Changeset 1675786
- Timestamp:
- 06/11/2017 06:46:37 AM (9 years ago)
- Location:
- gift-certificate-creator
- Files:
-
- 10 edited
-
tags/1.1/classes/gcm-table.class.php (modified) (3 diffs)
-
tags/1.1/classes/gcm.class.php (modified) (7 diffs)
-
tags/1.1/gc-list.php (modified) (1 diff)
-
tags/1.1/gcm-config.php (modified) (1 diff)
-
tags/1.1/giftcertificates.php (modified) (7 diffs)
-
trunk/classes/gcm-table.class.php (modified) (3 diffs)
-
trunk/classes/gcm.class.php (modified) (7 diffs)
-
trunk/gc-list.php (modified) (1 diff)
-
trunk/gcm-config.php (modified) (1 diff)
-
trunk/giftcertificates.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
gift-certificate-creator/tags/1.1/classes/gcm-table.class.php
r1673026 r1675786 19 19 * 20 20 */ 21 22 // Exit if accessed directly 23 if ( ! defined( 'ABSPATH' ) ) { 24 exit; 25 } 26 21 27 class GCListTable extends WP_List_Table { 22 28 … … 54 60 $gcPerPage = $this->getPerPage(); 55 61 $doingAjax = defined( 'DOING_AJAX' ) && DOING_AJAX; 56 62 57 63 // per page number 58 64 if ( isset( $_REQUEST['number'] ) ) { … … 61 67 $number = $gcPerPage + min( 8, $gcPerPage ); 62 68 } 63 69 $number = filter_var($number, FILTER_SANITIZE_NUMBER_INT); 64 70 $page = $this->get_pagenum(); 65 71 66 72 // start number 67 73 if ( isset( $_REQUEST['start'] ) ) { 68 $start = $_REQUEST['start'];74 $start = (int) $_REQUEST['start']; 69 75 } else { 70 76 $start = ( $page - 1 ) * $gcPerPage; 71 77 } 72 78 $start = filter_var($start, FILTER_SANITIZE_NUMBER_INT); 79 73 80 // if ajax request 74 81 if ( $doingAjax && isset( $_REQUEST['offset'] ) ) { 75 $start += $_REQUEST['offset'];82 $start += (int) $_REQUEST['offset']; 76 83 } 77 84 85 78 86 $args = array( 79 87 'search' => $search, -
gift-certificate-creator/tags/1.1/classes/gcm.class.php
r1673026 r1675786 8 8 * 9 9 */ 10 11 10 /** 12 11 * The class contains all functions used for gc management … … 19 18 * 20 19 */ 20 // Exit if accessed directly 21 if (!defined('ABSPATH')) { 22 exit; 23 } 24 21 25 class GCM { 22 26 … … 27 31 */ 28 32 function getAllGCList($args = array()) { 29 global $wpdb; 33 global $wpdb; 30 34 $number = absint($args['number']); 31 $offset = absint($args['offset']); 32 35 $offset = absint($args['offset']); 36 33 37 // if number is not empty 34 if (!empty($number) && empty($args['count']) 38 if (!empty($number) && empty($args['count'])) { 35 39 $limits = !empty($offset) ? "LIMIT $offset, $number" : "LIMIT $number"; 36 40 } else { 37 41 $limits = ''; 38 42 } 39 43 40 44 // fields of sql 41 45 $fields = !empty($args['count']) ? 'COUNT(*) count' : '*'; 42 46 43 47 // whree consition of sql 44 48 $where = "1=1"; 45 $where .= !empty($args['search']) ? " AND (user_name like '%".addslashes($args['search'])."%' or receip_name like '%".addslashes($args['search'])."%')" : "";46 49 $where .=!empty($args['search']) ? " AND (user_name like '%" . addslashes($args['search']) . "%' or receip_name like '%" . addslashes($args['search']) . "%')" : ""; 50 47 51 // order parameters 48 52 $order = ('DESC' == strtoupper($args['order']) ) ? 