Below is a differential between the unpatched vulnerable code and the patched update, for reference.
--- a/responsive-block-editor-addons/classes/class-responsive-block-editor-addons-frontend-styles.php
+++ b/responsive-block-editor-addons/classes/class-responsive-block-editor-addons-frontend-styles.php
@@ -10895,7 +10895,7 @@
'background-image' => $updated_button_background_image,
'margin-left' => 'left' === $attr['blockAlign'] ? 0 : '',
'margin-right' => 'right' === $attr['blockAlign'] ? 0 : '',
- 'margin-bottom' => self::get_css_value( $attr['buttonSpace'], 'px' ),
+ 'margin-bottom' => self::get_css_value( $attr['ctaBottomSpacing'], 'px' ),
'padding-left' => $flag ? '' : self::get_css_value( $attr['ctaButtonLeftPadding'], 'px' ),
'padding-right' => $flag ? '' : self::get_css_value( $attr['ctaButtonRightPadding'], 'px' ),
'padding-top' => $flag ? '' : self::get_css_value( $attr['ctaButtonTopPadding'], 'px' ),
@@ -11177,7 +11177,7 @@
'padding-bottom' => $flag ? '' : self::get_css_value( $attr['ctaButtonBottomPaddingMobile'], 'px' ),
'font-size' => self::get_css_value( $attr['ctaFontSizeMobile'], 'px' ),
'font-size' => self::get_css_value( $attr['ctaFontSizeMobile'], 'px' ),
- 'margin-bottom' => self::get_css_value( $attr['buttonSpaceMobile'], 'px' ),
+ 'margin-bottom' => self::get_css_value( $attr['ctaBottomSpacingMobile'], 'px' ),
),
' .responsive-block-editor-addons-pricing-image' => array(
'width' => self::get_css_value( $attr['imageWidthMobile'], 'px' ),
@@ -11238,7 +11238,7 @@
'padding-bottom' => $flag ? '' : self::get_css_value( $attr['ctaButtonBottomPaddingTablet'], 'px' ),
'font-size' => self::get_css_value( $attr['ctaFontSizeTablet'], 'px' ),
'font-size' => self::get_css_value( $attr['ctaFontSizeTablet'], 'px' ),
- 'margin-bottom' => self::get_css_value( $attr['buttonSpaceTablet'], 'px' ),
+ 'margin-bottom' => self::get_css_value( $attr['ctaBottomSpacingTablet'], 'px' ),
),
' .responsive-block-editor-addons-pricing-image' => array(
'width' => self::get_css_value( $attr['imageWidthTablet'], 'px' ),
@@ -11530,6 +11530,9 @@
'subpriceTextDecoration' => '',
'featuresTextDecoration' => '',
'ctaTextDecoration' => '',
+ 'ctaBottomSpacing' => '',
+ 'ctaBottomSpacingMobile' => '',
+ 'ctaBottomSpacingTablet' => '',
);
}
--- a/responsive-block-editor-addons/dist/frontend_blocks.asset.php
+++ b/responsive-block-editor-addons/dist/frontend_blocks.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('wp-polyfill'), 'version' => 'd12fe5c30b79066f99a9e90b318311c4');
No newline at end of file
+<?php return array('dependencies' => array('wp-polyfill'), 'version' => 'd281be4940b8ecaaa5e0e539820f673e');
No newline at end of file
--- a/responsive-block-editor-addons/dist/responsive-block-editor-addons-editor.asset.php
+++ b/responsive-block-editor-addons/dist/responsive-block-editor-addons-editor.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('wp-polyfill'), 'version' => 'e579442e1f1c3511676d99559a5850a4');
No newline at end of file
+<?php return array('dependencies' => array('wp-polyfill'), 'version' => '3c180786a53a3978732bf3aaea8e283d');
No newline at end of file
--- a/responsive-block-editor-addons/dist/responsive-block-editor-addons-getting-started.asset.php
+++ b/responsive-block-editor-addons/dist/responsive-block-editor-addons-getting-started.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-blob', 'wp-components', 'wp-element', 'wp-i18n', 'wp-polyfill'), 'version' => 'c4d7f26859396940ed9a18d7ba2ebe6c');
No newline at end of file
+<?php return array('dependencies' => array('react', 'wp-blob', 'wp-components', 'wp-element', 'wp-i18n', 'wp-polyfill'), 'version' => '756a925379542c5c44976c8e6220b2b2');
No newline at end of file
--- a/responsive-block-editor-addons/dist/responsive-block-editor-addons.asset.php
+++ b/responsive-block-editor-addons/dist/responsive-block-editor-addons.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('jquery', 'lodash', 'moment', 'react', 'react-dom', 'wp-api-fetch', 'wp-blob', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-dom-ready', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-keycodes', 'wp-media-utils', 'wp-polyfill', 'wp-primitives', 'wp-url'), 'version' => '038a6e3276a756d33fbcf360a37f4806');
No newline at end of file
+<?php return array('dependencies' => array('jquery', 'lodash', 'moment', 'react', 'react-dom', 'wp-api-fetch', 'wp-blob', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-dom-ready', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-keycodes', 'wp-media-utils', 'wp-polyfill', 'wp-primitives', 'wp-url'), 'version' => 'a391f3b326d62ea8c7dd50682a53d23e');
No newline at end of file
--- a/responsive-block-editor-addons/helper/class-responsive-block-editor-addons-helper.php
+++ b/responsive-block-editor-addons/helper/class-responsive-block-editor-addons-helper.php
@@ -9,6 +9,10 @@
* @subpackage Responsive_Block_Editor_Addons/helper
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* The helper plugin class Responsive_Block_Editor_Addons_Helper.
