WordPress.org
Get WordPress

Plugin Directory

Changeset 3293989


Ignore:
Timestamp:
05/15/2025 10:27:05 AM (10 months ago)
Author:
visualcomposer
Message:

Trunk update with the latest version

Location:
visualcomposer/trunk
Files:
8 edited

Legend:

Unmodified
Added
Removed

  • visualcomposer/trunk/readme.txt

    r3275329 r3293989  
    44Requires PHP: 7.4
    55Requires at least: 5.5
    6 Tested up to: 6.8
    7 Stable tag: 45.11.0
     6Tested up to: 6.8.1
     7Stable tag: 45.12.0
    88License: GPLv3
    99License URI: http://www.gnu.org/licenses/gpl-3.0.html
     
    222222
    223223== Changelog ==
     224
     225= 45.12.0 =
     226*Release Date - 2025-05-15*
     227
     228### Free:
     229- Fix: Prevent XSS for post grid pagination
     230- Fix: Improved vulnerability issue for encoded shortcode content
     231
     232### Premium:
     233- Compatibility: Works properly with PHP 8.3 and WordPress 6.8
    224234
    225235= 45.11.0 =

  • visualcomposer/trunk/vendor/autoload.php

    r3291780 r3293989  
    55require_once __DIR__ . '/composer/autoload_real.php';
    66
    7 return ComposerAutoloaderInite10def085d83018d5de84a00e0313758::getLoader();
     7return ComposerAutoloaderInitbd6586a3b0790d3c9e3f497ef027eb2f::getLoader();

  • visualcomposer/trunk/vendor/composer/InstalledVersions.php

    r3275329 r3293989  
    2020    array (
    2121    ),
    22     'reference' => '409ee4383cf5b91609a5b762d4830a0b4d9808cb',
     22    'reference' => '50fd65ce97fe982f82bbca6e70aac7daad892dd1',
    2323    'name' => '__root__',
    2424  ),
     
    3232      array (
    3333      ),
    34       'reference' => '409ee4383cf5b91609a5b762d4830a0b4d9808cb',
     34      'reference' => '50fd65ce97fe982f82bbca6e70aac7daad892dd1',
    3535    ),
    3636  ),

  • visualcomposer/trunk/vendor/composer/autoload_real.php

    r3291780 r3293989  
    33// autoload_real.php @generated by Composer
    44
    5 class ComposerAutoloaderInite10def085d83018d5de84a00e0313758
     5class ComposerAutoloaderInitbd6586a3b0790d3c9e3f497ef027eb2f
    66{
    77    private static $loader;
     
    2525        require __DIR__ . '/platform_check.php';
    2626
    27         spl_autoload_register(array('ComposerAutoloaderInite10def085d83018d5de84a00e0313758', 'loadClassLoader'), true, true);
     27        spl_autoload_register(array('ComposerAutoloaderInitbd6586a3b0790d3c9e3f497ef027eb2f', 'loadClassLoader'), true, true);
    2828        self::$loader = $loader = new \Composer\Autoload\ClassLoader();
    29         spl_autoload_unregister(array('ComposerAutoloaderInite10def085d83018d5de84a00e0313758', 'loadClassLoader'));
     29        spl_autoload_unregister(array('ComposerAutoloaderInitbd6586a3b0790d3c9e3f497ef027eb2f', 'loadClassLoader'));
    3030
    3131        $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
     
    3333            require __DIR__ . '/autoload_static.php';
    3434
    35             call_user_func(\Composer\Autoload\ComposerStaticInite10def085d83018d5de84a00e0313758::getInitializer($loader));
     35            call_user_func(\Composer\Autoload\ComposerStaticInitbd6586a3b0790d3c9e3f497ef027eb2f::getInitializer($loader));
    3636        } else {
    3737            $map = require __DIR__ . '/autoload_namespaces.php';

  • visualcomposer/trunk/vendor/composer/autoload_static.php

    r3291780 r3293989  
    55namespace Composer\Autoload;
    66
    7 class ComposerStaticInite10def085d83018d5de84a00e0313758
     7class ComposerStaticInitbd6586a3b0790d3c9e3f497ef027eb2f
    88{
    99    public static $prefixLengthsPsr4 = array (
     
    312312    {
    313313        return \Closure::bind(function () use ($loader) {
    314             $loader->prefixLengthsPsr4 = ComposerStaticInite10def085d83018d5de84a00e0313758::$prefixLengthsPsr4;
    315             $loader->prefixDirsPsr4 = ComposerStaticInite10def085d83018d5de84a00e0313758::$prefixDirsPsr4;
    316             $loader->classMap = ComposerStaticInite10def085d83018d5de84a00e0313758::$classMap;
     314            $loader->prefixLengthsPsr4 = ComposerStaticInitbd6586a3b0790d3c9e3f497ef027eb2f::$prefixLengthsPsr4;
     315            $loader->prefixDirsPsr4 = ComposerStaticInitbd6586a3b0790d3c9e3f497ef027eb2f::$prefixDirsPsr4;
     316            $loader->classMap = ComposerStaticInitbd6586a3b0790d3c9e3f497ef027eb2f::$classMap;
    317317
    318318        }, null, ClassLoader::class);

