Merge pull request #128 from brainstormforce/next-release

Build 1.5.11

README.md

@@ -4,7 +4,7 @@
 **Tags:** beaver builder, beaver builder free, beaver addons, beaver builder addon, beaver builder add ons, beaver builder lite, beaver builder modules, beaver builder addons, beaver builder extensions, beaver addon, beaver builder plugin, beaver builder wordpress  
 **Requires at least:** 4.6  
 **Tested up to:** 6.6  
-**Stable tag:** 1.5.10  
+**Stable tag:** 1.5.11  
 **License:** GPLv2 or later  
 **License URI:** https://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -215,6 +215,11 @@ Yes it is! This plugin comes with .po and .mo files. It is already translated in
 
 ## Changelog ##
 
+### 1.5.11 ###
+* Improvement: Hardened the security of plugin.
+* Improvement: Compatibility with Beaver Builder 2.9
+* Improvement: Added support for Global Colors selection in UABB lite modules.
+
 ### 1.5.10 ###
 * Improvement: This update addressed a security bug. Props to Patchstack for privately reporting it to our team.
 

assets/dynamic-css/uabb-theme-dynamic-css.php

@@ -4,6 +4,7 @@
  *
  * @package UABB Theme Dynamic CSS file
  */
+
 ob_start();
 ?>
 
@@ -19,54 +20,54 @@
 .uabb-creative-button-wrap a:visited {
 
 	<?php if ( isset( $uabb_theme_btn_family['family'] ) ) { ?>
-	font-family: <?php echo $uabb_theme_btn_family['family']; ?>;
+	font-family: <?php echo esc_attr( $uabb_theme_btn_family['family'] ); ?>;
 	<?php } ?> 
 
 	<?php if ( isset( $uabb_theme_btn_family['weight'] ) ) { ?>
-	font-weight: <?php echo $uabb_theme_btn_family['weight']; ?>;
+	font-weight: <?php echo esc_attr( $uabb_theme_btn_family['weight'] ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_font_size( '' ) != '' ) { ?>
-	font-size: <?php echo uabb_theme_button_font_size( '' ); ?>;
+	<?php if ( uabb_theme_button_font_size( '' ) !== '' ) { ?>
+	font-size: <?php echo esc_attr( uabb_theme_button_font_size( '' ) ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_line_height( '' ) != '' ) { ?>
-	line-height: <?php echo uabb_theme_button_line_height( '' ); ?>;
+	<?php if ( uabb_theme_button_line_height( '' ) !== '' ) { ?>
+	line-height: <?php echo esc_attr( uabb_theme_button_line_height( '' ) ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_letter_spacing( '' ) != '' ) { ?>
-	letter-spacing: <?php echo uabb_theme_button_letter_spacing( '' ); ?>;
+	<?php if ( uabb_theme_button_letter_spacing( '' ) !== '' ) { ?>
+	letter-spacing: <?php echo esc_attr( uabb_theme_button_letter_spacing( '' ) ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_text_transform( '' ) != '' ) { ?>
-	text-transform: <?php echo uabb_theme_button_text_transform( '' ); ?>;
+	<?php if ( uabb_theme_button_text_transform( '' ) !== '' ) { ?>
+	text-transform: <?php echo esc_attr( uabb_theme_button_text_transform( '' ) ); ?>;
 	<?php } ?>
 }
 
 .uabb-dual-button .uabb-btn,
 .uabb-dual-button .uabb-btn:visited {
 	<?php if ( isset( $uabb_theme_btn_family['family'] ) ) { ?>
-	font-family: <?php echo $uabb_theme_btn_family['family']; ?>;
+	font-family: <?php echo esc_attr( $uabb_theme_btn_family['family'] ); ?>;
 	<?php } ?> 
 
 	<?php if ( isset( $uabb_theme_btn_family['weight'] ) ) { ?>
-	font-weight: <?php echo $uabb_theme_btn_family['weight']; ?>;
+	font-weight: <?php echo esc_attr( $uabb_theme_btn_family['weight'] ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_font_size( '' ) != '' ) { ?>
-	font-size: <?php echo uabb_theme_button_font_size( '' ); ?>;
+	<?php if ( uabb_theme_button_font_size( '' ) !== '' ) { ?>
+	font-size: <?php echo esc_attr( uabb_theme_button_font_size( '' ) ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_line_height( '' ) != '' ) { ?>
-	line-height: <?php echo uabb_theme_button_line_height( '' ); ?>;
+	<?php if ( uabb_theme_button_line_height( '' ) !== '' ) { ?>
+	line-height: <?php echo esc_attr( uabb_theme_button_line_height( '' ) ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_letter_spacing( '' ) != '' ) { ?>
-	letter-spacing: <?php echo uabb_theme_button_letter_spacing( '' ); ?>;
+	<?php if ( uabb_theme_button_letter_spacing( '' ) !== '' ) { ?>
+	letter-spacing: <?php echo esc_attr( uabb_theme_button_letter_spacing( '' ) ); ?>;
 	<?php } ?>
 