'ASC' : 'DESC'; 49 53 $orderby = !empty($args['orderby']) ? $args['orderby'] : 'user_name'; 50 54 51 55 // create sql 52 56 $dbTable = $wpdb->prefix . "gift_certificates"; 53 $sql = "SELECT $fields FROM $dbTable WHERE $where $groupbyORDER BY $orderby $order $limits";54 57 $sql = "SELECT $fields FROM $dbTable WHERE $where ORDER BY $orderby $order $limits"; 58 55 59 // check whether count or list needed 56 60 if (!empty($args['count'])) { 57 61 $countInfo = $wpdb->get_row($sql, OBJECT); 58 return 62 return $countInfo->count; 59 63 } else { 60 $gcList = $wpdb->get_results($sql, OBJECT 64 $gcList = $wpdb->get_results($sql, OBJECT); 61 65 return $gcList; 62 66 } 63 64 67 } 65 68 66 69 /** 67 70 * function to create new gift certificate … … 69 72 */ 70 73 function createNewGCM($gcInfo) { 74 71 75 global $wpdb; 72 76 $gc_cert_amount = $_REQUEST['cert_amount']; 73 $gc_user_name 77 $gc_user_name = esc_attr($gcInfo['user_name']); 74 78 $gc_receip_name = esc_attr($gcInfo['receip_name']); 75 79 $gc_receip_address = esc_textarea($gcInfo['receip_address']); 76 80 $gc_cc_sec_code = sanitize_email($gcInfo['cc_sec_code']); 77 $sql = "INSERT INTO $wpdb->prefix" . "gift_certificates(cert_amount, user_name, receip_name, cc_number, cc_exp, cc_sec_code, receip_address) 78 values('{$gc_cert_amount}', '{$gc_user_name}', '{$gc_receip_name}', 79 '{$gcInfo['cc_number']}', '{$gcInfo['cc_exp_month']}-{$gcInfo['cc_exp_year']}', '{$gc_cc_sec_code}', '{$gc_receip_address}')"; 80 $wpdb->query($sql); 81 $wpdb->query($wpdb->prepare( 82 "INSERT INTO $wpdb->prefix" 83 . "gift_certificates(cert_amount, user_name, receip_name, cc_sec_code, receip_address) " 84 . "values(%f, %s, %s, %s, %s) 85 ", $gc_cert_amount, $gc_user_name, $gc_receip_name, $gc_cc_sec_code, $gc_receip_address 86 )); 81 87 } 82 83 88 84 89 /** 85 90 * function to send gc reports to users … … 90 95 */ 91 96 function sendGCMReportEmail($toEmail, $fromEmail, $subject, $gcInfo) { 92 97 93 98 $headers[] = "From: Admin <$fromEmail>"; 94 99 $headers[] = "Content-Type: text/html; charset=UTF-8"; … … 102 107 <br> 103 108 <style> 104 table {105 border-collapse: collapse;106 font-size: 12px;107 width: 60%;108 }109 table, td, th {110 border: 1px solid #E1E1E1;111 color: #555555;112 }113 th, td {114 padding: 5px 10px;115 }116 109 table { 110 border-collapse: collapse; 111 font-size: 12px; 112 width: 60%; 113 } 114 table, td, th { 115 border: 1px solid #E1E1E1; 116 color: #555555; 117 } 118 th, td { 119 padding: 5px 10px; 120 } 121 117 122 </style> 118 123 <table class="gc_report"> … … 135 140 wp_mail($toEmail, $subject, $message, $headers); 136 141 } 137 142 138 143 } -
gift-certificate-creator/tags/1.1/gc-list.php
r1670034 r1675786 8 8 * 9 9 */ 10 11 // Exit if accessed directly 12 if ( ! defined( 'ABSPATH' ) ) { 13 exit; 14 } 10 15 11 16 //include require files -
gift-certificate-creator/tags/1.1/gcm-config.php
r1670034 r1675786 9 9 */ 10 10 11 $path = dirname( dirname( dirname( dirname( __FILE__ ) ) ) ); 11 // Exit if accessed directly 12 if ( ! defined( 'ABSPATH' ) ) { 13 exit; 14 } 12 15 13 16 // define the gc displayed per page -
