From 27f665fa9a1591ae11ee5baef57fced9676a338b Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Fri, 14 Jun 2024 01:40:30 +1200 Subject: [PATCH 01/11] Improve Attribute Name Handling --- inc/renderer.php | 10 +++++----- widgets/widgets.php | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/inc/renderer.php b/inc/renderer.php index d0bfa127..17ca4ee7 100644 --- a/inc/renderer.php +++ b/inc/renderer.php @@ -676,9 +676,9 @@ private function start_style_wrapper( $name, $style = array(), $for = false ) { } if ( is_array( $value ) ) { - $style_wrapper .= $name . '="' . esc_attr( implode( ' ', array_unique( $value ) ) ) . '" '; + $style_wrapper .= sanitize_key( $name ) . '="' . esc_attr( implode( ' ', array_unique( $value ) ) ) . '" '; } else { - $style_wrapper .= $name . '="' . esc_attr( $value ) . '" '; + $style_wrapper .= sanitize_key( $name ) . '="' . esc_attr( $value ) . '" '; } } $style_wrapper .= '>'; @@ -810,7 +810,7 @@ public function the_widget( $widget_info, $instance, $grid_index, $cell_index, $ $before_widget = '
$v ) { - $before_widget .= esc_attr( $k ) . '="' . esc_attr( $v ) . '" '; + $before_widget .= sanitize_key( $k ) . '="' . esc_attr( $v ) . '" '; } $before_widget .= '>'; @@ -1010,11 +1010,11 @@ public function get_panels_layout_data( $panels_data ) { * @param array $attributes The attributes for the HTML element. */ private function render_element( $tag, $attributes ) { - echo '<' . esc_html( $tag ); + echo '<' . sanitize_key( $tag ); foreach ( $attributes as $name => $value ) { if ( $value ) { - echo ' ' . esc_html( $name ) . '="' . esc_attr( $value ) . '" '; + echo ' ' . sanitize_key( $name ) . '="' . esc_attr( $value ) . '" '; } } echo '>'; diff --git a/widgets/widgets.php b/widgets/widgets.php index 4df21e2e..7513a4d0 100644 --- a/widgets/widgets.php +++ b/widgets/widgets.php @@ -809,7 +809,7 @@ public function widget( $args, $instance ) { if ( empty( $v ) ) { continue; } - $shortcode_attr[] = esc_html( $k ) . '="' . esc_attr( $v ) . '"'; + $shortcode_attr[] = sanitize_key( $k ) . '="' . esc_attr( $v ) . '"'; } echo do_shortcode( '[gallery ' . implode( ' ', $shortcode_attr ) . ']' ); From 7b78c9ef64cee89712e9ea3537e8f91be99adcd3 Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Thu, 20 Jun 2024 01:43:51 +1200 Subject: [PATCH 02/11] Widget Groups: Resolve TypeError `Uncaught TypeError: in_array(): Argument #2 ($haystack) must be of type array, string given in admin-widget-dialog.php:204` --- inc/admin-widget-dialog.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/admin-widget-dialog.php b/inc/admin-widget-dialog.php index 1ac3950c..2428b791 100644 --- a/inc/admin-widget-dialog.php +++ b/inc/admin-widget-dialog.php @@ -201,6 +201,7 @@ public function add_widgets_dialog_tabs( $tabs ) { foreach ( $widgets as $widgetName => $widgetData ) { if ( isset( $widgetData['groups'] ) && + is_array( $widgetData['groups'] ) && in_array( 'recommended', $widgetData['groups'] ) ) { $recommendedWidgets[ $widgetName ] = $widgetData; From a65f00db5d74389fbc388de81e008ecc4dc2e97a Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Tue, 25 Jun 2024 00:29:19 +1200 Subject: [PATCH 03/11] Layouts Block: Resolve Preview Updating Issue --- compat/js/siteorigin-panels-layout-block.js | 12 +++++++----- compat/js/siteorigin-panels-layout-block.jsx | 11 ++++++----- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/compat/js/siteorigin-panels-layout-block.js b/compat/js/siteorigin-panels-layout-block.js index 40a376cd..32ba0633 100644 --- a/compat/js/siteorigin-panels-layout-block.js +++ b/compat/js/siteorigin-panels-layout-block.js @@ -247,10 +247,8 @@ function (_wp$element$Component) { if (!this.isStillMounted) { return; - } // If we don't have panelsData yet, fetch it from PB directly. - + } - var panelsData = props.panelsData === null ? this.builderView.getData() : props.panelsData; this.setState({ previewInitialized: false }); @@ -258,7 +256,7 @@ function (_wp$element$Component) { url: window.soPanelsBlockEditorAdmin.previewUrl, data: { action: 'so_panels_layout_block_preview', - panelsData: JSON.stringify(panelsData) + panelsData: JSON.stringify(this.builderView.getData()) } }).then(function (preview) { if (!