-	<?php if ( uabb_theme_button_text_transform( '' ) != '' ) { ?>
-	text-transform: <?php echo uabb_theme_button_text_transform( '' ); ?>;
+	<?php if ( uabb_theme_button_text_transform( '' ) !== '' ) { ?>
+	text-transform: <?php echo esc_attr( uabb_theme_button_text_transform( '' ) ); ?>;
 	<?php } ?>
 }
 
@@ -78,15 +79,15 @@
 	display:none;
 }
 <?php if ( $global_settings->responsive_enabled ) { ?>
-@media screen and (max-width: <?php echo $global_settings->medium_breakpoint . 'px'; ?>) {
+@media screen and (max-width: <?php echo esc_attr( $global_settings->medium_breakpoint ) . 'px'; ?>) {
 	#uabb-js-breakpoint {
-		content:"<?php echo $global_settings->medium_breakpoint; ?>";
+		content:"<?php echo esc_attr( $global_settings->medium_breakpoint ); ?>";
 	}
 }
 
-@media screen and (max-width: <?php echo $global_settings->responsive_breakpoint . 'px'; ?>) {
+@media screen and (max-width: <?php echo esc_attr( $global_settings->responsive_breakpoint ) . 'px'; ?>) {
 	#uabb-js-breakpoint {
-		content:"<?php echo $global_settings->responsive_breakpoint; ?>";
+		content:"<?php echo esc_attr( $global_settings->responsive_breakpoint ); ?>";
 	}
 }
 <?php } ?>
@@ -97,4 +98,4 @@
  * Write Your Dynamic CSS Above This
  */
 	return ob_get_clean();
-?>
+?>

bb-ultimate-addon.php

@@ -3,7 +3,7 @@
  * Plugin Name: Ultimate Addons for Beaver Builder - Lite
  * Plugin URI: http://www.ultimatebeaver.com/
  * Description: Ultimate Addons is a free extension for Beaver Builder that adds 10 modules, and works on top of any Beaver Builder Package. (Free, Standard, Pro & Agency) You can use it with on any WordPress theme.
- * Version: 1.5.10
+ * Version: 1.5.11
  * Author: Brainstorm Force
  * Author URI: http://www.brainstormforce.com
  * Text Domain: uabb
@@ -18,7 +18,7 @@
 
 	define( 'BB_ULTIMATE_ADDON_DIR', plugin_dir_path( __FILE__ ) );
 	define( 'BB_ULTIMATE_ADDON_URL', plugins_url( '/', __FILE__ ) );
-	define( 'BB_ULTIMATE_ADDON_LITE_VERSION', '1.5.10' );
+	define( 'BB_ULTIMATE_ADDON_LITE_VERSION', '1.5.11' );
 	define( 'BSF_REMOVE_UABB_FROM_REGISTRATION_LISTING', true );
 	define( 'BB_ULTIMATE_ADDON_FILE', trailingslashit( dirname( __FILE__ ) ) . 'bb-ultimate-addon.php' );// @codingStandardsIgnoreLine.
 	define( 'BB_ULTIMATE_ADDON_LITE', true );
@@ -55,12 +55,12 @@ function activation_reset() {
 
 			$no_memory = $this->check_memory_limit();
 
-			if ( true == $no_memory && ! defined( 'WP_CLI' ) ) {
+			if ( true === $no_memory && ! defined( 'WP_CLI' ) ) {
 
 				$msg = sprintf( __( 'Unfortunately, plugin could not be activated as the memory allocated by your host has almost exhausted. UABB plugin recommends that your site should have 15M PHP memory remaining. <br/><br/>Please check <a target="_blank" href="https://www.ultimatebeaver.com/docs/increase-memory-limit-site/">this</a> article for solution or contact <a target="_blank" href="http://store.brainstormforce.com/support">support</a>.<br/><br/><a class="button button-primary" href="%s">Return to Plugins Page</a>', 'uabb' ), network_admin_url( 'plugins.php' ) ); // @codingStandardsIgnoreLine.
 
