Responsive Menu - Version 4.0.4

Version Description

(19th January 2021) = * Bug: Fixed security vulnerabilities

Release Info

Developer	expresstech
Plugin	Responsive Menu
Version	4.0.4
Comparing to
See all releases

Code changes from version 4.0.3 to 4.0.4

Files changed (7) hide show

app/Controllers/AdminController.php +60 -11
config/routing.php +15 -6
readme.txt +4 -1
responsive-menu.php +2 -2
v4.0.0/inc/classes/class-admin.php +5 -0
v4.0.0/inc/classes/class-theme-manager.php +16 -2
v4.0.0/templates/rmp-themes.php +1 -0

app/Controllers/AdminController.php CHANGED Viewed

	@@ -66,10 +66,23 @@ class AdminController {
66	* @author Peter Featherstone <peter@featherstone.me>
67	*
68	* @since 3.0

69	*
70	* @return string Output HTML from rendered view.
71	*/
72	- public function rebuild() {












73	update_option('responsive_menu_version', '2.8.9');
74
75	return $this->view->render(
	@@ -93,13 +106,25 @@ class AdminController {
93	*
94	* @since 3.1.16
95	*
96	- * @param string $theme The theme name to apply

97	*
98	* @return string Output HTML from rendered view.
99	*/
100	- public function apply_theme($theme) {
101	$options = $this->manager->all();
102











103	$upload_folder = wp_upload_dir()['basedir'];
104	$theme_folder = $upload_folder . '/responsive-menu-themes/';
105	$options_file_location = $theme_folder . $theme . '/options.json';
	@@ -134,12 +159,17 @@ class AdminController {
134	*
135	* @since 3.1.16
136	*
137	- * @param string $theme The theme file location to unzip

138	*
139	* @return string Output HTML from rendered view.
140	*/
141	- public function import_theme($theme) {
142	- ~~if($theme):~~




143	WP_Filesystem();
144	$upload_folder = wp_upload_dir()['basedir'] . '/responsive-menu-themes';
145
	@@ -229,10 +259,23 @@ class AdminController {
229	* @since 3.0
230	*
231	* @param array $default_options An array of the default options.

232	*
233	* @return string Output HTML from rendered view.
234	*/
235	- public function reset($default_options) {












236	try {
237	$options = $this->manager->updateOptions($default_options);
238	$task = new UpdateOptionsTask;
	@@ -263,12 +306,18 @@ class AdminController {
263	* @since 3.0
264	*
265	* @param array $imported_options An array of the imported options.

266	*
267	* @return string Output HTML from rendered view.
268	*/
269	- public function import($imported_options) {
270	$errors = [];
271	- ~~if(!empty($imported_options)):~~





272
273	$validator = new Validator();
274	if($validator->validate($imported_options)):
	@@ -290,11 +339,11 @@ class AdminController {
290
291	endif;
292
293	- else:
294	$options = $this->manager->all();
295	$alert = ['danger' => 'No import file selected'];
296
297	- ~~endif;~~
298
299	return $this->view->render(
300	'admin/main.html.twig',


66	* @author Peter Featherstone <peter@featherstone.me>
67	*
68	* @since 3.0
69	+ * @param bool $valid_nonce Is the form nonce valid or not.
70	*
71	* @return string Output HTML from rendered view.
72	*/
73	+ public function rebuild( $valid_nonce ) {
74	+
75	+ // Check form nonce is valid or not.
76	+ if ( ! $valid_nonce ) {
77	+ return $this->view->render(
78	+ 'admin/main.html.twig',
79	+ [
80	+ 'options' => $this->manager->all(),
81	+ 'alert' => [ 'danger' => 'CSRF token not valid' ]
82	+ ]
83	+ );
84	+ }
85	+
86	update_option('responsive_menu_version', '2.8.9');
87
88	return $this->view->render(

