0][0]['param'];
|
| 395 |
if ((!empty($targetParams) && $targetParams == 'not_rule') || empty($targetParams)) {
|
| 396 |
$previewLink = home_url();
|
| 397 |
$previewLink .= '/?sg_popup_preview_id='.$popupId;
|
com/config/configPackage.php
CHANGED
|
@@ -3,6 +3,6 @@ if (!defined('ABSPATH')) {
|
|
| 3 |
exit();
|
| 4 |
}
|
| 5 |
|
| 6 |
-
define('SG_POPUP_VERSION', '3.65');
|
| 7 |
define('SGPB_POPUP_PKG', SGPB_POPUP_PKG_FREE);
|
| 8 |
define('POPUP_BUILDER_BASENAME', 'popupbuilder-platinum/popup-builder.php');
|
| 3 |
exit();
|
| 4 |
}
|
| 5 |
|
| 6 |
+
define('SG_POPUP_VERSION', '3.65.1');
|
| 7 |
define('SGPB_POPUP_PKG', SGPB_POPUP_PKG_FREE);
|
| 8 |
define('POPUP_BUILDER_BASENAME', 'popupbuilder-platinum/popup-builder.php');
|
com/helpers/AdminHelper.php
CHANGED
|
@@ -1679,7 +1679,9 @@ class AdminHelper
|
|
| 1679 |
// get scripts
|
| 1680 |
$jsPostMeta = @$postMeta['js'];
|
| 1681 |
$jsDefaultData = $defaultData['customEditorContent']['js']['helperText'];
|
|
|
|
| 1682 |
$finalContent = '';
|
|
|
|
| 1683 |
if (!empty($jsPostMeta)) {
|
| 1684 |
$customScripts = '<script id="sgpb-custom-script-'.$popupId.'">';
|
| 1685 |
foreach ($jsDefaultData as $key => $value) {
|
|
@@ -1689,6 +1691,17 @@ class AdminHelper
|
|
| 1689 |
}
|
| 1690 |
$content = @$jsPostMeta['sgpb-'.$key];
|
| 1691 |
$content = str_replace('popupId', $popupId, $content);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1692 |
$content = html_entity_decode($content, ENT_QUOTES, 'UTF-8');
|
| 1693 |
|
| 1694 |
$finalContent .= 'sgAddEvent(window, "'.$eventName.'", function(e) {';
|
|
@@ -1699,6 +1712,9 @@ class AdminHelper
|
|
| 1699 |
}
|
| 1700 |
$customScripts .= $finalContent;
|
| 1701 |
$customScripts .= '</script>';
|
|
|
|
|
|
|
|
|
|
| 1702 |
$finalResult .= $customScripts;
|
| 1703 |
}
|
| 1704 |
|
| 1679 |
// get scripts
|
| 1680 |
$jsPostMeta = @$postMeta['js'];
|
| 1681 |
$jsDefaultData = $defaultData['customEditorContent']['js']['helperText'];
|
| 1682 |
+
$suspiciousStrings = array('document.createElement', 'createElement', 'String.fromCharCode', 'fromCharCode', '<!--', '-->');
|
| 1683 |
$finalContent = '';
|
| 1684 |
+
$suspiciousStringFound = false;
|
| 1685 |
if (!empty($jsPostMeta)) {
|
| 1686 |
$customScripts = '<script id="sgpb-custom-script-'.$popupId.'">';
|
| 1687 |
foreach ($jsDefaultData as $key => $value) {
|
| 1691 |
}
|
| 1692 |
$content = @$jsPostMeta['sgpb-'.$key];
|
| 1693 |
$content = str_replace('popupId', $popupId, $content);
|
| 1694 |
+
$content = str_replace("<", "<", $content);
|
| 1695 |
+
$content = str_replace(">", ">", $content);
|
| 1696 |
+
foreach ($suspiciousStrings as $string) {
|
| 1697 |
+
if (strpos($content, $string)) {
|
| 1698 |
+
$suspiciousStringFound = true;
|
| 1699 |
+
break;
|
| 1700 |
+
}
|
| 1701 |
+
}
|
| 1702 |
+
if ($suspiciousStringFound) {
|
| 1703 |
+
break;
|
| 1704 |
+
}
|
| 1705 |
$content = html_entity_decode($content, ENT_QUOTES, 'UTF-8');
|
| 1706 |
|
| 1707 |
$finalContent .= 'sgAddEvent(window, "'.$eventName.'", function(e) {';
|
| 1712 |
}
|
| 1713 |
$customScripts .= $finalContent;
|
| 1714 |
$customScripts .= '</script>';
|
| 1715 |
+
if (empty($finalContent)) {
|
| 1716 |
+
$customScripts = '';
|
| 1717 |
+
}
|
| 1718 |
$finalResult .= $customScripts;
|
| 1719 |
}
|
| 1720 |
|
popup-builder.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
* Plugin Name: Popup Builder
|
| 4 |
* Plugin URI: https://popup-builder.com
|
| 5 |
* Description: The most complete popup plugin. Html, image, iframe, shortcode, video and many other popup types. Manage popup dimensions, effects, themes and more.