gift-certificate-creator/tags/1.1/giftcertificates.php
r1673026 r1675786 9 9 * License: 10 10 */ 11 $path = dirname(dirname(dirname(dirname(__FILE__)))); 11 // Exit if accessed directly 12 if (!defined('ABSPATH')) { 13 exit; 14 } 12 15 13 16 //include require files … … 134 137 */ 135 138 function gc_options_validate($input) { 136 if (is_null($input['admin_email']) || empty($input['admin_email']) || (!filter_var($input['admin_email'], FILTER_VALIDATE_EMAIL)) 139 if (is_null($input['admin_email']) || empty($input['admin_email']) || (!filter_var($input['admin_email'], FILTER_VALIDATE_EMAIL))) { 137 140 add_settings_error( 138 141 'gc_options_admin_email_validate_field', 'gc_options_admin_email_validate_error', 'Please enter a valid email address', 'error' … … 162 165 163 166 // check sections and include corresponding file 164 if ($_REQUEST['action'] == 'Submit') { 165 $bob_name = esc_html($_REQUEST['user_name']); 167 if (isset($_REQUEST['action']) && isset($_REQUEST['action']) == 'Submit') { 166 168 $error = array(); 167 169 … … 183 185 184 186 //name validation 185 if (preg_match(' ([A-Za-z0-9\\\'\\.\\-\\s\\,])', $_REQUEST['user_name'])) {186 $correctFormat = 1; 187 } else { 188 $correctFormat = -1; 189 array_push($error, " Enter valid Name format ");187 if (preg_match('/^[a-zA-Z\s]+$/', $_REQUEST['user_name'])) { 188 $correctFormat = 1; 189 } else { 190 $correctFormat = -1; 191 array_push($error, " Enter valid Name format. Only letters and spaces are allowed "); 190 192 } 191 193 192 194 //Recipient Name validation 193 if (preg_match('([A-Za-z0-9\\\'\\.\\-\\s\\,])', $_REQUEST['receip_name'])) { 194 $correctFormat = 1; 195 } else { 196 $correctFormat = -1; 197 array_push($error, " Enter valid RecipientName format "); 198 } 199 195 if (preg_match('/^[a-zA-Z\s]+$/', $_REQUEST['receip_name'])) { 196 $correctFormat = 1; 197 } else { 198 $correctFormat = -1; 199 array_push($error, " Enter valid Recipient Name format. Only letters and spaces are allowed "); 200 } 201 202 //Address validation 203 if (strpos($_REQUEST['receip_address'], '<') === FALSE && strpos($_REQUEST['receip_address'], '>') === FALSE && strpos($_REQUEST['receip_address'], '%') === FALSE && strpos($_REQUEST['receip_address'], '\\') === FALSE) { 204 $correctFormat = 1; 205 } else { 206 $correctFormat = -1; 207 array_push($error, " Enter valid Address . Symbols like <,>,%,\ are not allowed "); 208 } 200 209 //checking the validation if valid (ie$correctFormat == 1) enter 201 210 if (!$error) { … … 216 225 } 217 226 } else { 227 218 228 $success = -1; 219 writeLog( $error[0] . "<br>" . $error[1], basename(__LINE__), basename(__FILE__));229 writeLog(print_r($error, TRUE), basename(__LINE__), basename(__FILE__)); 220 230 } 221 231 } else { … … 229 239 writeLog(" Form values are not posted ", basename(__LINE__), basename(__FILE__)); 230 240 ?> 231 <div class="error">Please enter form details in proper format!<?php echo "<br>" . $error[0] . "<br>" . $error[1]; ?></div> 241 <div class="error">Please enter form details in proper format!