release: fixes

- Fix security vulnerability
- Fix watermark/copyright opacity wrong value #910

Author: vytisbulkevicius

classes/Visualizer/Gutenberg/Block.php

@@ -750,8 +750,12 @@ public function upload_csv_data( $data ) {
 			return false;
 		}
 
-		if ( $data['url'] && ! is_wp_error( $data['url'] ) && filter_var( $data['url'], FILTER_VALIDATE_URL ) ) {
-			$source = new Visualizer_Source_Csv_Remote( $data['url'] );
+		$remote_data = false;
+		if ( isset( $data['url'] ) && function_exists( 'wp_http_validate_url' ) ) {
+			$remote_data = wp_http_validate_url( $data['url'] );
+		}
+		if ( false !== $remote_data && ! is_wp_error( $remote_data ) ) {
+			$source = new Visualizer_Source_Csv_Remote( $remote_data );
 			if ( $source->fetch() ) {
 				$temp = $source->getData();
 				if ( is_string( $temp ) && is_array( unserialize( $temp ) ) ) {

classes/Visualizer/Module/Chart.php

@@ -1111,10 +1111,15 @@ public function uploadData() {
 
 		$source = null;
 		$render = new Visualizer_Render_Page_Update();
-		if ( isset( $_POST['remote_data'] ) && filter_var( $_POST['remote_data'], FILTER_VALIDATE_URL ) ) {
-			$source = new Visualizer_Source_Csv_Remote( $_POST['remote_data'] );
+
+		$remote_data = false;
+		if ( isset( $_POST['remote_data'] ) && function_exists( 'wp_http_validate_url' ) ) {
+			$remote_data = wp_http_validate_url( $_POST['remote_data'] );
+		}
+		if ( false !== $remote_data ) {
+			$source = new Visualizer_Source_Csv_Remote( $remote_data );
 			if ( isset( $_POST['vz-import-time'] ) ) {
-				apply_filters( 'visualizer_pro_chart_schedule', $chart_id, $_POST['remote_data'], $_POST['vz-import-time'] );
+				apply_filters( 'visualizer_pro_chart_schedule', $chart_id, $remote_data, $_POST['vz-import-time'] );
 			}
 			// phpcs:ignore WordPress.PHP.StrictComparisons.LooseComparison
 		} elseif ( isset( $_FILES['local_data'] ) && $_FILES['local_data']['error'] == 0 ) {

classes/Visualizer/Module/Frontend.php

@@ -477,7 +477,7 @@ public function renderChart( $atts ) {
 			$prefix = 'T' . 'a' . 'bl' . 'e';
 		}
 		// return placeholder div
-		return '<div class="' . $container_class . '">' . $actions_div . '<div id="' . $id . '"' . $this->getHtmlAttributes( $attributes ) . '></div>' . $this->addSchema( $chart->ID ) . ( ! Visualizer_Module::is_pro() ? ( '<' . 'di' . 'v st' . 'yl' . 'e="' . 'op' . 'a' . 'ci' . 't' . 'y:' . '0' . '.' . '.7' . ';t' . 'ex' . 't-a' . 'li' . 'gn:' . 'ri' . 'gh' . 't;b' . 'o' . 'tto' . 'm: 1' . '0px; z-i' . 'nd' . 'ex:1' . '00' . '0; ' . 'le' . 'ft' . ':2' . '0px' . '; fo' . 'nt-si' . 'ze: 1' . '4px">' . $prefix . ' b' . 'y' . ' <a ' . 'h' . 're' . 'f="ht' . 'tp' . 's:/' . '/t' . 'he' . 'me' . 'i' . 'sl' . 'e' . '.c' . 'om' . '/p' . 'lu' . 'gi' . 'ns' . '/v' . 'i' . 'su' . 'al' . 'iz' . 'er' . '-c' . 'ha' . 'rts' . '-a' . 'nd' . '-gr' . 'ap' . 'hs' . '/" t' . 'arg' . 'et="' . '_bl' . 'an' . 'k" re' . 'l=' . '"no' . 'fol' . 'l' . 'ow"' . '>V' . 'is' . 'u' . 'a' . 'l' . 'i' . 'z' . 'e' . 'r' . '</' . 'a' . '>' . '<' . '/' . 'd' . 'i' . 'v' . '>' ) : '' ) . '</div>';
+		return '<div class="' . $container_class . '">' . $actions_div . '<div id="' . $id . '"' . $this->getHtmlAttributes( $attributes ) . '></div>' . $this->addSchema( $chart->ID ) . ( ! Visualizer_Module::is_pro() ? ( '<' . 'di' . 'v st' . 'yl' . 'e="' . 'op' . 'a' . 'ci' . 't' . 'y:' . '0' . '.7' . ';t' . 'ex' . 't-a' . 'li' . 'gn:' . 'ri' . 'gh' . 't;b' . 'o' . 'tto' . 'm: 1' . '0px; z-i' . 'nd' . 'ex:1' . '00' . '0; ' . 'le' . 'ft' . ':2' . '0px' . '; fo' . 'nt-si' . 'ze: 1' . '4px">' . $prefix . ' b' . 'y' . ' <a ' . 'h' . 're' . 'f="ht' . 'tp' . 's:/' . '/t' . 'he' . 'me' . 'i' . 'sl' . 'e' . '.c' . 'om' . '/p' . 'lu' . 'gi' . 'ns' . '/v' . 'i' . 'su' . 'al' . 'iz' . 'er' . '-c' . 'ha' . 'rts' . '-a' . 'nd' . '-gr' . 'ap' . 'hs' . '/" t' . 'arg' . 'et="' . '_bl' . 'an' . 'k" re' . 'l=' . '"no' . 'fol' . 'l' . 'ow"' . '>V' . 'is' . 'u' . 'a' . 'l' . 'i' . 'z' . 'e' . 'r' . '</' . 'a' . '>' . '<' . '/' . 'd' . 'i' . 'v' . '>' ) : '' ) . '</div>';
 	}
 
 	/**