Advanced AJAX Product Filters - Version 1.6.1.5

Version Description

  • Fix - XSS Vulnerability
Download this release

Release Info

Developer RazyRx
Plugin Icon wp plugin Advanced AJAX Product Filters
Version 1.6.1.5
Comparing to
See all releases

Code changes from version 1.6.1.4 to 1.6.1.5

Files changed (7) hide show
  1. berocket/framework.php +2 -2
  2. berocket/framework_version.php +1 -1
  3. berocket/includes/functions.php +4 -4
  4. includes/compatibility/relevanssi.php +1 -1
  5. readme.txt +4 -1
  6. template_styles/color.php +2 -0
  7. woocommerce-filters.php +2 -2
berocket/framework.php CHANGED
@@ -35,8 +35,8 @@ if( ! class_exists( 'BeRocket_Framework' ) ) {
35
  include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
36
  load_plugin_textdomain('BeRocket_domain', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/');
37
  class BeRocket_Framework {
38
- public static $framework_version = '2.7.4';
39
- public $plugin_framework_version = '2.7.4';
40
  public static $settings_name = '';
41
  public $addons;
42
  public $libraries;
35
  include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
36
  load_plugin_textdomain('BeRocket_domain', false, dirname( plugin_basename( __FILE__ ) ) . '/languages/');
37
  class BeRocket_Framework {
38
+ public static $framework_version = '2.7.5';
39
+ public $plugin_framework_version = '2.7.5';
40
  public static $settings_name = '';
41
  public $addons;
42
  public $libraries;
berocket/framework_version.php CHANGED
@@ -1,5 +1,5 @@
1
  <?php
2
- $framework_version_current = '2.7.4';
3
  if( version_compare($framework_version_current, $framework_version, '>') ) {
4
  $framework_version = $framework_version_current;
5
  $framework_dir = __DIR__;
1
  <?php
2
+ $framework_version_current = '2.7.5';
3
  if( version_compare($framework_version_current, $framework_version, '>') ) {
4
  $framework_version = $framework_version_current;
5
  $framework_dir = __DIR__;
berocket/includes/functions.php CHANGED
@@ -160,7 +160,7 @@ if( ! function_exists( 'br_color_picker' ) ) {
160
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
161
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
162
  $default = htmlentities( isset($default) && strlen($default) > 1 ? ( $default == -1 ? '' : ( $default[0] == '#' ? $default : '#' . $default ) ) : '#000000' );
163
- $value = htmlentities( empty($value) ? $default : ( $value[0] == '#' ? $value : '#' . $value ) );
164
  $return = '';
165
  $return .= '<div class="berocket_color"><div class="br_colorpicker" data-default="' . $default . '" data-color="' . $value . '" style="background-color:' . $value . ';"></div>
166
  <input class="br_colorpicker_value' . $class . '" type="hidden" value="' . $value . '" name="' . $name . '"' . $extra . '/>';
@@ -189,7 +189,7 @@ if ( ! function_exists( 'br_upload_image' ) ) {
189
  $remove_button = ( isset($additional['remove_button']) ? $additional['remove_button'] : true );
190
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
191
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
192
- $value = htmlentities($value);
193
  $result = '<div>';
194
  $result .= '<input type="hidden" name="' . $name . '" value="' . $value . '" readonly class="berocket_image_value ' . $class . '"' . $extra . '/>';
195
  $result .= ( empty($value) ? '<span class="berocket_selected_image" style="display:none;"></span>' : '<span class="berocket_selected_image"><image src="' . $value . '"></span>' );
@@ -240,7 +240,7 @@ if ( ! function_exists( 'br_fontawesome_image' ) ) {
240
  $remove_button = ( isset($additional['remove_button']) ? $additional['remove_button'] : true );
241
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
242
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
243
- $value = htmlentities($value);
244
  $result = '<div class="berocket_select_fontawesome berocket_select_image">';
245
  $result .= berocket_fa_dark();
246
  $result .= '<input type="hidden" name="' . $name . '" value="' . $value . '" readonly class="berocket_image_value berocket_fa_value ' . $class . '"' . $extra . '/>';
@@ -274,7 +274,7 @@ if ( ! function_exists( 'br_select_fontawesome' ) ) {
274
  $remove_button = ( isset($additional['remove_button']) ? $additional['remove_button'] : true );
275
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
276
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
277
- $value = htmlentities($value);
278
  $result = '<div class="berocket_select_fontawesome">';
279
  $result .= berocket_fa_dark();
280
  $result .= '<input type="hidden" name="' . $name . '" value="' . $value . '" readonly class="berocket_fa_value ' . $class . '"' . $extra . '/>
160
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
161
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
162
  $default = htmlentities( isset($default) && strlen($default) > 1 ? ( $default == -1 ? '' : ( $default[0] == '#' ? $default : '#' . $default ) ) : '#000000' );
163
+ $value = esc_attr(htmlentities( empty($value) ? $default : ( $value[0] == '#' ? $value : '#' . $value ) ));
164
  $return = '';
165
  $return .= '<div class="berocket_color"><div class="br_colorpicker" data-default="' . $default . '" data-color="' . $value . '" style="background-color:' . $value . ';"></div>
166
  <input class="br_colorpicker_value' . $class . '" type="hidden" value="' . $value . '" name="' . $name . '"' . $extra . '/>';
189
  $remove_button = ( isset($additional['remove_button']) ? $additional['remove_button'] : true );
190
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
191
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
192
+ $value = esc_attr(htmlentities($value));
193
  $result = '<div>';
194
  $result .= '<input type="hidden" name="' . $name . '" value="' . $value . '" readonly class="berocket_image_value ' . $class . '"' . $extra . '/>';
195
  $result .= ( empty($value) ? '<span class="berocket_selected_image" style="display:none;"></span>' : '<span class="berocket_selected_image"><image src="' . $value . '"></span>' );
240
  $remove_button = ( isset($additional['remove_button']) ? $additional['remove_button'] : true );
241
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
242
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
243
+ $value = esc_attr(htmlentities($value));
244
  $result = '<div class="berocket_select_fontawesome berocket_select_image">';
245
  $result .= berocket_fa_dark();
246
  $result .= '<input type="hidden" name="' . $name . '" value="' . $value . '" readonly class="berocket_image_value berocket_fa_value ' . $class . '"' . $extra . '/>';
274
  $remove_button = ( isset($additional['remove_button']) ? $additional['remove_button'] : true );
275
  $class = htmlentities( ( isset($additional['class']) && trim( $additional['class'] ) ) ? ' ' . trim( $additional['class'] ) : '' );
276
  $extra = htmlentities( ( isset($additional['extra']) && trim( $additional['extra'] ) ) ? ' ' . trim( $additional['extra'] ) : '' );
277
+ $value = esc_attr(htmlentities($value));
278
  $result = '<div class="berocket_select_fontawesome">';
279
  $result .= berocket_fa_dark();
280
  $result .= '<input type="hidden" name="' . $name . '" value="' . $value . '" readonly class="berocket_fa_value ' . $class . '"' . $extra . '/>
includes/compatibility/relevanssi.php CHANGED
@@ -45,9 +45,9 @@ if( ! class_exists('BeRocket_AAPF_compat_Relevanssi') ) {
45
  global $wpdb;
46
  $queryrelevanssi = new WP_Query();
47
  $queryrelevanssi->parse_query( $args );
 