<br><?php 242 foreach ($error as $text) { 243 echo $text . "<br>"; 244 } 245 ?></div> 232 246 <?php 233 247 } … … 280 294 <tr> 281 295 <th>Certificate Amount <span class="error">*</span>:</th> 282 <td><input type="text" name="cert_amount" value="<?php echo $_REQUEST['cert_amount']; ?>" placeholder ="$"></td>296 <td><input type="text" name="cert_amount" value="<?php echo isset($_REQUEST['cert_amount']) ? (int) $_REQUEST['cert_amount'] : ''; ?>" placeholder ="$"></td> 283 297 </tr> 284 298 <tr> 285 299 <th>Your Name <span class="error">*</span>:</th> 286 <td><input type="text" name="user_name" value="<?php echo $_REQUEST['user_name']; ?>"> </td>300 <td><input type="text" name="user_name" value="<?php echo isset($_REQUEST['user_name']) ? htmlspecialchars($_REQUEST['user_name']) : ''; ?>"> </td> 287 301 </tr> 288 302 <tr> 289 303 <th>Recipient Name <span class="error">*</span>:</th> 290 <td><input type="text" name="receip_name" value="<?php echo $_REQUEST['receip_name']; ?>"> </td>304 <td><input type="text" name="receip_name" value="<?php echo isset($_REQUEST['receip_name']) ? htmlspecialchars($_REQUEST['receip_name']) : ''; ?>"> </td> 291 305 </tr> 292 306 <tr> 293 307 <th>Recipient Email <span class="error">*</span>:</th> 294 <td><input type="text" name="cc_sec_code" value="<?php echo $_REQUEST['cc_sec_code']; ?>"></td>308 <td><input type="text" name="cc_sec_code" value="<?php echo isset($_REQUEST['cc_sec_code']) ? filter_var($_REQUEST['cc_sec_code'], FILTER_SANITIZE_EMAIL) : ''; ?>"></td> 295 309 </tr> 296 310 <tr> 297 311 <th>Recipient Address:</th> 298 <td><textarea name="receip_address" value="<?php echo $_REQUEST['receip_address']; ?>"></textarea>312 <td><textarea name="receip_address" value="<?php echo isset($_REQUEST['receip_address']) ? $_REQUEST['receip_address'] : ''; ?>"></textarea> 299 313 </tr> 300 314 <tr> -
gift-certificate-creator/trunk/classes/gcm-table.class.php
r1673026 r1675786 19 19 * 20 20 */ 21 22 // Exit if accessed directly 23 if ( ! defined( 'ABSPATH' ) ) { 24 exit; 25 } 26 21 27 class GCListTable extends WP_List_Table { 22 28 … … 54 60 $gcPerPage = $this->getPerPage(); 55 61 $doingAjax = defined( 'DOING_AJAX' ) && DOING_AJAX; 56 62 57 63 // per page number 58 64 if ( isset( $_REQUEST['number'] ) ) { … … 61 67 $number = $gcPerPage + min( 8, $gcPerPage ); 62 68 } 63 69 $number = filter_var($number, FILTER_SANITIZE_NUMBER_INT); 64 70 $page = $this->get_pagenum(); 65 71 66 72 // start number 67 73 if ( isset( $_REQUEST['start'] ) ) { 68 $start = $_REQUEST['start'];74 $start = (int) $_REQUEST['start']; 69 75 } else { 70 76 $start = ( $page - 1 ) * $gcPerPage; 71 77 } 72 78 $start = filter_var($start, FILTER_SANITIZE_NUMBER_INT); 79 73 80 // if ajax request 74 81 if ( $doingAjax && isset( $_REQUEST['offset'] ) ) { 75 $start += $_REQUEST['offset'];82 $start += (int) $_REQUEST['offset']; 76 83 } 77 84 85 78 86 $args = array( 79 87 'search' => $search, -
gift-certificate-creator/trunk/classes/gcm.class.php
