Changeset 2221892
- Timestamp:
- 01/03/2020 10:11:27 PM (6 years ago)
- Location:
- user-meta/trunk
- Files:
-
- 2 added
- 6 edited
-
assets/css/font-awesome/webfonts/fa-solid-900.woff (added)
-
assets/css/font-awesome/webfonts/fa-solid-900.woff2 (added)
-
controllers/AdminAjaxController.php (modified) (9 diffs)
-
models/classes/builder/FieldBuilder.php (modified) (1 diff)
-
models/classes/builder/FormBuilder.php (modified) (3 diffs)
-
vendor/autoload.php (modified) (1 diff)
-
vendor/composer/autoload_real.php (modified) (5 diffs)
-
vendor/composer/autoload_static.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
user-meta/trunk/controllers/AdminAjaxController.php
r2218746 r2221892 1 1 <?php 2 2 namespace UserMeta; 3 4 use UserMeta\Html\Html; 3 5 4 6 class AdminAjaxController … … 67 69 68 70 if (! empty($_POST['is_shared'])) { 69 70 71 $fields = $userMeta->getData('fields'); 71 72 if (isset($fields[$_POST['id']])) { 73 $field = $fields[$_POST['id']]; 74 $field['id'] = $_POST['id']; 72 $fieldId = sanitize_key($_POST['id']); 73 74 if (isset($fields[$fieldId])) { 75 $field = $fields[$fieldId]; 76 $field['id'] = $fieldId; 75 77 $field['is_shared'] = true; 76 78 $fieldBuilder = new FieldBuilder($field); … … 78 80 echo $fieldBuilder->buildPanel(); 79 81 } else { 80 echo "<div class=\"alert alert-warning\" role=\"alert\">Field id {$_POST['id']} is not exists!</div>"; 82 echo Html::div(sprintf('Shared field with id %s does not exists!', $fieldId), [ 83 'class' => 'alert alert-warning', 84 'role' => 'alert' 85 ]); 81 86 } 82 87 } elseif (! empty($_POST['field_type'])) { … … 99 104 $field = $_POST; 100 105 $fieldBuilder = new FieldBuilder($field); 101 $fieldBuilder->setEditor( $_POST['editor']);106 $fieldBuilder->setEditor(sanitize_key($_POST['editor'])); 102 107 echo $fieldBuilder->buildPanel(); 103 108 } … … 142 147 $fields = $userMeta->getData('fields'); 143 148 $userMeta->render('form', array( 144 'id' => $_POST['id'],149 'id' => sanitize_key($_POST['id']), 145 150 'fields' => $fields 146 151 )); … … 148 153 } 149 154 155 /** 156 * Handle creating new form and updating existing form. 157 */ 150 158 function ajaxUpdateForms() 151 159 { … … 173 181 174 182 if (! empty($_POST['form_key'])) { 175 $formKey = $_POST['form_key'];183 $formKey = sanitize_text_field($_POST['form_key']); 176 184 } else { 177 185 echo 'Form name is required.'; … … 191 199 if ($query['form'] != $_POST['form_key']) { 192 200 if (isset($forms[$_POST['form_key']])) { 193 echo 'Form: "' . $_POST['form_key']. '" already exists!';201 echo 'Form: "' . esc_html($_POST['form_key']) . '" already exists!'; 194 202 die(); 195 203 } 196 204 197 205 unset($forms[$query['form']]); 198 $query['form'] = $_POST['form_key']; 199 $formBuilder->redirect_to = $parse['scheme'] . '://' . $parse['host'] . $parse['path'] . '?' . http_build_query($query); 206 $query['form'] = sanitize_text_field($_POST['form_key']); 207 // Commented since 2.0 208 // $formBuilder->redirect_to = $parse['scheme'] . '://' . $parse['host'] . $parse['path'] . '?' . http_build_query($query); 209 $formBuilder->redirect_to = admin_url('admin.php') . '?' . http_build_query($query); 200 210 } 201 211 } elseif ('new' == $query['action']) { 202 212 if (isset($forms[$_POST['form_key']])) { 203 echo 'Form: "' . $_POST['form_key']. '" already exists!';213 echo 'Form: "' . esc_html($_POST['form_key']) . '" already exists!'; 204 214 die(); 205 215 } 206 216 207 $query['form'] = $_POST['form_key'];217 $query['form'] = sanitize_text_field($_POST['form_key']); 208 218 $query['action'] = 'edit'; 209 $formBuilder->redirect_to = $parse['scheme'] . '://' . $parse['host'] . $parse['path'] . '?' . http_build_query($query); 219 // Commented since 2.0 220 // $formBuilder->redirect_to = $parse['scheme'] . '://' . $parse['host'] . $parse['path'] . '?' . http_build_query($query); 221 $formBuilder->redirect_to = admin_url('admin.php') . '?' . http_build_query($query); 210 222 } 211 223 … … 257 269 if (! empty($triggerFieldsUpdate)) { 258 270 $userMeta->updateData('fields', $fields); 259 if (empty($formBuilder->redirect_to)) 260 $formBuilder->redirect_to = $parse['scheme'] . '://' . $parse['host'] . $parse['path'] . '?' . $parse['query']; 271 if (empty($formBuilder->redirect_to)) { 272 // Commented since 2.0 273 // $formBuilder->redirect_to = $parse['scheme'] . '://' . $parse['host'] . $parse['path'] . '?' . $parse['query']; 274 $formBuilder->redirect_to = admin_url('admin.php') . '?' . $parse['query']; 275 } 261 276 } 262 277 -
