That looks like a bugfix rather than a security issue, though I don’t know enough about Elementor to see exactly what it’s doing.
This is just a starting point, right now my goal is to provide an option for people to run Elementor without security issues, since they dropped support for WP 4.9.x in version 2.8.0.
The same as before, anyone is welcome to submit issues and PRs, but this makes it a bit clearer that this plugin is meant for the ClassicPress community to use and maintain.
It might be best to remove “Elementor” from the name, and eventually from the code. That’s the only legal issue with forking plugins. Otherwise you’ll be in this situation:
With $15mil they have more money to spend with lawyers now
The implications here are not limited to just the name. I’d assume Elementor would take issues to the forked version having to access their server to retrieve the pre-designed pages and sections (templates)!
I’m going to make an assumption that the free templates form an integral part of the free version and therefor are released under the terms of the GPL. The pro versions however are not since the pro addon is not GPL.
I’m looking at doing a bulk import of the free versions and maintaining them on either my server or in a repo on GitHub. If I’m going to host them on my server then I’ll need to figure out how to setup the REST API endpoints to serve them from - fun times ahead
Yes something similar but would like to hook it to the builder’s own CPT instead of creating a new one.
Trying to figure out how Elementor have set their up to return the info.json and then serve the templates remotely.
GitHub might work if there’s an Action to automate the info.json - I have a rough proof of concept addon and to figure out the info automation part. The good thing with the self hosted CP already provides the API.