Merge pull request #942 from brainstormforce/release-candidate

Build version 1.6.47
brainstormforce · Nov 22, 2024 · 88e417e · 88e417e
2 parents f47d8d5 + 381c915
commit 88e417e
Show file tree

Hide file tree

Showing 9 changed files with 26 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 **Requires at least:** 4.4  
 **Requires PHP:** 7.4  
 **Tested up to:** 6.7  
-**Stable tag:** 1.6.46  
+**Stable tag:** 1.6.47  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -140,6 +140,9 @@ This same applies when you are creating your Header/Footer using this plugin.
 
 ## Changelog ##
 
+### 1.6.47 ###
+- Fix: This update addressed a security bug. Props to Wordfence for privately reporting it to our team. Please make sure you are using the latest version on your website.
+
 ### 1.6.46 ###
 - Fix: This update addressed a security bug. Props to Wordfence and Francesco Carlucci for privately reporting it to our team. Please make sure you are using the latest version on your website.
 

diff --git a/header-footer-elementor.php b/header-footer-elementor.php
@@ -7,14 +7,14 @@
  * Author URI:  https://www.brainstormforce.com/
  * Text Domain: header-footer-elementor
  * Domain Path: /languages
- * Version: 1.6.46
+ * Version: 1.6.47
  * Elementor tested up to: 3.25
  * Elementor Pro tested up to: 3.25
  *
  * @package         header-footer-elementor
  */
 
-define( 'HFE_VER', '1.6.46' );
+define( 'HFE_VER', '1.6.47' );
 define( 'HFE_FILE', __FILE__ );
 define( 'HFE_DIR', plugin_dir_path( __FILE__ ) );
 define( 'HFE_URL', plugins_url( '/', __FILE__ ) );

diff --git a/inc/widgets-manager/widgets/class-page-title.php b/inc/widgets-manager/widgets/class-page-title.php
@@ -491,6 +491,11 @@ protected function content_template() {
 			return;
 		}
 
+		if ( '' == settings.size ){
+			return;
+		}
+		var sanitizedSize = _.escape( settings.size );
+
 		if ( '' != settings.page_heading_link.url ) {
 			var urlPattern = /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$|^www\.[^\s/$.?#].[^\s]*$/;
 			if( urlPattern.test( settings.page_heading_link.url ) ){
@@ -513,7 +518,7 @@ protected function content_template() {
 			<# if ( '' != settings.page_heading_link.url ) { #>
 					<a {{{ view.getRenderAttributeString( 'url' ) }}} > <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
 			<# } #>
-			<{{{ headingSizeTag }}} class="elementor-heading-title elementor-size-<?php echo isset( $settings['size'] ) ? esc_attr( $settings['size'] ) : '{{{ settings.size }}}'; ?>"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+			<{{{ headingSizeTag }}} class="elementor-heading-title elementor-size-{{{ elementor.helpers.sanitize( sanitizedSize ) }}}"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>	
 				<# if( '' != settings.new_page_title_select_icon.value ){ #>
 					<span class="hfe-icon hfe-page-title-icon" data-elementor-setting-key="page_title" data-elementor-inline-editing-toolbar="basic">
 						{{{iconHTML.value}}} <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>                    

diff --git a/inc/widgets-manager/widgets/class-site-title.php b/inc/widgets-manager/widgets/class-site-title.php
@@ -481,6 +481,8 @@ protected function content_template() {
 		if ( '' == settings.size ){
 			return;
 		}
+		var sanitizedSize = _.escape( settings.size );
+
 		if ( '' != settings.heading_link.url ) {
 			var urlPattern = /^(https?|ftp):\/\/[^\s/$.?#].[^\s]*$|^www\.[^\s/$.?#].[^\s]*$/;
 			if ( urlPattern.test( settings.heading_link.url ) ) {
@@ -503,7 +505,7 @@ protected function content_template() {
 				<# if ( '' != settings.heading_link.url ) { #>
 					<a {{{ view.getRenderAttributeString( 'url' ) }}} > <?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
 				<# } #>
-				<{{{ headingSizeTag }}} class="hfe-heading elementor-heading-title elementor-size-{{{ elementor.helpers.sanitize( settings.size ) }}}"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
+				<{{{ headingSizeTag }}} class="hfe-heading elementor-heading-title elementor-size-{{{ elementor.helpers.sanitize( sanitizedSize ) }}}"> <?php //phpcs:ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>
 				<# if( '' != settings.icon.value ){ #>
 				<span class="hfe-icon">
 					{{{ iconHTML.value }}}	<?php // PHPCS:Ignore WordPressVIPMinimum.Security.Mustache.OutputNotation ?>			

diff --git a/languages/header-footer-elementor.pot b/languages/header-footer-elementor.pot
@@ -2,10 +2,10 @@
 # This file is distributed under the same license as the Elementor Header & Footer Builder package.
 msgid ""
 msgstr ""
-"Project-Id-Version: Elementor Header & Footer Builder 1.6.46\n"
+"Project-Id-Version: Elementor Header & Footer Builder 1.6.47\n"
 "Report-Msgid-Bugs-To: "
 "https://wordpress.org/support/plugin/header-footer-elementor\n"
-"POT-Creation-Date: 2024-11-05 08:26:02+00:00\n"
+"POT-Creation-Date: 2024-11-22 06:11:05+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "header-footer-elementor",
-  "version": "1.6.46",
+  "version": "1.6.47",
   "main": "Gruntfile.js",
   "author": "Nikhil Chavan",
   "devDependencies": {

diff --git a/readme.txt b/readme.txt
@@ -5,7 +5,7 @@ Donate link: https://www.paypal.me/BrainstormForce
 Requires at least: 4.4
 Requires PHP: 7.4
 Tested up to: 6.7
-Stable tag: 1.6.46
+Stable tag: 1.6.47
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -140,6 +140,9 @@ This same applies when you are creating your Header/Footer using this plugin.
 
 == Changelog ==
 
+= 1.6.47 =
+- Fix: This update addressed a security bug. Props to Wordfence for privately reporting it to our team. Please make sure you are using the latest version on your website.
+
 = 1.6.46 =
 - Fix: This update addressed a security bug. Props to Wordfence and Francesco Carlucci for privately reporting it to our team. Please make sure you are using the latest version on your website.
 

diff --git a/tests/php/stubs/hfe-stubs.php b/tests/php/stubs/hfe-stubs.php
@@ -2878,13 +2878,13 @@ function _is_elementor_installed() {
 	 * Author URI:  https://www.brainstormforce.com/
 	 * Text Domain: header-footer-elementor
 	 * Domain Path: /languages
-	 * Version: 1.6.46
+	 * Version: 1.6.47
 	 * Elementor tested up to: 3.25
 	 * Elementor Pro tested up to: 3.25
 	 *
 	 * @package header-footer-elementor
 	 */
-	\define( 'HFE_VER', '1.6.46' );
+	\define( 'HFE_VER', '1.6.47' );
 	\define( 'HFE_FILE', __FILE__ );
 	\define( 'HFE_DIR', \plugin_dir_path( __FILE__ ) );
 	\define( 'HFE_URL', \plugins_url( '/', __FILE__ ) );