 				deactivate_plugins( plugin_basename( __FILE__ ) );
-				wp_die( $msg );
+				wp_die( esc_html( $msg ) );
 			}
 
 			delete_option( 'uabb_hide_branding' );
@@ -112,6 +112,9 @@ function check_memory_limit() {
 	new BB_Ultimate_Addon();
 } else {
 	if ( ! function_exists( 'uabb_lite_admin_notices' ) ) {
+		/**
+		 * Display an admin notice when two versions of Ultimate Addon for Beaver Builder are active.
+		 */
 		function uabb_lite_admin_notices() {
 			$deactivate_url = admin_url( 'plugins.php' );
 			if ( is_plugin_active_for_network( 'ultimate-addons-for-beaver-builder-lite/bb-ultimate-addon.php' ) ) {
@@ -129,10 +132,22 @@ function uabb_lite_admin_notices() {
 				$deactivate_url
 			);
 			echo '<div class="notice notice-error"><p>';
-			echo sprintf( __( "You currently have two versions of <strong>Ultimate Addon for Beaver Builder</strong> active on this site. Please <a href='%s'>deactivate one</a> before continuing.", 'uabb' ), $deactivate_url );
+			echo wp_kses(
+				sprintf(
+					// Translators: %s is the URL to deactivate one of the Ultimate Addon for Beaver Builder versions.
+					__( "You currently have two versions of <strong>Ultimate Addon for Beaver Builder</strong> active on this site. Please <a href='%s'>deactivate one</a> before continuing.", 'uabb' ),
+					$deactivate_url
+				),
+				array(
+					'strong' => array(),
+					'a'      => array(
+						'href' => array(),
+					),
+				)
+			);
 			echo '</p></div>';
 		}
-		// Display admin notice for activating beaver builder
+		// Display admin notice for activating beaver builder.
 		add_action( 'admin_notices', 'uabb_lite_admin_notices' );
 		add_action( 'network_admin_notices', 'uabb_lite_admin_notices' );
 	}

classes/class-uabb-admin-settings-multisite.php

@@ -32,7 +32,7 @@ static public function init() {
 	 * @param string $url gets the activate redirect URL.
 	 */
 	static public function uabb_lite_redirect_on_activation( $url ) {
-		if ( true == get_option( 'uabb_lite_redirect' ) ) {
+		if ( true === get_option( 'uabb_lite_redirect' ) ) {
 			update_option( 'uabb_lite_redirect', false );
 			if ( ! is_multisite() ) :
 				wp_redirect( admin_url( 'options-general.php?page=uabb-builder-settings#uabb-welcome' ) );
@@ -48,7 +48,7 @@ static public function uabb_lite_redirect_on_activation( $url ) {
 	 * @return void
 	 */
 	static public function admin_init() {
-		if ( is_network_admin() && isset( $_REQUEST['page'] ) && 'uabb-builder-multisite-settings' == $_REQUEST['page'] ) {
+		if ( is_network_admin() && isset( $_REQUEST['page'] ) && 'uabb-builder-multisite-settings' === $_REQUEST['page'] ) {
 			add_action( 'admin_enqueue_scripts', 'UABBBuilderAdminSettings::styles_scripts' );
 			UABBBuilderAdminSettings::save();
 		}

classes/class-uabb-admin-settings.php

@@ -47,7 +47,7 @@ static public function init_hooks() {
 		add_action( 'network_admin_menu', __CLASS__ . '::menu' );
 		add_action( 'admin_menu', __CLASS__ . '::menu' );
 
-		if ( isset( $_REQUEST['page'] ) && 'uabb-builder-settings' == $_REQUEST['page'] ) {
+		if ( isset( $_REQUEST['page'] ) && 'uabb-builder-settings' === $_REQUEST['page'] ) {
 			add_action( 'admin_enqueue_scripts', __CLASS__ . '::styles_scripts' );
 			self::save();
 		}
@@ -117,13 +117,13 @@ public static function register_notices() {
 					__( 'Hello! Thank you for choosing the Ultimate Addon for Beaver Builder to build this website!', 'ultimate-addon-for-beaver-builder' ),
 					__( 'Would you please mind sharing your views and give it a 5 star rating on the WordPress repository?', 'ultimate-addon-for-beaver-builder' ),
 					'https://wordpress.org/support/plugin/ultimate-addons-for-beaver-builder-lite/reviews/?filter=5',
-					__( 'Ok, you deserve it', 'ultimate-addon-for-beaver-builder' ),
+					__( 'Ok, you deserve it', 'ultimate-addon-for-beaver-builder'),
 					MONTH_IN_SECONDS,
-					__( 'Nope, maybe later', 'ultimate-addon-for-beaver-builder' ),
+					__( 'Nope, maybe later', 'ultimate-addon-for-beaver-builder'),
 					__( 'I already did', 'ultimate-addon-for-beaver-builder' )
 				),
 				'repeat-notice-after'        => MONTH_IN_SECONDS,
-				'display-notice-after'       => (2* WEEK_IN_SECONDS), // Display notice after 2 weeks
+				'display-notice-after'       => ( 2 * WEEK_IN_SECONDS ), // Display notice after 2 weeks.
 				'priority'                   => 25,
 				'display-with-other-notices' => false,
 			)
@@ -156,10 +156,14 @@ static public function menu() {
 	static public function styles_scripts( $hook ) {
 		wp_register_style( 'uabb-admin-css', BB_ULTIMATE_ADDON_URL . 'assets/css/uabb-admin.css', array() );
 		wp_register_script( 'uabb-admin-js', BB_ULTIMATE_ADDON_URL . 'assets/js/uabb-admin.js', array( 'jquery' ), '', true );
-		wp_localize_script( 'uabb-admin-js', 'uabb', array( 
-			'ajax_url'          => admin_url( 'admin-ajax.php' ),
-			'reload-icon-nonce' => wp_create_nonce('uabb-reload-icons')  
-		) );
+		wp_localize_script(
+			'uabb-admin-js',
+			'uabb',
+			array(
+				'ajax_url'          => admin_url( 'admin-ajax.php' ),
+				'reload-icon-nonce' => wp_create_nonce( 'uabb-reload-icons' ),
+			)
+		);
 