r1673026 r1675786 8 8 * 9 9 */ 10 11 10 /** 12 11 * The class contains all functions used for gc management … … 19 18 * 20 19 */ 20 // Exit if accessed directly 21 if (!defined('ABSPATH')) { 22 exit; 23 } 24 21 25 class GCM { 22 26 … … 27 31 */ 28 32 function getAllGCList($args = array()) { 29 global $wpdb; 33 global $wpdb; 30 34 $number = absint($args['number']); 31 $offset = absint($args['offset']); 32 35 $offset = absint($args['offset']); 36 33 37 // if number is not empty 34 if (!empty($number) && empty($args['count']) 38 if (!empty($number) && empty($args['count'])) { 35 39 $limits = !empty($offset) ? "LIMIT $offset, $number" : "LIMIT $number"; 36 40 } else { 37 41 $limits = ''; 38 42 } 39 43 40 44 // fields of sql 41 45 $fields = !empty($args['count']) ? 'COUNT(*) count' : '*'; 42 46 43 47 // whree consition of sql 44 48 $where = "1=1"; 45 $where .= !empty($args['search']) ? " AND (user_name like '%".addslashes($args['search'])."%' or receip_name like '%".addslashes($args['search'])."%')" : "";46 49 $where .=!empty($args['search']) ? " AND (user_name like '%" . addslashes($args['search']) . "%' or receip_name like '%" . addslashes($args['search']) . "%')" : ""; 50 47 51 // order parameters 48 52 $order = ('DESC' == strtoupper($args['order']) ) ? 'ASC' : 'DESC'; 49 53 $orderby = !empty($args['orderby']) ? $args['orderby'] : 'user_name'; 50 54 51 55 // create sql 52 56 $dbTable = $wpdb->prefix . "gift_certificates"; 53 $sql = "SELECT $fields FROM $dbTable WHERE $where $groupbyORDER BY $orderby $order $limits";54 57 $sql = "SELECT $fields FROM $dbTable WHERE $where ORDER BY $orderby $order $limits"; 58 55 59 // check whether count or list needed 56 60 if (!empty($args['count'])) { 57 61 $countInfo = $wpdb->get_row($sql, OBJECT); 58 return 62 return $countInfo->count; 59 63 } else { 60 $gcList = $wpdb->get_results($sql, OBJECT 64 $gcList = $wpdb->get_results($sql, OBJECT); 61 65 return $gcList; 62 66 } 63 64 67 } 65 68 66 69 /** 67 70 * function to create new gift certificate … … 69 72 */ 70 73 function createNewGCM($gcInfo) { 74 71 75 global $wpdb; 72 76 $gc_cert_amount = $_REQUEST['cert_amount']; 73 $gc_user_name 77 $gc_user_name = esc_attr($gcInfo['user_name']); 74 78 $gc_receip_name = esc_attr($gcInfo['receip_name']); 75 79 $gc_receip_address = esc_textarea($gcInfo['receip_address']); 76 80 $gc_cc_sec_code = sanitize_email($gcInfo['cc_sec_code']); 77 $sql = "INSERT INTO $wpdb->prefix" . "gift_certificates(cert_amount, user_name, receip_name, cc_number, cc_exp, cc_sec_code, receip_address) 78 values('{$gc_cert_amount}', '{$gc_user_name}', '{$gc_receip_name}', 79 '{$gcInfo['cc_number']}', '{$gcInfo['cc_exp_month']}-{$gcInfo['cc_exp_year']}', '{$gc_cc_sec_code}', '{$gc_receip_address}')"; 80 $wpdb->query($sql); 81 $wpdb->query($wpdb->prepare( 82 "INSERT INTO $wpdb->prefix" 83 . "gift_certificates(cert_amount, user_name, receip_name, cc_sec_code, receip_address) " 84 . "values(%f, %s, %s, %s, %s) 85 ", $gc_cert_amount, $gc_user_name, $gc_receip_name, $gc_cc_sec_code, $gc_receip_address 86 )); 81 87 } 82 83 88 84 89 /** 85 90 * function to send gc reports to users … … 90 95 */ 91 96 function