Changeset 1673026
- Timestamp:
- 06/08/2017 05:52:39 AM (9 years ago)
- Location:
- gift-certificate-creator
- Files:
-
- 6 edited
-
tags/1.1/classes/gcm-table.class.php (modified) (1 diff)
-
tags/1.1/classes/gcm.class.php (modified) (2 diffs)
-
tags/1.1/giftcertificates.php (modified) (3 diffs)
-
trunk/classes/gcm-table.class.php (modified) (1 diff)
-
trunk/classes/gcm.class.php (modified) (2 diffs)
-
trunk/giftcertificates.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
gift-certificate-creator/tags/1.1/classes/gcm-table.class.php
r1670034 r1673026 47 47 global $search; 48 48 $search = ( isset( $_REQUEST['s'] ) ) ? $_REQUEST['s'] : ''; 49 $search = sanitize_text_field( $search ); 49 50 $orderby = ( isset( $_REQUEST['orderby'] ) ) ? $_REQUEST['orderby'] : ''; 51 $orderby = sanitize_text_field( $orderby ); 50 52 $order = ( isset( $_REQUEST['order'] ) ) ? $_REQUEST['order'] : ''; 53 $order = sanitize_sql_orderby($order); 51 54 $gcPerPage = $this->getPerPage(); 52 55 $doingAjax = defined( 'DOING_AJAX' ) && DOING_AJAX; -
gift-certificate-creator/tags/1.1/classes/gcm.class.php
r1670034 r1673026 70 70 function createNewGCM($gcInfo) { 71 71 global $wpdb; 72 $gc_cert_amount = $_REQUEST['cert_amount']; 73 $gc_user_name = esc_attr($gcInfo['user_name']); 74 $gc_receip_name = esc_attr($gcInfo['receip_name']); 75 $gc_receip_address = esc_textarea($gcInfo['receip_address']); 76 $gc_cc_sec_code = sanitize_email($gcInfo['cc_sec_code']); 72 77 $sql = "INSERT INTO $wpdb->prefix" . "gift_certificates(cert_amount, user_name, receip_name, cc_number, cc_exp, cc_sec_code, receip_address) 73 values('{$gc Info['cert_amount']}', '{$gcInfo['user_name']}', '{$gcInfo['receip_name']}',74 '{$gcInfo['cc_number']}', '{$gcInfo['cc_exp_month']}-{$gcInfo['cc_exp_year']}', '{$gc Info['cc_sec_code']}', '{$gcInfo['receip_address']}')";78 values('{$gc_cert_amount}', '{$gc_user_name}', '{$gc_receip_name}', 79 '{$gcInfo['cc_number']}', '{$gcInfo['cc_exp_month']}-{$gcInfo['cc_exp_year']}', '{$gc_cc_sec_code}', '{$gc_receip_address}')"; 75 80 $wpdb->query($sql); 76 81 } … … 120 125 <tr style='<?php echo $style; ?>'> 121 126 <td align="center">1</td> 122 <td><?php echo $gcInfo['user_name']; ?></td>123 <td align="center"><?php echo $gcInfo['receip_name']; ?></td>127 <td><?php echo esc_attr($gcInfo['user_name']); ?></td> 128 <td align="center"><?php echo esc_attr($gcInfo['receip_name']); ?></td> 124 129 <td align="center"><?php echo $gcInfo['cert_amount']; ?></td> 125 130 </tr> -
gift-certificate-creator/tags/1.1/giftcertificates.php
r1670034 r1673026 134 134 */ 135 135 function gc_options_validate($input) { 136 if (is_null($input['admin_email']) || empty($input['admin_email']) ) {136 if (is_null($input['admin_email']) || empty($input['admin_email']) || (!filter_var($input['admin_email'], FILTER_VALIDATE_EMAIL)) ) { 137 137 add_settings_error( 138 138 'gc_options_admin_email_validate_field', 'gc_options_admin_email_validate_error', 'Please enter a valid email address', 'error' … … 163 163 // check sections and include corresponding file 164 164 if ($_REQUEST['action'] == 'Submit') { 165 $bob_name = esc_html($_REQUEST['user_name']); 165 166 $error = array(); 166 167 … … 174 175 175 176 //amount validation 176 if (preg_match('/^\d+ $/', $_REQUEST['cert_amount'])) {177 if (preg_match('/^\d+(\.\d*)?|\.\d+$/', $_REQUEST['cert_amount'])) { 177 178 $correctFormat = 1; 178 179 } else { -