user-meta/trunk/models/classes/builder/FieldBuilder.php
r2219858 r2221892 69 69 $this->data = $data; 70 70 71 $this->id = ! empty($data['id']) ? $data['id']: 0;72 $this->type = ! empty($data['field_type']) ? $data['field_type']: '';71 $this->id = ! empty($data['id']) ? sanitize_key($data['id']) : 0; 72 $this->type = ! empty($data['field_type']) ? sanitize_key($data['field_type']) : ''; 73 73 $this->typeData = $userMeta->umFields($this->type); 74 74 -
user-meta/trunk/models/classes/builder/FormBuilder.php
r2218746 r2221892 354 354 continue; 355 355 356 $id = $field['id'];356 $id = sanitize_key($field['id']); 357 357 unset($field['id']); 358 358 $sanitize[$id] = $field; … … 361 361 362 362 $sysMaxID = $this->getMaxFieldID(); 363 $formInitID = (int) esc_attr($_POST['init_max_id']);364 $formMaxID = (int) esc_attr($_POST['max_id']);363 $formInitID = (int) sanitize_key($_POST['init_max_id']); 364 $formMaxID = (int) sanitize_key($_POST['max_id']); 365 365 366 366 if (($sysMaxID > $formInitID) && ($formMaxID > $formInitID)) { … … 378 378 $this->maxID = $formMaxID + $diff; 379 379 380 if (! empty($_SERVER['HTTP_REFERER'])) 380 if (! empty($_SERVER['HTTP_REFERER'])) { 381 381 $this->redirect_to = $_SERVER['HTTP_REFERER']; 382 } 382 383 } elseif ($formMaxID > $formInitID) { 383 384 $this->maxID = $formMaxID; -
user-meta/trunk/vendor/autoload.php
r2221036 r2221892 5 5 require_once __DIR__ . '/composer/autoload_real.php'; 6 6 7 return ComposerAutoloaderInit b39969bf08a84cb9b359c203cd3a4d8f::getLoader();7 return ComposerAutoloaderInit6851ead06e36f02ee523b4b57c12c7f3::getLoader(); -
user-meta/trunk/vendor/composer/autoload_real.php
r2221036 r2221892 3 3 // autoload_real.php @generated by Composer 4 4 5 class ComposerAutoloaderInit b39969bf08a84cb9b359c203cd3a4d8f5 class ComposerAutoloaderInit6851ead06e36f02ee523b4b57c12c7f3 6 6 { 7 7 private static $loader; … … 20 20 } 21 21 22 spl_autoload_register(array('ComposerAutoloaderInit b39969bf08a84cb9b359c203cd3a4d8f', 'loadClassLoader'), true, true);22 spl_autoload_register(array('ComposerAutoloaderInit6851ead06e36f02ee523b4b57c12c7f3', 'loadClassLoader'), true, true); 23 23 self::$loader = $loader = new \Composer\Autoload\ClassLoader(); 24 spl_autoload_unregister(array('ComposerAutoloaderInit b39969bf08a84cb9b359c203cd3a4d8f', 'loadClassLoader'));24 spl_autoload_unregister(array('ComposerAutoloaderInit6851ead06e36f02ee523b4b57c12c7f3', 'loadClassLoader')); 25 25 26 26 $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded()); … … 28 28 require_once __DIR__ . '/autoload_static.php'; 29 29 30 call_user_func(\Composer\Autoload\ComposerStaticInit b39969bf08a84cb9b359c203cd3a4d8f::getInitializer($loader));30 call_user_func(\Composer\Autoload\ComposerStaticInit6851ead06e36f02ee523b4b57c12c7f3::getInitializer($loader)); 31 31 } else { 32 32 $map = require __DIR__ . '/autoload_namespaces.php'; … … 49 49 50 50 if ($useStaticLoader) { 51 $includeFiles = Composer\Autoload\ComposerStaticInit b39969bf08a84cb9b359c203cd3a4d8f::$files;51 $includeFiles = Composer\Autoload\ComposerStaticInit6851ead06e36f02ee523b4b57c12c7f3::$files; 52 52 } else { 53 53 $includeFiles = require __DIR__ . '/autoload_files.php'; 54 54 } 55 55 foreach ($includeFiles as $fileIdentifier => $file) { 56 composerRequire b39969bf08a84cb9b359c203cd3a4d8f($fileIdentifier, $file);56 composerRequire6851ead06e36f02ee523b4b57c12c7f3($fileIdentifier, $file); 57 57 } 58 58 … … 61 61 } 62 62 63 function composerRequire b39969bf08a84cb9b359c203cd3a4d8f($fileIdentifier, $file)63 function composerRequire6851ead06e36f02ee523b4b57c12c7f3($fileIdentifier, $file) 64 64 { 65 65 if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) { -
user-meta/trunk/vendor/composer/autoload_static.php
r2221036 r2221892 5 5 namespace Composer\Autoload; 6 6 7 class ComposerStaticInit b39969bf08a84cb9b359c203cd3a4d8f7 class ComposerStaticInit6851ead06e36f02ee523b4b57c12c7f3 8 8 { 9 9 public static $files = array ( … … 43 43 { 44 44 return \Closure::bind(function () use ($loader) { 45 $loader->prefixLengthsPsr4 = ComposerStaticInit b39969bf08a84cb9b359c203cd3a4d8f::$prefixLengthsPsr4;46 $loader->prefixDirsPsr4 = ComposerStaticInit b39969bf08a84cb9b359c203cd3a4d8f::$prefixDirsPsr4;45 $loader->prefixLengthsPsr4 = ComposerStaticInit6851ead06e36f02ee523b4b57c12c7f3::$prefixLengthsPsr4; 46 $loader->prefixDirsPsr4 = ComposerStaticInit6851ead06e36f02ee523b4b57c12c7f3::$prefixDirsPsr4; 47 47 48 48 }, null, ClassLoader::class);
Note: See TracChangeset
for help on using the changeset viewer.