|
| 6 |
-
* Version: 3.65
|
| 7 |
* Author: Sygnoos
|
| 8 |
* Author URI: https://sygnoos.com
|
| 9 |
* License: GPLv2
|
| 3 |
* Plugin Name: Popup Builder
|
| 4 |
* Plugin URI: https://popup-builder.com
|
| 5 |
* Description: The most complete popup plugin. Html, image, iframe, shortcode, video and many other popup types. Manage popup dimensions, effects, themes and more.
|
| 6 |
+
* Version: 3.65.1
|
| 7 |
* Author: Sygnoos
|
| 8 |
* Author URI: https://sygnoos.com
|
| 9 |
* License: GPLv2
|
public/js/PopupBuilder.js
CHANGED
|
@@ -438,6 +438,15 @@ SGPBPopup.prototype.prepareOpen = function()
|
|
| 438 |
|
| 439 |
function decodeEntities(encodedString)
|
| 440 |
{
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 441 |
var textArea = document.createElement('textarea');
|
| 442 |
textArea.innerHTML = encodedString;
|
| 443 |
|
| 438 |
|
| 439 |
function decodeEntities(encodedString)
|
| 440 |
{
|
| 441 |
+
if (typeof encodedString == 'undefined') {
|
| 442 |
+
return '';
|
| 443 |
+
}
|
| 444 |
+
var suspiciousStrings = ['document.createElement', 'createElement', 'String.fromCharCode', 'fromCharCode'];
|
| 445 |
+
for (var i in suspiciousStrings) {
|
| 446 |
+
if (encodedString.indexOf(suspiciousStrings[i]) > 0) {
|
| 447 |
+
return '';
|
| 448 |
+
}
|
| 449 |
+
}
|
| 450 |
var textArea = document.createElement('textarea');
|
| 451 |
textArea.innerHTML = encodedString;
|
| 452 |
|
readme.txt
CHANGED
|
@@ -9,7 +9,7 @@ Tags: popup, pop up, wordpress popup, popup maker, exit popup, popup builder, wo
|
|
| 9 |
Requires at least: 3.8
|
| 10 |
Tested up to: 5.3
|
| 11 |
Requires PHP: 5.3.3
|
| 12 |
-
Stable tag: 3.65
|
| 13 |
License: GPLv2 or later
|
| 14 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 15 |
|
|
@@ -185,6 +185,9 @@ Go to the Popup Builder settings and set your desired options.
|
|
| 185 |
|
| 186 |
== Changelog ==
|
| 187 |
|
|
|
|
|
|
|
|
|
|
| 188 |
= Version 3.65 =
|
| 189 |
* Reset the custom JS metabox to prevent code injection from versions < 3.64
|
| 190 |
|
|
@@ -1157,7 +1160,7 @@ Leave us a good review :)
|
|
| 1157 |
|
| 1158 |
== Upgrade Notice ==
|
| 1159 |
|
| 1160 |
-
Current Version of Popup Builder is 3.65
|
| 1161 |
|
| 1162 |
== Other Notes ==
|
| 1163 |
|
| 9 |
Requires at least: 3.8
|
| 10 |
Tested up to: 5.3
|
| 11 |
Requires PHP: 5.3.3
|
| 12 |
+
Stable tag: 3.65.1
|
| 13 |
License: GPLv2 or later
|
| 14 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 15 |
|
| 185 |
|
| 186 |
== Changelog ==
|
| 187 |
|
| 188 |
+
= Version 3.65.1 =
|
| 189 |
+
* Added filter for custom JS input to sanitize invalid symbols.
|
| 190 |
+
|
| 191 |
= Version 3.65 =
|
| 192 |
* Reset the custom JS metabox to prevent code injection from versions < 3.64
|
| 193 |
|
| 1160 |
|
| 1161 |
== Upgrade Notice ==
|
| 1162 |
|
| 1163 |
+
Current Version of Popup Builder is 3.65.1
|
| 1164 |
|
| 1165 |
== Other Notes ==
|
| 1166 |
|
