release: fixes

vytisbulkevicius · web-flow · commit b0a05e7fd8dc · 2025-11-20T12:53:50.000+02:00
- Enhanced security
diff --git a/css/settings.css b/css/settings.css
@@ -118,7 +118,7 @@
 	display: none;
 }
 
-:is(.feedzy-banner, .feedzy-banner-dashboard):not(.themeisle-sale) {
+:is(.feedzy-banner, .feedzy-banner-dashboard):not(#tsdk_banner) {
 	visibility: hidden;
 }
 
@@ -136,6 +136,10 @@
 	margin: 0;
 }
 
+.feedzy-container > #tsdk_banner {
+	padding: 0;
+}
+
 .feedzy-container{
 	max-width: 1224px;
 	margin: 0 auto;
diff --git a/includes/abstract/feedzy-rss-feeds-admin-abstract.php b/includes/abstract/feedzy-rss-feeds-admin-abstract.php
@@ -454,6 +454,10 @@ public function feedzy_rss( $atts, $content = '' ) {
 			} else {
 				$attributes .= 'data-has_valid_cache="true"';
 			}
+
+			// Add nonce based on feed url.
+			$attributes .= 'data-nonce="' . esc_attr( wp_create_nonce( $feed_url ) ) . '"';
+
 			$class = array_filter( apply_filters( 'feedzy_add_classes_block', array( $sc['classname'], 'feedzy-' . md5( is_array( $feed_url ) ? implode( ',', $feed_url ) : $feed_url ) ), $sc, null, $feed_url ) );
 			$html  = "<div class='feedzy-lazy' $attributes>";
 			$html .= "$content</div>";
@@ -552,6 +556,11 @@ public function feedzy_lazy_load( $data ) {
 		$atts     = $data['args'];
 		$sc       = $this->get_short_code_attributes( $atts );
 		$feed_url = $this->normalize_urls( $sc['feeds'] );
+		$nonce    = isset( $atts['nonce'] ) ? $atts['nonce'] : '';
+
+		if ( ! wp_verify_nonce( $nonce, $feed_url ) ) {
+			wp_send_json_error( array( 'message' => __( 'Security check failed.', 'feedzy-rss-feeds' ) ) );
+		}
 
 		if ( isset( $sc['filters'] ) && ! empty( $sc['filters'] ) && feedzy_is_pro() ) {
 			$sc['filters'] = apply_filters( 'feedzy_filter_conditions_attribute', $sc['filters'] );
diff --git a/includes/layouts/feedzy-support.php b/includes/layouts/feedzy-support.php
@@ -17,6 +17,7 @@
 	
 	?>
 	<div class="feedzy-container">
+		<div id="tsdk_banner" class="feedzy-banner"></div>
 		<div class="feedzy-accordion-item mb-30">
 			<div class="feedzy-accordion-item__content">
 				<div class="fz-tabs-menu">
diff --git a/js/feedzy-lazy.js b/js/feedzy-lazy.js
@@ -40,6 +40,8 @@
                 success: function(data){
                     if(data.success){
                         $feedzy_block.empty().append(data.data.content);
+                    } else {
+                        $feedzy_block.empty().append(data.data.message);
                     }
                 },
                 complete: function(){

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@`
`118`	`118`	`display: none;`
`119`	`119`	`}`
`120`	`120`
`121`		`-:is(.feedzy-banner, .feedzy-banner-dashboard):not(.themeisle-sale) {`
	`121`	`+:is(.feedzy-banner, .feedzy-banner-dashboard):not(#tsdk_banner) {`
`122`	`122`	`visibility: hidden;`
`123`	`123`	`}`
`124`	`124`
`@@ -136,6 +136,10 @@`
`136`	`136`	`margin: 0;`
`137`	`137`	`}`
`138`	`138`
	`139`	`+.feedzy-container > #tsdk_banner {`
	`140`	`+ padding: 0;`
	`141`	`+}`
	`142`	`+`
`139`	`143`	`.feedzy-container{`
`140`	`144`	`max-width: 1224px;`
`141`	`145`	`margin: 0 auto;`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,8 @@`
`40`	`40`	`success: function(data){`
`41`	`41`	`if(data.success){`
`42`	`42`	`$feedzy_block.empty().append(data.data.content);`
	`43`	`+ } else {`
	`44`	`+ $feedzy_block.empty().append(data.data.message);`
`43`	`45`	`}`
`44`	`46`	`},`
`45`	`47`	`complete: function(){`