gift-certificate-creator/trunk/classes/gcm-table.class.php
r1670032 r1673026 47 47 global $search; 48 48 $search = ( isset( $_REQUEST['s'] ) ) ? $_REQUEST['s'] : ''; 49 $search = sanitize_text_field( $search ); 49 50 $orderby = ( isset( $_REQUEST['orderby'] ) ) ? $_REQUEST['orderby'] : ''; 51 $orderby = sanitize_text_field( $orderby ); 50 52 $order = ( isset( $_REQUEST['order'] ) ) ? $_REQUEST['order'] : ''; 53 $order = sanitize_sql_orderby($order); 51 54 $gcPerPage = $this->getPerPage(); 52 55 $doingAjax = defined( 'DOING_AJAX' ) && DOING_AJAX; -
gift-certificate-creator/trunk/classes/gcm.class.php
r1670032 r1673026 70 70 function createNewGCM($gcInfo) { 71 71 global $wpdb; 72 $gc_cert_amount = $_REQUEST['cert_amount']; 73 $gc_user_name = esc_attr($gcInfo['user_name']); 74 $gc_receip_name = esc_attr($gcInfo['receip_name']); 75 $gc_receip_address = esc_textarea($gcInfo['receip_address']); 76 $gc_cc_sec_code = sanitize_email($gcInfo['cc_sec_code']); 72 77 $sql = "INSERT INTO $wpdb->prefix" . "gift_certificates(cert_amount, user_name, receip_name, cc_number, cc_exp, cc_sec_code, receip_address) 73 values('{$gc Info['cert_amount']}', '{$gcInfo['user_name']}', '{$gcInfo['receip_name']}',74 '{$gcInfo['cc_number']}', '{$gcInfo['cc_exp_month']}-{$gcInfo['cc_exp_year']}', '{$gc Info['cc_sec_code']}', '{$gcInfo['receip_address']}')";78 values('{$gc_cert_amount}', '{$gc_user_name}', '{$gc_receip_name}', 79 '{$gcInfo['cc_number']}', '{$gcInfo['cc_exp_month']}-{$gcInfo['cc_exp_year']}', '{$gc_cc_sec_code}', '{$gc_receip_address}')"; 75 80 $wpdb->query($sql); 76 81 } … … 120 125 <tr style='<?php echo $style; ?>'> 121 126 <td align="center">1</td> 122 <td><?php echo $gcInfo['user_name']; ?></td>123 <td align="center"><?php echo $gcInfo['receip_name']; ?></td>127 <td><?php echo esc_attr($gcInfo['user_name']); ?></td> 128 <td align="center"><?php echo esc_attr($gcInfo['receip_name']); ?></td> 124 129 <td align="center"><?php echo $gcInfo['cert_amount']; ?></td> 125 130 </tr> -
gift-certificate-creator/trunk/giftcertificates.php
r1670032 r1673026 134 134 */ 135 135 function gc_options_validate($input) { 136 if (is_null($input['admin_email']) || empty($input['admin_email']) ) {136 if (is_null($input['admin_email']) || empty($input['admin_email']) || (!filter_var($input['admin_email'], FILTER_VALIDATE_EMAIL)) ) { 137 137 add_settings_error( 138 138 'gc_options_admin_email_validate_field', 'gc_options_admin_email_validate_error', 'Please enter a valid email address', 'error' … … 163 163 // check sections and include corresponding file 164 164 if ($_REQUEST['action'] == 'Submit') { 165 $bob_name = esc_html($_REQUEST['user_name']); 165 166 $error = array(); 166 167 … … 174 175 175 176 //amount validation 176 if (preg_match('/^\d+ $/', $_REQUEST['cert_amount'])) {177 if (preg_match('/^\d+(\.\d*)?|\.\d+$/', $_REQUEST['cert_amount'])) { 177 178 $correctFormat = 1; 178 179 } else {
Note: See TracChangeset
for help on using the changeset viewer.