sendGCMReportEmail($toEmail, $fromEmail, $subject, $gcInfo) { 92 97 93 98 $headers[] = "From: Admin <$fromEmail>"; 94 99 $headers[] = "Content-Type: text/html; charset=UTF-8"; … … 102 107 <br> 103 108 <style> 104 table {105 border-collapse: collapse;106 font-size: 12px;107 width: 60%;108 }109 table, td, th {110 border: 1px solid #E1E1E1;111 color: #555555;112 }113 th, td {114 padding: 5px 10px;115 }116 109 table { 110 border-collapse: collapse; 111 font-size: 12px; 112 width: 60%; 113 } 114 table, td, th { 115 border: 1px solid #E1E1E1; 116 color: #555555; 117 } 118 th, td { 119 padding: 5px 10px; 120 } 121 117 122 </style> 118 123 <table class="gc_report"> … … 135 140 wp_mail($toEmail, $subject, $message, $headers); 136 141 } 137 142 138 143 } -
gift-certificate-creator/trunk/gc-list.php
r1134254 r1675786 8 8 * 9 9 */ 10 11 // Exit if accessed directly 12 if ( ! defined( 'ABSPATH' ) ) { 13 exit; 14 } 10 15 11 16 //include require files -
gift-certificate-creator/trunk/gcm-config.php
r1134254 r1675786 9 9 */ 10 10 11 $path = dirname( dirname( dirname( dirname( __FILE__ ) ) ) ); 11 // Exit if accessed directly 12 if ( ! defined( 'ABSPATH' ) ) { 13 exit; 14 } 12 15 13 16 // define the gc displayed per page -
gift-certificate-creator/trunk/giftcertificates.php
r1673026 r1675786 9 9 * License: 10 10 */ 11 $path = dirname(dirname(dirname(dirname(__FILE__)))); 11 // Exit if accessed directly 12 if (!defined('ABSPATH')) { 13 exit; 14 } 12 15 13 16 //include require files … … 134 137 */ 135 138 function gc_options_validate($input) { 136 if (is_null($input['admin_email']) || empty($input['admin_email']) || (!filter_var($input['admin_email'], FILTER_VALIDATE_EMAIL)) 139 if (is_null($input['admin_email']) || empty($input['admin_email']) || (!filter_var($input['admin_email'], FILTER_VALIDATE_EMAIL))) { 137 140 add_settings_error( 138 141 'gc_options_admin_email_validate_field', 'gc_options_admin_email_validate_error', 'Please enter a valid email address', 'error' … … 162 165 163 166 // check sections and include corresponding file 164 if ($_REQUEST['action'] == 'Submit') { 165 $bob_name = esc_html($_REQUEST['user_name']); 167 if (isset($_REQUEST['action']) && isset($_REQUEST['action']) == 'Submit') { 166 168 $error = array(); 167 169 … … 183 185 184 186 //name validation 185 if (preg_match(' ([A-Za-z0-9\\\'\\.\\-\\s\\,])', $_REQUEST['user_name'])) {186 $correctFormat = 1; 187 } else { 188 $correctFormat = -1; 189 array_push($error, " Enter valid Name format ");187 if (preg_match('/^[a-zA-Z\s]+$/', $_REQUEST['user_name'])) { 188 $correctFormat = 1; 189 } else { 190 $correctFormat = -1; 191 array_push($error, " Enter valid Name format. Only letters and spaces are allowed "); 190 192 } 191 193 192 194 //Recipient Name validation 193 if (preg_match('([A-Za-z0-9\\\'\\.