_this4.isStillMounted) { @@ -392,7 +390,11 @@ wp.blocks.registerBlockType('siteorigin-panels/layout-block', { panelsAttributes.contentPreview = content.preview; } - setAttributes(panelsAttributes); + setAttributes({ + contentPreview: panelsAttributes.contentPreview, + panelsData: panelsAttributes.panelsData, + previewInitialized: false + }); if (!isNewWPBlockEditor) { wp.data.dispatch('core/editor').unlockPostSaving(); diff --git a/compat/js/siteorigin-panels-layout-block.jsx b/compat/js/siteorigin-panels-layout-block.jsx index f63584bd..b4d56dd8 100644 --- a/compat/js/siteorigin-panels-layout-block.jsx +++ b/compat/js/siteorigin-panels-layout-block.jsx @@ -189,9 +189,6 @@ class SiteOriginPanelsLayoutBlock extends wp.element.Component { return; } - // If we don't have panelsData yet, fetch it from PB directly. - var panelsData = props.panelsData === null ? this.builderView.getData() : props.panelsData; - this.setState( { previewInitialized: false, } ); @@ -200,7 +197,7 @@ class SiteOriginPanelsLayoutBlock extends wp.element.Component { url: window.soPanelsBlockEditorAdmin.previewUrl, data: { action: 'so_panels_layout_block_preview', - panelsData: JSON.stringify( panelsData ), + panelsData: JSON.stringify( this.builderView.getData() ), } } ) .then( ( preview ) => { @@ -354,7 +351,11 @@ wp.blocks.registerBlockType( 'siteorigin-panels/layout-block', { panelsAttributes.contentPreview = content.preview; } - setAttributes( panelsAttributes ); + setAttributes( { + contentPreview: panelsAttributes.contentPreview, + panelsData: panelsAttributes.panelsData, + previewInitialized: false, + } ); if ( ! isNewWPBlockEditor ) { wp.data.dispatch( 'core/editor' ).unlockPostSaving(); From 76226b82567a5476e96c4989c175111d7ea1c556 Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Sat, 29 Jun 2024 10:29:17 +1200 Subject: [PATCH 04/11] Vantage Compat: Resolve Potential TypeError `PHP Fatal error: Uncaught TypeError: Cannot access offset of type string on string in compat/vantage.php:14` --- compat/vantage.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/compat/vantage.php b/compat/vantage.php index b8c4eeb1..1593db90 100644 --- a/compat/vantage.php +++ b/compat/vantage.php @@ -1,5 +1,9 @@ Date: Tue, 2 Jul 2024 13:24:23 +1200 Subject: [PATCH 05/11] Update Changelog --- changelog.txt | 39 +++++++++++++++++++++++++++++++++++++++ readme.txt | 6 ++++++ 2 files changed, 45 insertions(+) diff --git a/changelog.txt b/changelog.txt index c61f8ace..a12e7def 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,44 @@ == Changelog == += 2.29.18 – 29 June 2024 = +* Improved attribute name handling. +* Layout Block: Improved preview updating. +* Widget Groups: Resolved a potential `TypeError`. +* Vantage Compatibility: Resolved a potential `TypeError`. + += 2.29.17 – 15 June 2024 = +* Layout Builder: Default the modal icon to "Cog". +* Layouts Block: Added an additional check for clearing potential block errors. +* Row Overlays: Resolved a potential Column/Widget video content overlap. +* Row Cell Preview: Adjusted the percentage symbol placement. +* Updated escaping functions to use translatable versions where needed. +* Updated SiteOrigin Installer. +* Number Style Field: Added min/max support. + += 2.29.16 – 13 May 2024 = +* Adjusted Add Widget modal sidebar link order and display. +* Restored WP Events Manager compatibility. +* Resolved fallback shortcode decoding issue. +* Added Layout Directory caching for better performance. +* Increased required PHP version to `7.0.0`. +* Developer: Improved `panelsOptions` translation handling. + += 2.29.15 – 27 April 2024 = +* Layout Block: Further improvements to preview functionality and performance. +* Admin Area: Update to ensure Classic Editor notice is translatable. + += 2.29.14 – 26 April 2024 = +* Layout Block: Restored preview functionality. + += 2.29.13 – 21 April 2024 = +* Rank Math