 		// Load AJAX script only on Builder UI Panel.
 		wp_register_script( 'uabb-lazyload', BB_ULTIMATE_ADDON_URL . 'assets/js/jquery.lazyload.min.js', array( 'jquery', 'jquery-ui-core', 'jquery-ui-widget', 'jquery-ui-tabs' ), null, true );
@@ -183,7 +187,7 @@ static public function styles_scripts( $hook ) {
 		); // @codingStandardsIgnoreLine.
 		wp_localize_script( 'uabb-cloud-templates', 'UABBCloudTemplates', $UABBCloudTemplates ); // @codingStandardsIgnoreLine.
 
-		if ( 'settings_page_uabb-builder-settings' == $hook || 'settings_page_uabb-builder-multisite-settings' == $hook ) {
+		if ( 'settings_page_uabb-builder-settings' === $hook || 'settings_page_uabb-builder-multisite-settings' === $hook ) {
 
 			wp_enqueue_style( 'wp-color-picker' );
 			wp_enqueue_script( 'wp-color-picker' );
@@ -240,7 +244,7 @@ static public function render_page_class() {
 	static public function render_page_heading() {
 
 		if ( ! empty( $icon ) ) {
-			echo '<img src="' . $icon . '" />';
+			echo '<img src="' . esc_url( $icon ) . '" />';
 		}
 
 		echo '<span>' . sprintf( _x( '%s Settings', '%s stands for custom branded "UABB" name.', 'uabb' ), UABB_PREFIX ) . '</span>'; // @codingStandardsIgnoreLine.
@@ -255,10 +259,26 @@ static public function render_page_heading() {
 	static public function render_update_message() {
 		if ( ! empty( self::$errors ) ) {
 			foreach ( self::$errors as $message ) {
-				echo '<div class="error"><p>' . $message . '</p></div>';
+				echo wp_kses(
+					'<div class="error"><p>' . $message . '</p></div>',
+					array(
+						'div' => array(
+							'class' => array(),
+						),
+						'p'   => array(),
+					)
+				);
 			}
 		} elseif ( ! empty( $_POST ) && ! isset( $_POST['email'] ) ) {
-			echo '<div class="updated"><p>' . __( 'Settings updated!', 'uabb' ) . '</p></div>';
+			echo wp_kses(
+				'<div class="updated"><p>' . __( 'Settings updated!', 'uabb' ) . '</p></div>',
+				array(
+					'div' => array(
+						'class' => array(),
+					),
+					'p'   => array(),
+				)
+			);
 		}
 	}
 
@@ -323,7 +343,7 @@ static public function render_nav_items() {
 
 		foreach ( $sorted_data as $data ) {
 			if ( $data['show'] ) {
-				echo '<li><a href="#' . $data['key'] . '">' . $data['title'] . '</a></li>';
+				echo '<li><a href="#' . esc_attr( $data['key'] ) . '">' . esc_html( $data['title'] ) . '</a></li>';
 			}
 		}
 
@@ -369,9 +389,9 @@ static public function render_form( $type ) {
 	 */
 	static public function render_form_action( $type = '' ) {
 		if ( is_network_admin() ) {
-			echo network_admin_url( '/settings.php?page=uabb-builder-multisite-settings#' . $type );
+			echo esc_url( network_admin_url( '/settings.php?page=uabb-builder-multisite-settings#' . $type ) );
 		} else {
-			echo admin_url( '/options-general.php?page=uabb-builder-settings#' . $type );
+			echo esc_url( admin_url( '/options-general.php?page=uabb-builder-settings#' . $type ) );
 		}
 	}