WordPress.org
Get WordPress

Plugin Directory

Changeset 3401546


Ignore:
Timestamp:
11/24/2025 05:42:33 AM (3 months ago)
Author:
dickoandrean
Message:

update v.1.6.8

Location:
rometheme-for-elementor
Files:
320 added
3 edited

Legend:

Unmodified
Added
Removed

  • rometheme-for-elementor/trunk/RomeTheme.php

    r3383986 r3401546  
    44 * Plugin Name:       RTMKit
    55 * Description:      The best toolkit solution for Elementor. Enjoy advanced addons, theme builders, forms, icons, and ready-made templates to create stunning websites quickly and effortlessly.
    6  * Version:           1.6.7
     6 * Version:           1.6.8
    77 * Author:            Rometheme
    88 * Author URI:        https://rometheme.net/
    99 * License :          GPLv3 or later
    1010 * Requires Plugins : elementor
     11 * Plugin URI : https://rometheme.net/
    1112 *
    1213 * The best toolkit solution for Elementor. Enjoy advanced addons, theme builders, forms, icons, and ready-made templates to create stunning websites quickly and effortlessly.
     
    5051            require_once self::module_dir() . 'controls/controls.php';
    5152            require_once self::module_dir() . 'updates/updates.php';
     53            require_once self::module_dir() . 'banner/banner.php';
    5254
    5355            new RomethemeKit\RkitWidgets();
     
    6163            new \RomethemeKit\Controls();
    6264            new \RomethemeKit\Update();
     65            new \RomethemeKit\Banner();
    6366            // \RomethemeKit\Rkit_GetPro::instance();   
    6467            add_action('admin_enqueue_scripts', [$this, 'register_style']);
     
    124127    static function rt_version()
    125128    {
    126         return '1.6.7';
     129        return '1.6.8';
    127130    }
    128131

  • rometheme-for-elementor/trunk/modules/template/template.php

    r3383986 r3401546  
    5252    public function fetch_lib()
    5353    {
     54        // SECURITY FIX: Add capability check to prevent IDOR vulnerability
     55        if (!current_user_can('manage_options')) {
     56            wp_send_json_error('Access Denied: Insufficient permissions');
     57            wp_die();
     58        }
     59
    5460        if (!isset($_POST['wpnonce']) || !wp_verify_nonce($_POST['wpnonce'], 'rtm_template_nonce')) {
    5561            wp_send_json_error('Access Denied');
     
    5763        }
    5864
    59             $args = [
    60                 'headers' => [
    61                     'Accept' => 'application/json',
    62                 ],
    63                 'httpversion' => '1.1',
    64                 'timeout' => 15,
    65                 'sslverify' => false, // Ubah ke true di production jika SSL valid
    66                 'auth' => [$this->ck, $this->cs],
    67             ];
     65        $args = [
     66            'headers' => [
     67                'Accept' => 'application/json',
     68            ],
     69            'httpversion' => '1.1',
     70            'timeout' => 15,
     71            'sslverify' => false, // Ubah ke true di production jika SSL valid
     72            'auth' => [$this->ck, $this->cs],
     73        ];
    6874
    6975        // Gunakan wp_remote_get untuk mengambil data dari REST API
     
    149155    public function fetch_envato_template()
    150156    {
     157
     158        // SECURITY FIX: Add capability check to prevent IDOR vulnerability
     159        if (!current_user_can('manage_options')) {
     160            wp_send_json_error('Access Denied: Insufficient permissions');
     161            wp_die();
     162        }
     163
    151164        if (!isset($_POST['wpnonce']) || !wp_verify_nonce($_POST['wpnonce'], 'rtm_template_nonce')) {
    152165            wp_send_json_error('Access Denied');
     
    357370    public function get_installed_template()
    358371    {
     372        // SECURITY FIX: Add capability check to prevent IDOR vulnerability
     373        if (!current_user_can('manage_options')) {
     374            wp_send_json_error('Access Denied: Insufficient permissions');
     375            wp_die();
     376        }
     377
    359378        if (!isset($_POST['wpnonce']) || !wp_verify_nonce($_POST['wpnonce'], 'rtm_template_nonce')) {
    360379            wp_send_json_error('Access Denied');
     
    381400    public function get_installed_templates()
    382401    {
     402        // SECURITY FIX: Add capability check to prevent IDOR vulnerability
     403        if (!current_user_can('manage_options')) {
     404            wp_send_json_error('Access Denied: Insufficient permissions');
     405            wp_die();
     406        }
     407
    383408        $templates = get_option('rtm_template_installed', []);
    384409        $upload_dir = wp_upload_dir();
     
    523548        }
    524549
     550       // SECURITY FIX: Add capability check to prevent IDOR vulnerability
     551        if (!current_user_can('manage_options')) {
     552            wp_send_json_error('Access Denied: Insufficient permissions');
     553            wp_die();
     554        }
     555
    525556        $id = absint($_POST['template']);
    526557
     
    608639    public function template_category()
    609640    {
     641        // SECURITY FIX: Add capability check to prevent IDOR vulnerability
     642        if (!current_user_can('manage_options')) {
     643            wp_send_json_error('Access Denied: Insufficient permissions');
     644            wp_die();
     645        }
     646
    610647        if (!isset($_POST['wpnonce']) ||  !wp_verify_nonce($_POST['wpnonce'], 'rtm_template_nonce')) {
    611648            wp_send_json_error('Access Denied');

  • rometheme-for-elementor/trunk/readme.txt

    r3383986 r3401546  
    55Tested up to: 6.8.1
    66Requires PHP: 8.2
    7 Stable tag: 1.6.7
     7Stable tag: 1.6.8
    88License: GPLv3 or later
    99License URI: https://www.gnu.org/licenses/gpl-3.0.html
     
    200200
    201201== Changelog ==
     202Version 1.6.8 - November 2024, 2025
     203Security Update
     204
    202205Version 1.6.7 - October 24, 2025
    203206IMPROVE : setting navigation animation in the "Card Carousel" widget.
     
    454457Version : 1.0.0 - January 5, 2023
    455458* this is first version of Rometheme for Elementor Plugin
     459
     460== Wordfence Verification ==
     461Vendor Key: eev51sugjaq1fchrfpnfqvtkaqbvbeds
Note: See TracChangeset for help on using the changeset viewer.