48
 
49
  $posts = relevanssi_do_query( $queryrelevanssi );
50
- $posts = $queryrelevanssi->posts;
51
  if( empty($posts) || count($posts) == 0 ) {
52
  $posts = array(0);
53
  }
45
  global $wpdb;
46
  $queryrelevanssi = new WP_Query();
47
  $queryrelevanssi->parse_query( $args );
48
+ $queryrelevanssi = apply_filters( 'relevanssi_modify_wp_query', $queryrelevanssi );
49
 
50
  $posts = relevanssi_do_query( $queryrelevanssi );
 
51
  if( empty($posts) || count($posts) == 0 ) {
52
  $posts = array(0);
53
  }
readme.txt CHANGED
@@ -5,7 +5,7 @@ Donate link: https://berocket.com/product/woocommerce-ajax-products-filter?utm_s
5
  Tags: filters, product filters, ajax product filters, ajax filter, ajax filter widget, color filter, size filter, product onsale filter, product preview, product category filter, product reset filter, product sort by filter, stock filter, product tag filter, price range filter, price box filter, advanced product filters, woocommerce filters, woocommerce product filters, woocommerce products filter, woocommerce ajax product filters, widget, plugin, woocommerce item filters, filters plugin, ajax filters plugin, filter woocommerce products, filter woocommerce products plugin, wc filters, wc filters products, wc products filters, wc ajax products filters, wc product filters, wc advanced product filters, woocommerce layered nav, woocommerce layered navigation, ajax filtered nav, ajax filtered navigation, price filter, ajax price filter, woocommerce product sorting, sidebar filter, sidebar ajax filter, taxonomy filter, category filter, attribute filter, attributes filter, woocommerce product sort, ajax products filter plugin for woocommerce, rocket, berocket, berocket woocommerce ajax products filter
6
  Requires at least: 5.0
7
  Tested up to: 5.9
8
- Stable tag: 1.6.1.4
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
@@ -185,6 +185,9 @@ You can try this plugin's admin side [here](https://berocket.com/product/woocomm
185
 
186
  == Changelog ==
187
 
 
 
 
188
  = 1.6.1.4 =
189
  * Enhancement - Compatibility version: WordPress 5.9
190
  * Fix - Empty hook issue
5
  Tags: filters, product filters, ajax product filters, ajax filter, ajax filter widget, color filter, size filter, product onsale filter, product preview, product category filter, product reset filter, product sort by filter, stock filter, product tag filter, price range filter, price box filter, advanced product filters, woocommerce filters, woocommerce product filters, woocommerce products filter, woocommerce ajax product filters, widget, plugin, woocommerce item filters, filters plugin, ajax filters plugin, filter woocommerce products, filter woocommerce products plugin, wc filters, wc filters products, wc products filters, wc ajax products filters, wc product filters, wc advanced product filters, woocommerce layered nav, woocommerce layered navigation, ajax filtered nav, ajax filtered navigation, price filter, ajax price filter, woocommerce product sorting, sidebar filter, sidebar ajax filter, taxonomy filter, category filter, attribute filter, attributes filter, woocommerce product sort, ajax products filter plugin for woocommerce, rocket, berocket, berocket woocommerce ajax products filter
6
  Requires at least: 5.0
7
  Tested up to: 5.9
8
+ Stable tag: 1.6.1.5
9
  License: GPLv2 or later
10
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
 