*
--- a/responsive-block-editor-addons/includes/class-responsive-block-editor-addons.php
+++ b/responsive-block-editor-addons/includes/class-responsive-block-editor-addons.php
@@ -9,6 +9,10 @@
* @subpackage Responsive_Block_Editor_Addons/includes
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* The core plugin class Responsive_Block_Editor_Addons.
*
@@ -1723,6 +1727,11 @@
public function rbea_blocks_toggle() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -1746,6 +1755,11 @@
public function rbea_toggle_auto_block_recovery() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -1767,6 +1781,11 @@
public function rbea_toggle_global_inherit_from_theme() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -1792,6 +1811,11 @@
public function rbea_toggle_custom_css() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -1813,6 +1837,11 @@
public function rbea_toggle_template_library_button() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -1835,6 +1864,11 @@
public function rbea_save_content_width() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -1859,6 +1893,11 @@
public function rbea_save_container_padding() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -1883,6 +1922,11 @@
public function rbea_save_container_gap() {
check_ajax_referer( 'responsive_block_editor_ajax_nonce', 'nonce' );
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( array( 'message' => 'Forbidden' ), 403 );
+ return;
+ }
+
if ( ! isset( $_POST['value'] ) ) {
wp_send_json_error();
}
@@ -2129,10 +2173,20 @@
$full_path = $plugin_dir_path . $relative_path;
$file_path_all = $full_path . 'responsive-sites-gutenberg-all.json';
- file_put_contents($file_path_all, $filtered_json_all); //phpcs:ignore
+ $bytes_written = file_put_contents( $file_path_all, $filtered_json_all ); //phpcs:ignore
// Check if the data was successfully written to the file
- if ( false !== $file_path_all ) {
+ if ( false !== $bytes_written ) {
+ // Store latest checksum after successful sync so future sync clicks can skip work.
+ $checksum_response = wp_remote_get( 'https://ccreadysites.cyberchimps.com/wp-json/wp/v2/get-last-xml-export-checksum2' );
+ if ( ! is_wp_error( $checksum_response ) ) {
+ $checksum_body = wp_remote_retrieve_body( $checksum_response );
+ $checksum_json = json_decode( $checksum_body, true );
+ if ( is_array( $checksum_json ) && isset( $checksum_json['last_xml_export_checksums'] ) ) {
+ update_option( 'last_xml_export_checksums', sanitize_text_field( $checksum_json['last_xml_export_checksums'] ) );
+ }
+ }
+
wp_send_json_success( array( 'filtered_data' => $filtered_json_all ) );
} else {
wp_send_json_error( array( 'message' => 'Error writing filtered data to the file.' ) );
--- a/responsive-block-editor-addons/includes/layout/functions.php
+++ b/responsive-block-editor-addons/includes/layout/functions.php
@@ -6,6 +6,10 @@
* @package RBEA Templates
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
if ( ! function_exists( 'rbea_block_templates_get_filesystem' ) ) :
/**
* Get an instance of WP_Filesystem_Direct.
--- a/responsive-block-editor-addons/includes/layout/layout-endpoints.php
+++ b/responsive-block-editor-addons/includes/layout/layout-endpoints.php
@@ -7,6 +7,10 @@
namespace RBEABlocksLayouts;
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
use WP_REST_Response;
use WP_REST_Server;
--- a/responsive-block-editor-addons/responsive-block-editor-addons.php
+++ b/responsive-block-editor-addons/responsive-block-editor-addons.php
@@ -1,20 +1,25 @@
<?php
/**
* Plugin Name: Responsive Blocks - WordPress Gutenberg Blocks
- * Plugin URI: cyberchimps.com
+ * Plugin URI: https://cyberchimps.com/responsive-blocks/
* Description: Responsive Blocks offers 50+ Gutenberg blocks so you can design beautiful pages without writing a single line of code.