106	*
107	* @since 3.1.16
108	*
109	+ * @param string $theme The theme name to apply
110	+ * @param bool $valid_nonce Is the form nonce valid or not.
111	*
112	* @return string Output HTML from rendered view.
113	*/
114	+ public function apply_theme( $theme, $valid_nonce ) {
115	$options = $this->manager->all();
116
117	+ // Check form nonce is valid or not.
118	+ if ( ! $valid_nonce ) {
119	+ return $this->view->render(
120	+ 'admin/main.html.twig',
121	+ [
122	+ 'options' => $options,
123	+ 'alert' => [ 'danger' => 'CSRF token not valid' ]
124	+ ]
125	+ );
126	+ }
127	+
128	$upload_folder = wp_upload_dir()['basedir'];
129	$theme_folder = $upload_folder . '/responsive-menu-themes/';
130	$options_file_location = $theme_folder . $theme . '/options.json';

159	*
160	* @since 3.1.16
161	*
162	+ * @param string $theme The theme file location to unzip
163	+ * @param bool $valid_nonce Is the form nonce valid or not.
164	*
165	* @return string Output HTML from rendered view.
166	*/
167	+ public function import_theme( $theme, $valid_nonce ) {
168	+
169	+ // Check nonce is valid or not.
170	+ if ( ! $valid_nonce ):
171	+ $alert = [ 'danger' => 'CSRF token not valid' ];
172	+ elseif ( ! empty( $theme ) ):
173	WP_Filesystem();
174	$upload_folder = wp_upload_dir()['basedir'] . '/responsive-menu-themes';
175

259	* @since 3.0
260	*
261	* @param array $default_options An array of the default options.
262	+ * @param bool $valid_nonce Is the form nonce valid or not.
263	*
264	* @return string Output HTML from rendered view.
265	*/
266	+ public function reset($default_options, $valid_nonce ) {
267	+
268	+ // Check form nonce is valid or not.
269	+ if ( ! $valid_nonce ) {
270	+ return $this->view->render(
271	+ 'admin/main.html.twig',
272	+ [
273	+ 'options' => $this->manager->all(),
274	+ 'alert' => [ 'danger' => 'CSRF token not valid' ]
275	+ ]
276	+ );
277	+ }
278	+
279	try {
280	$options = $this->manager->updateOptions($default_options);
281	$task = new UpdateOptionsTask;

306	* @since 3.0
307	*
308	* @param array $imported_options An array of the imported options.
309	+ * @param bool $valid_nonce Is the form nonce valid or not.
310	*
311	* @return string Output HTML from rendered view.
312	*/
313	+ public function import( $imported_options, $valid_nonce ) {
314	$errors = [];
315	+
316	+ // Check nonce is valid or not.
317	+ if ( ! $valid_nonce ) {
318	+ $alert = [ 'danger' => 'CSRF token not valid' ];
319	+ $options = $this->manager->all();
320	+ } elseif( ! empty( $imported_options ) ) {
321
322	$validator = new Validator();
323	if($validator->validate($imported_options)):

339
340	endif;
341
342	+ } else {
343	$options = $this->manager->all();
344	$alert = ['danger' => 'No import file selected'];
345
346	+ }
347
348	return $this->view->render(
349	'admin/main.html.twig',

config/routing.php CHANGED Viewed

	@@ -32,25 +32,34 @@ if(is_admin()):
32	echo $controller->update($valid_nonce, wp_unslash($_POST['menu']));
33
34	elseif(isset($_POST['responsive-menu-reset'])):
35	- ~~echo~~ $~~controller->reset(get_responsive_menu_default_options(~~));


36
37	elseif(isset($_POST['responsive-menu-theme'])):
38	- ~~echo~~ ~~$controller->apply_theme~~($_POST['menu']['~~menu_theme~~']);


39
40	elseif(isset($_POST['responsive-menu-import'])):


41	$file = $_FILES['responsive-menu-import-file'];
42	$file_options = isset($file['tmp_name']) ? (array) json_decode(file_get_contents($file['tmp_name'])) : null;
43	- echo $controller->import($file_options);
44	-
45
46	elseif(isset($_POST['responsive-menu-import-theme'])):