185
 
186
  == Changelog ==
187
 
188
+ = 1.6.1.5 =
189
+ * Fix - XSS Vulnerability
190
+
191
  = 1.6.1.4 =
192
  * Enhancement - Compatibility version: WordPress 5.9
193
  * Fix - Empty hook issue
template_styles/color.php CHANGED
@@ -25,6 +25,7 @@ if( ! class_exists('BeRocket_AAPF_Template_Style_color') ) {
25
  $berocket_term = get_metadata( 'berocket_term', $term->term_id, 'color' );
26
  $meta_color = br_get_value_from_array($berocket_term, 0, '');
27
  $meta_color = str_replace('#', '', $meta_color);
 
28
  $template['content']['checkbox'] = BeRocket_AAPF_dynamic_data_template::create_element_arrays($template['content']['checkbox'], array('attributes', 'style'));
29
  $template['content']['checkbox']['attributes']['style']['display'] = 'display:none;';
30
  $template['content']['label']['content'] = array(
@@ -102,6 +103,7 @@ if( ! class_exists('BeRocket_AAPF_Template_Style_image') ) {
102
  function template_single_item($template, $term, $i, $berocket_query_var_title) {
103
  $berocket_term = get_metadata( 'berocket_term', $term->term_id, 'image' );
104
  $meta_image = br_get_value_from_array($berocket_term, 0, '');
 
105
  $template['content']['checkbox'] = BeRocket_AAPF_dynamic_data_template::create_element_arrays($template['content']['checkbox'], array('attributes', 'style'));
106
  $template['content']['checkbox']['attributes']['style']['display'] = 'display:none;';
107
  $template['content']['label']['content'] = array(
25
  $berocket_term = get_metadata( 'berocket_term', $term->term_id, 'color' );
26
  $meta_color = br_get_value_from_array($berocket_term, 0, '');
27
  $meta_color = str_replace('#', '', $meta_color);
28
+ $meta_color = esc_attr($meta_color);
29
  $template['content']['checkbox'] = BeRocket_AAPF_dynamic_data_template::create_element_arrays($template['content']['checkbox'], array('attributes', 'style'));
30
  $template['content']['checkbox']['attributes']['style']['display'] = 'display:none;';
31
  $template['content']['label']['content'] = array(
103
  function template_single_item($template, $term, $i, $berocket_query_var_title) {
104
  $berocket_term = get_metadata( 'berocket_term', $term->term_id, 'image' );
105
  $meta_image = br_get_value_from_array($berocket_term, 0, '');
106
+ $meta_image = esc_attr($meta_image);
107
  $template['content']['checkbox'] = BeRocket_AAPF_dynamic_data_template::create_element_arrays($template['content']['checkbox'], array('attributes', 'style'));
108
  $template['content']['checkbox']['attributes']['style']['display'] = 'display:none;';
109
  $template['content']['label']['content'] = array(
woocommerce-filters.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Advanced AJAX Product Filters for WooCommerce
4
  * Plugin URI: https://wordpress.org/plugins/woocommerce-ajax-filters/?utm_source=free_plugin&utm_medium=plugins&utm_campaign=ajax_filters
5
  * Description: Unlimited AJAX products filters to make your shop perfect
6
- * Version: 1.6.1.4
7
  * Author: BeRocket
8
  * Requires at least: 5.0
9
  * Author URI: https://berocket.com?utm_source=free_plugin&utm_medium=plugins&utm_campaign=ajax_filters
@@ -11,6 +11,6 @@
11
  * Domain Path: /languages/
12
  * WC tested up to: 6.1
13
  */
14
- define( "BeRocket_AJAX_filters_version", '1.6.1.4' );
15
  define( "BeRocket_AJAX_filters_file", __FILE__ );
16
  include_once('main.php');
3
  * Plugin Name: Advanced AJAX Product Filters for WooCommerce
4
  * Plugin URI: https://wordpress.org/plugins/woocommerce-ajax-filters/?utm_source=free_plugin&utm_medium=plugins&utm_campaign=ajax_filters
5
  * Description: Unlimited AJAX products filters to make your shop perfect
6
+ * Version: 1.6.1.5
7
  * Author: BeRocket
8
  * Requires at least: 5.0
9
  * Author URI: https://berocket.com?utm_source=free_plugin&utm_medium=plugins&utm_campaign=ajax_filters
11
  * Domain Path: /languages/
12
  * WC tested up to: 6.1
13
  */
14
+ define( "BeRocket_AJAX_filters_version", '1.6.1.5' );
15
  define( "BeRocket_AJAX_filters_file", __FILE__ );
16
  include_once('main.php');