* Author: CyberChimps
* Author URI: https://cyberchimps.com/responsive-blocks/
+ * License: GPLv2 or later
* Text Domain: responsive-block-editor-addons
* Domain Path: /languages
- * Version: 2.2.1
+ * Version: 2.2.2
*
* @package Responsive_Block_Editor_Addons
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
define( 'RESPONSIVE_BLOCK_EDITOR_ADDONS_URL', trailingslashit( plugin_dir_url( __FILE__ ) ) );
define( 'RESPONSIVE_BLOCK_EDITOR_ADDONS_DIR', trailingslashit( plugin_dir_path( __FILE__ ) ) );
-define( 'RESPONSIVE_BLOCK_EDITOR_ADDONS_VER', '2.2.1' );
+define( 'RESPONSIVE_BLOCK_EDITOR_ADDONS_VER', '2.2.2' );
define( 'RESPONSIVE_BLOCK_EDITOR_ADDONS_BASENAME', plugin_basename( __FILE__ ) );
define( 'RESPONSIVE_BLOCK_EDITOR_ADDONS_SEVEN_DAYS_IN_SECONDS', 604800 );
--- a/responsive-block-editor-addons/src/blocks/accordion/index.php
+++ b/responsive-block-editor-addons/src/blocks/accordion/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Accordion frontend assets funciton.
*
--- a/responsive-block-editor-addons/src/blocks/content-timeline/index.php
+++ b/responsive-block-editor-addons/src/blocks/content-timeline/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* content-timeline frontend assets funciton.
*
--- a/responsive-block-editor-addons/src/blocks/form/index.php
+++ b/responsive-block-editor-addons/src/blocks/form/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Form frontend assets funciton.
*
--- a/responsive-block-editor-addons/src/blocks/gallery-masonry/index.php
+++ b/responsive-block-editor-addons/src/blocks/gallery-masonry/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Gallery masonry frontend assets funciton.
*
--- a/responsive-block-editor-addons/src/blocks/image-hotspot/index.php
+++ b/responsive-block-editor-addons/src/blocks/image-hotspot/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Add Frontend assets.
*
--- a/responsive-block-editor-addons/src/blocks/image-slider/index.php
+++ b/responsive-block-editor-addons/src/blocks/image-slider/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Image Slider frontend assets funciton.
*
--- a/responsive-block-editor-addons/src/blocks/inline-notice/index.php
+++ b/responsive-block-editor-addons/src/blocks/inline-notice/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Add Frontend assets.
*
--- a/responsive-block-editor-addons/src/blocks/instagram/index.php
+++ b/responsive-block-editor-addons/src/blocks/instagram/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Function using WordPress API to fetch instagram data.
*
--- a/responsive-block-editor-addons/src/blocks/portfolio/index.php
+++ b/responsive-block-editor-addons/src/blocks/portfolio/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Renders the portfolio block on server.
*
--- a/responsive-block-editor-addons/src/blocks/post-carousel/index.php
+++ b/responsive-block-editor-addons/src/blocks/post-carousel/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Add Frontend assets.
*
--- a/responsive-block-editor-addons/src/blocks/post-grid/index.php
+++ b/responsive-block-editor-addons/src/blocks/post-grid/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Renders the post grid block on server.
*
--- a/responsive-block-editor-addons/src/blocks/post-timeline/index.php
+++ b/responsive-block-editor-addons/src/blocks/post-timeline/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Renders the post grid block on server.
*
--- a/responsive-block-editor-addons/src/blocks/table-of-contents/index.php
+++ b/responsive-block-editor-addons/src/blocks/table-of-contents/index.php
@@ -7,6 +7,11 @@
* @param string $content The post content to extract headings from.
* @return array The list of headings with level, content, and anchor.
*/
+
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
function responsive_block_editor_addons_extract_headings_from_content( $content ) {
if ( empty( $content ) ) {
return array();
--- a/responsive-block-editor-addons/src/blocks/taxonomy-list/index.php
+++ b/responsive-block-editor-addons/src/blocks/taxonomy-list/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Registers the taxonomy list block on server
*/
--- a/responsive-block-editor-addons/src/blocks/testimonial-slider/index.php
+++ b/responsive-block-editor-addons/src/blocks/testimonial-slider/index.php
@@ -6,6 +6,10 @@
* @package Responsive Blocks
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Add Frontend assets.
*
--- a/responsive-block-editor-addons/src/utils/fonts.php
+++ b/responsive-block-editor-addons/src/utils/fonts.php
@@ -5,6 +5,10 @@
* @package category
*/
+if ( ! defined( 'ABSPATH' ) ) {
+ exit; // Exit if accessed directly.
+}
+
/**
* Add google fonts funtion.
*