47	$file = $_FILES['responsive-menu-import-theme-file'];
48	$theme = isset($file['tmp_name']) && $file['tmp_name'] ? $file['tmp_name'] : null;
49
50	- echo $controller->import_theme($theme);
51
52	elseif(isset($_POST['responsive-menu-rebuild-db'])):
53	- ~~echo~~ $~~controller->rebuild(~~);


54
55	else:
56	echo $controller->index();


32	echo $controller->update($valid_nonce, wp_unslash($_POST['menu']));
33
34	elseif(isset($_POST['responsive-menu-reset'])):
35	+ $valid_nonce = wp_verify_nonce( $_POST['responsive-menu-nonce'], 'update' );
36	+
37	+ echo $controller->reset(get_responsive_menu_default_options(), $valid_nonce );
38
39	elseif(isset($_POST['responsive-menu-theme'])):
40	+ $valid_nonce = wp_verify_nonce( $_POST['responsive-menu-nonce'], 'update' );
41	+
42	+ echo $controller->apply_theme($_POST['menu']['menu_theme'], $valid_nonce );
43
44	elseif(isset($_POST['responsive-menu-import'])):
45	+ $valid_nonce = wp_verify_nonce( $_POST['responsive-menu-nonce'], 'update' );
46	+
47	$file = $_FILES['responsive-menu-import-file'];
48	$file_options = isset($file['tmp_name']) ? (array) json_decode(file_get_contents($file['tmp_name'])) : null;
49	+ echo $controller->import( $file_options, $valid_nonce );

50
51	elseif(isset($_POST['responsive-menu-import-theme'])):
52	+ $valid_nonce = wp_verify_nonce( $_POST['responsive-menu-nonce'], 'update' );
53	+
54	$file = $_FILES['responsive-menu-import-theme-file'];
55	$theme = isset($file['tmp_name']) && $file['tmp_name'] ? $file['tmp_name'] : null;
56
57	+ echo $controller->import_theme( $theme, $valid_nonce );
58
59	elseif(isset($_POST['responsive-menu-rebuild-db'])):
60	+ $valid_nonce = wp_verify_nonce( $_POST['responsive-menu-nonce'], 'update' );
61	+
62	+ echo $controller->rebuild( $valid_nonce );
63
64	else:
65	echo $controller->index();

readme.txt CHANGED Viewed

	@@ -3,7 +3,7 @@ Contributors: expresstech,responsivemenu
3	Tags: responsive, mega menu, navigation, mobile, hamburger
4	Requires at least: 3.6
5	Tested up to: 5.6
6	- Stable tag: 4.0.3
7	Requires PHP: 5.6
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
	@@ -110,6 +110,9 @@ To view our FAQ, please go to [https://responsive.menu/faq/](https://responsive.
110	15. Admin Desktop Menu Section
111
112	== Changelog ==



113	= 4.0.3 (07th January 2021) =
114	* Enhancement: Improved caching for API response
115	* Bug: Improved multi language menu support with WPML


3	Tags: responsive, mega menu, navigation, mobile, hamburger
4	Requires at least: 3.6
5	Tested up to: 5.6
6	+ Stable tag: 4.0.4
7	Requires PHP: 5.6
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html

110	15. Admin Desktop Menu Section
111
112	== Changelog ==
113	+ = 4.0.4 (19th January 2021) =
114	+ * Bug: Fixed security vulnerabilities
115	+
116	= 4.0.3 (07th January 2021) =
117	* Enhancement: Improved caching for API response
118	* Bug: Improved multi language menu support with WPML

responsive-menu.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	Plugin Name: Responsive Menu
5	Plugin URI: https://expresstech.io
6	Description: Highly Customisable Responsive Menu Plugin for WordPress
7	- Version: 4.0.3
8	Author: ExpressTech
9	Text Domain: responsive-menu
10	Author URI: https://responsive.menu
	@@ -16,7 +16,7 @@ Tags: responsive, menu, responsive menu, mega menu, max mega menu, max menu
16	* Constant as plugin version.
17	*/
18	if ( ! defined( 'RMP_PLUGIN_VERSION' ) ) {
19	- define( 'RMP_PLUGIN_VERSION', '4.0.3' );
20	}
21
22	define('RESPONSIVE_MENU_URL', plugin_dir_url( __FILE__ ) );


