Visual Composer Website Builder

Version Description

Release Date - 2022-09-01

Free:

Fix: To prevent xss vulnerabilities, all roles without 'unfiltered_html' capability don't have an access to the editor

Release Info

Developer	visualcomposer
Plugin	Visual Composer Website Builder
Version	45.0.1
Comparing to
See all releases

Code changes from version 45.0 to 45.0.1

Files changed (9) hide show

plugin-wordpress.php +2 -2
readme.txt +7 -1
vendor/autoload.php +1 -1
vendor/composer/InstalledVersions.php +6 -6
vendor/composer/autoload_real.php +4 -4
vendor/composer/autoload_static.php +4 -4
vendor/composer/installed.php +6 -6
visualcomposer/Helpers/Access/UserCapabilities.php +7 -10
visualcomposer/resources/views/settings/pages/role-manager/role-manager.php +15 -0

plugin-wordpress.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4	* Plugin Name: Visual Composer
5	* Plugin URI: https://visualcomposer.com/premium/?utm_source=vcwb&utm_medium=wpplugins&utm_campaign=vcbrand&utm_content=text
6	* Description: Create your WordPress website with the fast and easy-to-use drag-and-drop builder for experts and beginners.
7	- * Version: 45.0
8	* Author: visualcomposer.com
9	* Author URI: https://visualcomposer.com/?utm_source=vcwb&utm_medium=wpplugins&utm_campaign=vcbrand&utm_content=text
10	* Copyright: (c) 2017 TechMill Ltd.
	@@ -46,7 +46,7 @@ if (defined('VCV_VERSION')) {
46	/**
47	* Plugin version constant
48	*/
49	- define('VCV_VERSION', '45.0');
50	/**
51	* Plugin url: 'http://web/wp-content/plugins/plugin_dir/'
52	*/


4	* Plugin Name: Visual Composer
5	* Plugin URI: https://visualcomposer.com/premium/?utm_source=vcwb&utm_medium=wpplugins&utm_campaign=vcbrand&utm_content=text
6	* Description: Create your WordPress website with the fast and easy-to-use drag-and-drop builder for experts and beginners.
7	+ * Version: 45.0.1
8	* Author: visualcomposer.com
9	* Author URI: https://visualcomposer.com/?utm_source=vcwb&utm_medium=wpplugins&utm_campaign=vcbrand&utm_content=text
10	* Copyright: (c) 2017 TechMill Ltd.

46	/**
47	* Plugin version constant
48	*/
49	+ define('VCV_VERSION', '45.0.1');
50	/**
51	* Plugin url: 'http://web/wp-content/plugins/plugin_dir/'
52	*/

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Tags: page builder, website builder, editor, drag and drop, visual composer, pop
4	Requires PHP: 5.6
5	Requires at least: 4.6
6	Tested up to: 6.0
7	- Stable tag: 45.0
8	License: GPLv3
9	License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
	@@ -222,6 +222,12 @@ It is both! Visual Composer’s free version works like a page builder where you
222
223	== Changelog ==
224






225	= 45.0 =
226	Release Date - 2022-08-17
227


4	Requires PHP: 5.6
5	Requires at least: 4.6
6	Tested up to: 6.0
7	+ Stable tag: 45.0.1
8	License: GPLv3
9	License URI: http://www.gnu.org/licenses/gpl-3.0.html
10

222
223	== Changelog ==
224
225	+ = 45.0.1 =
226	+ Release Date - 2022-09-01
227	+
228	+ ### Free:
229	+ - Fix: To prevent xss vulnerabilities, all roles without 'unfiltered_html' capability don't have an access to the editor
230	+
231	= 45.0 =
232	Release Date - 2022-08-17
233

vendor/autoload.php CHANGED Viewed

	@@ -4,4 +4,4 @@
4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	- return ~~ComposerAutoloaderInit98815bd71daf5b79f0d9b8a0788c591f~~::getLoader();


4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	+ return ComposerAutoloaderInit10bde0bad4f5806e9dd91079ba7b9ed3::getLoader();

vendor/composer/InstalledVersions.php CHANGED Viewed

	@@ -14,24 +14,24 @@ class InstalledVersions
14	private static $installed = array (
15	'root' =>
16	array (
17	- 'pretty_version' => '45.x-dev',
18	- 'version' => '45.~~9999999~~.9999999.9999999-dev',
19	'aliases' =>
20	array (
21	),
22	- 'reference' => '~~11a35100fca8f99cbb6f79b4609b412b174c891e~~',
23	'name' => '__root__',
24	),
25	'versions' =>
26	array (
27	'__root__' =>
28	array (
29	- 'pretty_version' => '45.x-dev',
30	- 'version' => '45.~~9999999~~.9999999.9999999-dev',
31	'aliases' =>
32	array (
33	),
34	- 'reference' => '~~11a35100fca8f99cbb6f79b4609b412b174c891e~~',
35	),
36	),
37	);


