WordPress.org
Get WordPress

Plugin Directory

Changeset 3370940


Ignore:
Timestamp:
10/01/2025 08:15:29 AM (5 months ago)
Author:
elementinvader
Message:

update 1.3.9

Location:
elementinvader-addons-for-elementor
Files:
230 added
7 edited

Legend:

Unmodified
Added
Removed

  • elementinvader-addons-for-elementor/trunk/README.txt

    r3367388 r3370940  
    66Requires PHP: 5.6
    77Tested up to: 6.8
    8 Stable tag: 1.3.8
     8Stable tag: 1.3.9
    99License: GPLv2 or later
    1010License URI: http://www.gnu.org/licenses/gpl-2.0.html
     
    8989== Changelog ==
    9090
     91= 1.3.9 =
     92* Encrypt contact data from shortcode
     93
    9194= 1.3.8 =
    9295* Security fix

  • elementinvader-addons-for-elementor/trunk/elementinvader-addons-for-elementor.php

    r3367388 r3370940  
    55 * Description: Ready to use Elementor Addon Elements like Menu, Forms, Maps, Newsletter with many styling options
    66 * Plugin URI:  https://elementinvader.com
    7  * Version:     1.3.8
     7 * Version:     1.3.9
    88 * Author:      ElementInvader
    99 * Author URI:  https://elementinvader.com

  • elementinvader-addons-for-elementor/trunk/helpers/plugin_helpers.php

    r3112677 r3370940  
    330330    }
    331331}
     332
     333/**
     334 * Encrypt string (e.g. email) using AES-256-CBC and AUTH_KEY.
     335 *
     336 * @param string $string
     337 * @return string|false  Base64-encoded encrypted string or false on failure
     338 */
     339function eli_encrypt($string = '')
     340{
     341    $key = defined('AUTH_KEY') ? AUTH_KEY : 'change_this_secret';
     342    $iv  = openssl_random_pseudo_bytes(16);
     343
     344    $ciphertext = openssl_encrypt($string, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
     345    if ($ciphertext === false) {
     346        return false;
     347    }
     348
     349    return base64_encode($iv . $ciphertext);
     350}
     351
     352/**
     353 * Decrypt string (e.g. email) using AES-256-CBC and AUTH_KEY.
     354 *
     355 * @param string $encrypted
     356 * @return string|false  Decrypted string or false on failure
     357 */
     358function eli_decrypt($encrypted = '')
     359{
     360    $key = defined('AUTH_KEY') ? AUTH_KEY : 'change_this_secret';
     361
     362    $decoded = base64_decode($encrypted, true);
     363    if ($decoded === false || strlen($decoded) < 17) {
     364        return false;
     365    }
     366
     367    $iv         = substr($decoded, 0, 16);
     368    $ciphertext = substr($decoded, 16);
     369
     370    $decrypted = openssl_decrypt($ciphertext, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
     371    return $decrypted !== false ? $decrypted : false;
     372}

  • elementinvader-addons-for-elementor/trunk/modules/forms/ajax-handler.php

    r3367388 r3370940  
    291291            if(isset($post['shortcode']) && !empty($post['shortcode'])){
    292292                $form_data = array('settings' => $_POST);
     293
     294                foreach (['mail_data_to_email','mail_data_from_email','mail_data_from_name'] as $field_key) {
     295                    if(!empty($form_data['settings'][$field_key])){
     296                        $form_data['settings'][$field_key] = eli_decrypt(sanitize_text_field($form_data['settings'][$field_key]));
     297                    }
     298                }
    293299            } else {
    294300                $get_settings   = new ThzelGetElementSettings($post['eli_page_id'],$post['eli_id'],$post['eli_type']);

  • elementinvader-addons-for-elementor/trunk/shortcodes/shortcode-newsletter.php

    r2606763 r3370940  
    3636    $data = array();
    3737
     38   
     39
    3840    /* settings from atts */
    3941    $data['settings'] = $atts;
    4042    $data['id_element'] = '';
     43
     44
     45    /* protect */
     46    $data['settings']['mail_data_to_email'] = eli_encrypt($data['settings']['mail_data_to_email']);
     47    $data['settings']['mail_data_from_email'] = eli_encrypt($data['settings']['mail_data_from_email']);
     48    $data['settings']['mail_data_from_name'] = eli_encrypt($data['settings']['mail_data_from_name']);
    4149
    4250    /* load css/js */

  • elementinvader-addons-for-elementor/trunk/shortcodes/views/shortcode-newsletter.php

    r2863668 r3370940  
    55            <input type="hidden" name="element_id" value="1">
    66            <input type="hidden" name="shortcode" value="1">
     7            <?php
     8            // Add a nonce field for AJAX security
     9            wp_nonce_field( 'eli_forms_send_form', 'eli_nonce' );
     10            ?>
     11           
    712            <?php foreach($settings as $key => $value):?>
    813                <?php if(empty($value)) continue;?>

  • elementinvader-addons-for-elementor/trunk/views/form/widget_layout.php

    r3367388 r3370940  
    99        <form class="elementinvader_addons_for_elementor_f" <?php if(isset($settings['disable_scroll_to_form']) && $settings['disable_scroll_to_form'] == 'yes'):?> scroll-disabled="disabled"<?php endif;?>>
    1010            <input type="hidden" name="element_id" value="<?php echo esc_attr($this->get_id_int());?>"/>
     11           
    1112            <?php
    1213            // Add a nonce field for AJAX security
Note: See TracChangeset for help on using the changeset viewer.