SEO Compatibility: Resolved dependency error. + += 2.29.12 – 19 April 2024 = +* Layout Block: Improved preview. +* Layout Block: Fix repeated rendering when switching to editor. +* Layout Block: Restored data integration for SEO content analysis. +* Post Content Widget: Added "Content" option. + = 2.29.11 – 31 March 2024 = * Post Content Widget: Fixed post featured image output. * Post Content Widget: Remove unused content and improved title output. diff --git a/readme.txt b/readme.txt index 94233690..59734b36 100644 --- a/readme.txt +++ b/readme.txt @@ -121,6 +121,12 @@ SiteOrigin offers a single premium plugin that enhances and extends Page Builder == Changelog == += 2.29.18 – 29 June 2024 = +* Improved attribute name handling. +* Layout Block: Improved preview updating. +* Widget Groups: Resolved a potential `TypeError`. +* Vantage Compatibility: Resolved a potential `TypeError`. + = 2.29.17 – 15 June 2024 = * Layout Builder: Default the modal icon to "Cog". * Layouts Block: Added an additional check for clearing potential block errors. From f4747f9ab3ee1744af28d655c4e2677f06146cf1 Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Thu, 11 Jul 2024 02:48:48 +1200 Subject: [PATCH 06/11] Further improvements for attribute Handling --- inc/renderer.php | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/inc/renderer.php b/inc/renderer.php index 17ca4ee7..dc651bef 100644 --- a/inc/renderer.php +++ b/inc/renderer.php @@ -676,9 +676,9 @@ private function start_style_wrapper( $name, $style = array(), $for = false ) { } if ( is_array( $value ) ) { - $style_wrapper .= sanitize_key( $name ) . '="' . esc_attr( implode( ' ', array_unique( $value ) ) ) . '" '; + $style_wrapper .= $this->sanitize_attribute_key( $name ) . '="' . esc_attr( implode( ' ', array_unique( $value ) ) ) . '" '; } else { - $style_wrapper .= sanitize_key( $name ) . '="' . esc_attr( $value ) . '" '; + $style_wrapper .= $this->sanitize_attribute_key( $name ) . '="' . esc_attr( $value ) . '" '; } } $style_wrapper .= '>'; @@ -810,7 +810,7 @@ public function the_widget( $widget_info, $instance, $grid_index, $cell_index, $ $before_widget = '
$v ) { - $before_widget .= sanitize_key( $k ) . '="' . esc_attr( $v ) . '" '; + $before_widget .= $this->sanitize_attribute_key( $k ) . '="' . esc_attr( $v ) . '" '; } $before_widget .= '>'; @@ -1010,11 +1010,11 @@ public function get_panels_layout_data( $panels_data ) { * @param array $attributes The attributes for the HTML element. */ private function render_element( $tag, $attributes ) { - echo '<' . sanitize_key( $tag ); + echo '<' . $thi->sanitize_attribute_key( $tag ); foreach ( $attributes as $name => $value ) { if ( $value ) { - echo ' ' . sanitize_key( $name ) . '="' . esc_attr( $value ) . '" '; + echo ' ' . $this->sanitize_attribute_key( $name ) . '="' . esc_attr( $value ) . '" '; } } echo '>'; @@ -1231,4 +1231,17 @@ public function front_css_url() { return siteorigin_panels_url( 'css/front-flex' . SITEORIGIN_PANELS_CSS_SUFFIX . '.css' ); } + function sanitize_attribute_key( $attr ) { + $attr = sanitize_key( strtolower( $attr ) ); + + // "On" prefixed attributes are too risky to allow. + if ( + empty( $attr ) || + strpos( $attr, 'on' ) === 0 + ) { + return 'invalid-attribute'; + }; + + return $attr; + } } From f30f34168dae0a0c34b0f65725793d868909f955 Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Thu, 18 Jul 2024 00:31:16 +1200 Subject: [PATCH 07/11] Update Tested --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index 59734b36..44a1b313 100644 --- a/readme.txt +++ b/readme.txt @@ -1,7 +1,7 @@ === Page Builder by SiteOrigin === Tags: page builder, website builder, responsive design, drag and drop, visual editor Requires at least: 4.7 -Tested up to: 6.5 +Tested up to: 6.6 Requires PHP: 7.0.0 Stable tag: trunk Build time: unbuilt From d9d8bd5b0bdfbf45120fb3efe6b116957a23e695 Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Sat, 20 Jul 2024 02:34:21 +1200 Subject: [PATCH 08/11] Render Element: Fix Warning `$thi` --- inc/renderer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/renderer.php b/inc/renderer.php index dc651bef..7dcf8598 100644 --- a/inc/renderer.php +++ b/inc/renderer.php @@ -1010,7 +1010,7 @@ public function get_panels_layout_data( $panels_data ) { * @param array $attributes The attributes for the HTML element. */ private function render_element( $tag, $attributes ) { - echo '<' . $thi->sanitize_attribute_key( $tag ); + echo '<' . esc_html( $tag ); foreach ( $attributes as $name => $value ) { if ( $value ) { From 7301fd37e5c511db4d08016265474de1005afb1a Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Sat, 20 Jul 2024 02:35:16 +1200 Subject: [PATCH 09/11] `sanitize_attribute_key`: Don't Process `null` values --- inc/renderer.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/inc/renderer.php b/inc/renderer.php index 7dcf8598..600e4289 100644 --- a/inc/renderer.php +++ b/inc/renderer.php @@ -1231,7 +1231,11 @@ public function front_css_url() { return siteorigin_panels_url( 'css/front-flex' . SITEORIGIN_PANELS_CSS_SUFFIX . '.css' ); } - function sanitize_attribute_key( $attr ) { + function sanitize_attribute_key( $attr = null ) { + if ( empty( $attr ) ) { + return 'invalid-attribute'; + } + $attr = sanitize_key( strtolower( $attr ) ); // "On" prefixed attributes are too risky to allow. From a2161cd21696dfca50978326ab54a1ee0467aded Mon Sep 17 00:00:00 2001 From: Alex S <17275120+AlexGStapleton@users.noreply.github.com> Date: Sat, 20 Jul 2024 18:02:25 +1200 Subject: [PATCH 10/11] Layout Directory: Resolve Issue with fetching page 2 --- inc/admin-layouts.php | 3 ++- siteorigin-panels.php | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/inc/admin-layouts.php b/inc/admin-layouts.php index 74e97465..246d6a10 100644 --- a/inc/admin-layouts.php +++ b/inc/admin-layouts.php @@ -255,6 +255,7 @@ public function action_get_prebuilt_layouts() { } $cache = get_transient( 'siteorigin_panels_layouts_directory_' . $directory_id .'_page_' . $page_num ); + if ( empty( $search ) && ! empty( $cache ) ) { $return = $cache; } else { @@ -265,7 +266,7 @@ public function action_get_prebuilt_layouts() { } $url = apply_filters( 'siteorigin_panels_layouts_directory_url', $url ); - $response = wp_remote_get( esc_url( $url ) ); + $response = wp_remote_get( esc_url_raw( $url ) ); if ( ! is_wp_error( $response ) && diff --git a/siteorigin-panels.php b/siteorigin-panels.php index 32381bd2..c9fba450 100644 --- a/siteorigin-panels.php +++ b/siteorigin-panels.php @@ -682,6 +682,9 @@ public function version_check() { if ( empty( $active_version ) || $active_version !== SITEORIGIN_PANELS_VERSION ) { do_action( 'siteorigin_panels_version_changed' ); update_option( 'siteorigin_panels_active_version', SITEORIGIN_PANELS_VERSION ); + + // Clear layout directory cache after update to account for bug in versions 2.29.18 and below. + delete_transient( 'siteorigin_panels_layouts_directory_siteorigin_page_2' ); } } From a93188d71ac29a9e14f86274118053419a12125c Mon Sep 17 00:00:00 2001 From: Andrew Misplon Date: Sun, 21 Jul 2024 15:53:18 +0100 Subject: [PATCH 11/11] Changelog update --- changelog.txt | 4 ++++ readme.txt | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/changelog.txt b/changelog.txt index a12e7def..8675ecf6 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,9 @@ == Changelog == += 2.29.19 – 21 July June 2024 = +* Further improvements for attribute name handling. +* Layout Directory: Resolved an issue with fetching page two. + = 2.29.18 – 29 June 2024 = * Improved attribute name handling. * Layout Block: Improved preview updating. diff --git a/readme.txt b/readme.txt index 44a1b313..e70883f5 100644 --- a/readme.txt +++ b/readme.txt @@ -121,6 +121,10 @@ SiteOrigin offers a single premium plugin that enhances and extends Page Builder == Changelog == += 2.29.19 – 21 July June 2024 = +* Further improvements for attribute name handling. +* Layout Directory: Resolved an issue with fetching page two. + = 2.29.18 – 29 June 2024 = * Improved attribute name handling. * Layout Block: Improved preview updating.