14	private static $installed = array (
15	'root' =>
16	array (
17	+ 'pretty_version' => '45.0.x-dev',
18	+ 'version' => '45.0.9999999.9999999-dev',
19	'aliases' =>
20	array (
21	),
22	+ 'reference' => 'a61b8c7dc3522d05eb04079658e4836cd6f2c427',
23	'name' => '__root__',
24	),
25	'versions' =>
26	array (
27	'__root__' =>
28	array (
29	+ 'pretty_version' => '45.0.x-dev',
30	+ 'version' => '45.0.9999999.9999999-dev',
31	'aliases' =>
32	array (
33	),
34	+ 'reference' => 'a61b8c7dc3522d05eb04079658e4836cd6f2c427',
35	),
36	),
37	);

vendor/composer/autoload_real.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2
3	// autoload_real.php @generated by Composer
4
5	- class ~~ComposerAutoloaderInit98815bd71daf5b79f0d9b8a0788c591f~~
6	{
7	private static $loader;
8
	@@ -24,15 +24,15 @@ class ComposerAutoloaderInit98815bd71daf5b79f0d9b8a0788c591f
24
25	require __DIR__ . '/platform_check.php';
26
27	- spl_autoload_register(array('~~ComposerAutoloaderInit98815bd71daf5b79f0d9b8a0788c591f~~', 'loadClassLoader'), true, true);
28	self::$loader = $loader = new \Composer\Autoload\ClassLoader();
29	- spl_autoload_unregister(array('~~ComposerAutoloaderInit98815bd71daf5b79f0d9b8a0788c591f~~', 'loadClassLoader'));
30
31	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
32	if ($useStaticLoader) {
33	require __DIR__ . '/autoload_static.php';
34
35	- call_user_func(\Composer\Autoload\~~ComposerStaticInit98815bd71daf5b79f0d9b8a0788c591f~~::getInitializer($loader));
36	} else {
37	$map = require __DIR__ . '/autoload_namespaces.php';
38	foreach ($map as $namespace => $path) {


2
3	// autoload_real.php @generated by Composer
4
5	+ class ComposerAutoloaderInit10bde0bad4f5806e9dd91079ba7b9ed3
6	{
7	private static $loader;
8

24
25	require __DIR__ . '/platform_check.php';
26
27	+ spl_autoload_register(array('ComposerAutoloaderInit10bde0bad4f5806e9dd91079ba7b9ed3', 'loadClassLoader'), true, true);
28	self::$loader = $loader = new \Composer\Autoload\ClassLoader();
29	+ spl_autoload_unregister(array('ComposerAutoloaderInit10bde0bad4f5806e9dd91079ba7b9ed3', 'loadClassLoader'));
30
31	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
32	if ($useStaticLoader) {
33	require __DIR__ . '/autoload_static.php';
34
35	+ call_user_func(\Composer\Autoload\ComposerStaticInit10bde0bad4f5806e9dd91079ba7b9ed3::getInitializer($loader));
36	} else {
37	$map = require __DIR__ . '/autoload_namespaces.php';
38	foreach ($map as $namespace => $path) {

vendor/composer/autoload_static.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4
5	namespace Composer\Autoload;
6
7	- class ~~ComposerStaticInit98815bd71daf5b79f0d9b8a0788c591f~~
8	{
9	public static $prefixLengthsPsr4 = array (
10	'V' =>
	@@ -306,9 +306,9 @@ class ComposerStaticInit98815bd71daf5b79f0d9b8a0788c591f
306	public static function getInitializer(ClassLoader $loader)
307	{
308	return \Closure::bind(function () use ($loader) {
309	- $loader->prefixLengthsPsr4 = ~~ComposerStaticInit98815bd71daf5b79f0d9b8a0788c591f~~::$prefixLengthsPsr4;
310	- $loader->prefixDirsPsr4 = ~~ComposerStaticInit98815bd71daf5b79f0d9b8a0788c591f~~::$prefixDirsPsr4;
311	- $loader->classMap = ~~ComposerStaticInit98815bd71daf5b79f0d9b8a0788c591f~~::$classMap;
312
313	}, null, ClassLoader::class);
314	}


4
5	namespace Composer\Autoload;
6
7	+ class ComposerStaticInit10bde0bad4f5806e9dd91079ba7b9ed3
8	{
9	public static $prefixLengthsPsr4 = array (
10	'V' =>

306	public static function getInitializer(ClassLoader $loader)
307	{
308	return \Closure::bind(function () use ($loader) {
309	+ $loader->prefixLengthsPsr4 = ComposerStaticInit10bde0bad4f5806e9dd91079ba7b9ed3::$prefixLengthsPsr4;
310	+ $loader->prefixDirsPsr4 = ComposerStaticInit10bde0bad4f5806e9dd91079ba7b9ed3::$prefixDirsPsr4;
311	+ $loader->classMap = ComposerStaticInit10bde0bad4f5806e9dd91079ba7b9ed3::$classMap;
312
313	}, null, ClassLoader::class);
314	}

vendor/composer/installed.php CHANGED Viewed

	@@ -1,24 +1,24 @@
1	<?php return array (
2	'root' =>
3	array (
4	- 'pretty_version' => '45.x-dev',
5	- 'version' => '45.~~9999999~~.9999999.9999999-dev',
6	'aliases' =>
7	array (
8	),
9	- 'reference' => '~~11a35100fca8f99cbb6f79b4609b412b174c891e~~',
10	'name' => '__root__',
11	),
12	'versions' =>
13	array (
14	'__root__' =>
15	array (
16	- 'pretty_version' => '45.x-dev',
17	- 'version' => '45.~~9999999~~.9999999.9999999-dev',
18	'aliases' =>
19	array (
20	),
21	- 'reference' => '~~11a35100fca8f99cbb6f79b4609b412b174c891e~~',
22	),
23	),
24	);