\\-\\s\\,])', $_REQUEST['receip_name'])) { 194 $correctFormat = 1; 195 } else { 196 $correctFormat = -1; 197 array_push($error, " Enter valid RecipientName format "); 198 } 199 195 if (preg_match('/^[a-zA-Z\s]+$/', $_REQUEST['receip_name'])) { 196 $correctFormat = 1; 197 } else { 198 $correctFormat = -1; 199 array_push($error, " Enter valid Recipient Name format. Only letters and spaces are allowed "); 200 } 201 202 //Address validation 203 if (strpos($_REQUEST['receip_address'], '<') === FALSE && strpos($_REQUEST['receip_address'], '>') === FALSE && strpos($_REQUEST['receip_address'], '%') === FALSE && strpos($_REQUEST['receip_address'], '\\') === FALSE) { 204 $correctFormat = 1; 205 } else { 206 $correctFormat = -1; 207 array_push($error, " Enter valid Address . Symbols like <,>,%,\ are not allowed "); 208 } 200 209 //checking the validation if valid (ie$correctFormat == 1) enter 201 210 if (!$error) { … … 216 225 } 217 226 } else { 227 218 228 $success = -1; 219 writeLog( $error[0] . "<br>" . $error[1], basename(__LINE__), basename(__FILE__));229 writeLog(print_r($error, TRUE), basename(__LINE__), basename(__FILE__)); 220 230 } 221 231 } else { … … 229 239 writeLog(" Form values are not posted ", basename(__LINE__), basename(__FILE__)); 230 240 ?> 231 <div class="error">Please enter form details in proper format!<?php echo "<br>" . $error[0] . "<br>" . $error[1]; ?></div> 241 <div class="error">Please enter form details in proper format!<br><?php 242 foreach ($error as $text) { 243 echo $text . "<br>"; 244 } 245 ?></div> 232 246 <?php 233 247 } … … 280 294 <tr> 281 295 <th>Certificate Amount <span class="error">*</span>:</th> 282 <td><input type="text" name="cert_amount" value="<?php echo $_REQUEST['cert_amount']; ?>" placeholder ="$"></td>296 <td><input type="text" name="cert_amount" value="<?php echo isset($_REQUEST['cert_amount']) ? (int) $_REQUEST['cert_amount'] : ''; ?>" placeholder ="$"></td> 283 297 </tr> 284 298 <tr> 285 299 <th>Your Name <span class="error">*</span>:</th> 286 <td><input type="text" name="user_name" value="<?php echo $_REQUEST['user_name']; ?>"> </td>300 <td><input type="text" name="user_name" value="<?php echo isset($_REQUEST['user_name']) ? htmlspecialchars($_REQUEST['user_name']) : ''; ?>"> </td> 287 301 </tr> 288 302 <tr> 289 303 <th>Recipient Name <span class="error">*</span>:</th> 290 <td><input type="text" name="receip_name" value="<?php echo $_REQUEST['receip_name']; ?>"> </td>304 <td><input type="text" name="receip_name" value="<?php echo isset($_REQUEST['receip_name']) ? htmlspecialchars($_REQUEST['receip_name']) : ''; ?>"> </td> 291 305 </tr> 292 306 <tr> 293 307 <th>Recipient Email <span class="error">*</span>:</th> 294 <td><input type="text" name="cc_sec_code" value="<?php echo $_REQUEST['cc_sec_code']; ?>"></td>308 <td><input type="text" name="cc_sec_code" value="<?php echo isset($_REQUEST['cc_sec_code']) ? filter_var($_REQUEST['cc_sec_code'], FILTER_SANITIZE_EMAIL) : ''; ?>"></td> 295 309 </tr> 296 310 <tr> 297 311 <th>Recipient Address:</th> 298 <td><textarea name="receip_address" value="<?php echo $_REQUEST['receip_address']; ?>"></textarea>312 <td><textarea name="receip_address" value="<?php echo isset($_REQUEST['receip_address']) ? $_REQUEST['receip_address'] : ''; ?>"></textarea> 299 313 </tr> 300 314 <tr>
Note: See TracChangeset
for help on using the changeset viewer.