  • visualcomposer/trunk/vendor/composer/installed.php

    r3275329 r3293989  
    77    array (
    88    ),
    9     'reference' => '409ee4383cf5b91609a5b762d4830a0b4d9808cb',
     9    'reference' => '50fd65ce97fe982f82bbca6e70aac7daad892dd1',
    1010    'name' => '__root__',
    1111  ),
     
    1919      array (
    2020      ),
    21       'reference' => '409ee4383cf5b91609a5b762d4830a0b4d9808cb',
     21      'reference' => '50fd65ce97fe982f82bbca6e70aac7daad892dd1',
    2222    ),
    2323  ),

  • visualcomposer/trunk/visualcomposer/Helpers/PostsGridPagination.php

    r3150179 r3293989  
    1616    public function getPaginationUrl($id, $page)
    1717    {
    18         return add_query_arg('vcv-pagination-' . $id, $page);
     18        return esc_url(add_query_arg('vcv-pagination-' . $id, $page));
    1919    }
    2020}

  • visualcomposer/trunk/visualcomposer/Modules/Elements/EncodedShortcode/Controller.php

    r3272314 r3293989  
    2323        $this->addShortcode('vcv_encoded_shortcode');
    2424
    25         $this->wpAddFilter('wp_insert_post_data', [$this, 'checkEncodedShortcode']);
     25        $this->wpAddFilter('content_save_pre', [$this, 'checkEncodedShortcode']);
    2626    }
    2727
     
    2929     * Remove vcv_encoded_shortcode shortcode for users without unfiltered_html capability.
    3030     *
    31      * @param array $data
     31     * @param string $content
    3232     *
    33      * @return array
     33     * @return string
    3434     */
    35     public function checkEncodedShortcode($data)
     35    public function checkEncodedShortcode($content)
    3636    {
    37         $user_id = get_current_user_id();
    38         if (!$user_id) {
    39             return $data;
     37        if (current_user_can('unfiltered_html')) {
     38            return $content;
    4039        }
    4140
    42         if (user_can($user_id, 'unfiltered_html')) {
    43             return $data;
     41        if (strpos($content, 'vcv_encoded_shortcode') === false) {
     42            return $content;
    4443        }
    4544
    46         if (strpos($data['post_content'], '[vcv_encoded_shortcode]') === false) {
    47             return $data;
     45        $regex = $this->get_shortcode_regex('vcv_encoded_shortcode');
     46        return preg_replace('/' . $regex . '/', '', $content);
     47    }
     48
     49    /**
     50     * Get the shortcode regex.
     51     *
     52     * @param string $tagregexp
     53     *
     54     * @return string
     55     */
     56    public function get_shortcode_regex($tagregexp = '')
     57    {
     58        if (0 === strlen($tagregexp)) {
     59            return get_shortcode_regex();
    4860        }
    4961
    50         $data['post_content'] = preg_replace(
    51             '/\[vcv_encoded_shortcode\](.*?)\[\/vcv_encoded_shortcode\]/s',
    52             '',
    53             $data['post_content']
    54         );
    55 
    56         return $data;
     62        return '\\['                              // Opening bracket.
     63            . '(\\[?)'                           // 1: Optional second opening bracket for escaping shortcodes: [[tag]].
     64            . "($tagregexp)"                     // 2: Shortcode name.
     65            . '(?![\\w\-])'                       // Not followed by word character or hyphen.
     66            . '('                                // 3: Unroll the loop: Inside the opening shortcode tag.
     67            . '[^\\]\\/]*'                   // Not a closing bracket or forward slash.
     68            . '(?:' . '\\/(?!\\])'               // A forward slash not followed by a closing bracket.
     69            . '[^\\]\\/]*'               // Not a closing bracket or forward slash.
     70            . ')*?' . ')' . '(?:' . '(\\/)'                        // 4: Self closing tag .
     71            . '\\]'                          // ... and closing bracket.
     72            . '|' . '\\]'                          // Closing bracket.
     73            . '(?:' . '('                        // 5: Unroll the loop: Optionally, anything between the opening and closing shortcode tags.
     74            . '[^\\[]*+'             // Not an opening bracket.
     75            . '(?:' . '\\[(?!\\/\\2\\])' // An opening bracket not followed by the closing shortcode tag.
     76            . '[^\\[]*+'         // Not an opening bracket.
     77            . ')*+' . ')' . '\\[\\/\\2\\]'             // Closing shortcode tag.
     78            . ')?' . ')' . '(\\]?)';
    5779    }
    5880}
Note: See TracChangeset for help on using the changeset viewer.