1	<?php return array (
2	'root' =>
3	array (
4	+ 'pretty_version' => '45.0.x-dev',
5	+ 'version' => '45.0.9999999.9999999-dev',
6	'aliases' =>
7	array (
8	),
9	+ 'reference' => 'a61b8c7dc3522d05eb04079658e4836cd6f2c427',
10	'name' => '__root__',
11	),
12	'versions' =>
13	array (
14	'__root__' =>
15	array (
16	+ 'pretty_version' => '45.0.x-dev',
17	+ 'version' => '45.0.9999999.9999999-dev',
18	'aliases' =>
19	array (
20	),
21	+ 'reference' => 'a61b8c7dc3522d05eb04079658e4836cd6f2c427',
22	),
23	),
24	);

visualcomposer/Helpers/Access/UserCapabilities.php CHANGED Viewed

	@@ -37,6 +37,8 @@ class UserCapabilities implements Helper
37	$hasAccess = false;
38	}
39	$hasAccess = $hasAccess && current_user_can('edit_post', $sourceId);


40	// @codingStandardsIgnoreLine
41	$hasAccess = $hasAccess && $this->isEditorEnabled($post->post_type);
42
	@@ -61,6 +63,9 @@ class UserCapabilities implements Helper
61	$hasAccess = $currentUserAccessHelper->part('dashboard')->can('addon_popup_builder', false)->get();
62	}
63



64	return $hasAccess;
65	}
66
	@@ -107,16 +112,8 @@ class UserCapabilities implements Helper
107	'edit_page'
108	],
109	],
110	- 'author' => [
111	- '~~post_types~~' => [
112	- 'edit_post'
113	- ],
114	- ],
115	- 'contributor' => [
116	- 'post_types' => [
117	- 'edit_post'
118	- ],
119	- ],
120	'subscriber' => [],
121	];
122


37	$hasAccess = false;
38	}
39	$hasAccess = $hasAccess && current_user_can('edit_post', $sourceId);
40	+ // and has unfiltered_html capability
41	+ $hasAccess = $hasAccess && current_user_can('unfiltered_html');
42	// @codingStandardsIgnoreLine
43	$hasAccess = $hasAccess && $this->isEditorEnabled($post->post_type);
44

63	$hasAccess = $currentUserAccessHelper->part('dashboard')->can('addon_popup_builder', false)->get();
64	}
65
66	+ // has unfiltered_html capability
67	+ $hasAccess = $hasAccess && $currentUserAccessHelper->wpAll('unfiltered_html')->get();
68	+
69	return $hasAccess;
70	}
71

112	'edit_page'
113	],
114	],
115	+ 'author' => [],
116	+ 'contributor' => [],








117	'subscriber' => [],
118	];
119

visualcomposer/resources/views/settings/pages/role-manager/role-manager.php CHANGED Viewed

@@ -155,6 +155,21 @@ left: -69px;
                 </span>
                </div>
                <div class="vcv-dashboard-accordion-item-content">';
                     if ($role === 'administrator') {
                         $part = 'post_types';
                         $stateValue = $roleAccessHelper->who($role)->part($part)->getState();


155	</span>
156	</div>
157	<div class="vcv-dashboard-accordion-item-content">';
158	+ // IF role doesn't have cap `unfiltered_html` show notice
159	+ if (!$roleObject->has_cap('unfiltered_html')) {
160	+ echo '<div class="notice inline notice-warning" style="display:block !important;padding: 5px 12px;"><span>' . sprintf(
161	+ // translators: %1$s - role name, %2$s - link to help page, %3$s - capability, %4$s - </a>
162	+ __(
163	+ 'To enable Visual Composer for %1$s, %2$senable ‘%3$s’ capability%4$s for the exact user.',
164	+ 'visualcomposer'
165	+ ),
166	+ $name,
167	+ '<a href="https://help.visualcomposer.com/docs/how-tos/how-to-enable-unfiltered_html/" target="_blank" rel="noopener noreferrer">',
168	+ '<strong>unfiltered_html</strong>',
169	+ '</a>'
170	+ ) . '</span>
171	+ </div>';
172	+ }
173	if ($role === 'administrator') {
174	$part = 'post_types';
175	$stateValue = $roleAccessHelper->who($role)->part($part)->getState();

Visual Composer Website Builder - Version 45.0.1

Version Description

Free:

Release Info

Code changes from version 45.0 to 45.0.1