4	Plugin Name: Responsive Menu
5	Plugin URI: https://expresstech.io
6	Description: Highly Customisable Responsive Menu Plugin for WordPress
7	+ Version: 4.0.4
8	Author: ExpressTech
9	Text Domain: responsive-menu
10	Author URI: https://responsive.menu

16	* Constant as plugin version.
17	*/
18	if ( ! defined( 'RMP_PLUGIN_VERSION' ) ) {
19	+ define( 'RMP_PLUGIN_VERSION', '4.0.4' );
20	}
21
22	define('RESPONSIVE_MENU_URL', plugin_dir_url( __FILE__ ) );

v4.0.0/inc/classes/class-admin.php CHANGED Viewed

	@@ -477,6 +477,11 @@ class Admin {
477	*/
478	public function rmp_menu_cpt() {
479





480	$labels = array(
481	'name' => __( 'Responsive Menu', 'responsive-menu-pro' ),
482	'singular_name' => 'Rmp_Menu',


477	*/
478	public function rmp_menu_cpt() {
479
480	+ // Check user capabilities.
481	+ if ( ! current_user_can( 'manage_options' ) ) {
482	+ return;
483	+ }
484	+
485	$labels = array(
486	'name' => __( 'Responsive Menu', 'responsive-menu-pro' ),
487	'singular_name' => 'Rmp_Menu',

v4.0.0/inc/classes/class-theme-manager.php CHANGED Viewed

	@@ -308,15 +308,29 @@ class Theme_Manager {
308	return false;
309	}
310








311	public function rmp_upload_theme() {
312








313	status_header(200);
314
315	$theme = $_FILES['file']['tmp_name'];
316	-
317	WP_Filesystem();
318	$upload_dir = wp_upload_dir()['basedir'] . '/rmp-menu/themes/';
319	-
320	$unzip_file = unzip_file( $theme , $upload_dir );
321
322	if ( is_wp_error( $unzip_file ) ) {


308	return false;
309	}
310
311	+ /**
312	+ * Funtion to upload the menu theme zip file.
313	+ *
314	+ * @since 4.0.0
315	+ * @since 4.0.4 Added nonce and user capabilities check.
316	+ *
317	+ * @since array $status
318	+ */
319	public function rmp_upload_theme() {
320
321	+ // Check nonce to verify the authenticate upload file.
322	+ check_ajax_referer( 'rmp_nonce', 'rmp_theme_upload_nonce' );
323	+
324	+ // Check user capabilities.
325	+ if ( ! current_user_can( 'manage_options' ) ) {
326	+ return;
327	+ }
328	+
329	status_header(200);
330
331	$theme = $_FILES['file']['tmp_name'];

332	WP_Filesystem();
333	$upload_dir = wp_upload_dir()['basedir'] . '/rmp-menu/themes/';

334	$unzip_file = unzip_file( $theme , $upload_dir );
335
336	if ( is_wp_error( $unzip_file ) ) {

v4.0.0/templates/rmp-themes.php CHANGED Viewed

	@@ -24,6 +24,7 @@ $theme_manager = Theme_Manager::get_instance();
24	<!-- Theme drop and upload location -->
25	<div id="rmp-menu-library-import" class="hide">
26	<form action="<?php echo admin_url( 'admin-post.php' ); ?>" id="rmp-menu-library-import-form" method="post" enctype="multipart/form-data">

27	<a class="cancel">
28	<span class="dashicons dashicons-no-alt "></span>
29	</a>


24	<!-- Theme drop and upload location -->
25	<div id="rmp-menu-library-import" class="hide">
26	<form action="<?php echo admin_url( 'admin-post.php' ); ?>" id="rmp-menu-library-import-form" method="post" enctype="multipart/form-data">
27	+ <input type="hidden" id="rmp_theme_upload_nonce" name="rmp_theme_upload_nonce" value="<?php echo wp_create_nonce('rmp_nonce'); ?>"/>
28	<a class="cancel">
29	<span class="dashicons dashicons-no-alt "></span>
30	</a>